Excellent. I'm going to bet that my particular problem may be influenced by the fact that all of these servers are on a public network and have firewalls running. ALL of them. This patch probably blocks a port that I don't have open except between domain controllers within the subnet - just a suspicion, since several sites have reported no problem with the patch, and I remember how much work it took to get AD replication working through the firewalls years ago. It even blocks remote desktop or terminal server connections, after most remote server reboots. This has been passed up to our premier support rep at Microsoft, so I may get an answer at some point telling me what ports to open after applying it.
Christopher Strauss, Ph.D. Call Tracking Administration Manager University of North Texas Computing & IT Center http://itsm.unt.edu/ -----Original Message----- From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of Andrew C Goodall Sent: Friday, April 15, 2011 10:58 AM To: arslist@ARSLIST.ORG Subject: Re: WARNING on Microsoft MS11-030 KB2509553 Thanks for the heads up - we just verified and that patch did not affect our test ar servers from communicating with our remote sql db clusters. ARS 7.5 patch 4 SQL 2005 Regards, Andrew Goodall Software Engineer 2 | Development Services | jcpenney . www.jcp.com -----Original Message----- From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of strauss Sent: Thursday, April 14, 2011 10:49 AM To: arslist@ARSLIST.ORG Subject: WARNING on Microsoft MS11-030 KB2509553 After applying this patch to my Reference Server for the 7.6.04 upgrade: Windows 2003 R2 x64 with ARS 7.1.00.003 CMDB 2.1.00.02 and ITSM 7.0.03.009 etc., SQL Server 2005 on remote server), the AR Service immediately and absolutely refuses to start. On reboot from the security patches (there were 15 total) the AR Server would not start automatically, and all subsequent attempts to start it manually saw the armonitor start, then crash. While troubleshooting with BMC support, it could not even be started from the command line. Removing the KB2509553 security update and rebooting solved the problem immediately, with the ARS service starting normally. The only other AR server that I had applied this patch (and all of the others) to was the Staging Server (Windows 2003 R2 x64 with ARS 7.6.04 CMDB 2.1.00.02 and ITSM 7.0.03.009 etc.), and it has a local SQL Server hosting the db so it was not affected. Note that on the problem AR Server, it was still possible to run the SQL Server Management Studio client (2008) and connect to the remote db normally, even though the ARS service could not. Security Bulletin MS11-030 KB2509553 is a Critical patch for a vulnerability in DNS resolution that could allow remote code execution; it slammed the door shut on something that ARS depends on. Until BMC comes up with a solution for this, I will not be applying this patch to any other AR Server, especially my 7.1 production system with a remote db. Christopher Strauss, Ph.D. Call Tracking Administration Manager University of North Texas Computing & IT Center http://itsm.unt.edu/ ________________________________________________________________________ _______ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug11 www.wwrug.com ARSList: "Where the Answers Are" The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. If the reader of this message is not the intended recipient, you are hereby notified that your access is unauthorized, and any review, dissemination, distribution or copying of this message including any attachments is strictly prohibited. If you are not the intended recipient, please contact the sender and delete the material from any computer. _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug11 www.wwrug.com ARSList: "Where the Answers Are" _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug11 www.wwrug.com ARSList: "Where the Answers Are"