Forum Search: Brain Cluster Technical Forum
Ultimate forum for Technical Discussions

Home » Microsoft » Windows Server » Windows Server General Help » RPC behind firewall
RPC behind firewall [message #163463] Tue, 02 June 2009 07:43
Qualidus  is currently offline Qualidus
Messages: 3
Registered: June 2009
Junior Member

I recently had a bit of a problem with the communication between two
servers, a webserver on DMZ and an SQL Server on the inside separated by a
firewall. The webserver (Windows 2003 R2 SP2) and SQL server (Windows 2003
R2 SP2 with SQL Server 2005 SP3) is communicating via several ports and
services where RPC (MSDTC) is one of them. I have configured RPC according
to KB154596 and it have worked perfectly up until last week. After a reboot
all registry changes I made to specify what ports RPC are supposed to use
were gone. The server was patched on the 23rd of April and the following
patches were installed: KB923561, KB961373, KB956572, KB952004, KB960803,
KB963027 and KB959426. The server was then rebooted and everything worked
like a charm. That is until last friday when I had to reboot the server. I
got the word yesterday that the website wasn't working properly since the
reboot and after a few hours of digging and checking firewall-logs I noticed
that RPC wasn't using ports from the specified range and when I checked the
SQL server I saw that the changes I made in the registry for RPC was gone.
After I applied the changes and rebooted the server it worked perfectly
again. The problem now is that I have management breathing down my neck to
find out what happened, why the registry settings were removed.

Basically, I have two theories at the moment, either one of the patches made
some changes to the registry after the reboot or someone with access to the
server made a mistake and removed the registry changes. The problem with the
first option is that I don't find any information saying someone else had
the same problem and the problem with the second option is that I don't
think the few others with access to the server knew what changes was made to
RPC. I have checked the eventlogs and there have only been 4 logons to the
server within the timeperiod and 3 of those are made by myself so if none of
the patches changed the registry after reboot the person behind the 4th
logon must have made the changes which he denies he has.

So basically my question is whether someone else who installed one of those
patches (primarily KB952004) have had the same behaviour when it comes to
RPC-settings that I experienced.
Previous Topic:Re: virusscanner
Next Topic:Server 2003 MS Fax sending repeatedly
Goto Forum:

Current Time: Tue Aug 22 14:47:18 EDT 2017

Total time taken to generate the page: 0.06100 seconds
.:: Contact :: Home ::Sitemap::.

Powered by: FUDforum 3.0.0RC2.
Copyright ©2001-2009 FUDforum Bulletin Board Software