help desperately needed
Discussion
Can anyone help or give me some ideas.
have 4 servers - exchange,apps,fileprint and fwall. yesterday the fileprint - the dc ( w2k network ) stopped logging people on. You could get into most things on the server but when you went into event viewer it froze. rebooted it and you could get in ok but then you couldnt get into exchange. rebooted that but still it would not work.
basically for the rest of the day one minute u could log in ok then u couldnt and if u rebooted the exchange server u could get into your mail for about 5 mins then it failed.
anyone any broad ideas - have been desperately looking up errors on event viewers + have plugged the exchange and file print into a diff switch but the errors dont seem consatn - one minute one thing is working then not then the next?
have 4 servers - exchange,apps,fileprint and fwall. yesterday the fileprint - the dc ( w2k network ) stopped logging people on. You could get into most things on the server but when you went into event viewer it froze. rebooted it and you could get in ok but then you couldnt get into exchange. rebooted that but still it would not work.
basically for the rest of the day one minute u could log in ok then u couldnt and if u rebooted the exchange server u could get into your mail for about 5 mins then it failed.
anyone any broad ideas - have been desperately looking up errors on event viewers + have plugged the exchange and file print into a diff switch but the errors dont seem consatn - one minute one thing is working then not then the next?
We had some symptoms like this recently and it turned out to be as a concequence of a blaster RPC type virus.
It transpired that the servers hadn't been patched for a while (and certainly not with the RPC virus fix), and someone plugged an old laptop into the network. Laptop was infected and hey presto RPC traffic chaos.
Servers were in an intermittent state for 5 hours until all the required patches could be applied.
Good Luck
FG
It transpired that the servers hadn't been patched for a while (and certainly not with the RPC virus fix), and someone plugged an old laptop into the network. Laptop was infected and hey presto RPC traffic chaos.
Servers were in an intermittent state for 5 hours until all the required patches could be applied.
Good Luck
FG
Long shot as I'm no techie, but, one of my customers had a similar server problem where it kept freezing for no reason etc. It turned out to be a firmware conflict between devices, system board and some network card or other, our engineer upgraded all the firmware on the server and it's been fine since.
Did any of that make sense???
Did any of that make sense???
FunkyGibbon said:
We had some symptoms like this recently and it turned out to be as a concequence of a blaster RPC type virus.
It transpired that the servers hadn't been patched for a while (and certainly not with the RPC virus fix), and someone plugged an old laptop into the network. Laptop was infected and hey presto RPC traffic chaos.
Servers were in an intermittent state for 5 hours until all the required patches could be applied.
Good Luck
FG
was the actual virus on the server? I ran sophos on the exchange server but we only have the server client version not any actual mail scanning antivirus software ( dont ask i've only just joined.. ) and it picked up 80 virus's!!! but before i panic over them are they actually active or just sat in a users mail box? yes they are a problem that needs addressing but how can i tell if they are the actual prob - eg theres no bulk mailing going out etc that would indicate a mass mail virus?
Sounds daft but make sure your DNS is working OK. Verify lookups on clients and servers. Do you have just one DC?
If it is Blaster
Blaster is a worm and infects machines using a buffer overrun on port 135. This will kill the RPC services on your servers causing all kinds of strange behaviour.
ms03-026 and ms03-039 bulletins will lead you to the patches.
If it is Blaster
Blaster is a worm and infects machines using a buffer overrun on port 135. This will kill the RPC services on your servers causing all kinds of strange behaviour.
ms03-026 and ms03-039 bulletins will lead you to the patches.
Gassing Station | Computers, Gadgets & Stuff | Top of Page | What's New | My Stuff