The SQL Server has the patch and that did not factor into the equation. So far I think it only affects the AR server where it is connecting to a remote db server; the AR server with a local db was also not affected.
In answer to Joe, yes, the SQL Server Management Studio could connect to the db just fine with the patch applied; we have had more than one case where an ARS server could not start up unless you first started the SQL Server Management Studio and opened the connection to the db; something in DCOM or DTS was blocking it until the SQL client punched a hole, so that was the FIRST thing that I tried. BTW, we solved that problem by registering the SQL Servers in AD and configuring them to make Kerberos connections between ARS and SQL. The server blocked by this new patch DOES make about 60 Kerberos connections when working, so the patch even negates that level of connectivity. Christopher Strauss, Ph.D. Call Tracking Administration Manager University of North Texas Computing & IT Center http://itsm.unt.edu/ From: Action Request System discussion list(ARSList) [mailto:[email protected]] On Behalf Of [email protected] Sent: Thursday, April 14, 2011 12:43 PM To: [email protected] Subject: Re: WARNING on Microsoft MS11-030 KB2509553 ** Chris, My server team was about to install that patch next weekend. So thank you so much!! Just one clarification if you can. Do we need to prevent them from patching only the app server or also the MSSQL server? We do have a remote DB and they were going to patch both the app servers and our db. Thank you, Pascale Sterrett [email protected] Sent by: [email protected] 04/14/2011 08:56 AM Please respond to [email protected] To [email protected] cc Subject Re: WARNING on Microsoft MS11-030 KB2509553 Thanks for the heads up, we were planning on applying that patch this weekend. I will stop that right away. Christopher Pruitt Business Consulting III HP Enterprises Services [email protected] www.hp.com Confidentiality Notice: This message and any files transmitted with it are intended for the sole use of the entity or individual to whom it is addressed, and may contain information that is confidential, privileged, and exempt from disclosure under applicable law. If you are not the intended addressee for this e-mail, you are hereby notified that any copying, distribution, or dissemination of this e-mail is strictly prohibited. If you have received this e-mail in error, please immediately destroy, erase, or discard this message. Please notify the sender immediately by return e-mail if you have received this e-mail by mistake. -----Original Message----- From: Action Request System discussion list(ARSList) [mailto:[email protected]] On Behalf Of strauss Sent: Thursday, April 14, 2011 10:49 AM To: [email protected] Subject: WARNING on Microsoft MS11-030 KB2509553 After applying this patch to my Reference Server for the 7.6.04 upgrade: Windows 2003 R2 x64 with ARS 7.1.00.003 CMDB 2.1.00.02 and ITSM 7.0.03.009 etc., SQL Server 2005 on remote server), the AR Service immediately and absolutely refuses to start. On reboot from the security patches (there were 15 total) the AR Server would not start automatically, and all subsequent attempts to start it manually saw the armonitor start, then crash. While troubleshooting with BMC support, it could not even be started from the command line. Removing the KB2509553 security update and rebooting solved the problem immediately, with the ARS service starting normally. The only other AR server that I had applied this patch (and all of the others) to was the Staging Server (Windows 2003 R2 x64 with ARS 7.6.04 CMDB 2.1.00.02 and ITSM 7.0.03.009 etc.), and it has a local SQL Server hosting the db so it was not affected. Note that on the problem AR Server, it was still possible to run the SQL Server Management Studio client (2008) and connect to the remote db normally, even though the ARS service could not. Security Bulletin MS11-030 KB2509553 is a Critical patch for a vulnerability in DNS resolution that could allow remote code execution; it slammed the door shut on something that ARS depends on. Until BMC comes up with a solution for this, I will not be applying this patch to any other AR Server, especially my 7.1 production system with a remote db. Christopher Strauss, Ph.D. Call Tracking Administration Manager University of North Texas Computing & IT Center http://itsm.unt.edu/ _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug11 www.wwrug.com ARSList: "Where the Answers Are" _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug11 www.wwrug.com ARSList: "Where the Answers Are" If you are not the intended addressee, please inform us immediately that you have received this e-mail in error, and delete it. We thank you for your cooperation. _attend WWRUG11 www.wwrug.com ARSlist: "Where the Answers Are"_ _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug11 www.wwrug.com ARSList: "Where the Answers Are"
