I ran into an interesting issue with a computer that just started one day out of the blue. The network overview looks like this: 10 workstations, 1 Microsoft Server 2008 R2 64 bit, 1 Microsoft Windows Server 2003, both on matching Dell hardware. All workstations are Windows Vista except the one machine with troubles which is Windows 7 Professional.
The computer lost its ability to run an application on a share on the 2003 server. It also when connected to an RDP session on this server would have about a 5 second delay in any click on activities. The database applications on the 2008 server were unaffected. After thinking about it and wasting a couple of hours cleaning it, I decided to reload Windows. With a clean install, a new computer account in Active Directory and a new user, I attempted to access the 2003 share–same behavior.
At this point I was completely baffled, so I began doing some research. In the past I had some issues with IPV4 Checksum Offloading and Giant Packet Offloading, so I disabled these items on the Network Card (an Intel Gigabit onboard on the Dell Optiplex). The problem cleared up and I was able to quickly access the share and things seemed better, until I rebooted. With a clean reboot, the network slow down was back. I now found that the problem could be suppressed by disable/enable the network adapter. This is a work around, but not a solution I would leave a client with.
I found many other users affected by this issue on forums, and no good solution (par for the course when browsing the internet). I finally came across some documentation that fit this problem exactly. It has to do with some TCP network adapter settings that can only be adjusted using netsh (probably in the registry, but netsh at the command prompt is much easier).
Open a command prompt->enter “netsh int tcp set heuristics disabled” and press enter you will see the response “OK” then enter “netsh int tcp set global autotuninglevel=disabled” and press enter, you again will see the response “OK”->restart the machine, voila!! Problem solved for good. The techincal reasons why??? It is probably way more in depth to explain than I have time to research and explain in this blog, but if you are having this issue, this does fix it.
You can now enable this certificate on your exchange server
enable-exchangecertificate -thumbprint “your thumbprint goes here” -services “list the services here i.e IIS, SMTP, etc“
press enter and you will see a warning about overwriting the existing certificate with the new one, press “y” and enter and you are done!
Computerworld - Microsoft today said it will issue four security updates next week, only one of which is pegged as critical, to patch 22 vulnerabilities in Windows and Visio 2003.
Next Tuesday’s patch lineup is smaller than June’s, when Microsoft shipped16 updates that fixed 34 flaws. The company typically delivers a lighter load in odd-numbered months. In May, for instance, Microsoft shipped just two updates — the company calls them “bulletins” — to patch only three vulnerabilities.
Of the four updates slated, one will be rated “critical,” the highest threat label in Microsoft’s four-step scoring system, while the other three will be marked “important,” the second-most-dire ranking.
Next week’s Patch Tuesday vulnerability count will be among the largest for the year, with its 22 bested only by April’s 64 and June’s 34, and tied with February’s collection.
But the bugs-per-bulletins ratio is the highest for the year, observed Andrew Storms, director of security operations at nCircle Security, hinting of next week’s releases.
“I think we’ll see one bulletin with a very high number of vulnerabilities,” said Storms. “We’ve seen that happen several times this year, most recently last month when it patched eight bugs in Excel with one update.
In April, Microsoft patched 30 vulnerabilities in the Windows kernel device driver with a single bulletin, a record for one update.
Storms said that the multi-bug update coming next Tuesday may fix numerous “elevation of privilege” vulnerabilities or a large number of “DDL load hijacking” flaws.
The former describes a bug attackers can use to gain complete administrative control of a system that they can already access, perhaps through an exploit of a separate vulnerability. DLL load hijacking, on the other hand, is the term used for attacks that rely on tricking applications or operating systems into loading a malicious file with the same name as a legitimate DLL, or dynamic link library.
Microsoft has issued more than a dozen DLL load hijacking updates since last November. In May, the Slovenian firm Acros Security announced thatmore DLL load hijacking updates were necessary to plug holes in Windows 7 and Internet Explorer 9 (IE9). At the time, Microsoft said only that it was investigating the Acros report.
The sole critical update scheduled for next week affects Windows Vista and Windows 7, but does not impact the much older Windows XP or any of Microsoft’s server operating systems.
Because Windows XP will be immune to the one or more vulnerabilities in that update, Storms said the bug had to be in code first used in Vista, then reused in Windows 7. He noted there are multiple candidates that fit the bill, including the security prompting component called UAC — for “user account control” — but said there wasn’t sufficient information to take an educated guess.
If you are running Quickbooks 2011 and you are thinking of upgrading to Lion, don’t. There are some bugs with printing with emailing forms and reports as well as other issues. Generally the program functions, but it is buggy and not fully functional. More info here:
My suggestion–wait to upgrade to Lion if you rely on Quickbooks on your Mac.
This is the simplest fix for a head scratching problem with posts all over the internet with different methods of trying to “fix” it.
Here is the issue: you have an internal server such as your mail server with on an Active Directory domain, but you also have an external Web server somewhere out there in internet land (in the cloud, what a bogus term).
For example: you have an internal Exchange mail server (or any mail server for that matter) on your Active Directory domain at the IP 10.100.32.10 and you have an SSL Certificate for mail.yourdomain.com installed on your exchange server. Your web server however is hosted in a server farm by shared or dedicated web host at www.yourdomain.com at xxx.xxx.xxx.xxx IP address. If your DNS is configured correctly, when you try to access mail.yourdomain.com internally, it will fail, because DNS has tried to resolve mail.yourdomain.com to the IP of your web server that hosts www.yourdomain.com at xxx.xxx.xxx.xxx. Easy fix there, you create (should have already created an A Record on the web server that directs traffic the WAN IP of your company firewall that is NATed back to the internal IP of your server. In trying again you will notice that mail.yourdomain.com resolves now to your WAN IP of your router. This is fine with some cheaper routers, as you can NAT this IP on 443 to your Exchange server and it will answer these requests. However, most firewalls will not allow this type of traffic referred to as hairpinning, where the source network IP matches the destination IP but it is sent to the WAN IP of the router. Cisco for sure will drop this type of traffic (there are many articles describing hairpinning as being possible on ASA devices, but none of them including Cisco’s documentation actually work on my ASA 5505s).
How do you solve this? Many articles say it’s simple (and it is). You just create a dns zone for yourdomain.com and create an A record for mail.yourdomain.com. This is great, and after a flush of dns caches this will work just fine. Ping mail.yourdomain.com and the IP of your exchange server will reply 10.100.32.10 in our case. Now ping www.yourdomain.com and you will get host can not be found. What happened???? This new authoritative zone you just created for yourdomain.com does not contain a www record for yourdomain.com. I scratched my head over this for a bit and did some searching around the net looking for possible alternate methods. CNAMES, delegation, forwarders, none of these work for this situation.
The fix is so simple it makes me cry. Create a zone in your DNS server for mail.yourdomain.com. Create an A record with a blank host name and set the IP, which in this example is 10.100.32.10, and flush dns and reregister it. Problem solved. The mail.yourdomain.com now properly resolves internally to 10.100.32.10 and the yourdomain.com requests will properly forward to an external DNS for resolution.
Many thanks to gingerlime.com for the information he provided in his blog.
Click Here for remote support.
RansomWare-This type of virus is one that is typically distributed through a fake email claiming to have a greeting, card, invoice, check, PO, or something of the sort attached. It can also be published as a fake adobe or java update. In case you aren’t familiar with the utter destruction, you should read here http://www.bleepingcomputer.com/news/security/the-locky-ransomware-encrypts-local-files-and-unmapped-network-shares/
Basically if you don’t have backup, you have likely lost all of your files. In some iterations it is even smart enough to remove previous versions saved by Windows using VSS so that you can’t simply restore them to yesterday. In 95% of cases, you better have a good backup, I prefer Crashplan, I feel like it is the best backup solution on the market and is very very inexpensive. I have it on every device I own.