Re: Can't read event logs on Win2003 server
From: Arch Willingham (arch_at_tuparks.com)
Date: 11/19/03
- Next message: Christophe Niel: "Lan manager (Dos) Login on a 2003 file share ?? Impossible?"
- Previous message: Vincent Haakmat [393242]: "ICF problems win Win2003"
- In reply to: David Wang [Msft]: "Re: Can't read event logs on Win2003 server"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 19 Nov 2003 12:04:47 -0500
You are correct on both counts. Very weird!!!
"David Wang [Msft]" <someone@online.microsoft.com> wrote in message
news:uaRvLoorDHA.1744@TK2MSFTNGP12.phx.gbl...
> So, to be certain:
> - You do not have problems reading the event log, etc, when you log on to
> the DC itself
> - You have problems when you are on a remote machine and try to "manage"
it.
>
> The only common thing that I see between all your failures is that they
> require DCOM on the server. I do not know what ports DCOM and RPC uses,
but
> they're the same one that the Blaster worm would attack... so maybe your
> network itself blocking those ports, hence remote access fails but local
> access succeeds.
>
> I really have no more ideas after this.
>
> --
> //David
> IIS
> This posting is provided "AS IS" with no warranties, and confers no
rights.
> //
> "Arch Willingham" <arch@tuparks.com> wrote in message
> news:Ohj7p5erDHA.2628@TK2MSFTNGP09.phx.gbl...
> 1. Yes on the RemoteRegistry server.
> 2. Uh...I can run Dcomcnfg.exe...does that mean DCOM is running??? How do
I
> know which ports it is using (or is supposed to use)?
> 3. The service "Remote Procedure Call (RPC)" is running but ditto on the
> question on the ports...which does it use and which should be open?
>
> Arch
>
>
> "David Wang [Msft]" <someone@online.microsoft.com> wrote in message
> news:eNpR$EBrDHA.2536@tk2msftngp13.phx.gbl...
> > Is DCOM and RCP enabled/working on your machine, and are their ports
open?
> > Is RemoteRegistry service enabled (for MBSA) ?
> > Do you know how this W2K DC was locked down in the past?
> >
> > Otherwise, I really am out of ideas, so if you want issue resolution,
you
> > should call MS PSS Support. I think you have some fundamental service
or
> > permission disabled, and it was preserved across the upgrade, hence
> causing
> > your present issues.
> >
> > --
> > //David
> > IIS
> > This posting is provided "AS IS" with no warranties, and confers no
> rights.
> > //
> > "Arch Willingham" <arch@tuparks.com> wrote in message
> > news:OrRTsh8qDHA.1496@TK2MSFTNGP11.phx.gbl...
> > Yep...its running.
> >
> >
> > "David Wang [Msft]" <someone@online.microsoft.com> wrote in message
> > news:%23dmY0s3qDHA.2000@TK2MSFTNGP09.phx.gbl...
> > > Hmm, I'm not certain why, then.
> > >
> > > Can you check in the Services applet whether the "Event Log" service
is
> > > running?
> > >
> > > --
> > > //David
> > > IIS
> > > This posting is provided "AS IS" with no warranties, and confers no
> > rights.
> > > //
> > > "Arch Willingham" <arch@tuparks.com> wrote in message
> > > news:eVvwkBvqDHA.3732@tk2msftngp13.phx.gbl...
> > > If the firewall is the service called "Internet Connection Firewall
> (ICF)
> > /
> > > Internet Connection Sharing (ICS)", then nope..its not turned
on...would
> > it
> > > be called another name?
> > >
> > > Arch
> > >
> > > "David Wang [Msft]" <someone@online.microsoft.com> wrote in message
> > > news:OvaHbIPqDHA.1632@TK2MSFTNGP10.phx.gbl...
> > > > What I mean to ask is -- is the Firewall in Windows Server 2003
turned
>
> > on
> > > > somehow?
> > > >
> > > > I'm not certain of what else, but what it sounds like is that you
have
> a
> > > > single service that is not running on Windows Server 2003 when you
> need
> > it
> > > > to be running to provide the necessary functionality. I've found
> > machines
> > > > with RPCSS (the target of Blaster) stopped to behave quite weirdly
in
> > > > similar manner.
> > > >
> > > > --
> > > > //David
> > > > IIS
> > > > This posting is provided "AS IS" with no warranties, and confers no
> > > rights.
> > > > //
> > > > "Arch Willingham" <arch@tuparks.com> wrote in message
> > > > news:uJu9DdJqDHA.2000@TK2MSFTNGP10.phx.gbl...
> > > > Nope...they are all on the same subnet. Prior to converting the
> machine,
> > a
> > > > domain admin could do all of the above. Once upgraded, no one
> (including
> > > > Enterprise Admin) and do any of the above.....in the words of Chris
> > > > Rock..."That ain't right".<G>
> > > >
> > > > Arch
> > > >
> > > > "David Wang [Msft]" <someone@online.microsoft.com> wrote in message
> > > > news:%23TkKbwzpDHA.644@TK2MSFTNGP11.phx.gbl...
> > > > > That actually sounds like good behavior to me. :-)
> > > > >
> > > > > Maybe you have a firewall blocking ports somewhere?
> > > > >
> > > > > --
> > > > > //David
> > > > > IIS
> > > > > This posting is provided "AS IS" with no warranties, and confers
no
> > > > rights.
> > > > > //
> > > > > "Arch Willingham" <arch@tuparks.com> wrote in message
> > > > > news:O6VjjAuoDHA.360@TK2MSFTNGP12.phx.gbl...
> > > > > I upgraded one of DC servers yesterday from Win2000 (sp4) to
> NET2003.
> > > > > Everything works great except for two things:
> > > > >
> > > > > 1. I cannot use the event viewer to look at the event log on that
> > server
> > > > > unless I am logged on to the server (even when logged on as the
> domain
> > > > > admin).
> > > > > 2. If I use MBSA (Baseline Security Analyzer) to check that
server,
> > > every
> > > > > line says "Check could not be performed because registry could not
> be
> > > > > accessed"
> > > > > 3. If I click "manage" on "my computer" and then connect to that
> > > computer,
> > > > > everything I click on results in "System Information
> > > > > The connection to BLAHBLAH could not be established. Check to see
> that
> > > the
> > > > > network path name is correct, that you have sufficient permission
to
> > > > access
> > > > > Windows Management Instrumentation, and that the Windows
Management
> > > > > Instrumentation service is started on the computer."
> > > > >
> > > > > Any ideas?
> > > > >
> > > > > Arch
> > > > >
> > > > >
> > > > >
> > > >
> > > >
> > > >
> > >
> > >
> > >
> >
> >
> >
>
>
>
- Next message: Christophe Niel: "Lan manager (Dos) Login on a 2003 file share ?? Impossible?"
- Previous message: Vincent Haakmat [393242]: "ICF problems win Win2003"
- In reply to: David Wang [Msft]: "Re: Can't read event logs on Win2003 server"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
