MS Patches last Mon - Recap
Hi all ...
Following my post on bugtraq last Fri and after having waded through the
deluge of replies, here is a quick recap of things:
1) Thu morning several of my users could not login. WinXP and Win2k
complained that the time between the server and client is different. I can
workaround this since we happen to have cached logon credentials so all I
needed to do was unplug the network cable, get them to log in and plug it
in again. Different things worked for different people. NET TIME \\MYPDC
/SET /Y worked for the 1st one. NET TIME \\MYBACKUPDOMAINCONTROLLER /SET
/Y worked for the 2nd. I don't know why the first command did not fix the
problem for User2 (and yes, I did reboot server and client meanwhile) A
number of other things were required to get things moving for the others.
2) Fri morning I had a few more people who were working on Thu finding
themselves unable to login. At this point I began to suspect the MS
patches from Wed. I hadn't before since at first glance the patches did
not affect any time-related or login-related functionality. However,
research on the MS site shows that the time feature uses RPC to coordinate
the time between client and server and this set alarm bells ringing.
3) On Sat I found out that even client computers WITHOUT the patches
installed could not login properly. I tried uninstalling the patches from
both the PDC and BDC one by one but this did not solve anything.
4) On Sat I went through all the emails. Thanks for all your help but I
was aware that NET TIME exists, how to use it, how to set it up to always
coordinate time with the PDC and how to set the PDC to sync with an
external time source. I also am aware that Kerberos allows for a 5 min
difference and am quite sure that our servers are still set up that way. I
also have net time in the logon script and all of these suggestions - while
welcome - had already been tried.
5) Thanks also to all the people who wrote in to tell me that they too have
similar problems - I counted about 20 all in all. It is reassuring to know
that I'm not the only one. Unfortunately, reinstalling Windows on my
server is not an option I would like to consider. And rebooting the
clients and servers didn't work either.
6) It is entirely possible therefore that the uninstaller of these patches
is not comprehensive enough to uninstall all the items/reg keys that it
sets up. I am going to look for a list of changes and ensure that they
have been revoked. This statement assumes that the patches are at fault
here - and while I am aware that a reboot could trigger any number of
pending uninstalls/installs I had recently rebooted the machines and
nothing had been removed/added until the patches. I had initially toyed
with the idea that this may be some kind of trojan and/or virus but cannot
identify any kind of errant process or item in the registry that would add
weight to this theory. Suggestions are welcome. However, if everyone else
is working then what's different between my network and theirs?
7) I am now in a situation whereby after having uninstalled the patches
from my PDC and BDC and rebooting both machines, I am unable to login to my
BDC. This is critical for me and it is why I am here tapping away at my PC
on a Sunday at 12:16 (I'm in Europe). I intend to stay here at the office
until the problem is sorted so feel free to email at any time. I will post
an update as soon as I have one.
Thanks for all your help so far. Let's see if we can nail this bugger.
Antoine Borg
Network Administrator
Malta Communications Authority
Suite 43/44, "Il-Piazzetta"
Tower Road
Sliema SLM 16
Malta G.C.
Mob: +356 79 271852
---------
"There is something about inevitability that offends human nature. Man is
a creature of hope and invention, both of which belie the idea that things
cannot be changed. But man is also a creature prone to error, and sometimes
that makes inevitable the things that he so often seeks to avoid."