Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Pool deactivated - Was I hacked? 2

Status
Not open for further replies.
cbarrol

cbarrol

IS-IT--Management
Sep 4, 2001
105
US
Hello,

I came in this morning to a hung 6.0 Netware Server. The message on the clients read:
"Message from SERVER:
NSS-3.00-5001: Pool SERVER/VOL1 is being deactivated."

The only thing I could do to reconnect was restart the server. I never saw this error before and dont have any idea on what could cause a pool to deactivate, let alone in the middle of the night when no one was even here! Also, I dont even use Vol1! I keep all my data on another partition!

I think I have a pretty secure firewall and have never been compromised from the outside but cannot help thinking that I might have been hacked...what else would cause an error like this?

Thanks,
Craig Barroll
 
Sort by date Sort by votes
Was there any similar errors on the server console that would indicate further issues? Although the clients will get the broadcast, the server console might give more information on why or what time tjis occurred. If you have console logging setup, check the CONSOLE.OLD file and post back any additional information

-----------------------------------------------------
"It's true, its damn true!"
-----------------------------------------------------
 
Upvote 0 Downvote
Thanks for the quick response...
I checked the config file and it looks like CONLOG.NLM is loaded, but searched the volume and I cant find any file called CONSOLE.OLD. I did find a CONSOLE text file in the ETC directory but it only has the info since the reboot. Must not be archiving the old files.
 
Upvote 0 Downvote
A disk failure could cause the pool to deactivate. When you restart the server, it forced the hardware to reset so it came back up. But it could easily happen again. In fact, if it happens once, it will most likely happen again.

I'd say the likelyhoood that you have been hacked is pretty slim, although I dont' know your configuration so it's hard to say. Someone would have had to gain physical access to the console or to the web remote interface (the web requires a valid administrative login).

Marvin Huffaker, MCNE
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

VicM
  • Question
Win7 backup on Win11 Pro box not completing as it had in the past
Replies
2
Views
435
VicM
VicM
J
  • Question
laptop battery issue
Replies
3
Views
382
laptopfixingnearme
L
Steev43230
  • Locked
  • Question
What is a Pool
Replies
1
Views
83
goombawaho
goombawaho
sodax
  • Locked
  • Question
Pass-trhough authentification checked - The network connection to your application was interrupted
Replies
0
Views
84
sodax
sodax
fbizzell
  • Locked
  • Question
thread75-1123232 I need a copy of 1
Replies
4
Views
100
goombawaho
goombawaho

Part and Inventory Search

Sponsor

Back
Top