[THIN] RE: [THIN] Re: Windows 2k Terminal Server - Accessing InternetPro blems
- From: Spriggs Jon <Jon.Spriggs@xxxxxxxxxxxxxx>
- To: thin@xxxxxxxxxxxxx
- Date: Wed, 1 Sep 2004 09:43:41 +0100
Just thought I'd let people know, having disabled the weekly run of AMO and
changed the weekly temp file removal to daily, the internet seems to have
stayed up over the weekend on the terminal server :) Now all I need is a
weekend where we don't have a bank holiday on the Monday - DOH!
Jon Spriggs
--
The presence of a "Fujitsu" address does not imply or assume that Fujitsu
Services, Fujitsu or any other company containing the Fujitsu name uses or
endorses this product. This email is purely a personal opinion.
-----Original Message-----
From: Jeremy Saunders [mailto:jeremy.saunders@xxxxxxxxxxx]
Sent: 26 August 2004 15:24
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: Windows 2k Terminal Server - Accessing InternetPro blems
Hi Jon,
Not sure that I have much to add, but I always install and run Spybot 1.3
regularly on all Customer sites. It often finds spyware. I know that you
have tried spykiller, but I don't know how good that one is.
I also run BHODemon 2.0 on most terminal servers to help me track down
browser hijacks, that Spybot and anti-virus software may miss, or not
cleanup correctly.
Also check the Add/Remove Programs for foreign programs (Trojans, Adware,
etc) that a user may have accidentally installed.
I know that you say that it's pretty well locked down, but Win2K has plenty
of holes, this is why I use a combination of anti-virus, SpyBot, Google
Toolbar and BHODemon to help keep my Customers servers clean and under my
control.
If it only happens at that time and day, then it's probably not going to be
a user that is causing an issue, as you would think that the problem would
reoccur once the user logs back in after the reboot. I would suggest that
there may be some sort of browser hijack happening.
If you haven't fixed it by Monday, just put the time forward on the server
by a couple of hours. Skip the 7 to 8am time slot and see what happens.
As pointed out by another member, install Firefox on the terminal server and
see if it experiences the same problems next time it occurs.
Always difficult to help with these problems, but I hope that you found this
constructive.
Kind regards,
Jeremy
Jeremy Saunders
Senior Systems Engineer
”ITS - passionate about
winning”
IBM Logicalis (Integrated
Technology Services)
Level 2, 1060 Hay Street
West Perth, WA 6005, AUSTRALIA
Phone: 132 426 Fax: ; 08 9261 8536
Mobile: TBA E-mail:
jeremy.saunders@xxxxxxxxxxx
Spriggs Jon
<Jon.Spriggs@xxxx
ujitsu.com> To
thin@xxxxxxxxxxxxx
26/08/2004 03:30 cc
PM
Subject
[THIN] Re: Windows 2k Terminal
Please respond to Server - Accessing InternetPro
thin blems
This is a box where most functions are locked down. Other users on the same
network scope are able to access the proxy successfully, network traffic is
not huge, and is about the same as every other day. The proxy is not used
for accessing the corporate intranet (set by group policy), so that doesn't
explain why they can't access the intranet. Backups are done by tape at the
machine. Hmmmmm. Looks like it'll be a combination of traffic monitor,
file-access-monitor and registry monitor. Great :)
Looks like I've got until the weekend to work it out :)
Jon Spriggs
--
The presence of a "Fujitsu" address does not imply or assume that Fujitsu
Services, Fujitsu or any other company containing the Fujitsu name uses or
endorses this product. This email is purely a personal opinion.
-----Original Message-----
From: Nick Smith [mailto:nick@xxxxxxxxxxxxxxx]
Sent: 25 August 2004 17:27
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: Windows 2k Terminal Server - Accessing InternetProblems
Silly question , but you mention you are running a Proxy: Proxies can be set
up to allow/disallow based on time: maybe soomeon has disallowed your server
(Or it's IP range)? IS there maybe a backup or other large data trasnfer
going across the web at that time? Maybe everyone doing an autoupdate? Nick
-----Original Message-----
From: Andrew Rogers [mailto:Andrew.Rogers@xxxxxxxxxxxxxxxxxx]
Sent: 25 August 2004 15:37
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: Windows 2k Terminal Server - Accessing InternetProblems
It seems odd though that as you said this is a replacement machine for
another one which did the exact same thing.. When the server next dies, you
could try running ethereal or tcpview to see where the server is trying to
connect to?
As someone else said, the contents of the reboot script may be useful.. Try
the server on Saturday, see if IE is dead on that day. And if you wanted to
get really drastic, you could try install firefox/mozilla/opera in the
meantime to let them get on with whatever theyre doing, while you look into
the problem before you restart the server!
Andrew
--o--
>>> Jon.Spriggs@xxxxxxxxxxxxxx 25/08/04 15:09:31 >>>
I've got CA's AMO installed on the machine, and I've just disabled the two
weekly tasks that it runs. I had a daily task that I installed which
rebooted the machine at 6:55 daily, which I put in place after the fault
started happening... that's been disabled. There is also a weekly batch file
which deletes the temporary internet files. I've changed this so it runs
daily, so I'll be able to see tomorrow if it's that at fault - but it
doesn't appear so as the task seems to finish OK.
I've just finished running a spyware checker (spykiller) and I've run an AV
scan (no viral activity). All it came back with was a series of cookies and
jpg images... so, I'm guessing that it's not going to be that then...
Hmmmm.
Jon Spriggs
--
The presence of a "Fujitsu" address does not imply or assume that Fujitsu
Services, Fujitsu or any other company containing the Fujitsu name uses or
endorses this product. This email is purely a personal opinion.
-----Original Message-----
From: Jason Miller [mailto:JMiller@xxxxxxxxxxxxxxx]
Sent: 25 August 2004 14:15
To: 'thin@xxxxxxxxxxxxx'
Subject: [THIN] Re: Windows 2k Terminal Server - Accessing Internet Pr
oblems
Just a thought:
Since this is happening routinely at a specific time on a specific day, I'd
look into any type of automated tasks that could be running also. You never
know what you may find.
-----Original Message-----
From: Arthur Reyes [mailto:artadmin@xxxxxxxxxxxxx]
Sent: Wednesday, August 25, 2004 6:17 AM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: Windows 2k Terminal Server - Accessing Internet Problems
It does sound like spyware to me as well. What is running on server
startup? As a stop gap/test, try using a hosts file to block external
ad/spy sites.
If it keeps your server up one day, using the hosts file may confirm this.
I've been getting mine from here:
http://www.accs-net.com/hosts/get_hosts.html
But these sites are also nice linked.
http://cexx.org/neuter.htm
http://www.mvps.org/winhelp2002/hosts.htm
<http://www.mvps.org/winhelp2002/hosts.htm>
_____
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf
Of Spriggs Jon
Sent: Wednesday, August 25, 2004 3:12 AM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Windows 2k Terminal Server - Accessing Internet Problems
Hi,
Can anyone help me? I have a Windows 2000 Advanced Server with Terminal
Services where every Monday between 7am and 8am its preventing my users from
accessing the internet. A reboot seems to solve it once it's happened, but a
reboot an hour before (6am) doesn't stop it from happening.
Short of running Snort on the server and some form of keylogger to see what
all the users are doing (which I don't think they'd be happy about), I'm
stumped as to what I can do next.
Any suggestions?
Jon Spriggs
--
The presence of a "Fujitsu" address does not imply or assume that Fujitsu
Services, Fujitsu or any other company containing the Fujitsu name uses or
endorses this product. This email is purely a personal opinion.
********************************************************
This Weeks Sponsor RTO Software
Do you know which applications are abusing your CPU and memory?
Would you like to learn? -- Free for a limited time!
Get the RTO Performance Analyzer to quickly learn the applications, users,
and time of day possible problems exist.
http://www.rtosoft.com/enter.asp?id20
**********************************************************
Useful Thin Client Computing Links are available at:
http://thin.net/links.cfm
***********************************************************
For Archives, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
http://thin.net/citrixlist.cfm
********************************************************
This Weeks Sponsor RTO Software
Do you know which applications are abusing your CPU and memory?
Would you like to learn? -- Free for a limited time!
Get the RTO Performance Analyzer to quickly learn the applications, users,
and time of day possible problems exist.
http://www.rtosoft.com/enter.asp?id20
**********************************************************
Useful Thin Client Computing Links are available at:
http://thin.net/links.cfm
***********************************************************
For Archives, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
http://thin.net/citrixlist.cfm
********************************************************
This Weeks Sponsor RTO Software
Do you know which applications are abusing your CPU and memory?
Would you like to learn? -- Free for a limited time!
Get the RTO Performance Analyzer to quickly learn the applications, users,
and time of day possible problems exist.
http://www.rtosoft.com/enter.asp?id=320
**********************************************************
Useful Thin Client Computing Links are available at:
http://thin.net/links.cfm
***********************************************************
For Archives, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
http://thin.net/citrixlist.cfm
N�Y礱*h+E3ᔒpj*.ᮒz0�ᓜi'�*'ix2
=Fvg]nGWqky b+^vئxg�L�+왩x
ڗ,ޮ*ʺ'$)^jͅXjبˬz�b᧙�uꬩ"nWʩzk�c+-ih0shr㉿z{^)�E,yN�
XШx
y,ji^jm࠶�ঢ়)ı�ᩊb-It�&J rzz -Zqbyuz ^mh,X�m)zl܊�Xࠬ
********************************************************
This Weeks Sponsor triCerat:
Have you had your fill of printing support calls, unauthorized apps running on
unsecured Terminal Servers, profile headaches, and application performance
problems? Join us and learn how you can have a less demanding on-demand
enterprise!
http://www.tricerat.com/?page=events#register
**********************************************************
Useful Thin Client Computing Links are available at:
http://thin.net/links.cfm
***********************************************************
For Archives, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
http://thin.net/citrixlist.cfm
Other related posts:
- » [THIN] RE: [THIN] Re: Windows 2k Terminal Server - Accessing InternetPro blems
