0
0
After applying the MS12-020 fix this morning (as it seemed a real big issue) I'm not able to remote connect to the server anymore. The RDP client timeouts and nothing is logged on the server.
Ignacio Soler Garcia
Posted 2012-03-19T10:02:37.647
Reputation: 1 729
1
Since the binary file is modified, it might be Windows Firewall not catching up with the new checksum, or the AV sandboxing perceived a backdoor on your system.
MS12-20 also changes RDP registry, thus you might need to redo your configuration anew.
ZaB
Posted 2012-03-19T10:02:37.647
Reputation: 2 365
I will check these things. ANyway I expected to find lots of people with the same problem but looks like I'm alone with this. – Ignacio Soler Garcia – 2012-03-19T11:12:35.157
Looking at my server the RDP port 3389 is not opened. The Terminal Services service is started and running. – Ignacio Soler Garcia – 2012-03-19T13:45:06.870
Anything in antivirus logs about quarantine and sandbox of possible trojan (or exclude terminal server executable from antivirus processing) – ZaB – 2012-03-19T14:06:43.103
I don't have an antivius installed. – Ignacio Soler Garcia – 2012-03-19T14:13:15.540
so dig the log for windows firewall events. – ZaB – 2012-03-19T15:42:18.803
Even the port is not openend on the server (checked with netstat -ano) :? Nothing loged on the firewall as the port is not opened. – Ignacio Soler Garcia – 2012-03-19T16:15:11.117
run tsadmin, change some config parameter, exit, then change it back. then go to services and restart terminal service. may help to fix registry. – ZaB – 2012-03-19T18:54:46.853
1
In the end it was related with the remote server being virtualized by Parallels Virtuozo. Looks like you cannot update the system without updating the host first.
That's all I can say 'cos the details are only known by my virtual server provider.
Ignacio Soler Garcia
Posted 2012-03-19T10:02:37.647
Reputation: 1 729
1For future reference, you really should have mentioned that it wasn't a conventional Windows install. Virtuozo subverts the operating system in a way that seems likely to lead to all sorts of problems, including this one. (I presume it works well when used as designed, but it's not really Windows.) – Harry Johnston – 2012-03-20T22:41:45.417
I agree, but I was not aware of this. I'm just renting a virtual server. – Ignacio Soler Garcia – 2012-03-21T09:55:08.737
First step would be to get alternative access to the machine ASAP. – Der Hochstapler – 2012-03-19T10:05:26.427
I already have it, of course. But thanks anyway. – Ignacio Soler Garcia – 2012-03-19T10:18:39.170
Have you rebooted? – Harry Johnston – 2012-03-20T03:06:38.373
Lol, for sure that I did. But good remainder anyway. – Ignacio Soler Garcia – 2012-03-20T12:09:53.220