Hi, I installed the following KBArticles as part of the security and general update process on Windows Server 2003 std. We are not using ISA Server. On rebooting the server, the server was not receiving incoming connections, outgoing were working okay. KBArtices 2440591; 2207559; 2296199; 2416400; 2419635; 2423089; 2436673; 2467659; 2443105; 2443685; I ended up removing all of the updates, but still the server did not accept incoming connections. Finally, I read on this post http://www.tech-archive.net/Archive/Windows/microsoft.public.windows.server.sbs/2008-07/msg02573.html about DisableBootTimeSecurity, and this finally resolved my problem. I'm not really a networking guy, just trying to get to the bottom of this, as I'll need to re-install these patches sometime! Ben Howard [MVP] blog | web

install all the patches once again and monitor your registry specially the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IpNat\Parameters DisableBootTimeSecurity will change to 0 is yes then try reverting back to 1 Thanks http://www.virmansec.com/blogs/skhairuddin

thanks, but what does DisableBootTimeSecurity actually do?Ben Howard [MVP] blog | web

Hi, Based on my understanding, it is related to the boot-time policy of the Windows Firewall. The following information could be helpful for your work: 897651 VPN clients can no longer access internal resources after you install Windows Server 2003 Service Pack 1 on a computer that is running ISA Server 2000 http://support.microsoft.com/default.aspx?scid=kb;EN-US;897651 917730 You cannot create a network connection when you are starting a Windows XP SP2-based computer http://support.microsoft.com/default.aspx?scid=kb;EN-US;917730This posting is provided "AS IS" with no warranties, and confers no rights. Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Boot-time security Detailed description In earlier versions of Windows, there is a period of time between when the network stack comes up and when Internet Connection Firewall provides protection. This results in the ability for a packet to be received and delivered to a service without Internet Connection Firewall providing filtering and potentially exposes the computer to vulnerabilities. This was due to the firewall driver not starting to filter until the firewall user-mode service was loaded and had applied appropriate policy settings. The firewall service has a number of dependencies, which causes the service to wait until those dependencies are cleared before it pushes the policy down to the driver. This time period is based upon the speed of the computer. In Windows Server 2003 Service Pack 1, the IPv4 and IPv6 firewall drivers have a static rule to perform stateful filtering. This static rule is called a boot-time policy. This allows the computer to perform basic networking functions such as DNS and DHCP and communicate with a domain controller to obtain policy settings. After the Windows Firewall service is running, it loads and applies the runtime policy settings. The boot-time policy cannot be configured. There is no boot-time security if the Windows Firewall service (which is listed as Windows Firewall/Internet Connection Sharing (ICS) in the Service Control Manager) is set to either Manual or Disabled. Why is this change important? What threats does it help mitigate? With this change, the computer is open to fewer attacks during startup and shutdown. What works differently? If the Windows Firewall service fails to start, boot-time security remains in effect. This means that all incoming connections are blocked. In this case, an administrator will not be able to remotely troubleshoot the issue because all the ports will be closed, including the port used by Remote Desktop. If a service attempts to start before the firewall service a "race condition" might result. If a necessary service is blocked by this condition you will need to disable Windows Firewall. How do I resolve these issues? To turn off boot-time security, stop the Windows Firewall/Internet Connection Sharing (ICS) service and set its startup type to either Manual or Disabled. If the computer is in boot-time security mode because the firewall service has not started, an administrator must log on to the computer, resolve the cause of the failure, and then manually start the firewall service. Running in safe mode (Safe mode firewall) Detailed description The firewall state is maintained when the server is started in safe mode. Why is this change important? With this change your computer is less vulnerable to attack when starting in safe mode with network connectivity. What works differently? In previous versions, Internet Connection Firewall was not available when running in safe mode. http://technet.microsoft.com/en-us/library/cc778394(WS.10).aspx -------------------------------------------------------------------------------- http://www.virmansec.com/blogs/skhairuddin

Thank you. Interesting that it was set, as ICF is not used! Anyway, now at least I know what it is and what to monitor.Ben Howard [MVP] blog | web

Thank you Ben for posting I would have never knew about Boot-time security thing untill you asked :)http://www.virmansec.com/blogs/skhairuddin