Monday, April 11, 2011

Error: Could not stat() command file ‘/usr/local/nagios/var/rw/nagios.cmd’!

I got this error when setting up a fresh install and for some weird reason this was simple as stopping Nagios twice, at some point I must have started it twice and I just had to stop twice and start up Nagios again.


Error Message:

Error: Could not stat() command file ‘/usr/local/nagios/var/rw/nagios.cmd’!


/etc/init.d/nagios stop
/etc/init.d/nagios stop
/etc/init.d/nagios start

and everything was ok!


Posted by admin in
Permalink

Updating DynDNS via commandline in ubuntu

Updating Ubuntu via command line for DynDNS might be something you need to do as well, here is an easy way to get that done.

Running a Linode I decided it would just be easier to use Dynamic DNS for the name as I am a firm believer in using DNS for everything over remembering IP Addresses. The problem with DynDNS is that after 30 days of no updates it will expire any DNS entry you have submitted if it isn’t updated, for this reason you need to have some sort of automated update utility in those situations to just keep the lights on.


Install the package via apt

sudo apt-get install ddclient

The gui then runs in command line with pretty straightforward questions that you can answer easily (such as your user and password), you can even let it detect your dns entries available from that account.
once that is done it is best to configure the system to actually auto update do this by editing the conf file

sudo nano /etc/ddclient.conf

add the following line

daemon=1036800

that number is the number of seconds in 12 days, you can make that whatever you want but I have a static IP so all i want it to do is update faster than the minimum expiry window which is a month, this way it tries twice in a month in case the first one tires out for any reason.

Hint: if you are too lazy to figure out “12 days in seconds” like me, just google exactly that phrase and it will convert it for you! http://lmgtfy.com/?q=12+days+in+seconds


Why Bother with DNS updates at all if you have a static IP?

I find this is more than ever a good habit with the inevitable IPV6 impending doom, you might find it easy to remember your current 32-Bit address such as 10.1.1.100 but how will you be when that IP changes to 0000:0000:0000:0000:0000:0000:0a01:0164, seems simple now since you are only using the first 32-Bits for them but once we start using the rest of that 128-Bits, everything will change. There will be no asking someone to ping fe80:0:0:0:202:b3ff:fe1e:8329 will there? (or at least I hope not).

If you need more guidance because things aren’t working how they should then there is a great article on the Ubuntu site.

https://help.ubuntu.com/community/DynamicDNS


Posted by admin in
Permalink
Thursday, March 31, 2011

OSX SSH Client Alternative

I was looking for an alternative to using the default OSX SSH client built into the terminal, something that would be similar to Putty for windows.
I wanted something with bookmarks and ideally something free (because I’m cheap), unless something really did something super for me in the world of secure terminals I can’t see a reason to pay for it.

I was also getting annoyed by the issue of the built in terminal using my mac account by default when i tried to ssh as i would always forget to put in the “-l root” or “ssh user@1.2.3.4” or similar before hitting an IP. If this is your single issue however there is a solution.
http://fabien.potencier.org/article/19/quick-ssh-tip
Which means that once you have that alias setup, it isn’t ideal however.

I ended up with iTerm2 as my choice http://code.google.com/p/iterm2/


Posted by admin in
Permalink
Saturday, March 26, 2011

MacBook Air Freezing iTunes issue

Some steps to attempt to resolve lockups when opening itunes.

I have the current model (2010) macbook air and since updating all the software including an itunes and osx combo update everything freezes and the only resolution is to power down and back on again.

Any attempt to open itunes freezes the computer completely, from reading up it seems this issue is isolated to the current model of the MacBook Air.


Following articles such as this one: http://discussions.apple.com/thread.jspa?threadID=2790878&start=30&tstart=0
I have found some different techniques to try and resolve the issue but these seem to be temporary fixes around permissions issues.

People have gone to the extreme of wiping their osx install and instaling all combo/incremental updates with an empty itunes library and still seeing the issue when patches are up to date so this issue looks to be in the release of the latest combo fix.

The list of fixes for different people are listed as everyone seems to have a different fix, I’ll try to keep this list up to date and in order of easiest to most complex.

1. reboot twice in a row without opening itunes - Simple as it seems, it has resolved the issue for some

2. run disk utility and choose “repair permissions”

3. An article at Macnn suggests the following: “A second method in case the first one doesn’t work involves locating and deleting the file “iTunes Library Genius.itdb,” which is located in a user’s home folder inside the iTunes folder, which is itself inside the Music folder (or ~/Music/iTunes). The user then launches iTunes but immediately quits it, and then launches again closing the sidebar. The action forces the Genius function to rebuild its database, which appears to resolve the issue.”

4. run disk utility and repair permissions in safe mode - some files are inaccessible when not in safe mode so this can circumvent that issue, safe mode is accessed by holding shift when powering on and booting the machine.

5. run disk permissions when booting from the osx install usb stick - again to get around issues with files that are being accessed by the running operating system this is just a more extensive and complete way of repairing the permissions

6. wireless internet related - some people seem to be seeing problems related to their wireless, I actually lose my wireless settings for my wireless networks after this lockup myself, the suggestion is to use an ethernet adaptor and try disabling wireless all together.

Hopefully one of these many fixes holds you over until apple decide to fix the issue.


Posted by admin in • OSX
Permalink
Friday, December 03, 2010

Spyware Removal for today - what’s good right now for getting rid of nasty spyware

Spyware/Malware/Rootkits are a nightmare for any IT department big or small, when you have the option i almost always just prefer to re-image a machine to be 100% sure of removing the nasties as rootkits can embed themselves so deep in the OS its just a hopeless battle where you end up destroying the install and wasting alot more time just trying to remove it than a re-image would take. Your milage may vary and this is obviously a situational decision as you may not have the resources to re-image at will and get someone up and running again in an hour.

Should you be in that situation where getting rid of the offender is your chosen plan of attack then here is some newer tools that may help you down that road.

I have had people ask me my thoughts on safety.live.com, to me it seems like just a baby web based MSE alternative and whilst MSE is quite good for prevention I’m not confident of its abilities to remove harsh infections that are already present.

So heres my list of removal tools and the order in which I would use them (sites hyperlinked for your convenience):

1. ComboFix - Freeware and quite compact, it seems to be VERY affective at getting some of those common and really stubborn system based attacks, always a first port of call.

2. Super Anti Spyware and MalwareBytes are on par for me as paid secondary cleanup apps, I don’t use them as much since the paid versions are where its really at for long-term assistance. but if you need to be sure that a system is clean it is definitely worth using a second scanner on top of combofix to be 100% sure, SAS has a solid reputation and would be the one I would go to first in most situations.


Platform(s) Affected: Windows XP, Windows 2000, Windows Server 2003 32-bit

Posted by admin in • Windows 7Windows Server 2008Windows Vista
Permalink
Monday, September 13, 2010

Dell Latitude E6500 Broadcom USH Driver

The Driver you need to get this to be found properly in device manager is the Dell ControlPoint Security Device Driver.

Dell link below but this is for Windows 7 64Bit, so find your specific one when looking on the Dell site.

I don’t have this fingerprint scanner installed on our standard hardware set but its listed as a device in the Bios so I assume its still there and I just don’t have the physical fingerprint scanner connected.

Dell Link


Wednesday, August 18, 2010

Query Dell Service Tags Remotely

I had a troublesome machine that wouldn’t allow any software to be installed on it and needed its service tag for warranty purposes, the machine was also in another state so was out of my reach.
the following simple scripts poll WMI and in a VERY simple window that anyone can use, allow you to find out its service tag quickly and easily.

Also in this case I also needed to know its model number and you can easily do so by dumping this servicetag into the drivers download section of the dell support site and it will list the model when it lists the drivers!

Of course this is a very manual process and there are much more effective inventory methods that scale.
Examples of such are Microsoft SMS/SCCM, Altiris, Dell Inventory Software, Spiceworks etc


Open notepad and copy the following text and paste it into your blank notepad
—————COPY EVERYTHING BELOW THIS LINE—————

on error resume next
strComputer=InputBox (“Enter the computer name of the server you’d like to query for Service Tag”)
Set objWMIservice = GetObject(“winmgmts:\\” & strComputer & “\root\cimv2”)
set colitems = objWMIservice.ExecQuery(“Select * from Win32_BIOS”,,48)
For each objitem in colitems
Wscript.echo “Dell Service Tag: ” & objitem.serialnumber
Next

—————COPY EVERYTHING ABOVE THIS LINE—————
PLEASE MAKE SURE NO WORD WRAPPING IS HAPPENING IN YOUR NOTEPAD!!!
save the file as DellServiceTag.vbs to a location you will remember
when you execute the script, it will prompt you for a computer name, type in the computer name of the dell machine you are trying to gather information from into the message box and hit OK
You will then receive another message box with the dell service tag.
If you want to run this against multiple machines then do the following:

Open notepad and copy the following text and paste it into your blank notepad
—————COPY EVERYTHING BELOW THIS LINE—————

on error resume next
Wscript.echo strComputer & “: ” & objitem.serialnumber
Set objWMIservice = GetObject(“winmgmts:\\” & strComputer & “\root\cimv2”)
set colitems = objWMIservice.ExecQuery(“Select * from Win32_BIOS”,,48)
For each objitem in colitems
Wscript.echo “Dell Service Tag: ” & objitem.serialnumber
Next

—————COPY EVERYTHING ABOVE THIS LINE—————
PLEASE MAKE SURE NO WORD WRAPPING IS HAPPENING IN YOUR NOTEPAD!!!
Save the file as bath_DellServiceTag.vbs
Now open a new Notepad and follow this format:
C:\path\to\my\scripts\> cscript servicetag.vbs pc1 >> service_tag.txt
C:\path\to\my\scripts\> cscript servicetag.vbs pc2 >> service_tag.txt
C:\path\to\my\scripts\> cscript servicetag.vbs pc3 >> service_tag.txt
C:\path\to\my\scripts\> cscript servicetag.vbs pc4 >> service_tag.txt
Replace pc1, pc2, pc3 with your actual computer names.

save the file as dell_service_tag.bat.
Double click on the dell_service_tag.bat file and you will be left with service_tag.txt with all of your PC’s Dell Service tags inside
This information was found on http://www.rokus.net/.


Posted by admin in
Permalink
Tuesday, July 13, 2010

The master browser is stopping or an election is being forced

One, or both of the following may be present in a clients events. If so then the solution is to alter the registry keys as listed to resolve the messages continual appearance.


Error Message:

The browser has received a server announcement indicating that the computer

is a master browser, but this computer is not a master browser.

The master browser has received a server announcement from the computer

that believes that it is the master browser for the domain on transport NetBT_Tcpip_{000000000000000000. The master browser is stopping or an election is being forced.


In order to stop this error from occuring, use Regedit and set the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Browser\Parameters\MaintainServerList from Auto or YES to FALSE

System Key: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Browser\Parameters]
Value Name: IsDomainMaster, MaintainServerList
To prevent an NT Workstation or Server (non-PDC) from acting as a browser, create a new string value, or modify the existing value, named “MaintainServerList” and set it “No”, the other options are “Yes”, “No” or “Auto”.


EventID:

Log Name:    System
Source:      bowser
Date:      13/07/2010 3:56:00 PM
Event ID:    8005
Task Category: None
Level:      Warning
Keywords:    Classic
User:      N/A
Computer:   

Description:
The browser has received a server announcement indicating that the computer

is a master browser, but this computer is not a master browser.


Log Name:    System
Source:      bowser
Date:      13/07/2010 3:56:00 PM
Event ID:    8003
Task Category: None
Level:      Error
Keywords:    Classic
User:      N/A
Computer:   

Description:
The master browser has received a server announcement from the computer

that believes that it is the master browser for the domain on transport NetBT_Tcpip_{. The master browser is stopping or an election is being forced.


Monday, March 29, 2010

Disable windows SMB signing

Disabling smb signing

Sometimes this may be necessary and the following articles will help you to decide if that is worthwhile for you and if you do how to do it on various operating systems.

Background
http://en.wikipedia.org/wiki/Server_Message_Block

Windows 2003 server
http://support.microsoft.com/kb/325379#1

Vista and server 2008
http://www.petri.co.il/how-to-disable-smb-2-on-windows-vista-or-server-2008.htm


Posted by admin in
Permalink
Tuesday, January 12, 2010

JRNL_WRAP_ERROR

13568 Event ID
this error used to plague me alot more with windows 2000 servers but i recently had a case of it with server 2008 so i thought id resurrect this fix.


Follow these steps from kb290762.

To perform a nonauthoritative restore, stop the FRS service, configure the BurFlags registry key, and then restart the FRS service. To do so:
1. Click Start, and then click Run.
2. In the Open box, type cmd and then press ENTER.
3. In the Command box, type net stop ntfrs.
4. Click Start, and then click Run.
5. In the Open box, type regedit and then press ENTER.
6. Locate the following subkey in the registry:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servic es\NtFrs\Parameters\Backup/Restore\Process at Startup
7. In the right pane, double-click BurFlags.
8. In the Edit DWORD Value dialog box, type D2 and then click OK.
9. Quit Registry Editor, and then switch to the Command box.
10. In the Command box, type net start ntfrs.
11. Quit the Command box.

When the FRS service restarts, the following actions occur:
• The value for BurFlags registry key returns to 0.
• Files in the reinitialized FRS folders are moved to a Pre-existing folder.
• The FRS database is rebuilt.
• The member performs an initial join of the replica set from an upstream partner or from the computer that is specified in the Replica Set Parent registry key if a parent has been specified for SYSVOL replica sets.
• The reinitialized computer performs a full replication of the affected replica sets when the relevant replication schedule begins.

If you still continue to recieve JRNL_WRAP_ERROR then you wil need to perform an Authoritive Restore. To do this simply follow the same procedure but enter “D4” in the reg key.


Posted by admin in
Permalink
Tuesday, December 22, 2009

452 4.3.1 Insufficient system resources

A specific application we use for CRM was having issues with erratic email sending.
An issue was observed as an error in SMTP as “452 4.3.1 Insufficient system resources”
This error could be reproduced by hitting one of our Hub Transport Servers with any computer able to smtp to it
Based on smtp security hitting the other server giving the following (and correct error) proving the service was operating correctly but refusing me based on relay permissions
“421 4.3.2 Service not available, closing transmission channel”

We are running a dual Hub Transport Setup for HA (High Availability)


Error Message:

It looks like although both server are redundant smtp servers (Hub Transport Role);
*assumption* the specific server using them for SMTP sending has no redundancy set in its attempts at hitting an smtp server so although one was having issues it never fell over to the other, normal mail did fall over and thus why the issue only affected this specific app and not all mailflow.

The problem server had run below 1gb of disk space on the primary partition (C:) and Exchange 2007 SP1 has a setting that is called “Back Pressure” and if certain stats break rules since the queue is in a Jet Database now it will stop things to ease the pressure on resources (such as too much memory or too high an I/O level or in this case, too little disk space for the queue/logs). This explains why the issue was intermittent as the back pressure service kept turning itself on and off.


Sufficient data was moved from the C drive to the D drive,D Drive contained 40gb of disk space

This freed the initial space, to prevent this issue happening again i followed the Microsoft article on how to move the queue and logs

http://technet.microsoft.com/en-us/library/bb125177.aspx

This moves both the queue database and the queue logs to prevent this issue from cropping up again, should the issue reoccur then the queue and logs are not to blame, this will assist in a process of elimination should the issue come up again.

As per the above linked Microsoft article, the following changes were made

C:\Program Files\Microsoft\Exchange Server\V14\Bin\EdgeTransport.exe.config
Was backed up as
C:\Program Files\Microsoft\Exchange Server\V14\Bin\EdgeTransport.exe.config.backupfile
file
And In:
C:\Program Files\Microsoft\Exchange Server\V14\Bin\EdgeTransport.exe.config

data  

Changed to


Posted by admin in
Permalink
Monday, October 19, 2009

The evaluation period for Microsoft Office Live Communication Server 2005 has expired

All of a sudden my LCS/OCS server shot this message in the application event log and the server wouldn’t start.


Error Message:

Event Type: Error
Event Source: Live Communications Server
Event Category: (1000)
Event ID: 12290
Date: 19/10/2009
Time: 9:10:42 AM
User: N/A
Computer: INTGVIRT2K3004
Description:
The evaluation period for Microsoft Office Live Communication Server 2005 has expired. Obtain the released version of this product and upgrade to the non-evaluation version by running setup.exe

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


The error is because of patch KB974571, the only current resolution is to remove it.
For those not aware of how to uninstall patches. it’s now hidden in add/remove programs there is a tick box at the top that says “show updates”.
Once ticked, search for the update, uninstall and then reboot and the problem should be resolved.

This issue has been addressed on technet:
http://blogs.technet.com/dodeitte/archive/2009/10/13/do-not-apply-kb974571-to-lcs-ocs-servers.aspx


Posted by admin in • Windows 2003 Server
Permalink
Thursday, October 08, 2009

EVENT ID 36881 Schannel Error

I received this error on a box that holds a database that polls LDAP once a day on LDAPS to get our user directory for its contact info etc.
This error started after certificates rotated on some of the boxes and it must have rotated on the box this server polls to get the AD info from.


Thanks to Microsoft the solution was simple but annoying, a scheduled reboot of the machine.
http://support.microsoft.com/kb/839514


EventID:

Event Type: Error
Event Source: Schannel
Event Category: None
Event ID: 36881
Date: 7/10/2009
Time: 6:38:56 PM
User: N/A
Computer:

Description:
The certificate received from the remote server has expired. The SSL connection request has failed. The attached data contains the server certificate.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:


Tuesday, October 06, 2009

Unable to initialize the protocol stack error code is

MY LCS 2005 server decided to stop communications to my OCS 2007 server, any user on the ‘07 server saw the ‘05 users presence as “unknown”.
Upon further investigation i found the issue was the certificate had expired and so TLS had stopped working.


Process of resolution was to install a new cert and define that cert in the Mutual TLS connection in the properties of the ‘05 server.

Step-by-step guide is as follows:
Start->run->mmc

in console(mmc)
file-> Add/Remove snap-in
Add->Certificates->computer account (certificates) -> finish -> close -> OK
Breaking out the tree and into personal then certificates, you should see the cert that is listed with the expiry date that means its no longer valid.
This is preference but i chose right click-> All tasks -> Request Certificate with same key
This is pretty much a click next setup, don’t worry about advanced options.

Once this is done, go into the LCS mmc console to administer your LCS server:
Forest->domains->

->live communications servers and pools ->

-> [right click] properties ->
Under connections you will have at least two (tcp and mutual TLS) and highlighting the Mutual TLS and choosing edit you can choose the select certificate option and install the new certificate, mine whinged about the cert not being valid yet but i selected it anyway and with a server restart and a disconnect and reconnect manually on the client, i had full connectivity again.


EventID:

A number of event ID errors were coming up for me such as the following across both LCS and OCS servers:
event ID: 14397
A configured certificate could not be loaded from store. The serial number is attached for reference.

Extended Error Code: 0x800B0101.
Cause: This could happen if the certificate is not found. This could also happen if the server has insufficient privileges to read the certificate or to access the store containing the certificate.

event ID: 16417

Unable to initialize the protocol stack. The service has to stop.

event ID: 12299

The service is shutting down due to an internal error.

Error Code: 0x800B0101.
Resolution:
Check the previous event log entries and resolve them. Restart the server. If the problem persists contact product support.

event ID: 14502

A significant number of connection failures have occurred with remote server

IP

. There have been 60 failures in the last 0 minutes. There have been a total of 60 failures.
The specific failure types and their counts are identified below.
Instance count   - Failure Type
60           8007274D
           
         
This can be due to credential issues , DNS , firewalls or proxies. The specific failure types above should identify the problem.

event ID: 14428

TLS outgoing connection failures.

Over the past 0 minutes Office Communications Server has experienced TLS outgoing connection failures 1 time(s). The error code of the last failure is 0x80090328 (The received certificate has expired.) while trying to connect to the host “INTGVIRT2K3004.integ.net.au”.
Cause: Wrong principal error could happen if the peer presents a certificate whose subject name does not match the peer name. Certificate root not trusted error could happen if the peer certificate was issued by remote CA that is not trusted by the local machine.
Resolution:
For untrusted root errors, ensure that the remote CA certificate chain is installed locally. If you have already installed the remote CA certificate chain, then try rebooting the computer.

event ID: 14359

Unable to use the default outgoing certificate.

Error 0x800B0101 (A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
).
Cause: The certificate may have been deleted. It could also happen if the certificate has become invalid or due to insufficient permissions.
Resolution:
Ensure that the certificate is present and valid in the local computer certificate store. Also ensure that the server has sufficient privileges to access the store.

event ID: 14397

A configured certificate could not be loaded from store. The serial number is attached for reference.

Extended Error Code: 0x800B0101.
Cause: This could happen if the certificate is not found. This could also happen if the server has insufficient privileges to read the certificate or to access the store containing the certificate.


Platform(s) Affected: Windows Server 2003 32-bit, Windows Server 2003 64-bit

Posted by admin in • Windows 2003 Server
Permalink
Page 2 of 6 pages  <  1 2 3 4 >  Last »