832894 phish fix -- TCP broken

[Clyde]

System: Win2K Pro on 2.4P4 1GB RAM. Used as server for internet apps
(email, web, ftp, etc). Been running good for many years. No new
software installed for many months.

I installed Windows Update 832894 on my Win2K SP4 box yesterday. When
it asked if I wanted to restart, I said no. After I restarted later
that evening, when I opened my email client it could not connect to my
email server which runs on this machine (machine A). I opened up a
terminal window and tried to connect to port 25 -- connection refused.
I tried to connect to port 80 (running a webserver on this machine
also) -- connection refused.

I tried to telnet from machine B to machine A to port 25 -- connection
accepted, same with port 80 from B to A.

I opened up my FTP client on machine A and tried to connect to the FTP
server running on machine A -- can't connect. Telnet to port 21
showed connection refused.

Connections to the outside world from box A worked fine -- I can go to
google, etc.. The problem only happens when trying to access a port
on machine A from machine A.

I checked my Ghost image files and the latest one I had was from
10/2003 so I tried fixing the current install.

Patch 832894 shows no information for rolling the patch back. It does
not show up in Add/Remove.

Made a ghost image of my current Win2K partition. Tried uninstalling
SP4 -- connection refused. Reinstalled SP4 -- connection refused.
Tried repairing IE6 -- connection refused. Tried uninstalling and
installing IE6 -- connection refused. Tried repairing Win2K from CD
-- connection refused.

Finally restored my Ghost image from 10/03 and everything works.

I called MS' virus and security number 800-PCSECURITY. Unfortunately
the lady on the other end didn't seem to understand at all. She kept
telling me to contact my ISP and they could issue me a new IP number,
blah, blah. After a few more minutes, she said that it sounded like
an ISP issue and I told her that 127 addresses don't get outside the
local network so the ISP didnt have anything to do with it. Then she
said if I ever got the virus removed, and I informed her that the
patch was to fix vulnerabilities, it had nothing to do with viruses.

She eventually gave me a ticket number (146276720) and said it would
be sent to escalation and they'd call back. Then I called MS support
and eventually got to Win2K support. Told them the symptoms. They
said they could check if the patch could cause it but if not they'd
charge me for support. I told them I was simply trying to let MS know
that there could be an issue with the patch.

 

[Scott Harding - MS MVP]

Most likely the problem was there before the patch and the reboot was a
coincidence. Since you don't have the issue anymore we can't help
troubleshoot but there could have a plethera of things to look at. Thanks
for posting at least I guess to let people know to be carefuly?!?!? I cannot
telnet to 127.0.0.1 25 either on my Exchange server ...............

 

[Clyde]

Dont think the reboot was an issue since I had done a reboot on
Sunday. Only thing that changed between then was the patch. I don't
download "junk" software on this system since I rely on it as my
server.

 

[Clyde]

I still have the ghost image of the bad system.

I'm interested of the "plethera[sic] of things" that would cause local
port access to be refused.

I also forgot to mention that I performed 3 virus scans (Norton 2004,
Norton online and AVG) as well as Ad aware. All came up clean.

 

[Matt]

This patch has damaged one of my W2K servers also. Now
the "Client Network" and the "MetaFrame COM Server"
service do not start. Can't start them manually. I can
also not run anything from the command line. Have
reapplied SP3, reinstalled the Client for Microsoft and
TCP/IP and reinstalled the OS...but nothing.

 

[Clyde]

Also forgot to mention that I deleted ZoneAlarm and BlackIce (after
trying just shutting down their services) but still no good.

 

[Scott Harding - MS MVP]

Your firewalls could have been damaged by the patch and that would cause the
ports to possibly be hosed....er......closed....were you running them during
the install? Was your Virus scanner running during the install? What was the
state of the services when the problem happened? Was the email service
running during install? Since a lot of these are 3rd party they all could
been the cause of the issue. The patch may have replaced/updated a shared
system file thus causing these other things to crash. My point is that I
have 9 web servers running all the latest patches and have not had similar
issues so is this a MS problem? Hard to say, probably. I certainly
understand your pain and believe me I have felt the same but MS is not
always to blame and it really is a catch 22 with patching and such because
MS can never know all the different software/hardware people are using when
they issue these patches. I really do commend you on your ghosting process
though. What a nice way to get your system back eh? Ghost Rules! Anways I
know that we are not really working on an issue here but these newsgroups
are really great and there are a lot of great people who help out so keep
using them! Take care.

 

[Clyde]

I'd like to hear what would cause local access to ports not to respond
but remote machines access those ports fine. I don't see the
difference between creating a local connection to a port -vs- a remote
machine connecting to the port but I'm no TCP/IP guru. Whether I used
127.0.0.1 or the static IP of the box, no local connections were
accepted.

"local" refers to using machine A to connect to the port machine A.
"remote" means using any other machine besides machine A to connect to
the port on machine A.

Oh, I also tried uninstalling and reinstalling the TCP/IP protocol but
that didn't help either.

The email server and web server were running during the install (same
as the other countless Windows Updates done before) but the FTP server
wasn't, but I still could not connect locally to FTP.

And I'm not blaming MS, but it is very suspicious that no problems
were evident until that patch was installed and the machine rebooted.
I understand that the layers are involved and there are several
players involved, but since the patch was the laast change, it will be
the first suspect.

All I can say is something, somewhere, got royally hosed because none
of the attempts to repair the damage were successful.

 

[Clyde]

You gotta love Ghost. It's saved my butt many times, especially when
upgrading systems. Probably one of my most used utilities. It's
better than my 40GB 8mm HP tape drive :-(

I just wish I knew how to move the C:\Documents and Settings folder
for all users to a different partition. That way when I rebuild the
Win partition, I wont lose user setting since they'll be on a
different partition.

 

[Guest]

You can move the C:\Documents and Settings folder to
another partition. See attached link.

http://www.angelfire.com/poetry/richardsworld/Profile_D.zip

 

[Guest]

I had a similar problem when I installed this patch on a fully patched version of Windows XP Home & IE6 SP1. After installing it, I was unable to access the Internet

The solution was to do a system restore (i.e. the system restore that is built into XP). Windows saved a restore point immmediately before installing the patch, so I rolled back to a point about 10 minutes earlier (during that period I had only installed the patch and rebooted). After rolling back, I was able to access the Internet

I repeated this entire process a second time, with identical results. After installing the patch, I couldn't access the Internet. After rollling back, I could access the Internet.