[OpenAFS] problems with de-installing OpenAFS 1.5.x on windows 7

Jeffrey Altman jaltman@secure-endpoints.com
Fri, 23 Sep 2011 08:46:50 -0400


This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig02428561CFB3F02D8A65702D
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

On 9/23/2011 3:00 AM, Lars Schimmer wrote:
> Hello
>=20
> I experienced some heavy problems with deinstalling the 64bit package o=
f
> OpenAFS 1.5.x on our windows 7 workstations.
>=20
> While/after deinstalling the 64bit package (MSI) of OpenAFS 3 (out of 6=

> I tried) workstations did no more accept any admin user as
> administrator, the service to start the services did not start and
> furtheron I can onl reinstall complete system to get it working again a=
s
> I do not obtain any right to administrate the system or start any
> servive =3D> I cannot deinstall/install any software, I cannot remove i=
t
> from the domain, I can just logon/logoff and copy data to/from harddriv=
e).
>=20
> Has anyone experienced and similar?
>=20
> (the workstations were setup in last/this year, are in a domain,
> upgrading OpenAFS did worked well on them, I was login  as a local
> administrator while deinstalling the OpenAFS 64 MSI package,...).
>=20
> Somehow it looks like the registry is destroyed in a very bad manner.
> And this has happen on 3 workstations yet (out of 6 I tried to deinstal=
l
> OpenAFS 1.5.x for installing 1.7).
>=20
>=20
> MfG,
> Lars Schimmer

Lars:

While your situation sounds horrible I have a hard time believing it is
the result of OpenAFS itself being uninstalled.  If that were the case I
would run into the problem on a consistent basis as I switch between
release series.  OpenAFS does not add itself as a dependency for other
services.

My guess is that one of two things are true:

a. the local administrator account has somehow obtained a dependency on
the \\AFS name space perhaps with an auto-run or other and as a result
will not start because after OpenAFS is removed there is no method of
accessing the dependency.

b. your machines have a rootkit or other damage and the removal of
OpenAFS is triggering bad behavior.

The 1.5 series does not have any kernel component and is not capable of
altering the role of administrative bits.

I would start by examining the registry for dependencies on \\AFS.  For
example, are there any system drive mappings to \\AFS that would be
persisted?  Any service application paths that refer to \\AFS or a
mapped drive letter?  Etc.

Jeffrey Altman


--------------enig02428561CFB3F02D8A65702D
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)

iQEcBAEBAgAGBQJOfH+8AAoJENxm1CNJffh4kWkH/1bSQyFcklPo3jmhPv88kgQL
E/BxCXf+GUM/6QxncokwvRCgiHD+vt+CqfeuwQhS6X4PbBhwRNXCmQdujpyjcwHT
CyrCe355W754w6znGG7/2+Ayekc1P7AFrxVLOgzEgkNk2B9DZNP+Ikw5bDiJQaS3
mJXMidC2Q68trGoad1QTMBkggOA7pDRJ0qm1GtsmKvAQkHF9E5RbZopmAHQjOSFv
JS+wlEqzAfHX0klZ0pTKtc5Z6VGT3AYmnQNmrpityKGOt08MP4n7eoka6j3z6IsT
DqVCFhqHp5jvLThsOdSzotyO9O4Nsi4rslhGnty4sitOpNlNQpD5xbPMNsJaBc4=
=+Apf
-----END PGP SIGNATURE-----

--------------enig02428561CFB3F02D8A65702D--