cancel
Showing results for 
Search instead for 
Did you mean: 

PCI Remediation - challenges

Dan_Giberson
Level 5
We are in the process of "hardening" our PCI (Payment Card Industry) servers and unfortunately our NBU servers have fallen into scope. So far the registry changes and service changes haven't had much of an impact, however I have had the following error pop up. I don't think it is a major error, but I wanted to get some feed back.

16 2 0 0 srvlcnbs01.******.priv *NULL* nbproxy BPCDConnectionHolder: NB API: bpcr_connect_and_verify() failed with status:25. Special Error Code: 0

This is constantly repeating itself in the Event Viewer. Any thoughts?

8 REPLIES 8

Marianne
Moderator
Moderator
Partner    VIP    Accredited Certified
You need to find out what exactly 'hardening' does.
It seems that TCP/IP ports have been closed or services entries removed. First of all, find 'services' file. You did not mention O/S version, but it should be in C:\Windows\System32\drivers\etc folder. Look for bpcd and vnetd:
bpcd        13782/tcp
vnetd        13724/tcp

See if vnetd and bpcd are LISTENING in 'netstat -a' output.

See if Windows Firewall has been enabled and verify that bpcd and vnetd are allowed.

Dan_Giberson
Level 5
Sorry...it is W2K3 R2.

Both services are listed in the services file and are listening when I run a netstat -a.

As for hardening, I didn't list all the changes at first as I didin't want to make the post unreadable. If you want a list of the changes that we are making let me know.

Thanks for the help.

Dan_Giberson
Level 5
I saw that thread originally, however we are running OpsCenter instead of NOM. I even powered off that server for 30 minutes to test, but I was still getting the same errors. Thanks for the suggestion though.

Marianne
Moderator
Moderator
Partner    VIP    Accredited Certified
Maybe as a start create bpcd log directory and see if any errors are logged there.

Else you can carefully go through the list of changes made by the hardening process and see which one(s) could possibly block port communication.

A couple of TechNotes that could be relevant:
http://seer.entsupport.symantec.com/docs/327202.htm
http://seer.entsupport.symantec.com/docs/257698.htm
http://seer.entsupport.symantec.com/docs/275200.htm

Dan_Giberson
Level 5
This could be painful...so far I haven't found anything, but I will keep looking. The bpcd logs haven't provided much for help either.

The following services have been disabled:
CIS Windows 2003 MS 4.1.21 Remote Access Connection Manager
CIS Windows 2003 MS 4.1.23 Remote Desktop Help Session Manager
CIS Windows 2003 MS 4.1.25 Remote Procedure Call (RPC) Locator
CIS Windows 2003 MS 4.1.34 Telephony
CIS Windows 2003 MS 4.1.39 Wireless Configuration
CIS Windows 2003 MS 4.1.5 File Replication
CIS Windows 2003 MS 4.1.8 Help and Support
WestJet CIS Windows 2003 MS 4.1.38 Volume Shadow Service


We have turned back on the RPC service, but the rest are set to disabled.

Marianne
Moderator
Moderator
Partner    VIP    Accredited Certified
Is the Event Viewer log the only error you are experiencing?
Where are you seeing this error - NBU master? media server? client?
Are backups still working?
Create nbproxy log on the system where you are seeing this error. Hopefully we'll get a bit more info there...

Dan_Giberson
Level 5
As far as I can see this is only showing up in the Event Viewer logs in the Master server. Backups appear to be working ( I will be doing a test restore to confirm), and I have turned on nbproxy logging too.