Win xp sp2 rpc failure

[Peter W. Merner]

I am testing the XP clients on an SBS2000 LAN. Typical client is an AMD box
with 1GB RAM running Win XP sp1 with all patches through 9/21/04. The test
box had ISA sp2 Firewall client, the Symantec Corporate AntiVirus 9.0 client
and was running normally in a production environment prior to the install of
sp2. Installed sp2 from the MSDN Universal CD using local admin account and
observed that the install itself appeared to run to a normal conclusion but
that numerous services that were configured for automatic startup were not
running. Chief among these was the RPC service. Attempting to start this
service from the Services applet produces the error Permission Denied.
Naturally, since so many other services are dependent on the RPC, many other
problems exist on the test box. And, I am unable to uninstall sp2 and am
looking at the possibility of having to rebuild the machine from scratch.

My chief question is: How do I need to configure NTFS permissions to get
this box back again? At the moment user Everyone has read and execute
permissions on the entire drive on which XP is installed. Secondary question
is: How would I uninstall sp2?

 

[Darren Curtis]

Here are some things to try. Please let me know your results.

How To Reset Security Settings Back to the Defaults
http://support.microsoft.com/default.aspx?scid=KB;EN-US;313222

How to remove Windows XP Service Pack 2 from your computer (875350)
http://support.microsoft.com/default.aspx?scid=KB;EN-US;875350

OR

If you want to remove SP2, please take the following steps:
---------------------------------
1. Restart your computer and start pressing the F8 key on your keyboard.
2. When the Windows Advanced Options menu appears, select Safe Mode, and then press Enter.
3. Log onto Windows by using the Administrator account and password.
4. Click Start, click Run, type %SystemRoot%\System32\restore\rstrui.exe in the Open box, and then click OK.
5. Click Restore my computer to an earlier time, and then click Next.
6. Click the date that you installed Windows XP SP2, and then click Installed Window XP Service Pack 2 in the Restore Point box.
7. Click Next, and then follow the instructions on the screen to remove Windows XP SP2.
8. Start Regedit
9. Change HKLM\System\Current Control Set\Services\RPCSS, "ObjectName" value to "LocalSystem".
10. Reboot the computer

Check this Key:
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\RPC\RestrictRemoteClients set it to 0 to disable the restriction.

Description of Windows XP and Windows Server 2003 System File Checker (Sfc.exe) (310747)
http://support.microsoft.com/default.aspx?scid=KB;EN-US;310747

How to perform an in-place upgrade (reinstallation) of Windows XP (315341)
http://support.microsoft.com/default.aspx?scid=KB;EN-US;315341

Best Regards,
Darren Curtis, MCSE
Microsoft Enterprise Support Engineer
Get Secure! - www.microsoft.com/security

=====================================================
When responding to posts, please "Reply to Group" via
your newsreader so that others may learn and benefit
from your issue.
=====================================================

This posting is provided "AS IS" with no warranties, and confers no rights.

 

[Peter W. Merner]

Thanks Darren, it sure looked like a winner but, alas, no cigar. I did run
secedit with the trailer keys indicated in KB313222 and observed that it ran
to completion with errors. Checked the log file and found a couple
references to files not existing that had references in the registry. But
when I opened the services applet I found the same story as before. Anything
depending on RPC had not started and the RPC service itself failed to start
with an Error 5: Permission denied report.

Other things that are peculiar are (a) the task bar is not visible and
hitting the "Windows" key on the keyboard has no effect. Have to run
programs from desktop icons or from Explorer, (b) in the Event Viewer there
are a lot of error messages but double clicking on them produces no result
and (c) when I check permissions in the %windir% folder I find most of the
same permissions that I observed before.

Perhaps it would be helpful if you could tell me which registry keys and
which files/folders the RPC service needs permission to to run.

Here are some things to try. Please let me know your results.

How To Reset Security Settings Back to the Defaults
http://support.microsoft.com/default.aspx?scid=KB;EN-US;313222

How to remove Windows XP Service Pack 2 from your computer (875350)
http://support.microsoft.com/default.aspx?scid=KB;EN-US;875350

OR

If you want to remove SP2, please take the following steps:
---------------------------------
1. Restart your computer and start pressing the F8 key on your keyboard.
2. When the Windows Advanced Options menu appears, select Safe Mode, and then press Enter.
3. Log onto Windows by using the Administrator account and password.
4. Click Start, click Run, type %SystemRoot%\System32\restore\rstrui.exe

in the Open box, and then click OK.

5. Click Restore my computer to an earlier time, and then click Next.
6. Click the date that you installed Windows XP SP2, and then click

Installed Window XP Service Pack 2 in the Restore Point box.

7. Click Next, and then follow the instructions on the screen to remove Windows XP SP2.
8. Start Regedit
9. Change HKLM\System\Current Control Set\Services\RPCSS, "ObjectName" value to "LocalSystem".
10. Reboot the computer

Check this Key:
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\RPC\RestrictRemoteClients set

it to 0 to disable the restriction.

 

[Darren Curtis]

Hi Peter

Since about 44 services depend on the RPC service, it's no wonder you are having problems.

After doing quite a bit of research this morning on previous cases I wanted to forward you what worked for others .

1. Added the "Network Service" account to the security permissions to c:\Winnt\System32\rpcss.dll
2. Started the service and rebooted. Everything came back to normal.

Prevention of the error before applying XPSP2

1. Changed the permissions on c:\Winnt\System32\rpcss.dll to add Users (workstation_name\User) with Read & Execute and Read
permissions.
2. Then ran the upgrade only to XP SP2. It successfully upgraded the PC.

Another Case, in which RPC was not starting.

1. Navigate to C:\Windows\system32 and right-click svchost.exe, choose Properties.
2. Click the Security tab. Add the Users group and allow Read, and Read and Execute (R,RX).
3. Reboot and log on.

These fixes were found after running the Sysinternal's free Filemon utility right before attempting to start the RPC Service.
http://www.sysinternals.com/ntw2k/source/filemon.shtml

The resulting log file showed "Access Denied" on the files listed above.

Additionally, I found a MS webpage that has some scripts available to reset both RPC and other core OS settings in
the Application Compatibility Script application below. I'm not sure how adept you are at scripting...I suck!

http://www.microsoft.com/downloads/...CF-2DEE-4772-ADD9-AD0EAF89C4A7&displaylang=en


Best Regards,
Darren Curtis, MCSE
Microsoft Enterprise Support Engineer
Get Secure! - www.microsoft.com/security

=====================================================
When responding to posts, please "Reply to Group" via
your newsreader so that others may learn and benefit
from your issue.
=====================================================

This posting is provided "AS IS" with no warranties, and confers no rights.

 

[Peter W. Merner]

Thanks again Darren. I went to rpcss.dll and did the right click/security
thing and then searched for local users and groups but did not find one with
the name "Network Service" the closest thing was "Network Configuration
Operators" and also simply "Network". I added both to the security
permissions with Read and Read and Execute priviledges. No joy. Then went to
srvhost.exe and added the local user account with Read and Read and Execute
priviledges. Again no joy. I do have an image file for this machine but it
goes all the way back to April 2004. Think I will try to apply sp2 again
from the MSDN CD and see what flies.

Hi Peter

Since about 44 services depend on the RPC service, it's no wonder you are having problems.

After doing quite a bit of research this morning on previous cases I

wanted to forward you what worked for others .

1. Added the "Network Service" account to the security permissions to c:\Winnt\System32\rpcss.dll
2. Started the service and rebooted. Everything came back to normal.

Prevention of the error before applying XPSP2

1. Changed the permissions on c:\Winnt\System32\rpcss.dll to add Users

(workstation_name\User) with Read & Execute and Read

permissions.
2. Then ran the upgrade only to XP SP2. It successfully upgraded the PC.

Another Case, in which RPC was not starting.

1. Navigate to C:\Windows\system32 and right-click svchost.exe, choose Properties.
2. Click the Security tab. Add the Users group and allow Read, and Read and Execute (R,RX).
3. Reboot and log on.

These fixes were found after running the Sysinternal's free Filemon

utility right before attempting to start the RPC Service.

http://www.sysinternals.com/ntw2k/source/filemon.shtml

The resulting log file showed "Access Denied" on the files listed above.

Additionally, I found a MS webpage that has some scripts available to

reset both RPC and other core OS settings in

the Application Compatibility Script application below. I'm not sure how

adept you are at scripting...I suck!

 

[Peter W. Merner]

Oh dear! Turns out that the sp2 install fails if the RPC service is not
running. Any other suggestions before I trash the existing instance of XP?

 

[Darren Curtis]

Hi Peter

If you are about to blow the box away, I would try the Everyone "Full Control" permisson on rpcss.dll. For that matter you could open the
permissions on the entire System32 folder.

You could try the filemon utility, have it running, and try starting the RPC Service and see what the log says.

If you want to uninstall SP2, you could go into the Recovery Console and run the BATCH spuninst.txt in the C:\WINDOWS
\$NtServicePackUninstall$\spuninst directory. The article I sent you in a previous email discusses this method.

There is the XP "Repair" option, installing XP on top of itself, it would take it back to the version on the CD.

I'm not sure how much patience you have left.

Best of Luck

Best Regards,
Darren Curtis, MCSE
Microsoft Enterprise Support Engineer
Get Secure! - www.microsoft.com/security

=====================================================
When responding to posts, please "Reply to Group" via
your newsreader so that others may learn and benefit
from your issue.
=====================================================

This posting is provided "AS IS" with no warranties, and confers no rights.

 

[Peter W. Merner]

Aaaaahhhhh, the Everyone thing on the System32 folder did the job. There
were some errors logged in the event logs that indicated that a SideBySide
service failed to start for a permissions denied error. Overall though, the
system is terribly slow, a bunch of things must be wrong at this point, and
I will only continue the "repair" operation further for the purpose of
generating a post mortem. The AMD box runs way too hot anyway and probably
has only a very limited lifetime from here. No real harm done. Thanks so
much for the care and concern.

Hi Peter

If you are about to blow the box away, I would try the Everyone "Full

Control" permisson on rpcss.dll. For that matter you could open the

permissions on the entire System32 folder.

You could try the filemon utility, have it running, and try starting the

RPC Service and see what the log says.

If you want to uninstall SP2, you could go into the Recovery Console and

run the BATCH spuninst.txt in the C:\WINDOWS

\$NtServicePackUninstall$\spuninst directory. The article I sent you in a

previous email discusses this method.

There is the XP "Repair" option, installing XP on top of itself, it would

take it back to the version on the CD.