Hi, I use W2K Client and now also W2K Server. In addition I have Norton Internet Security Family Edition installed, just for test whether it is suitable for untrained users. The W2K Server is new, just out of the box, my client has been hardened a bit before for the NT Server.
When I now login to the W2K Server (before we had NT4), it takes a really long time to connect. An Alert Window from Norton pops up and asks me whether I want to block or enable the outbound TCP connection from Winlogon to ldap (389) on the server. Whatever I do, the client crashed with a short blue screen and a dump. Checking the Norton log reveals also that before the outbound TCP to 389 I get an inbound UDP from Server, Kerberos to Client, 1042. And wherever I look, port 1042 always comes in connection with Trojan Bla. Is port 1042 a regular port, Kerberos accesses? Did Bla just hijack this port? Could it be that the program Kerberos is not using this port on the server, but another program is using the port normally associated with Kerberos? I get numerous other error messages in the Event Log as well, like NetBT cannot connect, userenv cannot be located, GPO cannot be accessed. I guess, this mail would be too long to describe them all here. Any idea, where I can get a detailed description about the W2K Kerberos and other implementations, like ldap or epmap? Best Regards, Andreas
