Fix intermittent server connectivity blocked by Viking Cloud Endpoint antivirus

draft · network domain-joinantivirus

Generated by docuprocessor (prompt article/v3) · 2026-04-22 12:54

Source thread

thread_id: spaces/AAAA05BdS6s/threads/5WgrBB_VpW4 · 33 msgs · first 2024-11-14 · participants: Tech ATech B

Tech A 2024-11-14 22:26

Hey Team, so for Dr Band FD1, the pc has this weird issue that randomly the pc cannot reach the server, either by host, or IP, it just times out, right now, it decided to work, I reboot, doesn't work anymore, if you give it a moment while its on, it works again, for example, right now, I rebooted, worked right away, and now suddenly does not work anymore. all power and nic settings are fine, modified host files pointing to server, set up static IP, nic is already pointing to server. when this happens, I can ping other pcs in the office, but not the server. same thing was happening a few weeks back and we replaced the drive, but it was cloned, so not sure if we carried the issue, or if the issue is something else, any ideas?

image/png image.png

**Network Error Dialog – Windows File Explorer** A "Network Error" dialog box is displayed stating **"Windows cannot access \\svr22"**, with the advisory message: *"Check the spelling of the name. Otherwise, there might be a problem with your network. To try to identify and resolve network problems, click Diagnose."* The File Explorer address bar shows navigation to **192.168.1.220** on the Network path, with visible shared folders including **sysvol**, **XrayVision**, **Backup**, and **Common**; two action buttons are present: **Diagnose** and **Cancel**.

Tech A 2024-11-14 22:31

I can reach svr22 again right now, I did not do anything, I am just staring at the screen lol

image/png image.png

**Windows File Explorer — Network Share View** A Windows 10 File Explorer window is open, browsing the network share path **\\SVR22**, displaying eight shared folders: **APPS, Apteryx, DTXCommon, EZDCommon, NETLOGON, SVR12\_Backup, SYSVOL,** and **XrayVision**. All folders display the standard yellow folder icon with a green network share overlay indicator. No error messages, warning indicators, or file previews are visible; the status bar reads *"Select a file to preview."*

Tech B 2024-11-14 22:32

me and Alex were having the same issue today with that PC

Tech B 2024-11-14 22:32

i enabled smb2 and it started working

Tech B 2024-11-14 22:33

it comes and goes.. thats weird. maybe try rejoining to the domain? that HDD was cloned

Tech A 2024-11-14 22:34

Ok, let me try that

Tech A 2024-11-14 22:55

same thing 🫠

Tech B 2024-11-14 22:56

thats strange... what if you rejoin using a new PC name?

Tech B 2024-11-14 22:56

have u checked even log when it happens?

Tech A 2024-11-14 23:04

let me try renaming, I'll look for errors on event viewer

Tech B 2024-11-14 23:05

not renaming - unjoin, rename, join with the new name

Tech A 2024-11-14 23:21

just did, even when trying to join back to domain, it gave me errors that it could not reach it, then suddenly I could reach it and join again just fine , it just happened again,

image/png image.png

**Windows Event Viewer – System Log | Event ID 5719, Source: NETLOGON | Computer: FD1.dental.local** The highlighted error (11/14/2024 6:18:03 PM) displays the message: *"This computer was not able to set up a secure session with a domain controller in domain DENTAL."* A CMD window in the background shows repeated **"Request timed out"** responses following initial replies from **192.168.1.220**, indicating loss of connectivity to that host during a continuous ping. Additional visible errors include **TPM-WMI Event ID 1796** and multiple **DistributedCOM Event ID 10016** warnings logged within the same timeframe.

Tech A 2024-11-14 23:21

(no text)

image/png image.png

**Windows Event Viewer – System Log** Event ID **40970** from source **LSA (LsaSrv)** is highlighted, timestamped **11/14/2024 6:18:15 PM**, with the message: *"The Security System has detected a downgrade attempt when contacting the 3-part SPN LDAP/SERVER2012.dental.local/dental.local@DENTAL.LOCAL with error code '(0xc000005e)'. Authentication was denied."* Additional visible events include **Error 5719** (NETLOGON), **Error 1796** (TPM-WMI), and multiple **Warning 10016** entries (DistributedCOM), all dated 11/14/2024.

Tech B 2024-11-14 23:21

Boris recommends to do a continuos ping to the server and one to the router for some time and see if it drops anywhere. also, it might be the DHCP/router glitch

Tech A 2024-11-14 23:22

ok, let me do that

Tech B 2024-11-14 23:22

i have a feeling it might tbe the DNS. Is the PC on static or dynamic IP?

Tech A 2024-11-14 23:22

it was dynamic, I set a static IP while testing, same thing, currently on static

Tech B 2024-11-14 23:22

if dynamic, try assigning it statically to a different one

Tech B 2024-11-14 23:23

same or outside of DHCP?

Tech A 2024-11-14 23:23

outside

Tech B 2024-11-14 23:23

also, check the DNS records. maybe there is a duplicate or some sort

Tech A 2024-11-14 23:41

just happened, did not generate anything on event viewer, ping to gateway did not drop, also I started pinging a random pc, and it pings fine, while server doesn't I was checking the dns records but can;t seem to find duplicates

image/png image.png

Two Windows Command Prompt windows are visible running ping diagnostics. The left window shows repeated **"Request timed out"** messages targeting an unspecified host. The right/overlapping windows show successful ping replies from **192.168.1.207** (TTL=128, time<1ms) and **192.168.1.1** (TTL=64, time<1ms), with a completed ping to 192.168.1.207 reporting **Sent=4, Received=4, Lost=0 (0% loss)**; a System Event Log entry is partially visible at the bottom showing source **"Time-Service."**

Tech A 2024-11-14 23:42

😵‍💫

Tech B 2024-11-14 23:42

Im out of ideas @Albert Khaydatov @Boris Dobronevsky ?

Tech B 2024-11-14 23:42

try rebooting the router maybe?

Tech A 2024-11-14 23:48

so, they are done at 8pm, just spoke to Judy, but according to her, it all started when the credit card people asked her to install a "tornado" in her pc, its an antivirus called "Viking cloud endpoint" she swears that since then, the pc has been a mess, so I will try removing it and see, if it resolves, then its their problem, if not... not sure what else besides rebooting, but we cannot reboot right now

Tech B 2024-11-14 23:51

(no text)

Tech B 2024-11-14 23:51

I was under the impression it started after todays ssd replacement

Tech A 2024-11-14 23:52

No, its been like a week, I checked a few tasks about it, so thats why I thought we carried the issue with the replacement, since the disk was cloned

Tech B 2024-11-14 23:56

Was that tornado removed?

Tech A 2024-11-14 23:56

I did just now, I am making tests, to see it the connection breaks again

Tech A 2024-11-15 00:15

I think she was onto something, the moment I removed the stupid tornado its been reaching the server just fine, been checking like 20 minutes, also rebooted a few times

Tech A 2024-11-15 00:15

🙂

---
title: "Fix intermittent server connectivity blocked by Viking Cloud Endpoint antivirus"
category: network
tags: ["domain-join", "antivirus"]
source_thread_id: "spaces/AAAA05BdS6s/threads/5WgrBB_VpW4"
source_space: "spaces/AAAA05BdS6s"
generated_at: "2026-04-22T12:54:34"
participants: ["Tech A", "Tech B"]
---

# Fix intermittent server connectivity blocked by Viking Cloud Endpoint antivirus

## Problem

A Windows 10 workstation (FD1) experienced intermittent connectivity issues to the domain controller server (SVR22 at 192.168.1.220). The connection would randomly fail with "Windows cannot access \\svr22" errors, then spontaneously work again without intervention. During outages, the workstation could ping other PCs and the gateway but not the server. Event logs showed NETLOGON errors (Event ID 5719) indicating inability to establish secure sessions with the domain controller, and LSA errors (Event ID 40970) reporting authentication downgrades. The issue persisted through domain rejoining, static IP assignment, and drive replacement with cloned image. The office reported the problem began after installing Viking Cloud Endpoint antivirus software requested by their credit card processor.

## Resolution

1. Uninstall Viking Cloud Endpoint antivirus software from the affected workstation
2. Reboot the workstation to ensure complete removal
3. Test server connectivity by accessing \\SVR22 network shares
4. Verify domain authentication is working properly

The connectivity issues resolved immediately after removing the Viking Cloud Endpoint antivirus. The workstation maintained stable server connectivity through multiple reboots and extended testing periods.

## References
- Source discussion: `spaces/AAAA05BdS6s/threads/5WgrBB_VpW4`
- Attachments:
  - ![image.png](../attachments/5WgrBB_VpW4.-5AGKyiPKjE/image.png) — **Windows File Explorer — Network Share View**
  - ![image.png](../attachments/5WgrBB_VpW4.5WgrBB_VpW4/image.png) — **Network Error Dialog – Windows File Explorer**
  - ![image.png](../attachments/5WgrBB_VpW4.Q0kYMNKIzMw/image.png) — Two Windows Command Prompt windows are visible running ping diagnostics. The left window shows repeated **"Request timed out"** messages targeting an unspecified host. The right/overlapping windows show successful ping replies from **192.168.1.207** (TTL=128, time<1ms) and **192.168.1.1** (TTL=64, time<1ms), with a completed ping to 192.168.1.207 reporting **Sent=4, Received=4, Lost=0 (0% loss)**; a System Event Log entry is partially visible at the bottom showing source **"Time-Service."**
  - ![image.png](../attachments/5WgrBB_VpW4.a_ehL0n19mY/image.png) — **Windows Event Viewer – System Log | Event ID 5719, Source: NETLOGON | Computer: FD1.dental.local**
  - ![image.png](../attachments/5WgrBB_VpW4.uGnLtIVjW_M/image.png) — **Windows Event Viewer – System Log**

Generated article

draft