Im curious, after you formatted the SBS, did you rejoin any of the machines
to the domain? If not, try that with one of them that is having the problem,
and see if it's fixed.
"SeriousSam" wrote:
> Having a security log build up that fast isnt that amazing when you consider
> all the events that can be written to it. If there is file or folder auditing
> set up on a lot of objects, you can fill it that fast easily. You need to
> check in group policy for auditing rules. Also, for the random disconnects,
> it seems that if you look down that list of events in the security log, you
> may find clues to the reason for the disconnects. Look for the failures, if
> those are being audited. If i could venture a guess, it would be that you
> find find tons of kerberos failures.
>
> "haemphyst" wrote:
>
> > I just formatted a SBS machine, about 4 months ago, in favor of 2K3 Standard
> > R2. Installation went perfectly, the applications (Office suite, Practice
> > Studio software)necessary to run the doctor's office installed perfectly.
> > DNS seems to be functioning better here than on my working server at my
> > primary office.
> >
> > The big issue thus far is this: Every machine will log on every morning.
> > Every machine will map it's prescribed drive on the server. Every machine
> > will map/connect to it's prescribed print device, whether local, IP'd, or
> > UNC'd, to either the server, or even another client. This will work for a
> > while... Just "a while", as the time frame involved is random. If the
> > machine is CONSTANTLY in use, there seems to be no issue, but if the machine
> > is left for even 30 seconds, it will lose ALL network connections. All of
> > them. The local administrator, (bless her pointed head) has to run around
> > and double click a batch file I wrote to reconnect all of the shares as a
> > given machine will lose it's connectivity.
> >
> > I can't find ANYTHING to help me with this issue, but I have a sneaking
> > suspicion that it involves excessive network traffic. I just don't know
> > where the traffic is, or is not. Read on...
> >
> > Since 10-13-07 the various logs in the Event Viewer have generated the
> > following counts:
> >
> > Application: 3,359
> > System: 5,762
> > Directory Service: 404
> > DNS: 17
> > File Replication Service: 55
> >
> > All those numbers seem to be within normal ranges, to me. 60 days, and
> > counting, to generate those numbers doesn't seem to be out of the norm from
> > what I have seen from other servers.
> >
> > Now... The REALLY odd one, the one that sticks out like a sore thumb, is
> > the security log. H-U-G-E numbers. I cleared the log on Monday afternoon,
> > and within one hour's time, there were 5500 events generated. Since I
> > cleared the log, at 242pm yesterday (it is now 4:15), there have been 209,713
> > events! That's NOT a typo! 210 THOUSAND events.
> >
> > ANYBODY got any kind of suggestions for where I can look to resolve this
> > issue? I m losing my hair over it!
|
Similar Threads
Linear Mode
