Content Preview: rss
213 days ago
I was working on a Windows Server 2008 version of Hyper-V that had McAfee's HIPS firewall turned on. It had been on for several weeks without incident, when I needed to turn on and connect to a virtual machine. But whenever I tried to connect to a running VM a very generic "Cannot connect to the Virtual Machine" error popped up as shown below. It took me too long to figure out that the firewall was finally causing the issue. Adding the following firewall rule solved the issue: TCP Incomming onPort 2179 fromPorts 1024-65535 fromIP: Any
Delta CRL is present, but not downloadable is IIS 7.0. When navigating to the URL an "HTTP Error ...214 days ago
While looking at PKIView for a newly installed CA, I noticed that the delta crl (CAName+.crl) was "Unable to download", despite the file being present in the CDP virtual directory file location. When I copied the URL and browsed to the location, I received an HTTP Error 404.11 -- URL Double Escape error. This is apparently a new security feature under IIS 7.0 that denies double escape characters in the URL. Not sure what "escape characters" are, but I presume that a space and then the + sign were the characters in my URL. Fortunately the Error page gave some insight about changing the application.config or web.config file. A quick search on Google led me to a Microsoft KB article that helped to point me in the right direction: Error message when you visit a Web site that is hosted on IIS 7.0: "HTTP Error 404.11 – URL_DOUBLE_ESCAPED" This article instructs you to change the application.config file by modifying the ...
223 days ago
While cleaning up AD for a client, I ran a DSQuery to list all the computers that had been inactive over the last 8 weeks and there were more than 100, so I had to expand the search: "dsquery computer -inactive 8 -limit 400" Then I wanted to disable them so I piped that into a DSMod command: "dsquery computer -inactive 8 -limit 400 dsmod computer -disabled yes" Wow, this is easy. Now all I have to do is move the disabled computers to a special OU using DSMove. But of course its never that simple. The dsmove command didn't accept the piped in dsquery, so I had to put the phrase in a for loop: for /f "Tokens=*" %a in ('dsquery computer -disabled -limit 400') do dsmove %a -newparent "OU=Disabled objects,DC=mydomain,DC=com" If you need to target a specific OU, simply place DN of the OU after the computer: "dsquery computer "OU=Build,DC=hps,DC=com" -inactive 8 dsmod computer -disabled ...
GPO Wireless Settings Only Show WEP on Server 2003 32-bit DC's Despite the Connection setting of WAP228 days ago
Ran across an interesting GPO issue, while distributing wireless settings to users in the Domain. Despite the actual settings included in the Preferred Wireless network settings the GPO shows WEP with EAP in the settings view of the GPMC. Apparently the GPMC 1.0 console isn't capable of showing all of the settings, nor can it configure WPA2. The solution is to connect using GPMC from the Remote Services Adminstration Pack on either Server 2008 or Vista. This will show a more accurate "settings view" and allow the configuration of WPA2. The GPO will be saved on the 32-bit Domain Controllers and replicated throughout the network properly, but will not show up accurately in the Settings View on GPMC 1.0.
235 days ago
After Deploying McAfee's Host Intrustion Prevention product (v7.0.3) to a desktop with the firewall turned on and the default "allow Ping" rule enabled, I was unable to ping a remote system. The system was managed by ePO and the default rule set actually had two ping Rule Groups in place and enabled. The first "Ping and ICMP" had several rules that caused all manner of traffic between systems to crash and caused intermittent problems on the network, so it was deleted from the Polilcy. This left the "Ping" rule group, which included the rules "Allow ICMP Echo Request Outgoing" and "Allow ICMP Echo Reply Incoming." "Allow ICMP Echo Request Outgoing" allowed ICMP echo requests outgoing to any IP for the PING.EXE application "Allow ICMP Echo Reply Incoming." allowed ICMP echo replies incoming outgoing to any IP for the PING.EXE application Looks prettry straight forward for allowing the machine ...
