Link to home
Start Free TrialLog in
Avatar of WPAOG-ISD
WPAOG-ISDFlag for United States of America

asked on

Loss of DNS ability from workstations after a run of MsiInstaller and NtServicePack events.

It appears we were hit with something that caused a number of our machines to lose the ability to connect to our domain, resolve external host names and browse the internet.  In looking in the Event logs each of the affected workstations shows a series of MsiInstaller messages in the Application log (Event IDs 11728 and 1019) for each product that had been installed via MsiInstaller and a series of NtServicePack (Event ID 4382) messages in the System log stating that various MS updates have been removed.  These two series of events took place at the same time.  Following on the heels of these events are a DHCP (Event ID 1003) warning that the IP address can not be renewed (for our DHCP clients) and also a NETLOGON (Event ID 5719) error that no domain controller is available for this domain.  Has anyone seen this before?  Is this a virus or malware attack?  All the workstations are running XP Pro and all servers are W2K3.  Thank for anyhelp in advance.
Avatar of Zuhir Elgmati
Zuhir Elgmati
Flag of Libya image

Avatar of WPAOG-ISD

ASKER

Just a clarification on the Event log entries. In actuality very few of the events refer to the removal or uninstallation of actual products.  Almost every one refers to a MS patch or update.  One machine has 37 KB?????? updates removed.
ASKER CERTIFIED SOLUTION
Avatar of WPAOG-ISD
WPAOG-ISD
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial