Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

crippled by KB902400

1 view
Skip to first unread message

Rob Shaw-Fuller

unread,
Oct 13, 2005, 3:58:03 PM10/13/05
to
Three of our Windows 2000 / IIS 5 servers were crippled by KB902400, the
patch for MS05-051. The only way that we could get the servers to work
again was to uninstall the patch.

The MS05-051 vulnerability looks quite bad, so I'm not happy with leaving
these servers unpatched. Relevant error messages below:

Event Type: Error
Event Source: DCOM
Event Category: None
Event ID: 10010
Date: 10/11/2005
Time: 9:49:06 PM
User: NT AUTHORITY\SYSTEM
Computer: (deleted)
Description:
The server {3D14228D-FBE1-11D0-995D-00C04FD919C1} did not register with DCOM
within the required timeout.

Event Type: Warning
Event Source: W3SVC
Event Category: None
Event ID: 36
Date: 10/11/2005
Time: 9:49:06 PM
User: N/A
Computer: (deleted)
Description:
The server failed to load application '/LM/W3SVC/1/Root'. The error was
'Server execution failed
'.
For additional information specific to this message please visit the
Microsoft Online Support site located at:
http://www.microsoft.com/contentredirect.asp.


Any ideas on what was broken and/or how to fix it?


Rob Shaw-Fuller
robsha...@hotmail.com

Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]

unread,
Oct 13, 2005, 10:50:42 PM10/13/05
to
PRB: ASP pages do not process and DCOM event 10010 appears in the system
event log:
http://support.microsoft.com/default.aspx?scid=kb;en-us;327153


CAUSE

The NT AUTHORITY\Authenticated Users or NT AUTHORITY\INTERACTIVE entries
have been removed from the Users group.


RESOLUTION

Add these users back to the Users group, and then restart Internet
Information Services (IIS):
1. Click *Start*, click *Programs*, click *Administrative Tools*, and
then click *Computer Management* to open the Computer Management console.
2. In the left pane, expand *Local Users and Groups*, and then click
the *Groups* folder.
3. In the right pane, right-click the *Users* group, and then click
*Properties*.
4. Click *Add*.
5. In the *Select Users or Groups* dialog box, locate the *Look in*
drop-down box, and then select the local computer.
6. Select *Authenticated Users*, and then click *Add*. Select
*INTERACTIVE*, and then click *Add*. Click *OK*, click *Apply*, and then
click *Close* to close the properties for the Users group.
7. In the left pane, expand *Services and Applications*, and then click
*Services*.
8. In the right pane, right-click *IIS Admin Service*, and then click
*Restart*.
9. In the *Restart Other Services* confirmation dialog box, click *Yes*.

EventID.Net:
http://www.eventid.net/display.asp?eventid=10010&eventno=508&source=DCOM&phase=1

PA Bear

unread,
Oct 13, 2005, 11:27:07 PM10/13/05
to
What are you doing in our li'l corner of the world, Bitz?
--
~PAŞ

Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] wrote:
> PRB: ASP pages do not process and DCOM event 10010 appears in the system
> event log:
> http://support.microsoft.com/default.aspx?scid=kb;en-us;327153

<snip>

Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]

unread,
Oct 14, 2005, 12:09:40 AM10/14/05
to
Came in while looking at your link. Was also looking around checking
out the dead body count.

Mark Murphy

unread,
Oct 14, 2005, 12:13:51 AM10/14/05
to
We had problems with this patch also. Turns out that a domain policy setting
that was done before has stoped this patch from working correctly The
following is the policy and the MS blurb about it

Bypass traverse checking

Removing the Everyone group from the list of security principals who, by
default, have this user right. The Windows operating systems, and also many
programs, have been designed with the expectation that anyone who can
legitimately access the computer will have the Bypass traverse checking user
right. Therefore, removing the Everyone group from the list of security
principals who, by default, have this user right could lead to operating
system instability or to program failure. It is better that you leave this
setting at its default

We removed all groups from this some time ago and we had to add the Everyone
group back to make the MS05051 patch to work correctly

The default is
Administrators
Everone
backup operators
Power users
Users

Check the local Security policy of your servers to see if this has been
changed and if so replace the everyone group at the vary lest.

This fixed our problems with this patch

--
Mark Murphy - MCSE2000

me

unread,
Oct 14, 2005, 12:27:03 AM10/14/05
to
I ran into this problem as well, my cause is different then Mark's

I was able to resolve this issue by adding
permissions for IWAM_computer and
the ASPNET account (if you have the .NET FW installed) to have read access
to C:\Winnt\Registration - once I made
the change and restarted IIS, the applications worked again.

I removed the default permissons on this folder when the servers were built.
the patch for COM+/MSDTC requires that those accounts have permission to the
folder above.

Filemon clearly showed that it was a permissions issue.

hope this helps,

Seth

PA Bear

unread,
Oct 14, 2005, 4:16:06 AM10/14/05
to
They're droppin' like flies but not nearly as bad as late Tuesday &
yesterday. (Loved this:
http://blogs.technet.com/mscom/archive/2005/09/09/410523.aspx, especially
"20+ Billion Downloads in 2005.Routinely 150M+/Day".)

My guy also contacted PSS separately, courtesy of the link you so *very*
kindly provided me. Thanks again.
--
~PA Bear

Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] wrote:

estantodos...@gmail.com

unread,
Oct 14, 2005, 4:54:05 PM10/14/05
to
I stumbled upon this exact problem too. Adding the permissions to the
Registration folder as "me" said corrected the problems.

Thanks!
N

Rob Shaw-Fuller

unread,
Oct 17, 2005, 8:50:35 AM10/17/05
to
Thanks, Seth! This was the fix!

FYI, Microsoft is now "officially" recognizing this problem in the KB:
http://support.microsoft.com/kb/909444


Rob Shaw-Fuller
robsha...@hotmail.com

"me" <m...@discussions.microsoft.com> wrote...

0 new messages