I did the following on my gateway, running R55. They also said it can be fixed with a SmartDefense update, which I had not done yet.
RE: Cannot Login from Windows 2003 Server >From the sk article: On the SmartCenter Server - 1) Close all GUI client sessions 2) Run cpstop 3) Back up "$FWDIR/lib/dcerpc.def" or "%FWDIR%\lib\dcerpc.def" file to a location outside of the $FWDIR directory 4) Edit "$FWDIR/lib/dcerpc.def" or "%FWDIR%\lib\dcerpc.def" file with a text editor (ie. editor or vi) 5) Modify the following line: #define NO_ENFORCE_CNTX_NUM 0 After modification: #define NO_ENFORCE_CNTX_NUM 1 6) Save changes and exit 7) Run cpstart to start all firewall services 8) Log in to SmartDashboard. 9) Install the Security Policy. Derek O'Flynn -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of Warrington Bruce - bwarri Sent: Wednesday, July 13, 2005 11:36 PM To: [email protected] Subject: Re: [FW-1] Windows 2003 SP1 Problems I ran into the same problem, and applying the Checkpoint solution in SK30784 did exactly nothing for me as well. Next step is to check out the MS-KB article 899148: http://support.microsoft.com/default.aspx?scid=kb;en-us;899148 The work around was applied to the server itself (sort of like defeating that part of the sp1 upgrade), and had some success with the server. On another 2003 server though, it didn't work (don't know what the server admin did or didn't do differently between them), so he wound up trying to back out the sp1 upgrade before he got it working. If you find a better solution or a real fix from Checkpoint (besides a full upgrade to the next version ;-) let us know what you did. Bruce Warrington -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of Tony Pombo Sent: Wednesday, July 13, 2005 19:53 To: [email protected] Subject: [FW-1] Windows 2003 SP1 Problems I am having trouble with Firewall-1's SmartDefense dropping Windows 2003 SP1 RPC traffic. I followed the instructions in SK30784, but it didn't help. I had to set MS-RPC to monitor only to workaround it. The SmartCenter server is R55 with the R55W Management Pack on SPLAT, and the enforcement modules are Nokia IP650 with IPSO 3.7.1 and R55W. Also: We have three gateways in a mesh VPN configuration, and I installed a new 2K3Sp1 server in a site without a local domain controller. Although it joined the domain, I can't logon with a domain account. The event log records that it cannot retrieve the account information from a domain controller. The firewalls are not logging any drops or rejects. The domain controller doesn't log anything. Any ideas? ----------------------------------------------- Tony Pombo Systems and Security Architect Edict Systems, Inc. 937-429-4288 x279 [EMAIL PROTECTED] ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ********************************************************************** The information contained in this communication is confidential, is intended only for the use of the recipient named above, and may be legally privileged. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this communication in error, please re-send this communication to the sender and delete the original message or any copy of it from your computer system. Thank You. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
