i'm running out of options and i have a long week ahead with microsoft PSS and Dell.
On 7/29/06, HBooGz <
[EMAIL PROTECTED]> wrote:
back to square one i presume ?On 7/29/06, Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] < [EMAIL PROTECTED] > wrote:I think you are right.. I remember now they sucked in that fix to a
later security bulletin.
HBooGz wrote:
> Thank you.
>
> So it looks like i should get the hotfix related to this article:
>
> http://support.microsoft.com/kb/898060 but it says in that article
> that the download supplied is superceeded by the hotfix i applied
> already : Security update 913446 (security bulletin MS06-007)
> supersedes this update (898060).
>
> so which hotfixes do i really need ?
>
> what's the mystery is why can the clients and servers outside the
> subnet connecting via VPN ping this server by name and IP succesfully.
>
>
>
> On 7/29/06, *Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]*
> <[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED] >> wrote:
>
> The trick here is go to the bulletin and check the caveats section
> http://www.microsoft.com/technet/security/bulletin/MS05-019.mspx
>
> Which links to....
> http://support.microsoft.com/kb/893066
>
> Which points to...
>
> Network connectivity between clients and servers may not work
> after you
> install security update MS05-019. For more information, click the
> following article number to view the article in the Microsoft
> Knowledge
> Base:
> 898060 </kb/898060/> ( http://support.microsoft.com/kb/898060/)
> Installing security update MS05-019 or Windows Server 2003 Service
> Pack
> 1 may cause network connectivity between clients and servers to fail
> • For more information, click the following article number
> to view the
> article in the Microsoft Knowledge Base:
> 898542 </kb/898542/> ( http://support.microsoft.com/kb/898542/) Windows
> Server 2003 systems using IPsec tunnel-mode functionality may
> experience
> problems after you install the original version of 893066
>
>
>
> HBooGz wrote:
> > I applied the related to article ending with MS06-007.mspx
> > <
> http://www.microsoft.com/technet/security/bulletin/MS06-007.mspx> .
> >
> > do you happen to have the hotfix for the other article ?
> >
> >
> >
> > On 7/29/06, *Kurt Falde* < [EMAIL PROTECTED]
> <mailto: [EMAIL PROTECTED]>
> > <mailto:[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>>> wrote:
> >
> > I would definitely get the tcpip.sys hotfixes applied as this
> > sounds very symptomatic of ms05-019 issues.
> >
> > Kurt Falde
> > Sent from my Windows Mobile Phone
> >
> >
> > -----Original Message-----
> > From: "HBooGz"< [EMAIL PROTECTED] <mailto: [EMAIL PROTECTED]>
> <mailto:[EMAIL PROTECTED] <mailto: [EMAIL PROTECTED]>>>
> > Sent: 7/29/06 10:58:58 AM
> > To: " ActiveDir@mail.activedir.org
> <mailto: ActiveDir@mail.activedir.org>
> > <mailto:ActiveDir@mail.activedir.org
> <mailto:ActiveDir@mail.activedir.org >>"<ActiveDir@mail.activedir.org
> <mailto: ActiveDir@mail.activedir.org>
> > <mailto: ActiveDir@mail.activedir.org
> <mailto: ActiveDir@mail.activedir.org>>>
> > Subject: Re: [ActiveDir] R2 In-Place Upgrade bug ?
> >
> > I applied no post sp-1 fixes, but i would imagine it's worth
> a try.
> >
> > do you guys want to hear something even more mind-boggling ?
> >
> > i can ping the server from workstations outside the main
> office!!!
> >
> > i've remotely connected to workstations at our IPSEC vpns to
> test
> > login
> > times and email access,a nd pinged the problematic server
> just fine!!!
> >
> > arghhh
> >
> > Matheesha:
> >
> > Incoming connections i mean services that somehow are not
> defined
> > to the
> > server. I run a repadmin /replsum from another dc and it
> shows no
> > errors. i
> > run a dcdiag /s:problemserver with no problem. so it means that
> > directory
> > service traffic is allowed, but when i try to Dameware ( tcp
> port
> > 6129) to
> > the machine it times out, when i try to the ping the box i get
> > nothing from
> > the main office!
> >
> > i checked the IPSEC domain and Standard profile and made
> sure no IPSEC
> > polocies were applied.
> >
> > if it's the SCW -- how do i look at it ?
> >
> > could it someway be my checkpoint firewall at the local site
> ? how
> > in the
> > world can it accept icmp from other workstations ( win2k
> pro) at
> > my remote
> > vpn sites ?
> >
> >
> >
> >
> >
> > On 7/29/06, Kurt Falde < [EMAIL PROTECTED]
> <mailto:[EMAIL PROTECTED]>
> > <mailto: [EMAIL PROTECTED]
> <mailto: [EMAIL PROTECTED]>>> wrote:
> > >
> > > Did you apply the post SP1 security hotfixes? I know
> there are
> > a couple
> > > of updates for tcpip.sys which fix issues which will cause AD
> > repl issues
> > > from a couple times in the field. Check out
> > > http://support.microsoft.com/kb/898060 or for the latest
> tcpip.sys
> > >
> http://www.microsoft.com/technet/security/bulletin/MS06-007.mspx .
> > >
> > >
> > >
> > > *Kurt Falde*
> > > ------------------------------
> > >
> > > *From:* [EMAIL PROTECTED]
> <mailto: [EMAIL PROTECTED]>
> > <mailto: [EMAIL PROTECTED]
> <mailto: [EMAIL PROTECTED]>> [mailto:
> > > [EMAIL PROTECTED]
> <mailto: [EMAIL PROTECTED] >
> > <mailto: [EMAIL PROTECTED]
> <mailto: [EMAIL PROTECTED] >>] *On Behalf Of *HBooGz
> > > *Sent:* Saturday, July 29, 2006 5:39 AM
> > > *To:* ActiveDir@mail.activedir.org
> <mailto: ActiveDir@mail.activedir.org>
> > <mailto: ActiveDir@mail.activedir.org
> <mailto: ActiveDir@mail.activedir.org>>
> > > *Subject:* [ActiveDir] R2 In-Place Upgrade bug ?
> > >
> > >
> > >
> > > Morning to all -
> > >
> > > I just spent the last 6 hours with dell gold software support
> > team trying
> > > to figure out the following occurrence:
> > >
> > > The upgraded R2 DC does not accept incoming connections,
> but it
> > appears it
> > > accepts certain connections. Particularly those related to
> directory
> > > services. e.g . telnet *server ip* 389 from the mail server
> > works. \\*serverip
> > > or servername *brings up the shared printers and folders
> perfectly.
> > >
> > > outbound traffic and icmp works fine, inbound icmp returns a
> > time out.
> > >
> > > scenario:
> > >
> > > Windows 2000 SP4 DC in-place upgrade to windows 2003 SP1 then
> > upgrade to
> > > R2.
> > > connections to and from box were fine on 2003 sp1.
> > > downgraded NIC drivers to match other r2 DC on identical
> server
> > > hardware/model
> > > installed new nic drivers and proset
> > > upgraded to R2.
> > > rebooted and noticed a ton of errors with services hanging
> upon
> > boot.
> > > checked connection to the box from workstations and
> servers, but
> > all
> > > requests timed out.
> > > i made sure ICF was disabled.
> > > i disabled IPSEC and entered dword value for ProhibitIpSec
> - nothing
> > > i then enabled ICF configured exceptions - explicitly allowing
> > ICMP, and
> > > still nothing.
> > > reset the TCP/ip stack and winsock using netsh, nothing
> > > servers has two nics, one of which is disabled. changed
> binding
> > order so
> > > active is on top -- nothing
> > > reinstalled the binaries of windows 2003 sp1 and upgraded
> to r2
> > again --
> > > nothing.
> > >
> > > i'm at a lost of ideas and sure could use to vast
> resources the
> > > contributors of this group may have or know of.
> > >
> > > Thanks,
> > >
> > >
> > >
> > >
> > >
> > > --
> > > HBooGz:\>
> > >
> >
> >
> >
> > --
> > HBooGz:\>
> > List info : http://www.activedir.org/List.aspx
> > List FAQ : http://www.activedir.org/ListFAQ.aspx
> > List archive: http://www.activedir.org/ml/threads.aspx
> >
> >
> >
> >
> > --
> > HBooGz:\>
> List info : http://www.activedir.org/List.aspx
> List FAQ : http://www.activedir.org/ListFAQ.aspx
> List archive: http://www.activedir.org/ml/threads.aspx
>
>
>
>
> --
> HBooGz:\>
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx--HBooGz:\>
--
HBooGz:\>