?
Solved

The system has detected a possible attempt to comprimise secuirty

Posted on 2007-07-19
10
Medium Priority
?
282 Views
Last Modified: 2010-04-20
I am running Windows 2003 Small Business Server (R2), with 5 clients. If I leave the client PC's on overnight, they lose connection with the server. I get the message "The system has detected a possible attempt to comprimise secuirty" If I log off then back on, I'm ok. It also seems to take a long time to log into Windows XP Pro. It hangs up on Applying Personal Settings. I have read other answers in this forum and have tried everything people suggested. I made sure the NIC card power saving is off, I tried both manual IP addresses and using DHCP. I checked my DNS settings. They seem to be fine. Any other idieas?
0
Comment
Question by:chriswolf
  • 5
  • 4
10 Comments
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 19526991
How about posting a COMPLETE ipconfig /all from both the SBS and a sample workstation so we can understand your settings.

Jeff
TechSoEasy
0
 

Author Comment

by:chriswolf
ID: 19527318
IP: 192.168.0.2
Sub: 255.255.255.0
Gateway: 192.168.0.1
DNS: 192.168.0.2
DNS2: 192.168.254.254
WINS Server: 192.168.1.103
This is the server ipconfig/all
0
 
LVL 70

Expert Comment

by:KCTS
ID: 19527381
Make sure the firewalls allows TCP port 88 and UDP port 88.
See http://support.microsoft.com/kb/938457 and make sure that your clients have preferred DNS server set to point to the SBS machine (many be manual or vis DHCP)
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 19527418
That's not a COMPLETE ipconfig /all

But I can tell that you have some serious issues that need changing... so, please post the complete reports.

To do this, open a command prompt and enter IPCONFIG /ALL.  Then, right click on the title bar of that window to access edit > select all, then hit the ENTER key to copy.  You can paste to notepad and edit if you like...

While there is nothing in an IPCONFIG /ALL that would compromise the security of your network (this is the most often requested output in any support forum), there may be items which would provide your identity and therefore compromise your privacy if that is of concern.

Therefore, if you feel that it's necessary, you can modify the domain name, but please only modify anything that is identifiable to something generic.  Such as changing TechSoEasy.local to MyCompany.local.  If you have any public IP addresses, please just replace the last two octets with ***.***, and some people do not like to have the MAC (Physical) address shown... if you like, just modify he last few sections of these to **-**-**.

Jeff
TechSoEasy
0
 

Author Comment

by:chriswolf
ID: 19527475
C:\DOCUME~1\ADMINI~1>ipconfig/all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : server
   Primary Dns Suffix  . . . . . . . : RiegelEngineering.local
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : RiegelEngineering.local

Ethernet adapter Server Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel(R) 82566DC Gigabit Network Connecti
on
   Physical Address. . . . . . . . . : 00-19-D1-DE-60-47
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.0.2
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.0.1
   DNS Servers . . . . . . . . . . . : 192.168.0.2
                                       192.168.254.254
   Primary WINS Server . . . . . . . : 192.168.1.103
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 19528098
Okay... I'd still like to see the one from a sample workstation...

But first let's fix your server.

Please open Network Connections > Server Local Area Connection > Properties > Internet Protocol (TCP/IP) > Properties and change the following:

DNS Servers:  Remove 192.168.254.254
Primary WINS Server:  change to 192.168.0.2

Then, please rerun the Configure Email and Internet Connection Wizard (CEICW -- linked as "Connect to the Internet on the To-Do list in the Server Management Console)

A visual how-to for that is here:  http://sbsurl.com/ceicw

Jeff
TechSoEasy

0
 

Author Comment

by:chriswolf
ID: 19528555
If I remove the 192.168.254.254, what do I replace it with? Here is the workstation ipconfig:
Microsoft(R) Windows DOS
(C)Copyright Microsoft Corp 1990-2001.

C:\DOCUME~1\KBENNE>ipconfig/all

Windows IP Configuration

        Host Name . . . . . . . . . . . . : KAREN
        Primary Dns Suffix  . . . . . . . : RiegelEngineering.local
        Node Type . . . . . . . . . . . . : Hybrid
        IP Routing Enabled. . . . . . . . : No
        WINS Proxy Enabled. . . . . . . . : No
        DNS Suffix Search List. . . . . . : RiegelEngineering.local

Ethernet adapter Local Area Connection:

        Connection-specific DNS Suffix  . :
        Description . . . . . . . . . . . : GVC-REALTEK Ethernet 10/100 PCI Adap
ter
        Physical Address. . . . . . . . . : 00-C0-A8-88-5E-23
        Dhcp Enabled. . . . . . . . . . . : No
        IP Address. . . . . . . . . . . . : 192.168.0.20
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 192.168.0.1
        DNS Servers . . . . . . . . . . . : 192.168.0.2

C:\DOCUME~1\KBENNE>
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 19528647
"If I remove the 192.168.254.254, what do I replace it with?"

Nothing... you should only have one DNS Server IP address configured, and that should be your SBS' IP.

For your workstations, if you want the best performance and the least amount of management issues, you really should be using DHCP, and DHCP should be running from the SBS.  If DHCP is already running on the SBS, then just change the settings on your workstations to Automatically get IP Address for both IP and DNS.

If DHCP is not running on your SBS (ie, it was running on your router when you first set up your SBS -- which would have made SBS not install DHCP), then please follow the steps at the bottom of this document to restore it to the server:  http://sbsurl.com/dhcp

Jeff
TechSoEasy
0
 

Author Comment

by:chriswolf
ID: 19535434
Thanks for the great help. I have changed the configuration to run DHCP from the SBS. I will see in a few days if everyone stays connected with no errors! Thanks again.
0
 
LVL 74

Accepted Solution

by:
Jeffrey Kane - TechSoEasy earned 2000 total points
ID: 19537927
no problem!

Jeff
TechSoEasy
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This is my 3rd article on SCCM in recent weeks, the 1st (http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Windows_Server_2008/A_4466-A-beginners-guide-to-installing-SCCM2007-on-Windows-2008-R2-Server.html) dealing with installat…
I work for a company that primarily works with small businesses as their outsourced IT vendor. As such the majority of these customers utilize some version of Small Business Server. Due to the economics of running a small business, many of these cus…
This video shows how to quickly and easily deploy an email signature for all users in Office 365 and prevent it from being added to replies and forwards. (the resulting signature is applied on the server level in Exchange Online) The email signat…
Whether it be Exchange Server Crash Issues, Dirty Shutdown Errors or Failed to mount error, Stellar Phoenix Mailbox Exchange Recovery has always got your back. With the help of its easy to understand user interface and 3 simple steps recovery proced…

807 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question