Служба SSTP Ошибка 1717: неизвестный интерфейс [Версия для КПК] - стр. 2

DeBuck

14-07-2009, 22:46

Вот вся последовательность событий:
22:50:33,3343280 svchost.exe 1504 Thread Create SUCCESS Thread ID: 1380
22:50:33,3358145 svchost.exe 1504 QueryOpen C:\Windows\System32\sstpsvc.dll FAST IO DISALLOWED
22:50:33,3359270 svchost.exe 1504 CreateFile C:\Windows\System32\sstpsvc.dll SUCCESS Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened
22:50:33,3364406 svchost.exe 1504 QueryBasicInformationFile C:\Windows\System32\sstpsvc.dll SUCCESS CreationTime: 03.05.2008 14:11:37, LastAccessTime: 25.05.2009 3:31:47, LastWriteTime: 19.01.2008 11:36:36, ChangeTime: 12.07.2009 18:07:12, FileAttributes: A
22:50:33,3364523 svchost.exe 1504 CloseFile C:\Windows\System32\sstpsvc.dll SUCCESS
22:50:33,3366297 svchost.exe 1504 CreateFile C:\Windows\System32\sstpsvc.dll SUCCESS Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened
22:50:33,3368227 svchost.exe 1504 CreateFileMapping C:\Windows\System32\sstpsvc.dll FILE LOCKED WITH ONLY READERS SyncType: SyncTypeCreateSection, PageProtection: PAGE_READONLY
22:50:33,3369157 svchost.exe 1504 CreateFileMapping C:\Windows\system32\sstpsvc.dll SUCCESS SyncType: SyncTypeOther
22:50:33,3374816 svchost.exe 1504 Load Image C:\Windows\System32\sstpsvc.dll SUCCESS Image Base: 0x744c0000, Image Size: 0x25000
22:50:33,3375321 svchost.exe 1504 CloseFile C:\Windows\System32\sstpsvc.dll SUCCESS
22:50:33,3377742 svchost.exe 1504 QueryOpen C:\Windows\System32\sstpsvc.dll FAST IO DISALLOWED
22:50:33,3378834 svchost.exe 1504 CreateFile C:\Windows\System32\sstpsvc.dll SUCCESS Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened
22:50:33,3380974 svchost.exe 1504 QueryBasicInformationFile C:\Windows\System32\sstpsvc.dll SUCCESS CreationTime: 03.05.2008 14:11:37, LastAccessTime: 25.05.2009 3:31:47, LastWriteTime: 19.01.2008 11:36:36, ChangeTime: 12.07.2009 18:07:12, FileAttributes: A
22:50:33,3381084 svchost.exe 1504 CloseFile C:\Windows\System32\sstpsvc.dll SUCCESS
22:50:33,3382686 svchost.exe 1504 CreateFile C:\Windows\System32\sstpsvc.dll SUCCESS Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened
22:50:33,3384547 svchost.exe 1504 CreateFileMapping C:\Windows\System32\sstpsvc.dll FILE LOCKED WITH ONLY READERS SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE
22:50:33,3395424 svchost.exe 1504 CreateFileMapping C:\Windows\system32\sstpsvc.dll SUCCESS SyncType: SyncTypeOther
22:50:33,3395630 svchost.exe 1504 CloseFile C:\Windows\System32\sstpsvc.dll SUCCESS
22:50:33,3398444 svchost.exe 1504 Load Image C:\Windows\System32\sstpsvc.dll SUCCESS Image Base: 0x65240000, Image Size: 0x25000
22:50:33,3401818 svchost.exe 1504 QueryOpen C:\Windows\System32\rtutils.dll FAST IO DISALLOWED
22:50:33,3403330 svchost.exe 1504 CreateFile C:\Windows\System32\rtutils.dll SUCCESS Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened
22:50:33,3405170 svchost.exe 1504 QueryBasicInformationFile C:\Windows\System32\rtutils.dll SUCCESS CreationTime: 12.07.2009 10:59:49, LastAccessTime: 12.07.2009 10:59:49, LastWriteTime: 10.04.2009 23:28:26, ChangeTime: 12.07.2009 11:25:30, FileAttributes: A
22:50:33,3405276 svchost.exe 1504 CloseFile C:\Windows\System32\rtutils.dll SUCCESS
22:50:33,3407241 svchost.exe 1504 CreateFile C:\Windows\System32\rtutils.dll SUCCESS Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened
22:50:33,3409356 svchost.exe 1504 CreateFileMapping C:\Windows\System32\rtutils.dll FILE LOCKED WITH ONLY READERS SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE
22:50:33,3418732 svchost.exe 1504 CreateFileMapping C:\Windows\system32\rtutils.dll SUCCESS SyncType: SyncTypeOther
22:50:33,3418916 svchost.exe 1504 CloseFile C:\Windows\System32\rtutils.dll SUCCESS
22:50:33,3420886 svchost.exe 1504 Load Image C:\Windows\System32\rtutils.dll SUCCESS Image Base: 0x6fd00000, Image Size: 0xc000
22:50:33,3425195 svchost.exe 1504 RegQueryValue HKLM\System\CurrentControlSet\Control\WMI\Security\ff5e7768-8ef5-48b1-9998-61fc841d124f NAME NOT FOUND Length: 130
22:50:33,3434711 svchost.exe 1504 RegOpenKey HKLM SUCCESS Desired Access: Maximum Allowed, Granted Access: Read
22:50:33,3434922 svchost.exe 1504 RegOpenKey HKLM\System\CurrentControlSet\Services REPARSE Desired Access: Read
22:50:33,3435097 svchost.exe 1504 RegOpenKey HKLM\System\CurrentControlSet\Services SUCCESS Desired Access: Read
22:50:33,3435257 svchost.exe 1504 RegCloseKey HKLM SUCCESS
22:50:33,3435778 svchost.exe 1504 RegOpenKey HKLM\System\CurrentControlSet\Services\SstpSvc SUCCESS Desired Access: Read
22:50:33,3436070 svchost.exe 1504 RegOpenKey HKLM\System\CurrentControlSet\Services\SstpSvc\Parameters SUCCESS Desired Access: Read
22:50:33,3436299 svchost.exe 1504 RegCloseKey HKLM\System\CurrentControlSet\Services SUCCESS
22:50:33,3436400 svchost.exe 1504 RegCloseKey HKLM\System\CurrentControlSet\Services\SstpSvc SUCCESS
22:50:33,3436509 svchost.exe 1504 RegQueryValue HKLM\System\CurrentControlSet\Services\SstpSvc\Parameters\ServiceDllUnloadOnStop SUCCESS Type: REG_DWORD, Length: 4, Data: 1
22:50:33,3437572 svchost.exe 1504 RegCloseKey HKLM\System\CurrentControlSet\Services\SstpSvc\Parameters SUCCESS
22:50:33,3438252 svchost.exe 1504 Thread Exit SUCCESS Thread ID: 1380, User Time: 0.0000000, Kernel Time: 0.0000000

Если я правильно понимаю, то причина ошибки тут:
RegQueryValue HKLM\System\CurrentControlSet\Control\WMI\Security\ff5e7768-8ef5-48b1-9998-61fc841d124f NAME NOT FOUND
Подскажите, плз, что должно быть в этом ключе реестра ?

Valeant

15-07-2009, 16:10

DeBuck, пример win7 но на vista то же самое

RegQueryValue HKLM\System\CurrentControlSet\Control\WMI\Security\ff5e7768-8ef5-48b1-9998-61fc841d124f NAME NOT FOUND
Не причем, я думаю это не из этой оперы.

Вот смотрим на файл sstpsvc.dll - имеем список файлов которые ему нужны - некоторые опускаем оставляем rtutils.dll, HTTPAPI.dll, crypt32.dll, WS2_32.dll, RPCRT4.dll, webio.dll, IPHLPAPI.DLL, NSI.dll.
В процессе запуска службы SSTP:
- замечено что нужны rtutils.dll, httpapi.dll, webio.dll обяз;
- загрузка load image - crypt32.dll, msasn1.dll (ASN.1 Runtime APIs)
И только после webio.dll идет работа с реестром по веткам:HKLM\System\CurrentControlSet\services\SstpSvc
самая первая ссылка в данной ветки на
- HKLM\System\CurrentControlSet\services\SstpSvc\Description - @%SystemRoot%\system32\sstpsvc.dll,-201;
- HKCU\Software\Classes\Local Settings\MuiCache\D4\B1A07F78\@%SystemRoot%\system32\sstpsvc.dll,-201;
- HKLM\System\CurrentControlSet\services\SstpSvc\Type
Type = 20
Start = 3
ErrorControl = 1
и т.д.

У вас же после rtutils.dll она идет в "отлуп"
Далее от данной службы SSTP зависит "Диспетчер удаленных подключений".