Windows 2000 Security Roll-up and Terminal Services
From: Chad Everett (ceverett@INFORMEDBEVERAGE.COM)Date: 02/22/02
- Previous message: Tamer Sahin: "SecurityOffice Security Advisory:// Essentia Web Server Vulnerabilities (Vendor Patch)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 22 Feb 2002 11:06:48 -0500 From: Chad Everett <ceverett@INFORMEDBEVERAGE.COM> To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
Hope that this is relevant here. If not, please just let me know and I'll
take it elsewhere.
I recently installed the Windows 2000 Security Roll-up on several servers
and had some troubles with Terminal Services afterwards. On one server, my
initial DC on this domain if you think that matters, I had no problems at
all. Kept chugging away. On another (member) server, terminal services
appears to have been removed as a component, as if it was never installed.
I have not yet done anything else with this server.
On the third server, terminal services just became disabled, but still
showed up as being installed. I tried rebooting, reinstalling terminal
services, even (at the suggestion of Microsoft) removing the security
roll-up. This turned out to be a bad decision as Directory Services became
corrupted and I had to reload the OS. After a few more hours, I finally got
back to where I had started, but still no Terminal Services. I'm using
Remote Administration mode. Looking at the Terminal Services Manager, the
port shows a status of "down" with a number - typically 65536-39, though it
changes when you reset the port, so that might not be the entire range.
I did some searching at Microsoft's web site, found nothing. So I finally
turned to Google, and was able to find a support article (incidentally, at
Microsoft) which gave a bit of good information on the same general subject:
http://support.microsoft.com/default.aspx?scid=kb;EN-US;q270588
In a nutshell, it says that there was a problem with rebooting too many
times to the last known good configuration. If you did this, a hardcoded
value for Terminal Services wouldn't work correctly, as it would point to
the wrong place.
This key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal
Server\VIDEO\rdpdd
Would have \Device\Video0 set to this value:
\REGISTRY\Machine\System\ControlSet001\Services\RDPDD\Device0
When it should be set to this one instead:
\REGISTRY\Machine\System\CurrentControlSet\Services\RDPDD\Device0
The article says this problem was fixed in SP2, but I figured I could poke
around a bit, just to see if it might be the issue. Turns out that that
isn't the problem - my value there looks okay. However, in comparing this
structure to the working machine, it turns out that my non-working servers
have an additional key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal
Server\VIDEO\disc
The values in this key look like a duplicate of the other one, referenced
above (rdpdd). Being out of other ideas, I deleted this key and rebooted.
Guess what? Terminal Services (RDP) comes up, and I can use it as normal.
Anyway, wondering if anyone has seen this problem before, or if anyone might
know if I just caused more problems for myself?
Thanks.
--- Chad Everett ceverett@informedbeverage.comoooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo Delivery co-sponsored by Qualys - Make Your Network Secure oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo Go Beyond PARTIAL Security: FREE White Paper
Stop hassling with half-baked ENTERPRISE SECURITY. FREE White Paper shows you how to ensure TOTAL security for your Internet perimeter with the most current and most complete PROACTIVE Vulnerability Assessment solution. Get your FREE White Paper now. Click here! https://www.qualys.com/forms/techwhite_86.html oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
- Previous message: Tamer Sahin: "SecurityOffice Security Advisory:// Essentia Web Server Vulnerabilities (Vendor Patch)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
