Monthly Archives: May 2017

Server 2003 loses network connectivity after reboot – IPSEC service won’t start

Uncategorized

There are still plenty of these machines around so, if you find no network connection after a reboot, check that the IPSEC port is excluded from use to avoid a glare condition like this:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ReservedPorts

Add an entry in the format xxxx-yyyy for the port range. For a single port like this, both sides are the same.  So, for IPSEC which uses port 4500, add

4500-4500

 

For reference, these are other ports that can be added if necessary:

1433-1434 [MSSQL](more if you have other SQL instances on the system)
1745-1745 [ISA Server 2000 or ISA Server 2004]
1080-1080 [SOCKS]
1718-1720 [H.323 Gatekeeper (ISA 2000 only)]
3343-3343 (already in many systems)
1645-1646 [IAS](Radius)
1701-1701 [L2TP]
1812-1813 [IAS](Radius)
2883-2883 [AUTD]
4500-4500 [IPSEC]
1801-1801 [MSMQ](already in some systems)
4070-4071 (BES)
3500-3619 [ISA Server 2000 only]

SMB flaw exploit used for ransomware infection

Uncategorized

The “code blue” NSA hack that exploits a bug in Windows SMB was used to spread WannaCry ransomware via fake emails with malicious attachments and clickable links.  Microsoft released a patch for this in March, 2017 through Windows Update for Windows 7 and later.  Patches for earlier versions of Windows are available here:

https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/

There are patches here for:

Windows Server 2003 SP2 x64
Windows Server 2003 SP2 x86
Windows XP SP2 x64
Windows XP SP3 x86
Windows XP Embedded SP3 x86
Windows 8 x86
Windows 8 x64

Increase limits to use WIndows 7 as a file server

Uncategorized

When adopting a Windows 7 machine as a file server, it may run out of resources with these entries in the Event Log:

Event Id 2017 The server was unable to allocate from the system nonpaged pool because the server reached the configured limit for nonpaged pool allocations.

Client computers will get messages about read-only or resource not available.

The following changes will resolve this:

HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\LargeSystemCache = 1

HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\Size = 3

Then reboot the machine.