Re: Write-cache on RAID controller

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: Marcia (Marcia_at_hotmail.com)
Date: 11/23/04 

Date: Tue, 23 Nov 2004 14:33:16 -0500

Thanks so much for replying. I've also made comments within.

Marcia

"Dave Nickason [SBS MVP]" <gwdibble@NOSPAM.frontiernet.net> wrote in message
news:em$x3QY0EHA.2228@TK2MSFTNGP15.phx.gbl...
> See inline:
>
> > fun. I came in this morning and a trouble light is on my EN-8721 Hot
> > Swappable Drive module indicating there was a power status/voltage
error.
> > I
> > need to research this some.
>
> I'd to that first, since if there's a hardware issue it may result in data
> loss. I'd immediately back up all your data to be on the safe side.
>
> >
> > The following errors/infomrational warnings now appear in the event log:
> >
> > Source: WBLOGSVC ID: 2004 "...The local computer may not have
the
> > necessary registry information or message
> > DLL
files...."
> > MSExchangeIS 9548 "...MSSupport does not have a
> > master account SID....."
>
> Why do you have an account called "MSSupport" - I can't see where this is
a
> built-in account, so if it's something you've created and you're not using
> it, please disable the account in AD. I wouldn't delete it while you're
> troubleshooting, though.
>

I created an account called MSSupport a couple of months ago when I did a
support call. Yes, I'll disable that.

> > Userenv 1516 "Windows unloaded user
> > S-....._Classes registry when it received a notification that no
> > other
> > applications or services were using the profile."
>
>

OK...this is the \hkey_current_user\software\microsoft\protected storage
system provider\the key mentioned from the registry. I assume this could
explain why backups haven't been working. Correct?

> > LSASRV 40961 "The Security System could
> > not establish a secured connection with the server
> >
> > ldap/mysbsserver.modomain.local/mydomain.local@mydomain.local. No
> >
authentication
> > protocol was available."
> > LSASRV 40960 "The Security System
> > detected
> > an authentication error for the server
> >
> > ldap/myserver.mydomain.local/mydomain.local@mydomain.local. The failure
> > code
> > from
> > authentication protocol Kerberos was "The attempted logon is invalid.
> > This
> > is
> > either due
to
> > a
> > bad username or authentication information. (xc000006d)".
>
> Search support.microsoft.com for 40960 and 40961 - there are a couple of
KB
> articles that reference both. Do either of them apply?
>

No, they don't apply in that this box has never been promo/dpromod.
> >
> > Ironically, but troubling, we had a security failure logged at 3:21am
> > under
> > the Security section in Event log.
> >
> > Major questions: How do I know if any of these issues are related to
each
> > other? How do I figure out the cause of the user not being able to
> > connect
> > to their "Z" drive? Is it a coincidence that someone tried to hack in
at
> > 3:21 and we now have server issues? Asside from reinstalling the server
> > from scratch, how do I know if the hacker (assuming that's what it was)
> > left
> > any backdoors?
>
> What's the specific security error? Do you have ISA or another strong
> firewall in place? These can be anything from an intrusion or intrusion
> attempt, all the way down to something completely benign.
>
The error is Security, 577. I did find this link, which would be applicable
except it only references Windows 2000 Server--I'm on SBS2003.
http://support.microsoft.com/default.aspx?scid=kb;en-us;811196

I do have ISA in place. the only ports open on the router is vpn, 3389, 25,
80, 443, and ftp. I'm beginning to think this is benign, other than I
enabled the WMI reporting to help troubleshoot some SMS issues on my member
server. Is it safe to assume it is benign?

> For the Z drive issue, I would look at each user's configuration to see
> what's different between those that work and those that don't. Verify the
> folder permissions against those in
> http://support.microsoft.com/default.aspx?scid=kb;en-us;294667. Any
errors
> logged on the user's machine when it doesn't work?
>
> >
>
>

I'm going to look at his errors now. Enlight tells me that since the light
is back on solid, not to worry about the hardware. Sounds hokey to me, but
it hasn't blinked errors. I'm going to reboot the server during the staff
meeting in 30 minutes just to be safe.

Relevant Pages

  • Re: write with cURL
    ... you can stop making excuses. ... Part of Jerrys' security is not letting you on his server... ... up an account for you, process the billing, etc. ...
    (alt.php)
  • Re: write with cURL
    ... you can stop making excuses. ... up an account for you, process the billing, etc. ... possible features from a web site to make up for the security issues. ... Nothing you have told me shows me you know how to lock down a server ...
    (alt.php)
  • Re: write with cURL
    ... It takes time to set up an account for you, process the billing, etc. ... Sorry, my servers are secure. ... Nothing you have told me shows me you know how to lock down a server so that it is secure - other than to use the server's file security. ...
    (alt.php)
  • Re: having problems creating packages - access denied..
    ... I've given a global group (which contains all of the site server computer ... full share permission and also full local security permission. ... SMS uses the site server computer account to connect to ...
    (microsoft.public.sms.admin)
  • Re: Anonymous Account not working
    ... I don't see any security log entries. ... I think the problem may be with the local account. ... built the server there was another server that was named WEB02, ... renamed this server (so that the iusr and iwam accounts would be ...
    (microsoft.public.inetserver.iis.security)