K
Kevin
Help! I am the IT admin for a small company and we have a problem with our
server. Several weeks ago the server was hacked and all the accounts were
disabled in MS Exchange 2000. Even the admin account was disabled. It took
an outside consultant over five hours with a dictionary program to break
back into the server and help me to get it fixed. The hackers installed mIRC
and other software including some script that runs when the server boots. I
cannot find this script and do not know its purpose.
Last Saturday a new problem has developed. When the server boots I get a
screen titled Service Control Manager stating: At least one service or
driver failed during system startup. Use Event Viewer to examine the event
log for details.
After that screen the system seems to hang during the boot process on the
screen saying "Preparing network connections...". This often takes 10-15
minutes before I get the log on screen. This server is our PDC.
Once I have logged on to the server active directory is not present and MS
Exchange also is disabled. The computer cannot see the network. I can ping
the NIC and the router both with no lost packets but network is still
unavailable. When I try to access the active directory I get an error
message stating the "Naming information cannot be located because: The
server is not operational. Contact your system administrator to verify that
your domain is properly configured and is currently online." After this the
Active Directory Snap-In pops up with a red 'x' in the left pane.
From the Event Viewer I get the following errors: System Log: Print-The
PrintQueue Container could not be found because the DNS domain name could
not be retrieved. Warnings Netlogon-Dynamic registration or deregistration
of one or more DNS records failed because no DNS servers are available.
Another critical warning is DCOM Access denied attempting to launch a DCOM
Server. The server {9DA0E106-86CE-11D1-8699-00C04FB98036} The user is
SYSTEM/NT AUTHORITY,SID=S-1-5-18.
Another warning is Service Control Manager The Microsoft Exchange
Information Store service depends on the Microsoft Exchange System Attendant
service which failed to start because of the following error: %%0.
In the Directory Service Log I have a warning from NTDS: The attempt to
communicate with global catalog... failed with the following status:
The RPC server is unavailable.
The operation in progress might be unable to continue. The directory service
will use the locator to try find an available global catalog server for the
next operation that requires one.
The record data is the status code.
The above warning was followed by an error: Unable to establish connection
with global catalog.
Based on the myriad problems listed above I sure could use some guidance
from those that know more than me. I have applied the Blaster patch to the
server because of the RPC references in the Event Viewer logs and regularly
apply patches that MS recommends. Norton Antivirus Corporate Edition ver 7.5
has been installed and maintained for several years. The virus definitions
are current and system scans have not found any Worms or Trojans.
Please reply to the group. Thank you for your help.
Kevin Y
server. Several weeks ago the server was hacked and all the accounts were
disabled in MS Exchange 2000. Even the admin account was disabled. It took
an outside consultant over five hours with a dictionary program to break
back into the server and help me to get it fixed. The hackers installed mIRC
and other software including some script that runs when the server boots. I
cannot find this script and do not know its purpose.
Last Saturday a new problem has developed. When the server boots I get a
screen titled Service Control Manager stating: At least one service or
driver failed during system startup. Use Event Viewer to examine the event
log for details.
After that screen the system seems to hang during the boot process on the
screen saying "Preparing network connections...". This often takes 10-15
minutes before I get the log on screen. This server is our PDC.
Once I have logged on to the server active directory is not present and MS
Exchange also is disabled. The computer cannot see the network. I can ping
the NIC and the router both with no lost packets but network is still
unavailable. When I try to access the active directory I get an error
message stating the "Naming information cannot be located because: The
server is not operational. Contact your system administrator to verify that
your domain is properly configured and is currently online." After this the
Active Directory Snap-In pops up with a red 'x' in the left pane.
From the Event Viewer I get the following errors: System Log: Print-The
PrintQueue Container could not be found because the DNS domain name could
not be retrieved. Warnings Netlogon-Dynamic registration or deregistration
of one or more DNS records failed because no DNS servers are available.
Another critical warning is DCOM Access denied attempting to launch a DCOM
Server. The server {9DA0E106-86CE-11D1-8699-00C04FB98036} The user is
SYSTEM/NT AUTHORITY,SID=S-1-5-18.
Another warning is Service Control Manager The Microsoft Exchange
Information Store service depends on the Microsoft Exchange System Attendant
service which failed to start because of the following error: %%0.
In the Directory Service Log I have a warning from NTDS: The attempt to
communicate with global catalog... failed with the following status:
The RPC server is unavailable.
The operation in progress might be unable to continue. The directory service
will use the locator to try find an available global catalog server for the
next operation that requires one.
The record data is the status code.
The above warning was followed by an error: Unable to establish connection
with global catalog.
Based on the myriad problems listed above I sure could use some guidance
from those that know more than me. I have applied the Blaster patch to the
server because of the RPC references in the Event Viewer logs and regularly
apply patches that MS recommends. Norton Antivirus Corporate Edition ver 7.5
has been installed and maintained for several years. The virus definitions
are current and system scans have not found any Worms or Trojans.
Please reply to the group. Thank you for your help.
Kevin Y