02-01-2008 06:44 AM - edited 03-10-2019 03:58 AM
Has anyone experienced issues with windows 2000 workstation, and RPC access at boot-time. When booting a machine with csa i get events in windows saying that the RPC server is not available, putting the csa in testmode removes this problem. The problem for me, is that i don't see any denies in the log for any network activity related to rpc or windows logon in general. I have never seen this in windows xp, so maybe it's a problem with the way win2k does machine login/policy ? disabling the csanet shim does not change anything. Once windows is done loading, i can reach the AD fine, and get my gpo's applied, it seems to be only during boot. I have also disabled the shield rule that has deny/unrestriced network access during boot, but this also changes nothing.
Regards
Jan
02-07-2008 09:31 AM
Check if the security level of CSA is set too high. You should try lowering the security level of CSA if it is set too high. Following link may help you
http://www.cisco.com/en/US/docs/security/csa/csa52/install_guide/AppexA.html
02-08-2008 09:07 PM
Security level is not used in our policies. I have a TAC case running now, it seems to be a bug in the agent.
03-26-2008 11:26 AM
I saw in your other reply that you already have a tac case open, but I'll put in my 2 cents.
Its possible that you have a network based rule that is tripping that is not set to log. During boot the agent is put into a system state that locks down communications. First I suggest you un-attach all the rules to the group that this agent is assigned to, then take it out of TESTMODE. If you still experience the issue, then you know its not any of the rules.
Since its been almost 2 months - did you come to a resolution?
03-27-2008 06:27 AM
The problem has been solved, it seems that when you deselect the Unrestricted Network Access During Boot flag in your Network Shield Rules (like we had), there is a hardcoded Boot Rule, which had some issues with Security Rollup Pack 1 for SP4 for Windows 2000 Workstation, so Machine GPO's and such where not applied, Cisco has supplied me with a new boot ruleset which we have imported into the agent kits and it now works.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide