Fixing Server 2003: reprise after two and a half years

Sometimes the Internet reminds me of Tony Hancock’s Blood Donor. You post advice when you have it, and take it back when you need it.

It was like that last night. I am following my own advice and weeding out any instances where username/password combinations are transmitted in plain text. Occasionally I send mail via Exchange as an SMTP server, so I’ve now configured this to use TLS (Transport Layer Security).

All went well until a fatal reboot produced event 32777: The LSA was unable to register its RPC interface over the TCP/IP interface. This is nasty, and causes a host of further errors which pretty much kill networking on the box. I have no idea what provoked it.

Fortunately I’ve had this before – two and a half years ago. Last time I used the blunt instrument of a repair install, but by going back to my earlier post and reading the comments I was able to apply fix this quickly:

  • Change the logon of the RPC service to Local System, as a temporary fix to networking
  • Make changes to local security policy (domain controller policy in this case): Add Adminstrators and Service to the Create Global Objects and Impersonate client after authentication in User Rights Assignment
  • Change the logon of the RPC service back to NT AUTHORITY\Network Service

All very obscure and the kind of thing you have little chance of working out for yourself. It is all to do with changes made by Server 2003 SP1 which appear to break important stuff in some circumstances.

Why not Server 2008? All in good time.

Technorati tags: ,