Re: LanMan98 problem
- From: Alan Adams <alan.adams@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 15 Sep 2005 19:52:59 +0100
In message <4daae632c8dfs@xxxxxxxxxxxxx>
Dave Symes <dfs@xxxxxxxxxxxxx> wrote:
> In article <4daaa8c802steve.pampling@xxxxxxxxxxxxx>,
> Steven Pampling <steve.pampling@xxxxxxxxxxxxx> wrote:
> > In article <4daaa5af38dfs@xxxxxxxxxxxxx>,
> > Dave Symes <dfs@xxxxxxxxxxxxx> wrote:
> > > In article <4daa729611steve.pampling@xxxxxxxxxxxxx>,
> > > Steven Pampling <steve.pampling@xxxxxxxxxxxxx> wrote:
>
>
> > > I've been taking a closer look at the Zone Alarm Firewall.
> > > The trusted zone contains correctly.
> > > PC network 192.168.1.100/255.255.255.0
> > > Dave SARPC 192.168.1.1
> > > Fay SARPC 192.168.1.4
>
> > > I've take a closer look at the ZoneAlarm logs.
>
> > > The most common action "Blocked" is:
>
> > > Type "Program Access"
> > > Program "msmsgs.exe"
>
> > > Clicking on the entry provides a bit more detail...
> > > "Windows Messenger was blocked from sending data to the internet
> > > (192.168.1.100)".
>
> > > I have no idea what this means, and what exactly is Window Messenger?
> > > Why would it be the problem?
> > > If it is, where can I sort it?
>
> > http://www.google.co.uk/search?hl=en&ie=ISO-8859-1&q=%22Windows+Messenger%22&meta=
>
> > http://www.itc.virginia.edu/desktop/docs/messagepopup/
>
> > BTW it shouldn't be trying to send at all - there's something in your
> > system that didn't ought to be.
>
>
> > 1. For things like this test with the net router disconnected from any
> > internet connection and ZoneAlarm turned off.
>
> > 2. Question why you are running a system with three possible firewalls
> > including the hardware one in the router. (Or if you aren't running a
> > hardware firewall at all question your sanity)
>
> Steve,
> I'm now even more confused than before, but thanks for trying.
> Windows Messenger is already "Disabled".
Don't be confused by two different pieces of software.
Windows Messenger is a sort of chat-room thing, which normally sits in the
system tray in the bottom right of your screen. If you don't know what it
is you don't need it. To remove it, use Control Panel, Add/remove programs,
click Add/remove Windows components, and untick Windows Messenger. (You
might want to untick MSN explorer as well.)
Messenger service is used to send messages between computers, typically
using the Net Send command. It's used legitimately by servers and UPSs to
announce that they have problems. It's used illegitimately to pop up adverts
on your screen, because it responds to connections to a port, and this gets
probed from the internet. To stop this, go to Manage, services, and disable
and stop the service. I'd recommend doing this as well, unless you really
have a use for it.
> 1. I have already tested with ZA turned off and the cable to the phone
> socket removed from the router.
>
> 2. I don't have any choice with the XP fire wall, it's there, though it
> is switched Off.
>
> Zone alarm is still there because it was there when I was using dialup,
> and yes, even though the router obviously has a firewall, Zone Alarm still
> occasionally block things.
> Though I suppose, as I'm using a NAT enabled router, I could dump Zone
> Alarm.
>
> What's got me mostly confused... Nothing has/had changed that I know of,
> one day LanMan98 connected okay, the next day when I attempted, and the
> following two days it still won't do the business.
>
> I'll test again:
> Cable removed from router, no internet connection.
> A test, as expected, I can still ping the XP PC from this SARPC.
>
> Zone Alarm quit completely.
>
> Click up LanMan98 Discs, click one of the shared directories.
> "Session refused 0x80" again.
> Same with all three shared directories, "Session refused..."
>
> As an act of desperation, I've switched Norton AV Auto protect of for a
> few minutes, no change. So it's back on.
>
> I,I have no idea what to do next.
>
> Cheers
> Dave S
>
Try the event viewer on your XP system. Mine has security logging enabled - if it isn't you will need to enable it, and I don't know how. When LanMan98 connects successfully here, I get two entries:
Event Type: Success Audit
Event Source: Security
Event Category: Account Logon
Event ID: 680
Date: 15/09/2005
Time: 19:46:19
User: NT AUTHORITY\SYSTEM
Computer: WPC
Description:
Logon attempt by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Logon account: Guest
Source Workstation: \\RPC
Error Code: 0x0
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
=== then ===
Event Type: Success Audit
Event Source: Security
Event Category: Privilege Use
Event ID: 576
Date: 15/09/2005
Time: 19:46:19
User: WPC\Guest
Computer: WPC
Description:
Special privileges assigned to new logon:
User Name:
Domain:
Logon ID: (0x0,0x9D3DF)
Privileges: SeChangeNotifyPrivilege
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
======
I expect you will see different ones.
The connection is specified as
Server: wpc
Share: Backups
User: Alan
Notypes: Y
--
Alan Adams
alan.adams@xxxxxxxxxxxxxxxxxxxxxxxxxxx
http://www.nckc.org.uk/
.
- Follow-Ups:
- Re: LanMan98 problem
- From: Dave Symes
- Re: LanMan98 problem
- References:
- LanMan98 problem
- From: Dave Symes
- Re: LanMan98 problem
- From: Steven Pampling
- LanMan98 problem
- From: Dave Symes
- Re: LanMan98 problem
- From: Steven Pampling
- LanMan98 problem
- From: Dave Symes
- LanMan98 problem
- Prev by Date: Re: LanMan98 problem
- Next by Date: Re: LanMan98 problem
- Previous by thread: LanMan98 problem
- Next by thread: Re: LanMan98 problem
- Index(es):
Relevant Pages
|
