Identify source IP for Security Log Failure Audits (ISA?)

TheMSsForum.com: The Microsoft Software Forum

The MSS Forum ‹ smallbiz
- Archive
  - Biz
  - MCSE
  - CRM
  - Drivers
  - Framework
  - ADO
  - ASP
  - Compact
  - Forms
  - Dotnet
  - C#
  - VB
  - FontpageGen
  - Excel
  - WorkSheet
  - Exchange
  - Setup
  - Fox
  - Fontpage
  - ASP
  - IIS
  - Entourage
  - Money
  - Messanger
  - PocketPC
  - Powerpoint
  - Project
  - Publisher
  - Excel
  - VB
  - Security
  - Portal
  - Services
  - SQLServerDev
  - SVCS
  - SQLServer
  - VB
  - VC
  - MFC
  - ExcelGen

- Previous
  - 1
    - smtp address problems When i compose a message with exchange recipients and internet email addresses the exchange recipients email address shows as login@domain.local. if i have the user Joe Shmow with a login of joes on InternalDomain and i send an email externally i would like the email to appear to come from jshmow@externaldomain.com i set up the default recipient policy smtp address to %1g%s@externaldomain.com but that didn't seem to do the trick. Any ideas? Thanks, brent Tag: Identify source IP for Security Log Failure Audits (ISA?) Tag: 160109
  - 2
    - Mail scanning software A user in our company is being hit by spam mails at the rate of 50 per day. Last week they were all from the extention variousnames@variousdomains.fi now this week they are all from variousnames@variousdomains.is Is there anyway to stop these mails. Our spam killer is stopping them and placing them in quarantine but as the user knows noone from Finland why would he be getting spammed from various .fi address's? Any comments on this subject appreciated Tag: Identify source IP for Security Log Failure Audits (ISA?) Tag: 160108
  - 3
    - XP SP2 RC2 Released For those running the release candidate of XP SP2, an RC2 has been released. It's on WU (only if you're already running the RC) or at http://www.microsoft.com/technet/prodtechnol/winxppro/sp2preview.mspx. Tag: Identify source IP for Security Log Failure Audits (ISA?) Tag: 160107
  - 4
    - Question about Exchange backup/restore Hello all, I have a customer who has decided to replace his SBS2000 server hardware (the whole box) I will have the new box completely setup with his existing SBS2000 software in advance, then will 'down' his old box and bring the new box up in it's place. I will have tape backups of everything before I start. His existing AD domain is mycompany.com (Yeah, yeah, I know... his choice), but I would like his new AD domain to be mycompany.local, *and* the machine name will change from sbserver to mail. What is the best way to migrate his Exchange data from the old to the new box. (I have a week to plan for this) Thanks in advance for your suggestions. Tag: Identify source IP for Security Log Failure Audits (ISA?) Tag: 160106
  - 5
    - Outlook 2002 Client on SBS I have a laptop which will not install Outlook 2002 client from the SBS admin console. When the user logs onto the laptop (winXP)the message states software ready to install (click install or cancel) as it should but when i click the install button it simply hangs and then reboots the laptop. It does look as though it is attemtpting to install though. If i try re-running the add software wizard from SBS admin console the next time the user logs on it simply says software ready to install again upon login and then comes back with a red cross saying installion not ok in a dialog box after a couple of seconds. If i look in ADD/Remove programs Outlook2002 is in there however no shortcuts are placed on the desktop or i can't access through the run command also when i do a search for outlook from run/search all i get is outlook express coming as result. I installed Outlook the way i always do by right clicking the computer name in SBS console and choosing ADD software then selecting the outlook2002 checkbox. This machine initially had Outlook2000 a while back under a different users profile then we upgraded it to Outlook2002 for her but sometimes this users was getting an option saying cannot find <FileName> on Office disk1 then if you cancelled that a few times Outlook woudl work ok.. I have had no problems with most installs of the Outlook2002 client but i seem to recall having a problem similar to this problem about 6 months ago. Also can someone tell me if they believe it is best to install Outlook etc. as the propsed user of a system or as the Domain Administartor. Any advice much appreciated. Tag: Identify source IP for Security Log Failure Audits (ISA?) Tag: 160105
  - 6
    - Recommendations for fax solution I am looking for fax solution - Is there some wya / product that will let users on SBS2K environment RECEIVE and SEND faxes using outlook / exchange? Please recommend. Thanks Sanjay Tag: Identify source IP for Security Log Failure Audits (ISA?) Tag: 160100
  - 7
    - SBS2003 connectcomputer remotely I would like to connect a computer running Windows XP Pro from accross town to the DOMAIN on our server running SBS2003. I used Connection Manager to establish a successful VPN connection from the remote computer to the server. However, when I try http://servername/connectcomputer, I am told that this cannot be done through VPN. I would really appreciate your help. Thanks. Lise Tag: Identify source IP for Security Log Failure Audits (ISA?) Tag: 160096
  - 8
    - Denied access to SBS2003 Backup report My SBS2003 backup completes successfully every day. However, for the last couple of days, whenever I try to view the Backup Report from the Server Management window, I am told: "You do not have the correct permissions to view this page. For more information contact your system administrator. To view this page, you must be a member of the Domain Admins security group." I am logged on as Administrator, member of the Domain Admins group, and I was able to view the report last week. Does anyone have a solution to this? Lise Tag: Identify source IP for Security Log Failure Audits (ISA?) Tag: 160095
  - 9
    - POP3 Connector Problem Hi I have a problem with POP3 Connector, can any body advise how to fix. Regards Barry Event error messages:- Event ID 7031 Source Service Control Manager, The Microsoft Connector for POP3 Mailboxes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: No action EventID: 7011 Timeout (30000 milliseconds) waiting for a transaction response from the MSPOP3Connector Service. Tag: Identify source IP for Security Log Failure Audits (ISA?) Tag: 160091
  - 10
    - Remote access solution? Hello there. My company has a new member of staff starting in mid July. They will be working from home in a rural area without ADSL or cable and only have dial-up. Is there a good RAS solution for dial-up or would GSM phone connection be better? I have used MS PPTP VPN (SBS 2000 RRAS) alright with ADSL, but with dial-up it is unusable in this way. Anyone tried satelite Broadband? I would be most appreciative of any advise anyone can give me. Thanks, Shane Molloy. Tag: Identify source IP for Security Log Failure Audits (ISA?) Tag: 160090
  - 11
    - can vpn but nothing else Hi I have, what I think is, a working vpn between my sbs2000 server (ip 10.0.0.2) and a remote sbs2000 (192.168.16.2). I can ping all pcs on the remote (192.168.16.x) network I have taken off the whole 19.2168.x.x range from my own LAT to avoid any potential problems. The problem is that I can not connect to the a remote terminal server (part of the remote sbs2000 domain) using ts contact manager even though I can ping the terminal server. What is wrong here and how can I fix it? Thanks Regards Tag: Identify source IP for Security Log Failure Audits (ISA?) Tag: 160089
  - 12
    - POP3 Connector error Need help with a pop3 connector giving errors in the application log. The errors are 1046 and 1048 every time the pop3 is scheduled to donwload e-mail. E-mail will only come through to the mailboxes intermittently. Any help will be appreciated. Regards Tag: Identify source IP for Security Log Failure Audits (ISA?) Tag: 160083
  - 13
    - POP3 Connector error Need help with a pop3 connector giving errors in the application log. The errors are 1046 and 1048 every time the pop3 is scheduled to donwload e-mail. E-mail will only come through to the mailboxes intermittently. Any help will be appreciated. Regards Tag: Identify source IP for Security Log Failure Audits (ISA?) Tag: 160082
  - 14
    - users can't logon to Exchange using Outlook or OWA WHen my user click on Outlook they get "can't start Microsoft Office Outlook. Unable to open outlook Windows. Set of folders could not be opened" They can ping the server my host name. I look at the SBS 2000 server and all Exchanges Services started OK. The weird thing is that my Event Log is not viewable. When you first go into it, it said it has 1,000 event but you can see anything. Without Event Log, i am working in the dark. I also try using OWA, getting "HTTP /1.1 503 Service Unavailable. PLease help Tag: Identify source IP for Security Log Failure Audits (ISA?) Tag: 160081
  - 15
    - client applications install :I I need to be able to allow users to install the client applications (firewall, shared modem etc) when prompted without giving them local admin rights. There are 30+ machines and cannot do this one by one as it'll take ages. Is there a way to allow users to just install Client Apps with elevated priviledges? anyone who has an idea would be appreciated.. Tag: Identify source IP for Security Log Failure Audits (ISA?) Tag: 160079
  - 16
    - Software update services Hi, We are running SBS2K with 20 XP Pro clients. We want to make installing the Windows/Office patches easy. Is installing SUS on the server the best way to go? If not, what would be? Thanks Bob Tag: Identify source IP for Security Log Failure Audits (ISA?) Tag: 160072
  - 17
    - Licensing Question Hi there, we have a sbs2k server in our Library. Can I put another server running Win2K in there as well, or under the licensing for sbs2k can you only have 1 server ? cheers Adam Tag: Identify source IP for Security Log Failure Audits (ISA?) Tag: 160064
  - 18
    - Spoof attack Hi I am getting the below event in the event log. Do I need to take any action? Thanks Regards Event Type: Warning Event Source: Microsoft ISA Server Control Event Category: Packet filter Event ID: 15108 Date: 17/06/2004 Time: 01:10:27 User: N/A Computer: XYZ Description: ISA Server detected a spoof attack from Internet Protocol (IP) address x.x.x.x. A spoof attack occurs when an IP address that is not reachable via the interface on which the packet was received. If logging for dropped packets is set, you can view details in the packet filter log. Data: 0000: 1f 00 00 00 .... Tag: Identify source IP for Security Log Failure Audits (ISA?) Tag: 160061
  - 19
    - microsoft.public.windows.server.sbs I cannot find "microsoft.public.windows.server.sbs" among the Discussion Groups listed here. If I do a search, items posted to this group are included in the results, but when I click on the name of the group from within the posting, I receive a "Discussion Group not found" error. Tag: Identify source IP for Security Log Failure Audits (ISA?) Tag: 160060
  - 20
    - Reboot server because there are File Sharing Violations. Helpme Please! I have a SBS2000 updated with SP4. After that i still have the next error. Whe i try to Open, Rename, Move, or Delete some file. The the sistems show a popup window: "There is a Sharing Violation. The file may be in use for another user" I checked that file with the SBS Administrador, but does not report that file in use. The file is released only until i reboot the Server, but that is not a solution, is a waste of time and $$$. What could be the problem.??? Is there a tool to verify used files by users or proceses? Other PROBLEM is: Why sometimes some files lost ther ownership? And cant access them until i assign the ownership. Thanks in Advance. Tag: Identify source IP for Security Log Failure Audits (ISA?) Tag: 160057
  - 21
    - Het zal toch niet zijn wie ik denk dat het is? Is het die Ear Youth weer? Nee, het is Arjen Jongeling! Het is een kwestie van geduld voor heel usenet Hollands lult Tag: Identify source IP for Security Log Failure Audits (ISA?) Tag: 160056
  - 22
    - Power User Management Console - SBS2K3 Permissions issue - Logon via Remote Desktop Connection to SBS2K3 server using Power User account. Open Server Management. Select user. Right-click to disable account. "Windows cannot disable object because: Insufficient access to perform the operation." Cannot successfully change password either. This target user is a User. It was migrated over from SBS2K during an upgrade from SBS2K to SBS2K3. Can create new user and disable/enable and change password successfully. Cannot change password for migrated users (User). Used the Change Permissions wizard to replace permissions on the user (while logged on under the Admin account). No change. Created new Power User account. Logged on via this new account and tried again. Same result. Suggestions? Has anyone seen this? Karen Tag: Identify source IP for Security Log Failure Audits (ISA?) Tag: 160046
  - 23
    - Synchronize / Replicate between two SBS2K servers I have two SBS2K servers in two different domains. They both have a broadband internet connection. Is it possible to replicate / synchronize data between both exchange servers in this situation ? I'm trying to get the mailbox from a single user available in both domains. Regards and thanks in advance, Frans. Tag: Identify source IP for Security Log Failure Audits (ISA?) Tag: 160044
  - 24
    - SBS 2003 Group Policy for Outlook 2003 Hi, I am trying to turn off the group policy that forces Outlook 2003 to send/recieve emails through Exchange. We need the emails for now to go out through a pop account. Everytime I make the pop account the default for Outlook and reboot, a group policy changes it back to Exchange on the reboot. Any help would be great. Thanks Tag: Identify source IP for Security Log Failure Audits (ISA?) Tag: 160039
  - 25
    - SUS first sync....? hello all.. just setting up a brand new w2k server...and am attempting to use SUS. in running same, and doing the first synchronization run, it says that there are 4000+ files to d/l ??? why is that? shouldn't it only update my server with the latest and most up to date items? it took almost 2 hours to go and get the first 800....so 4000 is a LONG time to wait...but is it right in doing so? Jim Tag: Identify source IP for Security Log Failure Audits (ISA?) Tag: 160038
- Next
  - 1
    - Deleting Mail in Exchange Anyone know of a program that will delete e-mail out of user accounts based on days? Currently, Exchange stops allowing new mail based on space. That is the MB setting being set on X number and the account being full. Tag: Identify source IP for Security Log Failure Audits (ISA?) Tag: 160035
  - 2
    - Remote access to ADUC Does anyone know how to access ADUC from a client machine on the network without using Terminal Service's? I'm running a SBS2K server with a Win2K network of client machines. Thanks in advance Andy C Tag: Identify source IP for Security Log Failure Audits (ISA?) Tag: 160032
  - 3
    - SBS2003: Add user wizard does not create mailbox Customer has SBS2003 Premium. 2 users were added today through "add multiple users" and 2 new computers added to the network for them (Windows XP Pro). Everything seemed OK, the workstations were configured correctly except when they tried to open Outlook for the first time, it gave the usual "name couldn't be found in the address list". When you go into Exchange system manager, you can't see the new users mailboxes. The add user wizard used to work without problems. Hope someone can help. Robbie niblock Tag: Identify source IP for Security Log Failure Audits (ISA?) Tag: 160031
  - 4
    - Add DC to SBS 2000 is there any way to add DC (win2k or win2k3) to SBS 2000 ???? Tag: Identify source IP for Security Log Failure Audits (ISA?) Tag: 160026
  - 5
    - clients check How can i check every web connection that every user has from my SBS 2003? Silvano Tag: Identify source IP for Security Log Failure Audits (ISA?) Tag: 160024
  - 6
    - Relocate Useres Shared Folders I am currently migrating my existing SBS 4.5 to a new SBS 2000 installation and want to relocate User's Shared Folders to another drive. On my existing SBS 4.5 system, I have done this and shared out each sub folder as User1$, User2$ etc. In this way, each user gets access to his own share, but can't see any others. I have tried doing this on the new SBS 2000 installaion, but the Add User Wizard seems to complain because I've got rid of the "User" share. Do I have to have the "User" share, or is there a registry hack to get around this situation? Thanks, Gary Tag: Identify source IP for Security Log Failure Audits (ISA?) Tag: 160022
  - 7
    - Win 2000 Server and Boot.ini I am setting up a test copy of Win 2000 SBS on my home machine. (I am within my licenced limits) On my home PC I have 2 HD's On my c: drive I have Win XP Pro installed I insatlled Win 2000 SBS on my D: drive. I am now having problems getting into my Win XP O/S. Previous to this installation I had Win 2003 Server on my drive. The Boot.ini file on my C: properly directed the load up depending on which O/S I chose at the startup. The problem I am now experiencing is that when I choose to go to my Windows XP drive Windows 2000 SBS starts to load, but crashes immediatley looking for a file in windows/system32. Windows is the correct folder for my Win Xp drive (vs. Winnt on SBS) My Boot.ini was removed from my C drive to my desktop during the installation. When I try and paste it back on to c: I get a message saying do I want to replace the boot.ini file already on C:, which I can't see or find (proper setting have been applied to show hidden files. I have elected not to overwrite this file. I am concerned that if I do a repair on Win XP (did one on SBS it did solve the problem) that I will screw up access to both systems Any help would be appreciated. Tag: Identify source IP for Security Log Failure Audits (ISA?) Tag: 160021
  - 8
    - Veritas WMI Backup problem Hello Group, I have a customer running Veritas 9.1 SBE on a 2000 SBS. All was fine until the backup stopped working, with "An error occurred retrieving the WMI Repository data directory" displayed in the Veritas backup log. I tracked this down to http://support.veritas.com/docs/253921 which suggests I manually backup the WMI data through the WMI properties. This produces an error "Failed to connect to local computer because windows server execution failed." The Veritas article helpfully states that if an error is produced then Microsoft support should be contacted, but I can't find a relevant knowledgebase article. Please help, our customer isn't getting a backup. Rob Tag: Identify source IP for Security Log Failure Audits (ISA?) Tag: 160015
  - 9
    - SMTP service HANGING server problem at a client site today > sbs2k has been running fine for 6 months hardware is HP Compaq ML350, dual p4 ht CPU's, 1.25gb memory, 3x RAID1 arrays today mail not processing and server running very slowly we came in and found virus messages about zafi.b viruses > symantec corporate edition has been picking these up and we check definitions are up to date each morning. when scanning we found viruses in messages in the SMTP badmail queue initially we thought zafi.b was our problem however found nothing in the registry as we were expecting. so since then we have found the following ..... server runs incredibly slow. cannot use it basically restart in safe mode and it works fine disable various services and discovered that SMTP service when disabled and system rebooted fixes the problem so now thinking the SMTP queue has somehow corrupted and need to get this fixed have tried disabling Exchange services removing SMTP and NNTP service > didn't remove all of IIS > should we ? then reinstalling them running SMTPREINSTALL.exe tool to get IIS(smtp) and Exchange talking again (extend SMTP service with extra verbs) but on reboot the same problem has reappeared How do you fix the SMTP service / IIS / Exchange delivery issues on SBS2000 ? We are planning next step of > Check all backups from 2 days ago Remove all AV software to ensure no viruses have taken over them > just in case By the way server is now disconnected from everything else to avoid reinfection or prpogation to other machines Remove IIS totally (including SMTP and NNTP) Delete IIS metabase if it still exists > metabase.bin Reinstall IIS Apply Win2k SP4 Reboot Reinstall exchange > exchange 2k documents talk of this but we are wary of how and what will occur when doing this in SBS2000 Reinstall Exch SP3 Reboot Voila OR perhaps Voi NON Thanks for your help regards Jeremy Tag: Identify source IP for Security Log Failure Audits (ISA?) Tag: 160009
  - 10
    - Distribution Groups?? Hi there. Ive tried searching the web on this and turned up no results. Does anyone know how to create a distribution group on exchange to go out to external people who do not have an internal e-mail address? We need to send a e-mail out to our customers about latest business proposals, but making sure that they only see the distribution name in the Sent to box on the mail. Thanks in advance Andy C Tag: Identify source IP for Security Log Failure Audits (ISA?) Tag: 160007
  - 11
    - remote desktop problem With many clients I use "remote desktop" so they can access their own pc from home over a VPN. Usually there are NO problems. With a new client who's SBS2000 was installed by Hewlett Packard, I get an error message saying "the local policy does not allow interactive logon" The user has ADMIN rights on BOTH his and the SBS The user is also granted access remotely within XP The users settings in "active directory" are "allow terminal services" I can not access the group policy editor on SBS, even with admin rights or with the original admin account!!! How could I FORCE entry into the GPO? Any help would be appreciated. Tag: Identify source IP for Security Log Failure Audits (ISA?) Tag: 160006
  - 12
    - Exchange for multiple domains I have a question about receiving mail for THREE different domains. Now we have 10 users that receive mail for user@domainONE.com 1 user that receives mail for user@domainTWO.com The boss wants to receive mail for everyone@domainTHREE.com so I need all mail for domainTHREE.com come delivered to a single user. How can I do this? Thanks a lot for your replies, Filippo Tag: Identify source IP for Security Log Failure Audits (ISA?) Tag: 160000
  - 13
    - SID Hi I am getting the warning in the event log Source: SceCli Type: Warning Event ID: 1202 Computer: Computer name Description: Security policies are propagated with warning. 0x534 : No mapping between account names and security IDs was done. For best results in resolving this event, log on with a non-administrative account and search http://support.microsoft.com for "troubleshooting 1202 events". A user account in one or more Group policy objects (GPOs) could not be resolved to a SID. This error is possibly caused by a mistyped nor deleted user account referenced in either the User Rights or Restricted Groups branch of a GPO. To resolve this event, contact an administrator in the domain to perform the following actions: 1.Identify accounts that could not be resolved to a SID: From the command prompt, type: FIND /I "Cannot find" %SYSTEMROOT%\Security\Logs\winlogon.log The string following "Cannot find" in the FIND output identifies the problem account names. Example: Cannot find JohnDough. In this case, the SID for username "JohnDough" could not be determined. This most likely occurs because the account was deleted, renamed, or is spelled differently (e.g. "JohnDoe"). 2.Identify the GPOs that contain the unresolvable account name: From the command prompt type FIND /I "JohnDough" %SYSTEMROOT%\Security\templates\policies\gpt*.* The output of the FIND command will resemble the following: ---------- GPT00000.DOM ---------- GPT00001.DOM SeRemoteShutdownPrivilege=JohnDough This indicates that of all the GPOâ??s being applied to this machine, the unresolvable account exists only in one GPO. Specifically, the cached GPO named GPT00001.DOM. Now we need to determine the friendly name of this GPO in the next step. 3. Locate the friendly names of each of the GPOs that contain an unresolvable account name. These GPOs were identified in the previous step. From the command prompt, type: FIND /I "[Mapping]" %SYSTEMROOT%\Security\Logs\winlogon.log The string following "[Mapping] gpt0000?.dom =" in the FIND output identifies the friendly names for all GPOâ??s being applied to this machine. Example: [Mapping] gpt00001.dom = User Rights Policy In this case, the GPO that contains the unresolvable account (gpt00001.dom) has a friendly name of "User Rights Policy". 4. Remove unresolved accounts from each GPO that contains an unresolvable account. a. Start -> Run -> MMC.EXE b. From the File menu select "Add/Remove Snap-inâ?¦" c. From the "Add/Remove Snap-in" dialog box select "Addâ?¦" d. In the "Add Standalone Snap-in" dialog box select "Group Policy" and click "Add" e. In the "Select Group Policy Object" dialog box click the "Browse" button. f. On the "Browse for a Group Policy Object" dialog box choose the "All" tab g. Right click on the first policy identified in step 3 and choose edit h. Review each setting under Computer Configuration/ Windows Settings/ Security Settings/ Local Policies/ User Rights Assignment or Computer Configuration/ Windows Settings/ SecuritySettings/ Restricted Groups for accounts identified in step 1. i. Repeat steps 3g and 3h for all subsequent GPOs identified in step 3. How to solve this problem Tag: Identify source IP for Security Log Failure Audits (ISA?) Tag: 159997
  - 14
    - Client Installer Problem I am having a problem with SBS2000. I have just setup a new SBS2000 server with W2K SP4. When a client logs on it prompts: Small Business Server Client Application Installer It is recommended that you install the Windows 2000 Service Pack 4. Do you want to install this now? Yes/No If i select Yes, it starts copying files and then eventually returns error: Setup Error You do not have permission to upgrade Windows 2000. Please contact your system administrator. I have enabled the User and Computer options in Group Policy to install with Elevated Priviledges but still nothing. If i select No to installing SP4, the Client Applications prompts to install, if you select Install Now is again says: Client Applications Intaller Administative access is required to install client applications. Is there a way to get around this without having to give all my users admin permissions? Belinda Tag: Identify source IP for Security Log Failure Audits (ISA?) Tag: 159996
  - 15
    - Backup exec quirk? 9.1 BE, SBS2k. Public Folder backup. Hi All, Using BackUp Exec 9.1 SP1 on an SBS2k Server. I was reviewing my backup selections in a new installation of BE and noticed that under the selection "Microsoft Exchange Public Folders" I only see "Internet Newsgroups." Where is my public calendar? But I see the "Public Folder Store" under "Microsoft Information Store" > "First Storage Group". In addition, I also see the "Mailbox Store" under the same group of "Microsoft Information Store" > "First Storage Group". Is this by design? Has it always been like this but I never noticed? Note that the HTTP Exchange Virtual Server is disabled in this case, if this makes a difference. Thanks John Tag: Identify source IP for Security Log Failure Audits (ISA?) Tag: 159994
  - 16
    - Budget air ticket. mail@hkrnet.org Tag: Identify source IP for Security Log Failure Audits (ISA?) Tag: 159993
  - 17
    - Backup Exec hangs at "99% Complete" This is a multi-part message in MIME format. ------=_NextPart_000_0031_01C452EC.9CF4B9A0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable SysAdmins: I run a lot of services on our company server, one of them, the backup = service is managed in software by Veritas Backup Exec 8.6. My backup job = rotation was running smoothly until a week ago when I installed = Veritas's DirectAssist troubleshooting software. Since then, all my jobs = complete but hang at "99% complete". I've since uniunstalled this = software and recreated the backup jobs. The problem persists. Restarting = the BackupExec services clears the hang. Does anyone have experience with this already? Help! Paul G. Dorn ------=_NextPart_000_0031_01C452EC.9CF4B9A0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD> <META http-equiv=3DContent-Type content=3D"text/html; = charset=3Diso-8859-1"> <META content=3D"MSHTML 6.00.2800.1400" name=3DGENERATOR> <STYLE></STYLE> </HEAD> <BODY bgColor=3D#ffffff> <DIV> <DIV><FONT face=3DArial size=3D2>SysAdmins:</FONT></DIV> <DIV><FONT face=3DArial size=3D2>I run a lot of services on our company = server, one=20 of them, the backup service is managed in software by Veritas Backup = Exec 8.6.=20 My backup job rotation was running smoothly until a week ago when I = installed=20 Veritas's DirectAssist troubleshooting software. Since then, all my jobs = complete but hang at "99% complete". I've since uniunstalled this = software and=20 recreated the backup jobs. The problem persists. Restarting the = BackupExec=20 services clears the hang.</FONT></DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV> <DIV><FONT face=3DArial size=3D2>Does anyone have experience with this=20 already?</FONT></DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV> <DIV><FONT face=3DArial size=3D2>Help!</FONT></DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV> <DIV><FONT face=3DArial size=3D2>Paul G. = Dorn</FONT></DIV></DIV></BODY></HTML> ------=_NextPart_000_0031_01C452EC.9CF4B9A0-- Tag: Identify source IP for Security Log Failure Audits (ISA?) Tag: 159977
  - 18
    - SBS POP3 Connector Client has been using the POP3 conector to retrieve mail for several months; yesterday it stopped working. If I click the 'Retrieve now' button on the properties dialogue, get message 'Initialization Error'. No error number, nothing in the application event log in event viewer. I have set diagnostics logging to maximum for this connector. Is there a separate event log for Exchange / POP3 connector events? I have tried removing and replacing the global ISP mail host record in the POP3 connector dialogue, and also re- booting the server. Anyone got any ideas how to troubleshoot this? TIA Paul Tag: Identify source IP for Security Log Failure Audits (ISA?) Tag: 159975
  - 19
    - Invitation - June Kentucky Small Business Server User Group (KYSBSUG) Meeting You are cordially invited to attend the June meeting of the Kentucky Small Business Server User Group (KYSBSUG)! Date: Wednesday June 23, 2004 Time: 6:30 pm - 8:00 pm Eastern (GMT -5) Location: University of Louisville - Shelby Campus Building: Information Technology Resource Center (iTRC) Room: The Theater Address: 9001 Shelbyville Road City/State/Zip: Louisville, KY 40222 Facility Phone: (502) 852-0900 Venue URL: http://www.theitrc.com Agenda: 6:00 - 6:30 - Meet fellow SBSers, grab some refreshments & find a seat 6:30 - 6:45 - Orientation for new KYSBSUG members / attendees 6:45 - 7:20 - Presentation: "Building a Profitable Business Model around Microsoft Small Business Server 2003" Presenter - Tim Barrett from KYSBSUG 7:20 - 7:35 - SBS Q&A 7:35 - 7:45 - Information on TS2 and upcoming local Microsoft Events 7:45 - 8:00 - Wrap-up and drawing for a boxed copy of Office 2003 Small Business Edition 2003 (NFR) and other giveaways Admission and parking are FREE! The Theater at the iTRC offers comfortable stadium-style seating for 55 people and a large projection screen, so be sure to invite anyone interested in Microsoft Small Business Server! IMPORTANT - This is a secure building, so please try to arrive before 6:30 PM E.D.T. to be sure you can get in the building. E-mail Tim Barrett at timbarrett@rehabdesigns.com or call (502) 266-9061 x105 with any questions. Campus Map: http://www.theitrc.com/html/shelby_campus.html Expedia Map: http://tinyurl.com/2meg5 Directions to the U of L Shelby Campus - iTRC: (The Shelby Campus is in the EAST end of Louisville, one block West of Hurstbourne Lane) From the Airport: Take I-264 East (Watterson Expressway) out of the airport for approximately 6 miles. Once you pass the I-64 interchange, look for US 60 (Shelbyville Road) which is the St. Matthews/Middletown exit. Go East towards Middletown for approximately 1 mile through a commercial, and then residential, area. Shelby Campus will be on your left. From I-64: I-64 West into Louisville to the Jeffersontown/Middletown exit #15 which is Hurstbourne Lane (State Road 1727). At the end of the ramp, turn right towards Middletown. Stay on Hurstbourne to US 60 (Shelbyville Road) which is approximately 1 mile. Turn left onto US 60. Shelby Campus is on your right just past the first red light. From I-65: I-65 North into Louisville to I-264 East (Watterson Expressway). Go approximately 6 miles to US 60 (Shelbyville Road) at the St. Matthews/Middletown exit (which is just past the I-64 interchange). Go East towards Middletown for approximately 1 mile through a commercial, and then residential, area. Shelby Campus will be on your left. From I-71: I-71 South into Louisville to I-264 West (Watterson Expressway). Go approximately 2 miles to the US 60 (Shelbyville Road) at the St. Matthews/Middletown exit. Go East towards Middletown for approximately 1 mile through a commercial, and then residential, area. Shelby Campus will be on your left. Tag: Identify source IP for Security Log Failure Audits (ISA?) Tag: 159973
  - 20
    - Solution - Win2k SBS POP3 Connector - C0000005 ACCESS_VIOLATION Group, Had this error yesterday, a Google search didn't come up with a quick solution so I thought I'd post how I fixed it, in our case. (I think) it turned out to be a corrupt message in the POP3 Conn. queues. I had read on some older posts that corrupt email can jam up the service, and proceeded to delete the mail on our hosting server - did not fix the problem. We also had a corrupt event app log, which I thought maybe hung up the service. So I fixed that (set eventview service to Disabled, reboot, delete ..\system32\config\*.evt, reset service to Auto, reboot). POP3 Conn started, but would not retreieve mail. Finally I stopped the POP3 Connector and deleted orphaned messages in ..\Program Files\MS BackOffice\???\POP3 Conn\Incoming and InForward, and another directory full of .etb files (can't remember as I write this, on different machine now) that turned out to be the account information. Recreating the account information after restarting the service seemed to solve the issue and the POP3 Connector is working again. Something in there was corrupt. We also had those event log problems and my wins db was corrupt, and CHKDSK took a long time (was remote so couldn't see screen + logging was disabled) so I'm thinking drive issues. Possibly antivirus quaratined something out of there and fubared it, I have since excluded the directory. Hope this helps someone in the future. Nate Erb IT Fusion SOS - Milwaukee, WI (414) 852-5851 Tag: Identify source IP for Security Log Failure Audits (ISA?) Tag: 159969
  - 21
    - Group Policy error Hi I have implemented group policy for the users so that they cannot open the network properties. This is working on all windows 2000 machines but this is not working on xp systems. I checked the event log and the error was Type Error Source MsiInstaller Description: The description for Event ID ( 10000 ) in Source ( MsiInstaller ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. The following information is part of the event: Product: Microsoft Group Policy Management Console with SP1 -- You must be running Windows XP SP1 or Windows Server 2003 build 3602 or later to install Microsoft Group Policy Management Console with SP1, (NULL), (NULL), (NULL), (NULL), (NULL), (NULL). Some one help me on this issue Thanks Vinod Tag: Identify source IP for Security Log Failure Audits (ISA?) Tag: 159968
  - 22
    - Users Hi, If the server is SBS2000 then you do not need to create the computer account on the server. With Win2000 servers the accounts are created when the computer is joined to the domain. Make sure that you have joined the domain using a user account that has permission to create the account. Tag: Identify source IP for Security Log Failure Audits (ISA?) Tag: 159965
  - 23
    - Viewing a user session I was just curious.... I have a small network with 10 computers and a SBS2000 server. Is it possible to view a user session from one of the other machines on the network using software built into Windows SBS, and if not, what software could I use to do that? Thanks Tag: Identify source IP for Security Log Failure Audits (ISA?) Tag: 159964
  - 24
    - Arjen Jongeling, een oude bekende Hoewel, Arjen Jongeling is hier nog nooit geweest en ik denk dat Arjen Jongeling hier ook nooit meer zal terugkomen. Sterker nog, Arjen Jongeling zit hier helemaal fout. Maar ja, het doet het goed in de Google archieven. Tag: Identify source IP for Security Log Failure Audits (ISA?) Tag: 159962
  - 25
    - Windows 2003 System Accounts within 2000SBS Domain Sorry if you have seen this already but I think I posted it to the wrong place. I have just added a Windows 2003 DC to a Windows 2000 SBS domain and I seem to be missing at least one system account specific to windows 2003 (specifically the 'NETWORK SERVICE' account). Before you ask I did follow through the ADPrep routine prior to bringing the 2003 server into the domain, and all went well. Has anyone else experienced this or have any ideas on what to try to get this system account to show/install itself? The reason this was noticed and came about was due to a problem with the fax service and running it on a domain controller - apparently I needed to give the network service account some user rights according to this link: http://www.adminlife.com/247reference/msgs/13/67140.aspx Upon trying to add the account I identified that it wasn't listed therefore my current situation above .. I am going to try to add the SID for this account (S-1-5- 20) directly to those rights and see if that solves my problem in the mean time, but I would appreciate any thoughts anyone might have on this still. Tag: Identify source IP for Security Log Failure Audits (ISA?) Tag: 159960

I am getting lots of failed logon attempts from a particular OUTSIDE workstation. I want to identify the port & source IP.

I am running ISA with the usual SMTP, POP, DNS, TS, FTP and a few other ports open - I use all of them for one purpose or another.

Is ISA the place to look to identify the source IP and port?

Top

RE: Identify source IP for Security Log Failure Audits (ISA?) by Brian

Brian
Thu Jun 17 13:38:01 CDT 2004

Just a followup: I turned on logging of allowed packets and manually went through the packet log. However, I am have been unable to correlate the times of the allowed packet events in the ISA log with the times of the logon failures. I have been getting the logon attempts from workstation "OEMCOMPUTER" now for a couple of days, using common words, but I cannot see any IP address in the ISA log that has been showing up consistently throughout that time.

Maybe I need some help with setting up my ISA log, or is it possible that this is some sort of automated attack coming from multiple IP addresses so that each one shows up only for a short time?

"Brian" wrote:

> I am getting lots of failed logon attempts from a particular OUTSIDE workstation. I want to identify the port & source IP.
>
> I am running ISA with the usual SMTP, POP, DNS, TS, FTP and a few other ports open - I use all of them for one purpose or another.
>
> Is ISA the place to look to identify the source IP and port?

Top