Monday, February 28, 2011

How to reset SEPM 11 administrator password

Here's the procedure to reset the password for Symantec EndPoint Protection Manager on a Windows 2008 server. First, what you must know is that the SEPM security policy is set to lock the 'admin' account after 5 wrong passwords are entered. The 'admin' account is then kept locked for 15 minutes after which it unlocks itself automatically. If you have entered 5 wrong passwords, two solutions are available: the first one is to quietly sit in your chair, sip your coffee and wait for 15 minutes to pass. The second one consistes of one simple procedure:

Thursday, February 24, 2011

Scheduled task error 0x8007000d

Each time I deploy Windows 2003 from an image and I run sysprep, the existing scheduled tasks fail and I get the following error when trying to access each task property:

---------------------------
Task Scheduler
---------------------------
General page initialization failed.
The specific error is:
“0x8007000d: The data is invalid. An error has occurred
attempting to retrieve task account information.
You may continue editing the task object, but will be
unable to change task account information.

When I press OK, I notice that the Run As line is left blank and that the Run line is dimmed. As this is a recurring situation still today, I have decided to share the solution I have found for future use.

Tuesday, February 22, 2011

How to extract RAR archives in Ubuntu 10.10

RAR is an archive file format that supports multiple file spanning, data compression and error recovery. As a matter of fact even in Ubuntu 10.10 unrar is not pre-installed because of copyright reasons (read: RAR support is not freely available).

This problem arises when, trying to open a rar archive, you get an error message like this:
Cannot open «rar_archive.rar»

Archive type not supported.
So, before uncompressing a rar archive in Ubuntu you will need to install an application called unrar (http://packages.ubuntu.com/karmic/unrar).
To install unrar go to Terminal and fire the following command:
sudo apt-get install unrar
Now, in your terminal session, navigate to where your RAR file is stored and run this command to extract the archive:
unrar x rar_archive.rar
.. or just run this other command to list files inside your rar archive:
unrar l rar_archive.rar 
I hope this helped you !

Ubuntu Unleashed 2011 Edition: Covering 10.10 and 11.04 (6th Edition) Ubuntu 10.10 Essentials  Ubuntu 10.10, 4-Disks DVD Installation and Reference Set, Ed.2011

Friday, February 18, 2011

Useful commands for checking NetApp filers

I have spent a lot of time working with NetApp NAS filers these last weeks. Here are the 10 commands that I estimate useful to learn and remember to check your filer's configuration. These commands are not meant to configure your filer NetApp, but just to check that everything is up and running. For information on how to configure NetApp, please refer to this other post.
  • sysconfig : shows hardware configuration. It can be used to check for hardware configuration errors by adding the -c switch: sysconfig -c 
  • version : displays Data OnTap version information 
  • uptime : displays the system uptime id days, hours, minutes. It also shows the number of NFS, CIFS, HTTP, FCP and iSCSI operations
  • df -A -h : displays aggregate usage in human-readable format. The total capacity is whosn as well as used and available gigabytes. 
  • aggr status -i : displays aggregate and volumes contained in each aggregate and their status 
  • df -h : this well know command displays volume usage in human-readable format 
  • df -i : displays inode utilization (iused, ifree and %iused) per volume 
  • qtree status : show a list a volumes and qtrees, their status and their style (unix, ntfs) 
  • qtree stats : displays qtree statistics, ie NFS and CIFS ops per qtree 
  • /etc/quotas : this file stores the configuration of all the qtrees in the filer volumes. It can be used to see the qtrees quotas: cat /etc/quotas.
 I hope this helps!

Tuesday, February 15, 2011

Trend ServerProtect 5.8 connectivity issue with NetApp Filer

These days I have been struggling to configure Trend ServerProtect 5.8 for Netapp. I have encountered many problems due to the fact that installing Trend on a Windows 2008 R2 does not make the antivirus immediately ready to work with the filers.

In fact, even if we configure the access to the NetApp using an account who belongs to the ‘Account Operators’ group on the NetApp, the NetApp won’t be able to access the named pipe NTAPVSRQ which has been setup on the Windows 2008 R2 Scan Server. This is due to a problem with the way the filer tries to authenticate to the Windows 2008 R2 Scan Server.

Let’s first see the workflow which is used by the Antivirus to check for files stored on the NetApp. Then it will be easier to understand the problem.
  1. A user asks for a file (such as a word document or an excel spreadsheet)
  2. The NetApp anonymously opens a named pipe over SMB toward one of the defined Trend Scan Servers. The action is: SMB: C; Nt Create Andx, FileName = \ntapvsrq
  3. Once the named pipe has been setup, the NetApp filer sends a MSRPC request to the Scan Server containing the path to the file to scan. The path structures is : \\x.x.x.x\ONTAP_ADMIN$\volume\vol1\qtree\testfile.xls
  4. At this time the Scan Server knows the path to the file to scan, so it starts a spntsvc.exe process that connects to the filer, retrieves the part of the file to be scanned and sends back a response the filer telling the outcome of the scan operation.
The problem is that in Windows 2008 R2 the security has been widely improved, and anonymous access to named pipes and shares is forbidden unless explicitly declared in the Local Security Policy.

So the NetApp filer will continuously report that the Trend Scan Server has disconnected from the filer. Usually this error is logged every 6 minutes in the filer's syslog (/etc/messages), or anytime the filer attempts to scan a file for a user. Soon after the disconnect warning, the filer will report in the log that the Scan Server has successfully registered again.

The errors in the messages log on the NetApp are:

Tue Feb 15 17:19:58 CET [netapp: cifs.pipe.errorMsg:error]: CIFS: Error on named pipe with trendserver: Error connecting to server, open pipe failed
Tue Feb 15 17:19:58 CET [netapp: cifs.server.infoMsg:info]: CIFS: Warning for server \\trendserver: Connection terminated.
Tue Feb 15 17:19:58 CET [netapp: vscan.server.connectError:error]: CIFS: An attempt to connect to vscan server \\trendserver failed [0xc0000022].
Tue Feb 15 17:19:58 CET [netapp: vscan.dropped.connection:warning]: CIFS: Virus scan server \\trendserver (x.x.x.x) has disconnected from the filer.
Tue Feb 15 17:20:18 CET [netapp: vscan.server.connecting.successful:info]: CIFS: Vscan server \\trendserver registered with the filer successfully.

What is funny is that nothing, I mean no warnings, no errors, no pop-ups, no blinking exclamation marks, nothing appears in the Trend Management Console nor in its logfiles. The only symptom (before looking in /etc/messages on the NetApp filer) is a pop-up message to the users trying to open NAS stored documents that say: ‘Access denied. Contact your administrator.’

The solution consists of four modifications to the Local Security Policy in order to allow unrestricted access to the NetApp nemaed pipe. On your Windows 2008 R2 Scan Server, click Administrative tools then Local Security Policy then Local Policies then Security options and change following settings:
  • Network access: Named Pipes that can be accessed anonymously – Add NTAPVSRQ to the list. Note that this key should already be present, as well as TMRPC\SPNTSVC and TMRPC\StWatchDog. These three keys are added to the Local Security Policy when you first configure your Scan Server form the Trend Management Console.
  • Network access: Let Everyone permissions apply to anonymous users – Set it to ‘Enabled
  • Network access: Do not allow anonymous enumeration of SAM accounts – Set it to ‘Disabled
  • Network access: Restrict anonymous access to Named Pipes and Shares – Set it to ‘Disabled
The problem will be solved as soon as you reboot the Trend Scan Server to confirm the modifications you have made. Yes, Windows 2008 R2 hasn’t changed. It stays always as stupid as it was ten years ago: every modification you will make will need one full reboot! That’s why testing this solution took me so much time. Not to mention that nothing is found on this problem on Trend’s website. If I only think that people at Trend cry out loud that ServerProtect for NetApp 5.8 supports Windows 2008 R2 servers... Microsoft and Trend left me lost for words once more.

A last note for Windows admins - Here’s a list of tools you might find useful to diagnosticate this kind of issues:
  • Learn to use Network Monitor 3.4 for Windows 2008 R2 (remember to activate the parser for Windows events) and you have a view form inside on the traffic generated and received by your Windows box;
  • Learn to use Procmon, because this tool will give the best insight of the activity of you Windows system;
  • Be friend with your Network Administrator, he and only he will be able to show you whatever is happening between your NetApp filer and your Antivirus Scan Servers;
  • Get an account on kb.netapp.com, because kb articles concerning NetApp filers are closed to unregistered users!

Saturday, February 12, 2011

Microsoft has released Windows 2008 R2 SP1

Microsoft has announced the release of the first Service Pack for Windows Server 2008 R2 and for Windows 7. This same package will also apply for Microsoft Hyper-V Server 2008 R2, which is the free version of Hyper-V. The relase date will be February, 16th 2011 for MSDN and Technet subscribers and for those who have a Volume License (VL). Everybody else will have to wait for February, 22nd 2011, when the SP1 will be released through the standard Windows Update channel as an important update.

You can read more about these releases here. The Windows 7 version has just a few fixes, but the 2008 R2 Server edition will have RemoteFX and a dynamic memory adjuster for Hyper-V.

If you wanted to install it on a Windows Server running Exchange 200 7 SP3 or Exchange 2010, maybe you should read this first: Windows 2008 R2 SP1 general availability and what it means for Exchange

If you are willing to learn more about Windows 2008 R2 SP1 Dynamic Memory, I deeply suggest you to watch the three following videos by John Savill:
Finally, check out this video on RemoteFX: Windows Hyper-v 2008 R2 SP1 RemoteFX

Happy testing !
Related Posts Plugin for WordPress, Blogger...