August 17, 2005 in the Journal of Frank Farm

Wednesday, August 17, 2005

Granola, toast and margarine, an apple for breakfast. At work fires burned all morning. The big one was that our computer lab server was misbehaving somehow, and I'm filling in for the admin who is on vacation. Logging in and logging out for student accounts took an unusually long time—if one was patient enough to wait 10 or 15 minutes. Yes, they're roaming profiles, but Group Policy is already set to exclude commonly large directories, and it's not clear why the problem happened shortly after the admin's vacation began. I had called in backup yesterday, and the computer support outsource agency we use for our more difficult problems sent Joe, who knows his stuff. He immediately suspected spyware or virus, but I knew the server had firewall and anti-virus, so I was doubtful. After trying and failing to access what we needed from the server remotely, we found no one had a key to the office where the server was located. The admin assistant down the hall wasn't at her desk, and another person in her office said he didn't have a key. Ena called the lock shop (which couldn't give us a time when they could show up) before relying on an inside connection no one else knew and came up with a key. We got in, and after some poking around we found we needed a local admin login and password and I had none. I feel a little responsible for these roadblocks, since I was entrusted to be a backup. I should have insisted on these things before the admin left, but I didn't. What could go wrong? I thought. Eventually, we suspected Sasser but a Sasser removal tool didn't find it on the system. We installed Microsoft Anti-spyware Beta but it found nothing, too. At one point, Blaster was a suspect, too, but again a removal tool did not find it on the system. Windows Server 2003 Service Pack 1 hadn't been installed, but when we tried to install that it gave an error that it could not install and subsequently restarted the server. We poked about in Group Policy. We googled and googled and googled for solutions to the various error messages we had been getting and came up with nothing conclusive. We looked in the event log for clues, and they led us nowhere. We disabled suspect services. Joe was very suspicious about all the blocked intrusions reported by our firewall but I told him it's normal for us to see that kind of activity. In the end, changing some permissions on a share got us almost back to normal, and in the process we had discovered that all 3 hard drives were severely fragmented and one of them was FAT32 instead of NTFS. It's not clear why the permissions change fixed the problem, but at least things seem to be working now better than before. I let Joe go to put out other people's fires, but there's still plenty of work to be done with this server. I started one drive defragging overnight. The smaller fire today was Chris's laptop. Tito from yesterday returned, replaced the graphics card with another one, and the problem still happens. He said Dell had sent him a refurbished graphics card, so he said he would call them and request a new graphics card as well as a new LCD (just in case, I guess). He'll likely be back tomorrow. Fortunately Tito didn't take up much of my time at all. I made updates to career fair and placement interviews and pharmacy information day for Joel. Lunch today was salisbury cow, mashed potatoes and gravy, corn off the cob from the cafeteria. Dinner at home with Patrick: butternut squash soup, leftover ramen and vegetables and egg, toast and margarine. Grocery shopping at Trader Joe's. Started researching backup solutions on OS X. My sister gave birth to a healthy baby girl today. Labor was only a few hours, Rob says. They have chosen a first name: Kiana.