One of our information security auditors recently had the motherboard on his laptop replaced to fix the "shutdown on its own" issue he'd been having for a while.  When he got the laptop back, his BIOS level fingerprint logins (to unlock the hard drive and BitLocker key) were no longer working.  Also, the x64 VMware machine he uses for audits would no longer boot.  The VM issue was pretty clear.  The CPU virtualization setting in the BIOS was disabled and needed to be turned back on.  The fingerprint issues, however, took a little more digging to figure out.  Eventually we realized the TPM on the new motherboard was not activated.  Once we activated and initialized the TPM, then turned BitLocker off and back on (without decryption), all the pre-boot login information unlocked by the fingerprint started working again.

One of our customers is using Microsoft System Center Configuration Manager (SCCM) to manage software on their network. SCCM requires a client to be installed on each computer. They wanted to use a VB script that checks common errors that cause the SCCM client to stop working and will install the client if it is not installed. I modified a script that was downloaded from the Internet that seemed to meet their needs. The customer has VB scripts set to edit instead of open, so I had to call the VB script from a batch file using cscript. Read More...

I recently ran into a situation wehre Windows 2003 SBS was refusing remote desktop connections completely because two people were logged in remotely. I had logged in to a customer’s Windows 2003 SBS to help troubleshoot various connectivity.  I needed to have the customer also be able to RDP to the server, but when they tried to connect to the server it said that it could not be reached.  This server was not running terminal services on it, which means that the server is limited to having two remote connections at a time.
 
Normally, on a regular Windows 2003 Server (not SBS), it will go ahead and allow the remote desktop connection to be established, but it will display an error message at login stating that the maximum number of sessions on the server has been reached.  In this case, it refused connections entirely for remote desktop, but the server could be pinged. What I didn’t realize initially was that there was another person logged into the server besides me.  When I logged off, then the customer could immediately contact the server again.
 

1.  From the command prompt on the source DHCP server run the following command:

        netsh dhcp server export c:\dhcp.dat all

2.  Copy the “dhcp.dat” file to the new, or destination, DHCP server and run the following command:

        netsh dhcp server import c:\dhcp.dat all

While running the export command, the DHCP service will be temporarily stopped and won’t respond to DHCP requests.  Also, the import will fail if there are any existing DHCP scopes that overlap with the original DHCP servers configuration.

In working with XenServer over the past couple of months, I have found that information is harder to come by than it is with VMware. We are only using XenServer for one customer and they are using the free version so support is not an option. Up until last week, I had no need to get into the CLI of Xen much. It’s pretty easy to configure via XenCenter and our setup is pretty simple. However, the other day, our monitoring software detected an issue where the network interfaces on one of the monitored VMs was logging a high number of discards. One of the peculiar things was that the discards were the exactly the same for Tx and Rx. After some research, I decided that it would be a good idea to run off all the offloading features in XenServer. XenServer sees network interfaces in two forms: physical interfaces (pifs) and virtual interfaces (vifs). Pifs are the actual connections to the server. Vifs are the NIC interfaces of the VMs. Naturally, turning off all of this can only be done via the XenServer CLI. So, part one of the gotcha…here is a set of scripts that can help in manipulating network interfaces in Xenserver
 
Script to turn off all offloading techniques off on all vifs and pifs: Read More...

We recently encountered some machines running Windows Embedded with the Write Filter enabled that were losing their trust relationship with an Active Directory domain due to mismatched passwords associated with computer accounts. Read More...

One of our customers was having problems connecting Outlook to exchange accounts hosted with Microsoft through their Office365 program. The machines in the domain running Windows XP with Office 2007 had no problem connecting, but none of the Windows 7 machines with Office 2010 were able to connect. Since the email accounts were hosted at Microsoft, Outlook was using port 80 web traffic to establish a connection. After exempting the source IP of the test machine from filtering in the Barracuda, the connection immediately worked. This proved that something was not working correctly inside the Barracuda.

The domain outlook.com was whitelisted prior to these changes. After talking to Barracuda tech support, they found several IP addresses that Outlook was trying to contact. They suggested adding those IP addresses to the list of IP addresses that bypass the Barracuda, which is the proxy server, and opening port 80 for those IP addresses on the firewall. We made the suggested changes and it worked correctly. The Barracuda engineering department found that the traffic to outlook.com was being redirected to live.com, and therefore being dropped by the Barracuda. Barracuda suggested we add an expression to the Barracuda to allow port 443 traffic to live.com, but they later said we would probably have to whitelist live.com for this to work properly. We chose to just leave port 80 open to those IP address on the firewall and have clients bypass the proxy for those addresses.
 
When troubleshooting issues that might be related to the Barracuda, it is often helpful to temporarily exempt the source IP of the machine on which you are working. When the Barracuda is in Forward Proxy mode, this can be done by going to Advanced > Proxy. Add the IP to the Source IP group under the Proxy Authentication Exemptions.

We recently became aware of a problem with Exchange 2010 users being unable to set their out of office settings.  With their legacy Exchange 2003 mailboxes, they could set out of office.

When trying to set out of office within Outlook, users would get an error message that the Exchange server could not be contacted.  Performing the “Test e-mail autoconfiguration” kept failing to connect to the server with HTTP status code 401 Unauthorized.  It was also noted that OWA would not allow logins because the login credentials would not work for anyone.

After trying to troubleshoot permission problems within IIS of the mail server, I eventually came across this thread:Read More...

One of our customers has a point-to-point wireless connection, which started failing with an error that indicated problems with radio interference.  I ran the utility to check for busy radio channels, but it did not indicate any problems.  (Many channels came back as completely unused.)  I eventually reduced the transmit power of the root-bridge radio, which caused the connection to come back up. 

In retrospect, the issue was likely caused by a reflection that caused a second radio signal out of phase with the original signal.  This reduced or eliminated the signal at the antenna.

I was recently trying to factory reset a Cisco Express 500 switch for use at a customer site.  I researched Cisco’s website and other websites, but nothing I tried would work.  The basic steps are these:

1. Hold down the mode button while applying power to the switch.
2. After the mode lights turn amber, let go and the switch will reset to defaults.
3. After a short time a port (usually port 1) light will start blinking.  Plug your workstation/laptop into that port.  Your workstation/laptop should then acquire a DHCP address from the switch.
4. You should then be able to access the web GUI using the default IP address.

Unfortunately, none of the online documentation I read mentioned the fact that this only worked when Windows XP was the operating system.  Windows Vista or Windows 7 will not work.  I did not find this out until after the fact when another engineer, who had also struggled with this issue, informed me that this was the case. 

Cisco SGE2000 switches (and other Cisco switches) with a web interface still require that the running configuration get saved to the startup configuration.  Oddly, the option is buried under the “File Copy” menu option.  The “Save Configuration” menu option is for saving a backup (text) copy of the configuration.

One of our customers has a device that re-pins debit cards.  During the migration from moving users off the old Citrix farm to the new CoNetrix Citrix farm, users were having issues with this Magtec Application.   When we launched the application it would pop up a “Request Pin Timeout” error.  This meant that the application was unable to detect the Magtec IntilliPen device through the Citrix client.  We were on a very strict time schedule so a coworker began looking into the issue first as I continued to migrate users.  Four hours later after numerous tests, Magtec still wasn’t working. Read More...