On our Remote Access Service (RAS) server and our VPN server -- which also is a RAS server -- the following behaviors have occurred. Both machines are Win2k server, SP3:
I can't open the event properties window for any of the events in event logs. When I log into the machine, the desktop takes a long time to load. In computer management, when trying to open disk management, this error appears: "The RPC server is unavailable."
When I click OK, this message appears on the status bar of disk management: "FAILED connection to Logical Disk Manager service."
When trying to open My Network Places, no items are displayed.
The items in the control panel and the bar which displays the column name (i.e. name, comment) are shifted to the leftmost side of the window. Three quarters of the window, from right, is only white space.
In the event log and application logs, EventSystem ID 4097 keeps appearing.
I should mention that on both machines, when I logged in for the first time this morning, I saw similar advertisement pop ups with the exact same content that was sent to us from outside of the company network.
What is causing all these issues?
Quick -- get these systems behind a firewall! At the very least, install a software firewall on both systems. Unfortunately, Windows 2000 doesn't have anything adequate built in (though Windows Server 2003 does).
Your systems are definitely under attack. Most likely, the attackers are automated tools, and you're not specifically being targeted. Your systems may be infected. So after you get them behind a firewall, you need to install some anti-virus software. Better yet, wipe them clean and rebuild them.
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.