WIndows 2008 Server Problem - KB949014 and KB951746

This is a follow-up to:

If you would take a look at that question.   But here is the scoop:
Rebuilt Windows 2008 Server...full software reload.  All software updates applied.
Made it a DC.  No problems.  Window update wanted to install KB949014 and KB951746. Just like in the previous question.

After the install and booting the DC.  Problem re-occured.....could not ping server, could not view any network shares, could not demote from being a DC.  RPC Service Unavailalbe.

This problem is directly related to KB949014 and KB951746.   Removed them and the problem continues.  These software "fixes" (using that term lightly) fixed my server so that now it will not work.  Runs fine locally, but cannot access from remote desktop or any ot its network shares or ping.

Any one have any ideas what got fixed by these so-called fixes, so that I can un-fix it, without having to do a full software reload again.

Please advise.  Thanks.
Who is Participating?
tigermattConnect With a Mentor Commented:

I personally disable Server 2008 Advanced Firewall on all my servers; it's too much hassle. There is the potential that it could be being blocked by a mis-configured firewall, so attempt to disable that and then re-test.


If it definitely was those updates which caused the problem, then I would give Microsoft a call. Tell them the problems have occurred on two separate installations when those updates are applied. If updates are causing an issue, they should look into the matter free of charge.

rstuemkeAuthor Commented:
UPDATE - PLEASE READ TO THE END.....  THANK YOU!!!  This is a step by step scenario of the problem.
The real problem  has been identifie in STEPS 16 and 17.  


I have reasonably new Dell 2900 Server that I am preparing for production.  Have gone thru this scenario 4 times, with the same disasterous results.

Here is the scenario overview:

1) Do full disk initialize and software reload.  (Works fine, no problems)

2) Run basic configuration and customization, apply all software updates. (Works fine, no problems)

3) Begin using remote desktop control software (DameWare).    (Works fine, no problems)

4) Server functioning as file server, printer server and web server.  (Works fine, no problems)

5) Install local applications and files and set up network shares. (Works fine, no problems)

6) Promote server to Domain Controller.  (Works fine, no problems).

7) Make the DC a DNS Server.  (Works fine, no problems)

8) Restarts with no problems.  Everything works after the restart.  So far so good.

Up thru this step it has worked fine every time.  No problems, no complaints.  Applications working, network shares visible and accessible.    Everything working correctly.  A NET VIEW <server name> shows all shares.  Can ping the IP.  Remote desktop control software works fine.

9) Applied all Windows updates that now are applicable, since it is a domain controller.  There updates were
    not available prior to promotion to server as a domain controller.  Updates install without problems.  Restart required.

10) This is where everything goes to hell in a handbasket......  here is a list of what quits working:
      a) Cannot PING the IP of the DC from anywhere.  Times out.
      b) Remote desktop software no longer will work.  Will not connect.
      c) NET VIEW <server name>

11) Next, tried it on another server which was also being prepped.  Ran thru the exact same scenario and it quit working
    at the exact same point.  So it is not related to any particular hardware.  

12) Researched problem on the internet.  Found some others with similar problems but no real answers.

13) Repeated steps 1 thru 10 again on the original server.  Same results in step 10.  
    However, took note which updates were applied during step 9.

14) Again, researched the internet and checked several technical forums for any problems related to the installed
    updates.  The updates that seemed to be causing the problem were KB949014 and/or KB951746.  Found some
    similar problems with these, which seemed to be related to what user (authority) that certain system services were
    running under.

15) Ran a procedure found at:
      Had to do with RPC Service starting.  Did see some RPC errors in Event log, when I tried to demote the crippled
      DC to a server, showing RPC Server Unavailable.
      So thougth it may be the culprit.  Never could do a clean demote after the update problems.

16) Perform steps 1 thru 9 again on the original server.  This time, when applying updates, but not performing
    Step 7.  Did NOT make it a DNS Server.  Applied all updates and rebooted.  NO PROBLEMS.

17) Next made it a DNS Server.  Did NOT apply any updates.  Just added this role.  Server continued to function,
    UNTIL it was restarted.  After the boot, it behaved the same way.   SO, MAKING IT A DNS SERVER AND

18) Disabled the Windows Firewall, just in case that may be the problem, but did not fix the problem.  

I am hoping someone can help me.  Please advise.  Thanks.
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.


I will reiterate what I mentioned before. Based on your (very detailed, good work!) analysis of the problem, the updates seem to be the root factor which is causing this issue. Microsoft are the people to help you on that front; the fault with the updates should be reported to them anyway, and Microsoft Support will troubleshoot the issue with you free-of-charge if it is indeed a fault with the Microsoft patches.

rstuemkeAuthor Commented:
I hate to contact MS.  It it such a pain.......
Let me ask one more question....What do you think of the Win 2008 Server Firewall Advanced Security?
Could it be blocked there.  It almost seems like a firewall problem???
rstuemkeAuthor Commented:

I did that also and everythng started working!!  On 2 servers that were DC/DNS machines.  Have another server that is Exchange 2007 and DNS and it is working ok with firewall activated.
Strange.   I have it disabled on all my Win 2003 Servers DC/DNS machines also.  Had hoped to use it, but looks like it is a bust.

What rules do you have set in Inbound Rules? Is there anything disabled, such as DNS, LDAP, Active Directory Domain Services (AD DS), NetBIOS etc.?

rstuemkeAuthor Commented:
Forgot to close this and award points.  Thanks for the confirmation.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.