Re: MS03 -048 causing problems for our 2003 DCs

From: John G. Chang (jchang_at_MEDATA.COM)
Date: 11/21/03

  • Next message: Russ: "MinorRev: Microsoft Security Bulletin MS03-035 - Flaw in Microsoft Word Could Enable Macros to Run Automatically (827653)"
    Date:         Fri, 21 Nov 2003 15:20:51 -0500
    To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
    
    

    Hello,

             I was asked to resubmit this post with the
    CASE_ID_NUM: SRX031118602169 so others
    could reference it if they have similar problems.

    I ended up opening a ticket with Microsoft about this issue.
    They could neither confirm or deny that the patch in question
    caused this issue. I was informed that a bug was the cause
    of this problem and no fix existed at this time for it. Again, it
    is not known whether MS03 - 048 was the catalyst for the
    bug to appear.

    It made a change that Dean Halter was kind enough to reply
    back to me about.

    >>
    Just a thought, but is your security policy set to shutdown systems
    when the security log becomes full? If so, check your servers to make
    sure the
    hkey_local_machine\system\currentcontrolset\control\lsa\crashonauditfail
    is set to 1. A value of 0, I believe, means the policy is disabled. If 2,
    you
    will have to reset the entry to 1 and restart the box. dsh
    >>

    The setting above was changed to "2". However, it was more
    involved than that as we spent two days on the issue.
    That particular setting was the main culprit.

    Here's what Microsoft said:

    >>
    PROBLEM:
    ___________________
    Access is denied ad replication

    RESOLUTION:
    ___________________

    Set crashonauditfail equal to 0
    and
    Ran dcgpofix /target:both
    and
    Secedit /configure /db %SYSTEMROOT%\security\database\cvtfs.sdb /Cfg
    "%SYSTEMROOT%\security\templates\securedc.inf"

    We also needed to modify the default domain controller policy so that it
    would not require signing between the client and the server.
    >>

    The only thing I know is that I am uneasy about
    loading future patches on our 2003 DCs. At least
    I can always contact Microsoft again about this
    particular issue if it happens again.

    John

    ----
    NTBugtraq subscribers save $103.00 off the TICSA exam by using promo
    code "NT1003" when registering to take the TICSA exam at www.2test.com.
    Prove to your employer and peers that you have the knowledge and
    abilities to be an active stakeholder in today's enterprise security.
    Become TICSA certified www.trusecure.com/ticsa.  Promotion expires
    12/31/03 and cannot be used in combination with other offers.
    ----
    

  • Next message: Russ: "MinorRev: Microsoft Security Bulletin MS03-035 - Flaw in Microsoft Word Could Enable Macros to Run Automatically (827653)"

    Relevant Pages

    • RE: SecurityToken assertion policy in WSE 2.0 SP3 Configuration Ed
      ... \par Microsoft Online Support ... SecurityToken assertion policy in WSE 2.0 SP3 Configuration Ed ... if you do need to do validating on security Token (in ...
      (microsoft.public.dotnet.framework.webservices.enhancements)
    • Re: MS03 -048 causing problems for our 2003 DCs
      ... I ended up opening a ticket with Microsoft about this issue. ... They could neither confirm or deny that the patch in question ... but is your security policy set to shutdown systems ... code "NT1003" when registering to take the TICSA exam at www.2test.com. ...
      (NT-Bugtraq)
    • Re: Hacked via Microsoft Servers!
      ... There is no way to script the policy settings in local of group ... Security Templates, ... Microsoft MVP ... > documentation that was not accurate from elsewhere I attempted to find ...
      (microsoft.public.windows.group_policy)
    • RE: Critical Errors in Security Log, Logon Failures
      ... Security Event 529 is logged for local user accounts ... Microsoft CSS Online Newsgroup Support ... Step 2: Configure account lockout policy. ... and then click Account Lockout Policy. ...
      (microsoft.public.windows.server.sbs)
    • Re: Hardening an ISA Server
      ... the Microsoft Baseline Policy. ... My general experience with Microsoft's security policies for high security ... Windows 2000 is almost like looking at a random number generator. ...
      (microsoft.public.isa)