Resolve pcanywhere Login Windows 2003 after the black screen can not display the desktop method

With Symantec PcAnywhere 11.5 log windows2003 remote server, the display input username and password is normal, but enter user name and password after landing display black screen ...

Symantec PcAnywhere 11.5 Solution for black screen after Windows 2003 connection
Toss me for several days, now find the right solution, dare not keep, hurriedly take out for everyone to refer to:
Environment:

Symantec PcAnywhere 11.5

Windows 2003 SP1 Enterprise Edition (as if it were VLK)

Mcafee Virusscan Enterprise v8.0i Patch 11

McAfee Desktop Firewall v8.5

New installed system, only Symantec PcAnywhere 11.5 When the connection WIN2003 is good

After installing a lot of stuff, the connection sometimes shows that it can't be connected, and sometimes it's dark when the connection is authorized.

After reboot can connect, also can appear screen, but enter the password entered the administrator is a black, and then like the above

Search again and again, on the difference reload system, all the Dongdong tried, firewall shutdown, delete, reload are not

And my other server is starting to have the same problem. In the last few days is good.

Two servers The last same job is to install the Winwebmail 3.7.0.7, but the deletion is still not.

Then I thought maybe it was a firewall problem, so a rule analysis

)--process and method neglect

Finally found, open 135 ports after everything ok!!

Related Knowledge Appendix:

135=location Service

135/TCP Epmap DCE Endpoint Resolution

135 Query Service DNS

135/TCP Epmap DCE Endpoint Resolution


Port: 135

Services: Location Service

Description: Microsoft runs DCE RPC end-point Mapper for its DCOM service on this port. This is similar to the capabilities of UNIX 111 ports. Services that use DCOM and RPC use the end-point mapper on the computer to register their location. When remote clients connect to the computer, they look for the location where the end-point mapper find the service. Hacker scan the computer for this port to find running Exchange Server on this computer? What version? Some Dos attacks are also directed at this port.

Port 135:135 ports are primarily used for RPC (remote Procedure call, remoting) protocols and provide DCOM (distributed Component Object Model) services.


135 Port

In many "network management" eyes, port 135 is the most elusive port, because most of them can not clearly understand the true role of the 135 port, and it is not clear what the potential dangers of the port. It was not until a professional remote control tool called "Ieen" emerged that people were aware of the potential security threats to port 135.

The Ieen tool can easily connect to other workstations on the Internet with 135 ports and remotely control the workstation's IE browser. For example, any action performed in the browser, including browsing the page content, entering the account password, entering search keywords, etc., will be monitored by the ieen tool. Even the various password information entered in the online bank can be clearly obtained by ieen tools. In addition to operating and controlling the IE browsers on remote workstations, the Ieen tool can remotely control all applications designed with DCOM development technology through 135 ports, such as the Ieen tool, which is easily accessible to computers running Excel. Perform various editing operations directly on Excel.

What do you think? 135 port opening to the outside is not very dangerous? Of course, this danger is theoretically, in order to really through the 135-port intrusion into other systems, you must know the other computer in advance the IP address, system login name and password. As long as you keep this information strictly confidential, the likelihood that your computer will be attacked by the Ieen tool is almost non-existent.

Why does the Ieen tool use port 135 to attack other computers? Originally the tool used a DCOM technology, you can directly to other workstations to remote control of the DCOM program. When the DCOM technology communicates with the other computer, the RPC service in the target host is automatically invoked, and the RPC service automatically asks 135 ports in the target host, and which ports are currently available for communication. As a result, the target host provides an available service port for use as a data transfer channel. In this communication process, the 135-port function is to provide a service port for RPC communication mapping function. To put it simply, Port 135 is the bridge in RPC communication.


135 Port

Port Description: Port 135 is primarily used for RPC (remote Procedure call, remote procedure Calls) protocol and provides DCOM (distributed Component Object Model) services that enable programs running on a single computer to successfully execute code on a remote computer Use DCOM to communicate directly over a network and to transmit across multiple networks, including HTTP protocols.

Port vulnerability: It is believed that many Windows 2000 and Windows XP users had a "shockwave" virus last year that exploited RPC vulnerabilities to attack computers. RPC itself has a vulnerability in the processing of the message exchange over TCP/IP, which is caused by incorrectly handling malformed messages. This vulnerability affects an interface between RPC and DCOM, which listens on a port that is 135.

Operation recommendation: In order to avoid the "shockwave" virus attack, we recommend that the port be closed.


5632 Port

Port Description: 5632 port is familiar with the remote control software pcanywhere opened the port, divided into TCP and UDP two, through the port can be implemented on the local computer control remote computer, view the remote computer screen, file transfer, to achieve file synchronization transmission. After the Pcanwhere is installed, the Pcanywhere Master program automatically scans the port after the computer is started.

Port vulnerability: Through the 5632-port master computer can control the remote computer, carry out various operations, may be used by criminals to steal account, steal important data, carry out various damage.

Operation recommendation: To avoid scanning through port 5632 and to remotely control the computer, it is recommended that the port be closed.