Jump to content

touchstone_81

Member
  • Posts

    50
  • Joined

  • Last visited

  • Donations

    0.00 USD 
  • Country

    India

About touchstone_81

  • Birthday 07/18/1981

Contact Methods

  • Website URL
    http://

touchstone_81's Achievements

0

Reputation

  1. yeah i suppose that could happen to people but in m case the exchange is in a seperate domain seperate subnet so we can safely rule that out.Its just that i am finding it difficult to identify whats calling this "svchost - network service" . i mean something i sobviously telling it to go out on the network and do something just cannot figure out what.
  2. For the last couple of weeks my domain account is constantly getting locked out. I used eventcombe and found the source to be a standalone server not part of the domain. after looking at the security event logs on source server " serverA" i found numerous "552 event ID's" these messages suggest process with PID 712 is making several connections to all member servers in the domain. 712 in taskmgr corresponds to "svchost /Network Service" with remote procedure call as its sole child process i have tried numerous things to figure out what is calling this process but no luck so far.Recreated my profile unmapped all network drives checked scheduled tasks, scripts etc. This is really driving me nuts so if somebody can help me out with this i would be eternally gratefull! Event Type: Success Audit Event Source: Security Event Category: Logon/Logoff Event ID: 552 Date: 1/20/2010 Time: 6:04:33 AM User: NT AUTHORITY\SYSTEM Computer: ServerA Description: Logon attempt using explicit credentials: Logged on user: User Name: ServerA$ Domain: WORKGROUP Logon ID: (0x0,0x3E7) Logon GUID: - User whose credentials were used: Target User Name: "my username" Target Domain: "Domain Name" Target Logon GUID: - Target Server Name: Member Server Target Server Info: Member server Caller Process ID: 712 Source Network Address: - Source Port: -
  3. It does but i didnt see any disk errors. These are Dell poweredge 2950 servers.
  4. Recently we had this server that started logging Event ID 55 :" file system corrupt/unusable.please run chkdsk on volume *" well we did run chkdsk and it came back and said corrections were made but only after a day the errors came back. Contacted Dell and they typically suggested that we upgrade the firmware of RAID scsi and whatnot.Since there was nothing else to try we agreed to this but then i noticed that 3 other servers were logging the same event.This led me to belive that it isn't actually a filesystem problem but some process thats setting the corrupt flag. Any thoughts on how to go about this would be appreciated.
  5. Due to shortage of time we have decided not to use any 3rd party software in our DR test.But now the problem is that we are using 64bit win2003 R2 and this is not supported by the dumpcfg.exe (used to change the disk signatures) tool. Read somewhere that the registry can be modified to point to new disk signature .If Cluberti or someone knows which keys to change i would be grateful.
  6. Hi Cluberti thanks for the reply. There are 2 clusters each with 2 nodes and it is in active/active mode because thats a client requirement.The applications are SAP management apps supported on an Oracle database which are administered by the client.
  7. Hi all, As you know in most environments, clusters operate in an active/passive mode – the passive server providing hardware redundancy. In a DR situation, generally only one of the two servers are restored. However, since we operate in active/active mode, required to support the work load, both servers must be recovered. Restoring to unlike hardware (Dell to HP) presents some additional challenges. The recommended approach is to build the systems from scratch. However, based on comments during our weekly meeting that installing the application from scratch would take days, and so is not feasible. Currently we are looking at a software known as Double-Take which is mighty expensive and not sure if this would overcome the disk signature problem. If anybody has any ideas or has been in a similar situation please share your ideas. Thanks in advance.
  8. The problem that you have is related to one client, the server itself or all clients in the domain? you said you could ping the IP address. so if you type the ip into the browser instead of name can you get to the URL? Plus what about host files have you checked them for static entries.? you could also add Internet domain mapping to iP in the host file of a client and see if that works. If your dns server supports insecure dynamic updates from clients try the name from a system thats in workgroup.
  9. hey thats great cluberti.Thank you for sharing your views;and no although netapps support was very helpful their efforts were pretty much centered around proving that DNS was the culprit, and what's more some of our own people were convinced that it was indeed dns.this made it all the more frustrating. Anyways i had told netapps to put the issue on hold so will go back to them with the new findings thanks to you and see what they say about that.
  10. Try changing the file association in explorer tools --> Folder options--> file types
  11. Hi Cluberti find the link for the trace below.The info you asked has been enclosed. http://www.2shared.com/file/3380022/70dc1f...work_trace.html Please do look at it when you get the time and lend your thoughts on the same.
  12. Hi Cluberti i captured two sets of trace's. each set included,one with IP and another with name. The second set was captured in a new logon session. I have never used wireshark before so maybe i am not looking for the correct info.But here is what i did: in wireshark there is an option "analyze" under that went to expert info and there i could see that: 1. when accessed using IP There were no connections to the DC from the client 2. when accessed using name there was a connection to the DC from the client. Not sure if that is significant though. There was mention of NTLM in both.Apart from that couldnt notice much difference. Hey Cluberti do you think you have the time to look at the trace?
  13. Great let me get the trace. & Thanks for the quick response.
  14. Hi been having an issue thats driving me crazy.hopefully i am addressing this in the right forum. Problem: Share access to a netapp storage box is fast when accessed by name i.e., \\netapps but takes a long time when accessed by ip i.e., \\10.*.*.* Netapps OS: Unix Windows DC OS: win2003 DNS: active directory integrated. Netapps support say the issue is with windows DNS, which i cannot agree because the name is being resolved and the host records are properly set up, verified this with nslookup. If i am not mistaken when i use \\ip dns should not come into the picture right? Also when the share is accessed by \\ip it opens up after like 20 seconds,and clicking on a share gives a system busy cursor symbol after which it eventually does open the share. This does not happen when share is accessed by name. This is seen to be happening across all clients in our domain. Somebody please help.
  15. hi the link that i gave you covers all your questions.just need to have the patience to read through the mammoth but very comprehensive document.
×
×
  • Create New...