[unisog] mysterious IIS failures
jnduncan at cisco.com
Thu Jan 15 18:36:30 GMT 2004
Russell Fulton writes:
> The servers involved are all Windows 2003 (standard) and had all been patched
> for the known security issues (ie. after the initial patching of MS03-039, etc
> Windows Update was run and now thinks there are no further updates to be
> The LSASS failure (this thing manages security in Windows) happens when an
> installation stops/starts Web publishing processes.
> All three machines had external access, nothing special at the time of update,
> R> 'external access' == outbound access to the 'Net no inbound access.
> and were on the network at the time (the installation processes require access
> to DNS etc for certain modules).
> DCOM is consistently not installed.
> COM+/WebDAV are installed.
> 2 out of three had NAV (8.x) installed at the time the issue happened. The
> virus definitions, etc were current and the machines subject to the policies
> managed via Loveleen in ITSS -so real time scanning/heuristics are whatever is
> currently standard.
> R> We do still have intermittent bursts of welchia/slammer traffic on campus so
> R> the thought that this is causing problems during some small window during
> R> installs is not totally implausible
> R> anyone have any ideas?
Hi, Russ. I suggest the machines be re-installed and the patches
applied _before_ they are reconnected to the network.
It is interesting that I just had a similar discussion with a coworker
just a few hours ago. He uses a USB memory device to carry his patches
over to the new machine because he will not risk connecting the new
machine to any network until it is patched. And this is inside a
fairly tightly controlled network! ;-)
So, it would be interesting to see if the failures continue even when
the machine is installed, patched, and brought up again while still off
Hope this helps.
Jim Duncan, Critical Infrastructure Assurance Group, Cisco Systems, Inc.
jnduncan at cisco.com, +1 919 392 6209, http://www.cisco.com/go/ciag/.
PGP: DSS 4096/1024 E09E EA55 DA28 1399 75EB D6A2 7092 9A9C 6DC3 1821
More information about the unisog