Tuning SIG 5583 - SMB Remote SAM Service Access Attempt

Similar Messages

• How to determine is it SMB - Remote SAM server access , false positive?

  How to determine is it SMB - Remote SAM server access , false positive?

  5583-0 right?
  I would say that there are different types of false positives. Do you mean, how do I determine if what what was seen actually represents an attempt to access the SAM database? I would start by looking at MySDN (or whatever Cisco is calling it these days...intellishield?). It's often not very up to date and missing information, but it's an easy thing to check. Here's the link for this sig:
  https://intellishield.cisco.com/security/alertmanager/ipsSignature?signatureId=5583&signatureSubId=0
  If you look at the benign triggers, you'll see that it suggests that this only matters if the source is external. It's up to you whether to research any further. If you really want to inspect the signature further, you'll have to add one of the "log packets" actions. This will save a network trace when it fires again and then you can open it up in Wireshark, which understands SMB and will probably decode it enough for you to verify whether it actually was an attempt to access the "Remote SAM server".

• How to use the same services-config for the local and remote servers.

  My flex project works fine using the below but when I upload my flash file to the server I doesn't work, all the relative paths and files are the same execpt the remote one is a linux server.
  <?xml version="1.0" encoding="UTF-8"?>
  <services-config>
      <services>
          <service id="amfphp-flashremoting-service"
              class="flex.messaging.services.RemotingService"
              messageTypes="flex.messaging.messages.RemotingMessage">
              <destination id="amfphp">
                  <channels>
                      <channel ref="my-amfphp"/>
                  </channels>
                  <properties>
                      <source>*</source>
                  </properties>
              </destination>
          </service>
      </services>
      <channels>
      <channel-definition id="my-amfphp" class="mx.messaging.channels.AMFChannel">
          <endpoint uri="http://localhost/domainn.org/amfphp/gateway.php" class="flex.messaging.endpoints.AMFEndpoint"/>
      </channel-definition>
      </channels>
  </services-config>
  I think the problem  is the line
          <endpoint uri="http://localhost/domainn.org/amfphp/gateway.php" class="flex.messaging.endpoints.AMFEndpoint"/>
  but I'm not sure how to use the same services-config for the local and remote servers.

  paul.williams wrote:
  You are confusing "served from a web-server" with "compiled on a web-server". Served from a web-server means you are downloading a file from the web-server, it does not necessarily mean that the files has been generated / compiled on the server.
  The server.name and server.port tokens are replaced at runtime (ie. on the client when the swf has been downloaded and is running) not compile time (ie. while mxmlc / ant / wet-tier compiler is running). You do not need to compile on the server to take advantage of this.
  Hi Paul,
  In Flex, there is feature that lets developer to put all service-config.xml file configuration information into swf file. with
  -services=path/to/services-config.xml
  IF
  services-config.xml
  have tokens in it and user have not specified additional
  -context-root
  and this swf file is not served from web-app-server (like tomcat for example) than it will not work,
  Flash player have no possible way to replace token values of service-config.xml file durring runtime if that service-config.xml file have been baked into swf file during compilation,
  for example during development you can launch your swf file from your browser with file// protocol and still be able to access blazeDS services if
  -services=path/to/services-config.xml
  have been specified durring compilation.
  I dont know any better way to exmplain this, but in summary there is two places that you can tell swf  about service confogiration,
  1) pass -services=path/to/services-config.xml  parameter to compiler this way you tell swf file up front about all that good stuff,
  or 2) you put that file on the webserver( in this case, yes you should have replacement tokens in that file) and they will be repaced at runtime .

• Windows 2012 R2 Active Directory Domain Services and Remote Desktop services Role on the same server.

  Findings: 
  Currently, Windows 2012 R2   AD DS role and RDS With Broker services can only seem to coexist properly in a new domain not an existing domain. Any attempt to add to an existing domain causes internal database user access denied issues and any attempt to
  adjust rights and circumvent is dubious at best.
  The escalation technician said it best. Out of 50 clients that want to do this, they end up not being able to help 5 right off the bat for whatever reason. As for the other 40 they might be able to help by running reports, adjusting rights and trying to add
  the roles until it works.  This can end up being a 20 day process. Basically they are playing whack-a-mole with user rights and permissions until something sticks.
  We tried creating an OU where any other domain policies would not be inherited to see if that was the issue, a fresh install with different sequence of adding the Roles, no effect.
  Given the errors I witnessed when running procmon and then trying to add the roles, the NT System and the Windows Internal database user had access denied issues on 100+ registry keys when trying to add the roles. After that the system is not behaving normally.
  The errors displayed almost mirror the errors that would occur on Windows 2012 when those two roles would be added which of course is officially NOT supported on that system.
  This blog needs serious revision:
  http://blogs.msdn.com/b/rds/archive/2013/07/09/what-s-new-in-remote-desktop-services-for-windows-server-2012-r2.aspx
  This is the excerpt from that blog: Single server RDS deployment including Active Directory. We now support running our RD Connection Broker role service on the same physical instance as an Active Directory Domain Controller.  In addition, we published
  guidelines for how RD Session Host could be used without the RD Connection Broker.
  Microsoft Support was curteous and helpful and they were the ones who advised cutting our losses, which mirrored my hunch after seeing what was transpiring in the system.  They refunded my money for the support call. 
  For me, it was an opportunity to find out if there was any way to configure Windows 2012 R2 in the Same manner that it was setup as Windows 2008 R2 and lay that to rest. The coexistence is poorly implemented. It is as if there was a reaction from all the deprecation
  of bread and butter features such as shadowing in TS and the coexistence of AD DS and RDS to where those features were re-added haphazardly. (I have no complaints on shadowing on Windows 2012 R2 it works, just do not like having to go to server manager to
  use it).
  I opted for virtualizing the Domain controller to eliminate the incompatibility issues and that is what I will be doing from now on. I found free solutions for backing up and reporting for virtual machines as well as the suggested procedures for configruing
  a Domain controller as a virtual machine on a Hyper-V environment and I will be sticking to those. Thus far the setup has been operational.
  I am not allergic to virtualization, but for really small setups it adds additional time and considerations but if that is how it has to be done, so be it. Windows 2008 R2 days are numbered and since we can usually squeeze 5-7 years on quality server equipment,
  buying a Windows 2008 R2 setup now is a borderline disservice in my opinion.
  Hopefully someone finds this useful and saves some time.

  Hi,
  Thank you for posting in Windows Server Forum.
  Do you need any other assistance?
  Based on your description, you are describing your story of successfully implementing RDS server with AD role and more regarding all RDS related scenario. For shadowing feature, you can use with command also. Below is the syntax to shadow a session.
  mstsc /v:<ServerName> /shadow:<SessionID>
  Hope it helps!
  Thanks.
  Dharmesh Solanki
  TechNet Community Support

• REMOTE DESKTOP SERVICES CLIENT ACCESS LICENSES FOR MICROSOFT WINDOWS SERVER 2012 STANDARD AND DATACENTER

  I am using a window 7 professional  service pack 1 and I purchase REMOTE DESKTOP SERVICES CLIENT ACCESS LICENSES FOR MICROSOFT WINDOWS SERVER 2012 STANDARD AND DATACENTER. but  the seller did not send me any installation CD or instruction
  on how to use it.
   Please how can I use it on my window 7 professional  service pack 1.
  Thank you.

  Though Bill is absolutely correct for most CALs, Remote Desktop Services does have its own special licensing server.  I haven't installed one on 2012, yet, but here is a step-by-step guide for 2008. 
  http://technet.microsoft.com/en-us/library/dd983943(v=ws.10).aspx
  Here is a lab guide for 2012 -
  http://technet.microsoft.com/en-us/library/jj134160.aspx
  But, the explanation of your environment begs the question - what are you trying to do?  You say you have a desktop OS and you are talking about Windows Server products.  In that light, your question does not make a lot of sense.
  . : | : . : | : . tim

• Remote Desktop Services Properties - Operation failed: Access is denied

  Hi
  when i try to change the Remote Desktop Services User Profile Path with ADUC i get the error "Operation failed: Access is denied"
  This error occurs in a subdomain with the Domain Admin of the Subdomain. I'm able to change this attribute with the Enterprise Admin.
  As far as I understand this attribute is set in the userParameters but I don't know what permissions must be set to allow the Domain Admin to change this Attribute and why the Enterprise Admin is allowed to change the Attribute and the subdomain Admin not.
  Our AD Schema is 2003.

  Hi,
  As per I know, this is by design because enterprise admin has full control in every domain within the forest but sub domain admin only has full control in its own domain. SO when subdomain admin try to modify they receive error instead of enterprise admin.
  But still if you want to assign the permission to subdomain user to change then you can delegate below permission to user.
  Read msTSProfilePath
  Write msTSProfilePath
  Snap:
  Hope it helps!
  Thanks.
  Dharmesh Solanki
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• Accessing ASDM through MS Remote Desktop Services session based system

  I am setting up a MS Remote Desktop Services system for a client.  This is being configured as a jump server so everyone at the client will go through this system (aka jump server) to access systems via ssh, https, etc that are in a restricted part of the network.  I am running into a problem getting ASDM to work.  I can bring up the initial web page directly on the server via Internet Explorer, so that tells me I can get to the ASA.  I have installed Java 1.7.10 as this is the recommended version on looking at the Java site for Windows 2012.  When I try to install the dm_launcher, it says that Java isnt installed..
  Has anyone been able to get this to work ?
  Ron

  I've used ASDM fine from an RDS platform. I used Java 7 update 45. How are you trying to install the launcher?
  Sent from Cisco Technical Support iPad App

• Anywhere Access: There is an error in your Remote Desktop Services Settings.

  On my server2012 Essentials machine Anywhere Access is giving me this error:
  "There is an error in your Remote Desktop Services Settings."  and tells me it cannot be automatically repaired and to contact support.
  Here's where I made my mistake:  I went into IIS and changed the bindings for the Default Website to another port than 443, but then changed it back again.
  Is this a cerificate Issue? Or any other cause? Could anyone help me to solve this problem?

  Hi ErikLely,
  Before going further, would you please let me know if the error message you described was complete? If not, please post the complete error message or provide a screenshot.
  It will help us to narrow down this issue. Besides, can you remember which operation you do before this issue occurred or just sudden?
  In addition, please check the Event Viewer. In Event Viewer, please follow the path:
  Applications and Services Logs-> Microsoft->
  Windows-> TerminalServices-LocalSessionManager and
  TerminalServices-RemoteConnectionManager. If any errors you can find, please don’t hesitate to post it here and let me know.
  By the way, please refer to the following article and check if configure Access Anywhere correctly.
  Manage Anywhere Access in Windows Server Essentials
  http://technet.microsoft.com/en-us/library/jj730374.aspx
  Please also refer to the following articles and do some general troubleshooting, then check if can narrow down this issue.
  Troubleshoot Anywhere Access in Windows Server 2012 Essentials
  http://technet.microsoft.com/en-us/library/jj673001.aspx
  Remote Desktop Services: Troubleshooting
  http://technet.microsoft.com/en-us/library/ff404143(v=WS.10).aspx
  Hope this helps.
  Best regards,
  Justin Gu

• Install Remote Desktop Services Failed on Windows 2012 Server

  I understand RDS is not recommended on DC due to security consideration.  However since I want to play it at home, it is not much a concern.  Such scenario works fine on Windows 2008 R2.  But on Windows 2012, the RDS (session-based, have not
  tried VDI, but expect same result) installation always fails and is incomplete on DC. 
  In \Administrative Tools\Terminal Services, I only have RD Licensing Diagnoser and RD licensing manager.  The remote desktop service management service cannot be started (Error code: 0x88250001).  Is there any extra configuration needed for RDS
  working on Server 2012 DC or before the installation?  Thanks.
  Update: this issue has been solved in Windows 2012 R2 Server.  According to
  http://blogs.msdn.com/b/rds/archive/2013/07/09/what-s-new-in-remote-desktop-services-for-windows-server-2012-r2.aspx
  "Single server RDS deployment including Active Directory. We now support running our RD Connection Broker role service on the same physical instance as an Active Directory Domain Controller.  In addition, we published
  guidelines for how RD Session Host could be used without the RD Connection Broker."
  The guidelines (http://support.microsoft.com/kb/2833839/en-us) primarily apply to Windows 2012 Server.

  Asinine.  Simply Asinine.  Microsoft took it out because of $GREED$.  
  RemoteDesktop has become so popular, they had to break it to make more money.  Thats why they discontinued SmallBusinessServer.   If this practice is so tabooo... Why did MS go the opposite direction with SBS 2011 Premium Cal's?  SBS2011
  had DC, Exchange, RDS and Sharepoint,SQL, RemoteWebWorkplace, OWA all working in perfect harmony.  It is an untrue statement then, that it was "allowed but not recommended"
  Now you by Server2012 (core + two virtual) and its not enough for all this. 
  You need at least another $700 for another sever licence to have it all
  and who knows if SQL will run on a DC, or Exchange, or R-DERP server.  Another reacherous bridge to cross.
  By far, the absloute worse release since Millennium.  The product is not ready for production, we broke our rule of waiting until the first SP1 upgrade for this and Exchange 2013.  Problems with USB drivers and networking running extreamly slow. 
  Our 2003 SBS server was at least three times as fast, and this server has SAS and SSD drives running.  It can't get out of its own way, and IE10 is the most unstable piece of crap to come out of Redmond.  Open wide and swallow - Mother Microsoft
  knows whats best for you.  YOU WILL EAT OUR SLOP AND LEARN TO LIKE IT.   Server2012 AKA  "METRO-SERVER"
  Now here I sit after 50 Hours back to back setting up a new R-DERP server 2012, AD, Have my RDP licences in my hand at $100 each, and WTH does Microsoft care if I install it on my DC.  ITS MY DC.  And the cost savings versus the "risk" was
  previously MY decision. 
  Sure, I can install a couple of Virtual HyperV sessions but they are so tempremental to a power-outage in a small business its not worth it.  I have to double up my server hard drive resources, buy a $800 battery backup unit and make sure to attach
  the cable, and even then, if that Bi**H does not shut down properly, one bit goes awry in a VHD or VHDX file and you are screwed.  Restore from lastnights backup and forget about todays work.  Not to mention it will probably take a half day to try
  to fix it, then recover it then tell the 30 users they lost a days worth of work. 
  HYPER-V is for test servers and has no place in a small (micro) business environment. 5-30 users. 
  Microsoft's solution, buy another server.  Need Exchange?  Buy another server or take the risky cheapskate route and spin up some VHD's.  Might as well put a gun to your head and play russian roulette, at least you know you have a one in six
  chance of failure.  With MS, its a 100% failure for a dirty shutdown power loss, motherboard blows, memory goes corrupt in a few years, your conventional method of recovery is gone, and you have some upchucked VHD file to try to recover some of TODAYS
  data from. 
  Screw server 2012 forever. 
  I will sell 2008 and SBS2011 Premium unitl it rots in hell like XP (of which there is NOTHING wrong with for the average, WORD, EXCEL, OUTLOOK and QUICKBOOKS that all SMB's use.  Its MS $GREED$  Grab the world by the B**ls and squeeze with all
  your might to squeeze every dime you can out of *SMB* because big business is going to run thier 2003 Exchange and 2008 servers into ground before they switch to this garbage. 
  YOU CANNOT INSTALL EXCHANGE 2013 on DC , OR on R-DERP server. 
  Go buy another server license and server or MOVE TO THE CLOUD and get fleeced every month. 
  I have 30 DC/R-DERP/Exchange and SBS2011 Premium servers all running for years in perfect harmony, locked down with security so the users can't even WIGGLE with something they are not supposed to work with.  They get their apps, cannot install anything
  and all these servers are running just fine behind the firewall and perfectly save.  The track record of this combination is 100% stable and is up 24/7/365 with no problems.  Do yourself a favor and throw this 2012 into the river, you don't need
  any weights because it is LEAD and will sink to the bottom by itself.
  Why, you ask?  Official is "Its for your protection"  The real reason?  To sell you more $700 server licences.
  Maybe for SMB, we start selling Linux NAS Servers, host the Exchange in the cloud and be hearded like cattle to the Microsoft slaughterhouse.  One way or another, you are going to bleed.    A little each month to move to the cloud, or
  a small fortune if you want to have it in house.  Microsoft wants it to be more expensive to have in house.  No more buying a server and running it for six years before you upgrade.  They can't have in house servers competing with their cloud,
  and small businesses are the low hanging fruit  ripe for the pickin'. 

• 401 HTTP Response for remote web service portlet

  Hi, I am trying to configure IIS web page in ALUI as a remote web service portlet. I have used one of the help HTML pages of IIS server to configure portlet.
  http://localhost/IISHelp/iis/htm/core/iiwltop.htm
  However, I am getting 401 http response error (You are not authorized to view this page) when i view the portlet. The same URL above works fine if I open in a stand alone browser. Could any one of you help in resolving this please?
  Thanks
  Sampath

  Hi, thanks a lot for your help. I am using windows XP professional. When I set my directory security & grant anonymous access to IUSER the default help site also not coming up, i am geting 401 error.
  When I checked the option Integrated Windows Authentication, then in Internet Explorer the help pages are coming up with out asking for user name and password. I installed firefox and checked. In Firefox, a prompt was coming to fill user name and password. I filled in my local windows authentication details and the page was working.
  I provided the windows login details for the remote server in Administrator's basic acuthentication information. I was still getting the same error (401 error). Then I went to IIS, drectory security settings and checked Basic Authentication(password is sent in clear text) & unchecked Integrated Windows Authentication, the website pages in IIS were showing up in ALUI. WIth this, my problem is half solved.
  The next problem is, I have siebel analytics web application running on IIS. This website requires user name and password if i have to access any report (say). It automatically redirects to my login page. Now I do not want portal user to enter the login details again for accessing siebel reports. But since I have two authentications (now) one for IIS and one for Siebel reporting website, any one know how to configure this?
  I was trying to configure different authentication in web service that i was creating in ALUI, but siebel website authentication information I am providing in web service is overriding the IIS authentication and I am getting 401 error (initial problem). I appreciate any auggestions.
  Thanks a lot in advance.
  -sampath

• Need help setting up Remote Desktop Services

  This is my first server and I can't get Remote Desktop Services to work. I need to access my Server 2012 machine from my Windows 7 computer. I realize this is probably a trivial task for a server admin of any experience level, but I am utterly confused.
  When I try to access https://servername.domainname.local/RdWeb, the webpage is unavailable. When I replace .local with .com, same result. Only when I use https:192.168.1.***/RdWeb it connects.
  I log in and click an application. An rdp file is downloaded. I double-click the file. A warning message appears listing the URL of the remote computer (servername.domainname.local) and the gateway server (servername.domainname.com). When I log in from there,
  I get the following message:
  "Your computer can't connect to the remote computer because the Remote Desktop Gateway server address in unreachable or incorrect. Type a valid Remote Desktop Gateway server address."
  Any help is greatly appreciated.

  Hi,
  The ideal method for managing a server from a client computer is achieved by installing the RSAT tools (remote server administration tools).
  http://www.microsoft.com/en-us/download/details.aspx?id=39296
  What these tools do is to actually install Server Manager on your client computer. However, you will need a Windows 8.1 computer to install the tools in the link above. They won't install on Windows 7. Note: The RSAT tools are available for Windows 7 but
  you can only manage 2008 R2 and earlier with that version of RSAT. The RSAT tools are sync'd with the release of client and server versions.
  RSAT does need a direct connection between the client and the server (as far as I know), so you can't manage your intranet server from the public Internet this way unless the server has a public IP address or - more ideally you have a VPN server set up to
  access your internal network.
  As Tim mentions, you can configure routers with 'port forwarding' to connect via RDP from outside your private network to the inside. If you log into the router you should see this option but it does require some understanding of what you are doing.
  In this case, you would need to connect to the router's external (public) IP address. You should be careful however enabling access into your private LAN from the outside as this does open you up to some security risks.
  Another option for you is to use a 3rd party solution such as logmein or teamviewer although in my opinion these are less than ideal methods.
  -Greg

• Remote Desktop Services Manager Hangs / Crashes

  Hi,
  I have windows server 2008 R2 based remote desktop environment. When i access remote desktop services manager to manage domain users session, it hangs / crashes. I am not unable to add any other computer to manage as well. Same was working fine in Windows
  server 2003.
  Any valuable suggestion????
  Regards
  Rox_Star

  Hi,
  As a test, please create a new domain admin user account, log on to the server with it, and then open RDS Manager.  Do you see the same issue with the new account?
  Thanks.
  -TP

• User profile vs Remote Desktop Services Profile

  On a Windows 2008 R2 Domain Controller, if you open properties of an user account, you'd see
  a Profile Tab as well as Remote Desktop Services Profile Tab.
  I found this very confusing, can any one tell be the key difference between those 2?
  If I don't specify Remote Desktop Services Profile path, when I logon to Remote Desktop Server, it seems take user's
  romaing profile.
  Anyway, please advice.
  Thank you.

  Hi,
  Thank you for posting in Windows Server Forum.
  The profile tab of the user properties window allows you to configure user profile, logon scripts and home folder details for the user object. It is very useful when you have to allow your user access the same environment and data irrespective of the machine
  he logs in from.
  Active Directory User properties – Profile tab
  Remote Desktop Services User Properties
  You can specify a Remote Desktop Services-specific profile path and home folder for a user connecting to an RD Session Host server. This profile and home folder will only be used for Remote Desktop Services sessions. You should assign a separate profile for
  Remote Desktop Services sessions because many of the common options that are stored in profiles, such as screen savers and animated menu affects, are not desirable when using Remote Desktop Services.
  Manage User Profiles for Remote Desktop Services
  http://technet.microsoft.com/en-us/library/cc742820.aspx
  User Profiles on Windows Server 2008 R2 Remote Desktop Services
  http://blogs.msdn.com/b/rds/archive/2009/06/02/user-profiles-on-windows-server-2008-r2-remote-desktop-services.aspx
  Hope it helps!
  Thanks.
  Dharmesh Solanki

• Start/Stop remote oracle service

  Is there anyway I could start/stop a remote oracle service? Please provide source code. Thanks!

  HI,
  Suppose ur Database resides on X machine
  and u want to do remote login from y or z ,
  follow the conditions and steps below
  1) You need to install servermanager utility in ur remote machine
  2)then u need to run orapwd.exe utility on ur remote machine with following command
  "orapwd file=<full path name where u want to keep ur password file > password=<password> entries=<no of DBAs u want that password file to be accessed by>"
  after this u need to change Parameter in initialisation file , u will find one entry called "REMOTE_LOGIN_PASSWORDFILE=NONE" u have to change it to " REMOTE_LOGIN_PASSWORDFILE=EXCLUSIVE" u can also control multiple dabases from this same password file for that u will have to change above entry to REMOTE_LOGIN_PASSWORDFILE=SHARED,after this
  u need to pass following command "ALTER USER SYS IDENTIFIED BY <PASSWORD U LIKE > "
  this will change the password of both INTERNAL and SYS, now if u want to give multiple user access to this file then simply u grant two roles to them "ALTER SYSTEM GRANT SYSOPER,SYSDBA TO <USERNAME>" (INTERNAL AND SYS have these roles by default) this will add that user to that file now that user can also go to servermanager.Now u can Connect with any of the user which u have added in passwordfile in ur machine, and can remotely start or stop database with following Commands "STARTUP" "SHUTDOWN" respectively
  *Note -
  1)Location of password file is OS specific
  2)if ur using windows then u need to remove one entry in registry "DBA_AUTHORISATION =''
  Have Fun

• Setting Up Remote Desktop Services Windows 2012 DMZ

  Hi
  I'm new to the Windows 2012 RDS. I am trying to figure out some things.
  I have an application that I would like to publish to the outside world to our customers.
  Im thinking of using Windows 2012 remote desktop services and publish the app via web browser. So users go to the URL and see the application.
  Do I need a client brooker and gateway server for this setup? or can i simply deploy a web access server on the dmz which then connects to my remote session host server inside?

  Hi,
  To allow outside access into your RDS environment you would need to use the RD Gateway role. This can be configured on the same box as your RD Web Access role if resources are limited.
  The RD Gateway role uses ether TCP 443 or UDP 3391 depending on what you have chosen to configure. You need to create a port forwarding rule from and to the gateway box using 443.
  Have a look at the following articles:
  http://ryanmangansitblog.com/2013/03/27/deploying-remote-desktop-gateway-rds-2012/
  http://ryanmangansitblog.com/2013/03/10/configuring-rds-2012-certificates-and-sso/
  This should assit with the configuration.
  Best regards,
  Ryan Mangan | Ryanmangansitblog.com | Help keep the forums tidy, if this has helped please mark it as an answer