Blog

A customer called after getting disconnected from their VM. He gave us a possible cause to his issue, stating “Right before I had this problem, I had an interesting icon in the system tray. I clicked on it and it said it was ejecting the floppy. That's when my connection dropped and I couldn't get back in.”
 
I logged onto the vSphere management console and noticed the virtual machine no longer had a NIC attached. I added the NIC back and had him test logging into the virtual machine. Everything worked. Then I started trying to figure out how he removed a NIC from the VM without editing the configuration, which he doesn’t have permission to do. Turns out he did exactly what he said he did.

According to http://kb.vmware.com/kb/1020718, ESX/ESXi v4.x and later include a feature called HotPlug. In some deployments the virtual NICs can appear as removable devices on the System Tray in Windows guest operating systems. Problems can occur if you mistake this device for one that you can safely remove. This is particularly true in VMware View environments, where interaction with the Desktop is constant. The moral of this story is do not remove virtual NICs from the Windows System Tray.

0 Comments   Networking VMware tools VMware NIC

 

There is a feature in Google Chrome that can make browsing secure internal web sites a little less painful and possibly more efficient. When you access a site with a self-signed, untrusted, or expired certificate, Chrome will present you with a warning in your browser like below:

This is intended to protect you from going to a site that may have been compromised by some type of man-in-the-middle attack. However when you browse to an internal management interface like a UPS or other appliance, you're likely going to receive this warning because IT administrators typically don’t install public certificates on these peripheral devices. Therefore, we know that this certificate is untrusted and would prefer not to see the warning every time because it will always be untrusted.
 
Enter chrome://flags. This includes the under-the-hood settings for Chrome – similar to about:config in Firefox.
 
The Flags area allows you to configure a setting to bypass the SSL warning every time you visit for a period of time. Setting this for 1 week is typical but you can extend it to up to three months.


 
 

0 Comments   Networking Certificate Chrome

 

We have been working on updating a customer’s network to a new set of servers and PCs. The customer purchased Open License licenses for Windows 8.1 so we could image the PCs, rather than setting each one up individually. We decided to use the Microsoft Deployment Toolkit to deploy these images over the network rather than deploying the image via a USB/CD.
 
We installed a few applications that did not have server components initially. After the server components had been upgraded, we installed the client components for these pieces of software on the PC we were using to build our image. We then installed Microsoft updates. I had planned to start imaging the PC the next morning, but when I arrived the error message below was on the screen.



I received buffer overflow messages when troubleshooting with Process Monitoring and errors like this appeared in the Event Viewer:
 


I thought the problem might be with the image PC, so I rebuilt the image. After installing updates on the second PC and letting it sit overnight, the second PC started giving me the same errors. I knew this was not a problem before the second set of software was installed and updates were applied. I started looking into all of the updates that were installed, but realized this was going to take a long time because there were over 100 updates that had been installed. I decided to rebuild the image again, but not install updates. After doing this, the same error occurred after letting the PC sit powered on for about five hours.
 
After doing some testing, I found that it was only Windows applications that would give these error messages (PowerShell, Internet Explorer, Notepad, etc.) I started looking at the programs that were installed in the second set of updates instead. My theory was that one of these applications could be causing the problems and that it was likely that the program hooked a Windows process somehow. The only software that was installed that met this criteria was PrintAudit, which is a program that tracks print jobs so the cost of printing files can be passed on to the customer. Having three PCs to test on, I uninstalled PrintAudit from one of the PCs, waited overnight, and did not have any errors the next morning. I also built a Windows 8.1 VM and only installed PrintAudit. The VM with only PrintAudit installed gave the same errors after about 5 hours. Uninstalling the PrintAudit client would return the PC to a working condition.
 
I contacted PrintAudit tech support and they said that Windows 8.1 was supported and that they had others customers running Windows 8.1. During this time I found that adding one of the applications that was throwing the errors to the PrintAudit exclusion list would cause that application to run properly. I also contacted Microsoft and they examined the PC. They did not find any errors in the OS and said the problem was with the PrintAudit software.
 
I contacted PrintAudit tech support again and they attempted to recreate the problem, but were unable to do so. Both PrintAudit and myself were running Windows 8.1 on 64 bit virtual machines. After thinking about what could be different in my setup and the setup at PrintAudit tech support, I realized that the license key on my VMs were not activated. They were not activated as I did not want to use an activation on a machine that was going to get reimaged. I asked PrintAudit tech support if their VM was licensed and they said it was. As a test, I activated my testing VM, waiting overnight, and did not have any problems the next morning.
 
This shows that there are some Windows processes that do not work on an unactivated copy of Windows 8.1. There is some evidence of this on the Internet, but Microsoft has not confirmed nor provided a list of things that do not work on an unactivated copy of Windows 8.1.

0 Comments   Networking Application Error Windows 8.1

 

We had users testing with 2012 R2 Remote Desktop servers recently, and we came across a problem with viewing multiple pages in .tif files using the default viewer.  For this customer we decided to use a third party photo viewer utility called Irfanview.
 
Naturally, the next step was setting the .tif “open with” settings to use the new viewer for all users.  We came across a few articles about implementing User Group Policy Preferences –> Folder Option –> Open With settings.  When we tried to configure it, it didn’t change anything on 2012 R2 server. This worked in previous versions of Windows.
 
After more research we found this is now done by creating a default associations configuration file using DISM and then creating a GPO to use the resultant XML file.
 
1. Set the file associations that you need.
2. Export the settings using command “Dism /Online /Export-DefaultAppAssociations:<path>\default_associations.xml”.
3. Create a GPO and configure the Computer configuration\Administrative templates\Windows Components\File Explorer\Set a default associations configuration file.  Specify the path to the XML file you created.  This will change the registry settings in HKLM\Software\Policies\Microsoft\Windows\System\DefaultAssociationsConfiguration to the specified XML file.
 
The following is an example of the associations in the XML configuration that I used:
 
<?xml version="1.0" encoding="UTF-8"?>
<DefaultAssociations>
  <Association Identifier=".gif" ProgId="IrfanView.GIF" ApplicationName="IrfanView" />
  <Association Identifier=".jpe" ProgId="IrfanView.JPG" ApplicationName="IrfanView" />
  <Association Identifier=".jpg" ProgId="IrfanView.JPG" ApplicationName="IrfanView" />
  <Association Identifier=".jpeg" ProgId="IrfanView.JPG" ApplicationName="IrfanView" />
  <Association Identifier=".png" ProgId="IrfanView.PNG" ApplicationName="IrfanView" />
  <Association Identifier=".tif" ProgId="IrfanView.TIF" ApplicationName="IrfanView" />
  <Association Identifier=".tiff" ProgId="IrfanView.TIF" ApplicationName="IrfanView" />
</DefaultAssociations>

0 Comments   Networking GPO Windows Server 2012 R2 Windows 8.1

 

We recently encountered a strange issue with a customer running Outlook 2010 in an Exchange 2007 environment. Some users (not all) would randomly get certificate warning pop-ups in Outlook. The certificate warnings indicated the Fully Qualified Domain Name (FQDN) "autodiscover.customerdomain.com" wasn’t on the certificate. The certificate warning was legitimate; that FQDN was not on the certificate because this customer didn't have a UCC certificate.

However, all the autodiscover SCP records had been changed via Powershell to point the autodiscover URL to "webmail.customerdomain.com" which WAS on the certificate. All the PCs were joined to the Active Directory domain so the SCP lookup should have had precedence over any other autodiscover method. Doing an autodiscover check via the Outlook system tray icon indicated the certificate warning pop-up and all the values returned by the test were all correct.

The question was why were these PC's even contacting "autodiscover.customerdomain.com"? After much troubleshooting, we found that even though the domain SCP records were correct, some Outlook clients were also doing DNS lookups for "autodiscover.customerdomain.com" in parallel with the SCP lookup. Checking DNS there was an "autodiscover.customerdomain.com" A record and pointed to the IP address of the Exchange server; however, since that FQDN wasn’t a subject alternate name on the certificate, it would have legitimately generated the certificate warning.

The resolution was to simply remove the "autodiscover.customerdomain.com" A record from DNS and we added SRV records for good measure. It doesn’t seem like having that A record in DNS would have mattered since the autodiscover priority shouldn’t have ever used it, but from now on we will use DNS SRV records and SCP exclusively for Exchange autodiscover.

0 Comments   Networking Microsoft Exchange 2007 Outlook 2010 DNS

 

Here is a very handy Microsoft article about how to install Windows Updates to a Windows 7 Embedded device that uses a File-Based Write Filter (FBWF) or an Enhanced Write Filter (EWF).  This is a great tool to use on Thin Clients that can’t be managed by HPDM or SCCM.

https://msdn.microsoft.com/en-us/library/ff850921.aspx

The process includes a running a Scheduled Task, which calls a VBS script.  That VBS Script handles disabling the write filter, downloading and installing updates, then re-enabling the write filter and committing the changes.
 
The VBS script and .xml scheduled task files are available here: https://www.microsoft.com/en-us/download/details.aspx?id=15143

Note: This will not install updates that display a setup UI (Service Packs, new IE Versions) as a part of the installation.

0 Comments   Networking Windows 7

 

All versions of Java 8 update 20 and newer have removed the Medium Security Level. The only options now are High and Very High. Adding a site to the exception list will still allow unsigned applications to run. See the following webpage for more information: http://java.com/en/download/help/jcp_security.xml.
 
The exception file entries and the prompts associated with them are stored in these files under "%USERPROFILE%\AppData\LocalLow\Sun\Java\Deployment":
deployment.properties
exception.sites
trusted.certs
 
If the same sites need to be added to a large number of computers or thin clients across an organization, you can use Group Policy to copy these into the user’s profile at logon.

0 Comments   Networking Java

 

Today the FFIEC released a Cybersecurity Assessment Tool to help financial institutions identify their risks and assess their cybersecurity preparedness.  The assessment tool is designed to provide a repeatable and measurable process for banks and credit unions to measure their cybersecurity preparedness over time.

The FFIEC tool consists of pdf documents including an Overview for Chief Executive Officers and Boards of Directors, a User's Guide, an Inherent Risk Profile, a Cybersecurity Maturity, and some Additional Resources.

CoNetrix is working on a FREE online, interactive tool to assist banks and credit unions in completing the new FFIEC cybersecurity assessment.  This easy to use SaaS will allow financial institutions to answer questions provided in the FFIEC documents, view and analyze inherent risk and cybersecurity maturity, and run various reports.  To learn more about the new tandem cybersecurity tool, visit https://conetrix.com/cybersecurity.

 

0 Comments   Financial Institutions Security and Compliance

 

The ".bank" domain registration will open into general availability on June 24, 2015 at 00:00:00 UTC or June 23 at 8:00pm Eastern, 7:00pm Central, 6:00pm Mountain, & 5:00pm Pacific.  According to fTLD, during the initial sunrise regstration period, there were more than 700 applications made for ".bank" domains.  Domains will be awarded on a first-come, first-served basis in all registration periods.  To learn more, read the article Dot Bank by Leticia Saiid of CoNetrix published in the Spring 2015 issue of The Community Banker or visit www.ftld.com.

0 Comments   Financial Institutions .bank Domain fTLD

 

If you experience a hardware failure with a VMware host, run the following commands to create a plain-text diagnostic file which will help you determine where the failure exists: [more]

  1. Connect to the host via SSH
  2. Log in as “root”
  3. Type: “cd /opt/hp” and press ENTER
  4. Type: “ls” to list the contents of this directory. Verify hpacucli is listed
  5. Type “cd hpacucli/bin” and press ENTER
  6. Type “./hpacucli” and press ENTER
  7. Type “controller all diag file=/tmp/adu.zip” and press ENTER
  8. Once the diagnostic report has been generated, use WinSCP (or a similar application) to connect to the host
  9. Browse to the tmp directory
  10. Copy the adu.zip folder locally
  11. Extract the files and open the “ADUReport.txt” file to view the results

The diagnostic result file can be large, so you may have to do some searching before you find where the failures exist. Also this documentation is specific to HP products so commands/file paths may for different hardware manufacturers. 

0 Comments   Networking VMware