cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
457
Views
7
Helpful
4
Replies

CSA 5.2.0(238) Win2k WS netlogon failure at boot

jan.nielsen
Level 7
Level 7

Has anyone experienced issues with windows 2000 workstation, and RPC access at boot-time. When booting a machine with csa i get events in windows saying that the RPC server is not available, putting the csa in testmode removes this problem. The problem for me, is that i don't see any denies in the log for any network activity related to rpc or windows logon in general. I have never seen this in windows xp, so maybe it's a problem with the way win2k does machine login/policy ? disabling the csanet shim does not change anything. Once windows is done loading, i can reach the AD fine, and get my gpo's applied, it seems to be only during boot. I have also disabled the shield rule that has deny/unrestriced network access during boot, but this also changes nothing.

Regards

Jan

4 Replies 4

didyap
Level 6
Level 6

Check if the security level of CSA is set too high. You should try lowering the security level of CSA if it is set too high. Following link may help you

http://www.cisco.com/en/US/docs/security/csa/csa52/install_guide/AppexA.html

Security level is not used in our policies. I have a TAC case running now, it seems to be a bug in the agent.

RichardSW
Level 1
Level 1

I saw in your other reply that you already have a tac case open, but I'll put in my 2 cents.

Its possible that you have a network based rule that is tripping that is not set to log. During boot the agent is put into a system state that locks down communications. First I suggest you un-attach all the rules to the group that this agent is assigned to, then take it out of TESTMODE. If you still experience the issue, then you know its not any of the rules.

Since its been almost 2 months - did you come to a resolution?

The problem has been solved, it seems that when you deselect the Unrestricted Network Access During Boot flag in your Network Shield Rules (like we had), there is a hardcoded Boot Rule, which had some issues with Security Rollup Pack 1 for SP4 for Windows 2000 Workstation, so Machine GPO's and such where not applied, Cisco has supplied me with a new boot ruleset which we have imported into the agent kits and it now works.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: