G
Guest
Our sister company at a remote location has a single domain controller. That
one DC is now having a problem where the Admin$ and IPC$ shares disappear
within seconds of creating them.
IE. I can type "net share admin$"
followed by "net share" and see admin$ listed. If I type "net share" fast
enough. Within 10-15 seconds later, I can type net share again and the
admin$ is no longer listed. The same happens with IPC$.
The client stations are now getting an error when trying to get to shared
network drives ("no logon server is currently available") and I can not
promote another server to be a DC. If I type the "net share admin$" and "net
share IPC$" and have the dcpromo on the second server ready to go, I can
sometimes get partway through starting the promotion before it loses the
share again.
This computer recently had files infected with W32.Spybot.Worm and
Backdoor.Sdbot. However, it showed no (other) signs of the computer itself
being infected (none of the registry changes, etc listed for those viruses).
And the files were cleaned. One of the files it said was infected was
"c:\win2000\system32\spool\drivers\svhost.exe". Others were two files in the
same dir (fwr.exe and msgfix.exe).
I'd like to 1) get the admin$ and ipc$ shares to stick so that the users can
access the network again or 2) get another DC and trash this one without
losing all the user accounts and other AD information. Any suggestions?
one DC is now having a problem where the Admin$ and IPC$ shares disappear
within seconds of creating them.
IE. I can type "net share admin$"
followed by "net share" and see admin$ listed. If I type "net share" fast
enough. Within 10-15 seconds later, I can type net share again and the
admin$ is no longer listed. The same happens with IPC$.
The client stations are now getting an error when trying to get to shared
network drives ("no logon server is currently available") and I can not
promote another server to be a DC. If I type the "net share admin$" and "net
share IPC$" and have the dcpromo on the second server ready to go, I can
sometimes get partway through starting the promotion before it loses the
share again.
This computer recently had files infected with W32.Spybot.Worm and
Backdoor.Sdbot. However, it showed no (other) signs of the computer itself
being infected (none of the registry changes, etc listed for those viruses).
And the files were cleaned. One of the files it said was infected was
"c:\win2000\system32\spool\drivers\svhost.exe". Others were two files in the
same dir (fwr.exe and msgfix.exe).
I'd like to 1) get the admin$ and ipc$ shares to stick so that the users can
access the network again or 2) get another DC and trash this one without
losing all the user accounts and other AD information. Any suggestions?