@ausphiwvwc wrote:
I can guarantee that was not my case. System has no internet connectivity, and up to date AV. Anything put on system is scanned by the machine I download it on, and the by another AV app on another machine. Then finally by the AV on the server I am putting it on. All three AV's are different.
Systems that have vunerabilitys frequently get buffer overruns that reside in RAM not as files on the disk. Several of the blaster worm variants were this way. They loaded into memory via a buffer overrun and then once infected the compromised machine infected others.
Users with laptops bringing infected machines into the network are one of the vectors for such annoyances.
like I said not my problem. No outside machines of anysort allowed on network, and even if somebody had tried it would not have worked. So it is not a vulnerability or virus issue.
Even though the event log showed nothing, "Proc_1 processor sensor IERR" was being logged by the Dell Open Management System software right before the server shutdown.
I spoke with Dell support and at first they told me that I needed to upgrade the BIOS from A00 to A02 and the BMC from version 1.07 to 1.23. Evidentally A01 had several changes to how the processor was being handled.
I did that and the server shutdown 4 times in a 24 hour period. I called them back and they said that the board as well as the processor needed to be replaced, in which they did. Glad to see the service contract paid off.
The server has been up for a week now. :smileyvery-happy:
Ok.. this is getting rediculous.. I redid the server on Saturday, March 19, 2005, 2:06:18 PM
and it's been rock solid since then.. everything was back on it except for PC-Anywhere and Symantec Control Center.
I installed both Monday night (May 16th) and it was fine..... Local admin started her full back system backup (regular task on Thurs nights) and as she started it... it crashed. and came back up.. same deal..
Now.. let's take a quick look at this... PCAnywhere... caused complete system reboot (while not being used) and left absolutly no trail in the event logs... Symantec Control Center.. caused complete system reboot (while not being used) and left absolutly no trail in the event logs...
I find this very hard to believe...
I'm back to it's a hardware issue... I guess it's back to Dell with the results from their DSET progrm and my "it's been fine for 2months.. now it's starting again... after a complete redo).. actually it ran fine for about 2 months on the factory install then it started this.. then complete reinstall.. 2 months.. and back to this.. this is completely stupid.......... I love and trust dell equipment but this is stupid..
Well, the latest is that after the last reload, and a DSET sent and reviewed by L3 support they came and replaced 1 Power supply and the entire motherboard. Their still grasping at straws at this point I think. there's only 1 other power supply and the backplane that the supplies plug into left on the power side.
I guess we're back in the waiting game, see if it happens again.. the only thing to look on the good side, is once it started to do it.. it did it atleast every week.. so we should know over the next few weeks if something is now fixed.
There's still some question as to if it's hardware or software. I still keep comming back to the fact that although windows isn't the best in the world.. it's usually good for an abundance of errors if an application goes south... and since nowhere there are any logs of an application failure it leans me towards hardware.
speedstep
9 Legend
•
47K Posts
0
April 21st, 2005 17:00
Systems that have vunerabilitys frequently get buffer overruns that reside in RAM not as files on the disk. Several of the blaster worm variants were this way. They loaded into memory via a buffer overrun and then once infected the compromised machine infected others.
Users with laptops bringing infected machines into the network are one of the vectors for such annoyances.
ausphiwvwc
6 Posts
0
April 22nd, 2005 03:00
MJF01
3 Posts
0
May 13th, 2005 01:00
Even though the event log showed nothing, "Proc_1 processor sensor IERR" was being logged by the Dell Open Management System software right before the server shutdown.
I spoke with Dell support and at first they told me that I needed to upgrade the BIOS from A00 to A02 and the BMC from version 1.07 to 1.23. Evidentally A01 had several changes to how the processor was being handled.
I did that and the server shutdown 4 times in a 24 hour period. I called them back and they said that the board as well as the processor needed to be replaced, in which they did. Glad to see the service contract paid off.
The server has been up for a week now. :smileyvery-happy:
Tuxman
11 Posts
0
May 20th, 2005 01:00
Tuxman
11 Posts
0
May 21st, 2005 17:00
Well, the latest is that after the last reload, and a DSET sent and reviewed by L3 support they came and replaced 1 Power supply and the entire motherboard. Their still grasping at straws at this point I think. there's only 1 other power supply and the backplane that the supplies plug into left on the power side.
I guess we're back in the waiting game, see if it happens again.. the only thing to look on the good side, is once it started to do it.. it did it atleast every week.. so we should know over the next few weeks if something is now fixed.
There's still some question as to if it's hardware or software. I still keep comming back to the fact that although windows isn't the best in the world.. it's usually good for an abundance of errors if an application goes south... and since nowhere there are any logs of an application failure it leans me towards hardware.
more to follow..