Turn off RPC management of DNS on all DCs

re: Turn off RPC management of DNS on all DCs

Matt — Wed, 26 Nov 2008 19:13:42 GMT

Once you've installed the hotfix from MS07-029 (support.microsoft.com/.../935966,) you should be able to remove the reg key and get remote management working again.

Turn off RPC management of DNS on all DCs

Press Digital — Sat, 15 Nov 2008 05:52:54 GMT

Is there any other way to get MMC to work when this workaround is put in place?

re: Turn off RPC management of DNS on all DCs

jesper — Sat, 28 Apr 2007 15:59:02 GMT

Gene, not remotely. That's what the workaround prevents. You can use RDP though.

re: Turn off RPC management of DNS on all DCs

Gene — Fri, 27 Apr 2007 20:38:06 GMT

Is there any other way to get MMC to work when this workaround is put in place?

re: Turn off RPC management of DNS on all DCs

Susan — Fri, 27 Apr 2007 01:27:04 GMT

Herman? Call 1-866-pcsafety and ask for PSS Security. If you have been hit with this worm, Microsoft needs to know this. They can help you, and it helps to let them know if folks are getting impacted. This in turn impacts their actions.

re: Turn off RPC management of DNS on all DCs

jesper — Wed, 25 Apr 2007 17:24:42 GMT

Herman, here is what I had to say on your question a few years back:

www.microsoft.com/.../sm0704.mspx

If you truly have been hit, the advice still stands.

re: Turn off RPC management of DNS on all DCs

herman — Wed, 25 Apr 2007 16:09:20 GMT

What do you do if you suspect your server has been hit with the worm that is taking advantage of this flaw? I am getting a lot of cannot contact dns server in the mmc since yesterday. I

re: Turn off RPC management of DNS on all DCs

jesper — Mon, 23 Apr 2007 16:50:15 GMT

Microsoft has published an official KB article with this workaround. Here is what they have to say about it:

blogs.technet.com/.../new-kb-article-to-help-deploy-dns-remote-rpc-block-workaround-throughout-enterprise.aspx

re: Turn off RPC management of DNS on all DCs

Jay Andrews — Sat, 21 Apr 2007 21:18:51 GMT

We implemented the workaround above on two of our AD domain controllers (i.e. DNS), and found that in doing so we lost connectivity to a secondary zone replicating from another division (a seperate trusted AD domain - therefore dynamic dns). After removing the patch on one of the servers, the zone connectivity was restored (for that DC). I'd appreciate any thoughts on this - we were told (by msft) that this shouldn't be affected by the patch, but it clearly is. (I don't have the exact error, but it's something like "secondary Zone could not connect to master" or the like) on the site: http://msinfluentials.com/blogs/jesper/archive/2007/04/13/turn-off-rpc-management-of-dns-on-all-dcs.aspx It suggests that dynamic dns updates are dependent on RPC. could this be the link?

re: Turn off RPC management of DNS on all DCs

DrewNamingServer — Mon, 16 Apr 2007 15:24:33 GMT

Hysteria!! If an internal user is an accomplished coder who can manipulate RPC then why is shutting off the DNS remote mgmt server going to keep them from doing harm. Have you enumerated the RPC servers available on a domain controller? There is a large surface for attack.

If you have external DNS servers that dont have port 135 protected then you get whats coming to ya!

re: Turn off RPC management of DNS on all DCs

criticaljoe — Mon, 16 Apr 2007 08:28:01 GMT

List of all DNS servers in the forest (handy if you're an Enterprise admin):

dsquery * forestroot -filter "(servicePrincipalName=DNS*)" -attr DNSHostName -l -scope subtree > dnslist.txt

re: Turn off RPC management of DNS on all DCs

Dennis Lundtoft Thomsen — Sun, 15 Apr 2007 12:48:08 GMT

Sorry thereøs a typo - it's of course "dnscmd ServerName /config /RPCProtocol 4"

re: Turn off RPC management of DNS on all DCs

Angeldmx — Sun, 15 Apr 2007 12:12:10 GMT

Good tip! ... Thanks very much!

But, I Would like your opinion on the "Symantec Rapid Release" features ...

Do you think that it could help protecting efficiently against this vulnerability ?

>>How to:

http://entkb.symantec.com/security/output/n2002103012571948.html

>>Self-extracting EXE file or VDB/XDB files:

ftp://ftp.symantec.com/AVDEFS/norton_antivirus/rapidrelease

re: Turn off RPC management of DNS on all DCs

Dennis Lundtoft Thomsen — Sun, 15 Apr 2007 12:05:04 GMT

You could also use "dnscmd ServerName /config /RPCProtocol 0" to disable RPC on DNS Servers (And combine it with the output from the dsquery command showed earlier)

re: Turn off RPC management of DNS on all DCs

Michael Knightley — Sun, 15 Apr 2007 05:09:36 GMT

Jesper:

I thought so. Thank you for the confirmation, and for the great tip provided above.

Kind regards