I have leased a Windows Web Server 2008 x64 machine (AMD). Normally I have access via RDP but since the latest Windows Update the machine seems not to complete boot anymore and I don't have access to it (neither RDP nor HTTP).
I can ping the machine successfully but there is no one listening on port 80 or RDP.
A Nmap to the machine results only in very few ports listening:
Starting Nmap 6.00 ( http://nmap.org ) at 2012-06-13 21:39 Mitteleuropäische Sommerzeit
Nmap scan report for xxxxx.server4you.de (80.86.xxx.xxx)
Host is up (0.033s latency).
Not shown: 993 closed ports
PORT STATE SERVICE
135/tcp filtered msrpc
139/tcp filtered netbios-ssn
445/tcp filtered microsoft-ds
1025/tcp open NFS-or-IIS
1026/tcp open LSA-or-nterm
1027/tcp open IIS
1028/tcp open unknown
Nmap done: 1 IP address (1 host up) scanned in 16.88 seconds
I have access to a kind of recovery console - a Windows XP 64bit system with access to the hard disk of my faulty web server.
At first sight on the hd everything seems to be ok - even the bootrecord entries don't look suspicious. Also the pagefile.sys has an actual modified file date after the update.
Since I have access to the hard disk of my faulty machine the hotline people gave me advise to connect to the registry of my web server and look for possible enabled firewall:
- Execute > regedit
- Click on "HKEY_LOCAL_MACHINE"
- Click on "Load Hive" in "File" menu
- Select the file -> C:\Windows\system32\config\SYSTEM
- Give a temporary name (i.e. "RegTemp")
- Click "OK" to load the file
- The tree of the registry is now accessible under "HKEY_LOCAL_MACHINE\RegTemp"
- Open HKEY_LOCAL_MACHINE\RegTemp\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\
- In the folder "PublicProfile" and "StandardProfile" set the values of "EnableFirewall" and "DoNotAllowExceptions" to 0
- Click on "RegTemp" again
- Click on "Unload Hive" in "File" menu
- Close regedit and reboot to system
Unfortunately this didn't work.
I'm a little bit stuck since I'm more a software developer and less administrator. But if someone gives me a hint in the right direction I'm not scared digging deeper to the registry or anywhere in the system.
Maybe it would already help to enable boot logging but I don't have an idea to enable it without access to the repair console... (and with a Windows XP x64 I don't have a clue to modify a Windows Server 2008 x64 bootrecord).