Blog: Networking

We ran into a problem where the print properties or preferences of a shared printer being accessed on a Microsoft Windows client PC would cause the print driver to be re-vended (downloaded/installed) from the server and an Event ID: 20 entry to be logged in the Event Log. Event ID: 20 indicates that a print driver has been added or updated. Slow client UI response and/or slow server performance was also reported. In some instances, the driver would generate over 100 Event ID: 20 entries in the Event Log. Selection of the printer from an application may freeze up the application and printing to printer was reported to take up to 15-20 minutes.

This issue can occur if the privileges on the print server are set such that users with print access also have manage permissions on the print queue. [more]

My Solution 

Disable queue manage permissions for users. NOTE: In my situation, the user was a domain admin. Removing manage permission for domain admins would prevent further access to the printer. I had to add a separate group to allow management permission before removing administrator permissions.

To change permissions:

  1. From the print server, right-click the printer queue (object) in the Print & Fax window.
  2. Select Properties.
  3. Select the Security tab.
  4. Click the User Group used for printing permissions.
  5. Deselect the check in the box next to Manage Printers under the Allow column.

HP's Solution

Upgrade to UPD version 5.1 or later.


 

The switch ports on the Cisco routers don’t appear to be as robust as a standard switch.  All clients at a clients motor bank went down the other morning.  After travelling on site, it turned out the problem was a bad cable end on one client.  All seven devices connected to the same 8-port switch on the branch router, and this one bad cable took down all seven devices.  I could move the faulty device from the router’s switch port to an external switch, and everything would work.  I went ahead and replaced the bad cable end, and reconnected all devices to the router’s switchports.


 

I came across a problem in one of our automated Robocopy command scripts when copying files from NTFS to EMC Celerra file system.  The problem was that every time Robocopy was told to copy files to the EMC Celerra over the VPN, the files were always detected as “newer” on from the originating source.  This caused Robocopy to copy every single file from our network to the remote network each and every time. 

I came across a command line switch for Robocopy: /FFT : Assume FAT File Times (2-second date/time granularity).  So what this does is force Robocopy to use FAT style time stamps which are 2-second granularity.  It allows enough flexibility to account for the way the time is recorded when doing a file copy from NTFS to another file system. This is needed when going between and NTFS and Linux/Unix/FAT or emulated file system.


 

A customer had switched their POP3 email and internet service to a new ISP. Which required them to change their POP3 and SMTP settings on a couple of users' iPhones. The users were able to receive but not send email.  When initially setting up POP3 on an iPhone it requires adding the ISP's SMTP settings and then once it is configured changing it to AT&T’s which is there by default (cwmx.com). This change only has to be done if the SMTP server for the ISP is using port 25. This is because AT&T blocks port 25 on their data network for wireless and internet customers. Sometimes you can get them to unblock it for your account but that is rare.

One of the iPhone users also had a laptop that he only uses with an AT&T Express Card on the GPRS network. He could receive but not send email. Since he was accessing his POP3 account via the AT&T data network port 25 was blocked. I entered “cwmx.com” for the  SMTP server just like for the iPhone and was then able to send.


 

A couple weeks ago, one of our customers had their Exchange SCR copy fail due to a corrupt log file. At first we assumed that the log file was corrupted during transit to the DR site, but after recopying the log file over multiple times and attempting to restart replication, we realized the log file was actually corrupted on the source server which is a virtual machine. I had never seen this happen before and was a little surprised that the corrupt log file had not taken the mailbox database offline. With nothing to attribute the corruption to, I decided it must have been a fluke and started a database reseed the following weekend. After 3 days, the database seeding finished, but 4 hours after the reseed completed, the SCR copied failed again…another corrupt log file. [more]

I decided there must be a bigger issue. I reviewed the logs and found numerous eventid 7 errors (bad block on disk) and a few pvscsi warnings. It seemed logical that maybe the paravirtualized SCSI adapter that was being used on this virtual machine may be causing an issue…maybe it was a weird PVSCSI / Windows 2008 server problem. I had to take a break from this issue to troubleshoot another server issue for the same customer. In doing so, I had an idea…what if the physical disk is going bad, but hadn’t completely failed. Could that cause the underlying VMware VMFS partition to look fine but cause problems with virtual disk files attached to VMs. I used iLO to check out the hardware status and sure enough one of the disks had encountered numerous SMART errors and was marked “impending failure”. The array was not degraded yet because the disk had not completely failed. I have replaced the disk and will reseed the database soon, but since replacement there have been no bad block on disk errors on this VM so it looks promising.


 

During a recent audit, we noticed one of the Internet domain names registered to the bank was displaying a website provided by the registrar (Network Solutions).  Upon discussing this issue with the bank, they told me they had registered the name because they use it internally as their Active Directory domain name and did not want anybody else registering the public name.  So the bank’s IT vendor dutifully registered the name, but did not do anything with it as far as pointing it to an existing bank website or an “under construction” site.  As a result the registrar parked the domain name and displayed an advertisement website.  The advertisements were for Gucci, Wells Fargo, Bank of America, etc.  The bank was not very happy when they found out their domain was being used to advertise other banks.


 

I recently moved a hard drive from a ThinkPad T60 laptop to a ThinkPad T400.  The hard drive had a BIOS password set, but it appeared to work normally in the T400.  I could boot, enter the hard drive password, and access the disk.  However, when I started having problems getting PGP to encrypt the hard drive, I decided to remove the hard drive password.  The T400 could not remove it – the option was grayed-out in the BIOS.  Luckily, I still had access to the T60, so I put the hard drive back in the T60 and was able to remove the hard drive password.  I have now moved the hard drive to the T400 and I am able to set/remove the hard drive password at any time.


 

When working with Cisco 800 model routers (and probably any Cisco Integrated Services Router) you might run into an issue that the VLAN which is assigned to the LAN ethernet ports is in an “up/down” state.  This is because an SVI must meet all of the following conditions to transition to the full "up/up" state:

  • The VLAN must exist and be active in the VLAN database.
  • At least one switched port in the VLAN (access or trunk) must be up.
  • That port must be in the STP forwarding state.

Sometimes it is necessary to have that VLAN interface up even if there are no devices or ports using that VLAN.  [more]The most recent case that I experienced this need was when I was trying to transfer IOS images remotely across a VPN connection.  Because the transfer was traversing across the VPN I had to source the file transfer from the internal VLAN interface.   There weren’t any PC’s connected to the router so the VLAN interface was in an “up/down” state.  To resolve this issue, I could have either connected a PC or a loopback into the router or simply forced the VLAN into an “up/up” state.  Issuing the “no autostate” command on the VLAN interface will bring the interface up.  Basically, the command just tells the VLAN interface to ignore the above mentioned prerequisites.  Note: This command is only available in certain IOS images.


 

On Windows Server 2008, I was trying to get Java installed, but Internet Explorer kept saying that I was unable to download the file because of my security settings.  My options for changing the security zone settings were grayed out, and adding the Java website to my trusted sites did not work.  I investigated whether group policies were blocking my ability to edit the zone settings, but it turned out that there were no IE-related group policies.  It turned out that I had to run IE as an administrator (right-click and select “run as administrator”) to get access to the zone settings.


 

Using Windows Powershell, you can get timestamps for creation, last access, and last write times. 

Examples:

  • PS>$(Get-Item ).creationtime=$(Get-Date "mm/dd/yyyy hh:mm am/pm")
  • PS>$(Get-Item ).lastaccesstime=$(Get-Date "mm/dd/yyyy hh:mm am/pm")
  • PS>$(Get-Item ).lastwritetime=$(Get-Date "mm/dd/yyyy hh:mm am/pm")

Another thing that the Powershell can be used for is setting the timestamps to whatever value you want.  It can be future or past.

Here is an example of setting the last write time of file “test.txt” to 1-1-2020:

  • PS>$(get-item test.txt).lastwritetime=$(set-date "01/01/2020")