Re: /remote desktop control suddenly broken - critical

From: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] (sbradcpa_at_pacbell.net)
Date: 01/22/05

• Next message: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]: "Re: /remote desktop control suddenly broken - critical"
• Previous message: Jack Ping: "Re: URGENT!! RWW does not work in hotel"
• In reply to: Rob Pettrey: "/remote desktop control suddenly broken - critical"
• Next in thread: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]: "Re: /remote desktop control suddenly broken - critical"
• Reply: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]: "Re: /remote desktop control suddenly broken - critical"
• Reply: Rob Pettrey: "Re: /remote desktop control suddenly broken - critical"
• Messages sorted by: [ date ] [ thread ]

Date: Fri, 21 Jan 2005 18:27:13 -0800

What in the world are "pop ups" doing on the server? Let's first
analyze that statement.. What pop ups? The IE is locked down so there
should be no "pop ups"

What else is going on in this server?

In the meantime...try rerunning the CEICW [connect to internet].

Rob Pettrey wrote:
> SBS 2003 premium new install, using SQL but not ISA. Cable to linksys WRT54G
> wireless cable router to outside nic, inside nic to switch to inside.
>
> Everything working flawlessly perfect until Wednesday night.
>
> Windows update wanted an update, so I updated and rebooted. Thursday morning
> I noticed pop-ups on the server, so I thought I would try the new Microsoft
> Anti-spyware product. I installed it, ran it, thought better of it, and
> de-installed it.
>
> Thursday afternoon one of the users called to say he couldn't remote control
> his pc. I started troubleshooting, and discovered a process camping on 4125
> using netstat.
>
> netstat -aon | find ":4125"
>
> there were two lines. I didn't document it, but from my memory there were
> two lines that kind of looked like this:
>
> TCP 192.168.16.2:1025 xxx.xxx.xxx.xxx:4125 ESTABLISHED 612
> TCP 192.168.16.2:4125 xxx.xxx.xxx.xxx:1025 ESTABLISHED 612
>
> I'm sure about the port numbers, and pretty sure that the first IP was the
> internal NIC, not sure about the second IP.
>
> The process ID matched lsass.exe. I saw some postings about this possibly
> being a virus, so I went to trendmicro and ran an interactive scan and came
> up clean. I also RDP'ed into another SBS install and compared lsass.exe and
> both machines had the same file size.
>
> I coundn't restart lsass, so I rebooted the server. When I rebooted, I could
> /remote and then connect to a client desktop - several times - for about 15
> minutes. At the same time, I RDP'ed into the server and did a netstat and got
>
> netstat -aon | find ":4125"
>
> TCP 192.168.1.2:3468 xxx.xxx.xxx.xxx:4125 TIME_WAIT 0
>
> which looked like a remote client coming in. When I logged off /remote, it
> went away.
>
> After that, I got nothing on netstat, but couldn't connect again to any
> desktop and got this message:
>
> The client could not connect to the remote computer. Remote connections
> might not be enabled or the computer might be too busy to accept new
> connections. It
> is also possible that network problems are preventing your connection.
> Please try connecting again later. If the problem continues to occur, contact
> your
> administrator.
>
> I rebooted again, and now have no remote control - tried multiple pc's,
> multiple administrative users. Everything else works except remote control. I
> can still RDP to the server and connect to a client pc from the inside, just
> not via /remote.
>
> I'm absolutely sick. The only things that changed:
> - windows update
> - installing / uninstalling ms anti-spyware
> - new remote user trying to connect
>
> I am clueless. I sold SBS 2003 to this client based on their need for remote
> control, and now it's broke, and they use remote control every day.
>
> Rob Pettrey

• Next message: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]: "Re: /remote desktop control suddenly broken - critical"
• Previous message: Jack Ping: "Re: URGENT!! RWW does not work in hotel"
• In reply to: Rob Pettrey: "/remote desktop control suddenly broken - critical"
• Next in thread: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]: "Re: /remote desktop control suddenly broken - critical"
• Reply: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]: "Re: /remote desktop control suddenly broken - critical"
• Reply: Rob Pettrey: "Re: /remote desktop control suddenly broken - critical"
• Messages sorted by: [ date ] [ thread ]

Relevant Pages Re: /remote desktop control suddenly broken - critical ... Les Connor [SBS Community Member - SBS MVP] ... >> I was working at the server Thursday, and one solitary pop up ad ... >> remote access wizards, and patched until I am blue in the face. ... >>>What in the world are "pop ups" doing on the server? ... (microsoft.public.windows.server.sbs) Re: Terminal Services Remote Control ... You don't need the Remote Desktop Client on the server, ... how do I get Remote Control ... (microsoft.public.win2000.termserv.apps) Re: Terminal Services Remote Control ... I have now seen someone elses server and it has a Remote Control ... Client in the Communications folder under Accessories. ... (microsoft.public.win2000.termserv.apps) Re: Remote Control in Windows Server 2003 Enterprise Edition ... That's the method to connect to another terminal Server. ... click on a session and choose "Remote Control" in the ... (microsoft.public.windows.terminal_services) remote admin of Exchange 2k from a Win XP desktop. ... My question is about remote admin of an Exchange 2000 server from a Windows ... I have configured this user to allow remote control. ... (microsoft.public.win2000.security)

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint