Solved

SBS 2008 Problems

Posted on 2011-09-16
9
619 Views
Last Modified: 2012-05-12
We recently acquired a client whose server was heavily distressed.  It is a physical server running Windows SBS 2008.  It has been badly neglected and poorly handled and we need to right the ship.  Before I go much further I'd like to avoid any responses that include "what was changed recently" or "rebuild the server from scratch".  I can't say what was changed recently because until a few days ago we had no control over this box and the rebuild isn't an option I'm willing to accept.  There is a lot of data, Active directory, and a live Exchange server in place.  Too many moving parts to consider a rebuild from scratch.  The critical problems at this point are:

1

The server will only boot into Windows using the "disable drivers to be digitally signed" under advanced boot options.  This wasn't the first problem we ran into but it did cause them to be down for the majority of a day.  I'm guessing the previous company knew this little tidbit and was babying the server along for quite some time.  We've removed a suspicious LogMeIn mirror driver and plan to get SP2 and all other updates in place immediately.  Aside from that, any other suggestions?

2

The control panel won't open.  I've tried changing from Start Menu to Classic Start menu, no success.  Also many of the ".cpl" links don't work from a command prompt/run line.  A few other similar type of items won't open.  If I right click on my computer and do a properties I get nothing and the Network and sharing center doesn't open.  Control panel does briefly flash when I attempt to open but never opens to a usable state.  I'm all ears I have no rabbit's to pull out of the hat at this point.

3

The SBS Console won't launch.  This is kind of important since a lot of tasks have to be performed from the SBS console.  Plan on doing a repair outlined here http://technet.microsoft.com/en-us/library/dd430086(WS.10).aspx  If that doesn't work I'd love to have a suggestion on what to pursue after that.

SBS isn't a product I have a ton of experience with, more versed in Server Standard / Enterprise.  Any and all help is appreciated.  Thanks!
0
Comment
Question by:sqlBarth
  • 3
  • 3
  • 2
  • +1
9 Comments
 
LVL 14

Expert Comment

by:setasoujiro
Comment Utility
All of these things lead me to beliece you have a malwareinfection or rootkit.
Especially the driver part. Can you try and run malarebytes on itand see what happens?
0
 

Author Comment

by:sqlBarth
Comment Utility
We will run a malware scan at some point over the weekend.  This server is going to get a whole lot of attention over the weekend.  Thanks for the input.
0
 
LVL 14

Expert Comment

by:setasoujiro
Comment Utility
No prob. Also check out and post the event logs (if any)
Thanks
0
 

Author Comment

by:sqlBarth
Comment Utility
Be prepared, those event logs are dirty as all get out.  Our hopes is that just getting the basics in place, like current windows updates and service packs for Windows and Exchange will clear a lot these problems out.
0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 
LVL 14

Expert Comment

by:setasoujiro
Comment Utility
Im interested in errors regarding : memoryleaks/violations/mmc
0
 
LVL 10

Expert Comment

by:SuperTaco
Comment Utility
Another thing you might want to check is to see if IPv6 is improperly disabled.  if it's just disabled on the NIC and not in the registry or if there are still IPv6 settings in hostfile.  

http://support.microsoft.com/kb/929852

This will affect eh SBS console believe it or not.  The SBS won't be able to find itself.  If you're not using IP v6 anywhere on the network, it should really be disabled on all 2008 servers.
0
 
LVL 56

Accepted Solution

by:
Cliff Galiher earned 250 total points
Comment Utility
Do not disable IPv6. Vista/2008/R2/Win7 support a dual stack network and therefore it is not necessary, or ever beneficial, to enable IPv6. Claims that it I proves performance or was causing issues have, when legitimately Investigated, eventually proven to be caused by other network issues unrelated to IPv6. I have NEVER seen a substantiated case where this is not true.

But back to the topic at hand. You have serious corruption. Even if it is malware related, this is a domain controller, so hoping a remover can clean it AND keep your server running is an incredible risk. Your server runs. Exchange works. This means AD and Exchange are intact. In my mind, the choice then becomes clear.

Rebuild (but not from scratch.) Perform a 2008 to 2008 migration. You will be preserving the necessary business's continuity data such as AD and exchange, but get the benefit of a new system Install/OS install, and most importantly, can be done with minimal to no service interruption on the client.

-Cliff
0
 
LVL 10

Assisted Solution

by:SuperTaco
SuperTaco earned 250 total points
Comment Utility
@cqaliher:  I have seen plenty of issues caused by IPv6 being enabled on a network, mainly with DNS.  If IPv6 is not used on the network, it must be disabled.  I've seen plenty of cases where the SBS cannot find itself, and therefore causing issues with Exchange and AD.  As soon as IPv6 is gone,the issue goes away.  this has even been the case on calls I have placed to M$.  

I do agree with you that the nest best step is to completely redo the migration.  
0
 

Author Comment

by:sqlBarth
Comment Utility
We have abandoned the notion of "fixing" the server and are making plans of moving them into new hardware.  At that time we will be migrating them away from the SBS server and into a hyper-v server with three or four guest servers depending on needs.  We are uncovering more problems everyday and a fresh rebuild from top to bottom is in order.

Thanks for everybody's input.
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Scenario:  You do full backups to a internal hard drive in either product (SBS or Server 2008).  All goes well for a very long time.  One day, backups begin to fail with a message that the disk is full.  Your disk contains many, many more backups th…
Redirected folders in a windows domain can be quite useful for a number of reasons, one of them being that with redirected application data, you can give users more seamless experience when logging into different workstations.  For example, if a use…
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

6 Experts available now in Live!

Get 1:1 Help Now