On June 1st 2009 I got a call from a customer that their server was not accessable. I had them reboot the 2003 server and thats when all the problems started hapening. Once the server was restarted the customer was unable to log in under administrator getting the "not enough server storage is available to process this command" I imediatly thought that this was due to the server running out of storage space. I ended up going over to the customer site and troubleshooted the problem. First I checked storage space by login in with safe mode. There was plenty of space left. Eventually the problem ended up being a nasty new malware/trojan that mcafee picked up off of the jump drive I had connected to the server to transfer removal utilties and rootkit scanners. Aparently this bug will use the jump drives to transfer itself. Luckily my mcafee caught it under the name of Artemis!B6BB2CC73101.
degcs.exe was found to be the culprit problem by running "netstat -b" in the command line. It showed degcs.exe running multiple connections to many private ip addresses out in the world. it was also causing excessive network traffic and was tying up the internet connection. Norton was installed on the server but not suprising it did not detect the variant, I used ultimate boot cd and the registry editor to remove the troubled program. After the server was back online or at least I thought, it still was broke to the network. no one could access the server. they were getting
"The user has not been granted the requested logon.."
I am not sure if the virus caused this problem but it appears that somthing at the same time of the infection (either the infection or a improper shutdown) had removed an important Domain Policy that prevented any PC from accessing the file shares of the server. So I figured that putting bag the domain policy or restoring the users/groups that should have access to the policy would be a sinch, nope it was PITA. after hours of research I ended up finnaly getting the problem resolved.
First make sure you have gpmc.msc (type it in the command prompt) THis is for 2003 servers, if you dont have it you can download it from microsofts (google it)
Once you have the GPMC.msc then go and change the order of your adapter binding in the Network Connections Screen. From there go to advanced > advanced settings > adapters and bindings > and connections. Just move one of the adapters up (you may have to change this back later) For some reason this seams to fix the log on security that was preventing any changes to the Group Policy. Until I did this I was unable to make any changes to the Group Policy. I kept on getting errors on that I did not have access to make the changes (alt hoe I was signed in under administrator) I also ended up resetting the group policy all together (refer to dcgpofix) make sure to read up on it because it can have serious effects on your domain especially if its part of a large corporation consisting of domain controllers. Since this server was the only domain controller I was confident that it would be OK.
Once the Domain policy was successfully reset (would only work after changing adapter priority - odd) then Clients were able to access the file shares to the server. I also had to reset the password policy since the customer originally had the complex password policy off.
Hope this helps someone out there
Drop me a comment if you have problems
Chris Rees
Tuesday, June 2, 2009
Thursday, January 8, 2009
Welcome to our blog now online!
So why a blog for five9's Communications? Well we might as well be part of technology instead of behind it. Besides its what we do, provide today's technology for our customers.
So who are we and what do we do?
Five9's was founded by 5 individuals: John Baxter (Cabling Engineer) Robert Hawley (PBX Sales Engineer) Bryan Hepler (Sales & Marketing), Jon Forsberg (Operations & PBX Tech) and Brady Young (Operations & PBX Tech)
Today we employ over 20 employees and provide Phone system, Cabling and IT solutions across the Utah Wasatch Front.
Our phone solutions and products are centered on NEC Univerge Platform. NEC provides a wide selection of phone solutions for small business to large commercial installations. From Phones to Voicemail and Unified Communications we provide it all.
Our cabling services provide certified fiber, data, and telephone wiring We also install racking, cable trays, UPS systems, and cooling solutions.
Last but not least we now provide IT solutions for business and help in designing and installing and supporting networks. From servers to routers and PCs we can help your business succeed.
Give us a call anytime if you have any questions or are looking for solutions to your business.
Chris Rees
five9's Communications, Inc.
801-334-5959
So who are we and what do we do?
Five9's was founded by 5 individuals: John Baxter (Cabling Engineer) Robert Hawley (PBX Sales Engineer) Bryan Hepler (Sales & Marketing), Jon Forsberg (Operations & PBX Tech) and Brady Young (Operations & PBX Tech)
Today we employ over 20 employees and provide Phone system, Cabling and IT solutions across the Utah Wasatch Front.
Our phone solutions and products are centered on NEC Univerge Platform. NEC provides a wide selection of phone solutions for small business to large commercial installations. From Phones to Voicemail and Unified Communications we provide it all.
Our cabling services provide certified fiber, data, and telephone wiring We also install racking, cable trays, UPS systems, and cooling solutions.
Last but not least we now provide IT solutions for business and help in designing and installing and supporting networks. From servers to routers and PCs we can help your business succeed.
Give us a call anytime if you have any questions or are looking for solutions to your business.
Chris Rees
five9's Communications, Inc.
801-334-5959
Subscribe to:
Posts (Atom)
Posts
