CoNetrix

Blog

Initially worked with a customer to see if we could reproduce the problem in Worldox with a known "working" file.  We were able to reproduce the problem, so we started work on the user's profile.  I had the customer log off and then disabled the users roaming profile for both the NTprofile and TSprofile.  I renamed the existing user folder in Documents and Settings on Citrix2 so a new profile would get created.  After this I had the customer login to test Worldox with the "clean" profile.  Worldox worked with the clean profile, so we knew something was wrong with the user's settings. 

I looked through the registry settings and profile directory for the working and broken profiles to try to find differences.  I tried several minor file and registry changes to see if we could get Worldox to work under the original user profile.  None of the changes seemed to work.  There wasn't much related info in the registry, so I was sure the problem was file related.  It seemed especially to be something related to the document templates/addins in Word not working properly.  I tried replacing and removing the Word templates in the users Documents and Settings folder, but this didn't seem to change the behavior at all.  The templates were actually still loading, even after I removed them.  [more]

I found (in the working profile) that the addin that had the macro for inserting the DocID was named swInnova.dot.  When I would open Word in the broken profile, that particular addin was the only one of about 8 missing!  This certainly seemed to be the problem, but I couldn't figure out why that addin wasn't loading while all others were.  After some digging I noticed the addins were being loaded from the users home folder on H:\ rather than the Documents and Settings folder.  I tried to update the addins in this folder, but Word still wouldn't load the swInnova.dot addin.  I decided to change the path to the addins back to the standard location in Documents and Settings and when I did this Word loaded the addin properly.  I then tested Worldox and it worked too.  So, it seems there is something in the swInnova.dot addin that is keeping it from being run from a network location (can only be run locally?).

Networking, Word,
 

UEFI problems:  I have found that Bitlocker will not be able to use the enhanced PIN as specified in our GPO on the Thinkpad T420 when using UEFI.  The problem lies in the BIOS (yes, it is still called the BIOS, even though it is UFEI) and it requires an updated version so that the keyboard keys are represented properly (alpha characters) during the boot phase of the startup. My T420 had version 1.24 of the BIOS, and version 1.25 seems to fix this issue. Here is a snippet of the Release Notes for 1.25: [more]

CHANGES IN THIS RELEASE

  Version 1.25

[Important updates]

  Nothing.

[New functions or enhancements]

- Added support for the Password Beep function.

- Increased the number of configurable boot devices by BootOrder option of

  Windows WMI script.

[Problem fixes]

- Fixed an issue where the BitLocker function could not be enabled on Windows

  64-bit.

- Fixed an issue where PXE boot might fail.

- Fixed an issue where the fingerprint authentication associated with some

  password strings might fail.

- Fixed an issue where the Intel TXT feature might not be enabled when the

  Security Chip was activated and the Intel TXT feature was enabled at the same

  time by ThinkPad BIOS Settings Windows program.

- Fixed an issue where the Bluetooth wireless status indicator might be changed

  after running Windows WMI script.

General, ThinkPad, UEFI, BitLocker,
 

Last month, I was working a maintenance window for a customer that has VMware View 4 installed. During the window, I would install all the updates on the master image, snapshot it, and recompose the pool using the updated image. During the recompose, View would shutdown all the machines needing the update, delete them from the inventory, copy out a new replica disk, recreate all the VMs, attach them to the replica disk, and complete the setup process. This particular recompose could not delete one of the machines. The other machines finished the process normally and were ready to go, but this one machine simply timed out during the recompose process.

During my troubleshooting, I ended up killing the task and trying to delete the machine through the View console. No luck. I could delete the machine from the vSphere client, but then how would I clean it up from inside View? [more]

http://kb.vmware.com/kb/1008658

This article provides the steps to manually remove a linked clone entry from VMWare View. The basic steps include:

  1. Remove the VM from the ADAM database
  2. Remove the linked clone reference from the View Composer database
  3. Delete the machine from vCenter

At that point, you can re-enable provisioning and everything should start working as normal once again.

Networking, vSphere, VMware,
 

We normally recommend a customer password protect the management interfaces of their networked printers.  In general, it seems a wise thing to not allow just anyone who is so inclined to changed printer configurations.

However, we have also shown it to be simple to redirect printer output if you change a printer's IP address.  We turned one printer off (Printer #1) and then changed the IP address of Printer #2 to be that of Printer #1.  A print job sent to Printer #1 now prints on Printer #2.

It's not a difficult thing to get the IP address of a printer especially if you have physical access to the printer. Thus, even if for only a while until someone determines an IP address change was the culprit, it would be possible for someone to intercept potentially sensitive documents if they had the ability to change printer IP addresses.

Using port security or sticky MAC addresses on switches would also help with this security issue by preventing anyone from attaching their own printer to the network when the management interfaces of you printers are password protected.

Security and Compliance, printing,
 

Running host-based anti-malware software is a very good idea, but sometimes things can slip through.  You can't trust an infected machine to tell you whether it's infected or not.  Microsoft has System Sweeper, which boots from another media and will scan a Windows machine.  There is one version for 32 bit Windows and one for 64 bit Windows.
 
https://connect.microsoft.com/systemsweeper
 
Kaspersky Labs has a Rescue Disk that will also scan a Windows machine offline.
 
https://support.kaspersky.com/faq/?qid=208282173
                                                           
If malware is discovered I would recommend rebuilding the system and restoring the data.  In my opinion, these tools should be used periodically to determine to some extent that a system is malware free.  Of course, it is a judgment call, depending on what is found.
Security and Compliance, antivirus,
 

If your virtual disk is at or close to the maximum size allowed by the file system, you might be unable to take snapshots due to overhead added by the snapshot process.  This failure occurs when the snapshot file at its maximum size would be unable to fit into a datastore. 

The failure depends on the size of the virtual disk. All virtual machines having disks with a maximum supported size by VMFS may experience this error. Overhead for the snapshot is roughly about 2GB for a disk size of 256GB. If snapshots are to be used, consider the overhead while deciding the size of the disks.  Follow the link below to view the maximum file sizes forthe different versions of VMFS.

Networking, VMware,
 

After upgrading the Adobe Reader to version 10.1.0 for a customer,  some users began to see prompts for accepting the EULA.  This seemed to be pretty random because not all PDF files were causing the behavior.  I did a quick Google search and found the following link: [more]

http://patrickhoban.wordpress.com/2011/07/09/124/

Apparently if you have the letter "CR" (must be in this order, capitalized and together) in the file name it will trigger this behavior.  The link above explains what registry key is missing and how to fix the problem.

Networking, Acrobat Reader,
 

I recently travelled to a customer location wehre 80% of the employees use Windows XP Embedded Thin Clients. With the new XenApp 6 farm, it requires the latest version of the Citrix Client 12.0 or higher to be able to use all the functionalities of the new farm.

Now this became tricky as some older models (T20’s) had 512KB of Hard Drive space and 512KB of RAM.  I was happy to see that the the newer versions, T30 and T40, both had 1MG.  Adding to this storage surplus, all the images had Citrix plugins ranging from versions 10 to 11.  We also wanted to help IT support out and install a Bomgar Button to these machines. [more]

After some trail and error we finally found a work around to the installation of the Thin Clients.

  1. Changing the environmental variable to run the installation off the USB keys
  2. Loading a file that Bomgar created on Local Settings/App Data to the All Programs folder for all users to be able to launch the button
  3. Registry fixes to disable Icons and rename the Thin Clients so they pass through the correct machine names.

All these changes, had to be made in the administrator account and all changes required a reboot of the machine for the changes to take place.  All in all, I believe I became a very thin client myself.

Networking, Citrix, ZenApp, thin client, Windows XP,
 

I have received 4 or 5 email this week from a phishing scam that claims that one of my ACH transactions was recently cancelled. These emails are getting through the filters and landing in my Inbox. If you or anyone you know gets an email similar to the one below, delete it. I have modified the link in the email below so it won’t work, but you can still see where it was trying to go.

One indication the emails are fake – they purport to come from NACHA, the National ACH Association. However, NACHA does not deal directly with consumers or individual transactions.

If you know someone who works with payroll, purchasing, paying bills, etc., you should warn them about these emails. They are targeting people who work with online ACH transactions. Imagine the horror if the person responsible for payroll at a company received an email saying, “ACH Payroll Cancelled”. They would be very likely to click on the link first and think about security later. [more]

From: admin@nacha.org 
Sent: Friday, September 16, 2011 8:07 AM
To: You
Subject: ACH Payroll Cancelled

 
The ACH Payroll transaction (ID: 2150243623890),
recently initiated from your operating account (by your company), was rejected by the other financial institution.


Cancelled transaction

Transaction ID: 2150243623890
Reason for rejection: See details in the report below
Transaction Report: report_2150243623890.pdf.zip (self-extracting archive, Adobe PDF)

Note:
If you are sure that this email was delivered to you by mistake, please redirect it to your director or accountant.


..
13450 Sunrise Valley Drive, Suite 100 Herndon, VA 20171 (703)561-1100 2011 NACHA - The Electronic Payment Association

IT Security Alerts, Pphishing, Security,
 

This is pretty straight forward, but comes up from time to time.  A customer called to say their screen is smaller (lower resolution) than it used to be after Windows Updates.
 
Notes about Terminal Server resolution:

  • You cannot change the resolution while in a terminal server session.
  • The Display tab in the RDP options before you connect is usually set to “Full Screen”.  It can be set to lower resolution sizes than your current PC or Thin Client settings, but not higher.

In order to fix the problem, close the terminal server connection.  Change the resolution size as needed on the local PC or Thin Client, and then reconnect to the terminal server.  The new resolution settings will be passed through automatically if the display settings are still set to “Full Screen”.

Networking, Terminal Server, RDP, thin client,