Quickie: SCSI sniffer/tracer

February 22nd, 2013 No comments

I was debugging problem with SCSI tape library and I wanted to inspect data on SCSI connection. I found great utility on Symantec website. It’s kinda SCSI command sniffer.

Here you can read how to install it.

Here is manual how to use it.

I hope this works with all SCSI devices and not only those supported by Symantec 😉

Quickie: How to re-create tape library in Symantec Backup Exec

February 22nd, 2013 4 comments

Here is my best practice to re-create tape library under Symantec Backup Exec (I used version 12.5):

  • Delete all tape devices from Symantec
    • You must disable Robotic Library first by unchecking “Enable”

 

Disable Robotic Library

 

    • When it’s disabled you can “Delete” tape Drives and then Robotic Libraries

 

Delete Library

 

  • Uninstall all Symantec drivers using tapeinst.exe
    • In Symantec installation directory look for file tapeinst.exe file and run it.
    • Choose to “Uninstall and remove all Symantec devices…” and run it.

 

Remove Symantec drivers

 

    • There shouldn’t be any tape drives and media changers in Device Manager at this time

 

  • Reboot server

 

  • Install Symantec drivers using tapeinst.exe
    • In Symantec installation directory look for file tapeinst.exe file and run it.
    • Choose to “Use Symantec tape drivers for all supported tape devices” and run it

 

Install Symantec drivers

 

    • Now you should see new devices in Device Manager

 

  • Create new tape devices using hotswap.exe
    • This is really straightforward process without need of any explanation.

 

And you are all done 🙂

Remarks:

Thanks to Róbert Švec for refreshing my memories 🙂

 

Quickie: I really don’t like Antiviruses especially ESET

February 22nd, 2013 No comments

Here is one reason why I don’t like ESET Antivirus:

Fuck the ESET

I don’t think it needs any comments 😀

Here is official website I saw it at.

TrendMicro Worry-Free Business Security debug logs

February 22nd, 2013 2 comments

Problem

Today I was at one customer which recently installed TrendMicro Worry-Free Business Security solution. It’s firewall and anti-* product. Today I noticed there is no free space on C:\ disk. Trend Micro ate 19 GB! The biggest portion of space was located at C:\Program Files\Trend Micro\Security Server\PCCSRV\Log. There were files called ofcdebug-*.log which were about 150 MB of size and there was lots of them. And there new comming and comming 🙂

Solution

Those file are debugging log files. There is really weird way to disable them. In management website you need to click on little small letter “M” in the logo:

TrendMicro Worry-Free

New window appears where you can enable/disable debug logs:

TrendMicro Debuging Log

This is really weird way to set logging by looking for some small letter “M” 🙂

More about it on official site.

Prezentácia BranchCache

February 19th, 2013 No comments

ShowIT-BrachCache_Zilinec

Ak by ste mali nejaké otázky, sem s nimi.

 

Categories: Windows Tags: , ,

Maximum Validity For Certificates

February 19th, 2013 No comments

You can configure expiration period for Certification Template. By default there are default maximum validation periods set to:

  • One year for Stand-alone Certification Authority
  • Two years for Enterprise Certification Authority

This means you have Certification Template set its validity for example for 10 years, but you can enroll certificates with validity 1 or 2 years (Stand-alone / Enterprise Certification Authority).

This can be changed via registry keys described in KB254632.

Thank you for my colleague Róbert Švec.

Quickie: Remove Domain Controller role from Exchange 2007 server

January 29th, 2013 No comments

Last night I removed Domain Controller Role from Exchange 2007 server and we had problem in the morning with Exchange Outlook Web Access (OWA). We couldn’t log in at all. Symptomps:

  • Form based authentification was enabled, but Basic was proposed to clients instead
  • When users logged in they received 440 Login Timeout error

After couple minutes of googling I found this article which solved problem.

IMHO when computer was demoted from domain controller role it created local SAM database and didn’t use domain created accounts IUSR_ComputerName and IWAM_ComputerName.

 

Disable Exclusive Rights for roaming profiles

January 25th, 2013 No comments

When administrators implement Roaming Profiles they define folder where roaming profile should be stored on fileserver. By default file permissions for the newly generated profile are full control for the user, full control to SYSTEM and no file access for the administrators group. You can not access this profiles with administrator account and clean it up. First you had to take ownership and then you can change ACL, but this is not what you want, because owner should be user.

You can fix this in two steps:

New roaming profile folders

You can change default behaviour on new profile folder creation. It can be changed by applying GPO to domain controllers with following setting Enabled:

Change new roaming profile security

Change ACLs for existing profile folders

This will be in couple steps:

  • Download SubInACL.exe
  • Download PsExec
  • Log into fileserver where profiles are stored
  • Run cmd.exe under SYSTEM account by running command

psexec -sid cmd.exe

  •  In new cmd.exe window go into directory where roaming profiles are stored. For example: cd G:\Profiles\
  • Add BUILTIN\Administrators into ACLs of roaming profiles by running following command:

subinacl /subdirectories=directoriesonly G:\Profiles\*.* /GRANT=Administrators=F

Enjoy accessible roaming profile  folders 🙂

 

Quickie: GPO Preferences variables

January 21st, 2013 1 comment

When you want to use system variables in GPO Preferences you can do so. For example: if you want to create folder on user’s desktop called as computer name, you can use variable in New Folder Properties:

 

GPO Preferences for New Folder

If you don’t know what variables you are able to use in Preferences input fields you can press F3 and it will display you a list of variables you can use:

 

List of variables in GPO Preferences

 

I just found info at Microsoft.

Categories: GPO, Microsoft, Quickie Tags: , , ,

DFS Problem in multi domain environment

January 21st, 2013 No comments

Couple months ago we have created Active Directory domain for one of our customer. His AD was subdomain of existing AD domain hosted in Germany. Let’s call them following:

  • DOMAIN.LOCAL <– Main AD in Germany
  • SK.DOMAIN.LOCAL <– New created domain in Slovakia

To make administrators life easier in future, we have created DFS Shares in domain SK.DOMAIN.LOCAL. One of those DFS shares is called “Common”. So people in Slovakia were accessing DFS share \\\\SK.DOMAIN.LOCAL\\Common and share data. Under this DFS Namespace following share was hidden \\\\FSSERVER\\Common.

Everything worked just fine.

Problem

Problem appeared when users from Germany (from domain DOMAIN.LOCAL) wanted to access this share. There were following symptomps:

There were no firewalls between two domains. All ports were accessible.

Solution

After couple tries (and using dfsutil) I figured out that client machine from DOMAIN.LOCAL get as DFS Refferal NetBIOS server name FSSERVER and it cannot translate FSSERVER to IP (FSSERVER is from SK.DOMAIN.LOCAL). Client machine from DOMAIN.LOCAL although can translate FQDN of FSSERVER.SK.DOMAIN.LOCAL. I tried to put FSSERVER IP record into client machine’s hosts file and everything started to work perfectly. So we have more solutions to solve issue:

  • Synchronize NetBIOS names between two domain (weird)
  • Add DNS Search suffixes to clients in domain (not nice solution and can slowdown DNS queries)
  • Force DFS to propagate FQDN as refferals (winner)

I decided to force DFS to propagate FQDN as refferals. It’s made by change in registry keys for DFS service. More about it is at http://support.microsoft.com/kb/244380/en-us. One more important thing is that you need to remove and re-add refferal servers from DFS Namespaces. I used DFS console because I didn’t use DFS Replication. If you do use DFS Replication it’s recommended to do it using cmd line (dfscmd.exe).

That’s all folks,