winlog.exe is bad, bad, very bad!
Have a 2000 Server that all of a sudden stopped allowing users to print. I could test page from the server and all seemed well, went to workstation and tried to browse network, and said Domain is not available, The server is not configured for transactions.
Ouch!
Event Log shows 1411 NTDS SPN failures, 1655 NTDS global catalog failures, and Netlogon DNS failures.
GPO's got all messed up and disabled registry editing to admin on DC! Enabled by reg entry and as soon as window opens, it closes! Microsoft stated to update Service Packs, but as i tried, opens then closes instantly! Windows update was disabled too! Ran online housecall.antivirus.com scan and came up with nothing!
Used a 3rd party admin tool i have (dameware) to browse registry to current version > run, and found this...
Windows Login - winlog.exe ??what is that??
checked processes and saw winlog running! tried to end it, and it just came right back! Checked services and sure enough - "Windows Login" - c:\winnt\system32\winlog.exe - services !!
disabled service, and stopped, it restarted by itself! So...
killed process and stopped service within 2 seconds of each action and it worked! i could then delete the winlog.exe file from systemroot and delete the service and remove the registry entry. Rebooted, and when came back up, i could run the service pack(i didnt install it all the way tho, so that wasnt a fix fer anything)! i could open regedit! users could print!! i could browse network from workstation!! I still have some event logs to work through, and trace how this got by Trend ServerProtect, but it works!!!
NAI.com - no search results, Trendmicro.com - no search results, annoyances.org - no search results.
tek-tips.com - now theres 1!!
Have a 2000 Server that all of a sudden stopped allowing users to print. I could test page from the server and all seemed well, went to workstation and tried to browse network, and said Domain is not available, The server is not configured for transactions.
Ouch!
Event Log shows 1411 NTDS SPN failures, 1655 NTDS global catalog failures, and Netlogon DNS failures.
GPO's got all messed up and disabled registry editing to admin on DC! Enabled by reg entry and as soon as window opens, it closes! Microsoft stated to update Service Packs, but as i tried, opens then closes instantly! Windows update was disabled too! Ran online housecall.antivirus.com scan and came up with nothing!
Used a 3rd party admin tool i have (dameware) to browse registry to current version > run, and found this...
Windows Login - winlog.exe ??what is that??
checked processes and saw winlog running! tried to end it, and it just came right back! Checked services and sure enough - "Windows Login" - c:\winnt\system32\winlog.exe - services !!
disabled service, and stopped, it restarted by itself! So...
killed process and stopped service within 2 seconds of each action and it worked! i could then delete the winlog.exe file from systemroot and delete the service and remove the registry entry. Rebooted, and when came back up, i could run the service pack(i didnt install it all the way tho, so that wasnt a fix fer anything)! i could open regedit! users could print!! i could browse network from workstation!! I still have some event logs to work through, and trace how this got by Trend ServerProtect, but it works!!!
NAI.com - no search results, Trendmicro.com - no search results, annoyances.org - no search results.
tek-tips.com - now theres 1!!