?
Solved

Files vanishing!!!  2008 R2 Server

Posted on 2013-11-23
10
Medium Priority
?
156 Views
Last Modified: 2014-03-24
We have probably the strangest issue with a client that is running 2 basically identical sites with files randomly missing from their main network application.   I am reaching out to all experts for any suggestions.  We have been dealing with this for 3 weeks

Here is an overview of the basics of the sites...then the issue at hand to follow.

SITE A:   WORKGROUP -  2 x 2008 R2 servers No domain controllers - WORKGROUP
SUBNET:   192.168.0.x  approx 40 pcs on the LAN

SITE B:  WORKGROUP - 2 x 2008 R2 servers No domain controllers - WORKGROUP
SUBNET:   192.168.1.x  approx 38 pcs on the LAN

Sites both have SONICWALL tz210s with a VPN gateway to gateway VPN established.  The VPN is used only for mail traffic - Exchange server residing at SITE A


The customers main application resides on SERVER 1 at each location.  The type of application they run resides server side - the client runs an executable \\server\program\application.exe MU 192.168.0.2
My understanding is it runs in memory as there is no actual installer on the workstation,  no registry entries locally on any pc.

THE PROBLEM:

Some of the file in the directory \\server\program\*.* go missing !!!   28 FILES approx of 1422
*What we have setup as a bandaid fix in the meantime is a batch file that will quickly sync a backup for the program and the damaged directory*
 
STATS on the SYNC JOB:
SOURCE = 1422 FILES   78 FOLDERS       TARGET = 1394 FILES    78 FOLDERS
28 FILES are missing from the server before restoration??  

Once we restore the files they are able to go back in and work no problem.  The actual database I need to mention is on D drive in a master share - these are never touched!  Its only ever the program files themselves that go missing.

MORE INFO:
IT is totally random.   It can be anytime of day / week.   Sometimes they will go 5 6 days with no problem.  Other times it will happen 3 times in one day!
Sometimes it happens in the morning ..sometimes at night.
NOW - the other side SITE B has reported the same issue!!   SITE A occurs far more often 95% SITEB  only a few times.

We have ESET av on both sides scanning no obvious trojans.

AUDIT:  we setup auditing on the SITE A server and have successfully flagged a few different pcs sending the request for deletion!!!!

We are at a total loss - the customer has been reasonable - however I desperately need to get a solution.   They can be running to the server to sync the files back in all the time

HELP!???
0
Comment
Question by:j-teksolutions
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
10 Comments
 
LVL 21

Expert Comment

by:CompProbSolv
ID: 39671739
It sounds as if this is the key:
"AUDIT:  we setup auditing on the SITE A server and have successfully flagged a few different pcs sending the request for deletion!!!!"

If I am understanding correctly, you have PCs that are deleting the files on the server.  The question is why they are doing that.  My first thought would be that there is something in the application that is doing it.

Can you mark these files read-only?  That would likely generate an error on the PCs when they request the files to be deleted.
0
 
LVL 1

Author Comment

by:j-teksolutions
ID: 39671751
Very interesting.... I like the idea of marking them as read only.
I wonder if we will see errors on the clients.
Its worth a try!
0
 
LVL 1

Author Comment

by:j-teksolutions
ID: 39671770
One thought.  If the remote user that is logged on various workstations is an admin..will they have the ability still to delete a read only file?
0
The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

 
LVL 1

Author Comment

by:j-teksolutions
ID: 39671775
From a post:  Warning

Read-only files can't be modified, but they can be copied, moved, renamed, or deleted. It's possible that moving, renaming, or deleting a read-only file can cause a program that relies on the file to stop working properly.
0
 
LVL 1

Author Comment

by:j-teksolutions
ID: 39671776
This may not accomplish anything as you can still delete the read only file
0
 
LVL 1

Author Comment

by:j-teksolutions
ID: 39671798
Ok - I manually removed the security for each of the 22 files in our spare backup folder.
I have made it so no one can delete
Once I confirm with the client - we will write in these read only files
0
 
LVL 96

Expert Comment

by:Lee W, MVP
ID: 39671844
To be clear - make the files NTFS Permissions Read Only - NOT the file attribute.  File Attribute doesn't do much.
0
 
LVL 1

Expert Comment

by:Solpak
ID: 39675008
Hi

It looks like you may have some kind of virus on the local PCs, especially the ones that you have been able to audit and see the deletion requests from.

Full ESET and Malwarebytes scans on all PCs in the network would be my recommendation.
0
 
LVL 1

Accepted Solution

by:
j-teksolutions earned 0 total points
ID: 39756054
We have limited the power of their general shared user on the server...so far no deletions but this does not tell us why a deletion request would initiate:(
0
 
LVL 1

Author Closing Comment

by:j-teksolutions
ID: 39949771
ITs not the answer I wanted but it worked thanks everyone
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

OfficeMate Freezes on login or does not load after login credentials are input.
This article explains how to install and use the NTBackup utility that comes with Windows Server.
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question