Re: Machine does not respond.

From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 06/29/05 

Date: Tue, 28 Jun 2005 18:22:50 -0500

I am not an IIS guru but it is my understanding there is no reason to run
IIS Lockdown on a Windows 2003 Server. They may want to use URLscan version
2.5 based on information in the link below.

http://www.microsoft.com/technet/security/tools/urlscan.mspx

Having said that I am not sure offhand why you can not use PSINFO.exe after
they run IIS Lockdown. I would check to make sure the file and print sharing
and the server service is still running on the IIS server [this may not be a
good idea for a production computer] and try to access a share such as a
built in administrative share C$ to see if you can do that. It may also
help to enable auditing of logon events for success and failure and
privilege use for failure on the IIS servers and then look to see if
anything helpful has been recorded in the security logs that may provide a
clue. If you are familiar with netmon a packet trace from your admin
computer while trying to use your utility may be helpful to see what is
going on with the packet exchange sequence. Netmon would need to be enabled
on the IIS server. --- Steve

"HipHopHank" <HipHopHank@discussions.microsoft.com> wrote in message
news:FEF20A08-69E7-4BB1-8769-F375965EC47F@microsoft.com...
> We have several W2K3 servers running IIS for development purposes. Often
> the
> developers have run the IIS lockdown tool. Once they do that I'm locked
> out
> of the machine, which for the moment, isn't the problem. The problem is
> that
> if I run a program like 'gettype.exe' or 'PSINFO.exe' the program just
> sits
> there. The machine never responds, if the machine wasn't there the
> command
> would time out, but these never do.
>
> Has anyone seen this? Do you know what causes it and how to fix it?
>
> (I am posting here because I figure you do scans of the machines on your
> networks and may have run into this.)
>
> Thanks H3

Relevant Pages

  • [NT] Heap Overrun in HTR Chunked Encoding Could Enable Web Server Compromise
    ... This patch eliminates a newly discovered vulnerability affecting Internet ... in IIS 4.0 and 5.0, and could likewise be used to overrun heap memory on ... allowing code to be run on the server. ... * Microsoft has long recommended disabling HTR functionality unless there ...
    (Securiteam)
  • Re: Problem with connect computer wizard
    ... Make sure the Windows XP client is pointing to the SBS 2003 server as ... Please collect the IIS metabase and the latest IIS log files further ... This newsgroup only focuses on SBS technical issues. ...
    (microsoft.public.windows.server.sbs)
  • RE: IIS Key pairs (how to export an IIS 4.0 self-issued Root CA a nd import into new IIS 4.0 box)
    ... IIS key to an Intel SSL acelerator ... it issues client certificates to the end users. ... Step I - Installing the New Server ... Install NT SP 3 ONLY ...
    (Focus-Microsoft)
  • Re: SBS 2003 After Service Pack 1 for SBS
    ... we can conclude the SBS 2003 SP1 has been applied ... Please help me collect the IIS metabase to check ... and using server management console to reproduce the problem. ... This newsgroup only focuses on SBS technical issues. ...
    (microsoft.public.windows.server.sbs)
  • FW: Microsoft Security Advisory MS 03-007
    ... am trying to find a vulnerability tester/script and I could test it out ... Department of the Army server that had been compromised and that this ... announcement covers IIS 5.1 but not IIS 6, ... How a Hacker Uses SQL Injection to Steal Your SQL Data! ...
    (Focus-Microsoft)