On 6/1 our database, which is run on the Windows 2000 Server - allowed no access to 2 employees who are able to access under their user names. It's a windows based database, have used it since 2002, with no major issues.
When they weren't able to log in they shut the Server down as well as the 2 computers networked to it. After everything coming up - the SQL was started on the server, which is what allows the 2 computers to log into the customer database. Both user's that were trying to log in before the reboot - now had a an invalid login name to the database. The only users that weren't affected by this were the other 3 that have the customer database access.
Both computers logged on to windows fine, were seeing the server & able to open up anything else that is networked (MS Word, Excel, ect..) files.
Needless to say I was not at the office when this was happening so my user name & password was fine, which is what one of them used to log in. Since 6/1 - I have had to re-create both of their users names (complete new set up as if they were never inupt in the system) - both their names are still there, but not registering. For the next few days while working in the database - started noticing glitches (COA's duplicating, batching appts (which the data does auto once you complete an appt - taking on a mind of it's own - it was taking old batches from say 4/5 months ago & putting invoice/rcpts/appt completed in an entirely different batch) - that not only messes up the accounting part of it, but also changes the customer service dates on a date that we did not have some service them) - As I researched more w/the logs from the server & 2 connecting systems - I noticed some strange things not seen before. There are many differnt logs associated with this problem, but the one I found most recently on a the computer (drive) & not logged anywhere on the server drive is ....
Any help at this point would be greatly appreciated. The log below is from that one computer -- since I found that (temporarily I have shut that computer down - just to rule it out as the problem or should I say any further problems till the software techs can fix our database) -- The other logs, which I'm not going to attach have been looked at by our IT guy & by the software people. As of right now the IT guy says our systems are virus free, no errors to be concerned with ect... (said the errors the server was showing was due to a power failure over the weekend at some point & the battery backups not holding on as long as the power was out) -- The software people said from the database log (at first yes, it was a possibility the index's could have been shifted with a surge or failure, rare, but they have seen it) - Easy fix they said if that was the problem - when logging into our system - they copied our entire db so they could try it on their end 1st - Tried several times & at the end of re-doing the index's it gives them an Error & won't let them do it. This has been since Monday that they have been working on it & they are now worried about possibly not being able to transfer files either into an upgraded version or overwrite what they have yet to see this db do.
Regarding the customer backups which has been done on a Maxtor external hd - it's screwed - when the IT guy came by - he went to pull our backups to just get a good copy - all backups for the past say 6/8 months never backed up. Don't know why - no answers there - so as of right now we have a backup from last week when he was out there & did one, but it's corrupt. The server & the computers lost almost all history/logs when this occured. The database did too - as far as beyond a certain time frame.
Sorry, for the length of this - I'ts just not a good thing right now & hoping...
Again, any other logs just let me know. Also, this Symantec you see on here is another unexplainable issue - IT said we don't need Norton on their since both computers had it & those were run daily & could be set to check the server files if needed. The old version on the server when he looked at it - was disabled (it was never upgraded on their) - but according the log it was being checked approx 3 days (which according to him had to be done manually)... This is where the log shows from the one computer only.. The name at the end is the woman who originally purchased the server, which is why her name is embedded in it.
To help to w/what is what...
The Server's name is Gardens-Server
The 1st Computers Name is Monique
The 2nd Computers Name is Mo (this log is from the Mo computer) -
And again, all other computers in office are in no way linked or attached to this server.
Event Type: Success Audit
Event Source: Security
Event Category: Detailed Tracking
Event ID: 592
Date: 6/1/2009
Time: 8:11:47 AM
User: NT AUTHORITY\SYSTEM
Computer: GARDEN-SERVER
Description:
A new process has been created:
New Process ID: 724
Image File Name: \PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
Creator Process ID: 220
User Name: GARDEN-SERVER$
Domain: GARDENS
Logon ID: (0x0,0x3E7)
Event Type: Success Audit
Event Source: Security
Event Category: System Event
Event ID: 515
Date: 6/1/2009
Time: 8:11:46 AM
User: NT AUTHORITY\SYSTEM
Computer: GARDEN-SERVER
Description:
A trusted logon process has registered with the Local Security Authority. This logon process will be trusted to submit logon requests.
Logon Process Name: Protected Storage Service
Event Type: Success Audit
Event Source: Security
Event Category: System Event
Event ID: 515
Date: 6/1/2009
Time: 8:11:46 AM
User: NT AUTHORITY\SYSTEM
Computer: GARDEN-SERVER
Description:
A trusted logon process has registered with the Local Security Authority. This logon process will be trusted to submit logon requests.
Logon Process Name: LAN Manager Workstation Service
Event Type: Success Audit
Event Source: Security
Event Category: Detailed Tracking
Event ID: 592
Date: 6/1/2009
Time: 8:11:45 AM
User: NT AUTHORITY\SYSTEM
Computer: GARDEN-SERVER
Description:
A new process has been created:
New Process ID: 628
Image File Name: \WINNT\system32\svchost.exe
Creator Process ID: 220
User Name: GARDEN-SERVER$
Domain: GARDENS
Logon ID: (0x0,0x3E7)
Event Type: Success Audit
Event Source: Security
Event Category: Detailed Tracking
Event ID: 592
Date: 6/1/2009
Time: 8:11:44 AM
User: NT AUTHORITY\SYSTEM
Computer: GARDEN-SERVER
Description:
A new process has been created:
New Process ID: 592
Image File Name: \WINNT\system32\spoolsv.exe
Creator Process ID: 220
User Name: GARDEN-SERVER$
Domain: GARDENS
Logon ID: (0x0,0x3E7)
Event Type: Success Audit
Event Source: Security
Event Category: Detailed Tracking
Event ID: 592
Date: 6/1/2009
Time: 8:11:43 AM
User: NT AUTHORITY\SYSTEM
Computer: GARDEN-SERVER
Description:
A new process has been created:
New Process ID: 460
Image File Name: \Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE
Creator Process ID: 220
User Name: GARDEN-SERVER$
Domain: GARDENS
Logon ID: (0x0,0x3E7)
Event Type: Success Audit
Event Source: Security
Event Category: Detailed Tracking
Event ID: 592
Date: 6/1/2009
Time: 8:11:42 AM
User: NT AUTHORITY\SYSTEM
Computer: GARDEN-SERVER
Description:
A new process has been created:
New Process ID: 432
Image File Name: \Program Files\Common Files\Symantec Shared\CCSETMGR.EXE
Creator Process ID: 220
User Name: GARDEN-SERVER$
Domain: GARDENS
Logon ID: (0x0,0x3E7)
Event Type: Success Audit
Event Source: Security
Event Category: Privilege Use
Event ID: 577
Date: 6/1/2009
Time: 8:11:42 AM
User: NT AUTHORITY\SYSTEM
Computer: GARDEN-SERVER
Description:
Privileged Service Called:
Server: NT Local Security Authority / Authentication Service
Service: LsaRegisterLogonProcess()
Primary User Name: GARDEN-SERVER$
Primary Domain: GARDENS
Primary Logon ID: (0x0,0x3E7)
Client User Name: GARDEN-SERVER$
Client Domain: GARDENS
Client Logon ID: (0x0,0x3E7)
Privileges: SeTcbPrivilege
Event Type: Success Audit
Event Source: Security
Event Category: System Event
Event ID: 515
Date: 6/1/2009
Time: 8:11:42 AM
User: NT AUTHORITY\SYSTEM
Computer: GARDEN-SERVER
Description:
A trusted logon process has registered with the Local Security Authority. This logon process will be trusted to submit logon requests.
Logon Process Name: DCOMSCM
Event Type: Success Audit
Event Source: Security
Event Category: Privilege Use
Event ID: 577
Date: 6/1/2009
Time: 8:11:41 AM
User: NT AUTHORITY\SYSTEM
Computer: GARDEN-SERVER
Description:
Privileged Service Called:
Server: NT Local Security Authority / Authentication Service
Service: LsaRegisterLogonProcess()
Primary User Name: GARDEN-SERVER$
Primary Domain: GARDENS
Primary Logon ID: (0x0,0x3E7)
Client User Name: GARDEN-SERVER$
Client Domain: GARDENS
Client Logon ID: (0x0,0x3E7)
Privileges: SeTcbPrivilege
Event Type: Success Audit
Event Source: Security
Event Category: Detailed Tracking
Event ID: 592
Date: 6/1/2009
Time: 8:11:41 AM
User: NT AUTHORITY\SYSTEM
Computer: GARDEN-SERVER
Description:
A new process has been created:
New Process ID: 404
Image File Name: \WINNT\system32\svchost.exe
Creator Process ID: 220
User Name: GARDEN-SERVER$
Domain: GARDENS
Logon ID: (0x0,0x3E7)
Event Type: Success Audit
Event Source: Security
Event Category: Privilege Use
Event ID: 577
Date: 6/1/2009
Time: 8:11:41 AM
User: NT AUTHORITY\SYSTEM
Computer: GARDEN-SERVER
Description:
Privileged Service Called:
Server: NT Local Security Authority / Authentication Service
Service: LsaRegisterLogonProcess()
Primary User Name: GARDEN-SERVER$
Primary Domain: GARDENS
Primary Logon ID: (0x0,0x3E7)
Client User Name: GARDEN-SERVER$
Client Domain: GARDENS
Client Logon ID: (0x0,0x3E7)
Privileges: SeTcbPrivilege
Event Type: Success Audit
Event Source: Security
Event Category: System Event
Event ID: 518
Date: 6/1/2009
Time: 8:11:41 AM
User: NT AUTHORITY\SYSTEM
Computer: GARDEN-SERVER
Description:
An notification package has been loaded by the Security Account Manager. This package will be notified of any account or password changes.
Notification Package Name: scecli
Event Type: Success Audit
Event Source: Security
Event Category: System Event
Event ID: 515
Date: 6/1/2009
Time: 8:11:41 AM
User: NT AUTHORITY\SYSTEM
Computer: GARDEN-SERVER
Description:
A trusted logon process has registered with the Local Security Authority. This logon process will be trusted to submit logon requests.
Logon Process Name: KSecDD
Event Type: Success Audit
Event Source: Security
Event Category: Privilege Use
Event ID: 577
Date: 6/1/2009
Time: 8:11:41 AM
User: NT AUTHORITY\SYSTEM
Computer: GARDEN-SERVER
Description:
Privileged Service Called:
Server: NT Local Security Authority / Authentication Service
Service: LsaRegisterLogonProcess()
Primary User Name: GARDEN-SERVER$
Primary Domain: GARDENS
Primary Logon ID: (0x0,0x3E7)
Client User Name: GARDEN-SERVER$
Client Domain: GARDENS
Client Logon ID: (0x0,0x3E7)
Privileges: SeTcbPrivilege
Event Type: Success Audit
Event Source: Security
Event Category: Policy Change
Event ID: 612
Date: 6/1/2009
Time: 8:11:41 AM
User: NT AUTHORITY\SYSTEM
Computer: GARDEN-SERVER
Description:
Audit Policy Change:
New Policy:
Success Failure
+ + Logon/Logoff
+ + Object Access
+ + Privilege Use
+ + Account Management
+ + Policy Change
+ + System
+ + Detailed Tracking
+ + Directory Service Access
+ + Account Logon
Changed By:
User Name: GARDEN-SERVER$
Domain Name: GARDENS
Logon ID: (0x0,0x3E7)
Event Type: Success Audit
Event Source: Security
Event Category: Privilege Use
Event ID: 577
Date: 6/1/2009
Time: 8:11:41 AM
User: NT AUTHORITY\SYSTEM
Computer: GARDEN-SERVER
Description:
Privileged Service Called:
Server: NT Local Security Authority / Authentication Service
Service: LsaRegisterLogonProcess()
Primary User Name: GARDEN-SERVER$
Primary Domain: GARDENS
Primary Logon ID: (0x0,0x3E7)
Client User Name: GARDEN-SERVER$
Client Domain: GARDENS
Client Logon ID: (0x0,0x3E7)
Privileges: SeTcbPrivilege
Event Type: Success Audit
Event Source: Security
Event Category: System Event
Event ID: 515
Date: 6/1/2009
Time: 8:11:41 AM
User: NT AUTHORITY\SYSTEM
Computer: GARDEN-SERVER
Description:
A trusted logon process has registered with the Local Security Authority. This logon process will be trusted to submit logon requests.
Logon Process Name: Service Control Manager
Event Type: Success Audit
Event Source: Security
Event Category: System Event
Event ID: 515
Date: 6/1/2009
Time: 8:11:41 AM
User: NT AUTHORITY\SYSTEM
Computer: GARDEN-SERVER
Description:
A trusted logon process has registered with the Local Security Authority. This logon process will be trusted to submit logon requests.
Logon Process Name: Winlogon\MSGina
Event Type: Success Audit
Event Source: Security
Event Category: Privilege Use
Event ID: 577
Date: 6/1/2009
Time: 8:11:41 AM
User: NT AUTHORITY\SYSTEM
Computer: GARDEN-SERVER
Description:
Privileged Service Called:
Server: NT Local Security Authority / Authentication Service
Service: LsaRegisterLogonProcess()
Primary User Name: GARDEN-SERVER$
Primary Domain: GARDENS
Primary Logon ID: (0x0,0x3E7)
Client User Name: GARDEN-SERVER$
Client Domain: GARDENS
Client Logon ID: (0x0,0x3E7)
Privileges: SeTcbPrivilege
Event Type: Success Audit
Event Source: Security
Event Category: Detailed Tracking
Event ID: 592
Date: 6/1/2009
Time: 6:06:00 AM
User: NT AUTHORITY\SYSTEM
Computer: GARDEN-SERVER
Description:
A new process has been created:
New Process ID: 1156
Image File Name: \Program Files\Symantec\LiveUpdate\NDETECT.EXE
Creator Process ID: 784
User Name: GARDEN-SERVER$
Domain: GARDENS
Logon ID: (0x0,0x3E7)
Event Type: Success Audit
Event Source: Security
Event Category: Detailed Tracking
Event ID: 592
Date: 6/1/2009
Time: 6:06:00 AM
User: NT AUTHORITY\SYSTEM
Computer: GARDEN-SERVER
Description:
A new process has been created:
New Process ID: 916
Image File Name: \Program Files\Symantec\LiveUpdate\AUPDATE.EXE
Creator Process ID: 1156
User Name: GARDEN-SERVER$
Domain: GARDENS
Logon ID: (0x0,0x3E7)
Event Type: Success Audit
Event Source: Security
Event Category: Detailed Tracking
Event ID: 592
Date: 6/1/2009
Time: 6:06:10 AM
User: NT AUTHORITY\SYSTEM
Computer: GARDEN-SERVER
Description:
A new process has been created:
New Process ID: 1556
Image File Name: \PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
Creator Process ID: 396
User Name: GARDEN-SERVER$
Domain: GARDENS
Logon ID: (0x0,0x3E7)
Event Type: Success Audit
Event Source: Security
Event Category: Privilege Use
Event ID: 577
Date: 6/1/2009
Time: 8:08:57 AM
User: GARDEN-SERVER\Debbie Corrente
Computer: GARDEN-SERVER
Description:
Privileged Service Called:
Server: Security
Service: -
Primary User Name: Debbie Corrente
Primary Domain: GARDEN-SERVER
Primary Logon ID: (0x0,0xD93E)
Client User Name: -
Client Domain: -
Client Logon ID: -
Privileges: SeIncreaseBasePriorityPrivilege
Event Type: Success Audit
Event Source: Security
Event Category: Detailed Tracking
Event ID: 592
Date: 6/1/2009
Time: 8:08:57 AM
User: GARDEN-SERVER\Debbie Corrente
Computer: GARDEN-SERVER
Description:
A new process has been created:
New Process ID: 1572
Image File Name: \Program Files\FMC\Smartrak\Main2k.exe
Creator Process ID: 1152
User Name: Debbie Corrente
Domain: GARDEN-SERVER
Logon ID: (0x0,0xD93E)
Event Type: Success Audit
Event Source: Security
Event Category: Privilege Use
Event ID: 577
Date: 6/1/2009
Time: 8:08:57 AM
User: GARDEN-SERVER\Debbie Corrente
Computer: GARDEN-SERVER
Description:
Privileged Service Called:
Server: Security
Service: -
Primary User Name: Debbie Corrente
Primary Domain: GARDEN-SERVER
Primary Logon ID: (0x0,0xD93E)
Client User Name: -
Client Domain: -
Client Logon ID: -
Privileges: SeIncreaseBasePriorityPrivilege
Event Type: Success Audit
Event Source: Security
Event Category: Detailed Tracking
Event ID: 592
Date: 6/1/2009
Time: 8:09:21 AM
User: GARDEN-SERVER\Debbie Corrente
Computer: GARDEN-SERVER
Description:
A new process has been created:
New Process ID: 1156
Image File Name: \WINNT\system32\DRWTSN32.EXE
Creator Process ID: 1572
User Name: Debbie Corrente
Domain: GARDEN-SERVER
Logon ID: (0x0,0xD93E)
Reply With Quote
Bookmarks