MS05-042 Security Update Problems
From: Andrew McCullough (amccullough_at_ingeus.co.uk)
Date: 08/30/05
- Previous message: Martin Schulze: "[SECURITY] [DSA 791-1] New maildrop packages fix arbitrary group mail command execution"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 30 Aug 2005 18:00:22 +0100 To: <bugtraq@securityfocus.com>
Hello All,
Has anyone else experienced problems after applying the Kerberos
Security Update? We're running 2k3 server (Enterprise) as a DC with
standard application set. Following the application of this patch we
started seeing Kerberos and KDC issues. Once the patch had been applied
we started seeing KDC (event ID 7) errors - "The Security Account
Manager failed a KDC request in an unexpected way" and this error
repeated for each DC on our domain.
Following this, we started seeing Kerberos errors - Kerberos (event ID
4) - The Kerberos client received a KRB_AP_ERR_MODIFIED error from the
server computername. The target name was cifs/anothercomputer. This
indicates that the password used to encrypt the Kerberos service ticket
is different than that on the target server.
This error had not appeared previously and no changes had been made to
the mentioned computer or the target.
We also experienced issues with a fileserver local to this DC being
unable to print - presumably due to being unable to authenticate printer
users.
Having removed the Kerberos patch from the problem DC all appears to
have returned to normal, however we'd like to know if anyone else has
had this problem or if there are any ways to resolve the issues we had?
Thanks in advance,
Andy McCullough
Information Technology & Telecommunications
WorkDirections UK
Email: amccullough@workdirections.co.uk
Andrew McCullough
Information Technology & Telecommunications
WorkDirections UK
Email: amccullough@workdirections.co.uk
**********************************************************************
The information, including attachments, contained in this e-mail is confidential and may be subject to legal professional privilege. It is intended solely for the addressee. If you receive this e-mail by mistake please promptly inform us by reply e-mail and then delete the e-mail and destroy any printed copy. You must not disclose or use in any way the information in the e-mail.
There is no warranty that this email is error or virus free. It may be a private communication, and if so, does not represent the views of the Ingeus Group of Companies or its management. If it is a private communication, care should be taken in opening it to ensure that undue offence is not given.
**********************************************************************
- Previous message: Martin Schulze: "[SECURITY] [DSA 791-1] New maildrop packages fix arbitrary group mail command execution"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
