NOD32 stopping network traffic on SBS2003

Discussion in 'NOD32 version 2 Forum' started by steve_nz, Jun 20, 2007.

Thread Status:
Not open for further replies.
  1. steve_nz

    steve_nz Registered Member

    Joined:
    Jun 20, 2007
    Posts:
    9
    I installed the trial version of NOD32 on a Small Business Server 2003 machine yesterday, and since then have been having weird network issues

    It seems to have stopped the DNS services from working on my client machines, also the client machines can't see the server but the server can see the clients

    I've tried uninstalling NOD32, reinstalling and uninstalling again and everything else I can think of

    I then visited these forums and saw the warnings about installing IMON on SBS2003 machines which I guess I must have done

    Does anyone have any ideas on what I can try?


    Thanks
     
  2. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
  3. steve_nz

    steve_nz Registered Member

    Joined:
    Jun 20, 2007
    Posts:
    9
  4. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    Yes it should. So now try the winsock repair.
     
  5. steve_nz

    steve_nz Registered Member

    Joined:
    Jun 20, 2007
    Posts:
    9
    OK I've repaired winsock and reset the server, but the problems still persist

    Is there anything else I can try?
     
  6. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    What previous Antivirus software was on that system?

    Cheers :D
     
  7. steve_nz

    steve_nz Registered Member

    Joined:
    Jun 20, 2007
    Posts:
    9
    None I think

    But it is running Spamblocker, and Spybot Search and Destroy
     
  8. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Just to be certain, could you please download, SAVE and then run the Norton Removal Tool

    As well please check the following:

    - Target must respond to a ping from the server
    - Administrative user used for install cannot have a blank password.
    - If the client and server are in a mixed domain/workgroup environment (or the server is 2003), simple file sharing must be turned off on XP clients
    - Client for MS Network (server, client)
    - Activated file and printer sharing (client)
    - File Sharing permitted on firewall (client, server)
    - TCP/IP (client, server)
    - ADMIN$ share (Client)
    - Remote registry service started (client)
    - Account used for installation must have Administrator Rights.

    You should be running NOD32 for Exchange - XMON

    Make sure you have all Exclusions applied.

    Do not have "Scan all files" ticked.

    Cheers :D
     
    Last edited: Jun 20, 2007
  9. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    There is a thread HERE in installing the Enterprise Edition.

    Cheers :D
     
  10. steve_nz

    steve_nz Registered Member

    Joined:
    Jun 20, 2007
    Posts:
    9
    Thanks Blackspear,

    I've saved and run the Norton Removal Tool
    - My clients machine responds to a ping
    - The user on the server has admin rights
    - File and printer sharing is installed on the client and server
    - Everything definately has TCP/IP installed

    I'm not sure how to check the other four things sorry, but when I try to access the firewall on the server (through Control Panel - Windows Firewall) I get the following error message...

    "Windows firewall cannot run because another program or service is running that might use the network address translation component (Ipnat.sys)"

    The four things I don't know how to check for...
    - If the client and server are in a mixed domain/workgroup environment (or the server is 2003), simple file sharing must be turned off on XP clients
    - Client for MS Network (server, client)
    - File Sharing permitted on firewall (client, server)
    - ADMIN$ share (Client)
    - Remote registry service started (client)


    EDIT: Where do I get the enterprise verson from?
     
  11. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    I have sent a link to this thread to the New Zealand Distributor, as I gather you are from NZ.

    Cheers :D
     
  12. steve_nz

    steve_nz Registered Member

    Joined:
    Jun 20, 2007
    Posts:
    9
    Thanks Blackspear, I am indeed from New Zealand which is currently cold and rainy

    I've logged a call with Microsoft technical support, so when I find a solution to this I'll be sure to post it here in case anyone else gets this problem in the future
     
  13. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Have you applied the Exclusions listed and are NOT scanning all files?

    Cheers :D
     
  14. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Perhaps you could try disabling automatic AMON startup and reboot the server just to see if AMON is involved. If it helps, try setting AMON to scan files with default extensions only as suggested by Blackspear above.
     
  15. YeOldeStonecat

    YeOldeStonecat Registered Member

    Joined:
    Apr 25, 2005
    Posts:
    2,345
    Location:
    Along the Shorelines somewhere in New England
    Is SBS running on multiple NICs? Or just single?

    If you ran the tcp/winsock repair tool on SBS (gasp)...you'll need to manually reset the TCP/IP properties with the static IP address that the server is (or was until the winsock repair tool was run). A DC should never be on "obtain auto"

    The server needs to see itself as its own and only DNS server (unless you're running additional DCs in the SBS domain), and use itself for WINS.

    Are the clients obtaining DHCP from the SBS box and only seeing it as their DNS server? Or are they pulling DHCP from a router..which is most likely handing out the ISPs 2x DNS servers...so the clients will not resolve the DC properly and active directory will not function correctly.
    Refer to my guide here... http://www.speedguide.net/read_articles.php?id=1660

    IMON will disable itself when installing NOD32 on any server OS. It will detect that it's a server OS instead of a desktop OS..and will disable that component automatically for you.

    SBS has a group policy which by default dictates WinXP client firewall settings...which includes file and print sharing is enabled as an exception as well as some other certain features of the SBS domain. So you don't have to worry about digging around with that.

    Can you post an IPCONFIG /ALL of the server...and also an IPCONFIG /ALL from a workstation?
     
  16. steve_nz

    steve_nz Registered Member

    Joined:
    Jun 20, 2007
    Posts:
    9
    The server has a single NIC

    The sever isn't set to automatically obtain an IP address, and it has the same IP address as it always has (10.1.1.2)

    The server sees itself as the only DNS server, and here are the wins settings on the server (which I don't understand at all)...
    http://img236.imageshack.us/img236/6766/winssettingsdq8.th.gif

    I'm pretty sure that the clients are obtaining (or supposed to be obtaining) DHCP from the server. This is getting a bit over my head though...

    That's really good to know, thanks

    Cool

    From the server...

    Windows IP Configuration

    Host Name . . . . . . . . . . . . : goofy
    Primary Dns Suffix . . . . . . . :
    Node Type . . . . . . . . . . . . : Broadcast
    IP Routing Enabled. . . . . . . . : Yes
    WINS Proxy Enabled. . . . . . . . : Yes

    Ethernet adapter Server Local Area Connection:

    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Embedded Broadcom NetXtreme 5721 PCI-E Gigabit NIC
    Physical Address. . . . . . . . . : 00-14-C2-5F-8B-B6
    DHCP Enabled. . . . . . . . . . . : No
    IP Address. . . . . . . . . . . . : 10.1.1.2
    Subnet Mask . . . . . . . . . . . : 255.255.255.0
    Default Gateway . . . . . . . . . : 10.1.1.1
    DNS Servers . . . . . . . . . . . : 10.1.1.2


    From the client...

    Windows IP Configuration

    Host Name . . . . . . . . . . . . : StevesDell
    Primary Dns Suffix . . . . . . . : efinity.local
    Node Type . . . . . . . . . . . . : Hybrid
    IP Routing Enabled. . . . . . . . : No
    WINS Proxy Enabled. . . . . . . . : No
    DNS Suffix Search List. . . . . . : efinity.local
    efinity.local

    Ethernet adapter Local Area Connection:

    Connection-specific DNS Suffix . : efinity.local
    Description . . . . . . . . . . . : Intel(R) PRO/100 VE Network Connection
    Physical Address. . . . . . . . . : 00-16-76-10-CA-69
    Dhcp Enabled. . . . . . . . . . . : Yes
    Autoconfiguration Enabled . . . . : Yes
    IP Address. . . . . . . . . . . . : 10.1.1.23
    Subnet Mask . . . . . . . . . . . : 255.255.255.0
    Default Gateway . . . . . . . . . : 10.1.1.1
    DHCP Server . . . . . . . . . . . : 10.1.1.2
    DNS Servers . . . . . . . . . . . : 10.1.1.2
    Primary WINS Server . . . . . . . : 10.1.1.2
    Secondary WINS Server . . . . . . : 10.1.1.3

    Lease Obtained. . . . . . . . . . : Monday, 18 June 2007 12:03:20 p.m.
    Lease Expires . . . . . . . . . . : Tuesday, 26 June 2007 12:03:20 p.m.
     
    Last edited: Jun 21, 2007
  17. YeOldeStonecat

    YeOldeStonecat Registered Member

    Joined:
    Apr 25, 2005
    Posts:
    2,345
    Location:
    Along the Shorelines somewhere in New England
    OK...from the workstation..it looks good....assuming your router is 10.1.1.1, and the server is 10.1.1.2....DHCP looks "almost" correct. The only thing I see that makes me go "Hmmm" is the secondary WINS server..10.1.1.3...which if your SBS box is your only server..would not be necessary. Should just has the single WINS server, 10.1.1.2. DNS at 10.1.1.2 is correct.

    Now..for the server itself...it's not registering to itself for WINS..so in that screenshot..which is empty..you'd add 10.1.1.2 as its WINS server. I also flip on enable netbios over IP.

    So on the server..maybe just run the ICW again (internet connection wizard). Or manually..whichever you're more comfy with.
     
  18. steve_nz

    steve_nz Registered Member

    Joined:
    Jun 20, 2007
    Posts:
    9
    Hi Marcos,

    I have uninstalled NOD32, so I don't think this is an option
     
  19. steve_nz

    steve_nz Registered Member

    Joined:
    Jun 20, 2007
    Posts:
    9
    Well it turned out to be something to do with the firewall, here's what Microsoft tech support got me to do...

    Load up services.msc
    Find "Windows Firewall/Internet connection sharing"
    Right click > Properties
    Change "Startup type" to disabled
    Click OK
    Restart
     
  20. YeOldeStonecat

    YeOldeStonecat Registered Member

    Joined:
    Apr 25, 2005
    Posts:
    2,345
    Location:
    Along the Shorelines somewhere in New England
    Does your server have a second NIC?

    Re-running the ICW should correct that. You can re-run the ICW over and over and over and over....it's harmless to run it as often as you want. It's good to run it every now and then to make sure settings are proper and "stick". As sometimes....running it just once..they don't all stick correctly. SBS is comprised of MANY different components...the server itself, active directory, DNS, DHCP, WINS, Exchange, Sharepoint, web access to Exchange (OWA), remote access (Remote Web Workplace), in Premium Edition you have ISA added to the mix. It's a LOT of components that need to be setup to work "together"....and the ICW grooms all of them for you.

    Back to what I was talking about..if you're running SBS2K3 on a single NIC..the firewall service is not enabled. That's only enabled if you run on multiple NICs (multi-home)....in which case it's sort of like the ICS service in WinXP....doing NAT for you.

    If your server has multiple NICs...right click and "disable" the one you aren't using. Run the ICW again.

    SBS is my bread and butter for what I do for a living (small biz network consultant)...NOD32 Small Business Bundle works very well on it (SBS bundle is a combo package of Enterprise Edition..along with XMON..at a reduced price).
     
Thread Status:
Not open for further replies.