I am having a major problem with a Dell Poweredge 2950.
This morning I was called out because 'no-one could log on to the server' at a client's office.
I tried logging in remotely and the administrator password did not work.
Logging on locally with the administrator password also failed.
I then restarted and went into directory restore mode, and reset the AD administrator password using the guide at http://www.nobodix.org/seb/win2003_adminpass.html
After gaining access to the server, I logged on and the D drive was missing, all user accounts bar Administrator and a printer account are missing.
I checked the disk manager, and D drive was showing an unallocated disk, so I restored the partition using http://www.cgsecurity.org/wiki/TestDisk
The partition is now back, although the data that was in the 'network share' folder (main working folder for staff) is GONE!!!
There are also no network shares set up either
Things like the POP retrieval accounts are still there but obviously no exchange mailboxes.
I then restarted the machine, and noticed that the RAID array was degraded, so I set it to rebuild which it is currently doing......
Do you think this is a malicious attack of some kind? Or some sort of bug/disk error
I have a full backup that was last run (and seemed to fail) on Christmas Day... and 6 days of backups before then, but no installation media handy
Thanks in advance