Windows Server 2008 Terminal Server Session Broker and Event ID 1014

I hit a problem recently where we were seeing this event in all the terminal servers in a session broker farm: http://technet.microsoft.com/en-us/library/cc775303(WS.10).aspx Event ID: 1014 Source: Microsoft-Windows-TerminalServices-SessionBroker-Client Message:The server failed to retrieve the security identifier (SID) of the TS Session Broker server.Win32 error code: 0x534. The error code (0x534 hex = 1332 decimal) relates to:…

0

Capturing attempts to exploit Security Advisory 975497

Hi If you’ve heard about this vulnerability which has been located (and published before it was advised to MSRC – Microsoft Security Response Center) and want to see if there are machines on your network attempting to exploit it, here’s a Network Monitor capture filter to show you the source IP of the attacker or…

0

A work-around when using different proxies for HTTP and SSL in WSUS 3.0 SP1

WSUS 3.0 SP1 introduces a new command line tool to help admins set different upstream proxies (one for HTTP and one for SSL). You could set the same proxy server, but running different proxies for HTTP and SSL on different ports. Currently there is a problem with either one of the following components: WSUS application…

0

Using NAP health certificates to provide IPSec server/domain isolation

Hi I was recently involved with a proof of concept/functional discovery for a large, shared infrastructure hosting company who provide services to financial organisations. The requirement we were testing (which we confirmed works – hence this blog) was to find a way to isolate servers and workstations in the same forest from each other on…

0