Blog: Patch

I had recently upgraded Adobe Reader to version 10.1.2 and my printer would only print a blank page when I tried to print a PDF document.  The printer lights would blink, and all print jobs after that would not print until I physically rebooted the printer.  I thought there might be something wrong with the PDF that I was trying to print until it happened to me again with another file.

I came across a knowledge base article from Adobe last updated 1/25/2012, http://kb2.adobe.com/cps/928/cpsid_92870.html that gives a link to a patch for being unable to print at all, and it mentions that Duplex is set to “ON” by default after the upgrade. 

Unchecking the Duplex option allowed me to print successfully.  The patch may help others in troubleshooting print problems.  As Adobe Reader updates get installed on our customers’ PCs, we may have an increase in support calls.

I was working on rebuilding our Office Communication Server from scratch a short while ago. There were many gotcha’s in this entire process, but the one I want to touch on happened near the end of the rebuild process. The Front-End Server Service and Monitoring Agent service refused to start up, even after several reboots of the server and repairs of the installation. Errors in the event log reported the “Worker process exited prematurely” and referenced RTCHost.exe. By now, Google had become my close friend and guardian.

What happened is the update, KB967831, shuts down the Front End Server (as well as the other OCS services) to patch and then attempts to fire all the services back up.  See this article about the update.  If MSMQ is not installed, the RtcQmsAgent service (monitoring agent) will not start up, causing the Front-End server to fail. From the blog: [more]
 
On a good note, you can install MSMQ to get around the unfortunate "server killer" situation.

With Server 2008, you can run ServerManagerCmd -i MSMQ-Services and ServerManagerCmd -i MSMQ-Server.
With Server 2003 x64, it is a little more complex as an automation task but can be done using the details mentioned here.

The RtcQmsAgent service will no longer fail to start. At that point, you should be able to install all of the QFE1 updates successfully.
 
I ran those two commands (even though I thought I had already installed MSMQ earlier using the Server Manager GUI) and then attempted to start the services. Success!

I was installing Exchange 2007 SP2 Update Rollup 4 the other day at one of our network support client's sites. This particular customer has 6 exchange servers that needed the update. The first couple of servers took forever to install the update rollup. It really shouldn’t take 30 minutes to install a 50 MB download. After two servers the other guys working the maintenance window were already waiting on me so I had to make up some ground. After some searching (I didn’t have to look far…its posted on the “how to install exchange updates” page -> http://technet.microsoft.com/en-us/library/ee221147%28EXCHG.80%29.aspx) I found that during the install, if setup can’t connect to the CRL web site, the installation takes an abnormally long time to finish.

The reason is that each time the installer compiles an assembly, it has to check the code signing certificate used to sign the assembly against the CRL. If that connection can’t be made, each attempt must time out before moving on to the next assembly. Ok, so why can’t the CRL be downloaded? At this particular customer location, the problem was due to a Barracuda web filter that requires authentication. The attempts to download the CRL come across as anonymous and are blocked. It could also happen if an ISA server is in place and only certain groups of users are allowed internet access via security group membership. Whatever the reason, the work around is to turn off “Check for publisher’s certificate revocation” option in Internet Explorer. There is a registry key you can change, but I found the option in IE.  [more]

1. Start IE
2. Go to Tools -> Internet Options
3. Click on Advanced -> Security
4. Click to clear the “Check for publisher’s certificate revocation” check box
5. After the update is installed, reverse your change

On Thursday, October 23 2008, Microsoft released a critical out-of-cycle security update. This update addresses a vulnerability in the Windows server service that could allow remote code execution. Microsoft has rated this vulnerability Critical for all supported editions of Microsoft Windows 2000, Windows XP, and Windows Server 2003. This vulnerability has been rated Important for all supported editions of Windows Vista and Windows Server 2008.

The update addresses the vulnerability by correcting the way that the Server service handles RPC requests. Additional technical details on the vulnerability and update can be accessed at:
http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx

As a best practice, RPC functionality should not be exposed directly to the Internet. However as a precaution, CoNetrix recommends applying the update available from Microsoft as soon as possible.

If you have any questions or need assistance with this update, please contact CoNetrix at support@conetrix.com or call (800) 356-6568.

On July 8, security researcher Dan Kaminsky announced he planned to reveal details about the DNS vulnerability (DNS cache poisoning) at Black Hat.  Since then, many technology vendors have provided patches to help fix the flaw.

Kaminsky has provided a "DNS Checker" self test on his website - see his personal blog at http://www.doxpara.com/

• Link to Wall Street Journal article about the security vulnerability - http://blogs.wsj.com/biztech/2008/08/06/disclosing-a-hole-in-the-internet/
• Link to InformationWeek article about the security vulnerability - http://www.informationweek.com/news/security/vulnerabilities/showArticle.jhtml?articleID=209903948