B
BrandonAVC
Guest
How can I fix the port listener to allow any internal computer to access? Windows 2008 R2 got hit by malware script. It removed File Sharing service "Server". I telnet 135, 149, 445 on server locally (name or localhost) and it connected. If I try telnet from any workstation to server IP - Connect failed. I tried UNC path \\192.168.1.2 on same server machine it can't connect or see shared folders. I tried UNC path \\127.0.0.1 on server and it can see shared folders
It look like the actual IP may be re-direct somewhere??
I did netstat
TCP 0.0.0.0:445 SERVER:0 LISTENING 4
TCP [::]:445 SERVER:0 LISTENING 4
TCP 169.254.228.134:139 SERVER:0 LISTENING 4
TCP 192.168.1.2:139 SERVER:0 LISTENING 4
TCP 0.0.0.0:135 SERVER:0 LISTENING 920
TCP [::]:135 SERVER:0 LISTENING 920
TCP 0.0.0.0:5900 SERVER:0 LISTENING 4236
TCP 0.0.0.0:3389 SERVER:0 LISTENING 4296
TCP [::]:3389 SERVER:0 LISTENING 4296
TCP 0.0.0.0:5080 SERVER:0 LISTENING 2088
TCP [::]:5080 SERVER:0 LISTENING 2088
Ports that are not able to connect from any workstation but can on localhost
PORT STATE SERVICE VERSION
135/tcp filtered msrpc
139/tcp filtered netbios-ssn
445/tcp filtered microsoft-ds
Able to connect from any workstation and localhost
5080 for web service
5800 for VNC service
Ping the IP/name
Access internet
I did
sfc /scannow - no issue
Re-create Server service registry
Matched GUID of NIC on all linkages (Bind, Export, Route)
Disabled/Enabled File and Printer Sharing For Microsoft in LAN Properties
Disabled Windows Firewall with Advanced
No 3rd party firewall program
Re-installed IPv4 driver
Reset Winsock and Winsock2
Windows Updates to current
Added 2nd NIC and still no go
Changed IP static/DHCP - nothing
RDP service is running
Verified SMBv1 and SMBv2 running together
I installed WireShark and trace and seem it say KRB5KRB_AP_ERR_SKEW and Setup Response, Error: STATUS_MORE_PROCESSING_REQUEST then Setup Response, Error: STATUS_REQUEST_NOT_ACCEPTED
I am not sure what that mean?
Continue reading...
It look like the actual IP may be re-direct somewhere??
I did netstat
TCP 0.0.0.0:445 SERVER:0 LISTENING 4
TCP [::]:445 SERVER:0 LISTENING 4
TCP 169.254.228.134:139 SERVER:0 LISTENING 4
TCP 192.168.1.2:139 SERVER:0 LISTENING 4
TCP 0.0.0.0:135 SERVER:0 LISTENING 920
TCP [::]:135 SERVER:0 LISTENING 920
TCP 0.0.0.0:5900 SERVER:0 LISTENING 4236
TCP 0.0.0.0:3389 SERVER:0 LISTENING 4296
TCP [::]:3389 SERVER:0 LISTENING 4296
TCP 0.0.0.0:5080 SERVER:0 LISTENING 2088
TCP [::]:5080 SERVER:0 LISTENING 2088
Ports that are not able to connect from any workstation but can on localhost
PORT STATE SERVICE VERSION
135/tcp filtered msrpc
139/tcp filtered netbios-ssn
445/tcp filtered microsoft-ds
Able to connect from any workstation and localhost
5080 for web service
5800 for VNC service
Ping the IP/name
Access internet
I did
sfc /scannow - no issue
Re-create Server service registry
Matched GUID of NIC on all linkages (Bind, Export, Route)
Disabled/Enabled File and Printer Sharing For Microsoft in LAN Properties
Disabled Windows Firewall with Advanced
No 3rd party firewall program
Re-installed IPv4 driver
Reset Winsock and Winsock2
Windows Updates to current
Added 2nd NIC and still no go
Changed IP static/DHCP - nothing
RDP service is running
Verified SMBv1 and SMBv2 running together
I installed WireShark and trace and seem it say KRB5KRB_AP_ERR_SKEW and Setup Response, Error: STATUS_MORE_PROCESSING_REQUEST then Setup Response, Error: STATUS_REQUEST_NOT_ACCEPTED
I am not sure what that mean?
Continue reading...