Thursday, September 25, 2014

Critical BASH vulnerability - updating BASH and testing

A recent bug report has revealed a security vulnerability in BASH.  This vulnerability allows for remote execution, however, it has been resolved in the latest version of bash: 4.1.2-15.el6_5.1

For further information on the bug, see here.

You can test if your version of BASH is vulnerable by running the following command:

env x='() { :;}; echo vulnerable' bash -c "echo this is a test"






If it prints out 'vulnerable', well guess what, your system is vulnerable.
Luckily for you, this vulnerability is easy to deal with. 

Simply update to the latest version of BASH:

sudo yum clean all
sudo yum update bash

A reboot is not required once you've downloaded and installed the update.

To double check that you are no longer vulnerable, you can run the test again and you can check which version of BASH is installed by running the following command:

rpm -qa | grep bash

If your version of BASH is earlier than bash-4.1.2-15.el6_5.1 you may be vulnerable.
I recommend you subscribe to user-groups, tech blogs, and customer groups to ensure you hear about the latest bugs\vulnerabilities you should worry about.


Tuesday, July 9, 2013

System Center Endpoint Definitions Update Failed 0x80248014

Just installed a fresh version of Win Server 2012 and installed SCEP 2012.  After a few days, I started receiving messages stating:

26 Jun 2013  10:45:20 PM
Computer: [COMPUTERNAME (SCVMM & Backup Mgmt) [COMPUTERNAME]]
Monitor: [Event Log Monitor]
Description:
* Event Time: 26 Jun 2013 10:34:15 PM
* Source: Microsoft Antimalware
* Event Log: System
* Type: Error
* Event ID: 2001
* Event User: N/A
* Microsoft Antimalware has encountered an error trying to update signatures.
                New Signature Version:
                Previous Signature Version: 1.153.606.0
                Update Source: Microsoft Update Server
                Update Stage: Search
                Source Path: http://www.microsoft.com
                Signature Type: AntiVirus
                Update Type: Full
                User: NT AUTHORITY\SYSTEM
                Current Engine Version:
                Previous Engine Version: 1.1.9607.0
                Error code: 0x80248014
                Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 

Wondering what the deal is, I went into the server and manually tried to update the definitions only to be greeted with:

'

Well screw you, I know I have internet access, so what is the deal?
We don't have time to find out why this doesn't work, we're sick of seeing the alerts.

Settings -> Control Panel -> System Security -> Windows Update
But why?  Just do it, you'll cringe thinking about it.

Windows Update 1


Click to find out more, then check the box, "Give me updates for other Microsoft products when I update Windows"

Then check for updates, run the definitions update, reboot if it asks you.

After you are done, go into SCEP and attempt to manually update the definitions.  *BAM* works.

So stupid, I know.

Friday, December 2, 2011

End-User Knowledge: The DNS Flush

It happens a lot of the time:  Why can't I reach this website? Why is this site timing-out? How come this service isn't working?  It's frustrating to pinpoint why issues like this occur, but they often happen.  

The first thing you should always do when you have a computer issue is, don't panic.
Else you'll have this on your hands.

Anyways, what the DNS flush can do for you is clear away a pretty big mess.  It'll clear away any preset DNS entries in your system and provide default access to the sites/services you are trying to reach.

Quick Review:  
What is DNS?
DNS - Domain Name System

Devices on a network are identified by an IP address.  As users, you care not what an IP address is, but what that IP address is mapped to.  This is where DNS comes into play.  When you first type in an address to reach a website: (ex) http://www.google.com, typing in that address is called a DNS request.  

Basically, your computer is asking the world wide web, "hey, does anyone know a google.com?"  
Well, a DNS server essentially acts like a operator, it'll reply, "I found it and google.com is '74.125.225.84'"  Your computer completes the request, goes to 74.125.225.84, and you're on google.com. 

Your computer remembers this information in case you'd like to access the same site again, called DNS caching.  Typically, there is a certain length of time until your computer 'forgets' this mapping, however, it'll make a DNS request if it has forgotten.  

Back on point, sometimes that DNS cache or address memory bank gets corrupt or it's contents are affected by an application or service.  As a user, you'd notice an issue if you know for a fact you have an internet connection, but certain websites and services cannot load.  Here's where the DNS Flush comes into play.

In a Windows Command Prompt, that looks like this:
[C:\] ipconfig /flushdns
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
[C:\]

This simple command clears your DNS cache and prompts the computer to make a DNS request, thus providing your computer with a proper address which will resolve to the website you were trying to reach.

I'm not going to get into specifics with this post or begin to discuss DNS hierarchy, but this should give you a better idea as to what the DNS flush does for you.  

Lastly, I'd like to point out that rebooting your computer clears out the DNS.  So, while it's annoying that your IT Support Tech will tell you to reboot, it serves a bigger purpose which will likely correct the issue.


Tuesday, November 8, 2011

How to fix remotely - Terminal server has exceeded the maximum number of allowed connections.

How annoying is this message?  It seems every time I've run into this issue it's because some user incorrectly exited of the session and their session thinks it's still connected.  Well don't beat your head over this one, it's actually a pretty simple fix.

First make sure you are logged into the client computer as a domain Admin user.
command: net use /user:[username] \\servername
 ex:            net use  /user:GenericUser \\Generic-Server
                "Enter the password for 'GenericUser' to connect to 'Generic-Server':"
                       #if you typed in the right pass
                "The command completed successfully"

From here, we need to see which users have open sessions on the box.  To do this type the command:

query session /server:[servername]


Using the previous command displays which session ID's are currently logged into the client machine.  The next step is booting that user from the box.

reset session [ID] /server:[servername]

now if you run the query session command, you should see that the offending session ID has now been disconnected.

Alternative commands:

If you've been googled this issue and have seen commands such as: qwinsta, rwinsta, and logoff being used, these are alternative commands to what I listed.  You can substitute qwinsta for "query session" and substitute logoff for "reset session".  Everything else in the command stays the same. Rwinsta is another alternative for logoff or reset session, however, the session ID comes after the server name.  Listed below are examples of each alternative command being used:

qwinsta /server:[servername]

rwinsta /server:[servername] [sessionID]

logoff [sessionID] /server:[servername]

Wednesday, August 3, 2011

Event ID: 8003 Master Browser derp

short synopsis: disable the Computer Browser service on the offending PC.

Event Type: Error
Event Source: MRxSmb
Event ID: 8003
Event Category: None
Description:
The master browser has received a server announcement from the computer XXX that believes that it is the master browser for the domain on transport NetBT_Tcpip_XXX-. The master browser is stopping or an election is being forced.


This is simply a network configuration error and nothing more, so don't panic.  It's actually a fairly common error when you've got networked computers.  Frankly, I wouldn't consider it an error as an error states something is broke.  Think of this as an argument between children,  "This other computer thinks it's the Master browser, but I want to be!"

What's going on is Windows networking services, specifically MRxSmb, is having a difficult time trying to decide which computer should maintain this master browser list.  This browser list service provides a list of computer sharing resources in and on the domain.  Think of it as a list provided to workstations that can view network resources within your network neighborhood.

The first thing you need to take into consideration is: Is this a dedicated server on the network or are you running another machine with a Domain Controller?

Let's say it's a dedicated server on the network, then go to the machine specified in the event viewer text that is believing it is the Master Browser for the domain.
go into control panel->administrative tools->services then click on the Computer Browser option, click stop.

(what is? Computer Browser service - http://support.microsoft.com/kb/188001)

Also, double-check the registry settings by making sure the IsDomainMaster to False at:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Browser\Parameters\IsDomainMaster

 If you're running a Domain Controller, which you should ideally use as the "master browser", go to each of your workstations and disable the Computer Browser service. In addition, to ensure you've told your workstations not to search for a master browser, you can run a command line utility: BROWSTAT STATUS.  This tells you whether browsing is active, how many servers are on the domain, and what their names are.

This will resolve your issue.  However, as a disclaimer, only make registry edits if you are completely sure of what you are doing.  Also, after you make these changes, it is always in your best interest to reboot the machine.  If you are still having issues, you've either done something wrong, else your computers are not on the same subnet.

Wednesday, June 29, 2011

Understanding CALs

CALs, or Client Access Licenses, are often a confusing matter.  I've been working with them ever since I got started in IT, however, not until recently have I had a full understanding of when and where you'd use a CAL.  Not to mention, there are different types of CALs which add to the confusion.

Let me break down a few things for you:
-What's a CAL
-What CAL do I use?
-When not to use a CAL.

CAL,  a client access license. 
When you buy or manage a Windows server, it'll be licensed to end users or to businesses.  The CAL gives you rights to connect to a server, or server application. Most editions of server or a specific service, come with some CALs already.  This allows the software to be used by either a few users or a few computers.  The more users/computer, the more CALs required.  Think of it this way, one CAL per concurrent connection.

There are two types of CALs; a device and a user. 
User CALs allow one user to connect to a server or service.  Any user can connect, however, only one user may utilize the CAL at any given time.  Let's say you have SQL Enterprise 2k8 w/ a 5 CAL, then 5 users can utilize that service at the same time.

Device CALs allows one device to connect to the server or service.  Connections are limited by device, rather than user.  So if you have a lot of users and a small amount of devices, utilizing CALs for each of those devices is more cost-effective.

Core CALs, are special CALs offered by Microsoft via corporate licensing.  Core CALs include CALs for Microsoft Windows Server, Exchange, Systems Management Server, and Sharepoint.  Think of it as a suite of CAL offerings to license basic server components across your computers.  Less overhead equals less management of your CALs.  So if you're going to utilize many Microsoft services, look into Core CAL licensing.

Lastly, when don't you need a CAL?  When your users access the server anonymously or when they require privacy via authentication.  You do not need to add CALs for users who are authenticating.  If you are gearing your server or services for customers and not internal-employees, you'll want to utilize an External Connector.  An EC allows an unlimited number of outside users to access a server or service.  However, EC's should only be considered when you have a large customer-base because they are rather expensive.  If you have a smaller external user-base, CALs are a much more cost-effective solution.

Wednesday, October 13, 2010

SQL 2k8 R2 upgrade head scratch

Performing an upgrade for any service or application should be an easy task, right?  Well in the instance of SQL server upgrades, sometimes it isn't.  The process hasn't been as concise as I'd like, however, here are two issues I've frequently run across and their quick fixes.

1)  Cannot install SQL Server 2k8 upgrade due to SQL 2k5 Express tools still existing.  

But I don't even have 2k5 express tools installed?  Talk about a head scratcher...
Two quick work arounds:
-Remove the registry key at: HKLM\SOFTWARE\Microsoft\Microsoft SQL Server\90
 else, you can simply rename this key/export the key to a different registry folder.  I would suggest rename it something to the sorts of "old" or "previous".

If you are still receiving the SQL 2k5 Express Tools is installed prompt as I was:
-Do you have RedGate backup installed?  
If so, uninstall SQL Search 1 as this RedGate application seems to have an instance of the express tools installed.

2) Reporting Services:  Check whether report server is correctly configured, the database server is running and you have permissions to access the database.

If during the install it will not let you proceed because reporting services is not configured you will have to run:
  -All Programs > Microsoft SQL 2008> Configuration Tools > Reporting Services Configuration Manager

After connecting to the server go through the list on the left as follows:

Service Account – Use Built-in Account and Local System. Click apply if it is highlighted or go on to the next on, if not.
Web Service URL – Just click the Apply button if it is highlighted.  Skip to the next if its not.
Database – If the fields are populated below and the Apply button is grey'd out, you can skip and go on to the next setting. If not, you will have to select Change Database> Choose existing > Select the ReportServer database. If it does not exist, then Select Create new report server database and accept default until done.
Report Manager URL - Just click the Apply button if it is highlighted.  Skip to the next if its not.

All remaining options can be skipped. When done just Exit.

If you cannot get passed the connection screen using Windows Integrated security, change to SQL Authentication with
User: "user"
Pass:"password"

Should be able to proceed at this point and complete the upgrade.

These seem to be the most common errors and annoyances you'll encounter when upgrading SQL Server 2k8 R2.  With a little patience and logic, hopefully you've resolved any head scratching issue you may have stumbled upon during this process.