I think you are right.. I remember now they sucked in that fix to a
later security bulletin.
HBooGz wrote:
Thank you.
So it looks like i should get the hotfix related to this article:
http://support.microsoft.com/kb/898060 but it says in that article
that the download supplied is superceeded by the hotfix i applied
already : Security update 913446 (security bulletin MS06-007)
supersedes this update (898060).
so which hotfixes do i really need ?
what's the mystery is why can the clients and servers outside the
subnet connecting via VPN ping this server by name and IP succesfully.
On 7/29/06, *Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]*
<[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>> wrote:
The trick here is go to the bulletin and check the caveats section
http://www.microsoft.com/technet/security/bulletin/MS05-019.mspx
Which links to....
http://support.microsoft.com/kb/893066
Which points to...
Network connectivity between clients and servers may not work
after you
install security update MS05-019. For more information, click the
following article number to view the article in the Microsoft
Knowledge
Base:
898060 </kb/898060/> ( http://support.microsoft.com/kb/898060/)
Installing security update MS05-019 or Windows Server 2003 Service
Pack
1 may cause network connectivity between clients and servers to fail
• For more information, click the following article number
to view the
article in the Microsoft Knowledge Base:
898542 </kb/898542/> (http://support.microsoft.com/kb/898542/) Windows
Server 2003 systems using IPsec tunnel-mode functionality may
experience
problems after you install the original version of 893066
HBooGz wrote:
> I applied the related to article ending with MS06-007.mspx
> <
http://www.microsoft.com/technet/security/bulletin/MS06-007.mspx> .
>
> do you happen to have the hotfix for the other article ?
>
>
>
> On 7/29/06, *Kurt Falde* < [EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>
> <mailto:[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>>> wrote:
>
> I would definitely get the tcpip.sys hotfixes applied as this
> sounds very symptomatic of ms05-019 issues.
>
> Kurt Falde
> Sent from my Windows Mobile Phone
>
>
> -----Original Message-----
> From: "HBooGz"<[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>
<mailto:[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>>>
> Sent: 7/29/06 10:58:58 AM
> To: " [email protected]
<mailto:[email protected]>
> <mailto:[email protected]
<mailto:[email protected]>>"<[email protected]
<mailto:[email protected]>
> <mailto: [email protected]
<mailto:[email protected]>>>
> Subject: Re: [ActiveDir] R2 In-Place Upgrade bug ?
>
> I applied no post sp-1 fixes, but i would imagine it's worth
a try.
>
> do you guys want to hear something even more mind-boggling ?
>
> i can ping the server from workstations outside the main
office!!!
>
> i've remotely connected to workstations at our IPSEC vpns to
test
> login
> times and email access,a nd pinged the problematic server
just fine!!!
>
> arghhh
>
> Matheesha:
>
> Incoming connections i mean services that somehow are not
defined
> to the
> server. I run a repadmin /replsum from another dc and it
shows no
> errors. i
> run a dcdiag /s:problemserver with no problem. so it means that
> directory
> service traffic is allowed, but when i try to Dameware ( tcp
port
> 6129) to
> the machine it times out, when i try to the ping the box i get
> nothing from
> the main office!
>
> i checked the IPSEC domain and Standard profile and made
sure no IPSEC
> polocies were applied.
>
> if it's the SCW -- how do i look at it ?
>
> could it someway be my checkpoint firewall at the local site
? how
> in the
> world can it accept icmp from other workstations ( win2k
pro) at
> my remote
> vpn sites ?
>
>
>
>
>
> On 7/29/06, Kurt Falde < [EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>
> <mailto: [EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>>> wrote:
> >
> > Did you apply the post SP1 security hotfixes? I know
there are
> a couple
> > of updates for tcpip.sys which fix issues which will cause AD
> repl issues
> > from a couple times in the field. Check out
> > http://support.microsoft.com/kb/898060 or for the latest
tcpip.sys
> >
http://www.microsoft.com/technet/security/bulletin/MS06-007.mspx .
> >
> >
> >
> > *Kurt Falde*
> > ------------------------------
> >
> > *From:* [EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>
> <mailto: [EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>> [mailto:
> > [EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>
> <mailto: [EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>>] *On Behalf Of *HBooGz
> > *Sent:* Saturday, July 29, 2006 5:39 AM
> > *To:* [email protected]
<mailto:[email protected]>
> <mailto:[email protected]
<mailto:[email protected]>>
> > *Subject:* [ActiveDir] R2 In-Place Upgrade bug ?
> >
> >
> >
> > Morning to all -
> >
> > I just spent the last 6 hours with dell gold software support
> team trying
> > to figure out the following occurrence:
> >
> > The upgraded R2 DC does not accept incoming connections,
but it
> appears it
> > accepts certain connections. Particularly those related to
directory
> > services. e.g . telnet *server ip* 389 from the mail server
> works. \\*serverip
> > or servername *brings up the shared printers and folders
perfectly.
> >
> > outbound traffic and icmp works fine, inbound icmp returns a
> time out.
> >
> > scenario:
> >
> > Windows 2000 SP4 DC in-place upgrade to windows 2003 SP1 then
> upgrade to
> > R2.
> > connections to and from box were fine on 2003 sp1.
> > downgraded NIC drivers to match other r2 DC on identical
server
> > hardware/model
> > installed new nic drivers and proset
> > upgraded to R2.
> > rebooted and noticed a ton of errors with services hanging
upon
> boot.
> > checked connection to the box from workstations and
servers, but
> all
> > requests timed out.
> > i made sure ICF was disabled.
> > i disabled IPSEC and entered dword value for ProhibitIpSec
- nothing
> > i then enabled ICF configured exceptions - explicitly allowing
> ICMP, and
> > still nothing.
> > reset the TCP/ip stack and winsock using netsh, nothing
> > servers has two nics, one of which is disabled. changed
binding
> order so
> > active is on top -- nothing
> > reinstalled the binaries of windows 2003 sp1 and upgraded
to r2
> again --
> > nothing.
> >
> > i'm at a lost of ideas and sure could use to vast
resources the
> > contributors of this group may have or know of.
> >
> > Thanks,
> >
> >
> >
> >
> >
> > --
> > HBooGz:\>
> >
>
>
>
> --
> HBooGz:\>
> List info : http://www.activedir.org/List.aspx
> List FAQ : http://www.activedir.org/ListFAQ.aspx
> List archive: http://www.activedir.org/ml/threads.aspx
>
>
>
>
> --
> HBooGz:\>
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx
--
HBooGz:\>
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx
