[<prev] [next>] [day] [month] [year] [list]
Message-ID: <OF0771F35B.BDBAECE2-ONC1256E7A.0044285B-C1256E7A.004560EA@mca.org.mt>
Date: Sun, 18 Apr 2004 14:37:48 +0200
From: aborg@....org.mt
To: <bugtraq@...urityfocus.com>, NTBugtraq@...tserv.ntbugtraq.com
Subject: MS Patches last Wed - SOLUTION
Hi ..
So, after my previous two mails, I managed to solve the problem (I think)
1) I rebooted the PDC and one of the clients started working. It was the
only one that worked immediately so I think a reboot was required for the
PDC. That set me thinking.
2) I tried rebooting the BDC but that did not help, i.e., I still could
not login. I tried one of the other clients and went through all of this
to fix it:
a) Uninstalled 835732; the uninstallation requires a reboot - still can't
login. Rebooted again (see 1 above); still no luck
b) Uninstalled 828741; the uninstallation requires a reboot - still can't
login. Rebooted again (see 1 above); still no luck
c) Uninstalled 837001; the uninstallation does not require a reboot - but
rebooted anyway. No luck, rebooted again and this worked!!
I used this sequence since this is the reverse order of installation of
these patches according to the Event Log, so I figured that it would be
best to tackle them in this order.
3) I tried another client PC and the same MO worked, confirming my steps in
2 were good and not merely luck.
4) I had already uninstalled 837001 from the BDC since this is the patch
that replaces WINLOGON.EXE and LSASS.EXE (which I figured would be the
culprit); now I needed to uninstall 828741 and 835732 hoping that the
change in sequence would not negatively affect my solution. I researched
the MS Site for these patches to see what the uninstallation path is and
this info is listed - %WINDIR%\$NTUninstallKB828741$\SPUInst\SPUInst.exe is
the uninstaller. Unfortunately I could not access the server to run
"Add/Remove Programs" or run this exe. I checked the MS KB again to see if
I could use the Run or RunOnce keys. KB article 137367 lists the keys and
explains what they do. KB article 179365 explains the sequence that
Windows uses to run them. On both pages, the indication is that the
"RunServices" key is run before the login prompt (which is what I wanted)
but 137367 explains that this key does not apply to Win2k. I figured, what
the hell and connected to the registry remotely, added this key and added
an entry to the path mentioned together with /u (unattended) and /q
(quiet). Rebooted the BDC, got the login screen, rebooted again.
It worked.
I rebooted the BDC a few more times and everything looks fine so in
conclusion:
1) Patch 835732 does not seem to have any problems associated with it.
2) Patch 828741 and patch 837001 are the main culprits although I will now
test 837001 to see if it breaks anything or not.
Sigh.
And now I can get back to enjoying my Sunday.
Antoine Borg
Network Administrator
Malta Communications Authority
Suite 43/44, "Il-Piazzetta"
Tower Road
Sliema SLM 16
Malta G.C.
Mob: +356 79 271852
---------
"There is something about inevitability that offends human nature. Man is
a creature of hope and invention, both of which belie the idea that things
cannot be changed. But man is also a creature prone to error, and sometimes
that makes inevitable the things that he so often seeks to avoid."
Powered by blists - more mailing lists