FeikeOnline
asked on
Server Crash / Windows NT 4.0
Hello everyone,
Last week we had a servercrash for the 4th time within 6 months. All four times were exactly the same causes (as for as we think). These are the symptoms:
- the desktop is completely empty and has a gray color.
- The programfolderlist in the startmenu Is totally empty.
- If we open the windows explorer we get a error “acces denied”. This is because all useraccount are deleted.
- If we approach the server from another pc, we see that the system32 folder is completely empty. Round about 75 % off all files are gone.
Things that are still operational (as long as we don’t reboot the server) are things like shares, printers, useraccounts, etc.
People who are working on the server are not awear on whats going one, the can still work.
The configuration on the server is as following:
- Windows NT 4.0 server with servicepack 6a wich acts like a PDC
- Backup Exec 9.1
- Mcafee E-policy Orchestrator
Between the first en the second crash we have changed from servername and IP adres. We also changed the entire server (hardware).
If we scan the harddisk for viruses the scanner doesn’t find anything suspicious. The scanner scans every night.
After the second crash we installed windows nt 4.0 server next to the winnt directoy wich crashed. So we created a winnt2 directory next to the other. At this way we where able to install a un-delete tool wich could tell us at what time al the files were deleted. For example at 12.00 PM exactly.
Lucky for us that this is no critical server. We have al important data and apps stored on the BDC. So everyone can stille continue working. We just really wanna know what the cause of this all is.
I thank you in advance,
BR
A systemadministrator
Last week we had a servercrash for the 4th time within 6 months. All four times were exactly the same causes (as for as we think). These are the symptoms:
- the desktop is completely empty and has a gray color.
- The programfolderlist in the startmenu Is totally empty.
- If we open the windows explorer we get a error “acces denied”. This is because all useraccount are deleted.
- If we approach the server from another pc, we see that the system32 folder is completely empty. Round about 75 % off all files are gone.
Things that are still operational (as long as we don’t reboot the server) are things like shares, printers, useraccounts, etc.
People who are working on the server are not awear on whats going one, the can still work.
The configuration on the server is as following:
- Windows NT 4.0 server with servicepack 6a wich acts like a PDC
- Backup Exec 9.1
- Mcafee E-policy Orchestrator
Between the first en the second crash we have changed from servername and IP adres. We also changed the entire server (hardware).
If we scan the harddisk for viruses the scanner doesn’t find anything suspicious. The scanner scans every night.
After the second crash we installed windows nt 4.0 server next to the winnt directoy wich crashed. So we created a winnt2 directory next to the other. At this way we where able to install a un-delete tool wich could tell us at what time al the files were deleted. For example at 12.00 PM exactly.
Lucky for us that this is no critical server. We have al important data and apps stored on the BDC. So everyone can stille continue working. We just really wanna know what the cause of this all is.
I thank you in advance,
BR
A systemadministrator
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
To be honest i don't think it would matter if I re-format the entire sytem en install everything again.
This because we changed server / servername / ip-adress after the first crash. We also installed a new PDC server from the beginning on.
Off course it alsways better to re-format te server and start all over again. The only thing is that we have to upgrade our BDC to a PDC to keep the SAM db. Then we can install a whole new fresh BDC. The problem then is that our new PDC is the server wich all data and apps is stored on. If the new PDC gets hit then ( as it happened before ) then we have a bigger problem, because no-one can work anymore.
Anyway thank you for taking the time for being busy with this problem. I'll hope that maby someone else is recognizing this issue.
This because we changed server / servername / ip-adress after the first crash. We also installed a new PDC server from the beginning on.
Off course it alsways better to re-format te server and start all over again. The only thing is that we have to upgrade our BDC to a PDC to keep the SAM db. Then we can install a whole new fresh BDC. The problem then is that our new PDC is the server wich all data and apps is stored on. If the new PDC gets hit then ( as it happened before ) then we have a bigger problem, because no-one can work anymore.
Anyway thank you for taking the time for being busy with this problem. I'll hope that maby someone else is recognizing this issue.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Yes I have backup tapes. We make a full backup every night with backup exec 9.0. The type of firewall we use is unknown. This because we make a part of a worldwide network. The people wich control the WAN can not help us. We us a proxyserver wich is placed in France. So there is the firewall. We dont us firewalls between LAN - LAN. only WAN - INTERNET.
Can you tell me some more details about NT has been comprimized?
tnx
Can you tell me some more details about NT has been comprimized?
tnx
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
http://www.serverwatch.com/tutorials/article.php/2176171