Loving Squarespace

17 May 2010 at 05:22

admin

Reviews

View Comments

I’ve tried SquareSpace a few times in the past but I finally had a chance to try it full blown.  It’s very easy to work with and produces some very good results.  They give you a 2 week trial run which was more than enough time to setup a (almost) fully finished website.  You can check it out here:  http://www.thelmalynch.com

Anyway I’m seriously thinking about moving this blog over to it.  However I already pay for hosting and I basically host this blog for free.  Since I don’t do anything commercial on here it wouldn’t make sense for me to pay extra to host this blog on SquareSpace.  Otherwise I would move it today.

Technorati Tags: ,

Moving Exchange installation from a SAN to local hard disks.

08 Apr 2010 at 12:50

admin

Knowledge Base, Problem Solved

View Comments

Here is an interesting scenario.  Imagine if you will an Exchange 2007 SP1 server with 2 drives (D & E).  D&E are actually located on a SAN.  D holds the entire installation of Exchange, program files and mail stores.  E just has the transaction log.  Now imagine that you need to move the installation of Exchange off the SAN to local hard disks.

So the key is that Exchange is actually installed on the SAN.  If it was just the mail stores and transaction logs on the SAN I could easily move them to another location.  In this case if I move the store and transaction logs I’d still be left with all the program files on the SAN.

Instead of installing Exchange to a new location and then moving the database we decided to just do some Drive Letter manipulation.  I installed the new local hard disks and created two partitions Y&Z.  Then I copied the contents of D&E to Y&Z.  Next I changed D&E to R&S and changed Y&Z to D&E.

Complete and utter failure!  http://www.nooooooooooooooo.com/

It’s obvious now but a copy isn’t going to carry of the permissions.  “Oh what about an xcopy!”  Tried and failed.  The xcopy would fail on certain files.  Too many files to be useful.  Maybe use Robocopy.  That was my next step until a colleague said why not try Backup Exec.

So same idea.  I’ve got D&E and Y&Z.  I use Backup Exec to perform a copy to any available media (in this case it happened to be the same SAN).  Then I change D&E to R&S and then Y&Z to D&E.  I start a restore on Backup Exec which restores it to the empty drive of D&E (now the local hard disks).  And it worked!!

Mostly anyway, Mail was flowing but the Exchange Search Indexer service wouldn’t start.

The Microsoft Exchange Search Indexer service failed to initialize due to the following error: (HResult)(-2147467262).

But the majority of Exchange was working fine.  People using OWA don’t need to search email content anyway, right?  I mean what do they expect?  It is just a web app.

Ok I fixed that too.  Basically it involves uninstalling and installing the Search Indexer again.  Xiu in the TechNet Forums does an excellent job of explaining that.

So now you too can move an Exchange installation from a SAN to local disks.  Nobody but me will ever need to do that but the reverse?  Yeah I could see that from the local disks to a SAN.

Technorati Tags: , ,

WatchGuard Firebox Stripping Attachments Because of UUENCODE.

20 Mar 2010 at 10:26

admin

Knowledge Base, Problem Solved

View Comments

I’m not a WatchGuard Sys Admin by training.  I have a CCNA but WatchGuard Firebox is a different animal in many respects.  I recently ran into a problem where the Gateway AntiVirus, specifically the SMTP Proxy, was stripping email attachments from one of our vendors.  The message the end user received was vague:

The WatchGuard Firebox that protects your network has detected a message that may not be safe.

Cause : The message format may not be safe.
Content type : (none)
File name    : some.pdf
Virus status : some.pdf
Action       : The Firebox deleted some.pdf.

Your network administrator cannot restore this attachment.

So I had to turn to the logs to determine why that particular attachment was being stripped but all other incoming PDFs were fine.  With my lack of experience reading WatchGuard logs it took some time to settle in on the “type=uuencode”.  I don’t think the log is particularly clear on why something was stripped in this case.  As you can see the log says ProxyStrip but there is no obvious reason.

Date-Time        2010-02-20 13:36:37
Type        Traffic
FireCluster        Primary
Message        ProxyStrip: SMTP Message format disp=ALLOW, direction=NA, pri=6, policy=SMTP-proxy-00, protocol=smtp/tcp, src_ip=10.0.0.1, src_port=2934, dst_ip=10.0.0.1, dst_port=25, src_ip_nat=0.0.0.0, src_port_nat=0, dst_ip_nat=0.0.0.0, dst_port_nat=0, src_intf=ISPProvider, dst_intf=Trusted, rc=592, proxy_act=SMTP-Incoming.2, file_name=some.pdf, sender=janedoe@email.com, type=uuencode, recipients=johndoe@email.org, tag=1006

Not knowing what uuencode was I did a google search on it.  Come to find out it’s an older encoding method that has largely been replaced by MIME.  Also, turns out there is a setting in the WatchGuard SMTP Proxy to allow uuencode attachments.  Can you guess if we were allowing them?

Anyway, hopefully this helps some other WatchGuard user out there.

Remote Assistance via Command Line in Windows 7

05 Jan 2010 at 08:13

admin

Knowledge Base, Problem Solved, Scripts

View Comments

I use to offer remote assistance using a shortcut in XP.  That no longer works with Windows 7.  Instead the easiest way I’ve found is to use the command line.

To run Remote Assistance Windows 7 uses a program called MSRA.exe.  MSRA.exe can be run from the command line.  So the easiest way to offer remote assistance to a user is to run:  msra /offerra <computername>.

I’ve put this in a script so I can just type the computer name and connect.

@echo off
set /p Name=Connect to?:
MSRA /offerra %Name%

That will work assuming RA is enabled on the other PC and it is within the same domain.  For more info on using RA see the wonderfully titled TechNet article Remote Assistance and Resulting Internet Communication in Windows 7.

Technorati Tags: , , , , ,

Set a Trusted Site in Group Policy

02 Nov 2009 at 09:04

admin

Knowledge Base, Problem Solved

View Comments

I’m now in an environment where the end users don’t have access to any of the Tabs in Internet Options. So they can’t add their own Trusted Sites. Apparently this was never an problem until they needed to run software on a Bank’s Website.

I needed a way to manage their Trusted Sites for them and luckily Group Policy provides that way. In this case I edited the GPO that also denied their access to the Internet Options Tabs.

Once in the Group Policy Editor for the policy of choice:

  • Browse to User Configuration/Administrative Templates/Windows Components/Internet Explorer/Internet Control Panel/Security Page/
  • Enable the Site to Zone Assignment List
  • Click Show
  • Click Add to add a web site to the list
  • Value Name = url (ie. https://somedomain.com)
  • Value = # of zone assignment (Trusted Sites = 2)

This could be used to assign sites to any of the 4 zones.

  1. Intranet Zone
  2. Trusted Sites Zone
  3. Internet Zone
  4. Restricted Sites Zone.

I also set the Trusted Site Zone to the default Low setting.  Which is done at

  • User Configuration/Administrative Templates/Windows Components/Internet Explorer/Internet Control Panel/Security Page/
  • Enable Trusted Sites Zone Template
  • Pick Low on the Trusted Sites drop down.

Technorati Tags: , , , ,

Locations of Folder Redirection Related Registry Keys.

10 Oct 2009 at 08:51

admin

Knowledge Base, Problem Solved

View Comments

I had never had this happen before, but we could not change the location of a redirected My Documents folder after setting up a client with a new server. I’m not sure we ever figured out the whys of it, any ideas? However we did figure out a work around.

For users who existed before the server was replaced, the Group Policy to redirect their My Documents folders wasn’t applying the new location. Also you couldn’t change the Target Location in the My Document’s properties menu (it was grayed out). For newly created uses the Group Policy worked just fine.

The only way to change the target of My Documents was in the local Registry. There were two places to look:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders

As you can see from the picture my entries are just the default entries. On the machines we worked on they were pointing to the network shares on the old server. Sometimes the entry would be in User Shell Folders only, Shell Folders only, or both.

Just change the Key you need with the location you want and that should do it (ex.  \\server1\users\jdoe).

ShellFolders

For more information also see: http://support.microsoft.com/?id=221837

Technorati Tags: , ,

Version 3.1 drained my 3G iPhone’s battery?

12 Sep 2009 at 10:16

admin

Rants, Software

View Comments

Woke up this morning to a dead iPhone. I updated to v3.1 last night, listened to an audio book for about 30 mins and woke up to my iPhone having a dead battery this morning. I was able to get it to boot up by plugging it in and holding the sleep/wake and home button together for 10 secs. I’ve seen where others have had issues with 3.1 as well. I’m recharging now. We’ll see.

UPDATE… Later that night.

So far so good.  Maybe it was just reindexing my phone or something.  Whew what a relief, I thought it was gonna be a brick for a while there.  If you have this issue let the battery run itself down completely.  Then reset the phone while it’s plugged in.  Worked for me anyway.

UPDATE… the next morning

Woke up this morning to a dead iPhone.  Not just dead but hot to the touch as well.  I plugged it in and did a reset.  The phone came up but still had 1/2 the batter life.  Is it doing something over night that would cause it to overheat.  I dunno.  What will happen tonight???

UPDATE… weeks later.

No much shutting down overnight but it does run hot.  When playing a game or running an application for a long period of time the iPhone warms up significantly.  Never used to do that before.

Technorati Tags: , ,

Moved to Florida

28 Jun 2009 at 05:21

admin

Uncategorized

View Comments

Well I moved to Florida this month. What a pain. I’ll never do that again (yeah right). Anyway I’m also unemployed now, which is great. So I don’t know that I’ll have much to blog about for a while but we’ll see. I’m spending most of my days job hunting. Need a Sys Admin in Florida? Let me know.

Disabling File and Printer Sharing for just Wireless Connections.

01 May 2009 at 08:13

admin

Uncategorized

View Comments

Sometimes things are so simple I wonder why I didn’t think of that.  Here is another tidbit I learn from the Security Now podcast over on the Twit Network.

I know that Vista asks you if you are connecting to a home, work or public wireless connection and adjusts its security settings accordingly.  If you are using XP and connecting to a public WiFi one easy thing to do that helps your security profile is turn off Flie and Printer Sharing for Microsoft Networks on just the wireless connection.

For instance, at home I plug my laptop into the router with a cable most of the time.  So on the Local Area Connection I want file and printer sharing turned on all the time.

However I often use my laptop at coffee shops where I’m on a network with a bunch of others (I believe Starbuck’s AT&T connection is this way too).   If I left my file sharing on then everyone at the coffee shop would have access to my shared files and certain malware will take advantage of this.

So to disable just file and printer sharing for your wireless connection go to your Wireless Network Connection properties and uncheck “File and Printer Sharing for Microsoft Networks”.  The you’ll be a tad bit safer on public WiFi.

filesharing

Technorati Tags: , , , ,

DHCPLOC Utility

17 Apr 2009 at 10:12

admin

Knowledge Base, Problem Solved, Software

View Comments

I never new about this one but we had a reason so use it yesterday. Computers at one of the stores were being given false DNS entries by a false DHCP server. Since others may see this malware on their systems the DNS Servers it used were: 64.86.133.51 and 63.243.173.162

On one of the machines in the dealership that was acting as a DHCP server, but how to find it? The DHCP entries didn’t give any clues because they said the false DHCP server was our gateway router. Even though the gateway router could support DHCP it was not configured to do so. My first thought was to turn off our valid DHCP server, use Wireshark on a PC, intiate some DHCP request from a PC, and see where replies were coming from. Probably would’ve worked but this was even easier.

DHCPLOC is a ulitity included in Windows Support Tools. Basically you run it from a computer connected to the network and it will monitor DHCP replies. Depending on the syntax you use it can filter out responses from your valid DHCP servers or just show everything. The syntax I used was:

dhcploc /p ComputerIPAddresss ValidDHCPServerIPAddress

/p – dhcploc will not show packets from valid DHCP servers
ComputerIPAddress – ip address of the computer you are running dhcploc from
ValidDHCPServerIPAddress – ip address of valid DHCP server that /p will ignore

Anyway it worked like a charm. DHCP replies were coming from an IP that shouldn’t be responding to DHCP requests. I looked up the IP, called the store, and had them unplug it from the network till I could get out there. Problem solved.

I’ll refer you to WindowsNetworking.com for more information on using DHCPLOC since that’s were I learned about it.

Technorati Tags: , ,

← Older Entries