Re: WARNING on Microsoft MS11-030 KB2509553
Chris, Earlier this week, I came across this problem, but it wasn't with the particular MS Patch that you mention. I wanted to send out a note to the community notifying them of the eventual 'fix' that BMC provided to me on this scenario. I had all of the same symptoms, armonitor wouldn't start, no matter how I tried it. When starting it from services, it would try to write to an armonitor.log in the syswow folder, etc. The eventual fix that BMC came back with was to modify the 'Image Path' of the service to not include marks. The install path was C:\Program Files\BMC Software\ARSystem\armonitor.exe they just had me take the out, and everything started up fine. The best I can come up with regarding the 'reason' for this is that in x64 based systems, MS implements file system redirect to get you to the correct version of the file you are looking for...if you are a 32 bit app, and try to access various folders, you are redirected to the syswow64 folder instead. Based on the 'fix' provided, it seems that at times, MS implements a change in some process that causes the at the beginning of the image path to be misunderstood and makes c:\windows\syswow64 the 'root' of the process instead of the intended folder, which of course makes it not work because the files don't exist there. On Wed, Jun 1, 2011 at 12:48 PM, strauss stra...@unt.edu wrote: Remove Microsoft KB2509553. I have reproduced this on three 7.1 servers, and the only fix is to take the security update back off. On at least one of those, after upgrading it to 7.6.04 and adding the patch back on individually, it no longer stopped the AR service from starting, but BMC Support tells me they have had reports from most supported and older versions. I have had an issue open with Microsoft since mid-April, and they had several others from ARS 7.1 sites, so it is definitely a problem. ** ** Christopher Strauss, Ph.D. Call Tracking Administration Manager University of North Texas Computing IT Center http://itsm.unt.edu/ *From:* Action Request System discussion list(ARSList) [mailto: arslist@ARSLIST.ORG] *On Behalf Of *Jon Gee *Sent:* Wednesday, June 01, 2011 12:59 PM *To:* arslist@ARSLIST.ORG *Subject:* Re: WARNING on Microsoft MS11-030 KB2509553 ** ** ** Hello, Our Dev , and test box is working after the patch , but the *ARS Service will not start*. Does anyone have a fix for this? *You can sell and practice theory but, life in reality, has unexpected challenges that require decision and executions that were not covered in your lessons*. *by Jon Gee* ** ** *From:* Joe Martin D'Souza jdso...@shyle.net *To:* arslist@ARSLIST.ORG *Sent:* Thursday, April 14, 2011 4:03 PM *Subject:* Re: WARNING on Microsoft MS11-030 KB2509553 ** That’s always a bad idea walking into the unknown even if there were no known issues. You never know because of the uniqueness of your environment, you may be the first to find out an issue. Its never a good idea to alter the production without testing it on at least one other non critical environment such as a test followed by dev or acceptance.. Joe *From:* pascale.sterr...@daimler.com *Sent:* Thursday, April 14, 2011 1:52 PM *Newsgroups:* public.remedy.arsystem.general *To:* arslist@ARSLIST.ORG *Subject:* Re: WARNING on Microsoft MS11-030 KB2509553 yes that is exactly what I am saying, They were about to apply that specific patch to ALL our environments at once. Including dev , test and Prod.They are now only going to patch our dev so we can validate. And from now on will test first on our dev environment. So a HUGE thanks to Chris. I did not know that they were not patching dev first. So that was a possible close call.Pascale *jdso...@shyle.net* Sent by: arslist@ARSLIST.ORG 04/14/2011 10:48 AM Please respond to arslist@ARSLIST.ORG To arslist@ARSLIST.ORG cc Subject Re: WARNING on Microsoft MS11-030 KB2509553 ** ** ** You aren’t saying that your team was about to patch the production server without applying it to a sandbox or development or test environment right? I do not see the harm in applying it to a test or development environment even if it has been reported to not be working ‘out of the box’ – depending on what the error really is, it may be possible to tweak it to get it to work.. Joe *From:* pascale.sterr...@daimler.com*Sent:*Thursday, April 14, 2011 1:42 PM *Newsgroups:* public.remedy.arsystem.general*To:* arslist@ARSLIST.ORG* Subject:* Re: WARNING on Microsoft MS11-030 KB2509553 ** Chris, My server team was about to install that patch next weekend. So thank you so much!! Just one clarification if you can. Do we need to prevent them from patching only the app server or also the MSSQL server? We do have a remote DB and they were going to patch
Re: WARNING on Microsoft MS11-030 KB2509553
I just checked our 64 bit 7.6.04 system (patch 003) and the image path does not have any quotes on it.. Any reason how it might have got there? Joe _ From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of LJ LongWing Sent: Thursday, September 05, 2013 3:25 PM To: arslist@ARSLIST.ORG Subject: Re: WARNING on Microsoft MS11-030 KB2509553 ** Chris, Earlier this week, I came across this problem, but it wasn't with the particular MS Patch that you mention. I wanted to send out a note to the community notifying them of the eventual 'fix' that BMC provided to me on this scenario. I had all of the same symptoms, armonitor wouldn't start, no matter how I tried it. When starting it from services, it would try to write to an armonitor.log in the syswow folder, etc. The eventual fix that BMC came back with was to modify the 'Image Path' of the service to not include marks. The install path was C:\Program Files\BMC Software\ARSystem\armonitor.exe they just had me take the out, and everything started up fine. The best I can come up with regarding the 'reason' for this is that in x64 based systems, MS implements file system redirect to get you to the correct version of the file you are looking for...if you are a 32 bit app, and try to access various folders, you are redirected to the syswow64 folder instead. Based on the 'fix' provided, it seems that at times, MS implements a change in some process that causes the at the beginning of the image path to be misunderstood and makes c:\windows\syswow64 the 'root' of the process instead of the intended folder, which of course makes it not work because the files don't exist there. On Wed, Jun 1, 2011 at 12:48 PM, strauss stra...@unt.edu wrote: Remove Microsoft KB2509553. I have reproduced this on three 7.1 servers, and the only fix is to take the security update back off. On at least one of those, after upgrading it to 7.6.04 and adding the patch back on individually, it no longer stopped the AR service from starting, but BMC Support tells me they have had reports from most supported and older versions. I have had an issue open with Microsoft since mid-April, and they had several others from ARS 7.1 sites, so it is definitely a problem. Christopher Strauss, Ph.D. Call Tracking Administration Manager University of North Texas Computing IT Center http://itsm.unt.edu/ From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of Jon Gee Sent: Wednesday, June 01, 2011 12:59 PM To: arslist@ARSLIST.ORG Subject: Re: WARNING on Microsoft MS11-030 KB2509553 ** Hello, Our Dev , and test box is working after the patch , but the ARS Service will not start. Does anyone have a fix for this? You can sell and practice theory but, life in reality, has unexpected challenges that require decision and executions that were not covered in your lessons. by Jon Gee From: Joe Martin D'Souza jdso...@shyle.net To: arslist@ARSLIST.ORG Sent: Thursday, April 14, 2011 4:03 PM Subject: Re: WARNING on Microsoft MS11-030 KB2509553 ** That's always a bad idea walking into the unknown even if there were no known issues. You never know because of the uniqueness of your environment, you may be the first to find out an issue. Its never a good idea to alter the production without testing it on at least one other non critical environment such as a test followed by dev or acceptance.. Joe From: pascale.sterr...@daimler.com Sent: Thursday, April 14, 2011 1:52 PM Newsgroups: public.remedy.arsystem.general To: arslist@ARSLIST.ORG Subject: Re: WARNING on Microsoft MS11-030 KB2509553 yes that is exactly what I am saying, They were about to apply that specific patch to ALL our environments at once. Including dev , test and Prod.They are now only going to patch our dev so we can validate. And from now on will test first on our dev environment. So a HUGE thanks to Chris. I did not know that they were not patching dev first. So that was a possible close call.Pascale jdso...@shyle.net Sent by: arslist@ARSLIST.ORG 04/14/2011 10:48 AM Please respond to arslist@ARSLIST.ORG To arslist@ARSLIST.ORG cc Subject Re: WARNING on Microsoft MS11-030 KB2509553 ** You aren't saying that your team was about to patch the production server without applying it to a sandbox or development or test environment right? I do not see the harm in applying it to a test or development environment even if it has been reported to not be working 'out of the box' - depending on what the error really is, it may be possible to tweak it to get it to work.. Joe From: pascale.sterrett@DAIMLER.COMSent: Thursday, April 14, 2011 1:42 PMNewsgroups: public.remedy.arsystem.generalTo: arslist@ARSLIST.ORGSubject: Re: WARNING on Microsoft MS11-030 KB2509553 ** Chris, My server team was about to install that patch next weekend. So thank you so much!! Just
Re: WARNING on Microsoft MS11-030 KB2509553
Added by the install On Thursday, September 5, 2013, Joe D'Souza jdso...@shyle.net wrote: ** I just checked our 64 bit 7.6.04 system (patch 003) and the image path does not have any quotes on it.. Any reason how it might have got there? Joe From: Action Request System discussion list(ARSList) [mailto: arslist@ARSLIST.ORG] On Behalf Of LJ LongWing Sent: Thursday, September 05, 2013 3:25 PM To: arslist@ARSLIST.ORG Subject: Re: WARNING on Microsoft MS11-030 KB2509553 ** Chris, Earlier this week, I came across this problem, but it wasn't with the particular MS Patch that you mention. I wanted to send out a note to the community notifying them of the eventual 'fix' that BMC provided to me on this scenario. I had all of the same symptoms, armonitor wouldn't start, no matter how I tried it. When starting it from services, it would try to write to an armonitor.log in the syswow folder, etc. The eventual fix that BMC came back with was to modify the 'Image Path' of the service to not include marks. The install path was C:\Program Files\BMC Software\ARSystem\armonitor.exe they just had me take the out, and everything started up fine. The best I can come up with regarding the 'reason' for this is that in x64 based systems, MS implements file system redirect to get you to the correct version of the file you are looking for...if you are a 32 bit app, and try to access various folders, you are redirected to the syswow64 folder instead. Based on the 'fix' provided, it seems that at times, MS implements a change in some process that causes the at the beginning of the image path to be misunderstood and makes c:\windows\syswow64 the 'root' of the process instead of the intended folder, which of course makes it not work because the files don't exist there. On Wed, Jun 1, 2011 at 12:48 PM, strauss stra...@unt.edu wrote: Remove Microsoft KB2509553. I have reproduced this on three 7.1 servers, and the only fix is to take the security update back off. On at least one of those, after upgrading it to 7.6.04 and adding the patch back on individually, it no longer stopped the AR service from starting, but BMC Support tells me they have had reports from most supported and older versions. I have had an issue open with Microsoft since mid-April, and they had several others from ARS 7.1 sites, so it is definitely a problem. Christopher Strauss, Ph.D. Call Tracking Administration Manager University of North Texas Computing IT Center http://itsm.unt.edu/ _ARSlist: Where the Answers Are and have been for 20 years_ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Where the Answers Are, and have been for 20 years
Re: WARNING on Microsoft MS11-030 KB2509553
I wonder the installer of one of the patches had a bug that did that.. Joe _ From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of Longwing, Lj Sent: Thursday, September 05, 2013 10:23 PM To: arslist@ARSLIST.ORG Subject: Re: WARNING on Microsoft MS11-030 KB2509553 ** Added by the install On Thursday, September 5, 2013, Joe D'Souza jdso...@shyle.net wrote: ** I just checked our 64 bit 7.6.04 system (patch 003) and the image path does not have any quotes on it.. Any reason how it might have got there? Joe From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of LJ LongWing Sent: Thursday, September 05, 2013 3:25 PM To: arslist@ARSLIST.ORG Subject: Re: WARNING on Microsoft MS11-030 KB2509553 ** Chris, Earlier this week, I came across this problem, but it wasn't with the particular MS Patch that you mention. I wanted to send out a note to the community notifying them of the eventual 'fix' that BMC provided to me on this scenario. I had all of the same symptoms, armonitor wouldn't start, no matter how I tried it. When starting it from services, it would try to write to an armonitor.log in the syswow folder, etc. The eventual fix that BMC came back with was to modify the 'Image Path' of the service to not include marks. The install path was C:\Program Files\BMC Software\ARSystem\armonitor.exe they just had me take the out, and everything started up fine. The best I can come up with regarding the 'reason' for this is that in x64 based systems, MS implements file system redirect to get you to the correct version of the file you are looking for...if you are a 32 bit app, and try to access various folders, you are redirected to the syswow64 folder instead. Based on the 'fix' provided, it seems that at times, MS implements a change in some process that causes the at the beginning of the image path to be misunderstood and makes c:\windows\syswow64 the 'root' of the process instead of the intended folder, which of course makes it not work because the files don't exist there. On Wed, Jun 1, 2011 at 12:48 PM, strauss stra...@unt.edu wrote: Remove Microsoft KB2509553. I have reproduced this on three 7.1 servers, and the only fix is to take the security update back off. On at least one of those, after upgrading it to 7.6.04 and adding the patch back on individually, it no longer stopped the AR service from starting, but BMC Support tells me they have had reports from most supported and older versions. I have had an issue open with Microsoft since mid-April, and they had several others from ARS 7.1 sites, so it is definitely a problem. Christopher Strauss, Ph.D. Call Tracking Administration Manager University of North Texas Computing IT Center http://itsm.unt.edu/ _ARSlist: Where the Answers Are and have been for 20 years_ _ARSlist: Where the Answers Are and have been for 20 years_ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Where the Answers Are, and have been for 20 years
Re: WARNING on Microsoft MS11-030 KB2509553
Hello, Our Dev , and test box is working after the patch , but the ARS Service will not start. Does anyone have a fix for this? You can sell and practice theory but, life in reality, has unexpected challenges that require decision and executions that were not covered in your lessons. by Jon Gee From: Joe Martin D'Souza jdso...@shyle.net To: arslist@ARSLIST.ORG Sent: Thursday, April 14, 2011 4:03 PM Subject: Re: WARNING on Microsoft MS11-030 KB2509553 ** That’s always a bad idea walking into the unknown even if there were no known issues. You never know because of the uniqueness of your environment, you may be the first to find out an issue. Its never a good idea to alter the production without testing it on at least one other non critical environment such as a test followed by dev or acceptance.. Joe From: pascale.sterr...@daimler.com Sent: Thursday, April 14, 2011 1:52 PM Newsgroups: public.remedy.arsystem.general To: arslist@ARSLIST.ORG Subject: Re: WARNING on Microsoft MS11-030 KB2509553 yes that is exactly what I am saying, They were about to apply that specific patch to ALL our environments at once. Including dev , test and Prod.They are now only going to patch our dev so we can validate. And from now on will test first on our dev environment. So a HUGE thanks to Chris. I did not know that they were not patching dev first. So that was a possible close call.Pascale jdso...@shyle.net Sent by: arslist@ARSLIST.ORG 04/14/2011 10:48 AM Please respond to arslist@ARSLIST.ORG To arslist@ARSLIST.ORG cc Subject Re: WARNING on Microsoft MS11-030 KB2509553 ** You aren’t saying that your team was about to patch the production server without applying it to a sandbox or development or test environment right? I do not see the harm in applying it to a test or development environment even if it has been reported to not be working ‘out of the box’ – depending on what the error really is, it may be possible to tweak it to get it to work.. Joe From: pascale.sterrett@DAIMLER.COMSent: Thursday, April 14, 2011 1:42 PMNewsgroups: public.remedy.arsystem.generalTo: arslist@ARSLIST.ORGSubject: Re: WARNING on Microsoft MS11-030 KB2509553 ** Chris, My server team was about to install that patch next weekend. So thank you so much!! Just one clarification if you can. Do we need to prevent them from patching only the app server or also the MSSQL server? We do have a remote DB and they were going to patch both the app servers and our db. Thank you, Pascale Sterrett Thanks for the heads up, we were planning on applying that patch this weekend. I will stop that right away. Christopher Pruitt Business Consulting III HP Enterprises Services christopher.pru...@hp.com www.hp.com Confidentiality Notice: This message and any files transmitted with it are intended for the sole use of the entity or individual to whom it is addressed, and may contain information that is confidential, privileged, and exempt from disclosure under applicable law. If you are not the intended addressee for this e-mail, you are hereby notified that any copying, distribution, or dissemination of this e-mail is strictly prohibited. If you have received this e-mail in error, please immediately destroy, erase, or discard this message. Please notify the sender immediately by return e-mail if you have received this e-mail by mistake. -Original Message- From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of strauss Sent: Thursday, April 14, 2011 10:49 AM To: arslist@ARSLIST.ORG Subject: WARNING on Microsoft MS11-030 KB2509553 After applying this patch to my Reference Server for the 7.6.04 upgrade: Windows 2003 R2 x64 with ARS 7.1.00.003 CMDB 2.1.00.02 and ITSM 7.0.03.009 etc., SQL Server 2005 on remote server), the AR Service immediately and absolutely refuses to start. On reboot from the security patches (there were 15 total) the AR Server would not start automatically, and all subsequent attempts to start it manually saw the armonitor start, then crash. While troubleshooting with BMC support, it could not even be started from the command line. Removing the KB2509553 security update and rebooting solved the problem immediately, with the ARS service starting normally. The only other AR server that I had applied this patch (and all of the others) to was the Staging Server (Windows 2003 R2 x64 with ARS 7.6.04 CMDB 2.1.00.02 and ITSM 7.0.03.009 etc.), and it has a local SQL Server hosting the db so it was not affected. Note that on the problem AR Server, it was still possible to run the SQL Server Management Studio client (2008) and connect to the remote db normally, even though the ARS service could not. Security Bulletin MS11-030 KB2509553 is a Critical patch for a vulnerability in DNS resolution that could allow remote code execution; it slammed the door shut on something that ARS depends on. Until BMC comes up
Re: WARNING on Microsoft MS11-030 KB2509553
Remove Microsoft KB2509553. I have reproduced this on three 7.1 servers, and the only fix is to take the security update back off. On at least one of those, after upgrading it to 7.6.04 and adding the patch back on individually, it no longer stopped the AR service from starting, but BMC Support tells me they have had reports from most supported and older versions. I have had an issue open with Microsoft since mid-April, and they had several others from ARS 7.1 sites, so it is definitely a problem. Christopher Strauss, Ph.D. Call Tracking Administration Manager University of North Texas Computing IT Center http://itsm.unt.edu/ From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of Jon Gee Sent: Wednesday, June 01, 2011 12:59 PM To: arslist@ARSLIST.ORG Subject: Re: WARNING on Microsoft MS11-030 KB2509553 ** Hello, Our Dev , and test box is working after the patch , but the ARS Service will not start. Does anyone have a fix for this? You can sell and practice theory but, life in reality, has unexpected challenges that require decision and executions that were not covered in your lessons. by Jon Gee From: Joe Martin D'Souza jdso...@shyle.net To: arslist@ARSLIST.ORG Sent: Thursday, April 14, 2011 4:03 PM Subject: Re: WARNING on Microsoft MS11-030 KB2509553 ** That’s always a bad idea walking into the unknown even if there were no known issues. You never know because of the uniqueness of your environment, you may be the first to find out an issue. Its never a good idea to alter the production without testing it on at least one other non critical environment such as a test followed by dev or acceptance.. Joe From: pascale.sterr...@daimler.commailto:pascale.sterr...@daimler.com Sent: Thursday, April 14, 2011 1:52 PM Newsgroups: public.remedy.arsystem.general To: arslist@ARSLIST.ORGmailto:arslist@ARSLIST.ORG Subject: Re: WARNING on Microsoft MS11-030 KB2509553 yes that is exactly what I am saying, They were about to apply that specific patch to ALL our environments at once. Including dev , test and Prod.They are now only going to patch our dev so we can validate. And from now on will test first on our dev environment. So a HUGE thanks to Chris. I did not know that they were not patching dev first. So that was a possible close call.Pascale jdso...@shyle.net Sent by: arslist@ARSLIST.ORG 04/14/2011 10:48 AM Please respond to arslist@ARSLIST.ORG To arslist@ARSLIST.ORG cc Subject Re: WARNING on Microsoft MS11-030 KB2509553 ** You aren’t saying that your team was about to patch the production server without applying it to a sandbox or development or test environment right? I do not see the harm in applying it to a test or development environment even if it has been reported to not be working ‘out of the box’ – depending on what the error really is, it may be possible to tweak it to get it to work.. Joe From: pascale.sterr...@daimler.commailto:pascale.sterr...@daimler.comSent: Thursday, April 14, 2011 1:42 PMNewsgroups: public.remedy.arsystem.generalTo: arslist@ARSLIST.ORGmailto:arslist@ARSLIST.ORGSubject: Re: WARNING on Microsoft MS11-030 KB2509553 ** Chris, My server team was about to install that patch next weekend. So thank you so much!! Just one clarification if you can. Do we need to prevent them from patching only the app server or also the MSSQL server? We do have a remote DB and they were going to patch both the app servers and our db. Thank you, Pascale Sterrett Thanks for the heads up, we were planning on applying that patch this weekend. I will stop that right away. Christopher Pruitt Business Consulting III HP Enterprises Services christopher.pru...@hp.com www.hp.comhttp://www.hp.com/ Confidentiality Notice: This message and any files transmitted with it are intended for the sole use of the entity or individual to whom it is addressed, and may contain information that is confidential, privileged, and exempt from disclosure under applicable law. If you are not the intended addressee for this e-mail, you are hereby notified that any copying, distribution, or dissemination of this e-mail is strictly prohibited. If you have received this e-mail in error, please immediately destroy, erase, or discard this message. Please notify the sender immediately by return e-mail if you have received this e-mail by mistake. -Original Message- From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of strauss Sent: Thursday, April 14, 2011 10:49 AM To: arslist@ARSLIST.ORG Subject: WARNING on Microsoft MS11-030 KB2509553 After applying this patch to my Reference Server for the 7.6.04 upgrade: Windows 2003 R2 x64 with ARS 7.1.00.003 CMDB 2.1.00.02 and ITSM 7.0.03.009 etc., SQL Server 2005 on remote server), the AR Service immediately and absolutely refuses to start. On reboot from the security patches (there were 15 total) the AR Server would not start
Re: WARNING on Microsoft MS11-030 KB2509553
Thanks for the heads up - we just verified and that patch did not affect our test ar servers from communicating with our remote sql db clusters. ARS 7.5 patch 4 SQL 2005 Regards, Andrew Goodall Software Engineer 2 | Development Services | jcpenney . www.jcp.com -Original Message- From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of strauss Sent: Thursday, April 14, 2011 10:49 AM To: arslist@ARSLIST.ORG Subject: WARNING on Microsoft MS11-030 KB2509553 After applying this patch to my Reference Server for the 7.6.04 upgrade: Windows 2003 R2 x64 with ARS 7.1.00.003 CMDB 2.1.00.02 and ITSM 7.0.03.009 etc., SQL Server 2005 on remote server), the AR Service immediately and absolutely refuses to start. On reboot from the security patches (there were 15 total) the AR Server would not start automatically, and all subsequent attempts to start it manually saw the armonitor start, then crash. While troubleshooting with BMC support, it could not even be started from the command line. Removing the KB2509553 security update and rebooting solved the problem immediately, with the ARS service starting normally. The only other AR server that I had applied this patch (and all of the others) to was the Staging Server (Windows 2003 R2 x64 with ARS 7.6.04 CMDB 2.1.00.02 and ITSM 7.0.03.009 etc.), and it has a local SQL Server hosting the db so it was not affected. Note that on the problem AR Server, it was still possible to run the SQL Server Management Studio client (2008) and connect to the remote db normally, even though the ARS service could not. Security Bulletin MS11-030 KB2509553 is a Critical patch for a vulnerability in DNS resolution that could allow remote code execution; it slammed the door shut on something that ARS depends on. Until BMC comes up with a solution for this, I will not be applying this patch to any other AR Server, especially my 7.1 production system with a remote db. Christopher Strauss, Ph.D. Call Tracking Administration Manager University of North Texas Computing IT Center http://itsm.unt.edu/ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug11 www.wwrug.com ARSList: Where the Answers Are The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. If the reader of this message is not the intended recipient, you are hereby notified that your access is unauthorized, and any review, dissemination, distribution or copying of this message including any attachments is strictly prohibited. If you are not the intended recipient, please contact the sender and delete the material from any computer. ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug11 www.wwrug.com ARSList: Where the Answers Are
Re: WARNING on Microsoft MS11-030 KB2509553
Excellent. I'm going to bet that my particular problem may be influenced by the fact that all of these servers are on a public network and have firewalls running. ALL of them. This patch probably blocks a port that I don't have open except between domain controllers within the subnet - just a suspicion, since several sites have reported no problem with the patch, and I remember how much work it took to get AD replication working through the firewalls years ago. It even blocks remote desktop or terminal server connections, after most remote server reboots. This has been passed up to our premier support rep at Microsoft, so I may get an answer at some point telling me what ports to open after applying it. Christopher Strauss, Ph.D. Call Tracking Administration Manager University of North Texas Computing IT Center http://itsm.unt.edu/ -Original Message- From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of Andrew C Goodall Sent: Friday, April 15, 2011 10:58 AM To: arslist@ARSLIST.ORG Subject: Re: WARNING on Microsoft MS11-030 KB2509553 Thanks for the heads up - we just verified and that patch did not affect our test ar servers from communicating with our remote sql db clusters. ARS 7.5 patch 4 SQL 2005 Regards, Andrew Goodall Software Engineer 2 | Development Services | jcpenney . www.jcp.com -Original Message- From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of strauss Sent: Thursday, April 14, 2011 10:49 AM To: arslist@ARSLIST.ORG Subject: WARNING on Microsoft MS11-030 KB2509553 After applying this patch to my Reference Server for the 7.6.04 upgrade: Windows 2003 R2 x64 with ARS 7.1.00.003 CMDB 2.1.00.02 and ITSM 7.0.03.009 etc., SQL Server 2005 on remote server), the AR Service immediately and absolutely refuses to start. On reboot from the security patches (there were 15 total) the AR Server would not start automatically, and all subsequent attempts to start it manually saw the armonitor start, then crash. While troubleshooting with BMC support, it could not even be started from the command line. Removing the KB2509553 security update and rebooting solved the problem immediately, with the ARS service starting normally. The only other AR server that I had applied this patch (and all of the others) to was the Staging Server (Windows 2003 R2 x64 with ARS 7.6.04 CMDB 2.1.00.02 and ITSM 7.0.03.009 etc.), and it has a local SQL Server hosting the db so it was not affected. Note that on the problem AR Server, it was still possible to run the SQL Server Management Studio client (2008) and connect to the remote db normally, even though the ARS service could not. Security Bulletin MS11-030 KB2509553 is a Critical patch for a vulnerability in DNS resolution that could allow remote code execution; it slammed the door shut on something that ARS depends on. Until BMC comes up with a solution for this, I will not be applying this patch to any other AR Server, especially my 7.1 production system with a remote db. Christopher Strauss, Ph.D. Call Tracking Administration Manager University of North Texas Computing IT Center http://itsm.unt.edu/ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug11 www.wwrug.com ARSList: Where the Answers Are The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. If the reader of this message is not the intended recipient, you are hereby notified that your access is unauthorized, and any review, dissemination, distribution or copying of this message including any attachments is strictly prohibited. If you are not the intended recipient, please contact the sender and delete the material from any computer. ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug11 www.wwrug.com ARSList: Where the Answers Are ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug11 www.wwrug.com ARSList: Where the Answers Are
Re: WARNING on Microsoft MS11-030 KB2509553
Chris, It's not just you -- we have the exact same versions and sure enough, I just reproduced the problem. Removing the patch right now... Thanks for the heads up! Juan Ingles On Fri, Apr 15, 2011 at 1:30 PM, strauss stra...@unt.edu wrote: Excellent. I'm going to bet that my particular problem may be influenced by the fact that all of these servers are on a public network and have firewalls running. ALL of them. This patch probably blocks a port that I don't have open except between domain controllers within the subnet - just a suspicion, since several sites have reported no problem with the patch, and I remember how much work it took to get AD replication working through the firewalls years ago. It even blocks remote desktop or terminal server connections, after most remote server reboots. This has been passed up to our premier support rep at Microsoft, so I may get an answer at some point telling me what ports to open after applying it. Christopher Strauss, Ph.D. Call Tracking Administration Manager University of North Texas Computing IT Center http://itsm.unt.edu/ -Original Message- From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of Andrew C Goodall Sent: Friday, April 15, 2011 10:58 AM To: arslist@ARSLIST.ORG Subject: Re: WARNING on Microsoft MS11-030 KB2509553 Thanks for the heads up - we just verified and that patch did not affect our test ar servers from communicating with our remote sql db clusters. ARS 7.5 patch 4 SQL 2005 Regards, Andrew Goodall Software Engineer 2 | Development Services | jcpenney . www.jcp.com -Original Message- From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of strauss Sent: Thursday, April 14, 2011 10:49 AM To: arslist@ARSLIST.ORG Subject: WARNING on Microsoft MS11-030 KB2509553 After applying this patch to my Reference Server for the 7.6.04 upgrade: Windows 2003 R2 x64 with ARS 7.1.00.003 CMDB 2.1.00.02 and ITSM 7.0.03.009 etc., SQL Server 2005 on remote server), the AR Service immediately and absolutely refuses to start. On reboot from the security patches (there were 15 total) the AR Server would not start automatically, and all subsequent attempts to start it manually saw the armonitor start, then crash. While troubleshooting with BMC support, it could not even be started from the command line. Removing the KB2509553 security update and rebooting solved the problem immediately, with the ARS service starting normally. The only other AR server that I had applied this patch (and all of the others) to was the Staging Server (Windows 2003 R2 x64 with ARS 7.6.04 CMDB 2.1.00.02 and ITSM 7.0.03.009 etc.), and it has a local SQL Server hosting the db so it was not affected. Note that on the problem AR Server, it was still possible to run the SQL Server Management Studio client (2008) and connect to the remote db normally, even though the ARS service could not. Security Bulletin MS11-030 KB2509553 is a Critical patch for a vulnerability in DNS resolution that could allow remote code execution; it slammed the door shut on something that ARS depends on. Until BMC comes up with a solution for this, I will not be applying this patch to any other AR Server, especially my 7.1 production system with a remote db. Christopher Strauss, Ph.D. Call Tracking Administration Manager University of North Texas Computing IT Center http://itsm.unt.edu/ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug11 www.wwrug.com ARSList: Where the Answers Are The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. If the reader of this message is not the intended recipient, you are hereby notified that your access is unauthorized, and any review, dissemination, distribution or copying of this message including any attachments is strictly prohibited. If you are not the intended recipient, please contact the sender and delete the material from any computer. ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug11 www.wwrug.com ARSList: Where the Answers Are ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug11 www.wwrug.com ARSList: Where the Answers Are ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug11 www.wwrug.com ARSList: Where the Answers Are
Re: WARNING on Microsoft MS11-030 KB2509553
Thanks for the heads up, we were planning on applying that patch this weekend. I will stop that right away. Christopher Pruitt Business Consulting III HP Enterprises Services christopher.pru...@hp.com www.hp.com Confidentiality Notice: This message and any files transmitted with it are intended for the sole use of the entity or individual to whom it is addressed, and may contain information that is confidential, privileged, and exempt from disclosure under applicable law. If you are not the intended addressee for this e-mail, you are hereby notified that any copying, distribution, or dissemination of this e-mail is strictly prohibited. If you have received this e-mail in error, please immediately destroy, erase, or discard this message. Please notify the sender immediately by return e-mail if you have received this e-mail by mistake. -Original Message- From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of strauss Sent: Thursday, April 14, 2011 10:49 AM To: arslist@ARSLIST.ORG Subject: WARNING on Microsoft MS11-030 KB2509553 After applying this patch to my Reference Server for the 7.6.04 upgrade: Windows 2003 R2 x64 with ARS 7.1.00.003 CMDB 2.1.00.02 and ITSM 7.0.03.009 etc., SQL Server 2005 on remote server), the AR Service immediately and absolutely refuses to start. On reboot from the security patches (there were 15 total) the AR Server would not start automatically, and all subsequent attempts to start it manually saw the armonitor start, then crash. While troubleshooting with BMC support, it could not even be started from the command line. Removing the KB2509553 security update and rebooting solved the problem immediately, with the ARS service starting normally. The only other AR server that I had applied this patch (and all of the others) to was the Staging Server (Windows 2003 R2 x64 with ARS 7.6.04 CMDB 2.1.00.02 and ITSM 7.0.03.009 etc.), and it has a local SQL Server hosting the db so it was not affected. Note that on the problem AR Server, it was still possible to run the SQL Server Management Studio client (2008) and connect to the remote db normally, even though the ARS service could not. Security Bulletin MS11-030 KB2509553 is a Critical patch for a vulnerability in DNS resolution that could allow remote code execution; it slammed the door shut on something that ARS depends on. Until BMC comes up with a solution for this, I will not be applying this patch to any other AR Server, especially my 7.1 production system with a remote db. Christopher Strauss, Ph.D. Call Tracking Administration Manager University of North Texas Computing IT Center http://itsm.unt.edu/ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug11 www.wwrug.com ARSList: Where the Answers Are ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug11 www.wwrug.com ARSList: Where the Answers Are
Re: WARNING on Microsoft MS11-030 KB2509553
Christopher, What are the errors in arerror.log, what symptoms should we look out for other than armonitor not starting? -Original Message- From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of strauss Sent: Thursday, April 14, 2011 9:49 AM To: arslist@ARSLIST.ORG Subject: WARNING on Microsoft MS11-030 KB2509553 After applying this patch to my Reference Server for the 7.6.04 upgrade: Windows 2003 R2 x64 with ARS 7.1.00.003 CMDB 2.1.00.02 and ITSM 7.0.03.009 etc., SQL Server 2005 on remote server), the AR Service immediately and absolutely refuses to start. On reboot from the security patches (there were 15 total) the AR Server would not start automatically, and all subsequent attempts to start it manually saw the armonitor start, then crash. While troubleshooting with BMC support, it could not even be started from the command line. Removing the KB2509553 security update and rebooting solved the problem immediately, with the ARS service starting normally. The only other AR server that I had applied this patch (and all of the others) to was the Staging Server (Windows 2003 R2 x64 with ARS 7.6.04 CMDB 2.1.00.02 and ITSM 7.0.03.009 etc.), and it has a local SQL Server hosting the db so it was not affected. Note that on the problem AR Server, it was still possible to run the SQL Server Management Studio client (2008) and connect to the remote db normally, even though the ARS service could not. Security Bulletin MS11-030 KB2509553 is a Critical patch for a vulnerability in DNS resolution that could allow remote code execution; it slammed the door shut on something that ARS depends on. Until BMC comes up with a solution for this, I will not be applying this patch to any other AR Server, especially my 7.1 production system with a remote db. Christopher Strauss, Ph.D. Call Tracking Administration Manager University of North Texas Computing IT Center http://itsm.unt.edu/ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug11 www.wwrug.com ARSList: Where the Answers Are ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug11 www.wwrug.com ARSList: Where the Answers Are
Re: WARNING on Microsoft MS11-030 KB2509553
It doesn't even get far enough to add an entry to the normal arerror.log (it does post to the arerror.log in \SysWOW64): Wed Apr 13 13:03:51 2011 0 : AR System server terminated -- fatal error encountered (ARNOTE 21) Wed Apr 13 13:03:51 2011 The Server process terminated. All attempts to start the service manually fail with the pop-up error: Windows could not start the BMC Remedy Action Request System Server on the Local Computer. For more information, review the System Event Log. If this is a non-Microsoft service, contact the service vendor, and refer to service-specific error code 1064. Attempting to start arserver from the command prompt results in a different pop-up error: Application popup: arserver.exe - Application Error : The application failed to initialize properly (0xc005). Click on OK to terminate the application. Each attempt looks like this in the armonitor.log: Wed Apr 13 10:15:57 2011 (ARNOTE 0) Wed Apr 13 10:15:57 2011 AR Monitor version 7.1.00 Patch 003 200805260630 started. Wed Apr 13 10:15:57 2011 (ARNOTE 0) Wed Apr 13 10:15:57 2011 AR Monitor started. Wed Apr 13 10:15:57 2011 (ARNOTE 0) Wed Apr 13 10:15:57 2011 ARMonitor child process (pid:5860) started. d:\program files (x86)\ar system\arsweb12\arserver.exe Wed Apr 13 10:15:57 2011 (ARNOTE 0) Wed Apr 13 10:15:57 2011 ARMonitor child process (pid:5816) started. d:\program files (x86)\ar system\arsweb12\arplugin.exe Wed Apr 13 10:15:57 2011 (ARNOTE 0) Wed Apr 13 10:15:57 2011 ARMonitor child process (pid:5872) started. d:\program files (x86)\ar system\arsweb12\arsvcdsp.exe Wed Apr 13 10:15:57 2011 (ARNOTE 0) Wed Apr 13 10:15:57 2011 ARMonitor child process (pid:5868) started. c:\program files (x86)\java\jre6\bin\java Wed Apr 13 10:15:57 2011 (ARNOTE 0) Wed Apr 13 10:15:57 2011 Pausing for max 900 seconds or until server up. Wed Apr 13 10:15:58 2011 (ARNOTE 0) Wed Apr 13 10:15:58 2011 The Server process terminated. Wed Apr 13 10:15:58 2011 (ARNOTE 0) Wed Apr 13 10:15:58 2011 Attempting to terminate ARMonitor child process (pid:5816). d:\program files (x86)\ar system\arsweb12\arplugin.exe Wed Apr 13 10:15:58 2011 (ARNOTE 0) Wed Apr 13 10:15:58 2011 Attempting to terminate ARMonitor child process (pid:5872). d:\program files (x86)\ar system\arsweb12\arsvcdsp.exe Wed Apr 13 10:15:58 2011 (ARNOTE 0) Wed Apr 13 10:15:58 2011 Attempting to terminate ARMonitor child process (pid:5868). c:\program files (x86)\java\jre6\bin\java Wed Apr 13 10:15:58 2011 (ARNOTE 0) Wed Apr 13 10:15:58 2011 Attempting to terminate ARMonitor child process (pid:5860). d:\program files (x86)\ar system\arsweb12\arserver.exe Wed Apr 13 10:15:58 2011 Failure occurred during execl() (ARERR 33) Wed Apr 13 10:15:59 2011 (ARNOTE 0) Wed Apr 13 10:15:59 2011 ARMonitor child process (pid:5860) died with 128. d:\program files (x86)\ar system\arsweb12\arserver.exe Wed Apr 13 10:15:59 2011 (ARNOTE 0) Wed Apr 13 10:15:59 2011 ARMonitor child process (pid:5816) died with 0. d:\program files (x86)\ar system\arsweb12\arplugin.exe Wed Apr 13 10:15:59 2011 (ARNOTE 0) Wed Apr 13 10:15:59 2011 ARMonitor child process (pid:5872) died with 0. d:\program files (x86)\ar system\arsweb12\arsvcdsp.exe Wed Apr 13 10:15:59 2011 (ARNOTE 0) Wed Apr 13 10:15:59 2011 ARMonitor child process (pid:5868) died with 0. c:\program files (x86)\java\jre6\bin\java Wed Apr 13 10:15:59 2011 AR System server terminated normally (ARERR 32) Wed Apr 13 10:15:59 2011 AR Monitor stopped. Probably more information than you needed... I resolved it by going to Control Panel - Add or Remove Programs (Show updates selected) and selecting Security Update for Windows Server 2003 (KB2509553) and clicking on Remove. It warns you about other related security updates that might not work, but I clicked Yes anyway, removed it, then rebooted. ARS started right up after that. I no longer have ARS on any 2008 R2 hardware due to its incompatibility with alarmpoint, but I can test this patch later on my 2008 R2 VMs, where the 7.6.04 server also connects to a remote db on another vm; I'll bet that doesn't work either! Christopher Strauss, Ph.D. Call Tracking Administration Manager University of North Texas Computing IT Center http://itsm.unt.edu/ -Original Message- From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of LJ LongWing Sent: Thursday, April 14, 2011 11:16 AM To: arslist@ARSLIST.ORG Subject: Re: WARNING on Microsoft MS11-030 KB2509553 Christopher, What are the errors in arerror.log, what symptoms should we look out for other than armonitor not starting? -Original Message- From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of strauss Sent: Thursday, April 14, 2011 9:49 AM To: arslist@ARSLIST.ORG Subject: WARNING on Microsoft MS11-030 KB2509553 After applying this patch to my
Re: WARNING on Microsoft MS11-030 KB2509553
Try restarting the server in a debug mode.. I think the -d option needs to be added to the armonitor.cfg line that starts the AR Server.. This will give you a little more information on the debug log file that gets created in the AR Server directory during startup.. There are limited number of reasons why connections may fail when there are updates to the underlying SQL server such as an incompatible client version in case there is a minor/major version change, change in the SQL internal database compatibility version, etc. Applying a patch to address security should not change any of these.. Cheers Joe -Original Message- From: strauss Sent: Thursday, April 14, 2011 12:56 PM Newsgroups: public.remedy.arsystem.general To: arslist@ARSLIST.ORG Subject: Re: WARNING on Microsoft MS11-030 KB2509553 It doesn't even get far enough to add an entry to the normal arerror.log (it does post to the arerror.log in \SysWOW64): Wed Apr 13 13:03:51 2011 0 : AR System server terminated -- fatal error encountered (ARNOTE 21) Wed Apr 13 13:03:51 2011 The Server process terminated. All attempts to start the service manually fail with the pop-up error: Windows could not start the BMC Remedy Action Request System Server on the Local Computer. For more information, review the System Event Log. If this is a non-Microsoft service, contact the service vendor, and refer to service-specific error code 1064. Attempting to start arserver from the command prompt results in a different pop-up error: Application popup: arserver.exe - Application Error : The application failed to initialize properly (0xc005). Click on OK to terminate the application. Each attempt looks like this in the armonitor.log: Wed Apr 13 10:15:57 2011 (ARNOTE 0) Wed Apr 13 10:15:57 2011 AR Monitor version 7.1.00 Patch 003 200805260630 started. Wed Apr 13 10:15:57 2011 (ARNOTE 0) Wed Apr 13 10:15:57 2011 AR Monitor started. Wed Apr 13 10:15:57 2011 (ARNOTE 0) Wed Apr 13 10:15:57 2011 ARMonitor child process (pid:5860) started. d:\program files (x86)\ar system\arsweb12\arserver.exe Wed Apr 13 10:15:57 2011 (ARNOTE 0) Wed Apr 13 10:15:57 2011 ARMonitor child process (pid:5816) started. d:\program files (x86)\ar system\arsweb12\arplugin.exe Wed Apr 13 10:15:57 2011 (ARNOTE 0) Wed Apr 13 10:15:57 2011 ARMonitor child process (pid:5872) started. d:\program files (x86)\ar system\arsweb12\arsvcdsp.exe Wed Apr 13 10:15:57 2011 (ARNOTE 0) Wed Apr 13 10:15:57 2011 ARMonitor child process (pid:5868) started. c:\program files (x86)\java\jre6\bin\java Wed Apr 13 10:15:57 2011 (ARNOTE 0) Wed Apr 13 10:15:57 2011 Pausing for max 900 seconds or until server up. Wed Apr 13 10:15:58 2011 (ARNOTE 0) Wed Apr 13 10:15:58 2011 The Server process terminated. Wed Apr 13 10:15:58 2011 (ARNOTE 0) Wed Apr 13 10:15:58 2011 Attempting to terminate ARMonitor child process (pid:5816). d:\program files (x86)\ar system\arsweb12\arplugin.exe Wed Apr 13 10:15:58 2011 (ARNOTE 0) Wed Apr 13 10:15:58 2011 Attempting to terminate ARMonitor child process (pid:5872). d:\program files (x86)\ar system\arsweb12\arsvcdsp.exe Wed Apr 13 10:15:58 2011 (ARNOTE 0) Wed Apr 13 10:15:58 2011 Attempting to terminate ARMonitor child process (pid:5868). c:\program files (x86)\java\jre6\bin\java Wed Apr 13 10:15:58 2011 (ARNOTE 0) Wed Apr 13 10:15:58 2011 Attempting to terminate ARMonitor child process (pid:5860). d:\program files (x86)\ar system\arsweb12\arserver.exe Wed Apr 13 10:15:58 2011 Failure occurred during execl() (ARERR 33) Wed Apr 13 10:15:59 2011 (ARNOTE 0) Wed Apr 13 10:15:59 2011 ARMonitor child process (pid:5860) died with 128. d:\program files (x86)\ar system\arsweb12\arserver.exe Wed Apr 13 10:15:59 2011 (ARNOTE 0) Wed Apr 13 10:15:59 2011 ARMonitor child process (pid:5816) died with 0. d:\program files (x86)\ar system\arsweb12\arplugin.exe Wed Apr 13 10:15:59 2011 (ARNOTE 0) Wed Apr 13 10:15:59 2011 ARMonitor child process (pid:5872) died with 0. d:\program files (x86)\ar system\arsweb12\arsvcdsp.exe Wed Apr 13 10:15:59 2011 (ARNOTE 0) Wed Apr 13 10:15:59 2011 ARMonitor child process (pid:5868) died with 0. c:\program files (x86)\java\jre6\bin\java Wed Apr 13 10:15:59 2011 AR System server terminated normally (ARERR 32) Wed Apr 13 10:15:59 2011 AR Monitor stopped. Probably more information than you needed... I resolved it by going to Control Panel - Add or Remove Programs (Show updates selected) and selecting Security Update for Windows Server 2003 (KB2509553) and clicking on Remove. It warns you about other related security updates that might not work, but I clicked Yes anyway, removed it, then rebooted. ARS started right up after that. I no longer have ARS on any 2008 R2 hardware due to its incompatibility with alarmpoint, but I can test this patch later on my 2008 R2 VMs, where the 7.6.04 server also connects to a remote
Re: WARNING on Microsoft MS11-030 KB2509553
Try restarting the server in a debug mode.. I think the -d option needs to be added to the armonitor.cfg line that starts the AR Server.. This will give you a little more information on the debug log file that gets created in the AR Server directory during startup.. There are limited number of reasons why connections may fail when there are updates to the underlying SQL server such as an incompatible client version in case there is a minor/major version change, change in the SQL internal database compatibility version, etc. Applying a patch to address security should not change any of these.. Were you able to log into the SQL client after you installed the patch? Cheers Joe -Original Message- From: strauss Sent: Thursday, April 14, 2011 12:56 PM Newsgroups: public.remedy.arsystem.general To: arslist@ARSLIST.ORG Subject: Re: WARNING on Microsoft MS11-030 KB2509553 It doesn't even get far enough to add an entry to the normal arerror.log (it does post to the arerror.log in \SysWOW64): Wed Apr 13 13:03:51 2011 0 : AR System server terminated -- fatal error encountered (ARNOTE 21) Wed Apr 13 13:03:51 2011 The Server process terminated. All attempts to start the service manually fail with the pop-up error: Windows could not start the BMC Remedy Action Request System Server on the Local Computer. For more information, review the System Event Log. If this is a non-Microsoft service, contact the service vendor, and refer to service-specific error code 1064. Attempting to start arserver from the command prompt results in a different pop-up error: Application popup: arserver.exe - Application Error : The application failed to initialize properly (0xc005). Click on OK to terminate the application. Each attempt looks like this in the armonitor.log: Wed Apr 13 10:15:57 2011 (ARNOTE 0) Wed Apr 13 10:15:57 2011 AR Monitor version 7.1.00 Patch 003 200805260630 started. Wed Apr 13 10:15:57 2011 (ARNOTE 0) Wed Apr 13 10:15:57 2011 AR Monitor started. Wed Apr 13 10:15:57 2011 (ARNOTE 0) Wed Apr 13 10:15:57 2011 ARMonitor child process (pid:5860) started. d:\program files (x86)\ar system\arsweb12\arserver.exe Wed Apr 13 10:15:57 2011 (ARNOTE 0) Wed Apr 13 10:15:57 2011 ARMonitor child process (pid:5816) started. d:\program files (x86)\ar system\arsweb12\arplugin.exe Wed Apr 13 10:15:57 2011 (ARNOTE 0) Wed Apr 13 10:15:57 2011 ARMonitor child process (pid:5872) started. d:\program files (x86)\ar system\arsweb12\arsvcdsp.exe Wed Apr 13 10:15:57 2011 (ARNOTE 0) Wed Apr 13 10:15:57 2011 ARMonitor child process (pid:5868) started. c:\program files (x86)\java\jre6\bin\java Wed Apr 13 10:15:57 2011 (ARNOTE 0) Wed Apr 13 10:15:57 2011 Pausing for max 900 seconds or until server up. Wed Apr 13 10:15:58 2011 (ARNOTE 0) Wed Apr 13 10:15:58 2011 The Server process terminated. Wed Apr 13 10:15:58 2011 (ARNOTE 0) Wed Apr 13 10:15:58 2011 Attempting to terminate ARMonitor child process (pid:5816). d:\program files (x86)\ar system\arsweb12\arplugin.exe Wed Apr 13 10:15:58 2011 (ARNOTE 0) Wed Apr 13 10:15:58 2011 Attempting to terminate ARMonitor child process (pid:5872). d:\program files (x86)\ar system\arsweb12\arsvcdsp.exe Wed Apr 13 10:15:58 2011 (ARNOTE 0) Wed Apr 13 10:15:58 2011 Attempting to terminate ARMonitor child process (pid:5868). c:\program files (x86)\java\jre6\bin\java Wed Apr 13 10:15:58 2011 (ARNOTE 0) Wed Apr 13 10:15:58 2011 Attempting to terminate ARMonitor child process (pid:5860). d:\program files (x86)\ar system\arsweb12\arserver.exe Wed Apr 13 10:15:58 2011 Failure occurred during execl() (ARERR 33) Wed Apr 13 10:15:59 2011 (ARNOTE 0) Wed Apr 13 10:15:59 2011 ARMonitor child process (pid:5860) died with 128. d:\program files (x86)\ar system\arsweb12\arserver.exe Wed Apr 13 10:15:59 2011 (ARNOTE 0) Wed Apr 13 10:15:59 2011 ARMonitor child process (pid:5816) died with 0. d:\program files (x86)\ar system\arsweb12\arplugin.exe Wed Apr 13 10:15:59 2011 (ARNOTE 0) Wed Apr 13 10:15:59 2011 ARMonitor child process (pid:5872) died with 0. d:\program files (x86)\ar system\arsweb12\arsvcdsp.exe Wed Apr 13 10:15:59 2011 (ARNOTE 0) Wed Apr 13 10:15:59 2011 ARMonitor child process (pid:5868) died with 0. c:\program files (x86)\java\jre6\bin\java Wed Apr 13 10:15:59 2011 AR System server terminated normally (ARERR 32) Wed Apr 13 10:15:59 2011 AR Monitor stopped. Probably more information than you needed... I resolved it by going to Control Panel - Add or Remove Programs (Show updates selected) and selecting Security Update for Windows Server 2003 (KB2509553) and clicking on Remove. It warns you about other related security updates that might not work, but I clicked Yes anyway, removed it, then rebooted. ARS started right up after that. I no longer have ARS on any 2008 R2 hardware due to its incompatibility with alarmpoint, but I can test this patch later
Re: WARNING on Microsoft MS11-030 KB2509553
Chris, My server team was about to install that patch next weekend. So thank you so much!! Just one clarification if you can. Do we need to prevent them from patching only the app server or also the MSSQL server? We do have a remote DB and they were going to patch both the app servers and our db. Thank you, Pascale Sterrett christopher.pru...@hp.com Sent by: arslist@ARSLIST.ORG 04/14/2011 08:56 AM Please respond to arslist@ARSLIST.ORG To arslist@ARSLIST.ORG cc Subject Re: WARNING on Microsoft MS11-030 KB2509553 Thanks for the heads up, we were planning on applying that patch this weekend. I will stop that right away. Christopher Pruitt Business Consulting III HP Enterprises Services christopher.pru...@hp.com www.hp.com Confidentiality Notice: This message and any files transmitted with it are intended for the sole use of the entity or individual to whom it is addressed, and may contain information that is confidential, privileged, and exempt from disclosure under applicable law. If you are not the intended addressee for this e-mail, you are hereby notified that any copying, distribution, or dissemination of this e-mail is strictly prohibited. If you have received this e-mail in error, please immediately destroy, erase, or discard this message. Please notify the sender immediately by return e-mail if you have received this e-mail by mistake. -Original Message- From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of strauss Sent: Thursday, April 14, 2011 10:49 AM To: arslist@ARSLIST.ORG Subject: WARNING on Microsoft MS11-030 KB2509553 After applying this patch to my Reference Server for the 7.6.04 upgrade: Windows 2003 R2 x64 with ARS 7.1.00.003 CMDB 2.1.00.02 and ITSM 7.0.03.009 etc., SQL Server 2005 on remote server), the AR Service immediately and absolutely refuses to start. On reboot from the security patches (there were 15 total) the AR Server would not start automatically, and all subsequent attempts to start it manually saw the armonitor start, then crash. While troubleshooting with BMC support, it could not even be started from the command line. Removing the KB2509553 security update and rebooting solved the problem immediately, with the ARS service starting normally. The only other AR server that I had applied this patch (and all of the others) to was the Staging Server (Windows 2003 R2 x64 with ARS 7.6.04 CMDB 2.1.00.02 and ITSM 7.0.03.009 etc.), and it has a local SQL Server hosting the db so it was not affected. Note that on the problem AR Server, it was still possible to run the SQL Server Management Studio client (2008) and connect to the remote db normally, even though the ARS service could not. Security Bulletin MS11-030 KB2509553 is a Critical patch for a vulnerability in DNS resolution that could allow remote code execution; it slammed the door shut on something that ARS depends on. Until BMC comes up with a solution for this, I will not be applying this patch to any other AR Server, especially my 7.1 production system with a remote db. Christopher Strauss, Ph.D. Call Tracking Administration Manager University of North Texas Computing IT Center http://itsm.unt.edu/ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug11 www.wwrug.com ARSList: Where the Answers Are ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug11 www.wwrug.com ARSList: Where the Answers Are If you are not the intended addressee, please inform us immediately that you have received this e-mail in error, and delete it. We thank you for your cooperation. ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug11 www.wwrug.com ARSList: Where the Answers Are
Re: WARNING on Microsoft MS11-030 KB2509553
You aren’t saying that your team was about to patch the production server without applying it to a sandbox or development or test environment right? I do not see the harm in applying it to a test or development environment even if it has been reported to not be working ‘out of the box’ – depending on what the error really is, it may be possible to tweak it to get it to work.. Joe From: pascale.sterr...@daimler.com Sent: Thursday, April 14, 2011 1:42 PM Newsgroups: public.remedy.arsystem.general To: arslist@ARSLIST.ORG Subject: Re: WARNING on Microsoft MS11-030 KB2509553 ** Chris, My server team was about to install that patch next weekend. So thank you so much!! Just one clarification if you can. Do we need to prevent them from patching only the app server or also the MSSQL server? We do have a remote DB and they were going to patch both the app servers and our db. Thank you, Pascale Sterrett Thanks for the heads up, we were planning on applying that patch this weekend. I will stop that right away. Christopher Pruitt Business Consulting III HP Enterprises Services christopher.pru...@hp.com www.hp.com Confidentiality Notice: This message and any files transmitted with it are intended for the sole use of the entity or individual to whom it is addressed, and may contain information that is confidential, privileged, and exempt from disclosure under applicable law. If you are not the intended addressee for this e-mail, you are hereby notified that any copying, distribution, or dissemination of this e-mail is strictly prohibited. If you have received this e-mail in error, please immediately destroy, erase, or discard this message. Please notify the sender immediately by return e-mail if you have received this e-mail by mistake. -Original Message- From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of strauss Sent: Thursday, April 14, 2011 10:49 AM To: arslist@ARSLIST.ORG Subject: WARNING on Microsoft MS11-030 KB2509553 After applying this patch to my Reference Server for the 7.6.04 upgrade: Windows 2003 R2 x64 with ARS 7.1.00.003 CMDB 2.1.00.02 and ITSM 7.0.03.009 etc., SQL Server 2005 on remote server), the AR Service immediately and absolutely refuses to start. On reboot from the security patches (there were 15 total) the AR Server would not start automatically, and all subsequent attempts to start it manually saw the armonitor start, then crash. While troubleshooting with BMC support, it could not even be started from the command line. Removing the KB2509553 security update and rebooting solved the problem immediately, with the ARS service starting normally. The only other AR server that I had applied this patch (and all of the others) to was the Staging Server (Windows 2003 R2 x64 with ARS 7.6.04 CMDB 2.1.00.02 and ITSM 7.0.03.009 etc.), and it has a local SQL Server hosting the db so it was not affected. Note that on the problem AR Server, it was still possible to run the SQL Server Management Studio client (2008) and connect to the remote db normally, even though the ARS service could not. Security Bulletin MS11-030 KB2509553 is a Critical patch for a vulnerability in DNS resolution that could allow remote code execution; it slammed the door shut on something that ARS depends on. Until BMC comes up with a solution for this, I will not be applying this patch to any other AR Server, especially my 7.1 production system with a remote db. Christopher Strauss, Ph.D. Call Tracking Administration Manager University of North Texas Computing IT Center http://itsm.unt.edu/ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug11 www.wwrug.com ARSList: Where the Answers Are
Re: WARNING on Microsoft MS11-030 KB2509553
yes that is exactly what I am saying, They were about to apply that specific patch to ALL our environments at once. Including dev , test and Prod. They are now only going to patch our dev so we can validate. And from now on will test first on our dev environment. So a HUGE thanks to Chris. I did not know that they were not patching dev first. So that was a possible close call. Pascale jdso...@shyle.net Sent by: arslist@ARSLIST.ORG 04/14/2011 10:48 AM Please respond to arslist@ARSLIST.ORG To arslist@ARSLIST.ORG cc Subject Re: WARNING on Microsoft MS11-030 KB2509553 ** You aren’t saying that your team was about to patch the production server without applying it to a sandbox or development or test environment right? I do not see the harm in applying it to a test or development environment even if it has been reported to not be working ‘out of the box’ – depending on what the error really is, it may be possible to tweak it to get it to work.. Joe From: pascale.sterr...@daimler.com Sent: Thursday, April 14, 2011 1:42 PM Newsgroups: public.remedy.arsystem.general To: arslist@ARSLIST.ORG Subject: Re: WARNING on Microsoft MS11-030 KB2509553 ** Chris, My server team was about to install that patch next weekend. So thank you so much!! Just one clarification if you can. Do we need to prevent them from patching only the app server or also the MSSQL server? We do have a remote DB and they were going to patch both the app servers and our db. Thank you, Pascale Sterrett Thanks for the heads up, we were planning on applying that patch this weekend. I will stop that right away. Christopher Pruitt Business Consulting III HP Enterprises Services christopher.pru...@hp.com www.hp.com Confidentiality Notice: This message and any files transmitted with it are intended for the sole use of the entity or individual to whom it is addressed, and may contain information that is confidential, privileged, and exempt from disclosure under applicable law. If you are not the intended addressee for this e-mail, you are hereby notified that any copying, distribution, or dissemination of this e-mail is strictly prohibited. If you have received this e-mail in error, please immediately destroy, erase, or discard this message. Please notify the sender immediately by return e-mail if you have received this e-mail by mistake. -Original Message- From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of strauss Sent: Thursday, April 14, 2011 10:49 AM To: arslist@ARSLIST.ORG Subject: WARNING on Microsoft MS11-030 KB2509553 After applying this patch to my Reference Server for the 7.6.04 upgrade: Windows 2003 R2 x64 with ARS 7.1.00.003 CMDB 2.1.00.02 and ITSM 7.0.03.009 etc., SQL Server 2005 on remote server), the AR Service immediately and absolutely refuses to start. On reboot from the security patches (there were 15 total) the AR Server would not start automatically, and all subsequent attempts to start it manually saw the armonitor start, then crash. While troubleshooting with BMC support, it could not even be started from the command line. Removing the KB2509553 security update and rebooting solved the problem immediately, with the ARS service starting normally. The only other AR server that I had applied this patch (and all of the others) to was the Staging Server (Windows 2003 R2 x64 with ARS 7.6.04 CMDB 2.1.00.02 and ITSM 7.0.03.009 etc.), and it has a local SQL Server hosting the db so it was not affected. Note that on the problem AR Server, it was still possible to run the SQL Server Management Studio client (2008) and connect to the remote db normally, even though the ARS service could not. Security Bulletin MS11-030 KB2509553 is a Critical patch for a vulnerability in DNS resolution that could allow remote code execution; it slammed the door shut on something that ARS depends on. Until BMC comes up with a solution for this, I will not be applying this patch to any other AR Server, especially my 7.1 production system with a remote db. Christopher Strauss, Ph.D. Call Tracking Administration Manager University of North Texas Computing IT Center http://itsm.unt.edu/ _attend WWRUG11 www.wwrug.com ARSlist: Where the Answers Are_ If you are not the intended addressee, please inform us immediately that you have received this e-mail in error, and delete it. We thank you for your cooperation.
Re: WARNING on Microsoft MS11-030 KB2509553
The SQL Server has the patch and that did not factor into the equation. So far I think it only affects the AR server where it is connecting to a remote db server; the AR server with a local db was also not affected. In answer to Joe, yes, the SQL Server Management Studio could connect to the db just fine with the patch applied; we have had more than one case where an ARS server could not start up unless you first started the SQL Server Management Studio and opened the connection to the db; something in DCOM or DTS was blocking it until the SQL client punched a hole, so that was the FIRST thing that I tried. BTW, we solved that problem by registering the SQL Servers in AD and configuring them to make Kerberos connections between ARS and SQL. The server blocked by this new patch DOES make about 60 Kerberos connections when working, so the patch even negates that level of connectivity. Christopher Strauss, Ph.D. Call Tracking Administration Manager University of North Texas Computing IT Center http://itsm.unt.edu/ From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of pascale.sterr...@daimler.com Sent: Thursday, April 14, 2011 12:43 PM To: arslist@ARSLIST.ORG Subject: Re: WARNING on Microsoft MS11-030 KB2509553 ** Chris, My server team was about to install that patch next weekend. So thank you so much!! Just one clarification if you can. Do we need to prevent them from patching only the app server or also the MSSQL server? We do have a remote DB and they were going to patch both the app servers and our db. Thank you, Pascale Sterrett christopher.pru...@hp.com Sent by: arslist@ARSLIST.ORG 04/14/2011 08:56 AM Please respond to arslist@ARSLIST.ORG To arslist@ARSLIST.ORG cc Subject Re: WARNING on Microsoft MS11-030 KB2509553 Thanks for the heads up, we were planning on applying that patch this weekend. I will stop that right away. Christopher Pruitt Business Consulting III HP Enterprises Services christopher.pru...@hp.com www.hp.com Confidentiality Notice: This message and any files transmitted with it are intended for the sole use of the entity or individual to whom it is addressed, and may contain information that is confidential, privileged, and exempt from disclosure under applicable law. If you are not the intended addressee for this e-mail, you are hereby notified that any copying, distribution, or dissemination of this e-mail is strictly prohibited. If you have received this e-mail in error, please immediately destroy, erase, or discard this message. Please notify the sender immediately by return e-mail if you have received this e-mail by mistake. -Original Message- From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of strauss Sent: Thursday, April 14, 2011 10:49 AM To: arslist@ARSLIST.ORG Subject: WARNING on Microsoft MS11-030 KB2509553 After applying this patch to my Reference Server for the 7.6.04 upgrade: Windows 2003 R2 x64 with ARS 7.1.00.003 CMDB 2.1.00.02 and ITSM 7.0.03.009 etc., SQL Server 2005 on remote server), the AR Service immediately and absolutely refuses to start. On reboot from the security patches (there were 15 total) the AR Server would not start automatically, and all subsequent attempts to start it manually saw the armonitor start, then crash. While troubleshooting with BMC support, it could not even be started from the command line. Removing the KB2509553 security update and rebooting solved the problem immediately, with the ARS service starting normally. The only other AR server that I had applied this patch (and all of the others) to was the Staging Server (Windows 2003 R2 x64 with ARS 7.6.04 CMDB 2.1.00.02 and ITSM 7.0.03.009 etc.), and it has a local SQL Server hosting the db so it was not affected. Note that on the problem AR Server, it was still possible to run the SQL Server Management Studio client (2008) and connect to the remote db normally, even though the ARS service could not. Security Bulletin MS11-030 KB2509553 is a Critical patch for a vulnerability in DNS resolution that could allow remote code execution; it slammed the door shut on something that ARS depends on. Until BMC comes up with a solution for this, I will not be applying this patch to any other AR Server, especially my 7.1 production system with a remote db. Christopher Strauss, Ph.D. Call Tracking Administration Manager University of North Texas Computing IT Center http://itsm.unt.edu/ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug11 www.wwrug.com ARSList: Where the Answers Are ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug11 www.wwrug.com ARSList: Where the Answers Are If you are not the intended addressee, please inform us
Re: WARNING on Microsoft MS11-030 KB2509553
I usually patch everything but production during the week it is released to see what happens. Then support is available if something happens (2 or 3 times in the past decade, an MS patch has blocked ARS from working properly). Then production gets patched Friday night or Sunday morning – when the campus is either in the bars or hung over and won’t notice. Christopher Strauss, Ph.D. Call Tracking Administration Manager University of North Texas Computing IT Center http://itsm.unt.edu/ From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of Joe Martin D'Souza Sent: Thursday, April 14, 2011 12:47 PM To: arslist@ARSLIST.ORG Subject: Re: WARNING on Microsoft MS11-030 KB2509553 ** You aren’t saying that your team was about to patch the production server without applying it to a sandbox or development or test environment right? I do not see the harm in applying it to a test or development environment even if it has been reported to not be working ‘out of the box’ – depending on what the error really is, it may be possible to tweak it to get it to work.. Joe From: pascale.sterr...@daimler.commailto:pascale.sterr...@daimler.com Sent: Thursday, April 14, 2011 1:42 PM Newsgroups: public.remedy.arsystem.general To: arslist@ARSLIST.ORGmailto:arslist@ARSLIST.ORG Subject: Re: WARNING on Microsoft MS11-030 KB2509553 ** Chris, My server team was about to install that patch next weekend. So thank you so much!! Just one clarification if you can. Do we need to prevent them from patching only the app server or also the MSSQL server? We do have a remote DB and they were going to patch both the app servers and our db. Thank you, Pascale Sterrett Thanks for the heads up, we were planning on applying that patch this weekend. I will stop that right away. Christopher Pruitt Business Consulting III HP Enterprises Services christopher.pru...@hp.com www.hp.com Confidentiality Notice: This message and any files transmitted with it are intended for the sole use of the entity or individual to whom it is addressed, and may contain information that is confidential, privileged, and exempt from disclosure under applicable law. If you are not the intended addressee for this e-mail, you are hereby notified that any copying, distribution, or dissemination of this e-mail is strictly prohibited. If you have received this e-mail in error, please immediately destroy, erase, or discard this message. Please notify the sender immediately by return e-mail if you have received this e-mail by mistake. -Original Message- From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of strauss Sent: Thursday, April 14, 2011 10:49 AM To: arslist@ARSLIST.ORG Subject: WARNING on Microsoft MS11-030 KB2509553 After applying this patch to my Reference Server for the 7.6.04 upgrade: Windows 2003 R2 x64 with ARS 7.1.00.003 CMDB 2.1.00.02 and ITSM 7.0.03.009 etc., SQL Server 2005 on remote server), the AR Service immediately and absolutely refuses to start. On reboot from the security patches (there were 15 total) the AR Server would not start automatically, and all subsequent attempts to start it manually saw the armonitor start, then crash. While troubleshooting with BMC support, it could not even be started from the command line. Removing the KB2509553 security update and rebooting solved the problem immediately, with the ARS service starting normally. The only other AR server that I had applied this patch (and all of the others) to was the Staging Server (Windows 2003 R2 x64 with ARS 7.6.04 CMDB 2.1.00.02 and ITSM 7.0.03.009 etc.), and it has a local SQL Server hosting the db so it was not affected. Note that on the problem AR Server, it was still possible to run the SQL Server Management Studio client (2008) and connect to the remote db normally, even though the ARS service could not. Security Bulletin MS11-030 KB2509553 is a Critical patch for a vulnerability in DNS resolution that could allow remote code execution; it slammed the door shut on something that ARS depends on. Until BMC comes up with a solution for this, I will not be applying this patch to any other AR Server, especially my 7.1 production system with a remote db. Christopher Strauss, Ph.D. Call Tracking Administration Manager University of North Texas Computing IT Center http://itsm.unt.edu/ _attend WWRUG11 www.wwrug.com ARSlist: Where the Answers Are_
Re: WARNING on Microsoft MS11-030 KB2509553
That’s always a bad idea walking into the unknown even if there were no known issues. You never know because of the uniqueness of your environment, you may be the first to find out an issue. Its never a good idea to alter the production without testing it on at least one other non critical environment such as a test followed by dev or acceptance.. Joe From: pascale.sterr...@daimler.com Sent: Thursday, April 14, 2011 1:52 PM Newsgroups: public.remedy.arsystem.general To: arslist@ARSLIST.ORG Subject: Re: WARNING on Microsoft MS11-030 KB2509553 yes that is exactly what I am saying, They were about to apply that specific patch to ALL our environments at once. Including dev , test and Prod. They are now only going to patch our dev so we can validate. And from now on will test first on our dev environment. So a HUGE thanks to Chris. I did not know that they were not patching dev first. So that was a possible close call. Pascale jdso...@shyle.net Sent by: arslist@ARSLIST.ORG 04/14/2011 10:48 AM Please respond to arslist@ARSLIST.ORG To arslist@ARSLIST.ORG cc Subject Re: WARNING on Microsoft MS11-030 KB2509553 ** You aren’t saying that your team was about to patch the production server without applying it to a sandbox or development or test environment right? I do not see the harm in applying it to a test or development environment even if it has been reported to not be working ‘out of the box’ – depending on what the error really is, it may be possible to tweak it to get it to work.. Joe From: pascale.sterr...@daimler.com Sent: Thursday, April 14, 2011 1:42 PM Newsgroups: public.remedy.arsystem.general To: arslist@ARSLIST.ORG Subject: Re: WARNING on Microsoft MS11-030 KB2509553 ** Chris, My server team was about to install that patch next weekend. So thank you so much!! Just one clarification if you can. Do we need to prevent them from patching only the app server or also the MSSQL server? We do have a remote DB and they were going to patch both the app servers and our db. Thank you, Pascale Sterrett Thanks for the heads up, we were planning on applying that patch this weekend. I will stop that right away. Christopher Pruitt Business Consulting III HP Enterprises Services christopher.pru...@hp.com www.hp.com Confidentiality Notice: This message and any files transmitted with it are intended for the sole use of the entity or individual to whom it is addressed, and may contain information that is confidential, privileged, and exempt from disclosure under applicable law. If you are not the intended addressee for this e-mail, you are hereby notified that any copying, distribution, or dissemination of this e-mail is strictly prohibited. If you have received this e-mail in error, please immediately destroy, erase, or discard this message. Please notify the sender immediately by return e-mail if you have received this e-mail by mistake. -Original Message- From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of strauss Sent: Thursday, April 14, 2011 10:49 AM To: arslist@ARSLIST.ORG Subject: WARNING on Microsoft MS11-030 KB2509553 After applying this patch to my Reference Server for the 7.6.04 upgrade: Windows 2003 R2 x64 with ARS 7.1.00.003 CMDB 2.1.00.02 and ITSM 7.0.03.009 etc., SQL Server 2005 on remote server), the AR Service immediately and absolutely refuses to start. On reboot from the security patches (there were 15 total) the AR Server would not start automatically, and all subsequent attempts to start it manually saw the armonitor start, then crash. While troubleshooting with BMC support, it could not even be started from the command line. Removing the KB2509553 security update and rebooting solved the problem immediately, with the ARS service starting normally. The only other AR server that I had applied this patch (and all of the others) to was the Staging Server (Windows 2003 R2 x64 with ARS 7.6.04 CMDB 2.1.00.02 and ITSM 7.0.03.009 etc.), and it has a local SQL Server hosting the db so it was not affected. Note that on the problem AR Server, it was still possible to run the SQL Server Management Studio client (2008) and connect to the remote db normally, even though the ARS service could not. Security Bulletin MS11-030 KB2509553 is a Critical patch for a vulnerability in DNS resolution that could allow remote code execution; it slammed the door shut on something that ARS depends on. Until BMC comes up with a solution for this, I will not be applying this patch to any other AR Server, especially my 7.1 production system with a remote db. Christopher Strauss, Ph.D. Call Tracking Administration Manager University of North Texas Computing IT Center http://itsm.unt.edu/ _attend WWRUG11 www.wwrug.com ARSlist: Where the Answers Are_ If you are not the intended addressee, please
Re: WARNING on Microsoft MS11-030 KB2509553
My server team just applied that patch to one of our dev environment and all is working perfectly fine. But we are now testing our other dev servers to make sure Thank you, Pascale Sterrett Remedy Technical Lead Developer Daimler Trucks North America LLC Montgomery Park, 9th floor Portland, OR 97210 U.S.A Phone:503-745-6569 Email:pascale.sterr...@daimler.com http://www.daimler-trucksnorthamerica.com If you are not the intended addressee, please inform us immediately that you have received this e-mail in error, and delete it. We thank you for your cooperation. ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug11 www.wwrug.com ARSList: Where the Answers Are
Re: WARNING on Microsoft MS11-030 KB2509553
Just out of curiosity, have you updated AD domain controllers - DNS servers with this patch already? I have not (and am a bit reluctant to right now), but maybe that is a requirement for the rest of the forest/domain to work properly. No, it does not say that in the MS bulletin web page. Christopher Strauss, Ph.D. Call Tracking Administration Manager University of North Texas Computing IT Center http://itsm.unt.edu/ From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of pascale.sterr...@daimler.com Sent: Thursday, April 14, 2011 3:46 PM To: arslist@ARSLIST.ORG Subject: Re: WARNING on Microsoft MS11-030 KB2509553 ** My server team just applied that patch to one of our dev environment and all is working perfectly fine. But we are now testing our other dev servers to make sure Thank you, Pascale Sterrett Remedy Technical Lead Developer Daimler Trucks North America LLC Montgomery Park, 9th floor Portland, OR 97210 U.S.A Phone:503-745-6569 Email:pascale.sterr...@daimler.com http://www.daimler-trucksnorthamerica.com If you are not the intended addressee, please inform us immediately that you have received this e-mail in error, and delete it. We thank you for your cooperation. _attend WWRUG11 www.wwrug.com ARSlist: Where the Answers Are_ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug11 www.wwrug.com ARSList: Where the Answers Are
Re: WARNING on Microsoft MS11-030 KB2509553
No that patch has not been applied anywhere in our organisation yet. My dev server was the first system patched. Pascale stra...@unt.edu Sent by: arslist@ARSLIST.ORG 04/14/2011 02:08 PM Please respond to arslist@ARSLIST.ORG To arslist@ARSLIST.ORG cc Subject Re: WARNING on Microsoft MS11-030 KB2509553 ** Just out of curiosity, have you updated AD domain controllers – DNS servers with this patch already? I have not (and am a bit reluctant to right now), but maybe that is a requirement for the rest of the forest/domain to work properly. No, it does not say that in the MS bulletin web page. Christopher Strauss, Ph.D. Call Tracking Administration Manager University of North Texas Computing IT Center http://itsm.unt.edu/ From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of pascale.sterr...@daimler.com Sent: Thursday, April 14, 2011 3:46 PM To: arslist@ARSLIST.ORG Subject: Re: WARNING on Microsoft MS11-030 KB2509553 ** My server team just applied that patch to one of our dev environment and all is working perfectly fine. But we are now testing our other dev servers to make sure Thank you, Pascale Sterrett Remedy Technical Lead Developer Daimler Trucks North America LLC Montgomery Park, 9th floor Portland, OR 97210 U.S.A Phone:503-745-6569 Email:pascale.sterr...@daimler.com http://www.daimler-trucksnorthamerica.com If you are not the intended addressee, please inform us immediately that you have received this e-mail in error, and delete it. We thank you for your cooperation. _attend WWRUG11 www.wwrug.com ARSlist: Where the Answers Are_ _attend WWRUG11 www.wwrug.com ARSlist: Where the Answers Are_ If you are not the intended addressee, please inform us immediately that you have received this e-mail in error, and delete it. We thank you for your cooperation.
