/home

I found this one funny (sort of…).

A user who use a Windows 2003 terminal server session reported be having a problem access a samba share after the server, which is part of a domain, asking him to change his password (controlled by a GPO). He changed his password, access his session and then he tried to access his samba share using

 Start /cmd / \\sambaserver\<username>.

Windows then prompted him a user name and password. But whatever username and password he entered, it was rejected.

The funny thing is that the event viewer did not report any issue and there are no entries in the samba logs at all, no errors or anything. Even when the user logged out and logged in again, the same behaviour occurred.

Wow…

We finally discover that some shortcuts displayed in My Network Placesworked well on the samba server without asking any username and password. We saw also that a network drive was disconnected.

• We finally resolve the issue by using  start / cmd and using net use
• This will list all network resources currently used by the user on the system.
• we have done some cleanup using net use <entry> -DELETE for each item displayed here.

Then the user have been able to go the samba share without any problem.

Hope this help!

Sometimes, you want to troubleshoot network connectivity and access to an imap server, like Exchange or other ones. Of course you can use telnet, like:

• telnet <your exchange server> <port>

The tcp port could be 143 or 993 if it has been configured to only accept secure connections (SSL).

In some cases, even by telnet, it does not work which does not mean that there is a connectivity problem. In this case, you can use opensslto test your connection to your imap server. Note that you can install openssl even on Windows, just go here. On linux, openssl you be available.

So, use this string to connect to your imap server over a secure channel:

• openssl s_client -connect <server>:<port> -crlf

The port could be 993. Just don’t forget the option -crlf. Without this, you will not be able to use Return after entering a command at the prompt.

Then, when the connection is made, you can use this commands:

• ? LOGIN username password
• ? SELECT Inbox
• ? LOGOUT

Use ‘? <command>‘ (The ? sign, a space, and the command) or this will not work. The username is the username you have on your domain/exchange/imap server (the @domainname should not be needed here).

Ref : link1, link2, link3

On a Windows 2003 server which act as a termial server, a user report me that when he access My Network Places and try to access or delete one of the entry listed there, his session hangs there is no option that to kill is session. Note that it can also occurs in Windows XP.

Well, I have looking for a fix for this issue but can’t find something really interesting until I do a simple task: clean all the entries listed there! But how we can acheive this if the computer hangs? Well, just do this:

Clearing Existing Shortcuts from My Network Places

1. Click Start, point to Settings, and then click Taskbar & Start Menu.
2. Click the Advanced tab.
3. Click Clear to remove records of recently used documents, programs, and Web sites.
4. Click OK.

That’s all!

Some things you want to know about My Network Places. The items listed here are displayed when you access some files one a network share. So if you want your shorcuts back, simply access/open a file on the share on the network.

Computers are listed here when Windows search over the network for some shares also, they disappear when it can’t access them after 48h.

Ref : Ms KB Article

MySQL root password recovery:

1. As Linux system root user stop the database process: /etc/init.d/mysql stop
   (or: service mysql stop)
2. Start MySQL in safe mode and skip the use of the “grant tables”: /usr/bin/mysqld_safe –user=mysql –socket=/var/lib/mysql/mysql.sock –pid-file=/var/run/mysqld/mysqld.pid –datadir=/var/lib/mysql –skip-grant-tables –skip-networking &
3. Reset the MySQL root password: mysqladmin -u root flush-privileges password newpassword
4. Stop MySQL running in safe mode: kill `cat /var/run/mysqld/mysqld.pid`
5. Start MySQL: /etc/init.d/mysql start

6. The new MySQL root password can now be used: mysql -u root -p
   Respond withthe password: newpassword

Find other, information about MySQL under linux, go here.    

Depending of you syslog-ng configuration, you may have configured your logging system to write a different at different place (folder created by year and month for ex) and for each different hosts that contact your syslog server.

I will not detail here all the configuration needed for that (or maybe later if you are nice) but I will explain a trick that can help you when the syslog-ng server does not want to create a file for a host and put its messages in the Fallback file. 

Usually, all is working fine with simple filters, like this one :

filter my_filter { host("myserver");};

Here, ‘myserver‘ is in fact the hostname in the message header (should be in third position after the date and the hour/timestamp). Some device may send their messages without the hostname field in the message resulting the log written in the fallback file.

In this case, you can use netmask intead of host, like this:

filter my_filter { netmask("<ip address of the server>/<netmask>");};

for ex : filter my_filter { netmask(”192.168.1.100/255.255.255.0“);};

Which should this time make your redirection to work well and the file created for this host correctly.

Note: using /32 does not work at all, use the entire netmask instead.

I don’t know if you know Nagios but it is a quite nice (yet tricky) monitoring solution for you IT infrastructure. With this open-source solution, you can monitor daemons and services, nics, CPU load, memory use, disk usage, etc. for your Linux and Windows systems. 

I came recently across a problem when adding a SQLServer service to my nrpe.cfg config file using the NRPE_NT client. For the background, some software like McAfee Epolicy Orchestrator, BrigthStore Arcserver installed themselves with a limited version of SQLServer. The point is the SQLServer service (name of the service) is listed in the registry something like this MSSQL$<name of your application> (ex: MSSQL$EPOSERVER).

If you try to just copy/paste that name in your nrpe config file, Nagios will says something like:

MSSQL$EPOSERVER$ : Service unknown

As you can see, it add a $ sign at the end.

To correctly monitor this service in Nagios (when your use NRPE_NT), configure your nrpe.conf file like this:

• # Epolicy Orchestrator MSSQL Service
  command[check_epomssqlservice]=c:\nagios\nt_plugins\check_nt -H localhost -v SERVICESTATE -l MSSQL”$$”EPOSERVER

Note the “$$” (double quote, dollar sign, dollar sign, double quote) between MSSQL and the name your application/software.

A good news for all of us that have a AGP card and DirectX issues with the 4 or 5 previous drivers from AMD. The Catalyst 8.1 drivers are out and the fix for AGP card also (the web page that is fix is unsupported which I found funny but well, if they works…).

I will test them as soon as I can and try to find how they manage to fix the AGP issue.

The links:

• Catalyst 8.1 drivers for Windows Vista 32 Bits.
• Catalyst 8.1 drivers for Windows XP 32 Bits.
• Catalyst 8.1 patch for AGP card failing DirectX tests.

Note: The fix is for Windows XP and Windows Vista. For 64 bits versions or to access the general driver download section, go here. 

When you use McAfee Epolicy Orchestrator and have deployed CMA (Common Framework Agent) AKA McAfee agent or Epo Agent, you can receive this error message when you try to update the agent and when it contact the EPO server:

Le log are located in C:\Documents and Settings\All Users\Application Data\McAfee\Common Framework\Db\Agent_<server_name>.log:

...
Error occurred while downloading file SiteStat.xml
Error downloading file \SiteStat.xml, naInet GetLastError() = 0
…
In my case I was able to resolve this issue because Epo Server or the CMA installation is confused about what IP address to use. On my Epo Server, I have two NICs, one is for the backup network and the other one the normal LAN access.

I have created the Framework package called FramePkg.exe and installed it manually on some servers. The server then reported them as non compliants and each CMA failed to retreive the SiteStat.xml file from the Epo server.

I had to modify the following files on each problematic server located at C:\Documents and Settings\All Users\Application Data\McAfee\Common Framework:

• SiteMapList.xml
• SiteList.xml
• ServerSiteList.xml

• Stop the McAfee Common Framework service
• Go the the folder indiacted above
• Locate for each files indicated above the IP address, check and modify if needed the false IP address of the EPO server and replace it with the good one.
• Restart the service

Of course, you will have to do this at the server level also. On the EPO server, there are some files you could edit and change the ip address:

• In C:\Program Files\McAfee\ePolicy Orchestrator, open SiteInfo.ini and modify the value for LastKnownIP (LastKnownIP=<ip address&gt
•  In C:\Program Files\McAfee\ePolicy Orchestrator, open server.ini and add at the end of the [SERVER] section the value ServerIPAddress=<ip address>
• Restart the EPO services and you should be ok.

After that, if you starts an update session, all should be correct this time.

I will post some comments later but here are some interesting links.

• Link 1
• Link 2
• Link 3

I could be fun to have a little time calculation when executing a script within a crontab job, so here is a small one:

#!/bin/ksh# At script beginning, get day of month.
BDAY=$(date +%e)
# Get time in seconds.
((BTIME=($(date +%H)*3600)+($(date +%M)*60)+$(date +%S)))

Ref : link