Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Server 2003 Locking up and Crazy Logs


  • Please log in to reply
1 reply to this topic

#1 bleepingnetwork

bleepingnetwork

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Planet X
  • Local time:04:09 AM

Posted 01 February 2010 - 05:58 AM

SO I come into work on Random Mondays to find Server 2003 is locked up. As in no response at all from the system and I need to do a Cold reboot to get her back up.


The Event logs are showing me nothing worth mentioning that I can tell. the only thing worth noting is that the System Logs show an UP time at noon, with no other system logs to follow.

The Security Logs show something to be out of place about 3 hours befor the systems last logs.
there are entries at 1:43:49PM then the next one says 11:49:03AM then the next Log is 1:43:49PM again... these logs are
event ID 538 but nothing suspicious here with the exception of the Abnormal Time order...<---disturbing in it self since the 11:49:03 entry is not with the rest of the 11am entries and is just out of place.

The most disturbing LOg is the first System Log after the Cold reboot that says

Event Type: Error
Event Source: EventLog
Event Category: None
Event ID: 6008
Date: 2/1/2010
Time: 7:52:15 AM
User: N/A
Computer: DCNAME
Description:
The previous system shutdown at 2:47:35 PM on 1/31/2010 was unexpected.



The reason this is Disturbing Since it happened befor the last Security Logs as follows. I figure it registered this on the reboot and coincided with the last moment inwhich the system logs were active even though the Security Log was still running for a while.


The Security Logs show
At 2:47:57 I see Event IDs 837 836 repeatedly at this time. Directory Services Access, SuccessA, NT AuthoritySystem,
Event Type: Success Audit
Event Source: Security
Event Category: Directory Service Access
Event ID: 837
Date: 1/31/2010
Time: 2:47:57 PM
User: NT AUTHORITY\SYSTEM
Computer: DCNAME
Description:
Destination DRA: CN=NTDS Settings,CN=DCNAME,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=terradb,DC=graf,DC=eur,DC=army,DC=mil
Source DRA: CN=NTDS Settings,CN=SecondaryDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=Domain,DC=xxxx,DC=xxxx,DC=xxxx,DC=xxxx
Naming Context: CN=Configuration,DC=Domain,DC=xxxx,DC=xxxx,DC=xxxx,DC=xxxx
Options: 85
Session ID: 569
End USN: 150632
Status Code: 0


at 2:48:07 the last log shown before reboot is another Event ID 538, Logon/Logoff.

Does any of this make sense?
Any help as to why I am getting this lock up would be great.
Any Help on Figuring out how to read these log files better for more of an understanding would be great as well, not to mention explaining why a log file may be out of place.

BC AdBot (Login to Remove)

 


#2 bleepingnetwork

bleepingnetwork
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Planet X
  • Local time:04:09 AM

Posted 17 February 2010 - 03:42 AM

Anyone have any helpful thoughts on this?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users