Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

HELP!! I think I've been hacked! Server down!!!

Status
Not open for further replies.
SelbyGlenn

SelbyGlenn

Technical User
Oct 7, 2002
444
0
0
GB
hi there,

running Exchange 2000 on Win2k Server (sp4)
event logs full of ID 2104
RPC service has failed.
Net command is not recognised! (cannot start/stop services)
No internal or external email!
1000 users on my back!
AAGGHHHHH!!!!!

Any ideas??

Thanks in advance....

Glenn
BEng MCSE CCA
 
Sort by date Sort by votes
What have you done to start troubleshooting this so far Glenn? Have there been any changes made recently? I take it you've rebooted
 
Upvote 0 Downvote
I've rebooted but it still failed. It says the RPC service is not responding yet the service says its started in the services applet. I've restarted the service and it looks like it restarts fine but the problem persists. I've looked up the event log error and it mentions the PDC not being available. All DC's are running fine. all other servers are ok. I might have to consider rebuilding soon if I can't get any where....

Glenn
BEng MCSE CCA
 
Upvote 0 Downvote
Ok, so you've tried restarting the rpc service using net start rpcss. That doesn't seem to help, right? I take it you can't ping a fqdn from the exch box, what about pinging an ip address from the exch box? You've probably already checked the physical side eg, dodgy nic etc.
The other possibility is that its a virus
 
Upvote 0 Downvote
Pinging is fine. I can even terminal server to it! I can run computer management from my PC and attach to the server too. It's all very strange. Sohpos is running on the server and I have just finised scanning it and all is clear....

Glenn
BEng MCSE CCA
 
Upvote 0 Downvote
We had a problem caused by sophos AV mailmonitor. in our case users could open outlook but couldnt actually open the emails. Outlook would freeze. We had to actually uninstall Sophos, just stopping the services didnt help. Once this was done all returned to normal. Might be worth a try, although symptoms are different. (Usual warnings about backing everything up etc.)
 
Upvote 0 Downvote
it's worth a try. I will remove Sophos....

Glenn
BEng MCSE CCA
 
Upvote 0 Downvote
Make sure your antivirus softwre didn't delete or quaretine the exchange log files
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Satishkumar007
  • Locked
  • Question
Help needed to recover after complete site failure
Replies
0
Views
557
Satishkumar007
Satishkumar007
PatrickRoggers
  • Locked
  • Helpful tip
Safest Way to Import PST file into Exchange Online
Replies
0
Views
587
PatrickRoggers
PatrickRoggers
Edu001
  • Locked
  • Question
Exchange 2016 Installing a simple Second server
Replies
6
Views
585
Edu001
Edu001
microsGuy16
  • Locked
  • Question
Global Address List Names not showing in Outlook OWA 365
Replies
0
Views
666
microsGuy16
microsGuy16
Brent Fletcher
  • Locked
  • Question
Exchange rule to remove "✉" icon when it appears in a subject title from a supplier
Replies
0
Views
589
Brent Fletcher
Brent Fletcher

Part and Inventory Search

Sponsor

Back
Top