Was working with a customer in which SEP flagged malware located on this week-old PC. Upon investigation, I found that the malware was named MicTray64. A quick bit of research showed this to be a key logger. So we took care of it and changed her passwords. The customer inquired where the malware had come from.
I investigated a little further and that's when I discovered that HP has been shipping PCs with a Key logger preinstalled in their Conexant Audio drivers. The key logger is included in a service called MicTray64 that is meant to check keyboard shortcuts for microphone usage. The key logger launches at log on, and records every key stroke and saves it into a log C:\Users\Public\MicTray.log, so anyone on that pc has access to said log.
Supposedly the log deletes itself when the user logs off. But this file could be easily accessed and it stores everything, including credentials in plain text.
The issue originated because a debugging feature for testing should have been disabled prior to deployment, but that obviously didn't happen. This issue has been found to go back as far as 2015.
To resolve the user needs the most up to date driver, which was released by HP on May 24, 2017. Any driver version prior to this (8.65.186.53 Rev.A) may contain that key logger feature.
There were intermittent scanning to e-mail issues occurring with an HP Color LaserJet CM4540 MFP. Initially, scan jobs of all sizes were having trouble going through. There was an article found that suggested updating the firmware on the device. After the firmware was updated, it seemed to correct issues with smaller scan jobs, but larger ones were still having issues.
When the scan jobs finished scanning the pages, the device would show on the display “SMTP Protocol Error”. The e-mails would fail to go out. During troubleshooting, the device could scan a 10 page document to e-mail (3 times successful), but not a color 46 page document (failed 3 times in a row).
I tested setting the Exchange server’s hub transport settings from 10 MB to 40 MB. E-mail sent successfully for the 46 page color scan 4 times with no problems. What this proved was that the message size was too large to be sent through e-mail based on the e-mail size limit configured in Exchange.
If you happen to see “SMTP Protocol Error” message when trying to scan large documents, chances are the e-mail size is over the limit.
There are power management settings that should be checked when running ESX on HP Proliant G6 and above or Dell PowerEdge 11th and 12th Generation servers. See VMware article for details: https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1018206
The Proliant G8 that I examined having performance issues was set in the BIOS to use "HP Dynamic Power Savings mode" instead of "HP Static High Performance mode". This can have an impact on virtual machines ability to utilize the CPU of the host. This setting can be changed through iLO without the need to get into the BIOS directly to make the change. It does not require a reboot of the ESX host to change the setting this way, which is even better.
HP has a handy new “feature” on some of their newer model home and office printers that allows you to print wirelessly when a wireless network is not available. The printer does this by broadcasting its own SSID with a name something like “DIRECT-B7-HP ENVY 4520 Series”. This seems like a harmless (and pointless) feature, but it can wreak havoc on your wireless network.
The issue with this feature is that the printer appears to only have one wireless radio, which is likely already connected to your wireless network using the channel your wireless access point or router is broadcasting. The printer then starts broadcasting a second SSID (the one mentioned above) on the same channel are your wireless network, essentially causing interference. This occurred at my house and at a customer site recently. My first thought at my house was to change the channels my router was broadcasting. After about 30 seconds, the printer switch to the same channel. You can set a static channel on the printer, but then you are unable to connect to your printer over the wireless network because it is listening on a different channel than you wireless network is broadcasting.
The solution is quite simple, all you need to do it disable Wi-Fi Direct Printing. AirPrint and wireless printing will continue to work with this feature disabled. To disable Wi-Fi Direct Printing do the following:
Details on HP Wi-Fi Direct Printing can be found here: http://www8.hp.com/us/en/ads/mobility/wireless-direct-printing.html
I recently updated a standalone ESXi 5.5 server through command line patching. After the ESXi server rebooted and came back online, it showed no datastore and no access to virtual machine disks.
I found a post about ESXi 6 updates causing similar issue when the HP Storage Array drivers had been removed during the update process. Since I still had my update logs pulled up in console window, I was able to locate a line that said "VIBs Removed: Hewlett-Packard bootbank scsi-hpsa <version>".
I was able to find a link to download drivers and transferred them to the ESXi server's /tmp directory:
http://h20564.www2.hpe.com/hpsc/swd/public/detail?swItemId=MTX_11afb713b03045a2a9508fe915
The command to install the patch was:
"esxcli software vib install -d /vmfs/volumes/datastore1/hpsa-<version>-offline_bundle-<number>.zip"
After a reboot, I had access to the datastore again and averted potential disaster!
HP printers are comonly detected in financial institution audits due to a vulnerable SSL version in use. Many older models contain multiple vulnerabilities that cannot be fixed with firmware upgrades because the older printers are no longer supported.
Customers can use the HP WebJet Admin software to manage these printers through SNMP and disable the web server completely. However make sure the SNMP community strings have been changed from the default "public" and "private".
We were experiencing a problem where, at random times, both HP and Xerox printers have had instances where the pages printed are missing characters. Bolded or special characters and words with double-consonants are the easiest way to reproduce it.
After much troubleshooting, it appeared this was caused due to updated font files as part of the installation of Office 2010, in particular the Calibri font (which is also the default font in Word). Office 2010 updates the Calibri font set to version 5.62. This version is also included as part of the font subsystem on Windows 7 and Windows 2008 R2. However, Windows 2003 and Windows 2008 have version v5. When printing through a print server that is running on Windows 2003 or 2008, the font version mismatch would cause the missing characters.
In the past, failing the resource group over to the other node fixes the issue. Reinstalling the Universal Print drivers on the physical nodes of the print cluster also seemed to alleviate the issue, but did not fix the problem long term. Finally during one MW, none of these fixes seem to fix the issue whatsoever and the problem was no longer random.
However, we were able to update the fonts by completing the following steps:
1. Copy the Calibri font files from a system with the updated version (4 files – regular, bold, italic, and bold italic) to an accessible location
2. Open the control panel font applet from the system with the outdated font files
3. Delete the four files for the Calibri font
4. Reboot the system.
5. Reopen the font applet from the control panel and verify the files have been removed.
6. From the File menu, select install new font.
7. Browse to the location where the files were copied to in step 1.
8. Select all fonts and choose Install
9. Reboot the system
10. Reopen the font applet from the control panel and verify the files have been added. You can open each font file and verify the version.
The other day I had an issue come up with a customer where VSS (Versative Storage Server) integrated file system backups stopped working for some unknown reason. Usually, a reboot fixes these types of issues, but backups continued to fail after a reboot. I started a support call with the backup vendor and after seeing the error logs, the support tech seemed fairly sure he knew what the problem was. This error is usually caused by a malformed path within the registry. So he had me run the following commands on the server and send him the output. [more]
vssadmin list writers >> c:\writers.txt
vssadmin list providers >> c:\providers.txt
vssadmin list volumes >> c:\volumes.txt
diskshadow /L c:\shadow.txt
list writers detailed
After reviewing the text files created, he found the malformed path:
- File List: Path = c:/windows\hpsum_1327455089, Filespec = hpsumserverw32.exe
To correct the issue, I searched the registry under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\ for “c:/windows\hpsum_1327455089” and corrected the path to “c:\windows\hpsum_1327455089” . After doing this, the backup ran fine. Further research uncovered the root cause. During the last maintenance window, HP System Update Manager was used to update the HP System Management Homepage on these servers. This malformed registry key was created by HPSUM during the upgrade.
After installing a new computer and upgrading to Adobe Reader 10.1, a user was unable to print PDFs in portrait orientation to a Xerox printer. The documents printed correctly to an HP printer. When printed to a Xerox printer, two portrait pages were shrunk and printed to one landscape page (like a book). To fix this error, you must follow the steps below on each printer affected. This will make the printer print exactly what is seen on the screen, just like it was a picture.