- May 13, 2003
- 94
- 0
- 102
Well my first real large scale problem as network admin occured today. Yesterday after spending all day wiping out the conficker virus on over 800 networked PCs i was feeling rather happy.
I got up this morning and logged into our servers to start various services before the academy opened for the students. i couldnt RDC into any of our servers from home so went straight to work at 6am waiting for the caretakers to open up got in and found both my main and backup domain controllers were down.....staff started coming in and loggin on and giving me phone call after phone call about the domain not being available after disconnecting the phone i managed to restore DC1 (all our servers are virtual using VMWare) managed to connect to out sophos server and found ever single computer was infected.
Powered down all my switches, pulled all my fibres out and so there was just my office and the servers and our connection to our ISP. managed to get everything working bar my backup server and Domain Controller 2. DC2 is ****ed, no virus just ****ed. anyway after getting rid of yet another virus, reading countless forums doing limitless scan i got the all clear i decide to reboot my updates server so i can ghost 2 machines before i go. RDC times out but i can ping it, hands in head i walk aboutside and have a cig (meant to finish work over an hr ago) . remotely turned on all comps in the school and sophos pops up, 1 computer has a virus. i go check it out, netlogon not running RPC not running no services running under a any username. white borders round the login box. go back upstairs, both my DCs are down sophos server doesnt exist anyway. SQL server black screened.
I ring our IT sponsor, apparantly everyone with our ISP has this. it breached their firewalls, our firewalls, my AV servers and beofre i knew it im 10x more infected than i was yesterday. I hear footsteps coming down the coridoor outside my office they stop, look round and its the principal and the vice principal. fortunatly they just told me to go home and come back fresh tomorrow.
So now im working from here after jimmy rigging a RDC. Just looked and MY active directory is ****ed, both computers names and user accounts my DHCP wont work, DNS is ****ed Group Policies are messed up and worst of all i cant access any network shares or my SAS storage drives and to top it all off my coffee machine is broken
Sorry for that, i felt the need to rant, the joys of being network admin for any of you that are looking into it
I got up this morning and logged into our servers to start various services before the academy opened for the students. i couldnt RDC into any of our servers from home so went straight to work at 6am waiting for the caretakers to open up got in and found both my main and backup domain controllers were down.....staff started coming in and loggin on and giving me phone call after phone call about the domain not being available after disconnecting the phone i managed to restore DC1 (all our servers are virtual using VMWare) managed to connect to out sophos server and found ever single computer was infected.
Powered down all my switches, pulled all my fibres out and so there was just my office and the servers and our connection to our ISP. managed to get everything working bar my backup server and Domain Controller 2. DC2 is ****ed, no virus just ****ed. anyway after getting rid of yet another virus, reading countless forums doing limitless scan i got the all clear i decide to reboot my updates server so i can ghost 2 machines before i go. RDC times out but i can ping it, hands in head i walk aboutside and have a cig (meant to finish work over an hr ago) . remotely turned on all comps in the school and sophos pops up, 1 computer has a virus. i go check it out, netlogon not running RPC not running no services running under a any username. white borders round the login box. go back upstairs, both my DCs are down sophos server doesnt exist anyway. SQL server black screened.
I ring our IT sponsor, apparantly everyone with our ISP has this. it breached their firewalls, our firewalls, my AV servers and beofre i knew it im 10x more infected than i was yesterday. I hear footsteps coming down the coridoor outside my office they stop, look round and its the principal and the vice principal. fortunatly they just told me to go home and come back fresh tomorrow.
So now im working from here after jimmy rigging a RDC. Just looked and MY active directory is ****ed, both computers names and user accounts my DHCP wont work, DNS is ****ed Group Policies are messed up and worst of all i cant access any network shares or my SAS storage drives and to top it all off my coffee machine is broken
Sorry for that, i felt the need to rant, the joys of being network admin for any of you that are looking into it