We help IT Professionals succeed at work.

We've partnered with Certified Experts, Carl Webster and Richard Faulkner, to bring you a podcast all about Citrix Workspace, moving to the cloud, and analytics & intelligence. Episode 2 coming soon!Listen Now

x

The system has detected a possible attempt to comprimise secuirty

chriswolf
chriswolf asked
on
Medium Priority
342 Views
Last Modified: 2010-04-20
I am running Windows 2003 Small Business Server (R2), with 5 clients. If I leave the client PC's on overnight, they lose connection with the server. I get the message "The system has detected a possible attempt to comprimise secuirty" If I log off then back on, I'm ok. It also seems to take a long time to log into Windows XP Pro. It hangs up on Applying Personal Settings. I have read other answers in this forum and have tried everything people suggested. I made sure the NIC card power saving is off, I tried both manual IP addresses and using DHCP. I checked my DNS settings. They seem to be fine. Any other idieas?
Comment
Watch Question

Jeffrey Kane - TechSoEasyPrincipal Consultant
CERTIFIED EXPERT
Most Valuable Expert 2016
Top Expert 2014

Commented:
How about posting a COMPLETE ipconfig /all from both the SBS and a sample workstation so we can understand your settings.

Jeff
TechSoEasy

Author

Commented:
IP: 192.168.0.2
Sub: 255.255.255.0
Gateway: 192.168.0.1
DNS: 192.168.0.2
DNS2: 192.168.254.254
WINS Server: 192.168.1.103
This is the server ipconfig/all
Brian PiercePhotographer
CERTIFIED EXPERT
Awarded 2007
Top Expert 2008

Commented:
Make sure the firewalls allows TCP port 88 and UDP port 88.
See http://support.microsoft.com/kb/938457 and make sure that your clients have preferred DNS server set to point to the SBS machine (many be manual or vis DHCP)
Jeffrey Kane - TechSoEasyPrincipal Consultant
CERTIFIED EXPERT
Most Valuable Expert 2016
Top Expert 2014

Commented:
That's not a COMPLETE ipconfig /all

But I can tell that you have some serious issues that need changing... so, please post the complete reports.

To do this, open a command prompt and enter IPCONFIG /ALL.  Then, right click on the title bar of that window to access edit > select all, then hit the ENTER key to copy.  You can paste to notepad and edit if you like...

While there is nothing in an IPCONFIG /ALL that would compromise the security of your network (this is the most often requested output in any support forum), there may be items which would provide your identity and therefore compromise your privacy if that is of concern.

Therefore, if you feel that it's necessary, you can modify the domain name, but please only modify anything that is identifiable to something generic.  Such as changing TechSoEasy.local to MyCompany.local.  If you have any public IP addresses, please just replace the last two octets with ***.***, and some people do not like to have the MAC (Physical) address shown... if you like, just modify he last few sections of these to **-**-**.

Jeff
TechSoEasy

Author

Commented:
C:\DOCUME~1\ADMINI~1>ipconfig/all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : server
   Primary Dns Suffix  . . . . . . . : RiegelEngineering.local
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : RiegelEngineering.local

Ethernet adapter Server Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel(R) 82566DC Gigabit Network Connecti
on
   Physical Address. . . . . . . . . : 00-19-D1-DE-60-47
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.0.2
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.0.1
   DNS Servers . . . . . . . . . . . : 192.168.0.2
                                       192.168.254.254
   Primary WINS Server . . . . . . . : 192.168.1.103
Jeffrey Kane - TechSoEasyPrincipal Consultant
CERTIFIED EXPERT
Most Valuable Expert 2016
Top Expert 2014

Commented:
Okay... I'd still like to see the one from a sample workstation...

But first let's fix your server.

Please open Network Connections > Server Local Area Connection > Properties > Internet Protocol (TCP/IP) > Properties and change the following:

DNS Servers:  Remove 192.168.254.254
Primary WINS Server:  change to 192.168.0.2

Then, please rerun the Configure Email and Internet Connection Wizard (CEICW -- linked as "Connect to the Internet on the To-Do list in the Server Management Console)

A visual how-to for that is here:  http://sbsurl.com/ceicw

Jeff
TechSoEasy

Author

Commented:
If I remove the 192.168.254.254, what do I replace it with? Here is the workstation ipconfig:
Microsoft(R) Windows DOS
(C)Copyright Microsoft Corp 1990-2001.

C:\DOCUME~1\KBENNE>ipconfig/all

Windows IP Configuration

        Host Name . . . . . . . . . . . . : KAREN
        Primary Dns Suffix  . . . . . . . : RiegelEngineering.local
        Node Type . . . . . . . . . . . . : Hybrid
        IP Routing Enabled. . . . . . . . : No
        WINS Proxy Enabled. . . . . . . . : No
        DNS Suffix Search List. . . . . . : RiegelEngineering.local

Ethernet adapter Local Area Connection:

        Connection-specific DNS Suffix  . :
        Description . . . . . . . . . . . : GVC-REALTEK Ethernet 10/100 PCI Adap
ter
        Physical Address. . . . . . . . . : 00-C0-A8-88-5E-23
        Dhcp Enabled. . . . . . . . . . . : No
        IP Address. . . . . . . . . . . . : 192.168.0.20
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 192.168.0.1
        DNS Servers . . . . . . . . . . . : 192.168.0.2

C:\DOCUME~1\KBENNE>
Jeffrey Kane - TechSoEasyPrincipal Consultant
CERTIFIED EXPERT
Most Valuable Expert 2016
Top Expert 2014

Commented:
"If I remove the 192.168.254.254, what do I replace it with?"

Nothing... you should only have one DNS Server IP address configured, and that should be your SBS' IP.

For your workstations, if you want the best performance and the least amount of management issues, you really should be using DHCP, and DHCP should be running from the SBS.  If DHCP is already running on the SBS, then just change the settings on your workstations to Automatically get IP Address for both IP and DNS.

If DHCP is not running on your SBS (ie, it was running on your router when you first set up your SBS -- which would have made SBS not install DHCP), then please follow the steps at the bottom of this document to restore it to the server:  http://sbsurl.com/dhcp

Jeff
TechSoEasy

Author

Commented:
Thanks for the great help. I have changed the configuration to run DHCP from the SBS. I will see in a few days if everyone stays connected with no errors! Thanks again.
Principal Consultant
CERTIFIED EXPERT
Most Valuable Expert 2016
Top Expert 2014
Commented:
no problem!

Jeff
TechSoEasy

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.