Michael986
asked on
Questions regarding "Security Center" on Windows 2008 server
We had a virus on our system a while back which was subsequently removed, but it has left issues with the "Security Center" service on several of our servers. I've been trying to rectify these issues, but am coming up against different scenarios
Server1 (DC) - Windows 2008SP2 - Security Center service is present, but will not start, showing the following error :-
"Windows could not start the Security Center service on Local Computer. Error 1079: The account specified for this service is different from the account specified for other services running in the same process"
Server2 - Windows 2008SP2 - Security Centre service not present
Server3 - Windows 2008R2 - Security Center service is present, but will not start, showing same error as above
Server4 - Windows 2008R2 - Security Centre service not present
Q1 - Why is the service present on some servers and not others? My initial thought was that the infection had caused it to be removed on Server2, but Server 4 was installed AFTER the infection was removed, so that can't be the case for this server. Is it a service I need to install manually on Server4? If so, how do I go about doing so?
Q2 - As it seems Security Center wasn't installed by default on Server4 (and everything else is running fine on the rest of the servers) - what exactly does this service do? What am I missing by not having it installed / running on my servers?
Q3 - How can I get the service running again on Servers 1 & 3 - or (depending on the answer to Q2) do I need to worry about this?
Server1 (DC) - Windows 2008SP2 - Security Center service is present, but will not start, showing the following error :-
"Windows could not start the Security Center service on Local Computer. Error 1079: The account specified for this service is different from the account specified for other services running in the same process"
Server2 - Windows 2008SP2 - Security Centre service not present
Server3 - Windows 2008R2 - Security Center service is present, but will not start, showing same error as above
Server4 - Windows 2008R2 - Security Centre service not present
Q1 - Why is the service present on some servers and not others? My initial thought was that the infection had caused it to be removed on Server2, but Server 4 was installed AFTER the infection was removed, so that can't be the case for this server. Is it a service I need to install manually on Server4? If so, how do I go about doing so?
Q2 - As it seems Security Center wasn't installed by default on Server4 (and everything else is running fine on the rest of the servers) - what exactly does this service do? What am I missing by not having it installed / running on my servers?
Q3 - How can I get the service running again on Servers 1 & 3 - or (depending on the answer to Q2) do I need to worry about this?
First and foremost, take a full system backup, then...
From a quick look on our test servers, I've not seen this service on a fresh install. It looks to me that your environment is performing NAP, hence the service is present. Further reading: http://technet.microsoft.c
There is a known MS article about this: http://support.microsoft.c
You could try running 'sfc /scannow' from an elevated command prompt, to allow the system repair itself via files from the winsxs folder.
Supporting DavisMcCarn comment about the All In One Repair Tool, I've found after running this tool in a domain environment, be sure to change the NETLOGON service from manual to automatic and start it up, otherwise you'll open another can of worms.
Best of luck!
From a quick look on our test servers, I've not seen this service on a fresh install. It looks to me that your environment is performing NAP, hence the service is present. Further reading: http://technet.microsoft.c
There is a known MS article about this: http://support.microsoft.c
You could try running 'sfc /scannow' from an elevated command prompt, to allow the system repair itself via files from the winsxs folder.
Supporting DavisMcCarn comment about the All In One Repair Tool, I've found after running this tool in a domain environment, be sure to change the NETLOGON service from manual to automatic and start it up, otherwise you'll open another can of worms.
Best of luck!
ASKER
Thanks for the response guys.
I restored a backup of the server to a test platform and ran the Tweaking.com All in one repair tool - and as suggested, this has removed the 'Security Center' service all together, so from that perspective it's 'solved' the problem.
However, I'm still struggling to understand a couple of things :-
1. What does this service actually do?
2. How would I go about reinstalling it? I've looked into NAP, which suggests that the 'Network Policy and Access' role is required - but this is not installed on out server.
I restored a backup of the server to a test platform and ran the Tweaking.com All in one repair tool - and as suggested, this has removed the 'Security Center' service all together, so from that perspective it's 'solved' the problem.
However, I'm still struggling to understand a couple of things :-
1. What does this service actually do?
2. How would I go about reinstalling it? I've looked into NAP, which suggests that the 'Network Policy and Access' role is required - but this is not installed on out server.
As I said, the Security Center service is not a normal part of 2K8 R2. It is part of the desktop O/S' (XP, Vista, 7, & 8) and can be monitored by the server if you want to: http://technet.microsoft.com/en-us/library/dd320249(v=ws.10).aspx
ASKER
"As I said, the Security Center service is not a normal part of 2K8 R2"
I understand that, but it doesn't answer either of the questions. The server is actually W2K8 SP2 (not R2), but that aside, the "Security Center" service is installed on this server - So what would have been done to get it there in the first place (ie how would I go about installing / reinstalling it)? And what does it do on the server when it's up and running? (eg is there any software linked with it, or would an icon appear in Control Panel etc)
I understand that, but it doesn't answer either of the questions. The server is actually W2K8 SP2 (not R2), but that aside, the "Security Center" service is installed on this server - So what would have been done to get it there in the first place (ie how would I go about installing / reinstalling it)? And what does it do on the server when it's up and running? (eg is there any software linked with it, or would an icon appear in Control Panel etc)
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
OK, I understand now. I was thinking that the 'Security Center' service was a genuine service that had been corrupted, hence me asking several times about how to reinstall it.
But it seems that this is NOT a genuine service - at least not on W2K8 servers - and was probably put there by the infection.
I'll run the All-in-one repair on the servers which should get rid of this service.
Thanks for your help
But it seems that this is NOT a genuine service - at least not on W2K8 servers - and was probably put there by the infection.
I'll run the All-in-one repair on the servers which should get rid of this service.
Thanks for your help
2K8 R2 does not have it installed by default so I'd be very suspicious about what that service really is (The tool I listed above will reset the services to their defaults and it may well go away!)