NOD32 stopping network traffic on SBS2003

I installed the trial version of NOD32 on a Small Business Server 2003 machine yesterday, and since then have been having weird network issues

It seems to have stopped the DNS services from working on my client machines, also the client machines can't see the server but the server can see the clients

I've tried uninstalling NOD32, reinstalling and uninstalling again and everything else I can think of

I then visited these forums and saw the warnings about installing IMON on SBS2003 machines which I guess I must have done

Does anyone have any ideas on what I can try?


Thanks

 

1. Try disabling IMON

2. Follow these instructions to repair Winsock

 

Thanks WSFuser,

I have uninstalled NOD32, should this not have uninstalled IMON as well?

 

Yes it should. So now try the winsock repair.

 

OK I've repaired winsock and reset the server, but the problems still persist

Is there anything else I can try?

 

What previous Antivirus software was on that system?

Cheers

 

None I think

But it is running Spamblocker, and Spybot Search and Destroy

 

Just to be certain, could you please download, SAVE and then run the Norton Removal Tool

As well please check the following:

- Target must respond to a ping from the server
- Administrative user used for install cannot have a blank password.
- If the client and server are in a mixed domain/workgroup environment (or the server is 2003), simple file sharing must be turned off on XP clients
- Client for MS Network (server, client)
- Activated file and printer sharing (client)
- File Sharing permitted on firewall (client, server)
- TCP/IP (client, server)
- ADMIN$ share (Client)
- Remote registry service started (client)
- Account used for installation must have Administrator Rights.

You should be running NOD32 for Exchange - XMON

Make sure you have all Exclusions applied.

Do not have "Scan all files" ticked.

Cheers

 

There is a thread HERE in installing the Enterprise Edition.

Cheers

 

Thanks Blackspear,

I've saved and run the Norton Removal Tool
- My clients machine responds to a ping
- The user on the server has admin rights
- File and printer sharing is installed on the client and server
- Everything definately has TCP/IP installed

I'm not sure how to check the other four things sorry, but when I try to access the firewall on the server (through Control Panel - Windows Firewall) I get the following error message...

"Windows firewall cannot run because another program or service is running that might use the network address translation component (Ipnat.sys)"

The four things I don't know how to check for...
- If the client and server are in a mixed domain/workgroup environment (or the server is 2003), simple file sharing must be turned off on XP clients
- Client for MS Network (server, client)
- File Sharing permitted on firewall (client, server)
- ADMIN$ share (Client)
- Remote registry service started (client)


EDIT: Where do I get the enterprise verson from?

 

I have sent a link to this thread to the New Zealand Distributor, as I gather you are from NZ.

Cheers

 

Thanks Blackspear, I am indeed from New Zealand which is currently cold and rainy

I've logged a call with Microsoft technical support, so when I find a solution to this I'll be sure to post it here in case anyone else gets this problem in the future

 

Have you applied the Exclusions listed and are NOT scanning all files?

Cheers

 

Perhaps you could try disabling automatic AMON startup and reboot the server just to see if AMON is involved. If it helps, try setting AMON to scan files with default extensions only as suggested by Blackspear above.

 

Is SBS running on multiple NICs? Or just single?

If you ran the tcp/winsock repair tool on SBS (gasp)...you'll need to manually reset the TCP/IP properties with the static IP address that the server is (or was until the winsock repair tool was run). A DC should never be on "obtain auto"

The server needs to see itself as its own and only DNS server (unless you're running additional DCs in the SBS domain), and use itself for WINS.

Are the clients obtaining DHCP from the SBS box and only seeing it as their DNS server? Or are they pulling DHCP from a router..which is most likely handing out the ISPs 2x DNS servers...so the clients will not resolve the DC properly and active directory will not function correctly.
Refer to my guide here... http://www.speedguide.net/read_articles.php?id=1660

IMON will disable itself when installing NOD32 on any server OS. It will detect that it's a server OS instead of a desktop OS..and will disable that component automatically for you.

SBS has a group policy which by default dictates WinXP client firewall settings...which includes file and print sharing is enabled as an exception as well as some other certain features of the SBS domain. So you don't have to worry about digging around with that.

Can you post an IPCONFIG /ALL of the server...and also an IPCONFIG /ALL from a workstation?

 

The server has a single NIC

The sever isn't set to automatically obtain an IP address, and it has the same IP address as it always has (10.1.1.2)

The server sees itself as the only DNS server, and here are the wins settings on the server (which I don't understand at all)...
http://img236.imageshack.us/img236/6766/winssettingsdq8.th.gif

I'm pretty sure that the clients are obtaining (or supposed to be obtaining) DHCP from the server. This is getting a bit over my head though...

That's really good to know, thanks

Cool

From the server...

Windows IP Configuration

Host Name . . . . . . . . . . . . : goofy
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : Yes

Ethernet adapter Server Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Embedded Broadcom NetXtreme 5721 PCI-E Gigabit NIC
Physical Address. . . . . . . . . : 00-14-C2-5F-8B-B6
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.1.1.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.1.1.1
DNS Servers . . . . . . . . . . . : 10.1.1.2


From the client...

Windows IP Configuration

Host Name . . . . . . . . . . . . : StevesDell
Primary Dns Suffix . . . . . . . : efinity.local
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : efinity.local
efinity.local

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : efinity.local
Description . . . . . . . . . . . : Intel(R) PRO/100 VE Network Connection
Physical Address. . . . . . . . . : 00-16-76-10-CA-69
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 10.1.1.23
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.1.1.1
DHCP Server . . . . . . . . . . . : 10.1.1.2
DNS Servers . . . . . . . . . . . : 10.1.1.2
Primary WINS Server . . . . . . . : 10.1.1.2
Secondary WINS Server . . . . . . : 10.1.1.3

Lease Obtained. . . . . . . . . . : Monday, 18 June 2007 12:03:20 p.m.
Lease Expires . . . . . . . . . . : Tuesday, 26 June 2007 12:03:20 p.m.

 

OK...from the workstation..it looks good....assuming your router is 10.1.1.1, and the server is 10.1.1.2....DHCP looks "almost" correct. The only thing I see that makes me go "Hmmm" is the secondary WINS server..10.1.1.3...which if your SBS box is your only server..would not be necessary. Should just has the single WINS server, 10.1.1.2. DNS at 10.1.1.2 is correct.

Now..for the server itself...it's not registering to itself for WINS..so in that screenshot..which is empty..you'd add 10.1.1.2 as its WINS server. I also flip on enable netbios over IP.

So on the server..maybe just run the ICW again (internet connection wizard). Or manually..whichever you're more comfy with.

 

Hi Marcos,

I have uninstalled NOD32, so I don't think this is an option

 

Well it turned out to be something to do with the firewall, here's what Microsoft tech support got me to do...

Load up services.msc
Find "Windows Firewall/Internet connection sharing"
Right click > Properties
Change "Startup type" to disabled
Click OK
Restart

 

Does your server have a second NIC?

Re-running the ICW should correct that. You can re-run the ICW over and over and over and over....it's harmless to run it as often as you want. It's good to run it every now and then to make sure settings are proper and "stick". As sometimes....running it just once..they don't all stick correctly. SBS is comprised of MANY different components...the server itself, active directory, DNS, DHCP, WINS, Exchange, Sharepoint, web access to Exchange (OWA), remote access (Remote Web Workplace), in Premium Edition you have ISA added to the mix. It's a LOT of components that need to be setup to work "together"....and the ICW grooms all of them for you.

Back to what I was talking about..if you're running SBS2K3 on a single NIC..the firewall service is not enabled. That's only enabled if you run on multiple NICs (multi-home)....in which case it's sort of like the ICS service in WinXP....doing NAT for you.

If your server has multiple NICs...right click and "disable" the one you aren't using. Run the ICW again.

SBS is my bread and butter for what I do for a living (small biz network consultant)...NOD32 Small Business Bundle works very well on it (SBS bundle is a combo package of Enterprise Edition..along with XMON..at a reduced price).