Blog: Networking

The link below is an interesting article from the latest SANS NewBites email where attackers bribed gas station clerks to allow them to install skimmers inside the gas station’s card readers.  The British pound is worth about $2 US, so you can roughly double the numbers in the article to get U.S. currency. [more]

In the SANS email, one of the SANS commentators said: “This story highlights how once physical security, in this case the attendants, is compromised then all the technical security controls cannot protect you.  Have a look at your own information security infrastructure and see what can be bought for GBP 15,000 (US$29,737), would it be a new firewall or your firewall administrator?”

http://www.theherald.co.uk/news/news/display.var.2211223.0.Scots_police_break_1m_credit_card_fraud_linked_to_terrorism.php

Yesterday the following was published on Microsft TechNet:

"Today we are happy to announce that Windows XP Service Pack 3 (SP3) has released to manufacturing (RTM). Windows XP SP3 bits are now working their way through our manufacturing channels to be available to OEM and Enterprise customers. [more]

We are also in the final stages of preparing for release to the web (i.e. you!) on April 29th, via Windows Update and the Microsoft Download Center. Online documentation for Windows XP SP3, such as Microsoft Knowledge Base articles and the Microsoft TechNet Windows XP TechCenter, will be updated then. For customers who use Windows XP at home, Windows XP SP3 Automatic Update distribution for users at home will begin in early summer. 

Thanks to everyone here who installed the public betas – you not only gave us detailed feedback but also helped each other out with timely troubleshooting. Through the beta program we found several important issues and were able to confirm some essential fixes. We couldn’t have done this without you.

We will still be monitoring this forum during the next few weeks in case you have more feedback about the release of Windows XP SP3.

On behalf of myself, Shashank Bansal and Windows Serviceability, many thanks.

Chris Keroack
Release Manager, Windows XP Service Pack 3
Windows Serviceability"

http://forums.microsoft.com/TechNet/ShowPost.aspx?PostID=3214173&SiteID=17

http://www.microsoft.com/downloads/details.aspx?FamilyID=68c48dad-bc34-40be-8d85-6bb4f56f5110&displaylang=en

UPDATE: This morning Microsoft released XP SP3 to the public and then delayed it because of a compatibility problem with their Dynamics software products.  I didn't see a posting on Microsoft's site, but I did see this article: http://www.crn.com/software/207403064

From time to time when I've been out of town working with offline files, I would get an "Incorrect Parameter" error when I tried to synchronize the files (usually when I had returned home and was plugged directly into our network).  This happened to me when out of town recently at the end of a day when I'd created quite a few files (a few hundred) in a customer's folder tree.

I thought it might be related to creating so many new files so I copied the bulk of the new files (fortunately, they were mostly located in a single four-deep folder set) to a temporary folder on my laptop then deleted them from the offline files.  Also, note if you've created folders while offline but have not synchronized them yet, you can still delete the folders while offline.  If they've been synchronized, you can't delete them unless you're online.  [more]

I then connected via Cisco VPN and tried to synchronize and it worked.

Finally, while online, I copied the new folder set to the customer's folders online (which copied them directly to the server) then synchronized to get them back into the offline set.

The alternative was to work on an offline copy then manually synchronize them once I was back in the network and to nuke my offline files to get synchronization to work again.  This is what Microsoft recommends and I've done it numerous time.

This was a preferable solution.

You can use the Vista Task Scheduler to launch applications with admin privilege without the User Account Control (UAC) confirmation dialog.  To do this: [more]

• Open Task Scheduler
• Create a new folder for the application you want to launch, or use an existing folder (if it seems to fit)
• Create a new task
  • General
    • Name: <something simple, this is how you will refer to the task when launching it>
    • Description: <where you can give a lot more detail about what you’re doing>
    • Run only when user is logged on
    • Run with highest privileges
  • Actions
    • Start a program <path to your program, arguments, etc.>
  • Conditions
    • <Adjust as needed>
  • Settings
    • Allow task to be run on demand
    • <Adjust other settings as needed>
• Once the new task is created, you can update your shortcut to the application with the following command (or just run it from the command line):
  C:\Windows\System32\schtasks.exe /run /tn "\<folder where task is located in task scheduler>\<name of task, see above>"

One of the nice side benefits in doing things this way is you get to use the Task Scheduler’s built-in logging capabilities.

Windows has a tendency to cache negative DNS lookups so that even if you fix a DNS problem you still cannot look up a name. A negative DNS lookup occurs when trying to resolve the address for a name that has no corresponding DNS record.  There is a registry entry that specifies cache times for DNS.  One of them specifies how long to cache these negative entries.  I would suggest setting it to zero so it will always try to query a DNS server even though the name did not exist before.  Doing this might save you some confusion when troubleshooting DNS issues.  Read about it here http://support.microsoft.com/kb/318803.

There is also a dnscmd Windows Support tool that is handy for updating DNS without having to run the GUI.  You can read about it here http://technet2.microsoft.com/WindowsServer/en/library/5c497b2e-3387-4ecf-adf5-562045620a961033.mspx.

When installing the first Windows 2003 domain controller in a Windows 2000 Active Directory domain, you must first run ADPrep on the Windows 2000 domain controller.  ADPrep is provided on the Windows 2003 media.  BUT, Windows 2003 R2 requires a different version of ADPrep.  It can be found on Disc2 of the media set; the ADPrep on Disc1 will not allow you to install a Windows 2003 R2 domain controller.

Somehow directories get set with a read-only attribute that cannot be changed with the GUI.  Use attrib -r to remove the read only attribute.  If a directory where VMware stores snapshots is set to read only, VMware cannot restore snapshots from that directory.  See http://support.microsoft.com/?id=326549 and http://www.vmware.com/community/message.jspa?messageID=339508.  It seems if you customize the folder to get the fancy VMware icon on it, then Windows sets the read only attribute on the folder.  Then at some random time in the future, VMware will not be able to restore a snapshot.

We recently ran across a problem where users trying to log on to Microsoft Office Outlook Web Access in Exchange Server 2007 would receive the following error message:
"A problem occurred while trying to use your mailbox. Please contact technical support for your organization."

If Show Details is clicked in this error message, a call stack including the following message appears:
"Exception message: Property Languages cannot be set on this object because it requires the object to have version 0.1 (8.0.535.0) or later. Current version of the object is 0.0 (6.5.6500.0)." [more]

After some research we found that this issue occurs when the msExchVersion attribute is not set correctly on the user object in the Active Directory. Exchange 2007 uses the msExchVersion attribute to determine the version of Exchange that user objects are associated with. If the version value is less than 0.1, Exchange 2007 considers the object "read-only" and cannot write changes to the object.

The msExchVersion attribute may not set correctly if you created the user's mailbox by using the Active Directory Users and Computers Microsoft Management Console (MMC) snap-in instead of by using the Exchange 2007 Management Console, as was the case in this situation. 

To resolve this issue, type the following command at the Exchange Management Shell prompt:
Set-Mailbox User_Name -ApplyMandatoryProperties

To verify the msExchVersion attribute, type the following command at the Exchange Management Shell prompt:
Get-Mailbox User_Name | format-list ExchangeVersion

We were having some problems getting Windows Server Update Services (WSUS) to download new updates at one of our customer's sites.  The ISA server was denying the connections, but was saying that "an existing connection was forcibly closed by the remote host".  I made several changes on the ISA server to try to fix this.  I tried using an HTTP rule without the web proxy, disabled caching, etc.  Nothing seemed to fix the problem.  When I checked the Application event log on the server, there was a WSUS error saying, "Content file download failed. Reason: The server does not support the necessary HTTP protocol. Background Intelligent Transfer Service (BITS) requires that the server support the Range protocol header."  I did some research on this and found a fix that involved making a change to the WSUS database. [more]

I stopped the WSUS service and ran the following command:
osql.exe -S PNB-TS\MICROSOFT##SSEE -E -b -n -Q "USE SUSDB update tbConfigurationC set BitsDownloadPriorityForeground=1"

I then restarted the service and it worked great.