Guys, over the weekend we had some issues deploying some Oracle Weblogic instances on Windows 2008 R2 servers. After some investigation it turned out that some files on our servers were being locked by the MS RDP client mstsc.exe. When looking at the command line to these mstsc.exe instances it was as follows:
- mstsc.exe /v:<qualsys server IP>:<some high port>
Now, we know that Qualsys doesn't accept RDP connections but we were wondering might these have been caused by the Qualsys scans (they ran the night before we saw this issue)? Furthermore, the mstsc.exe was in the process tree of the Weblogic instance:
We have checked that nothing in the WebLogic startup is doing this. It looks like something is injecting it!