Just thought I'd let people know, having disabled the weekly run of AMO and changed the weekly temp file removal to daily, the internet seems to have stayed up over the weekend on the terminal server :) Now all I need is a weekend where we don't have a bank holiday on the Monday - DOH! Jon Spriggs -- The presence of a "Fujitsu" address does not imply or assume that Fujitsu Services, Fujitsu or any other company containing the Fujitsu name uses or endorses this product. This email is purely a personal opinion. -----Original Message----- From: Jeremy Saunders [mailto:jeremy.saunders@xxxxxxxxxxx] Sent: 26 August 2004 15:24 To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: Windows 2k Terminal Server - Accessing InternetPro blems Hi Jon, Not sure that I have much to add, but I always install and run Spybot 1.3 regularly on all Customer sites. It often finds spyware. I know that you have tried spykiller, but I don't know how good that one is. I also run BHODemon 2.0 on most terminal servers to help me track down browser hijacks, that Spybot and anti-virus software may miss, or not cleanup correctly. Also check the Add/Remove Programs for foreign programs (Trojans, Adware, etc) that a user may have accidentally installed. I know that you say that it's pretty well locked down, but Win2K has plenty of holes, this is why I use a combination of anti-virus, SpyBot, Google Toolbar and BHODemon to help keep my Customers servers clean and under my control. If it only happens at that time and day, then it's probably not going to be a user that is causing an issue, as you would think that the problem would reoccur once the user logs back in after the reboot. I would suggest that there may be some sort of browser hijack happening. If you haven't fixed it by Monday, just put the time forward on the server by a couple of hours. Skip the 7 to 8am time slot and see what happens. As pointed out by another member, install Firefox on the terminal server and see if it experiences the same problems next time it occurs. Always difficult to help with these problems, but I hope that you found this constructive. Kind regards, Jeremy Jeremy Saunders Senior Systems Engineer ”ITS - passionate about winning” IBM Logicalis (Integrated Technology Services) Level 2, 1060 Hay Street West Perth, WA 6005, AUSTRALIA Phone: 132 426 Fax: ; 08 9261 8536 Mobile: TBA E-mail: jeremy.saunders@xxxxxxxxxxx Spriggs Jon <Jon.Spriggs@xxxx ujitsu.com> To thin@xxxxxxxxxxxxx 26/08/2004 03:30 cc PM Subject [THIN] Re: Windows 2k Terminal Please respond to Server - Accessing InternetPro thin blems This is a box where most functions are locked down. Other users on the same network scope are able to access the proxy successfully, network traffic is not huge, and is about the same as every other day. The proxy is not used for accessing the corporate intranet (set by group policy), so that doesn't explain why they can't access the intranet. Backups are done by tape at the machine. Hmmmmm. Looks like it'll be a combination of traffic monitor, file-access-monitor and registry monitor. Great :) Looks like I've got until the weekend to work it out :) Jon Spriggs -- The presence of a "Fujitsu" address does not imply or assume that Fujitsu Services, Fujitsu or any other company containing the Fujitsu name uses or endorses this product. This email is purely a personal opinion. -----Original Message----- From: Nick Smith [mailto:nick@xxxxxxxxxxxxxxx] Sent: 25 August 2004 17:27 To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: Windows 2k Terminal Server - Accessing InternetProblems Silly question , but you mention you are running a Proxy: Proxies can be set up to allow/disallow based on time: maybe soomeon has disallowed your server (Or it's IP range)? IS there maybe a backup or other large data trasnfer going across the web at that time? Maybe everyone doing an autoupdate? Nick -----Original Message----- From: Andrew Rogers [mailto:Andrew.Rogers@xxxxxxxxxxxxxxxxxx] Sent: 25 August 2004 15:37 To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: Windows 2k Terminal Server - Accessing InternetProblems It seems odd though that as you said this is a replacement machine for another one which did the exact same thing.. When the server next dies, you could try running ethereal or tcpview to see where the server is trying to connect to? As someone else said, the contents of the reboot script may be useful.. Try the server on Saturday, see if IE is dead on that day. And if you wanted to get really drastic, you could try install firefox/mozilla/opera in the meantime to let them get on with whatever theyre doing, while you look into the problem before you restart the server! Andrew --o-- >>> Jon.Spriggs@xxxxxxxxxxxxxx 25/08/04 15:09:31 >>> I've got CA's AMO installed on the machine, and I've just disabled the two weekly tasks that it runs. I had a daily task that I installed which rebooted the machine at 6:55 daily, which I put in place after the fault started happening... that's been disabled. There is also a weekly batch file which deletes the temporary internet files. I've changed this so it runs daily, so I'll be able to see tomorrow if it's that at fault - but it doesn't appear so as the task seems to finish OK. I've just finished running a spyware checker (spykiller) and I've run an AV scan (no viral activity). All it came back with was a series of cookies and jpg images... so, I'm guessing that it's not going to be that then... Hmmmm. Jon Spriggs -- The presence of a "Fujitsu" address does not imply or assume that Fujitsu Services, Fujitsu or any other company containing the Fujitsu name uses or endorses this product. This email is purely a personal opinion. -----Original Message----- From: Jason Miller [mailto:JMiller@xxxxxxxxxxxxxxx] Sent: 25 August 2004 14:15 To: 'thin@xxxxxxxxxxxxx' Subject: [THIN] Re: Windows 2k Terminal Server - Accessing Internet Pr oblems Just a thought: Since this is happening routinely at a specific time on a specific day, I'd look into any type of automated tasks that could be running also. You never know what you may find. -----Original Message----- From: Arthur Reyes [mailto:artadmin@xxxxxxxxxxxxx] Sent: Wednesday, August 25, 2004 6:17 AM To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: Windows 2k Terminal Server - Accessing Internet Problems It does sound like spyware to me as well. What is running on server startup? As a stop gap/test, try using a hosts file to block external ad/spy sites. If it keeps your server up one day, using the hosts file may confirm this. I've been getting mine from here: http://www.accs-net.com/hosts/get_hosts.html But these sites are also nice linked. http://cexx.org/neuter.htm http://www.mvps.org/winhelp2002/hosts.htm <http://www.mvps.org/winhelp2002/hosts.htm> _____ From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Spriggs Jon Sent: Wednesday, August 25, 2004 3:12 AM To: thin@xxxxxxxxxxxxx Subject: [THIN] Windows 2k Terminal Server - Accessing Internet Problems Hi, Can anyone help me? I have a Windows 2000 Advanced Server with Terminal Services where every Monday between 7am and 8am its preventing my users from accessing the internet. A reboot seems to solve it once it's happened, but a reboot an hour before (6am) doesn't stop it from happening. Short of running Snort on the server and some form of keylogger to see what all the users are doing (which I don't think they'd be happy about), I'm stumped as to what I can do next. Any suggestions? Jon Spriggs -- The presence of a "Fujitsu" address does not imply or assume that Fujitsu Services, Fujitsu or any other company containing the Fujitsu name uses or endorses this product. This email is purely a personal opinion. ******************************************************** This Weeks Sponsor RTO Software Do you know which applications are abusing your CPU and memory? Would you like to learn? -- Free for a limited time! Get the RTO Performance Analyzer to quickly learn the applications, users, and time of day possible problems exist. http://www.rtosoft.com/enter.asp?id20 ********************************************************** Useful Thin Client Computing Links are available at: http://thin.net/links.cfm *********************************************************** For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: http://thin.net/citrixlist.cfm ******************************************************** This Weeks Sponsor RTO Software Do you know which applications are abusing your CPU and memory? Would you like to learn? -- Free for a limited time! Get the RTO Performance Analyzer to quickly learn the applications, users, and time of day possible problems exist. http://www.rtosoft.com/enter.asp?id20 ********************************************************** Useful Thin Client Computing Links are available at: http://thin.net/links.cfm *********************************************************** For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: http://thin.net/citrixlist.cfm ******************************************************** This Weeks Sponsor RTO Software Do you know which applications are abusing your CPU and memory? Would you like to learn? -- Free for a limited time! Get the RTO Performance Analyzer to quickly learn the applications, users, and time of day possible problems exist. http://www.rtosoft.com/enter.asp?id=320 ********************************************************** Useful Thin Client Computing Links are available at: http://thin.net/links.cfm *********************************************************** For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: http://thin.net/citrixlist.cfm NY礱*h+E3ᔒpj*.ᮒz0ᓜi'*'ix2 =Fvg]nGWqky b+^vئxgL+왩x ڗ,ޮ*ʺ'$)^jͅXjبˬzb᧙uꬩ"nWʩzkc+-ih0shr㉿z{^)E,yN XШx y,ji^jm࠶ঢ়)ıᩊb-It&J rzz -Zqbyuz ^mh,Xm)zl܊Xࠬ ******************************************************** This Weeks Sponsor triCerat: Have you had your fill of printing support calls, unauthorized apps running on unsecured Terminal Servers, profile headaches, and application performance problems? Join us and learn how you can have a less demanding on-demand enterprise! http://www.tricerat.com/?page=events#register ********************************************************** Useful Thin Client Computing Links are available at: http://thin.net/links.cfm *********************************************************** For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: http://thin.net/citrixlist.cfm