Blog: Networking

My favorite live CD is SystemRescueCd http://www.sysresccd.org.  This includes Petter Nordahl-Hagen’s chntpw. It also includes gparted, partimage, ntfs-3g file system (safe, reliable, writable ntfs), clam antivirus.  It auto-detects many kinds of hardware and even connects to WPA access points.  You can put it on a small USB drive and create a backing store, so that it retains changes made.  You can even install additional packages and customize it.  It also contains boot images of several other programs, like dban, freedos, memtest+, aida hardware analysis and diagnostic tool.  You can also add additional applications to SystemRescueCd that aren't included by default, so I added spinrite to my copy.

Though the Security Zones GUI under Internet Properties only has four well defined “zones”, you can actually create your own custom zone pretty easily.  We had to do this for a customer that needed some very specific (wide-open) security settings for their site to work properly.  Rather than comprise the security of the other “Trusted Sites”, we created a new zone for the one specific site.  The easiest way to do this is by using the GUI to get all your settings just so (by editing one of the built-in zones).  Then, from the registry editor, export the edited zone’s registry key located under HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones.  The zones are numbered 0-4, but you can check the “DisplayName” entry to make sure you are exporting the right zone.  You can then edit the exported REG settings to increment the zone number by one, and change the “DisplayName”, “Description”, and “PMDisplayName” to whatever you want.  The “PMDisplayName” is what will show in the IE status bar when you visit the included site/sites.  Save your changes and import the modified zone REG file.

By default, Postini sends the quarantine summary using an address on the customer’s domain (i.e. [email protected]).  Since this address doesn’t actually exist on the Postini servers, it’s technically spoofing the reply-to address.  Normally this isn’t an issue, however if the customer has internal spam filtering like Symantec Mail Security for SMTP or Exchange Intelligent Mail Filtering, this email will likely be tagged as spam.  So if you’re moving your email to run through Postini, be sure to exclude that address from filtering, otherwise you’ll spin your wheels trying to figure out why they’re not getting the quarantine summary.

Progress. Innovation. One small step for man. Call it what you will but the advancement of software usually comes at a price with some bumps along the way. Apple, while a good company that puts out a good product, is mortal like the rest of us and as such is subject to the same development bumps and bruises. That was my experience this week when an executive assistant at one of our clients came to me in a panicked state saying “Help! I just sent out a meeting invite to over 30 executives and it keeps sending the invitation over and over and over again! People are getting upset!” [more]

Immediately I put together a lineup of potential offenders and began working my way through:

1. Exchange message queues
2. Online spam filter reinjection
3. Notification of meeting change/update
4. Corrupt/Malformed meeting event
5. Possible wrong address in the list (we’ve seen this happen before) 
6. MAPI profile/client issues.

Troubleshooting:

1. An inspection of the Exchange queues revealed nothing out of the ordinary, and the Exchange logs showed that each repeated meeting request appeared to be a new/separate message that was being received (and dutifully sent out) by the Exchange server. Nope, that’s not it.
2. Online spam filter reinjection into Exchange was not a possibility since every recipient was internal… the spam service never saw the message. Innocent.
3. Since the same meeting was supposedly being re-sent, I thought that it may be possible that the meeting would re-send whenever a user would update/respond to/propose a new meeting time for the calendar event. After looking at the executive assistant’s sent items as well as the inboxes of several attendees, none of this was true… the meetings were actually being re-sent. Strike three. 
4. Thinking that there may be some oddity in the meeting event such as a reoccurring event, I had the user delete the meeting then recreate it while I watched. I noticed the user used a distribution list when inviting attendees.
5. Some of our engineers have seen some quirks when using a distribution list with incorrect/invalid email addresses. I had the user recreate the distribution list from scratch, populating it only by clicking on addresses in the Global Address List. Re-created the meeting with new distribution list. Same behavior.
6. Thinking that the problem may be a MAPI profile issue due to the Exchange logs indicating that each message was a separate submission from the client, I went to the user’s office to rebuild their MAPI profile. In doing so I realized that the user was on a thin client. Before building her Terminal Server MAPI profile I asked the user what time she had left the previous day. She said she left right at 5:00pm and had logged off of the Terminal Server at that time. The last meeting that was resent went out at 5:14pm. Hmmm…

Solution:

At this point I had seemingly ruled out the client aspect as well as the server aspect of the problem, what could be left? Blackberry! I asked the executive assistant if she had a Blackberry, thinking that surely the Blackberry Enterprise Server was the guilty party since the problem was happening when she was logged out. “No, I don’t have a Blackberry… a couple of months ago I got an iPhone instead.” At this point I was getting desperate so I asked her to power off her phone for the remaining 6 hours of the workday. Magically not a single meeting invite was sent out. After that I asked her to power it on. Immediately a repeated meeting invite was sent! I asked her if anything had changed on her phone recently to which she replied ,”actually, I just upgraded my phone this weekend to the new 3.0 iPhone OS”. A quick Google confirmed that other users who had upgraded to the 3.0 Apple iPhone OS and had sent meeting requests to a distribution groups had experienced the same problem. A call to Apple support yielded no help as a “Product Specialist” (referred to as “iPhone Ninjas” by Apple Tier 1 support, no joke) told me that they don’t have any record of that happening to anyone else, call Microsoft since it’s an Exchange account.  So, until iPhone OS 3.1, it looks like users will not be able to use distribution groups when creating meeting requests. Isn’t there an App for that?

When re-imaging a Windows 2003 server you will be prompted to activate Windows. When I did this it would not allow me to connect to the internet and thus I had to do it by phone. When entering the key info over the phone with Microsoft’s automated response system and then inputting the activation code given to me from the phone it told me that it was an invalid key. After much trouble I found that when I chose the option to change my CD key and then input the same CD Key I was using on the phone I was able to finally activate it over the phone.

Research on a recurring event-1005 error on an SBS 2003 box clued me into some interesting facts.  When SBS 2003 first came out, the Directory Services Restore (DSRM) password automatically sync'ed itself to the 'administrator' account password.  But when Win2003 SP1 was released, it 'broke' this behavior.  So, some early SBS03 customers might have had their DSRM password auto-changed several times before SP1.  If so, it could be difficult to determine that password should the need arise to restore AD.  As easy way around this scenario would be to proactively change the DSRM password manually.  As long as SBS is at SP1 or later, it should stay 'static'.

http://support.microsoft.com/kb/322672

http://www.smallbizserver.net/Articles/tabid/266/articleType/ArticleView/ArticleID/68/PageID/74/Default.aspx

Viewing other user’s default and custom categories in Outlook 2007 public folders must have the same category name.  By default, Outlook 2007 has six default color categories named: red category, blue category, green category, etc..  At a customer site, users had been marking tasks in a public folder indicating who was working on which e-mail.  One user created new custom categories (ex. John Doe's Tasks) and assigned it a color, then deleted the “red category” default category.  When she removed the default categories, she could no longer see what anyone else had marked nor could they see her new category markings. [more]

In order for all users to see custom category names, each user must have the same exact category name created in their category list.  You can re-add the default categories back in by creating new ones and naming it back to the default (ex. red category).  Color assignments do not matter, only the name.

Processes can be remotely viewed and terminated by built in Windows commands: tasklist.exe and taskkill.exe.

Examples of terminating a process:

Find the process id using the command “tasklist /s <computer> /u <domain>\<user> /p <password>”

Terminate the corresponding process “taskkill /s <computer> /u <domain>\<user> /p <password> /pid <process ID>”

If you attempt to run Bit Locker Drive Preparation Tool on Windows Vista with SP2 installed it will produce an error.  The problem is with the installer package. You can uninstall SP2 or perform these steps to bypass the error by extracting the install files:[more]

• After downloading Bit Locker Preparation Tool to the C: drive. Run the following at the command prompt.
• expand -f:* "C:\Windows6.0-KB933246-x86.msu" %TEMP%
• pkgmgr.exe /n:%TEMP%\Windows6.0-KB933246-x86.xml
• Run “C:\Program Files\BitLocker\BdeHdCfg.exe” and it will repartition your drive to allow Bit Locker to work properly.