M
Martin
One of our clients has a Win2k DC. It is an IBM x345 running SP4 with
all subsequent updates installed. It is running AD, DNS, IIS, Terminal
Services (Admin only), NAV Corporate Ed. Client and not much else.
It also functions as the file server and holds pretty much all of the
user's data.
This problem first surfaced a few weeks ago when they found that their
'98 and NT4 workstations couldn't log in, and their 2k workstations
couldn't access their shares. After an hour or so of digging around, I
discovered that neither the IPC$ or NETLOGON shares were there. I
recreated the shares and voila, the whole network came to life again.
At the time, I assumed this was a result of a malicious user as I had
recently discovered many hundreds of intrusion attempts from outside
the network.
After running a windowsupdate on the server before leaving the
premesis, I rebooted the server only to discover that the IPC$ and
NETLOGON shares were missing AGAIN.
I created a batch file to re-share them and placed it in the startup
programs group (as on-site admin always logs straight in when he does
a server reboot).
Over the last week, the server has started unsharing IPC$ and NETLOGON
without a reboot, and whats more, there doesn't appear to be any rhyme
or reason to it. I've more or less ruled out foul play as it has been
happening overnight and they've been disconnecting from the internet
every night since the hack attempts were discovered.
I'm at the end of my wits with this one!.. Any thoughts?
all subsequent updates installed. It is running AD, DNS, IIS, Terminal
Services (Admin only), NAV Corporate Ed. Client and not much else.
It also functions as the file server and holds pretty much all of the
user's data.
This problem first surfaced a few weeks ago when they found that their
'98 and NT4 workstations couldn't log in, and their 2k workstations
couldn't access their shares. After an hour or so of digging around, I
discovered that neither the IPC$ or NETLOGON shares were there. I
recreated the shares and voila, the whole network came to life again.
At the time, I assumed this was a result of a malicious user as I had
recently discovered many hundreds of intrusion attempts from outside
the network.
After running a windowsupdate on the server before leaving the
premesis, I rebooted the server only to discover that the IPC$ and
NETLOGON shares were missing AGAIN.
I created a batch file to re-share them and placed it in the startup
programs group (as on-site admin always logs straight in when he does
a server reboot).
Over the last week, the server has started unsharing IPC$ and NETLOGON
without a reboot, and whats more, there doesn't appear to be any rhyme
or reason to it. I've more or less ruled out foul play as it has been
happening overnight and they've been disconnecting from the internet
every night since the hack attempts were discovered.
I'm at the end of my wits with this one!.. Any thoughts?