|
|
|||||||
Can someone help me please, I have a 2003 domain and put all the files in the netlogon share and the kixtart.kix file in there created a bat file and put in it @ECHO OFF %0\..\Kix32.exe kixtart.kix but when the user logs on the domain controler erros and mentions the file Lsass.exe and reboots. can anyone help with this. thanks Blackduke [ 18. May 2003, 19:26: Message edited by: blackduke ] |
||||||||
|
|
|||||||
Please take a look at the FAQ Forum, e.g. Use of %0\..\ to launch KiX |
||||||||
|
|
|||||||
blackdude, You failed to provide sufficient information. When the error manifests, is this user logging on to the DC? When the error manifests, is the error reported on the DC? When the error manifests, is the DC rebooting? What version is KiX? What OS are the clients? |
||||||||
|
|
|||||||
when i get the error the user is logging onto a windows 2000 client. The error is reported on the DC and a box comes up and says shutting down in 45 seconds or whatever it is. I have edited the logon.bat file to read @ECHO OFF WKiX32.exe kixtart.kix and it still fails. I have only 2k clients on the network but all servers are 2003 enterprise servers |
||||||||
|
|
|||||||
Since you did't post your script, it is impossible to tell if something in the script is causing it. Try running a test with just a 'Hello World' script. It seems very strange that a script run on the client could cause a DC to reboot. You still have not told us what version of KiX you are running. I assume if the clients are all W2K that you have not installed the KXRPC service. Is this the case? |
||||||||
|
|
|||||||
i have not installed anything on the clients i am using the sample script see below ; KIXTART.SCR ; ; KiXtart sample default logon script ; ; Note : This code sample is provided for demonstration purposes only. ; Microsoft makes no warranty, either express or implied, ; as to its usability in any given situation. ; ; Copyright (C) 2001 Ruud van Velsen. ; All rights reserved. ; CLS Color r+/n big ; Display in BIG character mode at (2,8) "Hello," at (12,10) @userid sleep 3 ; Wait for 3 secs (or key) small Color b+/n BOX (0,0,24,79,GRID) ; 'background grid' Color b/n BOX (8,21,18,61,Å) ; 'shadow' of the box Color g+/n BOX (7,20,17,60,FULL) Color w+/n AT ( 9,25) "Userid : " ; display some text strings AT (10,25) "Full name : " AT (11,25) "Privilege : " AT (12,25) "Workstation : " AT (13,25) "Domain : " AT (14,25) "Logon Server : " Color y+/n AT ( 9,40) @userid ; ...and some macro's AT (10,40) @fullname AT (11,40) @priv AT (12,40) @wksta AT (13,40) @domain AT (14,40) @lserver Color w/n AT (16,25) "Press anykey to continue." if exist( @ldrive+"\jbond.spk") play file @ldrive+"\jbond.spk" else get $x endif exit will try a hello script now thanks |
||||||||
|
|
|||||||
I tried the hello script but as i am new to this I got a error reference the coding the server did not restart but it did give some LSA shell errors? thanks for you help Blackduke |
||||||||
|
|
|||||||
For the third time, I will ask what version of KiX? If not 4.21, have you tried a newer version? If 4.21, have you tried a slightly older version? What is the exact error that references LSASS? Is there anything in the event log? What happens if you run the script manually after logging on? |
||||||||
|
|
|||||||
I am using v4.20 not tried anyother except the 16 bit version nowi am using the 32bit error in log reads A critical system process, C:\windows\system32\lsass.exe failed with status code c0000354 the machine will now be restarted |
||||||||
|
|
|||||||
Does it only error if calling KiX32.exe or WKiX32.exe or will it error on just the bat file? Try remming out the line that calls KiX. Check the permissions on the \NetLogon share. I have not had much flying time on 2003 server but I know that it ships as "most restricted" out of the box. |
||||||||
|
|
|||||||
ok changed the logon.bat file to call kix32.exe same thing happened did't get chance to read the permissions just booting up now and i will check if i can find it. what permissions should be on the just read ? Blackduke |
||||||||
|
|
|||||||
I imagine you would need Read and Execute perms. How about if you rem out the line that calls KiX? Does it still error? Try it with the following in the logon.bat: code:ECHO HELLO WORLD |
||||||||
|
|
|||||||
ok done that and it worked. it showed the hello world so permissions are ok |
||||||||
|
|
|||||||
how do i code mapping drives against groups I could make a script saying if in admin group use \\servername\share and see if that works |
||||||||
|
|
|||||||
Download 4.21 from http://www.gwspikval.com/jooel/scripts/files/KiX2001_421.zip and put it in your Netlogon. |
||||||||
|
|
|||||||
okay thanks |
||||||||
|
|
|||||||
okay that is done what should i put in the logon.bat file. I deleted the contents of the netlogon share and put the downloaded files in it. |
||||||||
|
|
|||||||
With the logon.bat version of "Hello World" I just wanted to test if everything was fine to that point. If you don't have any Win9x/ME clients, you don't even need the logon.bat file. You could call KiX32.exe or WKix32.exe directly from the user's profile settings. i.e WKiX32.exe kixtart.kix If you have Wintendos, then you need a logon.bat and test for same in the bat file. See my example in the FAQ you were directed to. |
||||||||
|
|
|||||||
Start with a very simple kixtart.kix code:If this goes well, we're laughing.break on |
||||||||
|
|
|||||||
excellant that worked like a treat what next, thanks god for that!!! Blackduke |
||||||||
|
|
|||||||
Well, that just proved that there is no problem with the most basic of KiX functions. Now you can start building on your script, one small step at a time, testing as you go. |
||||||||
|
|
|||||||
Many thanks Blackduke |
||||||||
|
|
|||||||
And put a DEBUG ON into the first line of your script. This will allow you to step through the script and pinpoint the exact line of code that might cause the problem. |
||||||||
|
|
|||||||
how do i do that ? cheers Blackduke |
||||||||
|
|
|||||||
Did you get a chance to peruse the Manual? Page 14-15 of the 4.21 Manual (part of the archive downloaded). HTH, Kent |
||||||||
|
|
|||||||
I had a quick look at it earlier but need to site down with it later. I have added this code and it reboots again I wonder if this is a problem with 2003. IF INGROUP ("domain\Domain admin") USE K: /DELETE /PERSISTENT USE K: "\\server\sharename" ? ''+@ERROR+' - '+@SERROR ENDIF |
||||||||
|
|
|||||||
Sounds like a server problem. I suspect any of the functions and macros that query the network will trigger it. Is this a new network in testing or in production? |
||||||||
|
|
|||||||
Your USE Statements need to be two separate lines. There are two ways to DEBUG. #1 in code - code:#2 From the command line -DEBUG ON ; -- Turn on Debugging KIX32 YOURSCRIPT.KIX /d This should also be covered in the FAQ Section too. Kent [ 19. May 2003, 01:20: Message edited by: kdyer ] |
||||||||
|
|
|||||||
ok read it and makes sense thanks it did the first line of code then rebooted the server ie "if in group2 then rebooted. this was suposed to be a production inviroment but i have just built it I could go back to 2k. It is a shame Kix does not seem to work with 2003 do you know wht this? |
||||||||
|
|
|||||||
Before I were to write off KiX on 2003, I would want to do some more testing. Do you have another server to setup another test lab? |
||||||||
|
|
|||||||
no not really, I am willing to use this as the test lab though. as user are not live on it yet I have a few days to go are you on IM |
||||||||
|
|
|||||||
BlackDuke, Can you try this and post the results? code:HTH,cls Kent |
||||||||
|
|
|||||||
yes |
||||||||
|
|
|||||||
MSN |
||||||||
|
|
|||||||
blackduke77@hotmail.com |
||||||||
|
|
|||||||
results Everyone LocalclientComputername\administrators Localclientcomputername\users INTERACTIVE Authenticated Users LOCAL took a while to show up though |
||||||||
|
|
|||||||
oh and rebooted |
||||||||
|
|
|||||||
Looks like you are in the capable hands of Les. Kent |
||||||||
|
|
|||||||
thanks for your help though FYI the code worked but was slow and did reboot the DC when run on the client but when run on the DC it worked fine |
||||||||
|
|
|||||||
Sounds like you have problems with your DC installation. Kixtart running from the DC on the client should never be able to cause a DC reboot. |
||||||||
|
|
|||||||
After playing around we decided I found a bug so moving back to windows 2K shame really Blackduke |
||||||||
|
|
|||||||
Weird eh! Chatted with the duke on MSN... Worked fine when rn at the server or when logging in from another server but the one client causes a reboot. M$ will probably fix it in SP1. |
||||||||
|
|
|||||||
We might want to drop Ruud a line about this, too. Since he's kind-of at the source |
||||||||
|
|
|||||||
Agreed there needs to be something done with version 4.21 under Windows 2003. However, in troubleshooting with the "Duke," did we try previous versions of KiXtart? Maybe a 4.02 or a 4.12 version? It very well maybe how 2003 handles group parsing. I should be bringing up a 2003 box this week. Thanks, Kent |
||||||||
|
|
|||||||
doh, still causing a reboot can't be about a util. it's about buggy system. if going around it, it's security by ignorance, once more. |
||||||||
|
|
|||||||
I don't think so... I brought up an eval copy on the domain and was able to work with it using KiX. I will double-check now that we have a license. The big question is - Is the Duke working in Native or Mixed Mode? Our domain is Native Mode. Kent |
||||||||
|
|
|||||||
If I may speak to this issue... The duke set up a home network and as such does not have access to M$ Premier Support so it is unlikely this issue will ever make its way to M$. Unless this is a case of misconfiguration of the DC, it exposes a potential vulnerability. There has not been extensive testing. The problem manifests itself on only the one DC and only when logging on from one particular WKSTA. Then too, it only manifests when the network is queried by functions like InGroup(). If you reread the thread, you will see that we tested different versions of KiX. The duke said he is going to get off the bleading edge and fall back to Windows 2000. |
||||||||
|
|
|||||||
I have gone back to windows 2000, the 2003 domain was a clean install and after about 30mins after promoting a server to DC I started to use (try to use KIX) I do not think there is or was any mis config on the DC as I did not configure it other than adding two users. Blackduke |
||||||||
|
|
|||||||
Hi everyone, not 100% sure, but this *may* be a known issue in Windows 2003. A problem in LSASS has been found and a hotfix is currently in testing. One of the conditions of the LSASS problem was that the ACL on the user object(s) in Active Directory have been changed to include a Deny ACE for one or more user properties. If this applies to your situation, please let me know. Regards, Ruud |