The trick here is go to the bulletin and check the caveats section
http://www.microsoft.com/technet/security/bulletin/MS05-019.mspx
Which links to....
http://support.microsoft.com/kb/893066
Which points to...
Network connectivity between clients and servers may not work after you
install security update MS05-019. For more information, click the
following article number to view the article in the Microsoft Knowledge
Base:
898060 </kb/898060/> (http://support.microsoft.com/kb/898060/)
Installing security update MS05-019 or Windows Server 2003 Service Pack
1 may cause network connectivity between clients and servers to fail
• For more information, click the following article number to view the
article in the Microsoft Knowledge Base:
898542 </kb/898542/> (http://support.microsoft.com/kb/898542/) Windows
Server 2003 systems using IPsec tunnel-mode functionality may experience
problems after you install the original version of 893066
HBooGz wrote:
I applied the related to article ending with MS06-007.mspx
<http://www.microsoft.com/technet/security/bulletin/MS06-007.mspx> .
do you happen to have the hotfix for the other article ?
On 7/29/06, *Kurt Falde* < [EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>> wrote:
I would definitely get the tcpip.sys hotfixes applied as this
sounds very symptomatic of ms05-019 issues.
Kurt Falde
Sent from my Windows Mobile Phone
-----Original Message-----
From: "HBooGz"<[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>>
Sent: 7/29/06 10:58:58 AM
To: " [email protected]
<mailto:[email protected]>"<[email protected]
<mailto:[email protected]>>
Subject: Re: [ActiveDir] R2 In-Place Upgrade bug ?
I applied no post sp-1 fixes, but i would imagine it's worth a try.
do you guys want to hear something even more mind-boggling ?
i can ping the server from workstations outside the main office!!!
i've remotely connected to workstations at our IPSEC vpns to test
login
times and email access,a nd pinged the problematic server just fine!!!
arghhh
Matheesha:
Incoming connections i mean services that somehow are not defined
to the
server. I run a repadmin /replsum from another dc and it shows no
errors. i
run a dcdiag /s:problemserver with no problem. so it means that
directory
service traffic is allowed, but when i try to Dameware ( tcp port
6129) to
the machine it times out, when i try to the ping the box i get
nothing from
the main office!
i checked the IPSEC domain and Standard profile and made sure no IPSEC
polocies were applied.
if it's the SCW -- how do i look at it ?
could it someway be my checkpoint firewall at the local site ? how
in the
world can it accept icmp from other workstations ( win2k pro) at
my remote
vpn sites ?
On 7/29/06, Kurt Falde < [EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>> wrote:
>
> Did you apply the post SP1 security hotfixes? I know there are
a couple
> of updates for tcpip.sys which fix issues which will cause AD
repl issues
> from a couple times in the field. Check out
> http://support.microsoft.com/kb/898060 or for the latest tcpip.sys
> http://www.microsoft.com/technet/security/bulletin/MS06-007.mspx .
>
>
>
> *Kurt Falde*
> ------------------------------
>
> *From:* [EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]> [mailto:
> [EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>] *On Behalf Of *HBooGz
> *Sent:* Saturday, July 29, 2006 5:39 AM
> *To:* [email protected]
<mailto:[email protected]>
> *Subject:* [ActiveDir] R2 In-Place Upgrade bug ?
>
>
>
> Morning to all -
>
> I just spent the last 6 hours with dell gold software support
team trying
> to figure out the following occurrence:
>
> The upgraded R2 DC does not accept incoming connections, but it
appears it
> accepts certain connections. Particularly those related to directory
> services. e.g. telnet *server ip* 389 from the mail server
works. \\*serverip
> or servername *brings up the shared printers and folders perfectly.
>
> outbound traffic and icmp works fine, inbound icmp returns a
time out.
>
> scenario:
>
> Windows 2000 SP4 DC in-place upgrade to windows 2003 SP1 then
upgrade to
> R2.
> connections to and from box were fine on 2003 sp1.
> downgraded NIC drivers to match other r2 DC on identical server
> hardware/model
> installed new nic drivers and proset
> upgraded to R2.
> rebooted and noticed a ton of errors with services hanging upon
boot.
> checked connection to the box from workstations and servers, but
all
> requests timed out.
> i made sure ICF was disabled.
> i disabled IPSEC and entered dword value for ProhibitIpSec - nothing
> i then enabled ICF configured exceptions - explicitly allowing
ICMP, and
> still nothing.
> reset the TCP/ip stack and winsock using netsh, nothing
> servers has two nics, one of which is disabled. changed binding
order so
> active is on top -- nothing
> reinstalled the binaries of windows 2003 sp1 and upgraded to r2
again --
> nothing.
>
> i'm at a lost of ideas and sure could use to vast resources the
> contributors of this group may have or know of.
>
> Thanks,
>
>
>
>
>
> --
> HBooGz:\>
>
--
HBooGz:\>
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx
--
HBooGz:\>
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx
