[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Loss of DNS ability from workstations after a run of MsiInstaller and NtServicePack events.

Posted on 2009-04-21
3
Medium Priority
?
280 Views
Last Modified: 2013-12-23
It appears we were hit with something that caused a number of our machines to lose the ability to connect to our domain, resolve external host names and browse the internet.  In looking in the Event logs each of the affected workstations shows a series of MsiInstaller messages in the Application log (Event IDs 11728 and 1019) for each product that had been installed via MsiInstaller and a series of NtServicePack (Event ID 4382) messages in the System log stating that various MS updates have been removed.  These two series of events took place at the same time.  Following on the heels of these events are a DHCP (Event ID 1003) warning that the IP address can not be renewed (for our DHCP clients) and also a NETLOGON (Event ID 5719) error that no domain controller is available for this domain.  Has anyone seen this before?  Is this a virus or malware attack?  All the workstations are running XP Pro and all servers are W2K3.  Thank for anyhelp in advance.
0
Comment
Question by:WPAOG-ISD
  • 2
3 Comments
 

Author Comment

by:WPAOG-ISD
ID: 24201940
Just a clarification on the Event log entries. In actuality very few of the events refer to the removal or uninstallation of actual products.  Almost every one refers to a MS patch or update.  One machine has 37 KB?????? updates removed.
0
 

Accepted Solution

by:
WPAOG-ISD earned 0 total points
ID: 24314097
Turns out this was actually a full network and remediation scan that ran in reverse.  Instead of identifying missing patches and updates and then installing them this routine rolled back all installed patches and updates that were in our missing check list.  In so doing in whacked the TCP/IP stack on all machines effected and also disrupted DHCP, DNS and domain replication on our domain controllers.  There is a setting in GFI LANGuard that allows roll backs which we accidently set.  We're still not sure how.  The recover was fairly simple.  We used GFI LANGuard to re-push the patches and updates to the workstations.  For those we could not access we download all this missing patches to a thumb drive and applied them from there.  The servers were another story.
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

An article on effective troubleshooting
This article will help to fix the below errors for MS Exchange Server 2016 I. Certificate error "name on the security certificate is invalid or does not match the name of the site" II. Out of Office not working III. Make Internal URLs and Externa…
This video shows how to quickly and easily deploy an email signature for all users in Office 365 and prevent it from being added to replies and forwards. (the resulting signature is applied on the server level in Exchange Online) The email signat…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Suggested Courses

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question