IP addr disabled.

From: Sailesh Gupta (anonymous_at_discussions.microsoft.com)
Date: 09/09/04

• Next message: Mark Renoden [MSFT]: "Re: Local machine - DNS issues?"
• Previous message: Ed: "Re: Can not enable ICS"
• Messages sorted by: [ date ] [ thread ]

Date: Thu, 9 Sep 2004 14:44:17 -0700

Hi,

One administrator this morning made a small mistake, and
misconfigured a
TCP/IP stack on a server. There was a critical NT service
using the ip addr
entered by mistake, and of course NT detected the IP
conflict, and disabled
the conflicting address.

The result was:
    - A server running with a wrong ip address (no error
message at all)
    - One service on a production server (NT4-SP3 with hot-
fixes) not
running anymore (with a console msg about the ip conflict)

I would have prefered that the production server (which
had been running
without a reboot for several monthes) did not disable his
IP address. One
other problem is that I did not find a way to re-enable
the address: I had
to reboot the whole server !

I asked on several NT lists, but no-one could give me a
registry parameter
or something, that could prevent NT from disabling his own
ip address in
case of conflict.

I know this is a feature, and not a bug, but I just want
to let you know
that anyone with local admin right on any ip device (even
a JetDirect
printer), can disable a critical NT production server
which would be on the
same physical LAN, just by making a mistake on a few ip
parameters locally,
and without knowing it.

I know you cannot prevent an administrator from
configuring a wrong IP, and
that this will always lead to a conflict. (Except with
special switches
where IP addr can be authorized on ports, but I don't have
these). The real
problem is that as the server disables his address, the
new node works
properly, and the administrator doesn't even see he made a
mistake. Second
real problem: once this mistake is done, the only way I
found to re-enable
the addr is to reboot.

• Next message: Mark Renoden [MSFT]: "Re: Local machine - DNS issues?"
• Previous message: Ed: "Re: Can not enable ICS"
• Messages sorted by: [ date ] [ thread ]

Relevant Pages Re: Offline Files ... I have disabled the realtime antivirus on the vista machine and on the SBS server, with no difference to the issue. ... "Windows Small Business Server 2003: Windows Vista and Outlook 2007 compatibility update" is already installed on the SBS server. ... I have also seen *.txt, *.rdp, *.lnk and others in conflict. ... (microsoft.public.windows.server.sbs) Re: Conflict Resolution ... What you are describing does not sound like conflict resolution gone bad. ... At next sync they would all be gone, as that is syncing the fact you deleted them. ... I guess I got spoiled with the pure palm solution. ... > from the exchange server and delete them while outlook is up and> running. ... (microsoft.public.pocketpc.activesync) Re: GPO error no appropriate rights ... > message when you try to edit a GPO while logged on as the system admin. ... Install the Windows Small Business Server 2003 Update for Windows XP ... > from disabling the ISA Firewall client. ... (microsoft.public.windows.server.sbs) Re: Administrator account hijacked? ... Disabling NDR on Exchange 2003 ... Non-delivery reports have a very legitimate purpose and are used to ... global white lists defined by mail server administrators. ... have been sent from the Administrator account in the past two ... (microsoft.public.windows.server.sbs) Re: Merge Replication - Inventory Conflct Resolver ... Conflict resolver is used to resolve conflicts. ... Looking for a SQL Server replication book? ... (microsoft.public.sqlserver.replication)

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint