Problems with backing up security database. Intrusion?

TheMSsForum.com: The Microsoft Software Forum

The last two days I have been receiving a failure when my backup program (CA
BrightStor ArcServe) attempts to backup
c:\windows\security\database\secedit.sbd. The error I get in the logs is
"Unable to open file" and code EC=sharing violation. This file has always
been on the backup schedule and and I reviewed the logs from the 3 days ago
and it had no problems. What is this log used for and why am I now getting
these errors and unable to backup this file. Do I have a security issue
here?
Top

Re: Problems with backing up security database. Intrusion? by Roger

Roger
Sat Feb 11 00:59:58 CST 2006

That file is the repository of the local group policy settings.
Do you have this issue if a backup is attempted just after a fresh reboot?
Is your backup program allowed to update itself from the network?
Normal methods cannot touch that file as it is always in use, but the
backup software was evidently using correct imaging methods prior
to a couple days ago.

"AllenM" <allen.miyake@gmail.com> wrote in message
news:%23AJEftmLGHA.1192@TK2MSFTNGP11.phx.gbl...
> The last two days I have been receiving a failure when my backup program
> (CA BrightStor ArcServe) attempts to backup
> c:\windows\security\database\secedit.sbd. The error I get in the logs is
> "Unable to open file" and code EC=sharing violation. This file has always
> been on the backup schedule and and I reviewed the logs from the 3 days
> ago and it had no problems. What is this log used for and why am I now
> getting these errors and unable to backup this file. Do I have a security
> issue here?
>
>


Top

Re: Problems with backing up security database. Intrusion? by karl

karl
Mon Feb 13 06:41:12 CST 2006

No, doesn't sound like a sign of intrusion. If a database is open, any
backup of it would probably be unreliable anyways, so just ignore it. I
believe that file relates to the default "group policy" security
configuration settings that Windows repeatedly applies to the computer at
regular intervals.


"AllenM" <allen.miyake@gmail.com> wrote in message
news:%23AJEftmLGHA.1192@TK2MSFTNGP11.phx.gbl...
> The last two days I have been receiving a failure when my backup program
> (CA BrightStor ArcServe) attempts to backup
> c:\windows\security\database\secedit.sbd. The error I get in the logs is
> "Unable to open file" and code EC=sharing violation. This file has always
> been on the backup schedule and and I reviewed the logs from the 3 days
> ago and it had no problems. What is this log used for and why am I now
> getting these errors and unable to backup this file. Do I have a security
> issue here?
>
>


Top

Re: Problems with backing up security database. Intrusion? by AllenM

AllenM
Mon Feb 13 10:20:12 CST 2006

Thanks Roger and Karl. It appers the problem did correct itself after a
fresh reboot. Not sure why it required that but again rule of thumb "when in
doubt, reboot" seems to have resolved the issue. Thanks for the
explainations and suggestions.


"AllenM" <allen.miyake@gmail.com> wrote in message
news:%23AJEftmLGHA.1192@TK2MSFTNGP11.phx.gbl...
> The last two days I have been receiving a failure when my backup program
> (CA BrightStor ArcServe) attempts to backup
> c:\windows\security\database\secedit.sbd. The error I get in the logs is
> "Unable to open file" and code EC=sharing violation. This file has always
> been on the backup schedule and and I reviewed the logs from the 3 days
> ago and it had no problems. What is this log used for and why am I now
> getting these errors and unable to backup this file. Do I have a security
> issue here?
>
>


Top

Re: Problems with backing up security database. Intrusion? by AllenM

AllenM
Mon Feb 13 11:30:10 CST 2006

Well maybe I spoke too soon. I just reviewed my backup log and it occured
again over the weekend.

"AllenM" <allen.miyake@gmail.com> wrote in message
news:OOE9elLMGHA.3936@TK2MSFTNGP12.phx.gbl...
> Thanks Roger and Karl. It appers the problem did correct itself after a
> fresh reboot. Not sure why it required that but again rule of thumb "when
> in doubt, reboot" seems to have resolved the issue. Thanks for the
> explainations and suggestions.
>
>
> "AllenM" <allen.miyake@gmail.com> wrote in message
> news:%23AJEftmLGHA.1192@TK2MSFTNGP11.phx.gbl...
>> The last two days I have been receiving a failure when my backup program
>> (CA BrightStor ArcServe) attempts to backup
>> c:\windows\security\database\secedit.sbd. The error I get in the logs is
>> "Unable to open file" and code EC=sharing violation. This file has always
>> been on the backup schedule and and I reviewed the logs from the 3 days
>> ago and it had no problems. What is this log used for and why am I now
>> getting these errors and unable to backup this file. Do I have a security
>> issue here?
>>
>>
>
>


Top

Re: Problems with backing up security database. Intrusion? by Roger

Roger
Mon Feb 13 23:47:30 CST 2006

Have you recently updated the backup software or disables
the vss service (volume shadowing) ?
The security.sdb file should be handled in a normal way
as a part of the system state (however that application
does this collection of critical and of in-use files).
--
Roger Abell
Microsoft MVP (Windows Server : Security)

"AllenM" <allen.miyake@gmail.com> wrote in message
news:e6jllMMMGHA.740@TK2MSFTNGP12.phx.gbl...
> Well maybe I spoke too soon. I just reviewed my backup log and it occured
> again over the weekend.
>
> "AllenM" <allen.miyake@gmail.com> wrote in message
> news:OOE9elLMGHA.3936@TK2MSFTNGP12.phx.gbl...
>> Thanks Roger and Karl. It appers the problem did correct itself after a
>> fresh reboot. Not sure why it required that but again rule of thumb "when
>> in doubt, reboot" seems to have resolved the issue. Thanks for the
>> explainations and suggestions.
>>
>>
>> "AllenM" <allen.miyake@gmail.com> wrote in message
>> news:%23AJEftmLGHA.1192@TK2MSFTNGP11.phx.gbl...
>>> The last two days I have been receiving a failure when my backup program
>>> (CA BrightStor ArcServe) attempts to backup
>>> c:\windows\security\database\secedit.sbd. The error I get in the logs is
>>> "Unable to open file" and code EC=sharing violation. This file has
>>> always been on the backup schedule and and I reviewed the logs from the
>>> 3 days ago and it had no problems. What is this log used for and why am
>>> I now getting these errors and unable to backup this file. Do I have a
>>> security issue here?
>>>
>>>
>>
>>
>
>


Top

Re: Problems with backing up security database. Intrusion? by karl

karl
Tue Feb 14 06:51:08 CST 2006

I'm not surprised. I agree with Roger that we'd have to know how your
backup software is supposed to handle such in use files that are part of the
system state. This might be the way things are designed to work. You
shouldn't need that file unless you wanted to try to restore your Windows
installation, and if you wanted to do that, I'm not sure you'd want to
restore it from the CA backup you're doing now.

For backup solutions that aren't designed to capture system state files like
this one successfully, you can install and run the Backup utility that comes
with Windows, schedule it to run a system state backup before your CA
backup, and have CA back up the backup file created.


"AllenM" <allen.miyake@gmail.com> wrote in message
news:e6jllMMMGHA.740@TK2MSFTNGP12.phx.gbl...
> Well maybe I spoke too soon. I just reviewed my backup log and it occured
> again over the weekend.
>
> "AllenM" <allen.miyake@gmail.com> wrote in message
> news:OOE9elLMGHA.3936@TK2MSFTNGP12.phx.gbl...
>> Thanks Roger and Karl. It appers the problem did correct itself after a
>> fresh reboot. Not sure why it required that but again rule of thumb "when
>> in doubt, reboot" seems to have resolved the issue. Thanks for the
>> explainations and suggestions.
>>
>>
>> "AllenM" <allen.miyake@gmail.com> wrote in message
>> news:%23AJEftmLGHA.1192@TK2MSFTNGP11.phx.gbl...
>>> The last two days I have been receiving a failure when my backup program
>>> (CA BrightStor ArcServe) attempts to backup
>>> c:\windows\security\database\secedit.sbd. The error I get in the logs is
>>> "Unable to open file" and code EC=sharing violation. This file has
>>> always been on the backup schedule and and I reviewed the logs from the
>>> 3 days ago and it had no problems. What is this log used for and why am
>>> I now getting these errors and unable to backup this file. Do I have a
>>> security issue here?
>>>
>>>
>>
>>
>
>


Top

Re: Problems with backing up security database. Intrusion? by AllenM

AllenM
Tue Feb 14 17:40:41 CST 2006

OK I do backup the System State. Perhaps I will exclude the file from the
C:\ backup session. There is nothing I have done with CA. This file has
always been backed up and until I recently posted this issue everything has
been fine. So if this file is part of the System State then it should be ok
to remove from the C: backup schedule?


"karl levinson, mvp" <levinson_k@despammed.com> wrote in message
news:%235O0TVWMGHA.3432@tk2msftngp13.phx.gbl...
> I'm not surprised. I agree with Roger that we'd have to know how your
> backup software is supposed to handle such in use files that are part of
> the system state. This might be the way things are designed to work. You
> shouldn't need that file unless you wanted to try to restore your Windows
> installation, and if you wanted to do that, I'm not sure you'd want to
> restore it from the CA backup you're doing now.
>
> For backup solutions that aren't designed to capture system state files
> like this one successfully, you can install and run the Backup utility
> that comes with Windows, schedule it to run a system state backup before
> your CA backup, and have CA back up the backup file created.
>
>
> "AllenM" <allen.miyake@gmail.com> wrote in message
> news:e6jllMMMGHA.740@TK2MSFTNGP12.phx.gbl...
>> Well maybe I spoke too soon. I just reviewed my backup log and it occured
>> again over the weekend.
>>
>> "AllenM" <allen.miyake@gmail.com> wrote in message
>> news:OOE9elLMGHA.3936@TK2MSFTNGP12.phx.gbl...
>>> Thanks Roger and Karl. It appers the problem did correct itself after a
>>> fresh reboot. Not sure why it required that but again rule of thumb
>>> "when in doubt, reboot" seems to have resolved the issue. Thanks for the
>>> explainations and suggestions.
>>>
>>>
>>> "AllenM" <allen.miyake@gmail.com> wrote in message
>>> news:%23AJEftmLGHA.1192@TK2MSFTNGP11.phx.gbl...
>>>> The last two days I have been receiving a failure when my backup
>>>> program (CA BrightStor ArcServe) attempts to backup
>>>> c:\windows\security\database\secedit.sbd. The error I get in the logs
>>>> is "Unable to open file" and code EC=sharing violation. This file has
>>>> always been on the backup schedule and and I reviewed the logs from the
>>>> 3 days ago and it had no problems. What is this log used for and why am
>>>> I now getting these errors and unable to backup this file. Do I have a
>>>> security issue here?
>>>>
>>>>
>>>
>>>
>>
>>
>
>


Top

Re: Problems with backing up security database. Intrusion? by Roger

Roger
Tue Feb 14 19:14:34 CST 2006

Did you shut off / disable VSS, the volume shadow copy service ??

"AllenM" <allen.miyake@gmail.com> wrote in message
news:u1FJUAcMGHA.3144@TK2MSFTNGP11.phx.gbl...
> OK I do backup the System State. Perhaps I will exclude the file from the
> C:\ backup session. There is nothing I have done with CA. This file has
> always been backed up and until I recently posted this issue everything
> has been fine. So if this file is part of the System State then it should
> be ok to remove from the C: backup schedule?
>
>
> "karl levinson, mvp" <levinson_k@despammed.com> wrote in message
> news:%235O0TVWMGHA.3432@tk2msftngp13.phx.gbl...
>> I'm not surprised. I agree with Roger that we'd have to know how your
>> backup software is supposed to handle such in use files that are part of
>> the system state. This might be the way things are designed to work.
>> You shouldn't need that file unless you wanted to try to restore your
>> Windows installation, and if you wanted to do that, I'm not sure you'd
>> want to restore it from the CA backup you're doing now.
>>
>> For backup solutions that aren't designed to capture system state files
>> like this one successfully, you can install and run the Backup utility
>> that comes with Windows, schedule it to run a system state backup before
>> your CA backup, and have CA back up the backup file created.
>>
>>
>> "AllenM" <allen.miyake@gmail.com> wrote in message
>> news:e6jllMMMGHA.740@TK2MSFTNGP12.phx.gbl...
>>> Well maybe I spoke too soon. I just reviewed my backup log and it
>>> occured again over the weekend.
>>>
>>> "AllenM" <allen.miyake@gmail.com> wrote in message
>>> news:OOE9elLMGHA.3936@TK2MSFTNGP12.phx.gbl...
>>>> Thanks Roger and Karl. It appers the problem did correct itself after a
>>>> fresh reboot. Not sure why it required that but again rule of thumb
>>>> "when in doubt, reboot" seems to have resolved the issue. Thanks for
>>>> the explainations and suggestions.
>>>>
>>>>
>>>> "AllenM" <allen.miyake@gmail.com> wrote in message
>>>> news:%23AJEftmLGHA.1192@TK2MSFTNGP11.phx.gbl...
>>>>> The last two days I have been receiving a failure when my backup
>>>>> program (CA BrightStor ArcServe) attempts to backup
>>>>> c:\windows\security\database\secedit.sbd. The error I get in the logs
>>>>> is "Unable to open file" and code EC=sharing violation. This file has
>>>>> always been on the backup schedule and and I reviewed the logs from
>>>>> the 3 days ago and it had no problems. What is this log used for and
>>>>> why am I now getting these errors and unable to backup this file. Do I
>>>>> have a security issue here?
>>>>>
>>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
>


Top