| blackduke |
| (Fresh Scripter) |
| 2003-05-18 07:25 PM |
windows 2003
|
Can someone help me please, I have a 2003 domain and put all the files in the netlogon share and the kixtart.kix file in there created a bat file and put in it
@ECHO OFF
%0\..\Kix32.exe kixtart.kix
but when the user logs on the domain controler erros and mentions the file Lsass.exe and reboots.
can anyone help with this.
thanks
Blackduke
[ 18. May 2003, 19:26: Message edited by: blackduke ]
| Sealeopard |
| (KiX Master) |
| 2003-05-18 07:28 PM |
|
|
Re: windows 2003
|
Please take a look at the FAQ Forum, e.g. Use of %0\..\ to launch KiX
| Les |
| (KiX Master) |
| 2003-05-18 08:01 PM |
|
Re: windows 2003
|
blackdude,
You failed to provide sufficient information.
When the error manifests, is this user logging on to the DC?
When the error manifests, is the error reported on the DC?
When the error manifests, is the DC rebooting?
What version is KiX?
What OS are the clients?
| blackduke |
| (Fresh Scripter) |
| 2003-05-18 08:05 PM |
|
Re: windows 2003
|
when i get the error the user is logging onto a windows 2000 client. The error is reported on the DC and a box comes up and says shutting down in 45 seconds or whatever it is.
I have edited the logon.bat file to read
@ECHO OFF
WKiX32.exe kixtart.kix
and it still fails. I have only 2k clients on the network but all servers are 2003 enterprise servers
| Les |
| (KiX Master) |
| 2003-05-18 08:12 PM |
|
Re: windows 2003
|
Since you did't post your script, it is impossible to tell if something in the script is causing it. Try running a test with just a 'Hello World' script. It seems very strange that a script run on the client could cause a DC to reboot.
You still have not told us what version of KiX you are running. I assume if the clients are all W2K that you have not installed the KXRPC service. Is this the case?
| blackduke |
| (Fresh Scripter) |
| 2003-05-18 08:14 PM |
|
Re: windows 2003
|
i have not installed anything on the clients i am using the sample script see below
; KIXTART.SCR
;
; KiXtart sample default logon script
;
; Note : This code sample is provided for demonstration purposes only.
; Microsoft makes no warranty, either express or implied,
; as to its usability in any given situation.
;
; Copyright (C) 2001 Ruud van Velsen.
; All rights reserved.
;
CLS
Color r+/n
big ; Display in BIG character mode
at (2,8) "Hello,"
at (12,10) @userid
sleep 3 ; Wait for 3 secs (or key)
small
Color b+/n
BOX (0,0,24,79,GRID) ; 'background grid'
Color b/n
BOX (8,21,18,61,Å) ; 'shadow' of the box
Color g+/n
BOX (7,20,17,60,FULL)
Color w+/n
AT ( 9,25) "Userid : " ; display some text strings
AT (10,25) "Full name : "
AT (11,25) "Privilege : "
AT (12,25) "Workstation : "
AT (13,25) "Domain : "
AT (14,25) "Logon Server : "
Color y+/n
AT ( 9,40) @userid ; ...and some macro's
AT (10,40) @fullname
AT (11,40) @priv
AT (12,40) @wksta
AT (13,40) @domain
AT (14,40) @lserver
Color w/n
AT (16,25) "Press anykey to continue."
if exist( @ldrive+"\jbond.spk")
play file @ldrive+"\jbond.spk"
else
get $x
endif
exit
will try a hello script now
thanks
| blackduke |
| (Fresh Scripter) |
| 2003-05-18 08:17 PM |
|
Re: windows 2003
|
I tried the hello script but as i am new to this I got a error reference the coding the server did not restart but it did give some LSA shell errors?
thanks for you help
Blackduke
| Les |
| (KiX Master) |
| 2003-05-18 08:26 PM |
|
Re: windows 2003
|
For the third time, I will ask what version of KiX? If not 4.21, have you tried a newer version? If 4.21, have you tried a slightly older version? What is the exact error that references LSASS? Is there anything in the event log?
What happens if you run the script manually after logging on?
| blackduke |
| (Fresh Scripter) |
| 2003-05-18 08:31 PM |
|
Re: windows 2003
|
I am using v4.20 not tried anyother except the 16 bit version nowi am using the 32bit
error in log reads
A critical system process, C:\windows\system32\lsass.exe failed with status code c0000354 the machine will now be restarted
| Les |
| (KiX Master) |
| 2003-05-18 08:43 PM |
|
Re: windows 2003
|
Does it only error if calling KiX32.exe or WKiX32.exe or will it error on just the bat file? Try remming out the line that calls KiX.
Check the permissions on the \NetLogon share. I have not had much flying time on 2003 server but I know that it ships as "most restricted" out of the box.
| blackduke |
| (Fresh Scripter) |
| 2003-05-18 08:49 PM |
|
Re: windows 2003
|
ok changed the logon.bat file to call kix32.exe same thing happened did't get chance to read the permissions just booting up now and i will check if i can find it. what permissions should be on the just read ?
Blackduke
| Les |
| (KiX Master) |
| 2003-05-18 08:54 PM |
|
Re: windows 2003
|
I imagine you would need Read and Execute perms. How about if you rem out the line that calls KiX? Does it still error? Try it with the following in the logon.bat:
code:ECHO HELLO WORLD
PAUSE
EXIT
| blackduke |
| (Fresh Scripter) |
| 2003-05-18 09:00 PM |
|
Re: windows 2003
|
ok done that and it worked. it showed the hello world so permissions are ok
| blackduke |
| (Fresh Scripter) |
| 2003-05-18 09:14 PM |
|
Re: windows 2003
|
how do i code mapping drives against groups I could make a script saying if in admin group use \\servername\share and see if that works
| Les |
| (KiX Master) |
| 2003-05-18 09:17 PM |
|
Re: windows 2003
|
Download 4.21 from http://www.gwspikval.com/jooel/scripts/files/KiX2001_421.zip and put it in your Netlogon.
| blackduke |
| (Fresh Scripter) |
| 2003-05-18 09:18 PM |
|
Re: windows 2003
|
okay
thanks
| blackduke |
| (Fresh Scripter) |
| 2003-05-18 09:20 PM |
|
Re: windows 2003
|
okay that is done what should i put in the logon.bat file.
I deleted the contents of the netlogon share and put the downloaded files in it.
| Les |
| (KiX Master) |
| 2003-05-18 09:23 PM |
|
Re: windows 2003
|
With the logon.bat version of "Hello World" I just wanted to test if everything was fine to that point. If you don't have any Win9x/ME clients, you don't even need the logon.bat file. You could call KiX32.exe or WKix32.exe directly from the user's profile settings.
i.e
WKiX32.exe kixtart.kix
If you have Wintendos, then you need a logon.bat and test for same in the bat file. See my example in the FAQ you were directed to.
| Les |
| (KiX Master) |
| 2003-05-18 09:29 PM |
|
Re: windows 2003
|
Start with a very simple kixtart.kix
code:If this goes well, we're laughing.break on
$_ = MessageBox("Hello World"+@crlf+"Hit Enter key to continue ?", "KiXtart",)
| blackduke |
| (Fresh Scripter) |
| 2003-05-18 09:39 PM |
|
Re: windows 2003
|
excellant that worked like a treat what next,
thanks god for that!!!
Blackduke
| Les |
| (KiX Master) |
| 2003-05-18 09:43 PM |
|
Re: windows 2003
|
Well, that just proved that there is no problem with the most basic of KiX functions. Now you can start building on your script, one small step at a time, testing as you go.
| blackduke |
| (Fresh Scripter) |
| 2003-05-18 09:46 PM |
|
Re: windows 2003
|
Many thanks
Blackduke
| Sealeopard |
| (KiX Master) |
| 2003-05-18 10:38 PM |
|
|
|
Re: windows 2003
|
And put a DEBUG ON into the first line of your script. This will allow you to step through the script and pinpoint the exact line of code that might cause the problem.
| blackduke |
| (Fresh Scripter) |
| 2003-05-19 01:06 AM |
|
Re: windows 2003
|
how do i do that ?
cheers
Blackduke
| Kdyer |
| (KiX Supporter) |
| 2003-05-19 01:11 AM |
|
Re: windows 2003
|
Did you get a chance to peruse the Manual? Page 14-15 of the 4.21 Manual (part of the archive downloaded).
HTH,
Kent
| blackduke |
| (Fresh Scripter) |
| 2003-05-19 01:14 AM |
|
Re: windows 2003
|
I had a quick look at it earlier but need to site down with it later.
I have added this code and it reboots again I wonder if this is a problem with 2003.
IF INGROUP ("domain\Domain admin")
USE K: /DELETE /PERSISTENT USE K: "\\server\sharename"
? ''+@ERROR+' - '+@SERROR
ENDIF
| Les |
| (KiX Master) |
| 2003-05-19 01:18 AM |
|
Re: windows 2003
|
Sounds like a server problem. I suspect any of the functions and macros that query the network will trigger it.
Is this a new network in testing or in production?
| Kdyer |
| (KiX Supporter) |
| 2003-05-19 01:18 AM |
|
|
|
Re: windows 2003
|
Your USE Statements need to be two separate lines.
There are two ways to DEBUG.
#1 in code -
code:#2 From the command line -DEBUG ON ; -- Turn on Debugging
IF INGROUP ("domain\Domain admin")
USE K: /DELETE /PERSISTENT
USE K: "\\server\sharename"
? ''+@ERROR+' - '+@SERROR
ENDIF
DEBUG OFF ; -- Turn off Debugging
KIX32 YOURSCRIPT.KIX /d
This should also be covered in the FAQ Section too.
Kent
[ 19. May 2003, 01:20: Message edited by: kdyer ]
| blackduke |
| (Fresh Scripter) |
| 2003-05-19 01:24 AM |
|
Re: windows 2003
|
ok read it and makes sense thanks it did the first line of code then rebooted the server ie "if in group2 then rebooted. this was suposed to be a production inviroment but i have just built it I could go back to 2k. It is a shame Kix does not seem to work with 2003 do you know wht this?
| Les |
| (KiX Master) |
| 2003-05-19 01:27 AM |
|
Re: windows 2003
|
Before I were to write off KiX on 2003, I would want to do some more testing. Do you have another server to setup another test lab?
| blackduke |
| (Fresh Scripter) |
| 2003-05-19 01:29 AM |
|
Re: windows 2003
|
no not really, I am willing to use this as the test lab though. as user are not live on it yet I have a few days to go are you on IM
| Kdyer |
| (KiX Supporter) |
| 2003-05-19 01:31 AM |
|
|
|
Re: windows 2003
|
BlackDuke,
Can you try this and post the results?
code:HTH,cls
Break on
$Index = 0
DO
$Group = ENUMGROUP($Index)
?$Group
$Index = $Index + 1
UNTIL Len($Group) = 0
get $k
Kent
Lonkero
|
| (KiX Master Guru) |
| 2003-05-19 01:31 AM |
|
Re: windows 2003
|
yes
![[Wink]](images/icons/wink.gif){kind=icon}
| Les |
| (KiX Master) |
| 2003-05-19 01:32 AM |
|
Re: windows 2003
|
MSN
| blackduke |
| (Fresh Scripter) |
| 2003-05-19 01:33 AM |
|
Re: windows 2003
|
blackduke77@hotmail.com
| blackduke |
| (Fresh Scripter) |
| 2003-05-19 01:36 AM |
|
Re: windows 2003
|
results
Everyone
LocalclientComputername\administrators
Localclientcomputername\users
INTERACTIVE
Authenticated Users
LOCAL
took a while to show up though
| blackduke |
| (Fresh Scripter) |
| 2003-05-19 01:37 AM |
|
Re: windows 2003
|
oh and rebooted
| Kdyer |
| (KiX Supporter) |
| 2003-05-19 01:39 AM |
|
|
|
Re: windows 2003
|
Looks like you are in the capable hands of Les.
![[Smile]](images/icons/smile.gif){kind=icon}
Kent
| blackduke |
| (Fresh Scripter) |
| 2003-05-19 01:53 AM |
|
Re: windows 2003
|
thanks for your help though FYI the code worked but was slow and did reboot the DC when run on the client but when run on the DC it worked fine
| Howard Bullock |
| (KiX Supporter) |
| 2003-05-19 01:58 AM |
|
|
Re: windows 2003
|
Sounds like you have problems with your DC installation. Kixtart running from the DC on the client should never be able to cause a DC reboot.
| blackduke |
| (Fresh Scripter) |
| 2003-05-19 02:05 AM |
|
Re: windows 2003
|
After playing around we decided I found a bug so moving back to windows 2K
![[Frown]](images/icons/frown.gif){kind=icon}
shame really Blackduke
| Les |
| (KiX Master) |
| 2003-05-19 02:08 AM |
|
Re: windows 2003
|
Weird eh! Chatted with the duke on MSN...
Worked fine when rn at the server or when logging in from another server but the one client causes a reboot.
M$ will probably fix it in SP1.
| Sealeopard |
| (KiX Master) |
| 2003-05-19 02:55 AM |
|
|
|
Re: windows 2003
|
We might want to drop Ruud a line about this, too. Since he's kind-of at the source
| Kdyer |
| (KiX Supporter) |
| 2003-05-19 02:26 PM |
|
|
|
Re: windows 2003
|
Agreed there needs to be something done with version 4.21 under Windows 2003.
However, in troubleshooting with the "Duke," did we try previous versions of KiXtart? Maybe a 4.02 or a 4.12 version? It very well maybe how 2003 handles group parsing. I should be bringing up a 2003 box this week.
Thanks,
Kent
|
Lonkero
|
| (KiX Master Guru) |
| 2003-05-19 02:30 PM |
|
Re: windows 2003
|
doh, still causing a reboot can't be about a util.
it's about buggy system.
if going around it, it's security by ignorance, once more.
| Kdyer |
| (KiX Supporter) |
| 2003-05-19 02:35 PM |
|
|
|
Re: windows 2003
|
I don't think so...
I brought up an eval copy on the domain and was able to work with it using KiX. I will double-check now that we have a license.
The big question is - Is the Duke working in Native or Mixed Mode? Our domain is Native Mode.
Kent
| Les |
| (KiX Master) |
| 2003-05-19 03:21 PM |
|
Re: windows 2003
|
If I may speak to this issue...
The duke set up a home network and as such does not have access to M$ Premier Support so it is unlikely this issue will ever make its way to M$. Unless this is a case of misconfiguration of the DC, it exposes a potential vulnerability.
There has not been extensive testing. The problem manifests itself on only the one DC and only when logging on from one particular WKSTA. Then too, it only manifests when the network is queried by functions like InGroup().
If you reread the thread, you will see that we tested different versions of KiX. The duke said he is going to get off the bleading edge and fall back to Windows 2000.
| blackduke |
| (Fresh Scripter) |
| 2003-05-19 07:33 PM |
|
Re: windows 2003
|
I have gone back to windows 2000, the 2003 domain was a clean install and after about 30mins after promoting a server to DC I started to use (try to use KIX) I do not think there is or was any mis config on the DC as I did not configure it other than adding two users.
Blackduke
| Ruud van Velsen |
| (Hey THIS is FUN) |
| 2003-06-12 10:36 AM |
|
Re: windows 2003
|
Hi everyone,
not 100% sure, but this *may* be a known issue in Windows 2003. A problem in LSASS has been found and a hotfix is currently in testing.
One of the conditions of the LSASS problem was that the ACL on the user object(s) in Active Directory have been changed to include a Deny ACE for one or more user properties. If this applies to your situation, please let me know.
Regards,
Ruud