are there any specific event logs on windows (windows 7) that indicate the exact time a machine was powered on and off. I know from analysis and testing of security.evtx its pretty close if you pick the first and last event of the day to the time a machine has been on/off but I did wonder if there was an exact event in one of the windows and/or applications and services logs which would specifically relate to power on/off for a laptop device.

Setup: Windows 2019 Server with 2 network cards: 1 and 2.
Assigned static IP 192.168.0.111 to NIC 1 netmask 255.255.255.0, DG 192.168.0.1, no problem.
When assigning static IP 192.168.0.112, netmask  255.255.255.0 DG 192.168.0.1 it throws me a warning:
"Microsoft TCP/IP Warning - Multiple default gateways are intended to provide redundancy to a single network (such as an intranet or the internet). They will not function properly when the gateways are on two separate, disjoint networks (such as one on your intranet and one on the internet). Do you want to save this configuration?"
I said yes, but then I lost connection to the internet. Ran the troubleshooter and that reset NIC 2 to DHCP (dynamic).
I am probably missing something here.

Hello,

I have industrial machine needs to connect to an Access Point in order to download data through a software designed by the manufacturer, I am thinking instead of getting Physical Access Point "especially the machine is working in a sever application" to use Virtual Access point on the LAPTOP, tried ICS "Mobile Hotspot"  but this is not helpful because I need the machine to use 192.168.0.1 / 255.255.0.0

Is there any Free Virtual Access Point can be download works with Windows instead of using ICS  instead of physical AP? or is there a way in Windows 10 to change IP address and subnet Mask for the clients ?

Thank You

we have a process from icontrol enterprises that polls data from our point of sale box and sends to server to process into usable information.  something changed in windows settings the other day and it can no longer get to the server address it is trying to access. (https://i3.icontrol-enterprise.com/icelinkws/icelinkws.asmx).
it says cant connect.  there is some info i found in a log file (see below) that maybe says what needs to be done???
i turned off windows firewall and it still cant connect.  the sonicewall settings were restored to when it last connected fine and there was no change.
any idea what registry or system setting may need tweaking to fix this based on the logfile info?
ps  this is the other icontrol website and it connects to this one fine (https://s3.amazonaws.com/icontrol/awstest.txt)

this shows in the log:
12:37:56 Aug 16 713 Network Debug TCP connection abort received; TCP connection dropped 96.81.83.26, 50978, X0 54.183.140.32, 443, X1 tcp TCP Flag(s):
ACK RST  
12:37:53 Aug 16 1233 Firewall Settings Notice Unhandled link-local or multicast IPv6 packet dropped fe80::5de:548b:4811:2597, 52847, X0 ff02::1:3, 5355 udp  
12:37:53 Aug 16 522 Network Alert Malformed or unhandled IP packet dropped 0.0.0.0, 17, X1

I had a pc joined to the domain and then a Windows Update was applied. Network Discovery is greyed out, cannot access any network resources, and cannot disjoin / rejoin domain because that is greyed out as well. The services for Network Discovery won't start.

In our Kiwi syslog server that we use to accept logs/events from a
certain Linux custom appliance, we only see  "Local4: ..."  but we
can't see IP addresses of users who use that appliance
(it's called Garrison:  https://www.garrison.com/?lang=en )

The support for that product told us it's something we have to
configure in Kiwi syslog server.

Had been browsing all over Kiwi & there's nothing in Kiwi that we
configure.

Correct me if I'm mistaken:
Q1:
is this something to be configured at syslog client end & not
syslog server?  My understanding is the level of logging is
configured at syslog client (in Linux/Unix, there's syslog.conf)

Q2:
Kiwi just receives everything that's sent to it via Udp514 &
doesn't filter off anything, right?

Hi EE,

I have a very strange problem at the place I'm currently living in.  My landlord is trialing a new Wifi connection this trial began at 11 am 1 day ago. No wireless configuration changes were required from my end and my tablet and mobile phone connected to the new wifi without issue. However, my Windows 7 desktop either by Wifi (using the same credentials as my mobile and tablet) or LAN DNS resolution doesn't work anymore I can ping external websites fine.

Tried setting my DNS to Google no luck.
Tried disabling IPv6 no luck.
Tried the ipconfig /flushdus, ipconfig /registerdns, ipconfig/release, ipconfig/renew no luck.
Tried the Netsh winsock, reset catalog, int ipv4 and ipv6 reset no luck

Event logs on my PC confirm the started have DNS issues at 11:03 am that day warning is:

The warning is event 1014 and the source is DNS client events. The general section reads, "Name resolution for the name [insert website URL] timed out after none of the configured DNS servers responded.

Any ideas I am completely stumped by this.

Thank you.

Hello,

I've been given two servers for a PHP project inside my company (one for PHP and the other for MS SQL) but my local system administrator has never dealt with remote SQL connections (yeah, I know).

I've managed to use his admin session (thru Skype's desktop presentation) and configured the SQL instance to use a fixed port instead of dynamic (to avoid headaches in the future). I've also created an inbound rule in the SQL server's firewall that allows that same TCP port for the domain. I didn't create an inbound UDP rule for the SQL Browser because I'm not using a dynamic port.

Also, the user that I'm using in my PHP script was created under Security -> Logins but within the database, instead under Security -> Logins for the entire SQL instance. It was created as dbreader and dbwriter only.

This is how my PHP connection looks like (the x are IP address and NNNNN is the port):

$servername = "xxx.xxx.xxx.xxx\\INSTANCENAME, NNNNN";
$connectionInfo = array( "Database"=>"MY_DB_NAME", "UID"=>"loginname", "PWD"=>"somepassword" );
$conn = sqlsrv_connect( $servername, $connectionInfo );

if ($conn) {
     echo "yup";
} else {
     echo "nope";
}

Select all Open in new window

What else can I try to make the connection happen?

BTW, both sqlsrv and pdo_sqlsrv extensions are loading fine in PHP.

Both servers are Windows Server 2016 and SQL is also 2016.

Thanks in advance!

Recently installed a new Windows 2008 R2 Server and now the workstations are unable to map to the shared folders on the server.  I can ping the server by name or IP but not map a drive.  I have tried with and without the Firewall Service running.

we experience print job hang if user try to print the file more then 4MB .But we try to configure the NB using local printer was fine.

if print using print server will hang the print server and have to manually delete the print job.

for testing purpose we using the same driver same as print server .Our print server is window server 2012.

at first ,we through is WiFi contested but we trying using LAN cable return the same result.

please advice ,we have facing the issue and how to solved it .Thanks

hi,
is there any method to remote check the type of lan cable plugging,  from network card device properties / other windows log?

I am doing a vmware microsegmentation project. In reviewing traffic flows, I see a lot of traffic on certain LANs UDP 137 and 138 which I believe is MS Netbios. So app server A might be talking to app server B via UDP at these ports say. if these traffic flows were not permitted within the LAN, what would the impact be on Windows networking?

OMG: This is driving me crazy!!!!

A user keeps getting his AD account locked every 20 minutes.

I've googled this to death, and even reached out to our ManageEngine AD Audit techs.

In a nutshell, Microsoft isn't capturing the source machine name or IP if the logon request is not from the MS platform (linux/mac) or the authentication request isn't Kerberos.

How in the world am I supposed to figure out the offending machine?

Using this command, then stopping and starting the logon service:
nltest /dbflag:0x2080ffff

The widows\debug log reveals:
07/09 14:38:14 [LOGON] [4304] ECPHFD: SamLogon: Transitive Network logon of (null)\victim_user@ourdomain.com from (none) (via DC-2008-01) Entered
07/09 14:38:14 [LOGON] [4304] ECPHFD: SamLogon: Transitive Network logon of (null)\victim_user@ourdomain.com from (none) (via DC-2008-01) Returns 0xC000006A

"(NONE)" is NOT HELPFUL Microsoft !!!

I've ruled out that these are coming from the outside world so I'm left thinking this is a malicious internal brute force attack or a forgotten app using the user's old password.  We've shut down all of his devices and the problem persists.

#HELP!

Any ideas would be very much appreciated!

Helplessly yours,
Mike