Archive for May, 2011

Security Update 2509553 breaks ISA 2006 RAS

Security Update: Vulnerability in DNS Resolution Could Allow Remote Code Execution (2509553)

Breaks PPTP VPN access through RAS on a ISA 2006 Server

Issue indication:

  • From client side (Windows 7 x64 workstation) the error message is:

Client-VPN-error

  • From server side:
  1. There are no any errors in System or Application even logs.
  2. Log on process from local console or Remote Desktop is unresponsive and takes long time sometimes.
  3. “Task Manager” hangs up when switching to “Networking” tab sometimes.
  4. “Routing and Remote Access” MMC console does not show any available VPN ports or routing table (it seems that RRAS process not working as expected).
  5. When capturing network traffic on ISA server between VPN client and ISA, it seems that ISA server does not replay to “GRE LCP:Configure-Request” packets.
  • After server restart all is working fine:
  1. “Routing and Remote Access” MMC console shows available VPN ports and VPN clients connect normally.
  2. When capturing network traffic on ISA server between VPN client and ISA, ISA server replays to first “GRE LCP:Configure-Request” packet.
  • After some time (1-12 hours) the issue reappears again.

Issue resolution:

  • uninstall security update: Vulnerability in DNS Resolution Could Allow Remote Code Execution (2509553) http://support.microsoft.com/kb/2509553 (for Windows Server 2003 Service Pack 2 aggregate severity rating is “Important” not “Critical”).
Advertisements

1 Comment

Antivirus Exclusions

  1. Forefront Endpoint Protection 2010 Tools – FEP Server Role Policies http://www.microsoft.com/downloads/en/details.aspx?FamilyID=04F7D456-24A2-4061-A2ED-82FE93A03FD5&displaylang=en
  2. Virus scanning recommendations for Enterprise computers that are running currently supported versions of Windows http://support.microsoft.com/kb/822158/
  3. Recommendations for antivirus exclusions that relate to MOM 2005 and to Operations Manager 2007 http://support.microsoft.com/kb/975931
  4. Running Antivirus Software on the DPM Server http://technet.microsoft.com/en-us/library/bb808691.aspx
  5. Hyper-V http://support.microsoft.com/kb/961804/en-us
  6. Antivirus exception for BizTalk Binaries http://social.msdn.microsoft.com/Forums/en-ZA/biztalkgeneral/thread/85924bc7-93f5-4f54-b2e3-56bcd4309adf
  7. File-Level Antivirus Scanning on Exchange 2007 http://technet.microsoft.com/en-us/library/bb332342%28EXCHG.80%29.aspx
  8. File-Level Antivirus Scanning on Exchange 2010 http://technet.microsoft.com/en-us/library/bb332342.aspx
  9. Anti-virus software may impact Visual SourceSafe performance http://support.microsoft.com/?id=274051
  10. Recommendations for antivirus exclusions that relate to MOM 2005 and to Operations Manager 2007 http://support.microsoft.com/kb/975931
  11. Antivirus programs may contribute to file backlogs in SMS 2.0 and in SMS 2003 http://support.microsoft.com/kb/327453
  12. Troubleshooting Configuration Manager Performance http://technet.microsoft.com/en-us/library/bb932206.aspx
  13. Certain folders may have to be excluded from antivirus scanning when you use a file-level antivirus program in SharePoint http://support.microsoft.com/kb/952167
  14. Guidelines for choosing antivirus software to run on the computers that are running SQL Server http://support.microsoft.com/?id=309422
  15. Virtual machines run very slowly in Virtual PC 2004 or in Virtual Server 2005 http://support.microsoft.com/?id=840193
  16. Considerations when using antivirus software on FF Edge Products http://technet.microsoft.com/en-us/library/cc707727.aspx
  17. Managing Antivirus Software on Active Directory Domain Controllers http://technet.microsoft.com/en-us/library/cc816917%28WS.10%29.aspx , http://support.microsoft.com/?id=822158,
  18. Antivirus software that is not cluster-aware may cause problems with Cluster Services http://support.microsoft.com/?id=250355
  19. Virtual machines are missing in the Hyper-V Manager Console or when you create or start a virtual machine, you receive one of the following error codes: “0x800704C8”, “0x80070037” or “0x800703E3” http://support.microsoft.com/kb/961804
  20. Recommended file and folder exclusions for Microsoft Forefront Client Security or Forefront Endpoint Protection 2010 http://support.microsoft.com/kb/943556
  21. Anti-Virus Exclusions and You! http://blogs.technet.com/b/jeff_stokes/archive/2010/05/19/anti-virus-exclusions-and-you.aspx
  22. Windows Anti-Virus Exclusion List http://social.technet.microsoft.com/wiki/contents/articles/windows-anti-virus-exclusion-list.aspx
  23. Антивирус для Windows Server — настраиваем список исключений http://blog.it-kb.ru/2012/08/08/antivirus-exclusions-list-for-microsoft-windows-server/
  24. Configuring antivirus exclusions in a System Center Service Manager environment http://support.microsoft.com/kb/2787044

Leave a comment

System Center Unlimited: An aggregation of the most popular Microsoft System Center support and team blogs

http://blogs.technet.com/systemcentertech/

Leave a comment

Useful ISA 2006 / TMG 2010 links

Leave a comment