Trend OfficeScan The digital signature of the following file is invalid

 Information Technology  2 Responses »
Feb 222012
 

We started getting the following Application Events on our Trend OfficeScan servers, mixed 2003 and 2008

Event Fault:

EVENT LOG Application
EVENT TYPE Warning
SOURCE Trend OfficeScan Server
CATEGORY System
EVENT ID 900
USERNAME NT AUTHORITY\SYSTEM
COMPUTERNAME BIMJHBFP
DATE / TIME 2/20/2012 6:23:17 AM
MESSAGE Error Message: The digital signature of the following file is invalid. OfficeScan server has renamed the file to prevent OfficeScan file danamge.
C:\Program Files\Trend Micro\OfficeScan\PCCSRV\pccnt\COMMON\DWIoTrapNT.dll

RESOLUTION: [From Trend Micro]
Short:

As a workaround for this issue , you may disable check of digital signature on the files on the officescan server.

1. Set “CheckDigitalSignatureForHotfix” to ‘0’ in …\PCCSRV\ofcscan.ini
2. Stop OfficeScan Master Service
3. Rename “DWIoTrapNT.dll_Invalid” to “DWIoTrapNT.dll”
4. Start OfficeScan Master Service

Full:
This message is to inform you that the solution for Service Request ID 1-365450963 has been delivered.

SR Solution: Officescan server is designed to enumerate client files (a pre-defined list hardcoded in codes) and check digital signatures of the files and if any file has invalid digital signature or no digital signature, it will Rename/move the corrupt files.

The reported issue is caused by 10.6 GM DWIoTrapNT.dll’s digital signature is invalid. The Code signing certificate for this file expired on 16/02/2012 . Hence Officescan server renames it to *._invalid.

The issue is currently being handled by the product developement team and will be fixed by a hotfix to be released soon.

ETA for the related hotfix is 29-Feb , 2012

As a workaround for this issue , you may disable check of digital signature on the files on the officescan server.

1. Set “CheckDigitalSignatureForHotfix” to ‘0’ in …\PCCSRV\ofcscan.ini
2. Stop OfficeScan Master Service
3. Rename “DWIoTrapNT.dll_Invalid” to “DWIoTrapNT.dll”
4. Start OfficeScan Master Service
5. Deploy OSCE client

Once the hotfix is available and installed , you may enable the above feature again.

 Posted by at 12:15 pm

Event 2937 MSExchange ADAcces

 Information Technology  No Responses »
Feb 012012
 

Log Name: Application
Source: MSExchange ADAccess
Event ID: 2937
Level: Warning

Process mmc.exe (PID=10956). Object [CN=Marlene abcd,OU=Users,OU=JHB Depot,DC= abcd,DC=CO,DC=ZA]. Property [HomeMTA] is set to value [ abcd.CO.ZA/Configuration/Deleted Objects/Microsoft MTA
DEL:715951fa-c077-41e4-b2e9-3905302b91b4], it is pointing to the Deleted Objects container in Active Directory. This property should be fixed as soon as possible.

I’ve also see the following Processes
EdgeTransport.exe
powershell.exe
w3wp.exe

To Fix:

Get-Mailbox -Identity “Username” | Update-Recipient

 Posted by at 12:19 pm

Use WMI and WQL!

 PowerShell  No Responses »
Jan 202012
 

PowerTip of the Day, from PowerShell.com:

WMI is a great information resource, and Get-WmiObject makes it easy to retrieve WMI instances. First, use -List parameter to find WMI class names. For example, find classes that deal with network:

Get-WmiObject-ListWin32_*network*

Next, pick one of the classes and enumerate its instances:

Get-WmiObjectWin32_NetworkAdapterConfiguration

With WQL, a SQL-type query language for WMI, you can even create more sophisticated queries, such as:

Get-WmiObject-Query‘Select * FROM Win32_NetworkAdapterConfiguration WHERE IPEnabled=True’

 Posted by at 5:48 am

what is powershell

 PowerShell  No Responses »
Dec 072011
 

Powershell V2.0 is the current latest realease [Dec 2011], installed by default on Windows 7 and Windows Server 2008 R2; and also available for download for earlier versions of Windows both 32bit and 64bit platforms.

On Windows 7, click the Start icon, All Programs, Accessories, “Windows PowerShell” folder
or Winkey+R type Powershell and enter

Windows Powershell is basically a CLI [Command Line Interface] like cmd but much more advanced

So Powershell is a task automation framework, cosisting of a command-line shell and associated scripting language built on top of, and integrated with the .NET Framework. PowerShell provides full access to COM and WMI, enabling administrators to perform administrative tasks on both local and remote Windows systems.

In PowerShell, administrative tasks are generally performed by cmdlets (pronounced command-lets), specialized .NET classes implementing a particular operation. Sets of cmdlets may be combined together in scripts, executables (which are standalone applications), or by instantiating regular .NET classes (or WMI/COM Objects). These work by accessing data in different data stores, like the filesystem or registry, which are made available to the PowerShell runtime via Windows PowerShell providers.

Windows PowerShell also provides a hosting mechanism with which the Windows PowerShell runtime can be embedded inside other applications. These applications then leverage Windows PowerShell functionality to implement certain operations, including those exposed via the graphical interface. This capability has been utilized by Microsoft Exchange Server 2007 to expose its management functionality as PowerShell cmdlets and providers and implement the graphical management tools as PowerShell hosts which invoke the necessary cmdlets. Other Microsoft applications including Microsoft SQL Server 2008 also expose their management interface via PowerShell cmdlets. With PowerShell, graphical interface-based management applications on Windows are layered on top of Windows PowerShell. A PowerShell scripting interface for Windows products is mandated by the Common Engineering Criteria.

 

 

 Posted by at 10:17 am

Use Out-GridView Requirements

 PowerShell  No Responses »
Dec 072011
 

PowerTip of the Day, from PowerShell.com:

Out-GridView is a great way to present results in a “mini-Excel” sheet:

Get-Process|Out-GridView

However, Out-GridView has two requirements:.NET Framework 3.5.1 and the built-in script editor ISE must both be installed. ISE is not installed by default on Windows Servers. So, if you want  to use Out-GridView on server products, you will need to make sure you install the ISE feature.

On a Server 2008 R2, you could enable ISE by using PowerShell:

Import-ModuleServerManager

Add-WindowsFeaturePowerShell-ISE

 Posted by at 5:42 am

Connecting to SharePoint Document Library through UNC Path

 Information Technology  No Responses »
Dec 022011
 

If you are trying to connect to a Sharepoint document library via UNC path and receive the following error

No network provider accepted the give network path

You are probably trying to connect via Windows 2003

You need to change the Startup Type and start the WebClient Service on the server.

Also, you will need to follow the these instructions from Microsoft Technet.

http://support.microsoft.com/?kbid=841215

 

 Posted by at 11:33 am

Determining Service Start Modes

 PowerShell  No Responses »
Dec 012011
 

PowerTip of the Day, from PowerShell.com:

By using PowerShell WMI, you can enumerate the start mode that you want your services to use. To get a list of all services, try this:

Get-WMIObjectWin32_Service|Select-ObjectName, StartMode

If you want to find out the start mode of one specific service, try this instead:

([wmi]‘Win32_Service.Name=”Spooler”‘).StartMode

 Posted by at 5:20 am  Tagged with: ,

Print All PDF Files in Folders

 PowerShell  No Responses »
Nov 302011
 

PowerTip of the Day, from PowerShell.com:

Try this one-liner if you need to print out all PDF documents you have stored in one folder:

Dirc:\myfolder\*.pdf|Foreach-Object { Start-Process-FilePath$_.FullNameVerbPrint }

 Posted by at 5:34 am

Turning MultiValue WMI Properties into Text

 PowerShell  No Responses »
Nov 282011
 

PowerTip of the Day, from PowerShell.com:

When you read multivalued information from WMI or any other source, for example, network adapter IP addresses, this information is returned as a multiline string:

PS> Get-WmiObject-ClassWin32_NetworkAdapterConfiguration-Filter‘IPEnabled=true’|Select-Object-ExpandPropertyIPAddress

78.64.118.150

fe80::ad62:ac4d:4dea:936d

If you want to turn this into a list, use the operator -join:

PS> (Get-WmiObject-ClassWin32_NetworkAdapterConfiguration-Filter‘IPEnabled=true’|Select-Object-ExpandPropertyIPAddress) -join‘, ‘

78.64.118.150, fe80::ad62:ac4d:4dea:936d

It expects the multiline (array) data on its left side and the delimiter you want to use to separate the values on its right side.

 Posted by at 6:11 am

Finding IP and MAC address

 PowerShell  No Responses »
Nov 282011
 

PowerTip of the Day, from PowerShell.com:

When you query network adapters with WMI, it is not easy to find the active network card. To find the network card(s) that are currently connected to the network, you can filter based on NetConnectionStatus which needs to be “2″ for connected cards. Then you can take the MAC information from the Win32_NetworkAdapter class and the IP address from the Win32_NetworkAdapterConfiguration class and combine both into one custom return object:

PS> Get-WmiObjectWin32_NetworkAdapter-Filter‘NetConnectionStatus=2′

 

 

ServiceName              : NETw5s64

MACAddress                 : 00:22:FA:D9:E1:50

AdapterType               : Ethernet 802.3

DeviceID                       : 11

Name                                  : Intel(R) WiFiLink 5100 AGN

NetworkAddresses :

Speed                                : 54000000

This gets you the network hardware but not the network configuration. To get the configuration data for this network card (like its IP address), get the related Win32_NetworkAdapterConfiguration instance:

functionGet-NetworkConfig {

  Get-WmiObjectWin32_NetworkAdapter-Filter‘NetConnectionStatus=2′|

    ForEach-Object {

      $result= 1 |Select-ObjectName, IP, MAC

      $result.Name=$_.Name

      $result.MAC=$_.MacAddress

      $config=$_.GetRelated(‘Win32_NetworkAdapterConfiguration’)

      $result.IP=$config|Select-Object-expandIPAddress

      $result

    }

 

}

 

PS> Get-NetworkConfig

 

Name                                                              IP                                                                  Mac

—-                                                                                                                               

Intel(R) WiFiLink 5100… {78.64.118.150, fe80::a… 00:22:FA:D9:E1:50

 Posted by at 6:09 am
 Older Entries
© 2012 CompuDay Suffusion theme by Sayontan Sinha