MIS Systems Thread, Connect Directly to SIMS Server in Technical; OK, here is the story. Conficker is running rampant accross the network in a tidal wave of frustration and two ...
19th November 2009, 06:02 PM #1
Connect Directly to SIMS Server
OK, here is the story. Conficker is running rampant accross the network in a tidal wave of frustration and two systems it hasn't yet touched are my laptop and our SIMS server. After an entire day of Reason Code 0's Capita have informed us that our ISA Server (which controls Sophos, Printers and acts as out Internet Gateway) may be infected and blocking the ports required for SIMS to use.
How can I remove the ISA Server from the equation and connect directly to the server with my laptop to see if SIMS will log me in? I have tried setting the servername variable to the server's IP address in connect.ini but that hasn't worked.
My laptop firewalled and in a workgroup of it's own and connects to SIMS and shares using my domain admin password (but doesn't let machines connect back to the laptop using the same password, hence avoiding infection so far. Same with the SIMS server).
19th November 2009, 06:34 PM #2
Right - you need to sort out the root cause first: Conficker. Confricker infection is purely down to workstations and servers not being patched correctly via windows update.
Conficker will automatically affect any PC or Server that does not have Microsoft KB958644 patch installed. Any PC that has conficker will automatically broadcast the virus out to any other PC that is not patched.
How to identify which PC/Servers have conficker:
Download Nmap Comand Line version and run a scan on your domain controller. This will identify any PC's that are definatly affected.
How to remove conficker from your network in 4 Easy Steps:
1) Install KB958644 on every server and PC.
Install it on all your servers first.
Best way on PC's in a large network would be to run it "quietly" via start up script.
Restart all your PC's
NB. This stops the PC from being re-infected with conficker - it does NOT actually remove conficker itself.
Now they are all protected from being infected by conficker (though they still may actually have it and be able to spread it)
2) Run Microsoft Malitious Software Removal tool (kb890830)
Run this on your servers first.
Best way on a large network would be run it "quietly" via start up script.
This actually detects and removes Conficker (any many others) and is a super bit of software.
Restart all your PC's.
Now as long as they are also patched with KB958644 they will be immune to conficker.
3) Run Nmap again and hopefully you should now find that no computers are flagged as being definatly affected. They will however be flagged as being possibly affected, this is because they have already been affected in the past even though they are clean now. No way to get round this without a format c:
4) Enable windows updates on all server and PC's so you dont have this situation again!!!
Hope this helps!
19th November 2009, 06:37 PM #3
Windows Update is on, one potentially infected machine was updated recently. I think one bad apple has spread the virus about with domain names.
I'll pass that info on to our tech team immediately, thanks.
Any way to rule out the ISA Server blocking it meanwhile?
Last Post: 1st October 2009, 11:23 AM
By ptaylor in forum MIS Systems
Last Post: 17th April 2008, 05:44 PM
By philjones2000 in forum MIS Systems
Last Post: 18th June 2007, 03:32 PM
By PHolland in forum MIS Systems
Last Post: 16th May 2007, 05:31 PM
By ryan_powell in forum MIS Systems
Last Post: 26th October 2006, 07:31 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)