[Web4lib] Windows 2000 Server warning
William A. Forgette
wforgette at linc.lib.il.us
Fri Aug 12 15:37:43 EDT 2005
Do you use APC Backups?
And if so, did you apply the upgrade to be version 7.0 of the software that
was required after July 27? If not, try that before rolling everything back.
I ask because I had numerous problems start around that time with my w2k
box. At first I suspected that it was a Windows Hot Fix or even SP4. Ended
up being neither of those but was the APC software. It was pretty
strange.... But it ends up that the APC software used some piece of Java
that the certificate expired on July 27th. This little element of Java got
embedded with lots of things so it affected everything, Explorer, Add/Remove
Programs, etc.
Here is a little exchange on the issue that I had with an individual at
www.experts-exchange.com . NOTE, I snipped a lot out, but it may hurt you
still ;)
My server symptoms that I submitted:
>I'm having a problem with our Windows Server 2000 SP4 box with our AD on
it.
>The strange behavior last couple days:
>*Add/Remove Programs wizard ( mshta.exe) does not open
>*IE opens first page then freezes
>*Going direct to Windows Update via the link does not work at all - white
window opens, then IE/Windows Udate stops responding
>*If going to reboot, Power Meter stops responding and must "End Task"
> Other strange behaviour occuring during the same period:
> *remote desktop for administration does not connect for a long period, or
even at all
> *symantec antivurus corp 10 - can no longer use the autho/password
> * ADUC mmc stopped working, reinstalling the adminpack.msi though resolved
the problem.
> Of note:
>* Add/Remove Programs works in safe mode w/networking
>* KB83572 was installed, now uninstalled, and system restarted
>* No hardware changes have been done to system
>
>Possible correupt registry?
> Another hot fix I should look for to uninstall?
> Restore system state?
Part of the repsonse (greatly edited) :
After lengthy reasearch by an associate, here is the problem and the fix:
I researched the Microsoft and APC (and SUN) site and found the REAL cause
of the problem.
Here it is:
1. Impact
The Java Cryptography Extension (JCE) 1.2.1 is an optional package for J2SE
1.2.x and 1.3.x that provides a framework and >>>>>implementations for
encryption, key generation, key agreement, and Message Authentication Code
(MAC) algorithms. The digital >certificate that was used to sign the JCE
1.2.1 jar files will expire on July 27, 2005, after which the product will
no longer >>function.
2. Contributing Factors
This issue can occur in the following release:
Java Cryptography Extension (JCE) 1.2.1 (for J2SE 1.2.x and 1.3.x)
Notes:
JCE 1.2.1 is at "End of Service Life" (EOSL), and is no longer supported.
JCE 1.2.1 was EOSL'ed in 2002 when JCE 1.2.2 was released.
The JCE that is integrated into J2SE 1.4 and later is not affected by this
issue. This Sun Alert is specific to JCE 1.2.1, which is an optional package
for use with J2SE 1.2.x. and 1.3.x (JCE 1.2.1 is not bundled with J2SE 1.2.x
and 1.3.x).
3. Symptoms
After the expiration date, code calling into JCE 1.2.1 will fail with
symptoms similar to the following:
[xxxxxx at xxxxxx] 258 >java BlowfishKey
Exception in thread "main" java.lang.ExceptionInInitializerError:
java.lang.SecurityException: Cannot set up certs for trusted CAs
at javax.crypto.b .<clinit>([DashoPro-V1.2-120198])
at javax.crypto.KeyGenerator.getInstance([DashoPro-V1.2-120198])
Solution Summary Top
4. Relief/Workaround
There is no workaround. Please see the "Resolution" section below.
5. Resolution
This issue is addressed in the following releases:
Java Cryptography Extension (JCE) 1.2.2 (for J2SE 1.2.x and 1.3.x)
which is available at:
http://java.sun.com/products/jce/index-122.html
JCE in J2SE 1.4 and later
which is available at:
http://java.sun.com/j2se/1.4.2/download.html and
http://java.sun.com/j2se/1.5.0/download.jsp
After downloading the patch, everything -Including Backup Exec - was back to
normal.
William A. Forgette, Computer Services Department Head
Bloomingdale Public Library
101 Fairfield Way
Bloomingdale, IL 60108
Direct (630) 924-2766
Main (630) 529-3120
Fax (630) 529-3243
http://www.bloomingdale.lib.il.us
-----Original Message-----
From: web4lib-bounces at webjunction.org
[mailto:web4lib-bounces at webjunction.org] On Behalf Of Wright, Jen
Sent: Friday, August 12, 2005 12:32 PM
To: web4lib at webjunction.org
Subject: [Web4lib] Windows 2000 Server warning
We had three Windows 2000 servers die terrible OS deaths this week. The
last thing they had done was get the latest Windows update. We've been on
the phone with Microsoft all day today trying to get the servers to roll
back. This was made difficult since the OS was what got corrupted. You
can't run a restore, you can't stop services, you can't do anything that
requires using the MMC.
We are close to restoring our main application server, but it has been a
long week. I am emailing the group in case anyone else has encountered
similar problems and hadn't connected it to the update and to prevent others
from installing the latest update if they have 2000 machines.
Somehow our network guy found a way to do a partial restore and then restore
again from that point and I think that is our latest solution.
I hope this reaches some of you in time to spare you our suffering. :)
Jennifer R. Wright
Supervisor, Web Development
Free Library of Philadelphia
http://www.library.phila.gov
_______________________________________________
Web4lib mailing list
Web4lib at webjunction.org
http://lists.webjunction.org/web4lib/
More information about the Web4lib
mailing list