Domain Password 2

[XofCDe3rd]

Hello All

I encountered a real brain twister today and I was wondering if anyone can help

I was called to look at an SBS2003 box which was running slower than usual. Now I was able to logon to the box normally using the administrator password.

Things I have encountered:
1) the machine gradually slows down before it totally halts
2) removing the network connection allowed it to function a little longer before again slowing down until a reboot is inevitable

Now the most puzzleing thing. After collecting information from event viewer, antivirus logs(no system changes were made to the system in any way) a restart rendered the administrator password useless. In other words I am now unable to log on the the SBS domain

Any Ideas to help

Thanks in Advance

 

[markdmac]

Sounds like virus activity. I recently encountered 2 viruses that disabled the NICs. One virus I could remove, the other only Trend Micro even reported finding, but could not remove. In the end I had to reformat the drive and reinstall.

Not sure if this is your problem or not but I would try useing the Trend micro Housecall free AV scan.

Try remoting in to the server with RDP to attempt to get access.

I hope you find this post helpful.

Regards,

Mark

Check out my scripting solutions at

http://www.thespidersparlor.com/vbscript

Work SMARTER not HARDER. The Spider's Parlor's Admin Script Pack is a collection of Administrative scripts designed to make IT Administration easier! Save time, get more work done, get the Admin Script Pack.

 

[ShackDaddy]

I bet that it wasn't a password failure, but the failure of the behind-the-scenes services that handle authentication. Maybe the Netlogon service couldn't start for some reason.

Does sound like a virus or perhaps a drive that's reached capacity, in conjunction with perhaps a hacked-together ftp server that someone on the outside managed to install. It needs a close security scan.

ShackDaddy
Shackelford Consulting

 

[XofCDe3rd]

Thank you all for that

Mark & ShackDaddy:
I did use tendmicro's online scan for this server a couple of and it did clean out a couple of the viruses but some just did not want to budge .

I will star you both for backing my original diagnosis about the server.

I have setup a temporary box and migrated just the data. But I will let you know that I think it was a disaster waiting to happen as it did not hav proper backup mechanisms, do I had to start from scratch.

Xof

 

[markdmac]

If you have a safe copy of your data (and assuming you got the same virus my client got) then I would advise YES to a full format and rebuild.

In the case of my customer, their system got infected with a virus that Trend could detect but not clean. Symantec did not even detect the virus.

Make sure when you setup the server again that you have proper AV installed and running before you restore any data.

I hope you find this post helpful.

Regards,

Mark

Check out my scripting solutions at

http://www.thespidersparlor.com/vbscript

Work SMARTER not HARDER. The Spider's Parlor's Admin Script Pack is a collection of Administrative scripts designed to make IT Administration easier! Save time, get more work done, get the Admin Script Pack.