Associate
- Joined
- 30 Jan 2012
- Posts
- 1
We have had this issue now with 3 completely different servers, 2 of which we have now performed a full rebuild on from scratch (new domain etc.) which has obviously resolved the issue, the third is running after a windows server backup restore, but the issue has not been resolved and is still apparent on the server, which means on a reboot it will not boot again).
We have taken a backup of this server from when it was originally restored and moved it into a virtual testing environment to try and fix.
The server is running Windows SBS 2008 (as were the other 2), on DELL PowerEdge T110 hardware (although now on a VM), we have had full diagnostics completed by DELL and no issues with any of the hardware have been found and the 2 servers that we have fully rebuilt back onto the old hardware are running perfectly fine. The only other software and hardware that is the same on all 3 servers are AVG Anti-Virus (full scans completed with this and Eset online and logs checked no threats found), Symantec Backup Exec and an internal RDX drive.
Basically what happens in the virtual environment after you complete the restore, the server boots okay and can be rebooted no problems, and then without notice (usually within 24 hours), you will perform a reboot and it will not boot, saying that specific .sys files are missing or corrupt. We have noticed have reverting back to snapshots of the machine that sporadically and for no reason that we can obtain from the event logs files that files from the System32\drives folder are being removed, and other folders such as the inetsrv folder are being emptied?!
Once this happens the server will not boot again. We have shadow copies running on the C: drive and can tell that at different intervals the drivers folder has got over 400 files and then in the next interval it has reduced to 235 files?! Again, no reason for this and it won’t boot. We have disabled backups and A/V and it still happens... As well as checking the application and system event logs between these times, which show many errors happening at a certain times and obviously after the files have been removed, none of which seem to be conclusive?
Completely stumped, any ideas?
We have taken a backup of this server from when it was originally restored and moved it into a virtual testing environment to try and fix.
The server is running Windows SBS 2008 (as were the other 2), on DELL PowerEdge T110 hardware (although now on a VM), we have had full diagnostics completed by DELL and no issues with any of the hardware have been found and the 2 servers that we have fully rebuilt back onto the old hardware are running perfectly fine. The only other software and hardware that is the same on all 3 servers are AVG Anti-Virus (full scans completed with this and Eset online and logs checked no threats found), Symantec Backup Exec and an internal RDX drive.
Basically what happens in the virtual environment after you complete the restore, the server boots okay and can be rebooted no problems, and then without notice (usually within 24 hours), you will perform a reboot and it will not boot, saying that specific .sys files are missing or corrupt. We have noticed have reverting back to snapshots of the machine that sporadically and for no reason that we can obtain from the event logs files that files from the System32\drives folder are being removed, and other folders such as the inetsrv folder are being emptied?!
Once this happens the server will not boot again. We have shadow copies running on the C: drive and can tell that at different intervals the drivers folder has got over 400 files and then in the next interval it has reduced to 235 files?! Again, no reason for this and it won’t boot. We have disabled backups and A/V and it still happens... As well as checking the application and system event logs between these times, which show many errors happening at a certain times and obviously after the files have been removed, none of which seem to be conclusive?
Completely stumped, any ideas?