Re: *asp failure after installing Hotfix MS02-010/Q331953
From: Jason Martin (jason.martin@ensonix.com)
Date: 04/15/03
- Next message: Steven L Umbach: "Re: How to move encrypted files on a portable Harddisk from one computer to another computer"
- Previous message: Peter Clark: "how to access encrypted files"
- In reply to: Carson Saunders: "Re: *asp failure after installing Hotfix MS02-010/Q331953"
- Next in thread: snakpak: "Re: *asp failure after installing Hotfix MS02-010/Q331953"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Jason Martin" <jason.martin@ensonix.com> Date: Mon, 14 Apr 2003 15:49:17 -0700
I posted this earlier today in this newsgroup, and
then found your post, so I thought I'd add my post as a
thread here too.
EARLIER POST:
. Reply (E-mail) Forward (E-mail)
Subject: Possible Error in Patch 331953?
From: "Jason Martin" <jason.martin@ensonix.com> Sent:
4/14/2003 2:28:37 PM
I've been working on a problem that was brought to my
attention on Wednesday of last week. The original
complaint was that our Oracle database server CPU
Utilization went up to 100%, without high traffic on our
website. However the real issue was that our IIS 5.0
Services all restarted at the same time, which caused our
caching software to start caching each server all at the
same time.
When first looking in to the problem, I was wondering
what caused the caching software to re-cache, however it's
supposed to do that when IIS 5.0 is restarted, and when
reviewing the logs I found before the re-caching started,
the services did restart. I also found out that we had
the exact same problem one week earlier, and in the NT
System Event logs I found the same two entries for the
same problem. However, the issue has not ever occurred in
the event log prior. Here is the cluster of events that
show the IIS 5.0 Restart:
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7031
Date: 4/8/2003
Time: 12:43:10 PM
User: N/A
Computer: ESXLAWEB01
Description:
The Site Server Authentication Service service terminated
unexpectedly. It has done this 4 time(s). The following
corrective action will be taken in 0 milliseconds: No
action.
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7031
Date: 4/8/2003
Time: 12:43:10 PM
User: N/A
Computer: ESXLAWEB01
Description:
The IIS Admin Service service terminated unexpectedly. It
has done this 1 time(s). The following corrective action
will be taken in 1 milliseconds: Run the configured
recovery program.
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7031
Date: 4/8/2003
Time: 12:43:10 PM
User: N/A
Computer: ESXLAWEB01
Description:
The Site Server LDAP Service service terminated
unexpectedly. It has done this 4 time(s). The following
corrective action will be taken in 0 milliseconds: No
action.
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7031
Date: 4/8/2003
Time: 12:43:10 PM
User: N/A
Computer: ESXLAWEB01
Description:
The Site Server LDAP Service service terminated
unexpectedly. It has done this 4 time(s). The following
corrective action will be taken in 0 milliseconds: No
action.
So understanding the following facts of our web
network, which are; 12 Web Servers Running 2000 Server and
IIS 5.0 being load balanced behind a f5 BIG/ip box, each
server running XCache, each server running IIS5 Restart
(configured 6 months ago and only for timed restarts), No
Exchange or Mail Services, and 11 out of the 12 servers
all had the exact same event log entries at the same time,
I did the following:
1) Scanned for virus/worms (found none)
2) Went through the web logs looking for out of place
requests (found none)
3) Looked for a change in other processes in the event log
(found none)
4) Reviewed missing DoS attack Patches (found 1 web server
missing 331953, the only server which was not effected,
all servers which had this patch were)
I believe I read a lot of Microsoft bulletins and
newsgroups, and have not found an entry which has had the
same symptoms, I also noted that patch 331953 was released
3/25/03 (and although I do not handle the updates) our
issue first occurred on 3/28/03 and I know the patch has
been loaded on the 11 of the 12 servers that had the issue.
Has anyone had issues close to this after applying
this patch, or is this just a coincidence?
Thanks in Advanced
Jason Martin
>-----Original Message-----
>That is the exact issue we were running into. Any call
from an ASP page
>to a COM+ component requiring a new transaction would
fail with the
>message "Connection to the transaction manager failed."
After
>uninstalling the patch, everything worked.
>
>Carson
>
>"Mattias Nyholm" <mattias.nyholm@framfab.se> wrote in
>news:upE3vBR$CHA.2148@TK2MSFTNGP10.phx.gbl:
>
>> What kind of problems did you have? I've seen problems
with
>> ASP applications using transactions. Before applying
331959
>> they were working fine, but with the patch they fail:
>> (0x8004E003)
>>
>> You made a method call on a COM+ component that has a
transaction that
>> has already aborted or in the process of aborting.
>>
>> After uninstalling the patch the ASP apps work just
fine again.
>>
>> Regards,
>> Mattias
>>
>>
>> "Carson Saunders" <carson_saunders_remove-
this_@yahoo.com> wrote in
>> message
news:Xns935254F0717F0carsonsaundersyahooc@130.133.1.4...
>>> I've run into the same problem along with several
others. Currently,
>>> the only solution we've come up with is to un-install
the patch, as
>>> you did. Someone had mentioned that the patch worked
fine on machines
>>> where no subsequent patches were installed so it could
be a patch
>>> compatability issue, but that is just speculation.
But we have had
>>> no problems since un-installing the patch
>>>
>>> Carson
>>>
>>> "[sa]" <Apocalyptic@firemail.de> wrote in
news:057301c2f904$8aefc530
>>> $a201280a@phx.gbl:
>>>
>>> > Hi there,
>>> >
>>> > anyone got the problem, after installing the latest
Win2k
>>> > Hotfix "MS03-010: Flaw in RPC Endpoint Mapper Could
Allow
>>> > Denial of Service Attacks (331953)" some of the
Webservers
>>> > applications / com+ packets fail to run correctly.
>>> > After shutdown on the component, unload, iisreset and
>>> > server reboot i decided to uninstall the Q331959
Patch.
>>> > After this all the *asp Pages run correctly.
>>> >
>>> > Anyone got an idea ?
>>> >
>>> > regards
>>> >
>>> > [sa]
>>> >
>>> >
>>>
>>>
>>>
>>> --
>>
>>
>>
>
>
>
>--
>.
>
- Next message: Steven L Umbach: "Re: How to move encrypted files on a portable Harddisk from one computer to another computer"
- Previous message: Peter Clark: "how to access encrypted files"
- In reply to: Carson Saunders: "Re: *asp failure after installing Hotfix MS02-010/Q331953"
- Next in thread: snakpak: "Re: *asp failure after installing Hotfix MS02-010/Q331953"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
