Re: MS08-067 locked up my servers

Add/Remove programs. Check the box to display installed updates. Uninstall patches in reverse order of their installation.

Mike.

"LIONHEART2205" <LIONHEART2205@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:FE7EC79F-75A4-4BC0-A29F-FEE8A497A76F@xxxxxxxxxxxxxxxx
HOW DO I UNINSTALL THIS PATCH
______________________________


"Michael D. Ober" wrote:

"Alun Jones" <alun@xxxxxxxxxxxxx> wrote in message
news:uqiWTX2OJHA.4480@xxxxxxxxxxxxxxxxxxxxxxx
> "Al Dunbar" <AlanDrub@xxxxxxxxxxxxxxxxxxx> wrote in message
> news:eRFLIvwOJHA.780@xxxxxxxxxxxxxxxxxxxxxxx
>>
>> "Michael D. Ober" <obermd.@.alum.mit.edu.nospam.> wrote in message
>> news:Buqdnf-pDZCZoZTUnZ2dnUVZ_h6dnZ2d@xxxxxxxxxxxxxxxx
>>> "Greg H" <gphalpin@xxxxxxxxx> wrote in message
>>> news:82977544-5fce-493b-990a-0439ebf5d7c5@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
>>>> On Oct 28, 10:57 am, Greg H <gphal...@xxxxxxxxx> wrote:
>>>>> On Oct 27, 7:24 pm, "Michael D. Ober" >>>>> <obermd.@.alum.mit.edu.nospam.>
>>>>> wrote:
>>>>>
>>>>> > After installing MS08-067 (last weeks emergency RPC patch) none >>>>> > of
>>>>> > my domain
>>>>> > controllers could talk to each other. When I uninstalled this
>>>>> > patch,
>>>>> > everything started working again. My DCs are Windows Server 2003 >>>>> > R2
>>>>> > SP2
>>>>> > running on VMWare Server 1.05. Has anyone else seen this >>>>> > behavior
>>>>> > or have
>>>>> > any ideas on how to avoid it? The errors indicated that RPC >>>>> > failed
>>>>> > to allow
>>>>> > new connections.
>>>>>
>>>>> > Thanks,
>>>>> > Mike Ober.
>>>> Restarting the servers solved my problem. I can remote to them
>>>> again.
>>>>
>>>>> The problem I'm having is that I cannot remote desktop to a couple >>>>> of
>>>>> my Windows 2003 R2 SP2 Servers. I haven't found a solution yet.
>>>>> The RDP services are running.
>>>>> The firewall is off.
>>>>> I disabled and then renabled Remote Desktop on the My Computer
>>>>> Properties.
>>>>> I haven't restarted the server yet but will be trying that after 5 >>>>> PM
>>>>> today.
>>>>> There are no errors in the logs regarding RDP.
>>>>>
>>>>> I'm going to restart the server at the end of the day to see if >>>>> that
>>>>> resolves it. If that resolves it, I'll post again.
>>>>>
>>>>> Greg
>>>>
>>>
>>> It wasn't just Remote Desktop for me. Group Policy didn't work,
>>> Kerberos didn't work. Basically, nothing that required RPC calls to
>>> operate, which is almost all of Active Directory's communications,
>>> worked until I uninstalled this patch.
>>
>> That's odd. We didn't have any issues with it at all.
>
> Well, you probably followed the instructions and rebooted the server > after
> installing the patch.
>
> I've seen a number of sites suggest you install the patch without
> restarting, and simply stop and restart the Server service.
>
> That doesn't do the trick. When the Server service starts up again, it
> reuses the copy of the DLL that is in the svchost.exe memory. Still
> flawed.
>
> What if you stop every service in the same SvcHost group, and then > restart
> them?
>
> It fixes the _one_ specific path to exploit this flaw, but it leaves > the
> flawed function loaded in dozens of processes - can you guarantee that
> none of these processes call the same function? [ tasklist /m > netapi32.dll
> shows you the processes using the DLL ]
>
> And if Netapi32.dll expects to talk to its other instances, can it? > Nope.
> And that will cause random breakage.
>
> So, you just apply the patch, restart, and everything will be better.
>
> Alun.
> ~~~~
> -- > Texas Imperial Software | Web: http://www.wftpd.com/
> 23921 57th Ave SE | Blog: http://msmvps.com/alunj/
> Woodinville WA 98072-8661 | WFTPD, WFTPD Pro are Windows FTP servers.
> Fax/Voice +1(425)807-1787 | Try our NEW client software, WFTPD > Explorer.
>
I rebooted multiple times after the patches, since I have seen previous MS
patches that require two reboots to really get installed correctly.

Mike.







.

Relevant Pages

  • RE: MS Software Update Service
    ... and approve the patches before releasing them to your clients. ... Automatic Update client) ... Doesn't patch SQL Server, Exchange, Office, etc. ... distributed through Active Directory software installation, ...
    (Focus-Microsoft)
  • Re: Ingenieurmangel: Nur Gerede oder ist was dran?
    ... Man bekommt die Info, dass PAtches ... dass du die Downtime auch bekommst. ... Ich kenne keinen Server mit XP drauf... ... des Patches und der Installation schonmal ein paar Wochen ...
    (de.sci.electronics)
  • Re: AutoGenerateColumns wont set to false
    ... Same behavior on two machines, Laptop and server. ... I haven't installed any patches on either machine this week. ... > security installation logs for that server. ...
    (microsoft.public.dotnet.framework.aspnet.datagridcontrol)
  • RE: Categories missing in Group Policy!
    ... the GPM and restarted the server. ... Not sure that the restart was necessary, ... I've got a customer where I today needed to edit a group policy but when I ... Remote Installation Services: rigpsnap.dll ...
    (microsoft.public.windows.group_policy)
  • Re: CA and SSL issue.
    ... and restart the CA and IIS service? ... > it during the installation process or setup. ... I get a cannot connect to server. ... > certificate. ...
    (microsoft.public.win2000.security)