Win 2003 won't load services neither lets me config the admin tools @ control panel

[starriol]

Well, this is shocking . I discovered this by accident, because a scanner wasn't working.
The problem is that the scanner services don't work. How did I find out? Cause I can't enter to ANY service:
- Users and machines in active directory and all the administrative tools under the control panel (performance, services, license, etc etc etc. I translated these from spanish so be patient with the lousy translations guys !)
- Radmin and VNC don't work on this PC either... they work as services.
On VNC I get an "the key is not valid" when trying to connect, when I try to change it, I get an error that I interpret as a service that was not loaded.

Anyway, I don't know if this problem of not being able to configure the admin tools is the same that is causing some services not to load correctly, but I believe they are; they started at the same time.

Any ideas? I'm clueless !!!!

 

[starriol]

Ok, I'm seeing that when this happens (which is all the time, except when I JUST restarted the PC), I can't alter folder's permissions. That is, users permissions.

And also, both Hard disks show 0 MBs free & 0 used which is obviously impossible.

Please help me out, I'm, totally blown off balance with this problem

 

[starriol]

Hey guys, I ran microsoft malicious software removal tool, Spybot, Agitum Taurus Scan, the cleaner and found no trojans...
Some ppl suggested that it could be because of them... any ideas what could be making this happen? I even ran Hijack this.

Anyway, this is the log from Hijackthis just in case you can spot something weird:

Logfile of HijackThis v1.99.1
Scan saved at 01:26:45 p.m., on 25/09/2006
Platform: Windows 2003 SP1 (WinNT 5.02.3790)
MSIE: Internet Explorer v6.00 SP1 (6.00.3790.1830)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\Documents and Settings\Administrador\Escritorio\Windows-KB890830-V1.20.exe
d:\300cb9d80e450f1cca\mrtstub.exe
D:\WINDOWS\system32\MRT.exe
D:\WINDOWS\system32\NOTEPAD.EXE
D:\Archivos de programa\WinRAR\WinRAR.exe
D:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Rar$EX00.125\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/hardAdmin.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://shdoclc.dll/hardAdmin.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O4 - HKLM\..\Run: [DiskeeperSystray] "D:\Archivos de programa\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [nod32kui] "D:\Archivos de programa\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NeroFilterCheck] D:\Archivos de programa\Archivos comunes\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Tau Monitor] D:\ARCHIV~1\Agnitum\TAUSCA~1.7\taumon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Archivos de programa\Archivos comunes\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [AWMON] "D:\Archivos de programa\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - Startup: No-IP DUC.lnk = D:\Archivos de programa\No-IP\DUC20.exe
O4 - Global Startup: Iniciar servicios de entrega.lnk = ?
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://D:\ARCHIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\ARCHIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ces
O17 - HKLM\Software\..\Telephony: DomainName = ces
O17 - HKLM\System\CCS\Services\Tcpip\..\{7DF7B869-612E-475A-B812-7BFF93243047}: NameServer = 192.168.0.151
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ces
O20 - Winlogon Notify: dimsntfy - D:\WINDOWS\SYSTEM32\dimsntfy.dll
O20 - Winlogon Notify: EFS - D:\WINDOWS\SYSTEM32\sclgntfy.dll
O23 - Service: Dds Scheduler Deamon (DdsSched) - RICOH Company Ltd. - D:\Archivos de programa\RDS\ddsschednt.exe
O23 - Service: Diskeeper - Diskeeper Corporation - D:\Archivos de programa\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - D:\Archivos de programa\Eset\nod32krn.exe
O23 - Service: NoIPDUCService - Vitalwerks LLC - D:\Archivos de programa\No-IP\DUC20.exe
O23 - Service: Ridoc Server Information Service (RsiSvc) - RICOH Company Ltd. - D:\Archivos de programa\RDS\RsiSvc.exe
O23 - Service: Remote Administrator Service (r_server) - Unknown owner - D:\WINDOWS\system32\r_server.exe" /service (file missing)
O23 - Service: ScanRouterDriverV2 - Ricoh Co.,Ltd. - D:\Archivos de programa\RDS\srscandr.exe
O23 - Service: SOption - RICOH Company Ltd. - D:\Archivos de programa\RDS\SOption.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - D:\Archivos de programa\RealVNC\VNC4\WinVNC4.exe" -service (file missing)



I would really appreciate your help since this is happening to a critical server.

PS: the server is behind a D-link Dl-604 router and the server itself has no firewall.

Could this be part of the problem? I mean, I think the d-link should be enough to protect it...

 

[Smilin]

Originally posted by: starriol
I would really appreciate your help since this is happening to a critical server.

PS: the server is behind a D-link Dl-604 router and the server itself has no firewall.

Could this be part of the problem? I mean, I think the d-link should be enough to protect it...

Ouch. No. A NAT device is NOT a firewall at all.

If this is mission critical, call MS and when asked say it's a Severity A case. They WILL get you fixed.

 

[starriol]

Upss... so if I use the NAT device, then a firewall PC, then the network I'll be fine?

 

[Smilin]

Originally posted by: starriol
Upss... so if I use the NAT device, then a firewall PC, then the network I'll be fine?

Yes, NAT + software firewall is going to work fine for many things. There are some things that should be further hardened of course: Domain Controllers, Certificate servers etc.


As you start looking into this and adding security keep in mind it does no good to close the barn door after the horse has already gotten out.

Adding a firewall to an already compromised system is useless.


I hope this is not the case. Per my previous post: If the server is mission critical, call support. MS will fix you if you can be fixed.

 

[starriol]

Ok, let's see...I get this errors repeated like 10 times a minute, after a certain date. This are translated from spanish, so they might be some discrepances:

Error number 1058: Windows can't acces the file gpt.ini para GPO CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=ces. The file must be present in <\\ces\sysvol\ces\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini&gt
. (The system can't file the specified file. ). The group directive process has been terminated.

Error number: 1030. Windows can't consult the list of the group directory objets. Check previous event log messeges .... etc

These 2 errors are everywhere from last month till today, several times per hour and sometimes 10 times a minute.

I'm searching info on this right now, any ideas appreciated.

 

[starriol]

OK guys, after installing Genie Backup Manager Server 6.0 on my own PC with Windows 2003, I discovered totally by chance that, after restarting, I started getting the same problems on my own PC.

After that, I eliminated that software from the server which was the reason of these posts and all works fine now.

I haven't checked yet if the problem is with all realeases of GBM 6.0 server, just this subversion (I mean, the numbers after 6... 6.12 for example) or perhaps (most probable) the source of my copy; it wans't from any trust worthy site.

I learned an important lesson... never install untested software on a critical server.