3

I have leased a Windows Web Server 2008 x64 machine (AMD). Normally I have access via RDP but since the latest Windows Update the machine seems not to complete boot anymore and I don't have access to it (neither RDP nor HTTP).

I can ping the machine successfully but there is no one listening on port 80 or RDP.

A Nmap to the machine results only in very few ports listening:

Starting Nmap 6.00 ( http://nmap.org ) at 2012-06-13 21:39 Mitteleuropäische Sommerzeit

Nmap scan report for xxxxx.server4you.de (80.86.xxx.xxx)
Host is up (0.033s latency).
Not shown: 993 closed ports
PORT     STATE    SERVICE
135/tcp  filtered msrpc
139/tcp  filtered netbios-ssn
445/tcp  filtered microsoft-ds
1025/tcp open     NFS-or-IIS
1026/tcp open     LSA-or-nterm
1027/tcp open     IIS
1028/tcp open     unknown

Nmap done: 1 IP address (1 host up) scanned in 16.88 seconds

I have access to a kind of recovery console - a Windows XP 64bit system with access to the hard disk of my faulty web server.

At first sight on the hd everything seems to be ok - even the bootrecord entries don't look suspicious. Also the pagefile.sys has an actual modified file date after the update.

Since I have access to the hard disk of my faulty machine the hotline people gave me advise to connect to the registry of my web server and look for possible enabled firewall:

  1. Execute > regedit
  2. Click on "HKEY_LOCAL_MACHINE"
  3. Click on "Load Hive" in "File" menu
  4. Select the file -> C:\Windows\system32\config\SYSTEM
  5. Give a temporary name (i.e. "RegTemp")
  6. Click "OK" to load the file
  7. The tree of the registry is now accessible under "HKEY_LOCAL_MACHINE\RegTemp"
  8. Open HKEY_LOCAL_MACHINE\RegTemp\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\
  9. In the folder "PublicProfile" and "StandardProfile" set the values of "EnableFirewall" and "DoNotAllowExceptions" to 0
  10. Click on "RegTemp" again
  11. Click on "Unload Hive" in "File" menu
  12. Close regedit and reboot to system

Unfortunately this didn't work.

I'm a little bit stuck since I'm more a software developer and less administrator. But if someone gives me a hint in the right direction I'm not scared digging deeper to the registry or anywhere in the system.

Maybe it would already help to enable boot logging but I don't have an idea to enable it without access to the repair console... (and with a Windows XP x64 I don't have a clue to modify a Windows Server 2008 x64 bootrecord).

Wesley
  • 32,320
  • 9
  • 80
  • 116
  • Possible duplicate: http://serverfault.com/questions/398359/no-rdp-after-server-2008-r2-sp1-install – uSlackr Jun 13 '12 at 22:39
  • This problem doesn't solely belong to RDP - as you can see in the nmap dump even the IIS (it's a web server ) doesn't listen on port 80... – Bob Vagtler Jun 13 '12 at 22:44

1 Answers1

1

A lot of people have had that issue with Server 2008 and SP1 disabling/breaking RDP access. One of the updates after SP1 corrects the issue, so if you have console access or another way to remote in, you can keep applying updates until it works again.

Failing that, you can try using WMI to uninstall some of the possible culprits. Hotfix KB2667402 is often the cause, so you could try:

If you want to uninstall hotfix KB2667402 remotely (via WMI) try:

wmic /node:<SERVER> /user:<USER> process call create "powershell wusa /uninstall /kb:2667402 /quiet /forcerestart"

If that doesn't work, well there's a lot of material out there, as this is a pretty common problem - throw "server 2008 sp1 rdp" into Google and you'll get a whole bunch of results back with other possible solutions. Installing the remaining updates or uninstalling KB2667402 remotely are the only ones I've personally seen work, though.

HopelessN00b
  • 53,385
  • 32
  • 133
  • 208
  • To clarify that: I don't have any remote access to the running web server. The Windows XP x64 "recovery console" can be started *instead* of my Windows Server 2008 x64... – Bob Vagtler Jun 13 '12 at 22:46
  • Try booting it up "normally," rather than the recovery console, wait a few minutes, and then use the WMI command I posted above. Of course, I suppose it's possible that SP1 failed to install properly, in which case you'll probably have to get someone on site to reinstall Windows. :( – HopelessN00b Jun 13 '12 at 23:08
  • Thanks for the help but this just gives me a `rpc server is not available`. Bummer :( Seems like I have to reinstall windows (i can recover a clean windows remotely and I have daily backups but I hoped I could avoid it). – Bob Vagtler Jun 14 '12 at 05:13