Thread: Cisco Unity 1.1 -> 1.2(1) Upgrade bizarreness - Corrupt HKCU for Administrator
View Single Post
Old 02-16-2008, 06:57 AM   #1 (permalink)
Velouria
Junior Member

Activity Longevity
0/20 8/20
Today Posts
0/0 ssssssss7
Rep Power: 0Velouria is an unknown quantity at this point

Total Points:
Donate
Country:

Cisco Unity 1.1 -> 1.2(1) Upgrade bizarreness - Corrupt HKCU for Administrator
This is a bizarre one that I and a third-party technician (who was doing the actual upgrade) ran into.

We were attempting to do a Unity upgrade on a 1.1 system.

First off, we couldn't log in locally to the box. No error, no nothing. It just took the username and password and chucked us back to the username/password prompt. Also, strangely, the Unity default background was missing and the local console had defaulted back to the normal boring Windows Server 2003 grey background (although the background image was there when using RDP). We could, however, log in successfully using RDP, and did that and rebooted the box. On rebooting the box, we were able to log in locally successfully, and started the upgrade process.

When we came to running the actual 1.1 -> 1.2 upgrade, it fell over at step 3 of 86 (from memory - the note is back at work - when running an AfterFilesCopy .vbs script). Examination of the logs revealed it was returning 'Access is denied'. There were other oddities, such as certain system tray icons not appearing and login taking a long time.

I downloaded Sysinternals Process Monitor and set it running to try and find the source of the problem. One other bizarre side effect noticed was that it took a very long time to drag and drop the executable file out of the zip file onto the desktop...

Ran the installer through with Process Monitor capturing all the file and registry writes, and finally traced it to cscript.exe attempting to alter HKCU\Software\Microsoft\Windows Scripting Host and getting 'Access is denied'. Popped into Registry Editor, looked for the key and it wasn't there - and additionally determined that the Registry was readonly. In fact, the Registry seemed largely bare and empty.

Permissions were Administrators (the group) - Read, SYSTEM - Full Control - but no permissions at all for Administrator (the user). Reset the permissions on the whole of HKCU to SYSTEM Full Control, Administrators Full Control and Administrator Full Control. rebooted (and noted that Windows ran its initial setup for IE, etc., as if this was a first-ever logon) and the upgrade then proceeded smoothly. Saved a complete Unity rebuild...

Now the question is - what happened? Has anyone ever seen this before?

My speculations are:

1) Something caused HKCU to be corrupt and it was replaced
by a copy from .DEFAULT, and the permissions didn't get applied properly, perhaps because of Cisco Security Agent. There was no log of this in the Event logs, however
2) Something caused Administrator to lose permissions over its own registry - Could a Windows Activation problem cause this? There were several hundred entries logged complaining of 'Error reading Windows Activation status'
3) Malicious influence from Some Piece of Nastiness like a worm, for instance. Think this is unlikely but can't be ruled out.

NB: I don't usually touch the Unity system and think this was 1.1-> 1.2(1) ... it was definitely x.1-> x.2(1)
Last edited by Velouria : 02-16-2008 at 07:07 AM.
Velouria is offline   sendpm.gif Reply With Quote