Extended Errors - Am I starting an 'urban myth'?

Extended Errors - Am I starting an 'urban myth'?

Post by Phil Partridg » Mon, 08 Oct 2001 20:20:50



Good People,
        Could anyone explain what an 'extended error' is?

This last week have had three Clients call in with this problem;
They either cannot 'logon' (authenticate to the Server), or they
authenticate (password accepted) but then the login script will not run
and they cannot get access to any resources on the Server. - Yes I know
it sounds like not authenticated, but why would it accept the password
and not come up with the normal 'password/logon incorrect, or 'no domain
controller' messages?

Two sites are SBS (4.5 + SP6a + Code Red patch etc.), the other is pure
NT4 (ditto SP's etc.).

Seems strange that we have three different sites with the same problem
in such a short length of time, unless it is a related problem.

In all cases, the only 'cure' has been a Server re-boot.

All comments or thoughts gratefully received.

TIA.

*** WARNING URBAN MYTH MUSING FOLLOWS! ***

A colleague has commented that he thinks it more likely that Code Red
resulted from something done, either deliberately or by accident, within
Microsoft. He feels the loophole is such it appears on machines that
have *never* connected to the Internet and so become vulnerable via that
route.
I personally do not know enough about the problem, how it propagates,
and the loophole used to make an informed decision.
Could it have been a Linux convert in Redmond? Or was it a case of
reading the RFC's etc. and writing code that did 'exactly what they
asked it to do' rather than 'what they thought they had asked it to do'.

Same colleague thinks the above problem is related to aftermath of
fixing Code Red, or another 'feature' for which a 'fix' will be
available 'real soon now'.

*** THE ABOVE ARE MUSINGS AND NOT INTENDED AS THE WORD OF (insert deity
here). ***

Thanks all,
--
Phil Partridge

 
 
 

Extended Errors - Am I starting an 'urban myth'?

Post by Todd Fathere » Tue, 09 Oct 2001 00:46:48


I don't have any comments on your urban myth.  As for the clients, what is
the OS?  The default out of the box for Win2KPro if it cannot find a domain
controller is to logon using cached credentials, but not give any warning.
There is, of course, a registry setting to add/change on the chance you
think this is important information.  Now, as to why this is happening at
three different sites...your guess is as good as mine.

todd


Quote:> Good People,
>         Could anyone explain what an 'extended error' is?

> This last week have had three Clients call in with this problem;
> They either cannot 'logon' (authenticate to the Server), or they
> authenticate (password accepted) but then the login script will not run
> and they cannot get access to any resources on the Server. - Yes I know
> it sounds like not authenticated, but why would it accept the password
> and not come up with the normal 'password/logon incorrect, or 'no domain
> controller' messages?

> Two sites are SBS (4.5 + SP6a + Code Red patch etc.), the other is pure
> NT4 (ditto SP's etc.).

> Seems strange that we have three different sites with the same problem
> in such a short length of time, unless it is a related problem.

> In all cases, the only 'cure' has been a Server re-boot.

> All comments or thoughts gratefully received.

> TIA.

> *** WARNING URBAN MYTH MUSING FOLLOWS! ***

> A colleague has commented that he thinks it more likely that Code Red
> resulted from something done, either deliberately or by accident, within
> Microsoft. He feels the loophole is such it appears on machines that
> have *never* connected to the Internet and so become vulnerable via that
> route.
> I personally do not know enough about the problem, how it propagates,
> and the loophole used to make an informed decision.
> Could it have been a Linux convert in Redmond? Or was it a case of
> reading the RFC's etc. and writing code that did 'exactly what they
> asked it to do' rather than 'what they thought they had asked it to do'.

> Same colleague thinks the above problem is related to aftermath of
> fixing Code Red, or another 'feature' for which a 'fix' will be
> available 'real soon now'.

> *** THE ABOVE ARE MUSINGS AND NOT INTENDED AS THE WORD OF (insert deity
> here). ***

> Thanks all,
> --
> Phil Partridge


 
 
 

1. SBS "Urban Myths"

OK ! I'm intrigued.

To me there are a few things that are starting to sound like "Urban
Myths" surrounding SBS.

I've known, an know  of sites running TS in App Mode on their SBS since
4.5 an NEVER had any Security Breaches.
Yes it's brought the server and network to a standstill for lack or
resources and so had to be moved off to another server, but still -never-
a security breach. - ...and I've not see a single post relating to a
security breach due to TS in app Mode.

I know and have known people who run Web Servers on SBS and not been
compromised - providing of course that due diligence has been applied.
( curiously enough not so for the Linuxen I  know ) - So where are all
the posts about - "hey ! I've been hacked - what do I do now ?"

Granted, that  if you never go near water you can never drown, but I'd
love to see some empirical evidence and stats for these SBS "Don't".

The only "common" intrusion I see on the Ngs is "Hey ! I'm an Open relay"
but no-one says "Don't use Exchange" So what's really going on here ???

Now, with the restriction on SQL Server back-ending a website being
lifted it seems ridiculous to tell a company that they shouldn't run an
LOB EDI application from their SBS.

So, let's have some real stats to cure me of my evil ways. Or let's at
least be honest and say that yes you can use all the resources that SBS
provides, but this is the way to do it to minimise the risk and has been
found to be reasonably secure. ( ...and there is -always- risk, but we're
not talking Military Intelligence, National Budget, Enterprise banking
here. )

--
Henry ( the devil made me do it ) Craven.

========= Post It Appropriately: ============
SBS 4/4.5 : microsoft.public.backoffice.smallbiz
SBS 2000 : microsoft.public.backoffice.smallbiz2000
SBS 2003 : microsoft.public.windows.server.sbs
=====================================

2. VARLEN and RPG

3. Advertisement Status reporting more 'Programs Started' than 'Received'

4. how to make section counter

5. v95i001: MRBackup Professional [2.1.2] - Amiga Hard Disk Backup and File Management Utility, Part 01/08

6. ERROR: BiztalkConfigFromXML, BiztalkReceiveFunctionsFromXML : Method '~' of object '~' failed.

7. linalg change basis

8. HELP : AdsSecurity.Dll And Error : -2147023591 (Method '~' of object '~' failed)

9. error '8000500f' when setting a User's property in ASP

10. Microsoft VBScript runtime error '800a01b6' -- Object doesn't support this property or method

11. 'Error reading from SMTP host 'servername'

12. How do I start 'n' stop services on SBS 4.5 remotely?