(Msg. 1) Posted: Mon Nov 24, 2008 4:38 pm
Post subject: Has Microsoft recently introduced "Loopback check" functionality in Windows 2000? Archived from groups: microsoft>public>windows>server>security, others (more info?)
Hi Folks,
I think the answer to my question is "Yes", but hopefully someone can
confirm and/or point me to the particular security patch that introduced it.
Recently - on the 14th of November when we rolled out a number of Microsoft
patches, a number of our Windows 2000 servers had problems where
applications running on these servers were no longer able to map to local
shares using an alias (DNS CNAME) for the server. Attempting the map the
share resulted in a request for login credentials.
Up to this point this kind of drive mapping worked flawlessly in Windows
2000, provided the DisableStrictNameChecking key was set as detailed in:
During my investigation I found that the registry value
DisableLoopBackCheck=0 now appears in the registry of our Windows 2000
servers. This is related to the LoopBack check functionality which was first
introduced in Windows 2003 SP1. (see http://support.microsoft.com/kb/896861)
If I set "DisableLoopBackCheck=1" or alternately specify the desired alias
in a "BackConnectionHostNames" entry, then everything works, as per the KB
article for Windows 2003 SP1.
So it looks like a recent security patch has introduced the loopback check
functionality previously only applicable to Windows 2003 SP1 onwards.
(Msg. 2) Posted: Thu Dec 04, 2008 2:22 pm
Post subject: Re: Has Microsoft recently introduced "Loopback check" functionality [Login to view extended thread Info.] Archived from groups: per prev. post (more info?)
Hi,
We have faced same on our windows servers. Server can't access itself
using alias, but can with hostname or IP.
Recently installed patches are these:
- Security Update for Windows 2000 (KB957095)
- Security Update for Windows 2000 (KB958644)
- Security Update for Windows 2000 (KB957097)
- Security Update for Microsoft .NET Framework 1.1 Service Pack 1
(KB947742)
- Cumulative Security Update for Internet Explorer 6 Service Pack 1
(KB956390)
- Security Update for Internet Explorer 6 for Windows 2000 (KB938464)
- Cumulative Security Update for ActiveX Killbits for Windows 2000
(KB956391)
- Security Update for Windows 2000 (KB954211)
And DisableLoopBackCheck is in registry now with value of 0
I'm sure one of these adds this in the registry, but I couldn't make
sure which. Actually I checked kb pages of all these on Microsoft's
homepage but couldnt find anything yet. If someone can help us, that
will be really appreciated.
Cem
On 24 Kasım, 18:38, "Trust No One®" <dana.scu... RemoveThis @usa.xnet> wrote:
> Hi Folks,
>
> I think the answer to my question is "Yes", but hopefully someone can
> confirm and/or point me to the particular security patch that introduced it.
>
> Recently - on the 14th of November when we rolled out a number of Microsoft
> patches, a number of our Windows 2000 servers had problems where
> applications running on these servers were no longer able to map to local
> shares using an alias (DNS CNAME) for the server. Attempting the map the
> share resulted in a request for login credentials.
>
> Up to this point this kind of drive mapping worked flawlessly in Windows
> 2000, provided the DisableStrictNameChecking key was set as detailed in:
>
> http://support.microsoft.com/kb/281308 >
> During my investigation I found that the registry value
> DisableLoopBackCheck=0 now appears in the registry of our Windows 2000
> servers. This is related to the LoopBack check functionality which was first
> introduced in Windows 2003 SP1. (seehttp://support.microsoft.com/kb/896861)
>
> If I set "DisableLoopBackCheck=1" or alternately specify the desired alias
> in a "BackConnectionHostNames" entry, then everything works, as per the KB
> article for Windows 2003 SP1.
>
> So it looks like a recent security patch has introduced the loopback check
> functionality previously only applicable to Windows 2003 SP1 onwards.
>
> Can anyone else confirm this behaviour?
>
> Regds,
>
> --
> Peter <X-Files fan>
(Msg. 3) Posted: Mon Dec 22, 2008 10:12 pm
Post subject: Re: Has Microsoft recently introduced "Loopback check" functionality in Windows 2000? [Login to view extended thread Info.] Archived from groups: microsoft>public>win2000>security (more info?)
Hi,
The patch *KB957097* is the one that adds it.
Also some of the following ones (still I did not have time to
investigate which one):
KB958215
960714
KB954600
KB956802
Rgds,
PabloV99
cemkeles RemoveThis @gmail.com;4113150 Wrote:
> Hi,
> We have faced same on our windows servers. Server can't access itself
> using alias, but can with hostname or IP.
> Recently installed patches are these:
> - Security Update for Windows 2000 (KB957095)
> - Security Update for Windows 2000 (KB958644)
> - Security Update for Windows 2000 (KB957097)
> - Security Update for Microsoft .NET Framework 1.1 Service Pack 1
> (KB947742)
> - Cumulative Security Update for Internet Explorer 6 Service Pack 1
> (KB956390)
> - Security Update for Internet Explorer 6 for Windows 2000 (KB938464)
> - Cumulative Security Update for ActiveX Killbits for Windows 2000
> (KB956391)
> - Security Update for Windows 2000 (KB954211)
> And DisableLoopBackCheck is in registry now with value of 0
> I'm sure one of these adds this in the registry, but I couldn't make
> sure which. Actually I checked kb pages of all these on Microsoft's
> homepage but couldnt find anything yet. If someone can help us, that
> will be really appreciated.
>
> Cem
>
>
>
>
> On 24 Kasım, 18:38, "Trust No One®" <dana.scu... RemoveThis @usa.xnet> wrote:
> > Hi Folks,
> >
> > I think the answer to my question is "Yes", but hopefully someone
> can
> > confirm and/or point me to the particular security patch that
> introduced it.
> >
> > Recently - on the 14th of November when we rolled out a number of
> Microsoft
> > patches, a number of our Windows 2000 servers had problems where
> > applications running on these servers were no longer able to map to
> local
> > shares using an alias (DNS CNAME) for the server. Attempting the map
> the
> > share resulted in a request for login credentials.
> >
> > Up to this point this kind of drive mapping worked flawlessly in
> Windows
> > 2000, provided the DisableStrictNameChecking key was set as detailed
> in:
> >
> > http://support.microsoft.com/kb/281308 > >
> > During my investigation I found that the registry value
> > DisableLoopBackCheck=0 now appears in the registry of our Windows
> 2000
> > servers. This is related to the LoopBack check functionality which
> was first
> > introduced in Windows 2003 SP1.
> (seehttp://support.microsoft.com/kb/896861)
> >
> > If I set "DisableLoopBackCheck=1" or alternately specify the desired
> alias
> > in a "BackConnectionHostNames" entry, then everything works, as per
> the KB
> > article for Windows 2003 SP1.
> >
> > So it looks like a recent security patch has introduced the loopback
> check
> > functionality previously only applicable to Windows 2003 SP1
> onwards.
> >
> > Can anyone else confirm this behaviour?
> >
> > Regds,
> >
> > --
> > Peter <X-Files fan>
All times are: Eastern Time (US & Canada) (change)
Page 1 of 1
You can post new topics in this forum You can reply to topics in this forum You can edit your posts in this forum You can delete your posts in this forum You can vote in polls in this forum
Home
Forums
Home
FAQ
Profile
Private Messages
Log in
Windows Other