I have a tricky situation on my Windows NT 4.0 Server.  First, some basic
details:  Compaq Proliant Server running Windows NT 4.0 Server, 64 MB RAM,
2 - 14.4GB IDE hard drives.  In the original configuration, the disks were
setup up as a C:\ partition containing the system volume (using a small
piece of physical drive 1), and a D:\ drive set up as a striped set using
the remainder of the bulk of physical drive 1, and all of physical drive 2.
For seemingly no reason, the server encountered a problem whereby it
continually will restart itself and upon rebooting, a message box similar to
the Blaster virus system shutdown box will appear, warning that the system
encountered an "environmental abnormality" and will shutdown in 60 seconds.
The box says the system shutdown was called by SYSTEM/NT AUTHORITY.  It
differs from the Blaster virus in that it has nothing to do with RPC calls.
I also have taken the Blaster possibility out of explanations for this since
I (a) patched it regularly, including the patch that blocked Blaster, and
(b) ran Symantec's Blasterfind.exe tool and every file on the system was
scanned and found to be clean.

My first thought was: does the "shutdown -a" command work in Windows NT 4.0
environment?  I have read numerous webpages that say this command can stop
an automated system shutdown.  This is what I have been trying, although the
system will usually go down before I have a chance to even open a command
prompt.  Sometimes you don't even get the full 60 seconds it counts down
before the system will reboot.  When the system is up and at the logon
screen, I can see it through the network and access the drive, but as soon
as I click on a folder to try and retreive files from another
networked computer, the server will shut
itself down, even if not in the 60 second countdown mode.  The server itself
also seems to run very slow, also hindering the brief time to do anything
before it shuts itself down.

In my testing and attempts to get something out of this mess, I went in
through DOS (the C:\ system partition is FAT) and renamed the "WINNT"
directory to "WINNT2" and installed a new installation of NT Server.  If I
do a clean installation into a fresh "WINNT" directory, I can boot the
system fine to the desktop without any abnormal system shutdown problem.  I
can see the C:\ drive fine; however, when I go into Disk Management, there
are a couple of problems with the striped set that was my drive D:\.  First
of all, the physical drive sizes only show as 8062MB apiece.  I believe this
is due to Service Pack 6 being absent...I haven't tried reinstalling that
yet.  It also says the drive file system is unrecognized.  Is there any way
I can get the Disk Management information from my original NT Server
installation to be seen by the new installation?  Are there certain files I
could copy from directory to directory to make it be seen?  All I'm looking
to do is get this thing up and online long enough to grab the files from the
striped set/D: drive.

So, your mission should you choose to accept it:  help me get into my
server for more than the 60 seconds (or less) it gives me before it
shuts down so I can at least see if my files are still intact, and
move them off to a safer location on my network.

Thanks,
Kevin

---

Request for Question Clarification by netcrazy-ga on 03 Jun 2004 17:21 PDT

Was there any kind of hardware change made to your server? It could be
related to that change. Let me know.

Thanks
netcrazy

---

Clarification of Question by kevola1234-ga on 03 Jun 2004 18:11 PDT

No, there were no hardware changes at all.  The server basically sits
quiet and ironically, we access the files on it least of all out of 3
servers that run our network.  I noticed it one morning when I
couldn't access the drive associated with the server.  No hardware
changes or software changes for that matter have been encountered with
that server at any recent time.

Thanks for your interest,
Kevin