What is this?

This is basically where I write down stuff that I work with at my job as a GIS Technical Analyst (previously system administrator). I do it because it's practical for documentation purposes (although, I remove stuff that might be a security breach) and I hope it can be of use to someone out there. I frequently search the net for help myself, and this is my way of contributing.

Saturday, August 29, 2009

Locale error message in MRBS 1.2.1

We are currently using this neat little php web application for booking resources (meeting rooms, video projectors, video conference equipment etc) called mrbs (Meeting room booking system, http://mrbs.sourceforge.net/). It's really a perfect (free) tool for our use - we tried to use Outlook/Exchange for this earlier but just had to give up - it was too complex for our users. Anyway, now especially our secretaries love mrbs, and as we all know - happy secretaries means happy sysadmins.

It's currently running on an old RedHat 9 server so it's time to move it to a new server.

After installing mrbs 1.2.1 on my new Ubuntu 8.04 server and importing the database from my old Redhat 9 server things worked fine - except one thing. On top of each screen it would always say:

[Warning: Server failed to set locale to "no_NO.utf-8" (Unix)] (in Internet Explorer)
or
[Warning: Server failed to set locale to "en_GB.utf-8" (Unix)] (in Chrome)

On the server my locale is en_US.UTF-8 (LANG=en_US.UTF-8) and after changing the parameter:

$override_locale = "";
to
$override_locale = "en_US-UTF8";

in config.inc.php the annoying error disappeared.

Monday, August 17, 2009

Windows 2003 - dcdiag.exe fails on systemlog test

During Active Directory cleanup I found that dcdiag.exe (see below) gives me a failure warning on the systemlog. I thought this was weird on a otherwise well functioning domain so I decided to check it out.

C:\Program Files\Support Tools>dcdiag

Domain Controller Diagnosis

Performing initial setup:
Done gathering initial info.

Doing initial required tests

Testing server: Default-First-Site-Name\dc1
Starting test: Connectivity
......................... dc1 passed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\dc1
Starting test: Replications
......................... dc1 passed test Replications
Starting test: NCSecDesc
......................... dc1 passed test NCSecDesc
Starting test: NetLogons
......................... dc1 passed test NetLogons
Starting test: Advertising
......................... dc1 passed test Advertising
Starting test: KnowsOfRoleHolders
......................... dc1 passed test KnowsOfRoleHolders
Starting test: RidManager
......................... dc1 passed test RidManager
Starting test: MachineAccount
......................... dc1 passed test MachineAccount
Starting test: Services
......................... dc1 passed test Services
Starting test: ObjectsReplicated
......................... dc1 passed test ObjectsReplicated
Starting test: frssysvol
......................... dc1 passed test frssysvol
Starting test: frsevent
......................... dc1 passed test frsevent
Starting test: kccevent
......................... dc1 passed test kccevent
Starting test: systemlog
An Error Event occured. EventID: 0x00000457
Time Generated: 03/20/2009 09:50:04
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 03/20/2009 09:50:05
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 03/20/2009 09:50:05
(Event String could not be retrieved)
......................... dc1 failed test systemlog
Starting test: VerifyReferences
......................... dc1 passed test VerifyReferences

Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation

Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom

Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation

Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom

Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom

Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom

Running partition tests on : dirnat
Starting test: CrossRefValidation
......................... dirnat passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... dirnat passed test CheckSDRefDom

Running enterprise tests on : dirnat.intern
Starting test: Intersite
......................... dirnat.intern passed test Intersite
Starting test: FsmoCheck
......................... dirnat.intern passed test FsmoCheck

First thing I did was to check the system log on the local server, and I found the culprit:
Event Type: Error
Event Source: TermServDevices
Event Category: None
Event ID: 1111
Date: 17.08.2009
Time: 09:50:04
User: N/A
Computer: dc1
Description:
Driver Microsoft Shared Fax Driver required for printer Fax is unknown. Contact the administrator to install the driver before you log in again.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00 12 0d 00 00 ........
I also found two more log posts from 09:50:05 saying exactly the same (with different printer names). Hex 457 (0x00000457) = 1111, so basically it seems that dcdiag.exe gives me this warning due to the fact I was running from within a terminal services client session and local printer mapping had failed during connect (which it always does since I don't have the drivers for these printers installed on the servers). I suppose I could always disable printer mapping in the mstsc client prior to connecting, but since it's harmless I think I'll just live with it.

WSS 3.0 on SQL Server 2008 full backup

I recently moved a set of Windows Sharepoint Services 3.0 site collections from SQL Server 2005 to SQL Server 2008. Everything seemed to work just fine, except my old script for full backups didn't go through as expected. I was using the command:
STSADM.EXE -o backup -directory c:\backup\wss_full -backupmethod full
It would give me the following error on one of the databases:
Verbose: [wssserver1_AdminContent] SQL Server Command: BACKUP DATABASE [wssserver1_AdminContent] TO DISK=@db_loc WITH NAME=@db_name, STATS=5, NOINIT, NOSKIP, NOFORMAT, NOREWIND @db_name=wssserver1_AdminContent, @db_loc=c:\backup\wss_full\spbr0005\0000000F.bak
Error: Object wssserver1_AdminContent failed in event OnBackup. For more information, see the error log located in the backup directory.
SqlException: BACKUP DATABASE permission denied in database 'wssserver1_AdminContent'.
BACKUP DATABASE is terminating abnormally.
For once the error message really says it all - it is a permission issue. Even tough I was running the job as a domain admin this account was not member of the sysadmin server role on the SQL 2008 server (necessary for SQL2k8 as domain admins do not have sa-privileges like they did in earlier versions of SQL Server), nor did it have the appropriate permissions on the w2k3admin-kp_AdminContent database. I added the domain user to the db_owner database role and the backup went through.

Friday, August 14, 2009

Wan optimization on a FortiGate 111c

Objective: Testing WAN optimization over Internet using a Fortigate 111c, a Fortigate 30b and a client computer with FortiClient.

The HQ LAN network behind the Fortigate 111c unit is 10.0.0.0/16 and the LAN behind my Fortigate 30b unit at the remote office is 192.168.1.0/24. To connect the two networks I have a route based IPSEC VPN with the 30b running as a dialup client (no NAT), the VPN is verified and working.

I basically tried to follow Fortinets user guide just to get started (FortiGate WAN Optimization and Web Caching):

Fortigate 111c configuration

I created a new WAN optimization authentication group (WAN opt. & cache > Peer > Authentication Group > New)
  • Name: auth-fc
  • Authentication Method: Certificate
  • Certificate: Fortinet_Firmware
  • Peer Acceptance: Accept Any Peer
Then I created a Wan optimization rule (Wan opt & cache > Rule > create new)
  • Mode: Full Optimization
  • Source: 0.0.0.0
  • Destination: 0.0.0.0
  • Port: 1-65535
  • Auto-Detect: Passive

Client PC configuration
Unfortunately the Fortigate 30b unit doesn't support WAN optimization directly, so I installed FortiClient (4.0.2.57) and enabled WAN optimization for all supported protocols. FortiClients firewall and VPN are both disabled:

Testing
That’s it supposedly. It sounds too good to be true, right? I thought so too, but I still decided to try copying some files from a file share to test performance (copy \\server\share\*.* c:\temp). I then checked the monitor on the 111c (WAN Opt. & Cache > Monitor) and things started happening:


Great, but why did it stop at 1.3 mb? I had more data? The cmd windows displayed an ugly “The specified network name is no longer available”. I tried again, but same thing happened.

How about other protocols? I tried Outlook 2007 SP2 for some MAPI / HTTP action! It seemed okay at first, but I noticed the status would go from disconnected to connected and back again every few seconds.

Perhaps we have an unstable connection? But no – a continuous ping from the client pc to the exchange server showed a stable and pretty quick response. Then I checked our main firewall (Checkpoint FW-1). It’s placed between the Fortigate 111c and the Internet.

Fortinets guide mentions that the WAN optimization tunnel uses port 7810, but checkpoint shows that there’s no sign of communication on this port to/from the Fortigate 111c, so everything passes through the IPSec tunnel, as indeed it should.

I then tried rebooting the 30b and the client PC. This resulted in all the WAN optimized protocols becoming entirely blocked. I had to disable WAN in order to do anything useful. After a while I reenabled WAN optimization in FortiClient but the above mentioned instability remains.

I suspected it could have something to do with me running WAN Optimization over the IPSEC connection and not directly between the 30b and 111c.

Time to get in touch with the distributor. Together with a support technician we tried a few things:

We tried disconnecting the 30b and instead running the built-in FortiClient VPN-client - the result was exactly the same. At least we now know the problem is not with the 30b. The support tech from the dealer was also able to reproduce the problem from his own FortiClient.

So we decided to try and get some assistance from Fortinet themselves, so until we get somthing there things are not moving forward :( Ohwell.. Friday - wohoo!

Wednesday, August 12, 2009

Upek fingerprint reader issue on XPS m1530(?)

Seems like theres a minor issue with the new software from Upek. Whenever the biometrics are turned on (and the Windows Biometric service is running) the CPU load increases noticeably. On my (fairly fast) system this is apx 3-4%, not enough to be a problem but enough to be annoying.

I doubt this is how it's supposed to behave. I have a colleague with a Thinkpad T61 who uses the Upek drivers provided by Lenovo through Windows Update. He seems to have no problems whatsoever, and there is no extra CPU-usage when enabling biometrics.

UPDATE: I was emailed by a very helpful suppport engineer from UPEK who told me that this is expected behaviour and that the Windows Biometric service would stop after apx 3 minutes of inactivity (ie since last time you have used the fingerprint reader). It appears he's right, so I'm a happy camper again. Hey Checkpoint - this is how you treat your customers!

Tuesday, August 11, 2009

Windows 7 and touchpad scrollarea on a Dell XPS M1530

Seems like I forgot to check everything. The scrollarea on the built-in touchpad does not allow me to scroll horizontally or vertically without installing drivers. The drivers provided for the M1530 by Dell are old, but they have new drivers posted here. They are Vista-drivers but still work like a charm, and even have some new functionality:


Very neat.

Friday, August 7, 2009

Installing Windows 7 on a Dell XPS M1530

Hardware:
Dell XPS M1530, 4 gb ram, Core2 Duo T9500, 320gb SATA disk, Nvidia Gforce 8600m graphics adapter
External LCD Screen: Dell SP2208WFP (connected with a HDMI cable)

Software:
Windows 7 release (build 6.1.7600) enterprise x86.

Installation:
I downloaded Windows 7 from Technet Plus on August 6th and had my computer ready for reinstall the following day.

Installation went like a breeze. It took apx 40 mins from when I insterted the DVD until I was able to use the system. Not bad! Most things seemed to work immediately, including:
- USB mouse
- USB Logitech keyboard
- External infrared remote control for media player (volume, pause/play etc), although there was no onscreen-information when using the remote - you can't get everything!)

Issues:
- The external LCD screen is not found when using detect.
Resolution: I downloaded the latest drivers from nvidia (http://www.nvidia.com/). No problems there.

- The fingerprint reader does not seem to respond
Resolution: I noticed when running Windows Update for the second time (after installing Office 2007) that a update from Dell was among the recommended updates:



After installing this I was able to register my fingerprints in Control Panel > Hardware and Sound > Biometric Devices > Manage your fingerprint data. I logged out and tried using the fingerprint reader to login and it worked - wohoo.. Unfortunately, after I rebooted it seems like it wont recognize my fingerprints anymore. I have to log on using username/password then log out and then use my finger. I'll have to look into this.

UPDATE: Upek just posted a new version of the Protector Suite 2009 on their site. That seems to have fixed my problem.

- Built-in webcamera does not show up.
Resolution: The above mentioned update from Dell took care of this.

UPDATE2: I tried connecting my BH200 bluetooth headset without much success. Turns out I needed the Wireless 355 Bluetooth module (bluetooth 2.0 + EDR). It's for Vista, but seems to work just fine. After installing it I was able to pair the headset and use them (had to press the "reset"-button on the headset first) and even the remote controls worked right away.

Software compatibility:

NOD32 4.0.4037.0 Anti Virus
Even though ESET does not mention Windows 7, I had no problems installing NOD32. I also searched a little on the Wilders security forums, and it seemed like there were no serious issues with Windows 7 and NOD32.

Microsoft Office 2007
I installed Office 2007 Pro from the DVD, then I ran Windows Update and downloaded the important and recommended patches. Quite a few in fact. Installation was a breeze, and I have not noticed any problems yet. It feels much snapper than under Vista!

iTunes
I installed the latest version (8.2.1.6) and replaced the iTunes folder with the one from my old Vista installation and it seems to work just fine! I also installed the neat little tool I used called iTunesKeys which lets you use the special buttons (play, ffwd, rewind) and remote control in iTunes, even when iTunes is not the application in focus. It worked just fine! Now I just wish it'd work when I'm working with virtual machines using VMWare Tools.

Checkpoint VPN-1 SecureClient
Unfortunately there seems to be no version of SecureClient compatible with Windows 7. I read from different users that they had numerous horrible problems so I decided to stay away until Checkpoint makes a compatible version. In my experience this might take some time. I was in excactly the same position when Vista was relased. No information from Checkpoint. Come on guys, at least give us a beta!

Virtual PC 2007
I run a virtual PC hosting a Windows 2003 server x86 installation for work purposes. I downloaded the Virtual PC package here and installed it. Then I simply double clicked the VM-file to boot the server. I had to upgrade the VM drivers, and even though Windows 2003 wasn't on the list of supported operating systems it seemed to work just fine.

Visual Studio 2008
I chose to install everything excelt the SQL 2005 server, but it still gave me a lot of errors at the end of the installation. It seemed like they had to do with various older versions of the older (pre 3.5) versions of the .net framework though, so I decided it might not be such a big deal. And after running Windows Update and rebooting twice, I decided to try it and it seems to work ok. It compiles all the projects I have tried so far.

Daemon Tools / Pismo File Mount
Apparently the only versions of Daemon tools supporting Windows 7 so far are the standard and professional versions. The free lite-version does not support Windows 7 yet (4.30.4). I read numerous reports from people who experienced BSOD etc so I decided to not try. Instead I tried something called Pismo File Mount which really just is a tool for creating and mounting iso-images. It's free and reportedly spywarefree. A nifty little feature is that you can mount iso-files directly in the directory tree (ie you have a iso-file called myiso.iso under c:\temp - which will be available as c:\temp\myiso).

SyncToy 2.0
I did not succeed with this one. SyncToy would traverse my folders (apx 700 files/1 gig) and suggest which files to synchronize (some of them were obviously not correct). Then it would just stop responding. Ohwell, I guess MS will come with a new version, or perhaps they want us all to move on to Live Mesh?