Regardless, now I'm in a bit of a pickle... Of course, it's a Murphyism;
the last registry backup I have is too far down the road (3 months ago) and
the regular system backup doesn't do the registry, I just learned. There's
been a couple of major updates and a few modifications - too many things to
remember all of them, so I'm left with trying to repair the problem - AND,
then determine a better means of backing things up so I don't have this issue
again and so I have a better recovery plan.
Anyway... I sure hope someone can point me in a direction where I can
troubleshoot this problem. I've already tried messing around with the
networking settings by changing them, saving and setting them back; to no
avail. I double-checked the entire system with two deep-scanning Antivirus
progs and temporarily turned off the (BlackIce) Firewall I had on that
machine - all to no avail. My network symptoms are that I can resolve DNS
(browsers don't work unless I type specific IP addresses) and the email
client on that machine will not send alerts via SMTP (this is most likely due
to DNS resolution issues since the SMTP is looking for a named address). RDP
will not connect unless specific IP address (again, DNS issue). But, the
server can "see" the DNS server which also correctly gives the problem child
server a DHCP address when I configed it dynamic. It's looking more and more
like a weird issue due to something missing in the registry...
Here's my log entry:
Event Type: Error
Event Source: EventLog
Event Category: None
Event ID: 6004
Date: 3/9/2009
Time: 9:51:58 PM
User: N/A
Computer: GREBE
Description:
A driver packet received from the I/O subsystem was invalid. The data is
the packet.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 0c 00 e0 00 0e 00 00 00 ..à.....
0008: e0 5c 54 2e 2b a1 c9 01 à\T.+¡É.
0010: 40 00 00 00 00 00 00 00 @.......
0018: 00 00 00 00 04 00 4e 00 ......N.
0020: 00 00 00 00 cb 0b 00 80 ....Ë..?
0028: 00 00 00 00 10 00 00 c0 .......À
0030: 00 00 00 00 00 00 00 00 ........
0038: 00 00 00 00 00 00 00 00 ........
0040: 4d 00 52 00 78 00 53 00 M.R.x.S.
0048: 6d 00 62 00 00 00 5c 00 m.b...\.
0050: 44 00 65 00 76 00 69 00 D.e.v.i.
0058: 63 00 65 00 5c 00 4c 00 c.e.\.L.
0060: 61 00 6e 00 6d 00 61 00 a.n.m.a.
0068: 6e 00 52 00 65 00 64 00 n.R.e.d.
0070: 69 00 72 00 65 00 63 00 i.r.e.c.
0078: 74 00 6f 00 72 00 00 00 t.o.r...
0080: 41 00 43 00 53 00 43 00 A.C.S.C.
0088: 4c 00 41 00 4e 00 00 00 L.A.N...
0090: 4e 00 65 00 74 00 42 00 N.e.t.B.
0098: 54 00 5f 00 54 00 63 00 T._.T.c.
00a0: 70 00 69 00 70 00 5f 00 p.i.p._.
00a8: 7b 00 34 00 42 00 35 00 {.4.B.5.
00b0: 31 00 39 00 38 00 34 00 1.9.8.4.
00b8: 39 00 2d 00 43 00 32 00 9.-.C.2.
00c0: 37 00 44 00 2d 00 34 00 7.D.-.4.
00c8: 43 00 33 00 34 00 2d 00 C.3.4.-.
00d0: 41 00 37 00 33 00 43 00 A.7.3.C.
00d8: 2d 00 36 00 30 00 00 00 -.6.0...
Sure hope someone can shed a bit of light on this... :/
-- da Lizard
> See:
> http://eventid.net/display.asp?eventid=6004&eventno=1596&source=EventLog&phase=1
>
>
> hth
> DDS|
To which I followed up with:
ALAS... I posted to the wrong place... Somehow, in my befuddlement, I
happened to be looking at some other earlier posting within this group and
simply clicked on the "New Thread" button without assuring I was in the
correct group. My apologies!!!
I have just posted this question over to another more appropriate group
m.p.windows.server.networking...
But, I will followup...
Wow, such a quick response! Thanks DANNY!!! But, I've already done my due
diligence with my friend, Google. The link you provided discusses issues
with Antivirus software and NIC drivers - I'm not having those issues.
I am running Eset NOD32 v2.7 Business (which, btw, I have been on their
newsgroup forum researching my problem - but I've pretty much determined my
issues don't apply to any A/V application. If you'll recall, this problem
was inadvertently caused by the running of a "Registry Cleaning" utility [I
won't name the actual application to protect the innocent] which was not
meant nor designed for server usage).
And I've already checked all my network devices - that was one of my first
thoughts, that one of my device drivers' parameters got hosed - but, I don't
see anything showing up there.
Again, thanks Danny for trying to help. But, further communication on this
topic will be moved to the server networking group. And, again, I apologize
for posting to the wrong group.
--da Lizard
~~~~~~~~~~~~~
Thanks -- da Lizard
<snip>
Looking at the packet you posted it was looking for SMB\Device
\LanmanRedirector - which is part of the Microsoft Networking stack
and references %SystemRoot%\System32\ntlanman.dll so I would suggest:
1/ Check that the dll is in place.
2/ Check the following Registry keys:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanworkstation
\NetworkProvider\DeviceName
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanworkstation
\NetworkProvider\Name
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanworkstation
\NetworkProvider\ProviderPath
3/ Try re-installing the drivers for your NIC (which may sort out any
missing registry entries)
4/ If all else fails try resetting the TCP/IP stack - netsh int ip
reset resetlog.txt and then the Winsock: netsh winsock reset and then
reboot.
Alister
That's all the time I had this afternoon to work on it... I might dig some
more later to determine why the 'automatic' settings in the network
properties - TCP/IP settings did not work as it should. Anyone have any idea
why all of a sudden I need to manually add my external DNS IPs, why they
aren't automatically forwarding using the dynamic/automatic setting? Where
in the registry is this controlled - I bet that's where the issue lies???