+ Post New Thread
Results 1 to 8 of 8
Windows Server 2008 R2 Thread, services not starting in Technical; hi guys have all sorts of issues with one of my dc's today, these services wont start even after a ...
  1. #1
    ful56_uk's Avatar
    Join Date
    Mar 2008
    Location
    Essex
    Posts
    554
    Thank Post
    105
    Thanked 23 Times in 21 Posts
    Rep Power
    17

    services not starting

    hi guys

    have all sorts of issues with one of my dc's today, these services wont start even after a reboot

    dfs replication
    com+ event system
    com+ system application
    SENS

    there no clues in the event viewer services wont start regardless and they all depend on each other.

    I would just demot the server but dcpromo wont work becuase dfs isnt running becuase the other services wont run.

    no new software has gone on the server either, not sure what to do now,

    is it possible to create a new server with same name and then switch off old and rejoin new server to domain?

  2. #2
    ChrisH's Avatar
    Join Date
    Jun 2005
    Location
    East Lancs
    Posts
    4,998
    Thank Post
    120
    Thanked 280 Times in 258 Posts
    Rep Power
    106
    Why does it need to be the same name?

  3. #3
    ful56_uk's Avatar
    Join Date
    Mar 2008
    Location
    Essex
    Posts
    554
    Thank Post
    105
    Thanked 23 Times in 21 Posts
    Rep Power
    17
    server is called srv-dc1 this is the problem one, doesnt have to be just like to have dc1,dc2,dc3

  4. #4
    ChrisH's Avatar
    Join Date
    Jun 2005
    Location
    East Lancs
    Posts
    4,998
    Thank Post
    120
    Thanked 280 Times in 258 Posts
    Rep Power
    106
    As long as you have another healthy DC I would prep another one and transfer or more likely seize any FSMO roles over the other one may have had and then don't turn it on again. You can then remove the account and look at metadata clean up options if needed. Is there a chance the AV is interfering ?

  5. #5

    sparkeh's Avatar
    Join Date
    May 2007
    Posts
    6,729
    Thank Post
    1,271
    Thanked 1,644 Times in 1,100 Posts
    Blog Entries
    22
    Rep Power
    505
    Quote Originally Posted by ChrisH View Post
    Is there a chance the AV is interfering ?
    Took the words out of my mouth. Funnily enough, not long ago I was reading a blog post about Kaspersky stopping DFS replication running.

  6. #6

    sparkeh's Avatar
    Join Date
    May 2007
    Posts
    6,729
    Thank Post
    1,271
    Thanked 1,644 Times in 1,100 Posts
    Blog Entries
    22
    Rep Power
    505
    You might want to check connectivity between the server and target.
    Also read this KB article about lengthening the timeout period for the service to start from 30 secs to see if something is taking a long time to start up (this article is not directly about your issue but does show you how to extend the time services have to start).

  7. #7
    ful56_uk's Avatar
    Join Date
    Mar 2008
    Location
    Essex
    Posts
    554
    Thank Post
    105
    Thanked 23 Times in 21 Posts
    Rep Power
    17
    sorted it, it was a missing reg files that are used to control the vss, restore the missing reg and rebooted and everything is working fine now

  8. #8

    m25man's Avatar
    Join Date
    Oct 2005
    Location
    Romford, Essex
    Posts
    1,621
    Thank Post
    49
    Thanked 451 Times in 334 Posts
    Rep Power
    137
    Missing Registry keys eh?
    I would also suggest that you consider changing all of your admin level account passwords and enable detailed auditing of your event logs.

    I have seen this when an admin level account has been compromised, we saw several Servers systematically destroyed in a single day on one site.

    Who else has rights to delete registry entries....

    Auditing login failures is common but if one of your service accounts has been compromised you need to know when an admin level account logs on to one of your servers without you knowing.

    In our case once advanced auditing was enabled we quickly discovered that an admin level Ranger service account was being used by a backdoor Trojan on a machine used by the network admin!
    Get this, it had no AV installed and was regularly used to surf Russian Websites!!!

    This machine in turn had infected and damaged dozens of others.
    Once an account with admin level privilege is compromised a script kiddie can execute almost anything against anything.

    Eg. SC \\remotecomputer delete newservice binpath= c:\windows\system32\newserv.exe and that's just a text book example, nothing as twisted and complex as they can be.

    These scripts can be automated run by AT commands and be called as payloads by other common parasitic processes and don't think your AV will help you as this will be the first service to be removed!

    Trust no one, especially those user accounts with admin privileges... especially those used rarely. Disable all infrequently used admin level accounts until you know they are safe.

    These exploits can be common payloads for conficker variant infections.

SHARE:
+ Post New Thread

Similar Threads

  1. Batch file for starting stopped services?
    By El_Nombre in forum How do you do....it?
    Replies: 6
    Last Post: 21st October 2010, 07:57 PM
  2. Local Services Vs Cloud Services
    By Skinny in forum How do you do....it?
    Replies: 0
    Last Post: 31st January 2010, 05:28 PM
  3. Replies: 8
    Last Post: 23rd April 2008, 10:33 PM
  4. Starting TCP/IP on XP
    By MrsGrinch in forum Network and Classroom Management
    Replies: 3
    Last Post: 26th March 2008, 04:24 PM
  5. Services Not Starting...
    By RichCowell in forum Windows
    Replies: 6
    Last Post: 17th January 2006, 11:42 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •