Driver Scanner 2012 - Free Scan Now
Results 1 to 8 of 8

Thread: Re: can not connect via remote desktop after a restart

  1. #1
    loki Guest

    Default Re: can not connect via remote desktop after a restart

    Hello Lanwench,

    1. yesterday we restart the computer but we absolutely do nothing on it (no
    install or no update, just a normal reboot)
    2. after the reboot it's was impossible to login via rdp to the computer !
    the HTTP service was also not working. But the ping was
    working !
    3. we try to manually reboot the server (switch off/on the power) nothing
    change! can still ping the server but can not access
    it via remote desktop and http service still not answer.
    4. we try to login localy (not remotely), but impossible to login, because
    for long time we see : 'Apply user settings' without any harddrive activity
    no other choice to reboot the computer
    5. we retart the computer un safe mode and this time we can log in it. i
    copy all the event log but anazing their is absolutely
    nothing wrong in it ! no error ! no clues about what can forbid us to
    connecte via remote desktop or the IIS to answer.

    in the log, their is no error but i notice that normally i see this entry
    after a reboot :

    MSDTC started with the following settings: ...
    The Terminal Services Configuration service entered the running state.
    The Server service entered the running state.
    The World Wide Web Publishing Service service entered the running state.
    etc..

    but from the reboot of yesterday i don't see this entry

    also i notice all the missing line are after this event :
    File System Filter 'luafv' (6.0, 2008-01-19T05:59:06.000Z) has successfully
    loaded and registered with Filter Manager.
    the next line is normally :
    The Plug and Play service entered the running state.

    What do you thing the probleme can be ? what to do ?
    Remembered, we don't install anything on the computer, just restart it...

    many thanks by advance
    stephane



    "Lanwench [MVP - Exchange]"
    <lanwench@heybuddy.donotsendme.unsolicitedmailatya hoo.com> wrote in message
    news:%23bAd1SuQKHA.4244@TK2MSFTNGP06.phx.gbl...
    > loki <loki5100-newsgroup@yahoo.fr> wrote:
    >> Hello,
    >>
    >> We just restart one windows 2008 server, and now we can not connect
    >> anymore via remote desktop to it and also the http service is not
    >> working anymore. but we can ping the server !
    >>
    >> do you have some idea of what could have happen to the server ?
    >>
    >> Thanks you by advance

    >
    > Log in at the console and check the event logs for errors/clues.
    >



  2. Sponsored Links



  3. #2
    Ace Fekay [MCT] Guest

    Default Re: can not connect via remote desktop after a restart

    "loki" <loki5100-newsgroup@yahoo.fr> wrote in message
    news:A67A6C89-49B2-424E-ACB4-D22F54EFDC3E@microsoft.com...
    > Hello Lanwench,
    >
    > 1. yesterday we restart the computer but we absolutely do nothing on it
    > (no install or no update, just a normal reboot)
    > 2. after the reboot it's was impossible to login via rdp to the computer !
    > the HTTP service was also not working. But the ping was
    > working !
    > 3. we try to manually reboot the server (switch off/on the power) nothing
    > change! can still ping the server but can not access
    > it via remote desktop and http service still not answer.
    > 4. we try to login localy (not remotely), but impossible to login, because
    > for long time we see : 'Apply user settings' without any harddrive
    > activity
    > no other choice to reboot the computer
    > 5. we retart the computer un safe mode and this time we can log in it. i
    > copy all the event log but anazing their is absolutely
    > nothing wrong in it ! no error ! no clues about what can forbid us to
    > connecte via remote desktop or the IIS to answer.
    >
    > in the log, their is no error but i notice that normally i see this entry
    > after a reboot :
    >
    > MSDTC started with the following settings: ...
    > The Terminal Services Configuration service entered the running state.
    > The Server service entered the running state.
    > The World Wide Web Publishing Service service entered the running state.
    > etc..
    >
    > but from the reboot of yesterday i don't see this entry
    >
    > also i notice all the missing line are after this event :
    > File System Filter 'luafv' (6.0, 2008-01-19T05:59:06.000Z) has
    > successfully loaded and registered with Filter Manager.
    > the next line is normally :
    > The Plug and Play service entered the running state.
    >
    > What do you thing the probleme can be ? what to do ?
    > Remembered, we don't install anything on the computer, just restart it...
    >
    > many thanks by advance
    > stephane
    >
    >


    If they're stopped, have you trid to manually start the IISAdmin service,
    and the web publishing service?

    Ace



  4. #3
    loki Guest

    Default Re: can not connect via remote desktop after a restart

    Yes of course... nothing work also some strange bug in
    IIS (i can not see the web site configuration details for
    exemple)

    i not understand why nothing work just after a simple
    restart ! Is this is already happen to someone ?

    thanks you by advance
    stephane


    "Ace Fekay [MCT]" <aceman@mvps.RemoveThisPart.org> wrote in message
    news:%23XOra12QKHA.5032@TK2MSFTNGP05.phx.gbl...
    > "loki" <loki5100-newsgroup@yahoo.fr> wrote in message
    > news:A67A6C89-49B2-424E-ACB4-D22F54EFDC3E@microsoft.com...
    >> Hello Lanwench,
    >>
    >> 1. yesterday we restart the computer but we absolutely do nothing on it
    >> (no install or no update, just a normal reboot)
    >> 2. after the reboot it's was impossible to login via rdp to the computer
    >> ! the HTTP service was also not working. But the ping was
    >> working !
    >> 3. we try to manually reboot the server (switch off/on the power) nothing
    >> change! can still ping the server but can not access
    >> it via remote desktop and http service still not answer.
    >> 4. we try to login localy (not remotely), but impossible to login,
    >> because for long time we see : 'Apply user settings' without any
    >> harddrive activity
    >> no other choice to reboot the computer
    >> 5. we retart the computer un safe mode and this time we can log in it. i
    >> copy all the event log but anazing their is absolutely
    >> nothing wrong in it ! no error ! no clues about what can forbid us to
    >> connecte via remote desktop or the IIS to answer.
    >>
    >> in the log, their is no error but i notice that normally i see this entry
    >> after a reboot :
    >>
    >> MSDTC started with the following settings: ...
    >> The Terminal Services Configuration service entered the running state.
    >> The Server service entered the running state.
    >> The World Wide Web Publishing Service service entered the running state.
    >> etc..
    >>
    >> but from the reboot of yesterday i don't see this entry
    >>
    >> also i notice all the missing line are after this event :
    >> File System Filter 'luafv' (6.0, 2008-01-19T05:59:06.000Z) has
    >> successfully loaded and registered with Filter Manager.
    >> the next line is normally :
    >> The Plug and Play service entered the running state.
    >>
    >> What do you thing the probleme can be ? what to do ?
    >> Remembered, we don't install anything on the computer, just restart it...
    >>
    >> many thanks by advance
    >> stephane
    >>
    >>

    >
    > If they're stopped, have you trid to manually start the IISAdmin service,
    > and the web publishing service?
    >
    > Ace
    >



  5. #4
    Ace Fekay [MCT] Guest

    Default Re: can not connect via remote desktop after a restart

    "loki" <loki5100-newsgroup@yahoo.fr> wrote in message
    news:3721A299-A5A8-466E-BFD0-5D3DA207D01A@microsoft.com...
    > Yes of course... nothing work also some strange bug in
    > IIS (i can not see the web site configuration details for
    > exemple)
    >
    > i not understand why nothing work just after a simple
    > restart ! Is this is already happen to someone ?
    >
    > thanks you by advance
    > stephane
    >


    No, that's not supposed to happen. It could be something else is causing it.
    Post an ipconfig /all from the server, as well as the EventID# and Source
    Names and the error messages in the events that you see from errors in the
    event logs. This will better help than the descriptions you've provided.

    Ace




  6. #5
    loki Guest

    Default Re: can not connect via remote desktop after a restart

    the problem is that now i can not anymore login under the server
    for what i see when i was logged (but in safe mode) is that
    in the event they was no error message at all ! this was supprised me,
    i was hopping to see some error why all the service not
    start... nothing !! just i notice that in the event log we miss
    some entry like :
    MSDTC started with the following settings: ...
    The Terminal Services Configuration service entered the running state.
    The Server service entered the running state.
    The World Wide Web Publishing Service service entered the running state.

    that mean the service not start ! but no explanation why they not start, no
    error !
    so it's look like the process do an infinite loop somewhere between
    "File System Filter 'luafv' (6.0, 2008-01-19T05:59:06.000Z) has successfully
    loaded and registered with Filter Manager"
    and
    "The Plug and Play service entered the running state"

    that delay all the other event to happen !
    network card driver error ? (but in safe mode i have the internet...)
    other driver error ? but why no error in the event log ...


    below all the event just after a reboot for the
    1rt time the server :

    **********************************
    **********************************
    **********************************
    SYSTEM
    **********************************
    **********************************
    **********************************

    !!and nothing more still the next hard reboot!!
    Information 10/2/2009 12:23:29 AM Microsoft-Windows-FilterManager 6 None
    File System Filter 'luafv' (6.0, 2008-01-19T05:59:06.000Z) has successfully
    loaded and registered with Filter Manager.
    Information 10/2/2009 12:23:21 AM Tcpip 4201 None The system detected that
    network adapter Local Area Connection was connected to the network, and has
    initiated normal operation.
    Information 10/2/2009 12:23:21 AM Tcpip 4201 None The system detected that
    network adapter Local Area Connection was connected to the network, and has
    initiated normal operation.
    Information 10/2/2009 12:23:21 AM l2nd 9 None Broadcom BCM5708C: Network
    controller configured for 100Mb full-duplex link.
    Information 10/2/2009 12:23:21 AM Tcpip 4201 None The system detected that
    network adapter Local Area Connection 2 was connected to the network, and
    has initiated normal operation.
    Information 10/2/2009 12:23:21 AM Tcpip 4201 None The system detected that
    network adapter Local Area Connection 2 was connected to the network, and
    has initiated normal operation.
    Information 10/2/2009 12:23:21 AM l2nd 9 None Broadcom BCM5708C: Network
    controller configured for 100Mb full-duplex link.
    Warning 10/2/2009 12:23:19 AM l2nd 4 None Broadcom BCM5708C: The network
    link is down. Check to make sure the network cable is properly connected.
    Warning 10/2/2009 12:23:18 AM l2nd 4 None Broadcom BCM5708C: The network
    link is down. Check to make sure the network cable is properly connected.
    Information 10/2/2009 12:23:18 AM l2nd 16 None Broadcom BCM5708C: Driver
    initialized successfully.
    Information 10/2/2009 12:23:18 AM b06bdrv 18 None \Device\NTPNP_PCI0030:
    Ndis device bound successfully.
    Information 10/2/2009 12:23:18 AM l2nd 16 None Broadcom BCM5708C: Driver
    initialized successfully.
    Information 10/2/2009 12:23:18 AM b06bdrv 18 None \Device\NTPNP_PCI0032:
    Ndis device bound successfully.
    Information 10/2/2009 12:23:18 AM Microsoft-Windows-Kernel-Processor-Power 4
    None "Processor 0 exposes the following:

    1 idle state(s)
    0 performance state(s)
    0 throttle state(s)"
    Information 10/2/2009 12:23:18 AM Microsoft-Windows-Kernel-Processor-Power 4
    None "Processor 3 exposes the following:

    1 idle state(s)
    0 performance state(s)
    0 throttle state(s)"
    Information 10/2/2009 12:23:18 AM Microsoft-Windows-Kernel-Processor-Power 4
    None "Processor 2 exposes the following:

    1 idle state(s)
    0 performance state(s)
    0 throttle state(s)"
    Information 10/2/2009 12:23:18 AM Microsoft-Windows-Kernel-Processor-Power 4
    None "Processor 1 exposes the following:

    1 idle state(s)
    0 performance state(s)
    0 throttle state(s)"
    Information 10/2/2009 12:23:16 AM Tcpip 4201 None The system detected that
    network adapter Loopback Pseudo-Interface 1 was connected to the network,
    and has initiated normal operation.
    Information 10/2/2009 12:23:16 AM Tcpip 4201 None The system detected that
    network adapter Loopback Pseudo-Interface 1 was connected to the network,
    and has initiated normal operation.
    Information 10/2/2009 12:23:16 AM b06bdrv 12 None \Device\NTPNP_PCI0030:
    Driver initialized successfully.
    Information 10/2/2009 12:23:16 AM b06bdrv 12 None \Device\NTPNP_PCI0032:
    Driver initialized successfully.
    Information 10/2/2009 12:23:29 AM EventLog 6013 None The system uptime is 39
    seconds.
    Information 10/2/2009 12:23:29 AM EventLog 6005 None The Event log service
    was started.
    Information 10/2/2009 12:23:29 AM EventLog 6009 None Microsoft (R) Windows
    (R) 6.00. 6002 Service Pack 2 Multiprocessor Free.
    Information 10/2/2009 12:21:29 AM EventLog 6006 None The Event log service
    was stopped.
    Information 10/2/2009 12:21:28 AM Service Control Manager 7036 None The
    Group Policy Client service entered the stopped state.
    Information 10/2/2009 12:21:28 AM Service Control Manager 7036 None The
    Windows Update service entered the stopped state.
    Information 10/2/2009 12:21:28 AM Service Control Manager 7036 None The
    Windows Modules Installer service entered the running state.
    Information 10/2/2009 12:21:28 AM Microsoft-Windows-DistributedCOM 10029
    None "DCOM started the service TrustedInstaller with arguments """" in
    order to run the server:
    {752073A1-23F2-4396-85F0-8FDB879ED0ED}"
    Information 10/2/2009 12:21:28 AM USER32 1074 None "The process
    C:\Windows\system32\winlogon.exe (SERVER10) has initiated the restart of
    computer SERVER10 on behalf of user SERVER10\Administrator for the following
    reason: No title for this reason could be found
    Reason Code: 0x500ff
    Shutdown Type: restart
    Comment: "
    Information 10/2/2009 12:21:26 AM USER32 1074 None "The process Explorer.EXE
    has initiated the restart of computer SERVER10 on behalf of user
    SERVER10\Administrator for the following reason: Application: Maintenance
    (Planned)
    Reason Code: 0x84040001
    Shutdown Type: restart
    Comment: "


    **********************************
    **********************************
    **********************************
    APPLICATION
    **********************************
    **********************************
    **********************************

    !!and nothing more still the next hard reboot!!
    Information 10/2/2009 12:23:35 AM Microsoft-Windows-Security-Licensing-SLC
    902 None "The Software Licensing service has started.
    "
    Information 10/2/2009 12:23:34 AM Microsoft-Windows-Security-Licensing-SLC
    1005 None "The result of Windows Right consumption is: hr=0x0
    "
    Information 10/2/2009 12:23:34 AM Microsoft-Windows-Security-Licensing-SLC
    1003 None "The Software Licensing service has completed licensing status
    check.
    Application Id=55c92734-d682-4d71-983e-d6ec3f16059f
    Licensing Status=
    {1,[15a581b4-f839-4d26-943c-b7e72f219849, 0,
    0x0,0x0],[0x0,0x0,0x0,0,0,0x0],[0x0,0xFFFFFFFF,0x0,0,0,0x0],[0x0,0xFFFFFFFF,0x0,0,0,0x0],[0,0,0x0]}

    {1,[56df4151-1f9f-41bf-acaa-2941c071872b, 8, 0xC004F014,0x0]}

    {1,[603504f9-109f-49f0-9271-8c66f7878f58, 8, 0xC004F014,0x0]}

    {1,[7acd9eb8-e300-444c-b38a-47cdbe065508, 8, 0xC004F014,0x0]}

    {1,[ad2542d4-9154-4c6d-8a44-30f11ee96989, 8, 0xC004F014,0x0]}

    {1,[bb1d27c4-959d-4f82-b0fd-c02a7be54732, 8, 0xC004F014,0x0]}

    {1,[c90d1b4e-8aa8-439e-8b9e-b6d6b6a6d975, 8, 0xC004F014,0x0]}
    "
    Information 10/2/2009 12:23:34 AM Microsoft-Windows-Security-Licensing-SLC
    1033 None "These policies are being excluded since they are only defined
    with override-only attribute.
    Policy Names=(Microsoft-Windows-AuxiliaryDisplay-EnableAPI)
    (Microsoft-Windows-AuxiliaryDisplay-EnableCPL)
    (Microsoft-Windows-AuxiliaryDisplay-EnableCPL_w)
    (Microsoft-Windows-AuxiliaryDisplay-EnableDriver)
    (Microsoft-Windows-AuxiliaryDisplay-EnableDriver_w)
    (Microsoft-Windows-AuxiliaryDisplay-EnableSDP)
    (Microsoft-Windows-AuxiliaryDisplay-EnableSDP_w)
    (Microsoft-Windows-CertificateServices-CA-AdvancedTemplateSupport)
    (Microsoft-Windows-CertificateServices-CA-AdvancedTemplateSupport_w)
    (Microsoft-Windows-CertificateServices-CA-CertificateManagerRestrictionSupport)
    (Microsoft-Windows-CertificateServices-CA-CertificateManagerRestrictionSupport_w)
    (Microsoft-Windows-CertificateServices-CA-ExitModuleSMTPSupport)
    (Microsoft-Windows-CertificateServices-CA-ExitModuleSMTPSupport_w)
    (Microsoft-Windows-CertificateServices-CA-RoleSeparationSupport)
    (Microsoft-Windows-CertificateServices-CA-RoleSeparationSupport_w)
    (Microsoft-Windows-Fax-Common-DeviceLimit)
    (Microsoft-Windows-Fax-Common-EnableServerPolicy)
    (PeerToPeerBase-IdManager-EnabledPolicy)
    (PeerToPeerBase-IdManager-EnabledPolicy_w)
    (PeerToPeerBase-Pnrp-EnabledPolicy) (PeerToPeerBase-Pnrp-EnabledPolicy_w)
    (Printing-Spooler-Pmc-Licensing-Enabled)
    (Printing-Spooler-Pmc-Licensing-Enabled_w) (SecureStartupFeature-Enabled)
    (SecureStartupFeature-Enabled-Driver) (SecureStartupFeature-Enabled_w)
    (SecureStartupFeature-PerfWarning) (TSProxy-EdgeAdapter-MaxConnections)
    (Telnet-Client-EnableTelnetClient) (Telnet-Client-EnableTelnetClient_w)
    (Telnet-Server-EnableTelnetServer) (Telnet-Server-EnableTelnetServer_w)
    (nfs-admincmdtools-enabled) (nfs-adminmmc-enabled)
    (nfs-clientcmdtools-enabled) (nfs-clientcore-enabled)
    (nfs-servercmdtools-enabled) (nfs-servercore-enabled) (psync-Enabled)
    (snis-Enabled) (snis-Enabled_w) (sua-EnableSUA)
    App Id=55c92734-d682-4d71-983e-d6ec3f16059f
    Sku Id=15a581b4-f839-4d26-943c-b7e72f219849"
    Information 10/2/2009 12:23:30 AM Microsoft-Windows-EventSystem 4625 None
    The EventSystem sub system is suppressing duplicate event log entries for a
    duration of 86400 seconds. The suppression timeout can be controlled by a
    REG_DWORD value named SuppressDuplicateDuration under the following registry
    key: HKLM\Software\Microsoft\EventSystem\EventLog.
    Information 10/2/2009 12:23:30 AM Microsoft-Windows-Security-Licensing-SLC
    900 None "The Software Licensing service is starting.
    "
    Information 10/2/2009 12:23:30 AM Microsoft-Windows-User Profiles Service
    1531 None "The User Profile Service has started successfully.

    "
    Information 10/2/2009 12:21:28 AM
    Microsoft-Windows-CertificateServicesClient 2 None Certificate Services
    Client has been stopped.
    Information 10/2/2009 12:21:27 AM
    Microsoft-Windows-CertificateServicesClient 2 None Certificate Services
    Client has been stopped.
    Information 10/2/2009 12:21:28 AM Microsoft-Windows-MSDTC 4111 SVC The MS
    DTC service is stopping.
    Warning 10/2/2009 12:21:27 AM Microsoft-Windows-User Profiles Service 1530
    None "Windows detected your registry file is still in use by other
    applications or services. The file will be unloaded now. The applications or
    services that hold your registry file may not function properly afterwards.

    DETAIL -
    1 user registry handles leaked from
    \Registry\User\S-1-5-21-2358723158-3070534255-1126232614-500:
    Process 296 (\Device\HarddiskVolume1\Windows\System32\svchost. exe) has
    opened key
    \REGISTRY\USER\S-1-5-21-2358723158-3070534255-1126232614-500\Printers\DevModePerUser
    "
    Information 10/2/2009 12:21:27 AM Desktop Window Manager 9009 None The
    Desktop Window Manager has exited with code (0x40010004)





    **********************************
    **********************************
    **********************************
    SECURITY
    **********************************
    **********************************
    **********************************

    !!and nothing more still the next hard reboot!!
    Information 10/2/2009 12:23:44 AM Microsoft-Windows-Security-Auditing 5061
    System Integrity "Cryptographic operation.

    Subject:
    Security ID: S-1-5-18
    Account Name: SERVER10$
    Account Domain: MOUTYHNE
    Logon ID: 0x3e7

    Cryptographic Parameters:
    Provider Name: Microsoft Software Key Storage Provider
    Algorithm Name: RSA
    Key Name: le-a5c12300-65be-4527-930d-9f95b4932d62
    Key Type: Machine key.

    Cryptographic Operation:
    Operation: Open Key.
    Return Code: 0x0"
    Information 10/2/2009 12:23:44 AM Microsoft-Windows-Security-Auditing 5058
    Other System Events "Key file operation.

    Subject:
    Security ID: S-1-5-18
    Account Name: SERVER10$
    Account Domain: MOUTYHNE
    Logon ID: 0x3e7

    Cryptographic Parameters:
    Provider Name: Microsoft Software Key Storage Provider
    Algorithm Name: Not Available.
    Key Name:
    88c4852146f789bc45b56e90f302b52c_58334793-82d1-4e55-8e35-8995a7752bb1
    Key Type: Machine key.

    Key File Operation Information:
    File Path:
    C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\88 c4852146f789bc45b56e90f302b52c_58334793-82d1-4e55-8e35-8995a7752bb1
    Operation: Read persisted key from file.
    Return Code: 0x0"
    Information 10/2/2009 12:23:32 AM Microsoft-Windows-Security-Auditing 5024
    Other System Events The Windows Firewall Service has started successfully.
    Information 10/2/2009 12:23:32 AM Microsoft-Windows-Security-Auditing 5033
    Other System Events The Windows Firewall Driver has started successfully.
    Information 10/2/2009 12:23:30 AM Microsoft-Windows-Security-Auditing 4672
    Special Logon "Special privileges assigned to new logon.

    Subject:
    Security ID: S-1-5-18
    Account Name: SYSTEM
    Account Domain: NT AUTHORITY
    Logon ID: 0x3e7

    Privileges: SeAssignPrimaryTokenPrivilege
    SeTcbPrivilege
    SeSecurityPrivilege
    SeTakeOwnershipPrivilege
    SeLoadDriverPrivilege
    SeBackupPrivilege
    SeRestorePrivilege
    SeDebugPrivilege
    SeAuditPrivilege
    SeSystemEnvironmentPrivilege
    SeImpersonatePrivilege"
    Information 10/2/2009 12:23:30 AM Microsoft-Windows-Security-Auditing 4624
    Logon "An account was successfully logged on.

    Subject:
    Security ID: S-1-5-18
    Account Name: SERVER10$
    Account Domain: MOUTYHNE
    Logon ID: 0x3e7

    Logon Type: 5

    New Logon:
    Security ID: S-1-5-18
    Account Name: SYSTEM
    Account Domain: NT AUTHORITY
    Logon ID: 0x3e7
    Logon GUID: {00000000-0000-0000-0000-000000000000}

    Process Information:
    Process ID: 0x268
    Process Name: C:\Windows\System32\services.exe

    Network Information:
    Workstation Name:
    Source Network Address: -
    Source Port: -

    Detailed Authentication Information:
    Logon Process: Advapi
    Authentication Package: Negotiate
    Transited Services: -
    Package Name (NTLM only): -
    Key Length: 0

    This event is generated when a logon session is created. It is generated on
    the computer that was accessed.

    The subject fields indicate the account on the local system which requested
    the logon. This is most commonly a service such as the Server service, or a
    local process such as Winlogon.exe or Services.exe.

    The logon type field indicates the kind of logon that occurred. The most
    common types are 2 (interactive) and 3 (network).

    The New Logon fields indicate the account for whom the new logon was
    created, i.e. the account that was logged on.

    The network fields indicate where a remote logon request originated.
    Workstation name is not always available and may be left blank in some
    cases.

    The authentication information fields provide detailed information about
    this specific logon request.
    - Logon GUID is a unique identifier that can be used to correlate this
    event with a KDC event.
    - Transited services indicate which intermediate services have participated
    in this logon request.
    - Package name indicates which sub-protocol was used among the NTLM
    protocols.
    - Key length indicates the length of the generated session key. This will
    be 0 if no session key was requested."
    Information 10/2/2009 12:23:30 AM Microsoft-Windows-Security-Auditing 4648
    Logon "A logon was attempted using explicit credentials.

    Subject:
    Security ID: S-1-5-18
    Account Name: SERVER10$
    Account Domain: MOUTYHNE
    Logon ID: 0x3e7
    Logon GUID: {00000000-0000-0000-0000-000000000000}

    Account Whose Credentials Were Used:
    Account Name: SYSTEM
    Account Domain: NT AUTHORITY
    Logon GUID: {00000000-0000-0000-0000-000000000000}

    Target Server:
    Target Server Name: localhost
    Additional Information: localhost

    Process Information:
    Process ID: 0x268
    Process Name: C:\Windows\System32\services.exe

    Network Information:
    Network Address: -
    Port: -

    This event is generated when a process attempts to log on an account by
    explicitly specifying that accountâ?Ts credentials. This most commonly
    occurs in batch-type configurations such as scheduled tasks, or when using
    the RUNAS command."
    Information 10/2/2009 12:23:30 AM Microsoft-Windows-Security-Auditing 4672
    Special Logon "Special privileges assigned to new logon.

    Subject:
    Security ID: S-1-5-18
    Account Name: SYSTEM
    Account Domain: NT AUTHORITY
    Logon ID: 0x3e7

    Privileges: SeAssignPrimaryTokenPrivilege
    SeTcbPrivilege
    SeSecurityPrivilege
    SeTakeOwnershipPrivilege
    SeLoadDriverPrivilege
    SeBackupPrivilege
    SeRestorePrivilege
    SeDebugPrivilege
    SeAuditPrivilege
    SeSystemEnvironmentPrivilege
    SeImpersonatePrivilege"
    Information 10/2/2009 12:23:30 AM Microsoft-Windows-Security-Auditing 4624
    Logon "An account was successfully logged on.

    Subject:
    Security ID: S-1-5-18
    Account Name: SERVER10$
    Account Domain: MOUTYHNE
    Logon ID: 0x3e7

    Logon Type: 5

    New Logon:
    Security ID: S-1-5-18
    Account Name: SYSTEM
    Account Domain: NT AUTHORITY
    Logon ID: 0x3e7
    Logon GUID: {00000000-0000-0000-0000-000000000000}

    Process Information:
    Process ID: 0x268
    Process Name: C:\Windows\System32\services.exe

    Network Information:
    Workstation Name:
    Source Network Address: -
    Source Port: -

    Detailed Authentication Information:
    Logon Process: Advapi
    Authentication Package: Negotiate
    Transited Services: -
    Package Name (NTLM only): -
    Key Length: 0

    This event is generated when a logon session is created. It is generated on
    the computer that was accessed.

    The subject fields indicate the account on the local system which requested
    the logon. This is most commonly a service such as the Server service, or a
    local process such as Winlogon.exe or Services.exe.

    The logon type field indicates the kind of logon that occurred. The most
    common types are 2 (interactive) and 3 (network).

    The New Logon fields indicate the account for whom the new logon was
    created, i.e. the account that was logged on.

    The network fields indicate where a remote logon request originated.
    Workstation name is not always available and may be left blank in some
    cases.

    The authentication information fields provide detailed information about
    this specific logon request.
    - Logon GUID is a unique identifier that can be used to correlate this
    event with a KDC event.
    - Transited services indicate which intermediate services have participated
    in this logon request.
    - Package name indicates which sub-protocol was used among the NTLM
    protocols.
    - Key length indicates the length of the generated session key. This will
    be 0 if no session key was requested."
    Information 10/2/2009 12:23:30 AM Microsoft-Windows-Security-Auditing 4648
    Logon "A logon was attempted using explicit credentials.

    Subject:
    Security ID: S-1-5-18
    Account Name: SERVER10$
    Account Domain: MOUTYHNE
    Logon ID: 0x3e7
    Logon GUID: {00000000-0000-0000-0000-000000000000}

    Account Whose Credentials Were Used:
    Account Name: SYSTEM
    Account Domain: NT AUTHORITY
    Logon GUID: {00000000-0000-0000-0000-000000000000}

    Target Server:
    Target Server Name: localhost
    Additional Information: localhost

    Process Information:
    Process ID: 0x268
    Process Name: C:\Windows\System32\services.exe

    Network Information:
    Network Address: -
    Port: -

    This event is generated when a process attempts to log on an account by
    explicitly specifying that accountâ?Ts credentials. This most commonly
    occurs in batch-type configurations such as scheduled tasks, or when using
    the RUNAS command."
    Information 10/2/2009 12:23:29 AM Microsoft-Windows-Security-Auditing 4672
    Special Logon "Special privileges assigned to new logon.

    Subject:
    Security ID: S-1-5-19
    Account Name: LOCAL SERVICE
    Account Domain: NT AUTHORITY
    Logon ID: 0x3e5

    Privileges: SeAssignPrimaryTokenPrivilege
    SeAuditPrivilege
    SeImpersonatePrivilege"
    Information 10/2/2009 12:23:29 AM Microsoft-Windows-Security-Auditing 4624
    Logon "An account was successfully logged on.

    Subject:
    Security ID: S-1-5-18
    Account Name: SERVER10$
    Account Domain: MOUTYHNE
    Logon ID: 0x3e7

    Logon Type: 5

    New Logon:
    Security ID: S-1-5-19
    Account Name: LOCAL SERVICE
    Account Domain: NT AUTHORITY
    Logon ID: 0x3e5
    Logon GUID: {00000000-0000-0000-0000-000000000000}

    Process Information:
    Process ID: 0x268
    Process Name: C:\Windows\System32\services.exe

    Network Information:
    Workstation Name:
    Source Network Address: -
    Source Port: -

    Detailed Authentication Information:
    Logon Process: Advapi
    Authentication Package: Negotiate
    Transited Services: -
    Package Name (NTLM only): -
    Key Length: 0

    This event is generated when a logon session is created. It is generated on
    the computer that was accessed.

    The subject fields indicate the account on the local system which requested
    the logon. This is most commonly a service such as the Server service, or a
    local process such as Winlogon.exe or Services.exe.

    The logon type field indicates the kind of logon that occurred. The most
    common types are 2 (interactive) and 3 (network).

    The New Logon fields indicate the account for whom the new logon was
    created, i.e. the account that was logged on.

    The network fields indicate where a remote logon request originated.
    Workstation name is not always available and may be left blank in some
    cases.

    The authentication information fields provide detailed information about
    this specific logon request.
    - Logon GUID is a unique identifier that can be used to correlate this
    event with a KDC event.
    - Transited services indicate which intermediate services have participated
    in this logon request.
    - Package name indicates which sub-protocol was used among the NTLM
    protocols.
    - Key length indicates the length of the generated session key. This will
    be 0 if no session key was requested."
    Information 10/2/2009 12:23:29 AM Microsoft-Windows-Security-Auditing 4672
    Special Logon "Special privileges assigned to new logon.

    Subject:
    Security ID: S-1-5-20
    Account Name: NETWORK SERVICE
    Account Domain: NT AUTHORITY
    Logon ID: 0x3e4

    Privileges: SeAssignPrimaryTokenPrivilege
    SeAuditPrivilege
    SeImpersonatePrivilege"
    Information 10/2/2009 12:23:29 AM Microsoft-Windows-Security-Auditing 4624
    Logon "An account was successfully logged on.

    Subject:
    Security ID: S-1-5-18
    Account Name: SERVER10$
    Account Domain: MOUTYHNE
    Logon ID: 0x3e7

    Logon Type: 5

    New Logon:
    Security ID: S-1-5-20
    Account Name: NETWORK SERVICE
    Account Domain: NT AUTHORITY
    Logon ID: 0x3e4
    Logon GUID: {00000000-0000-0000-0000-000000000000}

    Process Information:
    Process ID: 0x268
    Process Name: C:\Windows\System32\services.exe

    Network Information:
    Workstation Name:
    Source Network Address: -
    Source Port: -

    Detailed Authentication Information:
    Logon Process: Advapi
    Authentication Package: Negotiate
    Transited Services: -
    Package Name (NTLM only): -
    Key Length: 0

    This event is generated when a logon session is created. It is generated on
    the computer that was accessed.

    The subject fields indicate the account on the local system which requested
    the logon. This is most commonly a service such as the Server service, or a
    local process such as Winlogon.exe or Services.exe.

    The logon type field indicates the kind of logon that occurred. The most
    common types are 2 (interactive) and 3 (network).

    The New Logon fields indicate the account for whom the new logon was
    created, i.e. the account that was logged on.

    The network fields indicate where a remote logon request originated.
    Workstation name is not always available and may be left blank in some
    cases.

    The authentication information fields provide detailed information about
    this specific logon request.
    - Logon GUID is a unique identifier that can be used to correlate this
    event with a KDC event.
    - Transited services indicate which intermediate services have participated
    in this logon request.
    - Package name indicates which sub-protocol was used among the NTLM
    protocols.
    - Key length indicates the length of the generated session key. This will
    be 0 if no session key was requested."
    Information 10/2/2009 12:23:29 AM Microsoft-Windows-Security-Auditing 4672
    Special Logon "Special privileges assigned to new logon.

    Subject:
    Security ID: S-1-5-18
    Account Name: SYSTEM
    Account Domain: NT AUTHORITY
    Logon ID: 0x3e7

    Privileges: SeAssignPrimaryTokenPrivilege
    SeTcbPrivilege
    SeSecurityPrivilege
    SeTakeOwnershipPrivilege
    SeLoadDriverPrivilege
    SeBackupPrivilege
    SeRestorePrivilege
    SeDebugPrivilege
    SeAuditPrivilege
    SeSystemEnvironmentPrivilege
    SeImpersonatePrivilege"
    Information 10/2/2009 12:23:29 AM Microsoft-Windows-Security-Auditing 4624
    Logon "An account was successfully logged on.

    Subject:
    Security ID: S-1-5-18
    Account Name: SERVER10$
    Account Domain: MOUTYHNE
    Logon ID: 0x3e7

    Logon Type: 5

    New Logon:
    Security ID: S-1-5-18
    Account Name: SYSTEM
    Account Domain: NT AUTHORITY
    Logon ID: 0x3e7
    Logon GUID: {00000000-0000-0000-0000-000000000000}

    Process Information:
    Process ID: 0x268
    Process Name: C:\Windows\System32\services.exe

    Network Information:
    Workstation Name:
    Source Network Address: -
    Source Port: -

    Detailed Authentication Information:
    Logon Process: Advapi
    Authentication Package: Negotiate
    Transited Services: -
    Package Name (NTLM only): -
    Key Length: 0

    This event is generated when a logon session is created. It is generated on
    the computer that was accessed.

    The subject fields indicate the account on the local system which requested
    the logon. This is most commonly a service such as the Server service, or a
    local process such as Winlogon.exe or Services.exe.

    The logon type field indicates the kind of logon that occurred. The most
    common types are 2 (interactive) and 3 (network).

    The New Logon fields indicate the account for whom the new logon was
    created, i.e. the account that was logged on.

    The network fields indicate where a remote logon request originated.
    Workstation name is not always available and may be left blank in some
    cases.

    The authentication information fields provide detailed information about
    this specific logon request.
    - Logon GUID is a unique identifier that can be used to correlate this
    event with a KDC event.
    - Transited services indicate which intermediate services have participated
    in this logon request.
    - Package name indicates which sub-protocol was used among the NTLM
    protocols.
    - Key length indicates the length of the generated session key. This will
    be 0 if no session key was requested."
    Information 10/2/2009 12:23:29 AM Microsoft-Windows-Security-Auditing 4648
    Logon "A logon was attempted using explicit credentials.

    Subject:
    Security ID: S-1-5-18
    Account Name: SERVER10$
    Account Domain: MOUTYHNE
    Logon ID: 0x3e7
    Logon GUID: {00000000-0000-0000-0000-000000000000}

    Account Whose Credentials Were Used:
    Account Name: SYSTEM
    Account Domain: NT AUTHORITY
    Logon GUID: {00000000-0000-0000-0000-000000000000}

    Target Server:
    Target Server Name: localhost
    Additional Information: localhost

    Process Information:
    Process ID: 0x268
    Process Name: C:\Windows\System32\services.exe

    Network Information:
    Network Address: -
    Port: -

    This event is generated when a process attempts to log on an account by
    explicitly specifying that accountâ?Ts credentials. This most commonly
    occurs in batch-type configurations such as scheduled tasks, or when using
    the RUNAS command."
    Information 10/2/2009 12:23:28 AM Microsoft-Windows-Security-Auditing 4902
    Audit Policy Change "The Per-user audit policy table was created.

    Number of Elements: 0
    Policy ID: 0xcdf1"
    Information 10/2/2009 12:23:27 AM Microsoft-Windows-Security-Auditing 4624
    Logon "An account was successfully logged on.

    Subject:
    Security ID: S-1-0-0
    Account Name: -
    Account Domain: -
    Logon ID: 0x0

    Logon Type: 0

    New Logon:
    Security ID: S-1-5-18
    Account Name: SYSTEM
    Account Domain: NT AUTHORITY
    Logon ID: 0x3e7
    Logon GUID: {00000000-0000-0000-0000-000000000000}

    Process Information:
    Process ID: 0x1000100000004
    Process Name:

    Network Information:
    Workstation Name: -
    Source Network Address: -
    Source Port: -

    Detailed Authentication Information:
    Logon Process: -
    Authentication Package: -
    Transited Services: -
    Package Name (NTLM only): -
    Key Length: 0

    This event is generated when a logon session is created. It is generated on
    the computer that was accessed.

    The subject fields indicate the account on the local system which requested
    the logon. This is most commonly a service such as the Server service, or a
    local process such as Winlogon.exe or Services.exe.

    The logon type field indicates the kind of logon that occurred. The most
    common types are 2 (interactive) and 3 (network).

    The New Logon fields indicate the account for whom the new logon was
    created, i.e. the account that was logged on.

    The network fields indicate where a remote logon request originated.
    Workstation name is not always available and may be left blank in some
    cases.

    The authentication information fields provide detailed information about
    this specific logon request.
    - Logon GUID is a unique identifier that can be used to correlate this
    event with a KDC event.
    - Transited services indicate which intermediate services have participated
    in this logon request.
    - Package name indicates which sub-protocol was used among the NTLM
    protocols.
    - Key length indicates the length of the generated session key. This will
    be 0 if no session key was requested."
    Information 10/2/2009 12:23:27 AM Microsoft-Windows-Security-Auditing 4608
    Security State Change "Windows is starting up.

    This event is logged when LSASS.EXE starts and the auditing subsystem is
    initialized."
    Information 10/2/2009 12:21:28 AM Microsoft-Windows-Security-Auditing 4634
    Logoff "An account was logged off.

    Subject:
    Security ID: S-1-5-7
    Account Name: ANONYMOUS LOGON
    Account Domain: NT AUTHORITY
    Logon ID: 0x1c264

    Logon Type: 3

    This event is generated when a logon session is destroyed. It may be
    positively correlated with a logon event using the Logon ID value. Logon IDs
    are only unique between reboots on the same computer."
    Information 10/2/2009 12:21:28 AM Microsoft-Windows-Security-Auditing 4634
    Logoff "An account was logged off.

    Subject:
    Security ID: S-1-5-21-2358723158-3070534255-1126232614-1001
    Account Name: www.MOUTYHNE.com
    Account Domain: SERVER10
    Logon ID: 0x1c337

    Logon Type: 4

    This event is generated when a logon session is destroyed. It may be
    positively correlated with a logon event using the Logon ID value. Logon IDs
    are only unique between reboots on the same computer."
    Information 10/2/2009 12:21:28 AM Microsoft-Windows-Security-Auditing 4634
    Logoff "An account was logged off.

    Subject:
    Security ID: S-1-5-17
    Account Name: IUSR
    Account Domain: NT AUTHORITY
    Logon ID: 0x3e3

    Logon Type: 5

    This event is generated when a logon session is destroyed. It may be
    positively correlated with a logon event using the Logon ID value. Logon IDs
    are only unique between reboots on the same computer."
    Information 10/2/2009 12:21:28 AM Microsoft-Windows-Security-Auditing 4634
    Logoff "An account was logged off.

    Subject:
    Security ID: S-1-5-21-2358723158-3070534255-1126232614-500
    Account Name: Administrator
    Account Domain: SERVER10
    Logon ID: 0x199b2b4

    Logon Type: 3

    This event is generated when a logon session is destroyed. It may be
    positively correlated with a logon event using the Logon ID value. Logon IDs
    are only unique between reboots on the same computer."
    Information 10/2/2009 12:21:28 AM Microsoft-Windows-Security-Auditing 4634
    Logoff "An account was logged off.

    Subject:
    Security ID: S-1-5-21-2358723158-3070534255-1126232614-500
    Account Name: Administrator
    Account Domain: SERVER10
    Logon ID: 0x199c722

    Logon Type: 10

    This event is generated when a logon session is destroyed. It may be
    positively correlated with a logon event using the Logon ID value. Logon IDs
    are only unique between reboots on the same computer."
    Information 10/2/2009 12:21:28 AM Microsoft-Windows-Security-Auditing 4672
    Special Logon "Special privileges assigned to new logon.

    Subject:
    Security ID: S-1-5-18
    Account Name: SYSTEM
    Account Domain: NT AUTHORITY
    Logon ID: 0x3e7

    Privileges: SeAssignPrimaryTokenPrivilege
    SeTcbPrivilege
    SeSecurityPrivilege
    SeTakeOwnershipPrivilege
    SeLoadDriverPrivilege
    SeBackupPrivilege
    SeRestorePrivilege
    SeDebugPrivilege
    SeAuditPrivilege
    SeSystemEnvironmentPrivilege
    SeImpersonatePrivilege"
    Information 10/2/2009 12:21:28 AM Microsoft-Windows-Security-Auditing 4624
    Logon "An account was successfully logged on.

    Subject:
    Security ID: S-1-5-18
    Account Name: SERVER10$
    Account Domain: MOUTYHNE
    Logon ID: 0x3e7

    Logon Type: 5

    New Logon:
    Security ID: S-1-5-18
    Account Name: SYSTEM
    Account Domain: NT AUTHORITY
    Logon ID: 0x3e7
    Logon GUID: {00000000-0000-0000-0000-000000000000}

    Process Information:
    Process ID: 0x270
    Process Name: C:\Windows\System32\services.exe

    Network Information:
    Workstation Name:
    Source Network Address: -
    Source Port: -

    Detailed Authentication Information:
    Logon Process: Advapi
    Authentication Package: Negotiate
    Transited Services: -
    Package Name (NTLM only): -
    Key Length: 0

    This event is generated when a logon session is created. It is generated on
    the computer that was accessed.

    The subject fields indicate the account on the local system which requested
    the logon. This is most commonly a service such as the Server service, or a
    local process such as Winlogon.exe or Services.exe.

    The logon type field indicates the kind of logon that occurred. The most
    common types are 2 (interactive) and 3 (network).

    The New Logon fields indicate the account for whom the new logon was
    created, i.e. the account that was logged on.

    The network fields indicate where a remote logon request originated.
    Workstation name is not always available and may be left blank in some
    cases.

    The authentication information fields provide detailed information about
    this specific logon request.
    - Logon GUID is a unique identifier that can be used to correlate this
    event with a KDC event.
    - Transited services indicate which intermediate services have participated
    in this logon request.
    - Package name indicates which sub-protocol was used among the NTLM
    protocols.
    - Key length indicates the length of the generated session key. This will
    be 0 if no session key was requested."
    Information 10/2/2009 12:21:28 AM Microsoft-Windows-Security-Auditing 4648
    Logon "A logon was attempted using explicit credentials.

    Subject:
    Security ID: S-1-5-18
    Account Name: SERVER10$
    Account Domain: MOUTYHNE
    Logon ID: 0x3e7
    Logon GUID: {00000000-0000-0000-0000-000000000000}

    Account Whose Credentials Were Used:
    Account Name: SYSTEM
    Account Domain: NT AUTHORITY
    Logon GUID: {00000000-0000-0000-0000-000000000000}

    Target Server:
    Target Server Name: localhost
    Additional Information: localhost

    Process Information:
    Process ID: 0x270
    Process Name: C:\Windows\System32\services.exe

    Network Information:
    Network Address: -
    Port: -

    This event is generated when a process attempts to log on an account by
    explicitly specifying that accountâ?Ts credentials. This most commonly
    occurs in batch-type configurations such as scheduled tasks, or when using
    the RUNAS command."
    Information 10/2/2009 12:21:29 AM Microsoft-Windows-Eventlog 1100 Service
    shutdown The event logging service has shut down.
    Information 10/2/2009 12:21:27 AM Microsoft-Windows-Security-Auditing 4647
    Logoff "User initiated logoff:

    Subject:
    Security ID: S-1-5-21-2358723158-3070534255-1126232614-500
    Account Name: Administrator
    Account Domain: SERVER10
    Logon ID: 0x199c722

    This event is generated when a logoff is initiated but the token reference
    count is not zero and the logon session cannot be destroyed. No further
    user-initiated activity can occur. This event can be interpreted as a
    logoff event."


    thanks for all!
    stephane


    "Ace Fekay [MCT]" <aceman@mvps.RemoveThisPart.org> wrote in message
    news:OFyilW5QKHA.4600@TK2MSFTNGP05.phx.gbl...
    > "loki" <loki5100-newsgroup@yahoo.fr> wrote in message
    > news:3721A299-A5A8-466E-BFD0-5D3DA207D01A@microsoft.com...
    >> Yes of course... nothing work also some strange bug in
    >> IIS (i can not see the web site configuration details for
    >> exemple)
    >>
    >> i not understand why nothing work just after a simple
    >> restart ! Is this is already happen to someone ?
    >>
    >> thanks you by advance
    >> stephane
    >>

    >
    > No, that's not supposed to happen. It could be something else is causing
    > it. Post an ipconfig /all from the server, as well as the EventID# and
    > Source Names and the error messages in the events that you see from errors
    > in the event logs. This will better help than the descriptions you've
    > provided.
    >
    > Ace
    >
    >
    >



  7. #6
    Ace Fekay [MCT] Guest

    Default Re: can not connect via remote desktop after a restart

    "loki" <loki5100-newsgroup@yahoo.fr> wrote in message
    news:C2E312C0-149E-460A-8F78-3ED2F856AA2C@microsoft.com...
    > the problem is that now i can not anymore login under the server
    > for what i see when i was logged (but in safe mode) is that
    > in the event they was no error message at all ! this was supprised me,
    > i was hopping to see some error why all the service not
    > start... nothing !! just i notice that in the event log we miss
    > some entry like :
    > MSDTC started with the following settings: ...
    > The Terminal Services Configuration service entered the running state.
    > The Server service entered the running state.
    > The World Wide Web Publishing Service service entered the running state.
    >
    > that mean the service not start ! but no explanation why they not start,
    > no error !
    > so it's look like the process do an infinite loop somewhere between
    > "File System Filter 'luafv' (6.0, 2008-01-19T05:59:06.000Z) has
    > successfully
    > loaded and registered with Filter Manager"
    > and
    > "The Plug and Play service entered the running state"
    >
    > that delay all the other event to happen !
    > network card driver error ? (but in safe mode i have the internet...)
    > other driver error ? but why no error in the event log ...
    >
    >
    > below all the event just after a reboot for the
    > 1rt time the server :


    <snipped>

    Lot's of info. Thank you. :-)

    However, nothing specific stands out. I can't find anything specific with
    the "The File System Filter 'luafv' issue" The informational stuff is just
    letting you know what's starting, etc.

    How about the ipconfig /all?

    Was anything installed or changed prior to this all happening?

    Ace



  8. #7
    loki Guest

    Default Re: can not connect via remote desktop after a restart

    > Lot's of info. Thank you. :-)
    >
    > However, nothing specific stands out. I can't find anything specific with
    > the "The File System Filter 'luafv' issue" The informational stuff is just
    > letting you know what's starting, etc.
    >
    > How about the ipconfig /all?
    >
    > Was anything installed or changed prior to this all happening?
    >
    > Ace



    you see like me, nothing wrong in the event log ! i can not believe it !
    it like i do a bad nightmare. unfortunatly i don't have anymore access
    to the server i don't remembered about the ipconfig / all, but i thing
    this was ok (because we can use the internet from the server, i connect
    to it in safe mode by vnc)

    i don't install anything on this server this year (except the windows
    update)
    and for the 3 last week we haven't installed any windows update.

    what i know :
    1/ the server was reboot 2 week ago du to a power faillure. but work
    well after.
    2/ we reboot the server around 1 time a week for the maintenance
    of the IIS application
    3/ we have 3 other server that are exactly the same that still work
    very well (the server are dell PowerEdge 2950, 4 go of memory,
    sas hard drive)
    3/ it's a web server, more than 20 000 people everyday on it.
    could it be an attack that destroy the server ? a fail in php ? but
    in this case why the server crash only after we do a reboot ?
    4/ when the guy connect in normal mode (but the first time
    it's was impossible for him because it's was "apply user settings
    for undefinite time), he notice some probleme with the driver of
    the network card (also he notice that the windows seam very unstable
    some device are not show in the device manager for exemple)
    5/ also i notice some strange but in IIS (but i don't know
    if it's was because i was in safe mode). for exemple i can
    not see the website configuration detail panel of one website,
    alway i receive an error when i try to do it given me an empty
    configuration panel

    thank again for you help !

    stephane


  9. #8
    Ace Fekay [MCT] Guest

    Default Re: can not connect via remote desktop after a restart

    "loki" <loki5100-newsgroup@yahoo.fr> wrote in message
    news:CE223B4F-B9CA-4350-82ED-35E967EF30B7@microsoft.com...
    >> Lot's of info. Thank you. :-)
    >>
    >> However, nothing specific stands out. I can't find anything specific with
    >> the "The File System Filter 'luafv' issue" The informational stuff is
    >> just letting you know what's starting, etc.
    >>
    >> How about the ipconfig /all?
    >>
    >> Was anything installed or changed prior to this all happening?
    >>
    >> Ace

    >
    >
    > you see like me, nothing wrong in the event log ! i can not believe it !
    > it like i do a bad nightmare. unfortunatly i don't have anymore access
    > to the server i don't remembered about the ipconfig / all, but i thing
    > this was ok (because we can use the internet from the server, i connect
    > to it in safe mode by vnc)
    >
    > i don't install anything on this server this year (except the windows
    > update)
    > and for the 3 last week we haven't installed any windows update.
    >
    > what i know :
    > 1/ the server was reboot 2 week ago du to a power faillure. but work
    > well after.
    > 2/ we reboot the server around 1 time a week for the maintenance
    > of the IIS application
    > 3/ we have 3 other server that are exactly the same that still work
    > very well (the server are dell PowerEdge 2950, 4 go of memory,
    > sas hard drive)
    > 3/ it's a web server, more than 20 000 people everyday on it.
    > could it be an attack that destroy the server ? a fail in php ? but
    > in this case why the server crash only after we do a reboot ?
    > 4/ when the guy connect in normal mode (but the first time
    > it's was impossible for him because it's was "apply user settings
    > for undefinite time), he notice some probleme with the driver of
    > the network card (also he notice that the windows seam very unstable
    > some device are not show in the device manager for exemple)
    > 5/ also i notice some strange but in IIS (but i don't know
    > if it's was because i was in safe mode). for exemple i can
    > not see the website configuration detail panel of one website,
    > alway i receive an error when i try to do it given me an empty
    > configuration panel
    >
    > thank again for you help !
    >
    > stephane



    I see, so there were two things that seems possibly mitigated this:

    1. Power failure forcing it down.

    2. Possible change in the web app during maintenance, but I don't think this
    would have caused it.

    If you boot in Safe Mode, none of the drivers and most services are not
    started. That is why you can't do anything with IIS in safe mode.

    I think the NIC got hit, possibly something else, too. Reboot into the BIOS.
    Disable the NICs, and boot up.

    If you have another NIC to install, disable the onboard NICs, and install
    the other NIC. Go into Safe Mode with networking, set the IP addresses, then
    reboot in normal mode. If that works, then you know it's a NIC issue or
    something else on the board that can't communicate with the NIC. If this is
    the case, call Dell to replace the board, assuming it's still under
    warranty.

    Ace



Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Recommended Download



1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47