Jul 022013
 

Had a issue where some updates where not downloading to WSUS and receiving the following application event error below:

Event ID: 364
Source: Windows Server Update Services

Content file download failed. Reason: The operation being requested was not performed because the user has not logged on to the network. The specified service does not exist. (Exception from HRESULT: 0x800704DD) Source File: /msdownload/update/software/secu/2012/04/windows6.1-kb2690533-x86_9aceb828aa625f63a9eafd56e990b722976e7e23.cab Destination File: c:\Program Files\Update Services\LogFiles\WSusTemp\9ACEB828AA625F63A9EAFD56E990B722976E7E23.cab.

 

To fix this all I had to change was the Log on As to Network Service for Update Services and then restart the service.

FIXED !

 

Jun 212013
 

Getting the following Error messages in the Application Event for both Windows 2003 and 2008 Servers

Windows 2003 R2

EVENT LOG Application
EVENT TYPE Error
SOURCE AutoEnrollment
EVENT ID 13
COMPUTERNAME PEFP
DATE / TIME 6/21/2013 7:35:44 AM
MESSAGE Automatic certificate enrollment for local system failed to enroll for one Domain Controller Authentication certificate (0x80070005). Access is denied.

Windows 2008 R2

 

EVENT LOG Application
EVENT TYPE Error
OPCODE Spooler Operation Succeeded
SOURCE Microsoft-Windows-CertificateServicesClient-CertEnroll
EVENT ID 13
USERNAME NT AUTHORITY\SYSTEM
COMPUTERNAME DBNFPAD
DATE / TIME 2013/06/21 11:26:44 AM
MESSAGE Certificate enrollment for Local system failed to enroll for a DirectoryEmailReplication certificate with request ID N/A from ????\????-CA (The RPC server is unavailable. 0x800706ba (WIN32: 1722)).

 

Checked the following on the CA server

  1. Ensure that “Authenticated Users” group is in the “Certificate Service DCOM Access” group.
  2. Check the DCOM Access Limit of “My Computer” of the DC
    •   On the server, run dcomcnfg.exe.
    • On the Component Services console, navigate to Component Services\Computers\My Computer.
    • Right-click My Computer, select Properties, verify that Enable Distributed COM on this computer is selected in the Default Properties tab.
    • Click the COM Security tab, Click Edit Limits in the Access Permission section and ensure that Everyone and Certificate Service DCOM Access has Local Access and Remote Access permissions.
    • Click Edit Limits in the Launch and Activation Permission section and ensure that Certificate Service DCOM Access group has Local Activation and Remote Activation permissions.
    • Click OK

     

Done!

Apr 052013
 

Microsoft Lync 2010 locking out Active Directory account

Had a users Active Directory account keep locking out each time logging onto machine or opening up Microsoft Lync 2010 client. This was on a Windows 7 Professional OS.

I ran the below procedure to resolve:

  1. Close all applications including Lync client
  2. Delete all files/folders from
    1. %userprofile%\AppData\Roaming\Microsoft\Communicator\
    2. %userprofile%\AppData\Local\Microsoft\Communicator\
  3. Delete the registry Key HKEY_CURRENT_USER\Software\Microsoft\Communicator
  4. Run from Command Prompt “Run as Adminsitrator”
    1. rundll32.exe keymgr.dll, KRShowKeyMgr
Apr 012013
 

The new Cisco Packet Tracer 6 looks pretty much the same as previous release 5.3.3, also still geared towards CCNA learning. I do still highly recommend using GNS3 which provides emulation instead of simulation.

Packet Tracer allows activity authoring for approximately 80% of the topics and skills required for CCNA Certification, and has relevance to CCNA-Security, CCNP, IT Essentials, and general TCP/IP courses as well. Although the program includes some sample activities, we strongly encourage you to share activities that you create with others in the CCNA teaching and learning community. In addition, integrated into the Discovery and Exploration courses are hundreds of already-written Packet Tracer activities.

The following have been highlighted as new from the previous version:

Protocol Improvements
Packet Tracer now models these new or improved features: HSRP for IPv4 and IPv6, IPv6 DHCP, IPv6 tunnel over IPv4, IPv6 DHCP binding, Send command for routers, ACL sequence numbers.

General Improvements

  •     Supports current LTS version of Ubuntu and stopped support for Fedora
  •     IOS 15
  •     HWIC-2T and HWIC-8A modules
  •     CAB-HD8-ASYNC cable
  •     IPv6 in IP Configuration under Desktop
  •     Terminal server for routers
  •     PC Firewall for IPv4 and IPv6
  •     Servers with 2 NICs
  •     Circling tool
  •     Improvements to Activity Wizard and Variable Manager

 

New Devices
Routers

  • Cisco 1941
  • Cisco 2901
  • Cisco 2911

 

 

 

Mar 182013
 

Samsung Galaxy S III versus S IV

Below table is a basic break down of the specifications difference between the Samsung Galaxy S III and S IV

 GALAXY S III S IV
CPU Exynos 4 Quad processor 1.4Ghz Exynos 5 Octa processor 4x 1.6GHz & 4x 1.2Ghz
MEMORY 1GB 2GB
Screen Size 4.8 inch 5 inch
Resolution 720×1280 1080×1920
Phone Size 136.6mm x 70.6mmx 8.6mm 136.6mm x 69.8mm 7.9mm
Weight 133g 130g
Storage 16GB, 32GB and 64GB models plus a microSD card slot Same
Camera 8Mp Rear / 1.9Mp Front 13Mp Rear / 2.1 Front @ Full HD
Feb 152013
 

Must have tool for VMWARE Administrators, and its free!

RVTools is a windows application to display information about your virtual machines and ESX hosts.

RVTools is able to list information about VMs, CPU, Memory, Disks, Partitions, Network, Floppy drives, CD drives, Snapshots, VMware tools, ESX hosts, HBAs, Nics, Switches, Ports, Distributed Switches, Distributed Ports, Service consoles, VM Kernels, Datastores and health checks.

With RVTools you can disconnect the cd-rom or floppy drives from the virtual machines and RVTools is able to update the VMware Tools installed inside each virtual machine to the latest version.

Get it here

 

Jan 232013
 

Checking System Uptime

In a previous tip we explained how you read date and time information from WMI and convert it into a regular date and time information. With this technique, you can then manipulate and calculate with the regular date and time functions. So, this piece of code returns the days a given system is running since the last reboot was done:

$os=Get-WmiObject-ClassWin32_OperatingSystem

$boottime=
[
System.Management.ManagementDateTimeConverter]::
ToDateTime($os.LastBootupTime)

$timedifference=New-TimeSpan-Start$boottime

$days=$timedifference.TotalDays

‘Your system is running for {0:0.0} days.’-f$days

from PowerShell

Jan 212013
 

When choosing between the MP4, MOV, FLV, WMV and AVI containers, MP4 is the best option.

Use MP4 with H.264 video codec and the AAC audio codec, for best compatibility and compressing your video.

H.264 video is supported by most players, browsers, plugins and devices available. It offers one of the best algorithms for compressing your video and being freely available.

I would recommend using VLC for playing your video and audit files.

For re-encoding video files I highly recommend HandBrake

Matrix of Best Video Output

Output size Filesize
320×240 pixels 400 kbps 3MB / minute
480×270 pixels 700 kbps 5MB / minute
1024 x 576 pixels 1500 kbps 11MB / minute
1280×720 pixels 2500 kbps 19MB / minute
1920×1080 pixels 4000 kbps 30MB / minute

Audio Output

Samplerate of 48 kHz for most of your videos or 22 kHZ if you are recording simple speech. Anything below 22.05 kHz will begin to degrade and distort low volume sounds such as breathing to the point where it is noticeable.

Bitrate In the end you will probably be looking at 96 – 164kbps for a stereo music tracks.  If you are once again dealing with speech only tracks you can probably even get comprehensible sound as low as 16 – 24 kbps.

Jan 092013
 

A variety of servers will need to get attention this month to correct vulnerabilities. Two are rated critical. MS13-001 corrects a print Spooler vulnerability. The remote attacker does not need to be authenticated. The workaround involves disabling the print spooler. Best practice is to disable all unnecessary services.

Vulnerabilities have been noted in XML Core Services with MS13-002 (the other bulletin for critical updates).

Microsoft indicates that SCOM 2007 servers are vulnerable to XSS attacks. It seems if users with access to the SCOM go to a malicious web site, the exploit is possible. It should be noted that SCOM 2007 SP1 has not patch at this time but there is a patch for SCOM 2007 R2.

MS13-004 will affect servers that run untrusted .net applications.

MS13-006 involves a security feature bypass vulnerability in which SSL version 3 or TLS which silently downgrades to SSL version 2 (a weak encryption technology).   The next two affect primarily workstations and Terminal servers .

MS13-005 indicates a vulnerability in the Windows kernel mode driver.

MS13-007 indicates a denial of service attack is possible but not likely with some versions of .net framework in the Open Data Protocol.

Bulletin Exploit Types
/Technologies Affected
System Types Affected Exploit
details public?
/ Being exploited?
Comprehensive,
practical
workaround
available?
MS severity rating Products Affected Notes Randy’s recommendation
MS13-0032748552 Privilege elevation Servers No/No No Important System Center Config Mgr 2007 Patch after testing
MS13-0022756145 Arbitrary code/ XML Core Services Workstations
Terminal Servers
No/No No Critical XP
Vista
Office 2003
Office 2007
Server 2003
Office Compatibility Pack
Server 2008
Expression Web
XML Core Services
Server 2008 R2
Windows 7
SharePoint Server 2007
Windows 8
Server 2012
Patch after testing
MS13-0042769324 Privilege elevation/ .Net Framework Workstations
Terminal Servers
Servers
No/No No Important XP
Vista
Server 2003
Server 2008
Server 2008 R2
Windows 7
Windows 8
Server 2012
Patch after testing
MS13-0072769327 Denial of service/ Open Data Protocol Workstations
Servers
No/No No Important XP
Vista
Server 2003
Server 2008
Server 2008 R2
Windows 7
Windows 8
Server 2012
MS13-0012769369 Arbitrary code/ Print Spooler Workstations
Servers
No/No Yes Critical Server 2008 R2
Windows 7
Restart Req’d Patch after testing
MS13-0052778930 Privilege elevation/ Windows kernel mode drivers Workstations
Terminal Servers
No/No No Important Vista
Server 2008
Server 2008 R2
Windows 7
Windows 8
Server 2012
Restart Req’d Patch after testing
MS13-0062785220 Security feature bypass/ SSL and TLS Workstations
Servers
No/No No Important Vista
Server 2008
Server 2008 R2
Windows 7
Windows 8
Server 2012
Restart Req’d Patch after testing

 

Want something better than WSUS, try Lumension Patch and Remediation

Dec 172012
 

 Event 13042

 

 

Event ID: 13042

Source: Windows Server Update

Self-update is not working

 

 

 

 

Had this error appearing on our WSUS server.

It appears Sharepoint was installed and the “Default Web Site” in Internet Information Servers (IIS) was stopped and Sharepoint Web site was using port 80

All I needed to do to resolve this issue is create a Virtual Directory point to C:\Program Files\Update Services\Selfupdate under the Sharepoint Web Site

Virtual Directory

Ensure Anonymous Access is Enabled under Directory Security for the Virtual Directory

Check that the problem has been fixed by running the following command:

“C:\Program Files\Update Services\Tools\wsusutil.exe” checkhealth

If you check in Event Viewer/Application you should see the below report:

WSUSworking

 

Source: Windows Server Update

Event ID: 10000

WSUS is working correctly