CSA 5.2.0(238) Win2k WS netlogon failure at boot

Unanswered Question
Feb 1st, 2008

Has anyone experienced issues with windows 2000 workstation, and RPC access at boot-time. When booting a machine with csa i get events in windows saying that the RPC server is not available, putting the csa in testmode removes this problem. The problem for me, is that i don't see any denies in the log for any network activity related to rpc or windows logon in general. I have never seen this in windows xp, so maybe it's a problem with the way win2k does machine login/policy ? disabling the csanet shim does not change anything. Once windows is done loading, i can reach the AD fine, and get my gpo's applied, it seems to be only during boot. I have also disabled the shield rule that has deny/unrestriced network access during boot, but this also changes nothing.

Regards

Jan

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3 (3 ratings)
Loading.
jan.nielsen Fri, 02/08/2008 - 21:07

Security level is not used in our policies. I have a TAC case running now, it seems to be a bug in the agent.

RichardSW Wed, 03/26/2008 - 11:26

I saw in your other reply that you already have a tac case open, but I'll put in my 2 cents.

Its possible that you have a network based rule that is tripping that is not set to log. During boot the agent is put into a system state that locks down communications. First I suggest you un-attach all the rules to the group that this agent is assigned to, then take it out of TESTMODE. If you still experience the issue, then you know its not any of the rules.

Since its been almost 2 months - did you come to a resolution?

jan.nielsen Thu, 03/27/2008 - 06:27

The problem has been solved, it seems that when you deselect the Unrestricted Network Access During Boot flag in your Network Shield Rules (like we had), there is a hardcoded Boot Rule, which had some issues with Security Rollup Pack 1 for SP4 for Windows 2000 Workstation, so Machine GPO's and such where not applied, Cisco has supplied me with a new boot ruleset which we have imported into the agent kits and it now works.

Actions

This Discussion