Very strange 2003 domain occurances

[Red Squirrel]

Starting about this morning, the following services keep shutting down at random on one of our DCs, which is causing a cascading problem effect throughout the whole network. (drives not mapping, etc)

- Windows scheduler
- Automatic updates
- Computer browser (this one is rather critical, as if it's not on, UNC paths don't work so all the DFS structure is not fully accessible)
- help and support
- Workstation
- Application experience lookup

Most of these are not critical, but it's just odd that they keep turning off.

We also get errors such as:

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7032
Date: 06/05/2009
Time: 1:25:26 PM
User: N/A
Computer: DC2
Description:
The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error:
An instance of the service is already running.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


That's the one we see the most often and seems most relevant to what is going on. We are running in windows 2003 mode.

Has anyone ever experienced something like this?

 

[dphantom]

Below is the only link I have found so far to this problem.

MS KB

Not sure if it fits your situation exactly.

 

[Red Squirrel]

The issue is similar to that. Also starting today DEP keeps shutting down svchost. I'm almost wondering if some infected workstation is attacking the server or something. We applied a patch today to see if it solves the issue. We need to be more proactive with patching, but there's such a complex political process involved when it comes to rebooting or doing any kind of changes.

 

[Tarrant64]

Are you able to monitor the network to see what hosts are making active connections they shouldn't? Or at least generating more traffic than the rest? An attack from the inside is possible.