[foofus-tools] Failed dump continued...
jmk
jmk at foofus.net
Mon Mar 28 12:51:37 PDT 2011
I suspect that FgDump is mistaken about successfully shutting down
Symantec. Does a "net start" should any Symantec'y services still
running while FgDump is doing its thing?
Joe
On Mon, 2011-03-28 at 14:59 -0400, Al Berg wrote:
> Here is the log file from the failed fgdump session we have been
> discussing on the list recently, now with 100% more verbosity added.
>
> The AD that I am trying to dump has about 500 user accounts.
>
> Any insight would be appreciated.
>
>
> Al
>
>
>
>
>
>
>
>
>
> --- fgdump session started on 3/25/2011 at 15:07:57 ---
>
> --- Command line used: fgdump.exe -h 1.1.1.1 -u xxxx -p xxxx -v -v -v
> ---
>
> --- Session ID: 2011-03-25-19-07-57 ---
>
>
>
> >> A new worker thread has been created with the ID: 00000e14 <<
>
> Starting dump on 1.1.1.1
>
>
>
> ** Beginning dump on server 1.1.1.1 **
>
> INFO: skipping cachedump on 1.1.1.1 because 1.1.1.1.cachedump exists
> or I was told to skip cache dumps
>
> INFO: skipping dump of protected storage secrets on 1.1.1.1 because
> 1.1.1.1.lsadump exists or I was told to skip LSA dumps
>
> OS (1.1.1.1): Microsoft Windows 2003 Unknown Service Pack 1 (Build
> 3790)
>
> Symantec is running on this machine, shutting it down for a bit...
>
> Stopped Symantec service "Symantec AntiVirus" successfully
>
> Found share C$, whose physical path is C:\
>
> Found share OCS_Backup, whose physical path is E:\OCS_Backup
>
> Found share CN_DHCP_Backup, whose physical path is E:\CN_DHCP_Backup
>
> Found share CertEnroll, whose physical path is C:\WINNT\system32
> \certsrv\CertEnroll
>
> Found share IPC$, whose physical path is
>
> Found share FxsSrvCp$, whose physical path is C:\Documents and
> Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\Common
> Coverpages
>
> Found share ADMIN$, whose physical path is C:\WINNT
>
> Found share faxclient, whose physical path is C:\WINNT\system32
> \clients\faxclient
>
> Found share D$, whose physical path is E:\
>
> Found share DHCP_Backup, whose physical path is E:\DHCP_Backup
>
> Found share E$, whose physical path is E:\
>
> Found share SYSVOL, whose physical path is E:\WINNT\SYSVOL\sysvol
>
> Found share NETLOGON, whose physical path is E:\WINNT\SYSVOL\sysvol
> \itg\SCRIPTS
>
> Found share OCSR2_Backup, whose physical path is E:\OCSR2_Backup
>
> Able to write to this directory, using location \\1.1.1.1\C$ for
> cachedump
>
> Execution path of fgexec is C:\\fgexec.exe -s -n
> {4D9B504D-C135-4C9F-9503-0A1956E375FB}
>
> Successfully installed service 'fgexec' on 1.1.1.1
>
> Successfully started fgexec service on 1.1.1.1
>
> Warning: pwdump did not complete in a timely manner -
> exitingSuccessfully stopped fgexec service on 1.1.1.1
>
> Successfully uninstalled service 'fgexec' on 1.1.1.1
>
> Started Symantec service "Symantec AntiVirus" successfully
>
> Terminating thread 00000e14 (lpszServer is NULL)
>
>
>
> -----Summary-----
>
>
>
> Failed servers:
>
> NONE
>
>
>
> Successful servers:
>
> 1.1.1.1
>
>
>
> Total failed: 0
>
> Total successful: 1
>
>
>
>
>
>
> _______________________________________________
> foofus-tools mailing list
> foofus-tools at lists.foofus.net
> http://lists.foofus.net/listinfo.cgi/foofus-tools-foofus.net
More information about the foofus-tools
mailing list