[THIN] Re: FW: Issue With W2K SP3 Citrix/Terminal Servers and MS04-011(835732)

  • From: Adam.Baum@xxxxxxxxxxxxxx
  • To: thin@xxxxxxxxxxxxx
  • Date: Tue, 27 Apr 2004 08:17:22 -0700

This came out of KBxxx141.  It's a listbox/combo box buffer overrun.  MS
rolled into one of the last wave of patches.  There is a hotfix for it. I
think it's KB827825.
adam




                                                                                
                                                      
                      Henry Sieff                                               
                                                      
                      <hsieff@orthodon.        To:       "'thin@xxxxxxxxxxxxx'" 
<thin@xxxxxxxxxxxxx>                                  
                      com>                     cc:                              
                                                      
                      Sent by:                 Subject:  [THIN] FW: Issue With 
W2K SP3 Citrix/Terminal Servers and MS04-011(83573     
                      thin-bounce@freel         2)                              
                                                      
                      ists.org                                                  
                                                      
                                                                                
                                                      
                                                                                
                                                      
                      04/27/2004 07:33                                          
                                                      
                      AM                                                        
                                                      
                      Please respond to                                         
                                                      
                      thin                                                      
                                                      
                                                                                
                                                      
                                                                                
                                                      




Thought I'd pass this on.

> -----Original Message-----
> From: Windows NTBugtraq Mailing List
> [mailto:NTBUGTRAQ@xxxxxxxxxxxxxxxxxxxxxx]On Behalf Of
> Manskopf, Michael
> Sent: Friday, April 23, 2004 5:45 PM
> To: NTBUGTRAQ@xxxxxxxxxxxxxxxxxxxxxx
> Subject: Issue With W2K SP3 Citrix/Terminal Servers and
> MS04-011(835732)
>
>
> We patched half of our W2K SP3 Terminal Servers last night
> with MS04-011,
> MS04-012, and MS04-014. This morning all of the users logging into the
> patched servers were not able to access their roaming profile
> and created
> local profiles on the Terminal Servers instead.
>
> Here's what we've determined so far.
>
> We have users (clients) in a Windows 2000 SP3 forest
> connecting through
> Citrix on Windows 2000 SP3 Terminal Servers, which are
> located in another
> Windows 2000/2003 forest.
> All of the users that are connecting through Citrix/Terminal
> servers that
> have been patched with 835732 are unable to load their
> roaming profiles, so
> local profiles are created instead on each Citrix/Terminal server.
>
> The error in the Application Log is as follows:
>
> Event Type:     Information
> Event Source:   Userenv
> Event Category: None
> Event ID:       1000
> Date:           23/04/2004
> Time:           12:36:41 PM
> User:           NT AUTHORITY\SYSTEM
> Computer:       %servername%
> Description: The logged on user's forest is different from
> the machine's
> forest. Cross Forest Group Policy processing is disabled and loopback
> processing has been enforced in this forest for this user account.
>
>
> This appears to be a "Cross-Forest" issue that should only
> affect Windows
> 2000 SP4 and Windows 2003, but is affecting our Windows 2000 SP3
> Citrix/Terminal Servers. The SP4 issue is mentioned in this
> KB article:
> http://support.microsoft.com/default.aspx?scid=kb;en-us;823862
> <http://support.microsoft.com/default.aspx?scid=kb;en-us;823862>  .
>
> What appears to be happening is that an SP4 Cross-Forest
> security "feature"
> is activating the Group Policy setting for "Allow
> Cross-Forest User Policy
> and Roaming User Profiles" policy under \Computer
> Configuration\Administrative Templates\System\Group Policy.
> We tried to
> enable the policy to see if that would fix it, but it only
> made things worse
> and affected the previously unaffected users as well. We
> think that since
> our Citrix/Terminal Servers are Windows 2000 SP3, they seem
> to "see" the SP4
> policy, but don't understand it. There must be some updated
> component in the
> 835732 patch that is allowing SP3 machines to "see" the SP4 policy.
>
> As soon as we uninstalled the 835732 patch from one of these
> Citrix/Terminal
> servers, users were able to access their roaming profiles
> normally again.
> We're going to keep experimenting with this on one of our
> test servers. Will
> keep you updated. If anyone else has any info, please let me know.
>
>
> Michael Manskopf
> IT - Technology and Infrastructure Group
> CANACCORD CAPITAL CORP.
> #2200 - 609 Granville Street,
> Vancouver, B.C.
> V7Y 1H2
> TEL: (604) 643-7605
> CEL: (604) 841-1534
> EMAIL: <mailto:Michael_Manskopf@xxxxxxxxxxxxx
> <mailto:Michael_Manskopf@xxxxxxxxxxxxx> >
>
>
> "Canaccord Capital Corporation <canaccord.com>" made the following
>  annotations on 04/23/2004 03:45:02 PM
> --------------------------------------------------------------
> ----------------
> This message may contain confidential or privileged material.
> Any use of this information by anyone other than the intended
> recipient is prohibited.  If you have received this message
> in error, please immediately reply to the sender and delete
> this information from your computer. Thank you.
> ==============================================================
> ================
>
> -----
> Earn up to 10 credit course hours toward the TruSecure ICSA
> Practitioner (TICSA) Credential and receive a TICSA exam
> coupon by attending the Infosecurity Canada 2004 conference.
> Featured speaker, Marcus J. Ranum, TruSecure inventor of the
> proxy firewall will present on June 3 at 11:30 AM.  Visit
<https://ticsa.trusecure.com>  for certification details and
<http://www.infosecuritycanada.com>  for conference information.  Become
TICSA certified and see what happens!
-----
********************************************************
This week's sponsor - Emergent Online
Emergent delivers end-to-end solutions for private and public sector
clients. From centralized application management, business continuity,
outsourcing, to application development, security, and messaging solutions.
http://www.go-eol.com/index.asp
**********************************************************
Useful Thin Client Computing Links are available at:
http://thin.net/links.cfm
***********************************************************
For Archives, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
http://thin.net/citrixlist.cfm





********************************************************
This week's sponsor - Emergent Online
Emergent delivers end-to-end solutions for private and public sector clients. 
From centralized application management, business continuity, outsourcing, to 
application development, security, and messaging solutions.
http://www.go-eol.com/index.asp
**********************************************************
Useful Thin Client Computing Links are available at:
http://thin.net/links.cfm
***********************************************************
For Archives, to Unsubscribe, Subscribe or 
set Digest or Vacation mode use the below link:
http://thin.net/citrixlist.cfm

Other related posts: