Re: Can't read event logs on Win2003 server
From: David Wang [Msft] (someone_at_online.microsoft.com)
Date: 11/19/03
- Next message: darkrats: "Re: Firewall/Anti-virus products for Windows 2003 server"
- Previous message: Joao S Cardoso [MVP]: "Pointers needed for File access audit"
- In reply to: Arch Willingham: "Re: Can't read event logs on Win2003 server"
- Next in thread: Arch Willingham: "Re: Can't read event logs on Win2003 server"
- Reply: Arch Willingham: "Re: Can't read event logs on Win2003 server"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 19 Nov 2003 02:41:14 -0800
So, to be certain:
- You do not have problems reading the event log, etc, when you log on to
the DC itself
- You have problems when you are on a remote machine and try to "manage" it.
The only common thing that I see between all your failures is that they
require DCOM on the server. I do not know what ports DCOM and RPC uses, but
they're the same one that the Blaster worm would attack... so maybe your
network itself blocking those ports, hence remote access fails but local
access succeeds.
I really have no more ideas after this.
-- //David IIS This posting is provided "AS IS" with no warranties, and confers no rights. // "Arch Willingham" <arch@tuparks.com> wrote in message news:Ohj7p5erDHA.2628@TK2MSFTNGP09.phx.gbl... 1. Yes on the RemoteRegistry server. 2. Uh...I can run Dcomcnfg.exe...does that mean DCOM is running??? How do I know which ports it is using (or is supposed to use)? 3. The service "Remote Procedure Call (RPC)" is running but ditto on the question on the ports...which does it use and which should be open? Arch "David Wang [Msft]" <someone@online.microsoft.com> wrote in message news:eNpR$EBrDHA.2536@tk2msftngp13.phx.gbl... > Is DCOM and RCP enabled/working on your machine, and are their ports open? > Is RemoteRegistry service enabled (for MBSA) ? > Do you know how this W2K DC was locked down in the past? > > Otherwise, I really am out of ideas, so if you want issue resolution, you > should call MS PSS Support. I think you have some fundamental service or > permission disabled, and it was preserved across the upgrade, hence causing > your present issues. > > -- > //David > IIS > This posting is provided "AS IS" with no warranties, and confers no rights. > // > "Arch Willingham" <arch@tuparks.com> wrote in message > news:OrRTsh8qDHA.1496@TK2MSFTNGP11.phx.gbl... > Yep...its running. > > > "David Wang [Msft]" <someone@online.microsoft.com> wrote in message > news:%23dmY0s3qDHA.2000@TK2MSFTNGP09.phx.gbl... > > Hmm, I'm not certain why, then. > > > > Can you check in the Services applet whether the "Event Log" service is > > running? > > > > -- > > //David > > IIS > > This posting is provided "AS IS" with no warranties, and confers no > rights. > > // > > "Arch Willingham" <arch@tuparks.com> wrote in message > > news:eVvwkBvqDHA.3732@tk2msftngp13.phx.gbl... > > If the firewall is the service called "Internet Connection Firewall (ICF) > / > > Internet Connection Sharing (ICS)", then nope..its not turned on...would > it > > be called another name? > > > > Arch > > > > "David Wang [Msft]" <someone@online.microsoft.com> wrote in message > > news:OvaHbIPqDHA.1632@TK2MSFTNGP10.phx.gbl... > > > What I mean to ask is -- is the Firewall in Windows Server 2003 turned > on > > > somehow? > > > > > > I'm not certain of what else, but what it sounds like is that you have a > > > single service that is not running on Windows Server 2003 when you need > it > > > to be running to provide the necessary functionality. I've found > machines > > > with RPCSS (the target of Blaster) stopped to behave quite weirdly in > > > similar manner. > > > > > > -- > > > //David > > > IIS > > > This posting is provided "AS IS" with no warranties, and confers no > > rights. > > > // > > > "Arch Willingham" <arch@tuparks.com> wrote in message > > > news:uJu9DdJqDHA.2000@TK2MSFTNGP10.phx.gbl... > > > Nope...they are all on the same subnet. Prior to converting the machine, > a > > > domain admin could do all of the above. Once upgraded, no one (including > > > Enterprise Admin) and do any of the above.....in the words of Chris > > > Rock..."That ain't right".<G> > > > > > > Arch > > > > > > "David Wang [Msft]" <someone@online.microsoft.com> wrote in message > > > news:%23TkKbwzpDHA.644@TK2MSFTNGP11.phx.gbl... > > > > That actually sounds like good behavior to me. :-) > > > > > > > > Maybe you have a firewall blocking ports somewhere? > > > > > > > > -- > > > > //David > > > > IIS > > > > This posting is provided "AS IS" with no warranties, and confers no > > > rights. > > > > // > > > > "Arch Willingham" <arch@tuparks.com> wrote in message > > > > news:O6VjjAuoDHA.360@TK2MSFTNGP12.phx.gbl... > > > > I upgraded one of DC servers yesterday from Win2000 (sp4) to NET2003. > > > > Everything works great except for two things: > > > > > > > > 1. I cannot use the event viewer to look at the event log on that > server > > > > unless I am logged on to the server (even when logged on as the domain > > > > admin). > > > > 2. If I use MBSA (Baseline Security Analyzer) to check that server, > > every > > > > line says "Check could not be performed because registry could not be > > > > accessed" > > > > 3. If I click "manage" on "my computer" and then connect to that > > computer, > > > > everything I click on results in "System Information > > > > The connection to BLAHBLAH could not be established. Check to see that > > the > > > > network path name is correct, that you have sufficient permission to > > > access > > > > Windows Management Instrumentation, and that the Windows Management > > > > Instrumentation service is started on the computer." > > > > > > > > Any ideas? > > > > > > > > Arch > > > > > > > > > > > > > > > > > > > > > > > > > > > > > >
- Next message: darkrats: "Re: Firewall/Anti-virus products for Windows 2003 server"
- Previous message: Joao S Cardoso [MVP]: "Pointers needed for File access audit"
- In reply to: Arch Willingham: "Re: Can't read event logs on Win2003 server"
- Next in thread: Arch Willingham: "Re: Can't read event logs on Win2003 server"
- Reply: Arch Willingham: "Re: Can't read event logs on Win2003 server"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
