Strange Problem(s) After Installing Security Update 818529

From: IOStorm (noemail_at_noemail.net)
Date: 06/06/03 

Date: Fri, 06 Jun 2003 18:55:19 GMT

I'm cross-posting to five groups because they all may apply...

I installed the security update 818529 yesterday, which was acquired
through the automatic updater (and I went ahead and let it install, as
I do for all security patches).

I ended up with some weird problems.

1: When the system restarted, I has an error stating that LSASS.EXE
had an error and Active Directory could not start. I restarted in AD
repair mode, fiddled with NTDSUTIL and had errors with the jet
database. I deleted the *.log files, and then NTDSUTIL successfully
checked the integrity and repaired the database. I also ran the
semantic analysis, which found no errors.

2: I rebooted, and was able to logon. AD seemed to be working.
However, the logon screen seemed odd. Usually the domain name is
already selected, but now it was blank and I had to select it
manually. I allow this system to autologon (via TweakUI) as
administrator for various reasons, but it would not do it anymore
because it won't save the domain name in the logon screen.

3: When running Windows Update manually, along with errors telling me
that ActiveX must be running (which it is) to use the site, I am
presented with a screen telling me that only an administrator can
download and install updates. So the site is useless now. But I *am*
logged on as administrator. I also have no option for "Run As" when I
right-click Windows Update.

4: The system log consistently gives the error: Registration of the
DNS record '97678c29-9955-4573-8105-9baac54a5a47._msdcs.starfleet.gov.
600 IN CNAME ncc-1701.starfleet.gov.' failed with the following error:
DNS name does not exist.

Note: this is a LAN computer, a test system which is completely
internal, so it has the geeky starfleet.gov domain name just for
kicks. I'm a DNS neophyte and installed DNS simply because it is
required for AD, and to try and learn DNS administration before
fiddling with DNS on the production servers. My intention was to
setup DNS on the test system to be completely internal and not to
interact with any other DNS system (just an XP and Win2k Pro
clients.). The test system has internet access via a router and the
ISP's DNS settings. Primary DNS in the TCP/IP settings is set to the
local DNS. This might be a completely botched setup, so any
suggestions would be welcome.

All in all, the system is running okay. Just a few odd things. I
downloaded the 818529 patch again and installed it to see if it caused
the problem again. It did, and the same error with the AD database
occured. I used the same process to fix it again.

I don't know what was lost during the AD crash. It seems as if the
system no longer thinks that administrator is a local admin. But it
seems to know administrator is a domain admin. That, or there is some
error with the local computer account (which doesn't appear in the
list on the logon screen.. but I can't recall if it ever did. Win2k
Pro and XP clients do have the option of either a local logon or
domain logon.) The local computer account is still listed in the AD
users and computers under "Domain Controllers".

Other than that, the error logs are clean and, as I said, most
everything appears to be working normally. But I'd like to get to the
bottom of this problem before I allow that security patch to be
installed on the production servers.

TIA for any help you can offer.

Relevant Pages

  • Re: Connect a new XP Pro into SBS2003 Domain, problem local admin
    ... your router and is not pointing to the SBS DNS nor does it have a WINS ... Primairy WINS server: 110.111.112.1 ... connecting to the domain as a administrator i want the domain users be ... Pc is clean new install from scratch off. ...
    (microsoft.public.windows.server.sbs)
  • Re: Preparing network connection after AD install
    ... I didn't install exchange yet. ... known symptoms of having exchange installed on DC and bad DNS ... Do not place the ISP DNS server or any other DNS on the ...
    (microsoft.public.windows.server.active_directory)
  • Re: Domain users
    ... for the DNS Server. ... User in the Domain and an Administrator in Windows XP still has all its ... > "George Hester" wrote in message ... >>> As a regular user they will not be able to install much of anything. ...
    (microsoft.public.win2000.group_policy)
  • Re: Connect a new XP Pro into SBS2003 Domain, problem local admin
    ... DNS searchlist: noordijkbrink.local ... Primairy WINS server: 110.111.112.1 ... administrator + password and after that i have to reboot my pc and it should ... Pc is clean new install from scratch off. ...
    (microsoft.public.windows.server.sbs)
  • Re: Getting New Server - Coming from SBS2003 domain
    ... default login scripts with SBS. ... new Server if the ... addresses and we are thinking of letting the new sever be a DHCP & DNS ... If you want to keep the same name, but not the same domain, meaning to start fresh, then all the workstations will need to be disjoined first prior to unplugging the current machine, because you can't have the current one up and running when you install the new one. ...
    (microsoft.public.windows.server.sbs)