This topic lists licensing error messages that can appear on client computers. It also describes the causes of and solutions for these errors. Although these error messages appear on clients, they are frequently caused by problems with the Windows Server 2003 Terminal Server license server or the terminal server. Therefore, when you troubleshoot Terminal Server Licensing issues, it is useful to first determine whether there are server configuration issues or problems with network connectivity.

http://technet2.microsoft.com/WindowsServer/en/Library/159e6ff8-4edb-43fd-8767-3d9858897e2c1033.mspx

If you have not gotten word by other means, SMS 2003 SP3 has shipped and is available on the web for download here!

There has however been some confusion over the SMS 2003 R2 product in conjunction with the SP3 release which I hope is cleared up by the following.

SMS 2003 R2 remains a distinct value-add for SMS 2003 and requires either SMS 2003 SP2 or SMS 2003 SP3 versioned sites.  R2 provides added functionality including both the Scan Tool for Vulnerability Assessments and the Inventory Tool for Custom Updates.  Find more information about the SMS 2003 R2 evaluation version here!

SMS 2003 SP3 does not require R2 nor will it provide, impact, or duplicate the R2 functionality.  SP3 does introduce RTM Vista Support and Asset Intelligence features to SMS 2003. 

Some original wording on the SP3 download site looks to have been changed which should eliminate future confusion around SMS 2003 SP3 and R2

Windows Server 2003 SP2 is a combination of security updates, functionality updates, and new features. SP2 contains the latest collection of updates to help improve the security, reliability, and performance of the following operating systems. As well as Windows Server 2003 SP1, it makes some significant changes to security including start up account for services, DCOM security and etc.  Since Windows Server SP2 has stronger defaults and privilege reduction on services, it may result in some issues after installing Windows 2003 SP2.

Here we introduce a typical security related issue after installing SP2:

Windows 2003 SP2 uses Network Service account for the RPC service. Prior to SP2 and SP1, OS was using Local System account for the same. After installing SP2 for Windows Server 2003 services will not start that use the Network Service or Local Service account.

Have you ever encountered the following problem?

• RPC service or other services set to automatic dependent on RPC will not start properly.  For example, when trying to start the service, get error of "Error 1068: The dependency service or group failed to start"
• Network connection fails to open or Network adapter icons do not appear in Network Connections.
• Incoming and outgoing network communication fails
• COM+, Volume Shadow Copy and Shell Hardware Detection services are in the “starting” state
• Receive “Access is denies” when selecting the dependencies tab of a service that does not start

Why?

Remote Procedure Call (RPC) service has been changed from Local System account to Network Service account for better security. “Impersonate a client after authentication” right is required to include Administrators and the SERVICE group if the RPC Service runs as the Network Service account.

What can we do if meeting with the issue?

a. Open the Group Policy configuration window (gpedit.msc or open it in Active Directory Users and Computers).

b. Locate the policy entry: Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Impersonate a client after authentication.

c. Ensure that the “Administrators” group and the “SERVICE” group is granted this privilege.

d. If the problem remains, correct the Access Control List for HKEY_CLASSES_ROOT\CLSID (and all child keys and values) to ensure NT Authority\Network Service can read. This can be accomplished by adding Authenticated Users or Users group and providing Read permissions.

Note: If the Add User or Group button is disabled and if the computer is a domain controller, use the Domain Controller Security Policy administrative tool to make the policy changes. This policy tool will override the local security policy settings. If this computer is a member server and the Add User or Group button is disabled, identify all Group Policy settings that apply to this computer, and then make the policy changes to the appropriate Group Policy settings. 

e.  In the Enter the object names to select box, type Administrators , and then click OK. 

f.  Repeat step d through e for the SERVICE group account. 

g.  Click OK to close the Impersonate a client after authentication Properties dialog box. 

h.  On the File menu, click Exit. 

i.  Restart the computer. 

If you can add the Administrators group and SERVICE group accounts to the Impersonate a client after authentication policy setting, restart the computer.

When we connect Outlook 2007 to Exchange Server, we may receive a variety of errors due to there being no default gateway set on the machine. Please refer to the following article for how to work around this issue.

Error messages when you try to connect Outlook 2007 to Exchange Server: "The action cannot be completed" or "Your Microsoft Exchange Server is unavailable" or "Cannot start Microsoft Office Outlook"

http://support.microsoft.com/kb/913843/en-us

NOTE: Based on our analysis, this issue always occurs when a user tries to connect at home via RPC over HTTP. Since home PC's ISP may not have default gateway set.