Wednesday, December 29, 2010
Friday, December 10, 2010
Juniper and Exchange 2010 OWA
In one of our locations we use "Log on to" restriction for some users in Active Directory (attribute UserWorkstation). And this creates issue for Webmail users (Juniper SSL and Exchange 2010). To solve this add word "Workstation" to the list of allowed workstations in the attribute above or remove restriction at all.
Customised Netgear router firmware
I'm not sure exactly from where the issue is coming, but my netgear DGN2000 is not working correctly. Having issues to work wirelessly with my Macbook. Tried also to use cable the same result. Now I use old linksys and it seems to give less headaches.
When I have time I wil try customised firmware for netgear to see if issue goes away:
Here it is: http://jake-tm.co.uk/?page_id=259
D.
When I have time I wil try customised firmware for netgear to see if issue goes away:
Here it is: http://jake-tm.co.uk/?page_id=259
D.
Tuesday, December 7, 2010
Netgear dgn2000
After several issues with this router, I decided to stop using it. When you boot it first time, the power led will not be on, and the network is unstable. After several reboots, the led finaly will be ok, but still a lot of network issues. Wifi and cable both. Temporary I enabled my very old linksys befw1154 (11b, WEP only). Very disappointed with netgear and will never buy it.
Friday, November 26, 2010
Monday, November 15, 2010
Cisco VPN client registers local LAN IP
You may notice that when connected VPN client registers in DNS the VPN IP and also local LAN IP. To prevent client registering local LAN, you should add to vpnclient.ini entry
[DNS]
EnableDNSRedirection=0
[DNS]
EnableDNSRedirection=0
Wednesday, November 3, 2010
ManageEngine ADManager Plus install certificate
You can obtain a certificate from Windows CA and save it in PKCS12 format (in Windows extension pfx) together with the private key, set file password as adventnet.
Then modify conf/server.xml file in the path where AdManager is installed to point to new keystorefile with setting of keystoretype="PKCS12" and keystorepass="adventnet"
Then modify conf/server.xml file in the path where AdManager is installed to point to new keystorefile with setting of keystoretype="PKCS12" and keystorepass="adventnet"
Tuesday, November 2, 2010
How to install Microsoft Windows CA certificate into Nessus linux?
You need a combination of these two
http://blogx.co.uk/ViewItem.asp?Entry=813
http://www.nessus.org/documentation/nessus_4.2_installation_guide.pdf
Path for the cert and key is:
/opt/nessus/com/nessus/CA/servercert.pem
/opt/nessus/var/nessus/CA/serverkey.pem
Obtain a certificate from MS CA Web - something like http://ca-server/certsrv
Click Request certificate- select advanced and then follow the dialog and save the certificate in Windows client. Type mmc and add certificate add-in, for my user.
Then you can export it in pksc12 format and then split into key and cert as:
Type "openssl pkcs12 -in filename.pfx -nocerts -nodes -out PBX_PrivateKey.pem" (you will be prompted for the password) to export the private key (no certificates at all will be output).
Then type "openssl pkcs12 -in filename.pfx -clcerts -nokeys -out PBX_Certificate.pem" to export the certificate.
http://blogx.co.uk/ViewItem.asp?Entry=813
http://www.nessus.org/documentation/nessus_4.2_installation_guide.pdf
Path for the cert and key is:
/opt/nessus/com/nessus/CA/servercert.pem
/opt/nessus/var/nessus/CA/serverkey.pem
Obtain a certificate from MS CA Web - something like http://ca-server/certsrv
Click Request certificate- select advanced and then follow the dialog and save the certificate in Windows client. Type mmc and add certificate add-in, for my user.
Then you can export it in pksc12 format and then split into key and cert as:
Type "openssl pkcs12 -in filename.pfx -nocerts -nodes -out PBX_PrivateKey.pem" (you will be prompted for the password) to export the private key (no certificates at all will be output).
Then type "openssl pkcs12 -in filename.pfx -clcerts -nokeys -out PBX_Certificate.pem" to export the certificate.
Oops, checkpoint reboots worldwide
I'm glad that we retired Checkpoint a year ago.
http://www.cpug.org/forums/check-point-utm-1-edge-appliances/14606-all-edge-firewalls-rebooted-10-30-2010-8-58-p-m.html
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk56641&js_peid=P-114a7ba5fd7-10001
http://www.cpug.org/forums/check-point-utm-1-edge-appliances/14606-all-edge-firewalls-rebooted-10-30-2010-8-58-p-m.html
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk56641&js_peid=P-114a7ba5fd7-10001
Wednesday, October 27, 2010
Tuesday, October 26, 2010
Some security update from Microsoft
Is this fix comes automatically or should be installed manually?
http://support.microsoft.com/kb/2264107
http://support.microsoft.com/kb/2264107
Monday, October 25, 2010
Macbook Pro June 2009 DVD region unlock
Hello, there are some sources on how to unlock region on the DVD: http://www.powerbook-fr.com/dossiers/dvd_region_free_en_article30.html
On the Macbook pro June 2009 you will need a bootcamp windows, the original firmware and the MSCE tool.
The effect is that you will be able to change region many times, the counter will be reset after each reboot.
On the Macbook pro June 2009 you will need a bootcamp windows, the original firmware and the MSCE tool.
The effect is that you will be able to change region many times, the counter will be reset after each reboot.
Friday, October 22, 2010
EasyIDS not updating
Do not miss this fix for EasyIDS to make it update snort rules again - http://forums.skynet-solutions.net/viewtopic.php?f=2&t=114
Snort/BASE/ACID archiving script
A script for BASE to archive 10 days old records. Can be added to cron.
http://sourceforge.net/projects/secureideas/forums/forum/404428/topic/3678236
http://sourceforge.net/projects/secureideas/forums/forum/404428/topic/3678236
Wednesday, October 6, 2010
5651
Does Bluecoat SG provides a "compliance" with Turkish 5651st law? any practical advises? http://www.tbmm.gov.tr/kanunlar/k5651.html
Tuesday, October 5, 2010
Fixing IIS apps issues
If you have errors in Windows IIS7 like:
"Faulting application w3wp.exe, version xx, faulting module unknown, fault address yy"
you may find this quite instructive:
http://blogs.msdn.com/b/david.wang/archive/2005/08/29/howto-understand-and-diagnose-an-apppool-crash.aspx
Enjoy!
"Faulting application w3wp.exe, version xx, faulting module unknown, fault address yy"
you may find this quite instructive:
http://blogs.msdn.com/b/david.wang/archive/2005/08/29/howto-understand-and-diagnose-an-apppool-crash.aspx
Enjoy!
Thursday, September 30, 2010
Friday, September 17, 2010
Monday, September 6, 2010
Audit full access in Exchange
Use this command in powershell EMC: Get-Mailbox -Server “server-name” | Get-MailboxPermission | where { ($_.AccessRights -eq “FullAccess”) -and ($_.IsInherited -eq $false) -and -not ($_.User -like “NT AUTHORITY\SELF”) } |export-csv c:\full.txt
Friday, September 3, 2010
EFI and SMC firmware updates for Intel-based Macs
New firmware for Mac Pro and others. It will not be available via Software update, but can be obtained manually
http://support.apple.com/kb/HT1237
http://support.apple.com/kb/HT1237
Intel NIC low power mode
We have a lot of Event 27 in the eventlogs of dc7900 dc7800 HP business desktops:
Event Type: Warning
Event Source: e1kexpress
Event Category: None
Event ID: 27
Date: 03.09.2010
Time: 16:45:58
User: N/A
Computer: xxx
Description:
Intel(R) 82567LM-3 Gigabit Network Connection Link has been disconnected.
Data:
0000: 00 00 04 00 02 00 5e 00 ......^.
0008: 00 00 00 00 1b 00 04 a0 .......
0010: 00 00 00 00 00 00 00 00 ........
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........
0028: 1b 00 04 a0 ...
and
Event Type: Warning
Event Source: e1express
Event Category: None
Event ID: 27
Date: 03.09.2010
Time: 14:14:54
User: N/A
Computer: yyy
Description:
Intel(R) 82566DM-2 Gigabit Network Connection Link has been disconnected.
Data:
0000: 00 00 04 00 02 00 5c 00 ......\.
0008: 00 00 00 00 1b 00 04 a0 .......
0010: 00 00 00 00 00 00 00 00 ........
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........
0028: 1b 00 04 a0 ...
Apparently many other users seing that: http://communities.intel.com/thread/9913?start=90&tstart=0
It look like the problem is the Intels power saving mode - here is the utility from HP that disables it: sp47442.exe http://h20000.www2.hp.com/bizsupport/TechSupport/SoftwareDescription.jsp?lang=en&cc=nl&prodTypeId=12454&prodSeriesId=3785404&prodNameId=3785039&swEnvOID=2097&swLang=13&mode=2&taskId=135&swItem=vc-80464-1
Event Type: Warning
Event Source: e1kexpress
Event Category: None
Event ID: 27
Date: 03.09.2010
Time: 16:45:58
User: N/A
Computer: xxx
Description:
Intel(R) 82567LM-3 Gigabit Network Connection Link has been disconnected.
Data:
0000: 00 00 04 00 02 00 5e 00 ......^.
0008: 00 00 00 00 1b 00 04 a0 .......
0010: 00 00 00 00 00 00 00 00 ........
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........
0028: 1b 00 04 a0 ...
and
Event Type: Warning
Event Source: e1express
Event Category: None
Event ID: 27
Date: 03.09.2010
Time: 14:14:54
User: N/A
Computer: yyy
Description:
Intel(R) 82566DM-2 Gigabit Network Connection Link has been disconnected.
Data:
0000: 00 00 04 00 02 00 5c 00 ......\.
0008: 00 00 00 00 1b 00 04 a0 .......
0010: 00 00 00 00 00 00 00 00 ........
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........
0028: 1b 00 04 a0 ...
Apparently many other users seing that: http://communities.intel.com/thread/9913?start=90&tstart=0
It look like the problem is the Intels power saving mode - here is the utility from HP that disables it: sp47442.exe http://h20000.www2.hp.com/bizsupport/TechSupport/SoftwareDescription.jsp?lang=en&cc=nl&prodTypeId=12454&prodSeriesId=3785404&prodNameId=3785039&swEnvOID=2097&swLang=13&mode=2&taskId=135&swItem=vc-80464-1
Monday, August 30, 2010
CLOCK_WATCHDOG_TIMEOUT (101)
Having several BSOD with memory.dmp reporting CLOCK_WATCHDOG_TIMEOUT (101). It looks like an Intel CPU E5500 bug - Microsoft is aware about this - http://support.microsoft.com/kb/2264080 and http://support.microsoft.com/kb/975530/
Thursday, August 26, 2010
Exchange 2010 Organisational health - ECAL count is wrong
Confronted with this issue, I tried to search if and why the report lies, I found that others have the same opinion:
http://www.robichaux.net/blog/2009/11/exchange-2010-enterprise-health-and-the.php
http://www.robichaux.net/blog/2009/11/exchange-2010-enterprise-health-and-the.php
Wednesday, July 14, 2010
How to disable ActiveSync for whole OU in Exchange 2010
Get-Mailbox -OrganizationalUnit GR | Set-CASMailbox -ActiveSyncEnabled $false
RDCMan
nice tool for Windows servers support: http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=4603c621-6de7-4ccb-9f51-d53dc7e48047
Exchange 2010 OWA calendars
For those who use OWA calendars on MOSS 2007 intranet: this feature is depreciated in Exchange 2010, you must use web services instead of URL. There is a Virto webpart for Sharepoint 2007 that can help. I think MOSS 2010 should also support web services of Exchange.
Thursday, June 3, 2010
Monday, May 31, 2010
FTP does not work with UPN -with @ in the account
Oops! FTP might give an error 530 if you use UPN accounts (like zz@xx.yy) and if you moved Active Directory controllers to W2008 while your FTP is W2003.
You need a patch from Microsoft: http://support.microsoft.com/kb/956114
You need a patch from Microsoft: http://support.microsoft.com/kb/956114
Friday, May 28, 2010
SCVMM 2008 - cannot remove missing VM
When you see in SCVMM Virtual Machine status "missing", it means scvmm sql db is corrupted, most probably due to cluster mis-operation.
Try to start migrate VM on another host. When you see the duplicate VM and one of them running correctly, then you may remove mising VMs:
http://support.microsoft.com/default.aspx?scid=kb;EN-US;983839
http://technet.microsoft.com/en-us/library/ff641854.aspx
The state "missing" has a code 220, and "update failed" 107. You may need to modify script, since the code is hardcoded there:
dbo.tbl_WLC_VObject WHERE [ObjectState] = 220
vs
dbo.tbl_WLC_VObject WHERE [ObjectState] = 107
Try to start migrate VM on another host. When you see the duplicate VM and one of them running correctly, then you may remove mising VMs:
http://support.microsoft.com/default.aspx?scid=kb;EN-US;983839
http://technet.microsoft.com/en-us/library/ff641854.aspx
The state "missing" has a code 220, and "update failed" 107. You may need to modify script, since the code is hardcoded there:
dbo.tbl_WLC_VObject WHERE [ObjectState] = 220
vs
dbo.tbl_WLC_VObject WHERE [ObjectState] = 107
Thursday, May 27, 2010
Outlook 2010 direct resource booking
in Outlook 2010 direct resource booking does not work out of box:
http://support.microsoft.com/kb/982774
I learned this hard way, I was kicked out from the conference room when I was sure it was reserved by me. :)
http://support.microsoft.com/kb/982774
I learned this hard way, I was kicked out from the conference room when I was sure it was reserved by me. :)
Wednesday, May 26, 2010
Windows VDA license
Microsoft® has announced the following licensing changes for virtual desktops that will come into effect on July 1st, 2010:
• Windows® Virtual Enterprise Centralized Desktop (Windows VECD) and Windows VECD for Software Assurance (SA) will no longer appear on the price list.
• Virtual desktop access rights will become a Windows Client Software Assurance benefit. Customers who intend on using PCs covered under SA will now be able to access their Virtual Desktop Infrastructure (VDI) desktops at no additional charge.
• Customers who want to use devices such as thin clients that do not qualify for Windows Client SA would need to license those devices with a new license called Windows Virtual Desktop Access (Windows VDA) to be able to access a Windows VDI desktop. Windows VDA is also applicable to third party devices, such as contractor or employee-owned PCs.
• Windows® Virtual Enterprise Centralized Desktop (Windows VECD) and Windows VECD for Software Assurance (SA) will no longer appear on the price list.
• Virtual desktop access rights will become a Windows Client Software Assurance benefit. Customers who intend on using PCs covered under SA will now be able to access their Virtual Desktop Infrastructure (VDI) desktops at no additional charge.
• Customers who want to use devices such as thin clients that do not qualify for Windows Client SA would need to license those devices with a new license called Windows Virtual Desktop Access (Windows VDA) to be able to access a Windows VDI desktop. Windows VDA is also applicable to third party devices, such as contractor or employee-owned PCs.
Thursday, May 20, 2010
TFTP GET from Cisco
If you see strange TFTP GET packets on your network then disable service config in your Cisco:
https://supportforums.cisco.com/docs/DOC-4668;jsessionid=0551B9C9734E97DBDD582F6090C88734.node0
https://supportforums.cisco.com/docs/DOC-4668;jsessionid=0551B9C9734E97DBDD582F6090C88734.node0
Wednesday, May 19, 2010
Gigabit
Spent few moments trying to figure out why server's giga NIC sets to 100MB only... Twicked cisco switch port, restarted interface few times, even tried different distro - ubuntu instead of centos - result zero! Finally went and changed a patch cable - surprise-surpise: 1GB! IT is used to blame OS or driver, but HW is equally important...
Wednesday, May 12, 2010
Windows account lockout troubleshooting
Here is a native tool to troubleshoot Windows accounts lock out:
http://www.microsoft.com/downloads/details.aspx?FamilyId=7AF2E69C-91F3-4E63-8629-B999ADDE0B9E&displaylang=en
You can find a DC where account was locked, as well as you can to search all Event logs from all DCs:
EventCombMT.exe. Gathers specific events from event logs of several different machines to one central location.
LockoutStatus.exe. Determines all the domain controllers that are involved in a lockout of a user in order to assist in gathering the logs.
http://www.microsoft.com/downloads/details.aspx?FamilyId=7AF2E69C-91F3-4E63-8629-B999ADDE0B9E&displaylang=en
You can find a DC where account was locked, as well as you can to search all Event logs from all DCs:
EventCombMT.exe. Gathers specific events from event logs of several different machines to one central location.
LockoutStatus.exe. Determines all the domain controllers that are involved in a lockout of a user in order to assist in gathering the logs.
Thursday, May 6, 2010
Monday, May 3, 2010
Sharepoint errors 5552 and 7888
To remove repetitive errors on the MOSS 2007, set a valid domain account for the web applications.
here is someone who had similar issue in the past: http://vspug.com/rlangley/2007/10/10/failure-trying-to-sync/
In meantime trying out this free and gret app: http://spi.codeplex.com/
It helps to decypher GUIS in the event viewer. I could see that these errors are coming MySite and SSP sites.
here is someone who had similar issue in the past: http://vspug.com/rlangley/2007/10/10/failure-trying-to-sync/
In meantime trying out this free and gret app: http://spi.codeplex.com/
It helps to decypher GUIS in the event viewer. I could see that these errors are coming MySite and SSP sites.
Tuesday, March 9, 2010
Alerts in Sharepoint MOSS 2007
We have several complaints from users that they do not receive alerts. The log shows that alerts subscription are ok, but they are security trimmed. Looks strange because users actully can see the files in this document library. Logs looks like:
02/23/2010 09:10:55.88 OWSTIMER.EXE (0x04F0) 0x03C8 Windows SharePoint Services Timer 95lg Verbose Alertsjob results for immediate delivery: 334 prematches, 54 passed filtering, 24 of 54 passed security trimming, 24 final after rollup
02/23/2010 09:10:56.36 OWSTIMER.EXE (0x04F0) 0x03C8 Windows SharePoint Services Timer 95l5 Verbose AlertsJob processed 24 immediate notifications in 24 digests, sent 24 emails, failed to send 0 emails
I opened a call at Microsoft, but they could not get more data on why this security trimming is happening. They start claiming that nested AD groups are not supported by Sharepoint. Indeed the users that are included to nested AD groups were trimmed. They provided few links, but mentioned that Technet article is not released for public. After a while I discovered that alerts started to work normally even with nested AD groups. In meantime I changed account under which timer job is working from local to Domain. I can not recall any other change, may be except refreshing security on the library in question. So that must be it, timer job account must be domain in order to send alerts even to users of nested Active Direcotry groups. In any case let me give you MS provided links here:
http://blogs.msdn.com/joelo/archive/2007/06/29/sharepoint-groups-permissions-site-security-and-depreciated-site-groups.aspx - Explains the problem & a work around is provided
http://social.msdn.microsoft.com/Forums/en/sharepointworkflow/thread/65e5dfc7-626b-47f0-bf56-b58a08219db7
http://hermansberghem.blogspot.com/2008/04/windows-security-groups-vs-sharepoint.html - # 3 is Important
http://objectmix.com/sharepoint/731902-add-active-directory-user-group-sharepoint-user-group.html - It talks about work around as well
02/23/2010 09:10:55.88 OWSTIMER.EXE (0x04F0) 0x03C8 Windows SharePoint Services Timer 95lg Verbose Alertsjob results for immediate delivery: 334 prematches, 54 passed filtering, 24 of 54 passed security trimming, 24 final after rollup
02/23/2010 09:10:56.36 OWSTIMER.EXE (0x04F0) 0x03C8 Windows SharePoint Services Timer 95l5 Verbose AlertsJob processed 24 immediate notifications in 24 digests, sent 24 emails, failed to send 0 emails
I opened a call at Microsoft, but they could not get more data on why this security trimming is happening. They start claiming that nested AD groups are not supported by Sharepoint. Indeed the users that are included to nested AD groups were trimmed. They provided few links, but mentioned that Technet article is not released for public. After a while I discovered that alerts started to work normally even with nested AD groups. In meantime I changed account under which timer job is working from local to Domain. I can not recall any other change, may be except refreshing security on the library in question. So that must be it, timer job account must be domain in order to send alerts even to users of nested Active Direcotry groups. In any case let me give you MS provided links here:
http://blogs.msdn.com/joelo/archive/2007/06/29/sharepoint-groups-permissions-site-security-and-depreciated-site-groups.aspx - Explains the problem & a work around is provided
http://social.msdn.microsoft.com/Forums/en/sharepointworkflow/thread/65e5dfc7-626b-47f0-bf56-b58a08219db7
http://hermansberghem.blogspot.com/2008/04/windows-security-groups-vs-sharepoint.html - # 3 is Important
http://objectmix.com/sharepoint/731902-add-active-directory-user-group-sharepoint-user-group.html - It talks about work around as well
Tuesday, February 2, 2010
disable LDAPS/SSL weak ciphers
Disable weak ciphers in Windows 2003 DC LDAPS protocol on a domain controllers:
you may follow the tip from http://www.curtis-lamasters.com/2008/06/21/windows-iis-ssl-restrict-weak-ciphers/
you may follow the tip from http://www.curtis-lamasters.com/2008/06/21/windows-iis-ssl-restrict-weak-ciphers/
Wednesday, January 20, 2010
Linux from USB
A reminder - there is a great tool UNETBOOTIN that allows to create USB bootable for many distros - Ubuntu, Suse, FreeBSD, etc.
Monday, January 18, 2010
Windows 7 profile problems
In order to delete local copies of romaing profile, together with C: profile directory, you needs to clean ProfileList registry. Otherwise Windows 7 goes crazy.
Monday, January 11, 2010
Nessus scripts and credentials protection
Please read here to set Windows domain account that can be used in Nessus scripts:
http://www.nessus.org/documentation/nessus_domain_whitepaper.pdf
The account has registry read access, however it's not part of Domain admins.
http://www.nessus.org/documentation/nessus_domain_whitepaper.pdf
The account has registry read access, however it's not part of Domain admins.
Wednesday, January 6, 2010
Window position is off screen - black magic
right click on window in taskbar – select Move, then move mouse a little bit – you should see 4 arrows cursor– then press _keyboard_ arrow then left click mouse – windows will appear on the desktop
http://www.howtogeek.com/howto/windows/bring-misplaced-off-screen-windows-back-to-your-desktop-keyboard-trick/
http://www.howtogeek.com/howto/windows/bring-misplaced-off-screen-windows-back-to-your-desktop-keyboard-trick/
Subscribe to:
Posts (Atom)