F
frank shweki
Hello,
We have win2000 Advanced Server. It has active directory installed and
Microsoft Exchange server and IIS installed. Everything was running fine
until yesterday when users (later in the afternoon) where not able to logon
to the domain. I restarted the server thinking that some service was shut
down or so. I opened the Event Viewer but it immideately closed. I tried to
open DNS server, Active directory, IIS etc. but always the window shows up
for one second and closes. I even could open the registery or the Task
Manager. I ran antivirus on the server and it came out clean. Then I
initiated a scandisk on the disk and it didn't find any bad sectors. It just
reported liberating 41 unused indexes in index $SII and $SDH.
I then looked into the IIS log file I did not find anythng suspicious.
(There are no web pages, just under construction page). IIS is though needed
for the corporate antivirus program.
I rebooted the server into save mode, where at this time I can open Event
viewer and registry (and others). I checked at the Run key in the registry
and it is fine. I checked the Event viewer and I can see a lot of errors
that originate from the Exchange server (POP3SRV, etc.) But I don't know
where to look for to find what happend. All error messages are dated to post
rebooting done last night and today.
I am good at installing and configuring the server but have little knowledge
on finding out if a hacker got into the machine or if some serious problem
would occure (like this one).
Can you please tell me what should I be looking for? What component
must/must not be running first. Thank you for your guidance.
Regards,
Frank
We have win2000 Advanced Server. It has active directory installed and
Microsoft Exchange server and IIS installed. Everything was running fine
until yesterday when users (later in the afternoon) where not able to logon
to the domain. I restarted the server thinking that some service was shut
down or so. I opened the Event Viewer but it immideately closed. I tried to
open DNS server, Active directory, IIS etc. but always the window shows up
for one second and closes. I even could open the registery or the Task
Manager. I ran antivirus on the server and it came out clean. Then I
initiated a scandisk on the disk and it didn't find any bad sectors. It just
reported liberating 41 unused indexes in index $SII and $SDH.
I then looked into the IIS log file I did not find anythng suspicious.
(There are no web pages, just under construction page). IIS is though needed
for the corporate antivirus program.
I rebooted the server into save mode, where at this time I can open Event
viewer and registry (and others). I checked at the Run key in the registry
and it is fine. I checked the Event viewer and I can see a lot of errors
that originate from the Exchange server (POP3SRV, etc.) But I don't know
where to look for to find what happend. All error messages are dated to post
rebooting done last night and today.
I am good at installing and configuring the server but have little knowledge
on finding out if a hacker got into the machine or if some serious problem
would occure (like this one).
Can you please tell me what should I be looking for? What component
must/must not be running first. Thank you for your guidance.
Regards,
Frank