Windows server 2008 R2 freezes
in [Windows Servers]
|
From: Meinolf Weber [MVP-DS] on 16 Jan 2010 11:20 Hello Vijay, But this can also be used during logon, see "Logon Type 8 - NetworkCleartext" in: http://www.windowsecurity.com/articles/Logon-Types.html If you think this is a Virus/Malware then you should clena your machine first before doing anything else. Best option in my opinion is to install the OS new, as you are saying it is for testing start fresh. Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights. ** Please do NOT email, only reply to Newsgroups ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm > Hi, > My drivers are up to date and Device manager doesn't report anything. > Actually at 11.00 pm the backup was started. > I found the message that "The Block Level Backup Engine service has > successfully started". > But I didn't find any message in Windows server backup log of > successful > backup. > I'm new to windows server and I'm using it in my PC for learning > purpose. I've been facing some problem such as my internet connection > has been blocked a week before and I did a bare metal recovery to > restore my connection. Sometimes connection won't work for some > minutes and after that it works fine. > > Sometimes when I request a website in the browser, first time it fails > and > for the next time the page appears. > In server manager the server summary also not displaying its contents. > I'm experiencing the above problems for more than 3 months and after > several clean installations(works fine for some days and the same > problem pops again). > > Is anyone trying to hack my system. > > I also found some events that occurs at 11 pm and I've noticed "Logon > Process: Advapi" which is a virus. > ////////////////////////////////////////////////////////////////////// > /////////////// > Special privileges assigned to new logon. > Subject: > Security ID: SYSTEM > Account Name: SYSTEM > Account Domain: NT AUTHORITY > Logon ID: 0x3e7 > Privileges: SeAssignPrimaryTokenPrivilege > SeTcbPrivilege > SeSecurityPrivilege > SeTakeOwnershipPrivilege > SeLoadDriverPrivilege > SeBackupPrivilege > SeRestorePrivilege > SeDebugPrivilege > SeAuditPrivilege > SeSystemEnvironmentPrivilege > SeImpersonatePrivilege > ///////////////////////////////////////////////////////////////////// > An account was successfully logged on. > Subject: > Security ID: SYSTEM > Account Name: MyserverName$ > Account Domain: myWorkgroup > Logon ID: 0x3e7 > Logon Type: 5 > New Logon: > Security ID: SYSTEM > Account Name: SYSTEM > Account Domain: NT AUTHORITY > Logon ID: 0x3e7 > Logon GUID: {00000000-0000-0000-0000-000000000000} > Process Information: > Process ID: 0x260 > Process Name: C:\Windows\System32\services.exe > Network Information: > Workstation Name: Source > Network Address: - > Source Port: - > Detailed Authentication Information: > Logon Process: Advapi (I've found this page when I googled: > http://www.auditmypc.com/process/advapi.asp) > Authentication Package: Negotiate > Transited Services: - > Package Name (NTLM only): - > Key Length: 0 > ////////////////////////////////////////////////////////////////////// > ////////////////// > ////////////////////////////////////////////////////////////////////// > //////////////////// > Special privileges assigned to new logon. > Subject: > Security ID: SYSTEM > Account Name: SYSTEM > Account Domain: NT AUTHORITY > Logon ID: 0x3e7 > Privileges: SeAssignPrimaryTokenPrivilege > SeTcbPrivilege > SeSecurityPrivilege > SeTakeOwnershipPrivilege > SeLoadDriverPrivilege > SeBackupPrivilege > SeRestorePrivilege > SeDebugPrivilege > SeAuditPrivilege > SeSystemEnvironmentPrivilege > SeImpersonatePrivilege > ////////////////////////////////////////////////////////////////////// > ////////////////////////// > An account was successfully logged on. > Subject: > Security ID: SYSTEM > Account Name: MyServername$ > Account Domain: MyWORKGROUP > Logon ID: 0x3e7 > Logon Type: 5 > New Logon: > Security ID: SYSTEM > Account Name: SYSTEM > Account Domain: NT AUTHORITY > Logon ID: 0x3e7 > Logon GUID: {00000000-0000-0000-0000-000000000000} > Process Information: > Process ID: 0x260 > Process Name: C:\Windows\System32\services.exe > Network Information: > Workstation Name: Source > Network Address: - > Source Port: - > Detailed Authentication Information: > Logon Process: Advapi > Authentication Package: Negotiate > Transited Services: - > Package Name (NTLM only): - > Key Length: 0 > ---------------------------------------------------------------------- > ------------------ "Meinolf Weber [MVP-DS]" wrote in message > news:6cb2911dc63a8cc64da86fd0948(a)msnews.microsoft.com... > >> Hello Vijay, >> >> If the backup couldn't run you should get a message in the event >> viewer but it shouldn't freeze the server. Please answer also the >> questions from my 1st posting. Additional check the event viewer for >> errors and post them here. >> >> For Microsoft support start here: >> https://support.microsoft.com/oas/default.aspx?&gprid=14134&&st=1 >> Best regards >> >> Meinolf Weber >> Disclaimer: This posting is provided "AS IS" with no warranties, and >> confers no rights. >> ** Please do NOT email, only reply to Newsgroups >> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm >>> Thanks Weber for your reply. >>> I've scheduled a backup that runs at 11 pm everyday. But there is no >>> space >>> in the specified HDD yesterday. Will it cause problem. >>> I've noticed the system clock stopped at 11.01 pm yesterday. 2 weeks >>> before the system freeze at the same time when I was writing an >>> online >>> exam which I had scheduled at 11 pm. >>> Does the Scheduled backup would cause the problem. >>> >>> If so how can I report this problem to Microsoft. >>> >>> Details about the HDD >>> 40 GB PATA. >>> "Meinolf Weber [MVP-DS]" <meiweb@(nospam)gmx.de> wrote in message >>> news:6cb2911dc6348cc64cbdaf83aba(a)msnews.microsoft.com... >>>> Hello Vijay, >>>> >>>> Did you make sure in the device manager that all devices are >>>> correct installed? Do you use all correct drivers from the hardware >>>> vendors website for the machine? >>>> >>>> Best regards >>>> >>>> Meinolf Weber >>>> Disclaimer: This posting is provided "AS IS" with no warranties, >>>> and >>>> confers no rights. >>>> ** Please do NOT email, only reply to Newsgroups >>>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm >>>>> Hi, >>>>> I'm using windows server 2008 R2. Sometimes my system freezes and >>>>> note >>>>> even >>>>> ctrl+alt+del is working.. everything freezes. My system is running >>>>> on >>>>> intel core 2 duo with 2 gb DDR2 RAM >>>>> 160 gb harddisk. >>>>> Is this a hardware problem. If so can anyone tell me what is the >>>>> problem or how to find the problem.
From: Vijay on 16 Jan 2010 13:04 I've been experiencing the same problem after several clean installations. Even my antivirus doesn't detect it. Can you give me some suggestion how to secure my system from virus and other type of attack. Can you suggest some good antivirus(beta version or freeware, I can't buy an enterprise antivirus for my PC). Currently I'm using McAffee antivirus Virus scan enterprise 8.7.0i. "Meinolf Weber [MVP-DS]" <meiweb@(nospam)gmx.de> wrote in message news:6cb2911dc6438cc64e75efc69c9(a)msnews.microsoft.com... > Hello Vijay, > > But this can also be used during logon, see "Logon Type 8 - > NetworkCleartext" in: > http://www.windowsecurity.com/articles/Logon-Types.html > > If you think this is a Virus/Malware then you should clena your machine > first before doing anything else. Best option in my opinion is to install > the OS new, as you are saying it is for testing start fresh. > > Best regards > > Meinolf Weber > Disclaimer: This posting is provided "AS IS" with no warranties, and > confers no rights. > ** Please do NOT email, only reply to Newsgroups > ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm > >> Hi, >> My drivers are up to date and Device manager doesn't report anything. >> Actually at 11.00 pm the backup was started. >> I found the message that "The Block Level Backup Engine service has >> successfully started". >> But I didn't find any message in Windows server backup log of >> successful >> backup. >> I'm new to windows server and I'm using it in my PC for learning >> purpose. I've been facing some problem such as my internet connection >> has been blocked a week before and I did a bare metal recovery to >> restore my connection. Sometimes connection won't work for some >> minutes and after that it works fine. >> >> Sometimes when I request a website in the browser, first time it fails >> and >> for the next time the page appears. >> In server manager the server summary also not displaying its contents. >> I'm experiencing the above problems for more than 3 months and after >> several clean installations(works fine for some days and the same >> problem pops again). >> >> Is anyone trying to hack my system. >> >> I also found some events that occurs at 11 pm and I've noticed "Logon >> Process: Advapi" which is a virus. >> ////////////////////////////////////////////////////////////////////// >> /////////////// >> Special privileges assigned to new logon. >> Subject: >> Security ID: SYSTEM >> Account Name: SYSTEM >> Account Domain: NT AUTHORITY >> Logon ID: 0x3e7 >> Privileges: SeAssignPrimaryTokenPrivilege >> SeTcbPrivilege >> SeSecurityPrivilege >> SeTakeOwnershipPrivilege >> SeLoadDriverPrivilege >> SeBackupPrivilege >> SeRestorePrivilege >> SeDebugPrivilege >> SeAuditPrivilege >> SeSystemEnvironmentPrivilege >> SeImpersonatePrivilege >> ///////////////////////////////////////////////////////////////////// >> An account was successfully logged on. >> Subject: >> Security ID: SYSTEM >> Account Name: MyserverName$ >> Account Domain: myWorkgroup >> Logon ID: 0x3e7 >> Logon Type: 5 >> New Logon: >> Security ID: SYSTEM >> Account Name: SYSTEM >> Account Domain: NT AUTHORITY >> Logon ID: 0x3e7 >> Logon GUID: {00000000-0000-0000-0000-000000000000} >> Process Information: >> Process ID: 0x260 >> Process Name: C:\Windows\System32\services.exe >> Network Information: >> Workstation Name: Source >> Network Address: - >> Source Port: - >> Detailed Authentication Information: >> Logon Process: Advapi (I've found this page when I googled: >> http://www.auditmypc.com/process/advapi.asp) >> Authentication Package: Negotiate >> Transited Services: - >> Package Name (NTLM only): - >> Key Length: 0 >> ////////////////////////////////////////////////////////////////////// >> ////////////////// >> ////////////////////////////////////////////////////////////////////// >> //////////////////// >> Special privileges assigned to new logon. >> Subject: >> Security ID: SYSTEM >> Account Name: SYSTEM >> Account Domain: NT AUTHORITY >> Logon ID: 0x3e7 >> Privileges: SeAssignPrimaryTokenPrivilege >> SeTcbPrivilege >> SeSecurityPrivilege >> SeTakeOwnershipPrivilege >> SeLoadDriverPrivilege >> SeBackupPrivilege >> SeRestorePrivilege >> SeDebugPrivilege >> SeAuditPrivilege >> SeSystemEnvironmentPrivilege >> SeImpersonatePrivilege >> ////////////////////////////////////////////////////////////////////// >> ////////////////////////// >> An account was successfully logged on. >> Subject: >> Security ID: SYSTEM >> Account Name: MyServername$ >> Account Domain: MyWORKGROUP >> Logon ID: 0x3e7 >> Logon Type: 5 >> New Logon: >> Security ID: SYSTEM >> Account Name: SYSTEM >> Account Domain: NT AUTHORITY >> Logon ID: 0x3e7 >> Logon GUID: {00000000-0000-0000-0000-000000000000} >> Process Information: >> Process ID: 0x260 >> Process Name: C:\Windows\System32\services.exe >> Network Information: >> Workstation Name: Source >> Network Address: - >> Source Port: - >> Detailed Authentication Information: >> Logon Process: Advapi >> Authentication Package: Negotiate >> Transited Services: - >> Package Name (NTLM only): - >> Key Length: 0 >> ---------------------------------------------------------------------- >> ------------------ "Meinolf Weber [MVP-DS]" wrote in message >> news:6cb2911dc63a8cc64da86fd0948(a)msnews.microsoft.com... >> >>> Hello Vijay, >>> >>> If the backup couldn't run you should get a message in the event >>> viewer but it shouldn't freeze the server. Please answer also the >>> questions from my 1st posting. Additional check the event viewer for >>> errors and post them here. >>> >>> For Microsoft support start here: >>> https://support.microsoft.com/oas/default.aspx?&gprid=14134&&st=1 >>> Best regards >>> >>> Meinolf Weber >>> Disclaimer: This posting is provided "AS IS" with no warranties, and >>> confers no rights. >>> ** Please do NOT email, only reply to Newsgroups >>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm >>>> Thanks Weber for your reply. >>>> I've scheduled a backup that runs at 11 pm everyday. But there is no >>>> space >>>> in the specified HDD yesterday. Will it cause problem. >>>> I've noticed the system clock stopped at 11.01 pm yesterday. 2 weeks >>>> before the system freeze at the same time when I was writing an >>>> online >>>> exam which I had scheduled at 11 pm. >>>> Does the Scheduled backup would cause the problem. >>>> >>>> If so how can I report this problem to Microsoft. >>>> >>>> Details about the HDD >>>> 40 GB PATA. >>>> "Meinolf Weber [MVP-DS]" <meiweb@(nospam)gmx.de> wrote in message >>>> news:6cb2911dc6348cc64cbdaf83aba(a)msnews.microsoft.com... >>>>> Hello Vijay, >>>>> >>>>> Did you make sure in the device manager that all devices are >>>>> correct installed? Do you use all correct drivers from the hardware >>>>> vendors website for the machine? >>>>> >>>>> Best regards >>>>> >>>>> Meinolf Weber >>>>> Disclaimer: This posting is provided "AS IS" with no warranties, >>>>> and >>>>> confers no rights. >>>>> ** Please do NOT email, only reply to Newsgroups >>>>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm >>>>>> Hi, >>>>>> I'm using windows server 2008 R2. Sometimes my system freezes and >>>>>> note >>>>>> even >>>>>> ctrl+alt+del is working.. everything freezes. My system is running >>>>>> on >>>>>> intel core 2 duo with 2 gb DDR2 RAM >>>>>> 160 gb harddisk. >>>>>> Is this a hardware problem. If so can anyone tell me what is the >>>>>> problem or how to find the problem. > >
From: Meinolf Weber [MVP-DS] on 16 Jan 2010 13:43 Hello Vijay, As the event id is missing in the part of the log you posted i assume this is Event ID 4672, which is not an error event, just informational. If you use an up to date AV and it found nothing i think you don't have a virus problem. I don't know any free AV for server versions. ON the machine use the builtin firewall and an up to date AV, that should be enough. Don't open emails from unknown senders is important and especially don't use free software where you normally have to pay for. Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights. ** Please do NOT email, only reply to Newsgroups ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm > I've been experiencing the same problem after several clean > installations. > Even my antivirus doesn't detect it. Can you give me some suggestion > how to > secure my system from virus and other type of attack. > Can you suggest some good antivirus(beta version or freeware, I can't > buy an > enterprise antivirus for my PC). Currently I'm using McAffee antivirus > Virus > scan enterprise 8.7.0i. > "Meinolf Weber [MVP-DS]" <meiweb@(nospam)gmx.de> wrote in message > news:6cb2911dc6438cc64e75efc69c9(a)msnews.microsoft.com... > >> Hello Vijay, >> >> But this can also be used during logon, see "Logon Type 8 - >> NetworkCleartext" in: >> http://www.windowsecurity.com/articles/Logon-Types.html >> >> If you think this is a Virus/Malware then you should clena your >> machine first before doing anything else. Best option in my opinion >> is to install the OS new, as you are saying it is for testing start >> fresh. >> >> Best regards >> >> Meinolf Weber >> Disclaimer: This posting is provided "AS IS" with no warranties, and >> confers no rights. >> ** Please do NOT email, only reply to Newsgroups >> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm >>> Hi, >>> My drivers are up to date and Device manager doesn't report >>> anything. >>> Actually at 11.00 pm the backup was started. >>> I found the message that "The Block Level Backup Engine service has >>> successfully started". >>> But I didn't find any message in Windows server backup log of >>> successful >>> backup. >>> I'm new to windows server and I'm using it in my PC for learning >>> purpose. I've been facing some problem such as my internet >>> connection >>> has been blocked a week before and I did a bare metal recovery to >>> restore my connection. Sometimes connection won't work for some >>> minutes and after that it works fine. >>> Sometimes when I request a website in the browser, first time it >>> fails >>> and >>> for the next time the page appears. >>> In server manager the server summary also not displaying its >>> contents. >>> I'm experiencing the above problems for more than 3 months and >>> after >>> several clean installations(works fine for some days and the same >>> problem pops again). >>> Is anyone trying to hack my system. >>> >>> I also found some events that occurs at 11 pm and I've noticed >>> "Logon >>> Process: Advapi" which is a virus. >>> //////////////////////////////////////////////////////////////////// >>> // >>> /////////////// >>> Special privileges assigned to new logon. >>> Subject: >>> Security ID: SYSTEM >>> Account Name: SYSTEM >>> Account Domain: NT AUTHORITY >>> Logon ID: 0x3e7 >>> Privileges: SeAssignPrimaryTokenPrivilege >>> SeTcbPrivilege >>> SeSecurityPrivilege >>> SeTakeOwnershipPrivilege >>> SeLoadDriverPrivilege >>> SeBackupPrivilege >>> SeRestorePrivilege >>> SeDebugPrivilege >>> SeAuditPrivilege >>> SeSystemEnvironmentPrivilege >>> SeImpersonatePrivilege >>> //////////////////////////////////////////////////////////////////// >>> / >>> An account was successfully logged on. >>> Subject: >>> Security ID: SYSTEM >>> Account Name: MyserverName$ >>> Account Domain: myWorkgroup >>> Logon ID: 0x3e7 >>> Logon Type: 5 >>> New Logon: >>> Security ID: SYSTEM >>> Account Name: SYSTEM >>> Account Domain: NT AUTHORITY >>> Logon ID: 0x3e7 >>> Logon GUID: {00000000-0000-0000-0000-000000000000} >>> Process Information: >>> Process ID: 0x260 >>> Process Name: C:\Windows\System32\services.exe >>> Network Information: >>> Workstation Name: Source >>> Network Address: - >>> Source Port: - >>> Detailed Authentication Information: >>> Logon Process: Advapi (I've found this page when I googled: >>> http://www.auditmypc.com/process/advapi.asp) >>> Authentication Package: Negotiate >>> Transited Services: - >>> Package Name (NTLM only): - >>> Key Length: 0 >>> //////////////////////////////////////////////////////////////////// >>> // >>> ////////////////// >>> //////////////////////////////////////////////////////////////////// >>> // >>> //////////////////// >>> Special privileges assigned to new logon. >>> Subject: >>> Security ID: SYSTEM >>> Account Name: SYSTEM >>> Account Domain: NT AUTHORITY >>> Logon ID: 0x3e7 >>> Privileges: SeAssignPrimaryTokenPrivilege >>> SeTcbPrivilege >>> SeSecurityPrivilege >>> SeTakeOwnershipPrivilege >>> SeLoadDriverPrivilege >>> SeBackupPrivilege >>> SeRestorePrivilege >>> SeDebugPrivilege >>> SeAuditPrivilege >>> SeSystemEnvironmentPrivilege >>> SeImpersonatePrivilege >>> //////////////////////////////////////////////////////////////////// >>> // >>> ////////////////////////// >>> An account was successfully logged on. >>> Subject: >>> Security ID: SYSTEM >>> Account Name: MyServername$ >>> Account Domain: MyWORKGROUP >>> Logon ID: 0x3e7 >>> Logon Type: 5 >>> New Logon: >>> Security ID: SYSTEM >>> Account Name: SYSTEM >>> Account Domain: NT AUTHORITY >>> Logon ID: 0x3e7 >>> Logon GUID: {00000000-0000-0000-0000-000000000000} >>> Process Information: >>> Process ID: 0x260 >>> Process Name: C:\Windows\System32\services.exe >>> Network Information: >>> Workstation Name: Source >>> Network Address: - >>> Source Port: - >>> Detailed Authentication Information: >>> Logon Process: Advapi >>> Authentication Package: Negotiate >>> Transited Services: - >>> Package Name (NTLM only): - >>> Key Length: 0 >>> -------------------------------------------------------------------- >>> -- >>> ------------------ "Meinolf Weber [MVP-DS]" wrote in message >>> news:6cb2911dc63a8cc64da86fd0948(a)msnews.microsoft.com... >>>> Hello Vijay, >>>> >>>> If the backup couldn't run you should get a message in the event >>>> viewer but it shouldn't freeze the server. Please answer also the >>>> questions from my 1st posting. Additional check the event viewer >>>> for errors and post them here. >>>> >>>> For Microsoft support start here: >>>> https://support.microsoft.com/oas/default.aspx?&gprid=14134&&st=1 >>>> Best regards >>>> >>>> Meinolf Weber >>>> Disclaimer: This posting is provided "AS IS" with no warranties, >>>> and >>>> confers no rights. >>>> ** Please do NOT email, only reply to Newsgroups >>>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm >>>>> Thanks Weber for your reply. >>>>> I've scheduled a backup that runs at 11 pm everyday. But there is >>>>> no >>>>> space >>>>> in the specified HDD yesterday. Will it cause problem. >>>>> I've noticed the system clock stopped at 11.01 pm yesterday. 2 >>>>> weeks >>>>> before the system freeze at the same time when I was writing an >>>>> online >>>>> exam which I had scheduled at 11 pm. >>>>> Does the Scheduled backup would cause the problem. >>>>> If so how can I report this problem to Microsoft. >>>>> >>>>> Details about the HDD >>>>> 40 GB PATA. >>>>> "Meinolf Weber [MVP-DS]" <meiweb@(nospam)gmx.de> wrote in message >>>>> news:6cb2911dc6348cc64cbdaf83aba(a)msnews.microsoft.com... >>>>>> Hello Vijay, >>>>>> >>>>>> Did you make sure in the device manager that all devices are >>>>>> correct installed? Do you use all correct drivers from the >>>>>> hardware vendors website for the machine? >>>>>> >>>>>> Best regards >>>>>> >>>>>> Meinolf Weber >>>>>> Disclaimer: This posting is provided "AS IS" with no warranties, >>>>>> and >>>>>> confers no rights. >>>>>> ** Please do NOT email, only reply to Newsgroups >>>>>> ** HELP us help YOU!!! >>>>>> http://www.blakjak.demon.co.uk/mul_crss.htm >>>>>>> Hi, >>>>>>> I'm using windows server 2008 R2. Sometimes my system freezes >>>>>>> and >>>>>>> note >>>>>>> even >>>>>>> ctrl+alt+del is working.. everything freezes. My system is >>>>>>> running >>>>>>> on >>>>>>> intel core 2 duo with 2 gb DDR2 RAM >>>>>>> 160 gb harddisk. >>>>>>> Is this a hardware problem. If so can anyone tell me what is the >>>>>>> problem or how to find the problem.
First
|
Prev
|
Pages: 1 2 Prev: TechNet Subscriber Looking for Win2K Pro & Win2K Advanced Server. Next: Windows ACL |