Blog

An outbreak of the WCry (also known as WannaCry/WanaCrypt0r) ransomware began to be reported May 12, 2017. The attack was worldwide and deemed by some as “the biggest ransomware outbreak in history.”

The goal of the attack, like all ransomware, is to encrypt computer files making them unavailable to the computer user. A payment is required to get the key which unlocks the files.

The ransomware was discovered in early February 2017, but was recently updated and began spreading quickly. It is delivered via a phishing email. When downloaded it exploits an SMB vulnerability (Small Message Block is a file sharing protocol used by Windows operating systems). The vulnerability was addressed in March 2017 by Microsoft Security Bulletin MS17-010. WCry will use unpatched SMB to spread payloads to vulnerable machines on the same network and to randomly choose IP addresses on external networks.

If Windows systems are patched, in accordance with MS17-010, the SMB vulnerability is resolved and the systems are not vulnerable. 

CoNetrix Technology customers with Network Advantage managed service agreements were automatically updated in March 2017 when this patch was initially released.

CoNetrix recommends that all customers verify this update is installed as soon as possible.

 

0 Comments   IT Security Alerts

 

HP has a handy new “feature” on some of their newer model home and office printers that allows you to print wirelessly when a wireless network is not available. The printer does this by broadcasting its own SSID with a name something like “DIRECT-B7-HP ENVY 4520 Series”. This seems like a harmless (and pointless) feature, but it can wreak havoc on your wireless network.

 

The issue with this feature is that the printer appears to only have one wireless radio, which is likely already connected to your wireless network using the channel your wireless access point or router is broadcasting. The printer then starts broadcasting a second SSID (the one mentioned above) on the same channel are your wireless network, essentially causing interference. This occurred at my house and at a customer site recently. My first thought at my house was to change the channels my router was broadcasting. After about 30 seconds, the printer switch to the same channel. You can set a static channel on the printer, but then you are unable to connect to your printer over the wireless network because it is listening on a different channel than you wireless network is broadcasting.

 

The solution is quite simple, all you need to do it disable Wi-Fi Direct Printing. AirPrint and wireless printing will continue to work with this feature disabled. To disable Wi-Fi Direct Printing do the following:

  1. Open a browser and enter the URL IP of the printer
  2. On the Network tab, Click Edit Settings
  3. Under Wi-Fi Direct, change the status to Off then click Apply

Details on HP Wi-Fi Direct Printing can be found here: http://www8.hp.com/us/en/ads/mobility/wireless-direct-printing.html

0 Comments   Networking WiFi HP printing

 

We were having issues with screensaver security locking not working on Windows 8 clients.  At first we kept zeroing in on the GPOs being applied to the PCs.  After further evaluation and verification that the settings were configured in the registry from the GPOs appropriately, we began to look at application interference.

Turning off Citrix Receiver client software allowed the screensaver to come on as it normally would during idle period.  It was discovered that the application refresh interval had been set to 15 minutes (default is 1 hour), the same amount of time as the screensaver settings.

Manipulating the registry keys below and testing a 1 hour value allowed the idle timer to function correctly and initiate the screensaver.  We believe that the application refresh was causing the idle time to reset itself. 

“ RefreshMs ” controls the interval for subsequent refreshes. By default the value is 1hr (3600000 ms ).

64-bit Windows Location: HKLM\Software\Wow6432Node\Citrix\Dazzle 
Name: RefreshMs 
Type: REG_SZ 
Value: 3600000 

32-bit Windows Location: HKLM\Software\Citrix\Dazzle 
Name: RefreshMs 
Type: REG_SZ 
Value: 3600000 

 

0 Comments   Networking Citrix Receiver Windows 8

 

If Outlook says "This file cannot be previewed because there is no previewer installed for it" when you are trying to preview an attachment, this means that file type has no default program associated with it.  Try saving the attachment and then choose Open With... to associate a program.  After that, Outlook will use that program to preview attachment of that file type.

 

This demonstrates that previewing attachments is the same as opening them, so caution is advised.

0 Comments   Networking Outlook

 

We had a customer who was experiencing slowness on their terminal servers and the slowness was keeping some reports in their core banking application from running.  We found that when we excluded the entire C: drive of the terminal server from all Symantec Endpoint Protection scans, the errors would not occur. Through trial and error, we tracked down the setting in SEP that was causing the performance problems. We changed the “Scan files when” setting from “Scan when a file is access or modified” to “Scan when a file is modified”. This solved the performance issues and reports in their core banking application are running properly now.

 

0 Comments   Networking Terminal Server Remote Desktop Symantec Endpoint Protection

 

The Cisco-Linksys SRWxxxx series of switches have a simple web interface for management purposes. The interface lacks the ability to see the MAC address table. You can SSH or telnet to the switch, but the menu you get is no better. However there is a hidden CLI (called the lcli, I assume that stands for Linksys CLI) you can access that will allow you additional management capabilities. Once you are logged into an SSH or telnet session and are at the menu, do the following:

 

Type Ctrl+Z

Hit Enter once

Type in your username and hit Enter

 

It will not prompt for the password but it will give you a <hostname># prompt. From here, you can type ? see the available commands. To see the MAC-address table, type show bridge address-table.

0 Comments   Networking Cisco Linksys

 

Windows 10 ships with the OneNote app. If you also have OneNote 2016 installed on your computer, you will end up having two OneNote applications installed. The Windows 10 OneNote app is quite often set as the default version, so when attempting to follow a link from someone else, the Windows 10 OneNote app opens and asks you to log in. People who are familiar with OneNote 2016 are completely lost and stuck at this point.

 

To change the default version to OneNote 2016, go to your Start Menu, then choose Settings. Select System, choose ‘Default apps’ and then scroll to the bottom of the list to find ‘Set defaults by app’ entry. Click on this link and in the list under ‘Set your default programs’, find the OneNote (desktop) version, and select ‘Set this program as default’. Click OK to save your changes.

0 Comments   Networking Windows 10 OneNote

 

While working with a customer who was searching for a solution to help manage distribution groups, I discovered that Exchange provides a feature called Dynamic Distribution Groups. These groups allow you to set up the distribution group, and then create a rule that references something like an OU or an AD account property to define which users belong to that group.

Here is a link to the TechNet article about Dynamic Distribution Groups:

https://technet.microsoft.com/en-us/library/bb123722(v=exchg.160).aspx

0 Comments   Networking Exchange

 

I recenly rebuilt a vCenter environment for a customer. We decided to use the vCenter Server Appliance 6.5. The configuration of the vCenter Server Appliance was fairly simple and operates very similar to vCenter Server installed on Windows. We attempted to setup email alerts, but were unable to get the alerts to send. We initially thought the alerts would not send due to an issue with the SMTP relay. Since this was not a Windows OS, I was not able to login to the OS and test the STMP relay using telnet. I checked my configuration of email alerts several times and the administrator of the SMTP servers checked his as well and everything looked correct on both sides, but emails still would not send.

After researching for quite some time, I found that I could use the "mailq" command to view the email queue on the vCenter Server Appliance. I connected to the vCenter Server Appliance via SSH, ran the "shell" command to get to the full shell, and then ran the "mailq" command. This showed me that several messages were in the mail queue and not being sent. I began to troubleshoot this more and eventually found an VMWare article regarding a bug in the vCenter Server Appliance 6.5 that prevented SMTP from working correctly. This article had been published one day before I found it, which was about a month after I first started troubleshooting the issue. From looking at the files, the original code had the wrong patch in the sendmail.cf file. 

Here is a link to the VMWare article with instructions on how to fix the bug: https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2148396

The following must be done to successfully SCP the file to the vCenter Server Appliance: https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2107727

0 Comments   Networking Email VMware vCenter

 

After a software update on a 2008 SBS Server, we encountered a problem with the Quickbooks installation. What used to work with Quickbooks now showed an error message that there was a problem verifying the program’s signature.

Viewing the executable’s properties and looking at the Digital Signatures tab, it showed an error with the signature verification there too. I checked to executable from a 2008 R2 remote desktop server and the digital signature tab showed no problems.  Looking through the folder’s previous version for the executable from before the upgrade, it was observed that it was signed with SHA-1.  The new file was signed with SHA-256.

I was able to find the following information about code signing and 2008 SBS does not support SHA-256 signing.   https://social.technet.microsoft.com/wiki/contents/articles/31296.implementing-sha-2-in-active-directory-certificate-services.aspx .  The software vendor was notified and said they’d work on signing with SHA-1 again on next release.

0 Comments   Networking SBS 2008