Alright, so here’s the situation:
First, I’ve implemented a WSUS server and GPO to prevent/keep and centrally managed our windows update systems and the only updates I push out automatically are Critical updates, service packs, and Security Essentials definition updates. These take place at 8:00pm nightly with the exception of MSE which happens every hour if they are available.
This morning 2 of our managers, one is customer service the other accounting, and one of our sales reps, came in to find their POP3 outlook 2010 PST files gone. Just completely not there. Because we use folder redirection, all PST files are stored in appdata\local\microsoft\outlook in the local user profile (no roaming profiles just redirection at this point). I took an image of the accounting machine using FTK imager and the location of the PST is there and the file is there. Curiously, the 2 archive files are recoverable and working after an export. However, the main pst that was 5.9 GB was reading 0 bytes. I took 2 more images and all report the same thing, that the main pst is 0 bytes. The last modified time was 8:17:41pm yesterday 8/14/2012.
I started the imaging on the other two machines and will know more about those tomorrow.
All folder redirections and GPO according the event log pushed out successfully. Several of the KB updates (I forgot to bring them home), totaling 5, had to do with Office Home and Business 2010 Single Point Image (according the event log). It pushed out to all 35 machines successfully without 3 machines having this outlook issue. Two of these machines were infected with a Maclicioustool:win64/spector Trojan/virus back on 7/3 when MSE quarantined and deleted the file.
Any ideas on where to start so I can give my bosses an answer?
Couple of ideas/thoughts. One, ensure antivirus agent on them is fully updated and functioning, then run a full, invasive scan, with every A/V option turned up, "full tilt boogie" to catch anything - but do it from a bootable CD so you aren't loading anything malicious from the OS.
I'm guessing the OS is Win7, which runs something called Volume Shadow Copy, which uses System Restore Point. At this point, pull up the VSC history, and I'll bet that's where your original .PST's are located.
Also, I trust the version of Office is 2007 or higher. 5.9 GB PST is way too large for Outlook 2003 and would likely be corrupted. And folder redirection to a local folder on the host has nothing to do with files disappearing, but you probably already knew that. :)
Related
A client's file seems to have vanished overnight between Sunday Jan 29th 23:30 and Monday 10:30 AM CST (Chicago time) and we want to rule out or locate anything a Windows update might have done to cause this problem. Automatic updates was enabled. The user was not on the computer during that period.
When I look in Windows Update / Update History there were 8 or so recent updates which do no show up on the list of updates that can be rolled back. I'm not familiar with this. All the updates around this period begin the same: "Security Intelligence Update for Microsoft Defender Antivirus - KB2267602", one on Jan 29th and two on Jan 30th.
Larger context -- the file that appears to be suddenly missing is a standard menu item in AOL Desktop Gold called "Saved to my PC" which contains ( or did ) several thousand email messages going back years.
The ( generally clueless ) AOL helpdesk (a least the 8 different people we were routed through ) denied that AOL did any update to their product in this time window. They also were unable to find any record of a 3.2 hour session we had with them April 24,2022 about this same file and told us they don't keep tickets over 6 months, and for 7 of them we had to explain to them how their own product worked. Sigh.
When i say the file has vanished what i mean is that there used to be a menu item linking ot that hard-drive file / folder / directory and the entire link was now suddenly missing. I only today managed to find out by web surfing the name of the (hidden) filee and haven't yet determined whether the file is actually missing, or whether just the link to the file is broken. I did locate a dozen other people over the past few years who similarly lost their AOL mail and had no joy from AOL help desk in locating or restoring it.
So one possible thing the security update to Windows Defender could have done was finally scanned for some new virus, found it, and possibly quarantined the file instead of deleting it. I'll check that this afternoon.
So, the file may have been deleted, or some symlink to it may have been deleted, in which case uninstalling the updates won't help.
BUT, I wanted to SEE if uninstalling the updates would magically make the file ( menu item) suddenly work again, so I come here to ask you wise people if there is some way to unstall such updates that are not on the provided list of updates to uninstall.
More likely it got quarantined and I need to go figure out where the log of such events is kept. (and what to do if that is true. ) I know the 11 hour window in which that would have happened.
Any bright ideas? What am I overlooking and what question should I have been asking?
Thank you!
Wade
I have a setup where I have one computer at the office and another at my house, and the project data are being shared via OneDrive. This is purely for my own convenience and I only ever work on one computer at a time, shutting down Visual Studio when I'm not using it on either computer.
My current problem involves a project that is being synchronised via OneDrive but uses a SQL Server LocalDB database for development and testing but, despite the files being synchronised between the two computers, data that was inserted on one computer does not appear in queries run on the second computer.
Synchronisation only occurs once Visual Studio is shut down, since file locking prevents the process. I have verified that both the .mdf and the .ldf files are being copied (the file sizes and modification dates are correct). I have also physically copied the files via external harddrive to rule out the OneDrive synchronisation step, but the problem persists.
I have also verified that even after the files are copied, the inserted data is still present on the computer where the INSERT was done, but is not appearing when doing a SELECT on the second computer.
I was under the impression that LocalDB only used the .mdf and .ldf files, are there caching files somewhere else that I also need to synchronise?
All code and other project files are being synchronised just fine, it's only the database that is experiencing this problem.
I understand that this is probably a weird setup for most people, and I would never do this if I were in a team setting but I would appreciate some insight into what could be going wrong.
Sorry for the trouble to anyone, I seem to have solved the issue myself.
Just for pure sanity, I tried to detach and then re-attach the .mdf file on the second computer (the one that was not picking up the INSERTed data) and got an error about the LocalDB instance being a version too old for the file.
Turns out the computer on which the INSERTs were done was running a v13 instance and upgraded the .mdf file to that version, while the other computer was running a v11 instance. Both computers are now running on the same instance version and the missing data is now showing.
After working with Windows Server since NT 3.51, this was kind of a first for me. Here's the scenario.
After no issues accessing a Windows Server 2012 R2 network share for 2 years, a Win 7 Pro workstation all of a sudden can access the mapped drive to the share, but cannot see all subfolders underneath it. Only one is visible, not the other 20 or so.
When I log out as the user and login as the domain admin account, the issue persists on the workstation. Just this one workstation.
Nothing has changed in terms of the share or NTFS permissions on the server-side of things.
I look in the server event logs as well as the workstation's and don't see anything striking.
I removed the workstation from the domain and add it again. The issue still persists.
The workaround is that I created a second share to the same resource on the server-side of things. Mapping a different drive letter to this new share, the workstation can see everything again.
My only guess would be some sort of old school SAM database corruption or something? I recall years ago I had a Windows 2000 Server that would lose Computer Browser functionality due to some odd SAM database corruption. The only solution back then was to reboot the server. It was the PDC and couldn't even browse its own network shares.
My company still has a classic asp site that we are working to upgrade to .net. Our entire development team ground to a halt when we upgraded to windows feature 1803 which introduced task view. A single page went from a few seconds to over 8 minutes to load. Since classic asp and VBScript are not popular there was nothing about this on stack overflow.
I found the fix and wanted to leave this info here in case anyone else also is having this issue.
You need to get the vbscript.dll file from a pre-1803 feature branch of windows and copy it to your updated machine. I did this in two locations c:\windows\system32 and c:\windows\SysWOW64. Not sure if both were needed, but my page load time went from 8+minutes to under 10 seconds.
I recommend keeping your original dll just in case.
You will need to change the owner of the file from Trusted Installer to Administrators to grant yourself the permission to touch the file.
Within our network infrastructure we utilize a 2007 Exchange Server for our domain.
Today I was faced with a situation where a user who has MS Office 2010 x64 and utilized Outlook 2010 called me and stated that her "Saved Items" inbox was missing. I remoted into her system and sure enough one of her mailboxes was not present.
It's easy enough to "fix" this by just adding the data file again which is located on a network share F:..\mailxxx.pst
This user has multiple mailboxes as a way to view her archived data.
Located in this shared folder there are additional .pst files that remained accessible to the user.
This appears to happen randomly and has happened at least one other time to this same user, and one time to a separate user who also has data on this same share.
Thoughts?
Microsoft does not support PST files on a network drive. This is a recipe for a disaster.