CertSVC Reestablished

CertSVC Reestablished

Post by ruin » Thu, 13 Apr 2006 05:19:18


I am getting a strange message on my 2k3 DC. The server is running IAS
and CA for wireless auth.

Event Type: Warning
Event Source: CertSvc
Event Category: None
Event ID: 77
Computer: DC01
Description:
The "Windows default" Policy Module logged the following warning: The
Active Directory connection to DC01 has been reestablished to DC01.

This will happen between 1/2 to 4 times per day on the server.
Everything seems to be functioning properly for the authentication, so
i'm wondering why this message is appearing.

Ruine
 
 
 

CertSVC Reestablished

Post by Elendi » Thu, 13 Apr 2006 05:29:12

It is unfortunate that you didn't name your anti-virus/anti-spyware programs
but in the future please do.

Check your system for viral malware:

Download MULTI_AV.EXE from the URL --
http://www.yqcomputer.com/

To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go
through your
FireWall to allow it to download the needed AV vendor related files.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in
Normal Mode.
This way all the components can be downloaded from each AV vendor's web
site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot
the PC.

You can choose to go to each menu item and just download the needed files or
you can
download the files and perform a scan in Normal Mode. Once you have
downloaded the files
needed for each scanner you want to use, you should reboot the PC into Safe
Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want to
run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal
Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more
comprehensive PDF help
file. http://www.yqcomputer.com/

Additional Instructions:
http://www.yqcomputer.com/ #Step_3_%96_Getting_Help

I recommend using the Kaspersky and McAfee modules. Then check your system
for non-viral malware:

Taken from one of David Lipman's most:

Please download, install and update the following software...

* Ad-aware SE v1.06
http://www.yqcomputer.com/
http://www.yqcomputer.com/
http://www.yqcomputer.com/

* SpyBot Search and Destroy v1.4
http://www.yqcomputer.com/
http://www.yqcomputer.com/

* SuperAntiSpyware
http://www.yqcomputer.com/

After the software is updated, I suggest scanning the system in Safe Mode.

If the problem persists post back here for more help!

 
 
 

CertSVC Reestablished

Post by Paul Adar » Thu, 13 Apr 2006 06:01:14

In article < XXXX@XXXXX.COM >, in the
microsoft.public.security news group, Elendil
< XXXX@XXXXX.COM > says...


Oh my god. If you don't know anything about the subject at hand, and in
this case you obviously don't, please don't post a generic spew about
A/V software and malware, it doesn't do anyone any good and is simply a
waste of everyone's time.

To the original poster, these events are simply informational and mean
that for some reason your CA is losing its connection to the DC. They
really aren't anything to worry about per se, though you may want to
check to see if you've got some kind of flakey switch or something in
between the CA and the DCs.

--
Paul Adare - MVP Virtual Machines
It all began with Adam. He was the first man to tell a joke--or a lie.
How lucky Adam was. He knew when he said a good thing, nobody had said
it before. Adam was not alone in the Garden of Eden, however, and does
not deserve all the credit; much is due to Eve, the first woman, and
Satan, the first consultant." - Mark Twain
 
 
 

CertSVC Reestablished

Post by Brian Koma » Thu, 13 Apr 2006 06:14:50

In article < XXXX@XXXXX.COM >,
XXXX@XXXXX.COM says...
<snip>
What the hell does this have to do with the problem mentioned in this
email. The CA is re-establishing its connection to a DC. This is not a
problem, it is a warning message that is informational.

Regards,
Brian
 
 
 

CertSVC Reestablished

Post by Elendi » Thu, 13 Apr 2006 06:40:39

Jeez people... it was in security so I figured it's probably some type of
malware.
 
 
 

CertSVC Reestablished

Post by Paul Adar » Thu, 13 Apr 2006 06:46:49

In article < XXXX@XXXXX.COM >, in the
microsoft.public.security news group, Elendil
< XXXX@XXXXX.COM > says...


Jeez sport, that's the whole problem. It would help if you actually read
and understood the problem before responding. Just because this is the
.security news group doesn't necessarily mean that every post here has
something to do with malware. Read the post before posting some kind of
generic spew that has nothing to do with the problem.

--
Paul Adare - MVP Virtual Machines
It all began with Adam. He was the first man to tell a joke--or a lie.
How lucky Adam was. He knew when he said a good thing, nobody had said
it before. Adam was not alone in the Garden of Eden, however, and does
not deserve all the credit; much is due to Eve, the first woman, and
Satan, the first consultant." - Mark Twain
 
 
 

CertSVC Reestablished

Post by Brian Koma » Thu, 13 Apr 2006 06:47:31

Welll. reading comprehension is also an important part of security. All
things security are not malware related. Read the message before pasting
responses.

Brian

In article < XXXX@XXXXX.COM >,
XXXX@XXXXX.COM says...
 
 
 

CertSVC Reestablished

Post by Paul Adar » Thu, 13 Apr 2006 08:18:59

In article < XXXX@XXXXX.COM >, in the
microsoft.public.security news group, Paul Adare < XXXX@XXXXX.COM >
says...


FWIW, you're not the only one guilty of this behaviour, there are some
MVPs in here who automatically assume that the answer to every post here
is to scan for malware.

--
Paul Adare - MVP Virtual Machines
It all began with Adam. He was the first man to tell a joke--or a lie.
How lucky Adam was. He knew when he said a good thing, nobody had said
it before. Adam was not alone in the Garden of Eden, however, and does
not deserve all the credit; much is due to Eve, the first woman, and
Satan, the first consultant." - Mark Twain
 
 
 

CertSVC Reestablished

Post by ruin » Wed, 26 Apr 2006 08:20:27

Thanks for the info. That is what i had figured as well, but was unable
to confirm. I just wanted to double check my thoughts before i
instructed my client to disregard. I suspect it was some sort of
bandwidth issue, as the machine it is logging on is a DC and also is
the main file server, and this is their busy season.
 
 
 

CertSVC Reestablished

Post by ruin » Wed, 26 Apr 2006 08:23:15

Thanks for your post as well. Please read my reply to Paul above for a
recap. I just wish that MS would not categorize informational events
as warnings.