I have a very weird scenario happenning, the only solution I can think of is to reinstall WHS but I don't want to lose the logs which would, hopefully, explain this.

Any comments or ideas welcome

Some background:

Hardware

EX475, 2 TB, 2 GIG Ram, upgraded processor - fixed IP address
1 Vista home notebook
1 XP pro notebook
1 desktop XP home

PP1 applied (MS and HP updates). Not using firefly, mcafee or other media sharing apart from webshare.


All has been working fine apart from not being able to get the IIS web pages up - I get the error 500 'server busy' prioblem thats been reported before.

I've been troubleshooting this on and off for a few weeks now and started again on Tuesday morning.

1. all connected machines had successfully completed backups
2. at 9:00 am I was happily copying files to and from the server shares
3. I used toolkit to move all the logs to a folder on the shares
4. I enabled verbose logging for anything that might help with the IIS problem
5. I started changing router setting to see if it was a problem with port forwarding first
6. after about half an hour I hadn't found any problems and was still connected through both console and terminal service

A couple of hours later I noticed that the console tray icon had gone grey (this is on the XP pro notebook) and I didn't have access to shares or server. The server looks normal - all blue lights so I start eliminating network connections etc. right back to a direct cable connection but nothing makes a difference.

I reload the previous router configuration in case I screwed something up but still can't see the server from anywhere on the network.

I reboot the server - no change, it comes back up and all the lights go blue, the network light blinks but still can't ping or connect to it.

Check the router logs and can see that the server is occasionally doing stuff (udp packets are appearing in the log with the server address as source). The router can't ping the server either.

The XP machines can't see the server at all.

The vista machines will happily show the server in the network map by name but any attempt to connect generates an ASP error (80070035) which apparently means the server name is spelt incorrectly.
tried connecting using the IP address rather than name resolution but no difference other than the terminal services client takes longer to decide it can't be found

I ran Wireshark in promiscuous mode and watch for responses when I do dns lookups and pings. The server never responds directly but DOES put packets out asking (for example) 'who owns 192.168.1.34, tell 192.168.1.100" and so on.

every so often it will put out a group of around 20 packets announcing itself as a browse master with its name and ip address clearly listed.


Left it 24 hours and tried again - no joy, turned it off for 8 hours (thinking maybe an overheat) but makes no difference.


So basically I have a working server that talks to the router and thinks it is a browse master but flat refuses to acknowledge any attempt to respond to it.


I can't even think of what could be wrong other than (and I know its weak) the logfiles have filled the available space and its bringing whs to its knees so its unable to respond within timeout periods.

Or its been hacked and someone else is using it!!!!

My only alternative seems to be a server reinstall but can anyone suggest an alternative or a way to save the logs first?