Re: MS05-019 Breaks VPN

From: Dellasala, Jerry (US - New York) (jdellasala_at_DELOITTE.COM)
Date: 04/22/05 

Date:         Fri, 22 Apr 2005 03:48:41 -0500
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

Recently, during testing of a new XP SP2 image, we found one of our
applications which integrates with Office 2003 SP1 (Outlook) could not
connect via VPN. The really strange thing was that last year's image -
XP SP1 / Office 2003 - had no problem even after applying XPSP2 and
Office2k3 SP1 to it.

On a hunch (in desperation?), I tried applying a fix described in MSKB
Q244474 - How to force Kerberos to use TCP instead of UDP in Windows
Server 2003, in Windows XP, and in Windows 2000 -
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q244474 which
fixed the problem!

Hope this helps.

Jerry

-----Original Message-----
From: Windows NTBugtraq Mailing List
[mailto:NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM] On Behalf Of Darryl J Roberts
Sent: Tuesday, April 19, 2005 9:11 PM
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
Subject: MS05-019 Breaks VPN

After installing the update in Microsoft Security Bulletin MS05-019 on
two servers at a customer site, we are no longer able to connect via VPN
to terminal services on those servers...

This message (including any attachments) contains confidential information intended for a specific individual and purpose, and is protected by law. If you are not the intended recipient, you should delete this message. Any disclosure, copying, or distribution of this message, or the taking of any action based on it, is strictly prohibited. 

--
NTBugtraq Editor's Note:
Most viruses these days use spoofed email addresses. As such, using an Anti-Virus product which automatically notifies the perceived sender of a message it believes is infected may well cause more harm than good. Someone who did not actually send you a virus may receive the notification and scramble their support staff to find an infection which never existed in the first place. Suggest such notifications be disabled by whomever is responsible for your AV, or at least that the idea is considered.
--

Relevant Pages

  • Re: Site to Site VPN 2 SBS servers
    ... site to site VPN. ... Microsoft CSS Online Newsgroup Support ... This newsgroup only focuses on SBS technical issues. ... | Subject: Re: Site to Site VPN 2 SBS servers ...
    (microsoft.public.windows.server.sbs)
  • Re: Change of IP for Servers
    ... Static device like printers will need to have their gateway's ... All servers ... We have an ISP who is providing internet and VPN access. ...
    (microsoft.public.win2000.networking)
  • RE: Connecting to Windows servers through adsl
    ... join your computer into domain after the VPN connection is established. ... | which connect to internet through adsl line from home. ... | servers with their internal ip's and machine names. ... | to see any server's shares, he gets a logon window ...
    (microsoft.public.win2000.security)
  • Re: Site to Site VPN w/DHCP
    ... do this natively with some PIXs: ... I'm working on getting the VPN going but just having one problem. ... and download "Servers Alive." ... one site in USA one in China. ...
    (comp.dcom.vpn)
  • Re: XPSP2 VPN Problems
    ... have tried to establish the vpn either using a PPTP connection, ... work are still Win 2k Servers; I seriously doubt they have upgraded to Win ... > I'm trying to set up a vpn between my office network and my home computer ...
    (microsoft.public.windowsxp.network_web)