[THIN] Re: Windows 2k Terminal Server - Accessing Internet Problems
- From: "Andrew Rogers" <Andrew.Rogers@xxxxxxxxxxxxxxxxxx>
- To: <thin@xxxxxxxxxxxxx>
- Date: Wed, 25 Aug 2004 10:58:17 +0100
snort wont be what you want, thats an intrusion detection system (assuming its
the same thing we're talking about!)
Try something like adaware or spybot search & destroy (this ones free). Could
also try having a look at process explorer from sysinternals, and seeing if
theres any odd looking processes knocking about. Give the ol gal a full virus
scan too, to be on the safe side :)
Andrew
--o--
>>> Jon.Spriggs@xxxxxxxxxxxxxx 25/08/04 10:51:33 >>>
"what happens after that time, or do you mean that it breaks at that time
and stays broken til next reboot? and presumably it affects any user on the
server at the time, ie another user logs in after its broken and its still
broke?"
As it's a server-in-use, if it's broken for too long, then the users start
to complain! It's been down for approx. 1 hour before someone's rebooted it
before, and yes - each user who logs in opens IE, and then IE locks.
"perhaps something interacting with it - could potentially be spyware?"
This was why I thought of running something like snort on the box, to
identify if it's trying to talk to anything - perhaps matching that up
against a process list of some description? This box is only designed to run
two applications... IE and a client to a small off-machine SQL database. The
database never has any problems (although I'm checking that out as well as
at 7am, there isn't going to be much activity on it).
Jon Spriggs
--
The presence of a "Fujitsu" address does not imply or assume that Fujitsu
Services, Fujitsu or any other company containing the Fujitsu name uses or
endorses this product. This email is purely a personal opinion.
-----Original Message-----
From: Andrew Rogers [mailto:Andrew.Rogers@xxxxxxxxxxxxxxxxxx]
Sent: 25 August 2004 10:34
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: Windows 2k Terminal Server - Accessing Internet Problems
Hmm, I was going to say look at the switch, but then sense came back to me,
and realised this is a TS server :)
I'd say try and grab something which will show you whats installed in IE..
If the TS sessions themselves are unaffected, and you can use the same proxy
from another machine, then fingers are pointing at IE, or perhaps something
interacting with it - could potentially be spyware? but it seems odd that
its only at that time in the morning!
what happens after that time, or do you mean that it breaks at that time and
stays broken til next reboot? and presumably it affects any user on the
server at the time, ie another user logs in after its broken and its still
broke?
Andrew
--o--
>>> Jon.Spriggs@xxxxxxxxxxxxxx 25/08/04 10:10:17 >>>
The users get no error messages, the browser locks up, part way through
loading the internal intranet. I'm able to access pages OK through the proxy
from a standalone machine. I'm also able to access the terminal server OK
from my machine. The browser locks up for me as well though when I try and
open it. I've not tested ping, telnet etc., although I'll check those out
this coming Monday.
Another interesting fact with this fault is that the machine that is there
now was the replacement for another machine that was doing exactly the same
thing - between 7 and 8 on Monday Morning, it'd lock out the browser.
At that time in the morning, I've got maybe 5 users on the machine.
Jon Spriggs
--
The presence of a "Fujitsu" address does not imply or assume that Fujitsu
Services, Fujitsu or any other company containing the Fujitsu name uses or
endorses this product. This email is purely a personal opinion.
-----Original Message-----
From: Andrew Rogers [mailto:Andrew.Rogers@xxxxxxxxxxxxxxxxxx]
Sent: 25 August 2004 09:36
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: Windows 2k Terminal Server - Accessing Internet Problems
what errors do the users on the server get when they try and access the
internet? do they go through a proxy? can you try other internet apps (ping,
telnet, tracert, etc) ?
Andrew
--o--
>>> Jon.Spriggs@xxxxxxxxxxxxxx 25/08/04 09:12:03 >>>
Hi,
Can anyone help me? I have a Windows 2000 Advanced Server with Terminal
Services where every Monday between 7am and 8am its preventing my users from
accessing the internet. A reboot seems to solve it once it's happened, but a
reboot an hour before (6am) doesn't stop it from happening.
Short of running Snort on the server and some form of keylogger to see what
all the users are doing (which I don't think they'd be happy about), I'm
stumped as to what I can do next.
Any suggestions?
Jon Spriggs
--
The presence of a "Fujitsu" address does not imply or assume that Fujitsu
Services, Fujitsu or any other company containing the Fujitsu name uses or
endorses this product. This email is purely a personal opinion.
********************************************************
This Weeks Sponsor RTO Software
Do you know which applications are abusing your CPU and memory?
Would you like to learn? -- Free for a limited time!
Get the RTO Performance Analyzer to quickly learn the applications, users,
and time of day possible problems exist.
http://www.rtosoft.com/enter.asp?id20
**********************************************************
Useful Thin Client Computing Links are available at:
http://thin.net/links.cfm
***********************************************************
For Archives, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
http://thin.net/citrixlist.cfm
********************************************************
This Weeks Sponsor RTO Software
Do you know which applications are abusing your CPU and memory?
Would you like to learn? -- Free for a limited time!
Get the RTO Performance Analyzer to quickly learn the applications, users,
and time of day possible problems exist.
http://www.rtosoft.com/enter.asp?id=320
**********************************************************
Useful Thin Client Computing Links are available at:
http://thin.net/links.cfm
***********************************************************
For Archives, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
http://thin.net/citrixlist.cfm
********************************************************
This Weeks Sponsor RTO Software
Do you know which applications are abusing your CPU and memory?
Would you like to learn? -- Free for a limited time!
Get the RTO Performance Analyzer to quickly learn the applications, users,
and time of day possible problems exist.
http://www.rtosoft.com/enter.asp?id20
**********************************************************
Useful Thin Client Computing Links are available at:
http://thin.net/links.cfm
***********************************************************
For Archives, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
http://thin.net/citrixlist.cfm
********************************************************
This Weeks Sponsor RTO Software
Do you know which applications are abusing your CPU and memory?
Would you like to learn? -- Free for a limited time!
Get the RTO Performance Analyzer to quickly learn the applications,
users, and time of day possible problems exist.
http://www.rtosoft.com/enter.asp?id=320
**********************************************************
Useful Thin Client Computing Links are available at:
http://thin.net/links.cfm
***********************************************************
For Archives, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
http://thin.net/citrixlist.cfm
********************************************************
This Weeks Sponsor RTO Software
Do you know which applications are abusing your CPU and memory?
Would you like to learn? -- Free for a limited time!
Get the RTO Performance Analyzer to quickly learn the applications,
users, and time of day possible problems exist.
http://www.rtosoft.com/enter.asp?id20
**********************************************************
Useful Thin Client Computing Links are available at:
http://thin.net/links.cfm
***********************************************************
For Archives, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
http://thin.net/citrixlist.cfm
Other related posts:
