So it looks like i should get the hotfix related to this article:
http://support.microsoft.com/kb/898060 but it says in that article that the download supplied is superceeded by the hotfix i applied already : Security update 913446 (security bulletin MS06-007) supersedes this update (898060).
so which hotfixes do i really need ?
what's the mystery is why can the clients and servers outside the subnet connecting via VPN ping this server by name and IP succesfully.
On 7/29/06, Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] <[EMAIL PROTECTED]> wrote:
The trick here is go to the bulletin and check the caveats section
http://www.microsoft.com/technet/security/bulletin/MS05-019.mspx
Which links to....
http://support.microsoft.com/kb/893066
Which points to...
Network connectivity between clients and servers may not work after you
install security update MS05-019. For more information, click the
following article number to view the article in the Microsoft Knowledge
Base:
898060 </kb/898060/> ( http://support.microsoft.com/kb/898060/)
Installing security update MS05-019 or Windows Server 2003 Service Pack
1 may cause network connectivity between clients and servers to fail
• For more information, click the following article number to view the
article in the Microsoft Knowledge Base:
898542 </kb/898542/> (http://support.microsoft.com/kb/898542/) Windows
Server 2003 systems using IPsec tunnel-mode functionality may experience
problems after you install the original version of 893066
HBooGz wrote:
> I applied the related to article ending with MS06-007.mspx
> < http://www.microsoft.com/technet/security/bulletin/MS06-007.mspx> .
>
> do you happen to have the hotfix for the other article ?
>
>
>
> On 7/29/06, *Kurt Falde* < [EMAIL PROTECTED]
> <mailto:[EMAIL PROTECTED]>> wrote:
>
> I would definitely get the tcpip.sys hotfixes applied as this
> sounds very symptomatic of ms05-019 issues.
>
> Kurt Falde
> Sent from my Windows Mobile Phone
>
>
> -----Original Message-----
> From: "HBooGz"<[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>>
> Sent: 7/29/06 10:58:58 AM
> To: " [email protected]
> <mailto:[email protected]>"<[email protected]
> <mailto: [email protected]>>
> Subject: Re: [ActiveDir] R2 In-Place Upgrade bug ?
>
> I applied no post sp-1 fixes, but i would imagine it's worth a try.
>
> do you guys want to hear something even more mind-boggling ?
>
> i can ping the server from workstations outside the main office!!!
>
> i've remotely connected to workstations at our IPSEC vpns to test
> login
> times and email access,a nd pinged the problematic server just fine!!!
>
> arghhh
>
> Matheesha:
>
> Incoming connections i mean services that somehow are not defined
> to the
> server. I run a repadmin /replsum from another dc and it shows no
> errors. i
> run a dcdiag /s:problemserver with no problem. so it means that
> directory
> service traffic is allowed, but when i try to Dameware ( tcp port
> 6129) to
> the machine it times out, when i try to the ping the box i get
> nothing from
> the main office!
>
> i checked the IPSEC domain and Standard profile and made sure no IPSEC
> polocies were applied.
>
> if it's the SCW -- how do i look at it ?
>
> could it someway be my checkpoint firewall at the local site ? how
> in the
> world can it accept icmp from other workstations ( win2k pro) at
> my remote
> vpn sites ?
>
>
>
>
>
> On 7/29/06, Kurt Falde < [EMAIL PROTECTED]
> <mailto: [EMAIL PROTECTED]>> wrote:
> >
> > Did you apply the post SP1 security hotfixes? I know there are
> a couple
> > of updates for tcpip.sys which fix issues which will cause AD
> repl issues
> > from a couple times in the field. Check out
> > http://support.microsoft.com/kb/898060 or for the latest tcpip.sys
> > http://www.microsoft.com/technet/security/bulletin/MS06-007.mspx .
> >
> >
> >
> > *Kurt Falde*
> > ------------------------------
> >
> > *From:* [EMAIL PROTECTED]
> <mailto: [EMAIL PROTECTED]> [mailto:
> > [EMAIL PROTECTED]
> <mailto: [EMAIL PROTECTED]>] *On Behalf Of *HBooGz
> > *Sent:* Saturday, July 29, 2006 5:39 AM
> > *To:* [email protected]
> <mailto:[email protected]>
> > *Subject:* [ActiveDir] R2 In-Place Upgrade bug ?
> >
> >
> >
> > Morning to all -
> >
> > I just spent the last 6 hours with dell gold software support
> team trying
> > to figure out the following occurrence:
> >
> > The upgraded R2 DC does not accept incoming connections, but it
> appears it
> > accepts certain connections. Particularly those related to directory
> > services. e.g . telnet *server ip* 389 from the mail server
> works. \\*serverip
> > or servername *brings up the shared printers and folders perfectly.
> >
> > outbound traffic and icmp works fine, inbound icmp returns a
> time out.
> >
> > scenario:
> >
> > Windows 2000 SP4 DC in-place upgrade to windows 2003 SP1 then
> upgrade to
> > R2.
> > connections to and from box were fine on 2003 sp1.
> > downgraded NIC drivers to match other r2 DC on identical server
> > hardware/model
> > installed new nic drivers and proset
> > upgraded to R2.
> > rebooted and noticed a ton of errors with services hanging upon
> boot.
> > checked connection to the box from workstations and servers, but
> all
> > requests timed out.
> > i made sure ICF was disabled.
> > i disabled IPSEC and entered dword value for ProhibitIpSec - nothing
> > i then enabled ICF configured exceptions - explicitly allowing
> ICMP, and
> > still nothing.
> > reset the TCP/ip stack and winsock using netsh, nothing
> > servers has two nics, one of which is disabled. changed binding
> order so
> > active is on top -- nothing
> > reinstalled the binaries of windows 2003 sp1 and upgraded to r2
> again --
> > nothing.
> >
> > i'm at a lost of ideas and sure could use to vast resources the
> > contributors of this group may have or know of.
> >
> > Thanks,
> >
> >
> >
> >
> >
> > --
> > HBooGz:\>
> >
>
>
>
> --
> HBooGz:\>
> List info : http://www.activedir.org/List.aspx
> List FAQ : http://www.activedir.org/ListFAQ.aspx
> List archive: http://www.activedir.org/ml/threads.aspx
>
>
>
>
> --
> HBooGz:\>
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx
--
HBooGz:\>
