Hosting Provided By

RE: Weird Profile in Documents and Settings

From: Andre Arcand <aarcand(at)fonex.com>
Date: Tue Mar 04 2003 - 09:58:04 EST

I have in the Documents and setting folders 2 user profile written in Chinese font (i have multi Language installed). After some troubleshooting, i noticed that this Chinese written profile was the one used by the domain admin user. I can logon with the Domain/Admin user without any problems copied something on desktop and checked in the Chinese profile the file was there. I logged on with the local admin, The user profile works fine. Tested copying on the desktop and the file is there in the local/admin profile.

So to recapitulate,

Local admin has its normal profile folder structure. Domain admin has a Chinese font written profile folder structure.

I checked my events log and noticed the following event.

Event Type:	Error
Event Source:	NETLOGON
Event Category:	None
Event ID:	5788
Date:		04/03/2003
Time:		8:18:55 AM
User:		N/A
Computer:	powervault

Description:
Attempt to update HOST Service Principal Names (SPNs) of the computer object in Active Directory failed. The updated values were 'HOST/powervault' and 'HOST/powervault'. The following error occurred: The parameter is incorrect.
Data:
0000: 57 00 00 00 W...

I was wondering if this could have something to do with the weird profile. Is it possible that the Domain\admin user profile gets corrupted because the computer can't register properly in the AD.?

I have this partition mirrored to another drive and these folders don't show up in the 2nd drive. Maybe it is just corrupted. Would it mirror corrupted data ? I assume yes. but its not.

I have deleted the user profile which i could delete with local/admin. Re-logged with Domain/admin and the good profile was created. Now the only thing left to do is to monitor so make sure the profile folders don't come back as Chinese.

anyway, i though i might share the weirdness with you guys. So it could help us all to understand what happened and why.

Do you need help?

Thanks for any help.

Dre.

-----Original Message-----
From: Rob Shein [mailto:shoten@starpower.net] Sent: February 20, 2003 11:19 AM
To: 'Greg Wiedeman'; incidents@securityfocus.com Subject: RE: Weird Profile in Documents and Settings

I have never seen this before, but the squares are indicators of extended characters. Do the profiles show up in the profile list, and what else can you tell us about them? How big are they, are they the same size on all machines, what is in the folders?

> -----Original Message-----

Do you know the base address of the Global Offset Table (GOT) on a Solaris 8 box?
CORE IMPACT does.
www.securityfocus.com/core

<Pre>Lose another weekend managing your IDS? Take back your personal time.
15-day free trial of StillSecure Border Guard.</Pre> <A href="http://www.securityfocus.com/stillsecure"> http://www.securityfocus.com/stillsecure </A> Received on Tue Mar 4 10:55:25 2003

This message: [ Message body ]
Next message: m0use: "RE: www.nopop.net"
Previous message: Patrick Webster: "UDP port 41170"
In reply to: Rob Shein: "RE: Weird Profile in Documents and Settings"
In reply to Rob Shein: "RE: Weird Profile in Documents and Settings"
Next in thread: Anders Thulin: "Re: Weird Profile in Documents and Settings"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:59 EDT

Do you need more help?