RE: Need System/Application Security Advice
That's not really security. Once you have an account on a domain, you are far more likely to be able to privilege escalate and further penetrate the network/domain. The solution depends on how deep your pockets are and how critical the data is. You could do it with a DMZ based domain I guess .. at least you're not exposing your internal network then and making swiss cheese out of your firewall! Still not ideal. Realistically, if this is critical and you're serious about protecting it, the internal domain is never exposed to a DMZ. That's way OTT for a lot of smaller companies though. You need a risk assessment of what you're trying to protect, how strong your current mitigating controls are, etc. before you can figure out what's cost effective. One suggestion was to pass authentication back to the DB tier - this is very poor practice and should not be done for Internet facing services. Ideally, you should be able to invoke any code at all from the web app until you pass through a separated authentication layer. This way anonymous users can never attempt to directly attack your application or database. a From: Jeff Bunting [mailto:bunting.j...@gmail.com] Sent: 07 October 2010 22:05 To: NT System Admin Issues Subject: Re: Need System/Application Security Advice Wouldn't restricting the systems the account can logon to in AD prevent this? I've done this in the past, but the web servers were in their own domain. Jeff On Thu, Oct 7, 2010 at 1:53 PM, Klint Price kpr...@arizonaitpro.com wrote: So what steps should be taken to secure it since no instructions are provided to do so? Because IIS knows the password for the xyzweb account. If someone can get IIS to execute arbitrary code (e.g. by uploading some of their own webpages) then IIS can connect to serverB using the domain\xyzweb account, and that account has privileges on serverB. By running your website as a domain user it is basically giving permission to your web server to access anything that the user has access to on the entire domain. Wouldn't that mean that if someone manages to take advantage of one of the many IIS vulnerabilities they very well may have access to information all over your network instead of just the one machine? A workaround or possible solution would be to instruct the customer that if they are going to use a domain account (which by architecture they are forcing them to do), that they should use a non-privileged account, and remove it from the domain users group. That way the account can be considered authenticated, but has no other default rights on the domain. Additional settings should be implemented to prevent the password from expiring, and locking out. From: Brian Desmond [mailto:br...@briandesmond.com] Sent: Thursday, October 07, 2010 10:49 AM To: NT System Admin Issues Subject: RE: Need System/Application Security Advice It's very common. There are many things you simply cannot do if you run in a local security context. FYI if you run the app pool as Network Service on a domain joined machine that provides it the domain rights of the server's computer account. If an internet facing app even not in a corp environment runs on a web farm and is anything other than static content you're almost guaranteed to have a domain and shared domain accounts running it too. Thanks, Brian Desmond br...@briandesmond.com c - 312.731.3132 From: Klint Price [mailto:kpr...@arizonaitpro.com] Sent: Thursday, October 07, 2010 7:36 PM To: NT System Admin Issues Subject: RE: Need System/Application Security Advice Internal corporate, yes. Directly exposed to the internet? I would hope not. From: Brian Desmond [mailto:br...@briandesmond.com] Sent: Thursday, October 07, 2010 10:34 AM To: NT System Admin Issues Subject: RE: Need System/Application Security Advice Ermm what you describe (as I understand it) is probably how 75-90 percent of apps run on IIS in a corporate environment. Thanks, Brian Desmond br...@briandesmond.com c - 312.731.3132 From: Klint Price [mailto:kpr...@arizonaitpro.com] Sent: Thursday, October 07, 2010 7:28 PM To: NT System Admin Issues Subject: Need System/Application Security Advice My off-hour job is consulting for various companies. One such small company puts out a product that I feel needs to be fixed. Company sells two products; ProductA integrates with ProductB which both manage sensitive data and are exposed to the
RE: disk encryption
I am rolling PGP full disk encryption out this month, I am currently at 147 systems reporting in to the PGP console, with 45 of them people that are never in the office (thank you SMS!!!). In our org if you have a laptop, the disk gets encrypted. The central management features are the BOMB, I'll give the product a 92 out of 100... Dave From: Lists - Level 5 [mailto:li...@levelfive.us] Sent: Thursday, October 07, 2010 7:44 PM To: NT System Admin Issues Subject: RE: disk encryption Thanks guys, we considered moving to citrix but there are just too many applications to make it feasible in my opinion besides that the majority of the people are in the office the majority of the time. I am already playing with true crypt and looks promising, and I also like phonefactor.com for authentication. This basically intercepts and calls the cell phone of the user at login to acknowledge the attempt. I like not needing the extra device. I was looking at bit locker too as we have about half the company on win 7 pro, but the other half is still XP so we would obviously need to upgrade everyone just to get the same benefits of true crypt. From: John Cook [mailto:john.c...@pfsf.org] Sent: Thursday, October 07, 2010 11:44 AM To: NT System Admin Issues Subject: RE: disk encryption We're evaluating Checkpoint as a whole disk encryption solution. We have a product called NxTop (Virtual Computer is the company) that is a combination of Imaging/encryption/USB management that works very well in most situations but we're looking at Checkpoint for another project. We have also used McAfee endpoint but don't get me started on that rant.. From: Steven M. Caesare [mailto:scaes...@caesare.com] Sent: Thursday, October 07, 2010 11:27 AM To: NT System Admin Issues Subject: RE: disk encryption We have an existing PointSec implementation, and are moving towards PGP and/or Bitlocker. -sc From: greg.swe...@actsconsulting.net [mailto:greg.swe...@actsconsulting.net] Sent: Thursday, October 07, 2010 1:40 AM To: NT System Admin Issues Subject: RE: disk encryption Ben, We have done clients with whole disk encryption on the laptops. Works great. Doesn't protect against anything when the system is actually running, only when the laptops are stolen. PGP Desktop Whole disk is what we used then, but I would seriously look at Truecrypt now. Nice thing about PGP was the centralized management we had for maintaining PGP passwords and accounts. All of the data is stored on the server 2008 via RDP. They use it both internally and externally. No data is stored on desktops or servers. Desktops are locked down via GP and basically have a single icon for RDP, or are running thin clients. Takes care of most security issues, but if the servers have a problem you hear about it quick. :) Greg Sweers CEO ACTS360.comhttp://www.acts360.com/ P.O. Box 1193 Brandon, FL 33509 813-657-0849 Office 813-758-6850 Cell 813-341-1270 Fax From: Lists - Level 5 [mailto:li...@levelfive.us] Sent: Thursday, October 07, 2010 12:38 AM To: NT System Admin Issues Subject: RE: disk encryption Well that's what we are considering, the issue is they do have several graphics and presentation people, they also have a bunch of little 'apps' that im concerned with bog the server down. For example accounting dept has 2 different apps, then there is 3 people in graphics/marketing, and 2 attorneys who have their own app, HR has its own sql app, and then half the company uses Yardi (property mgmt. sql based). Then we get into cost, we already have 2 citrix servers, one is a vm, and one is a standalone and being phased out. Its running 2003 with citrix 3.x?? I would say its 5 years old from the last time they purchased anything. From: Jon Harris [mailto:jk.har...@gmail.com] Sent: Wednesday, October 06, 2010 11:39 PM To: NT System Admin Issues Subject: Re: disk encryption Why not just put everything on Citrix and have done with it? Not criticizing just asking? I would avoid encrypting the servers and lock them down tight and lock them up tighter. Jon On Wed, Oct 6, 2010 at 10:46 PM, Lists - Level 5 li...@levelfive.usmailto:li...@levelfive.us wrote: I have a small client, 15 laptops, 20 desktops , 8 servers on a 2008 domain. We were discussing full disk encryption and turning off cached mode for outlook etc etc. the client is pretty sensitive to protecting their data. One of the items that came up was whether we should just move to citrix so nothing is on the laptops and then encrypt the desktops in the office as well. Are there are recommendations for encryption people can recommend? I have only used the built in certificates with Windows to encrypt user profiles and am wondering if people would consider that secure enough or does pgp or some of these two factor disk encryption devices. Thanks ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
How'd this for a bad day? AKA bad me
I have 7 production systems running on 3 different ESX boxes in an ESX cluster, and 2 different logical SAN volumes (sorry am not SAN savvy, I just know I have two different SAN volumes to choose from when making a VM). Today, a SAN blows up and takes out half - our SharePoint server (heavily used), a Terminal Server , and an internal occasionally-used web server (Namescape rDirectory). Then somehow, when I was told to power down the other 4 VM's so our VMWare guy could reboot a vCenter server, 3 of the 4 remaining VM's decided to go AWOL (a combination of missing and disconnected). That took out my other two Terminal Servers and another lightly used internal web server. Did I mention I don't have the normal backups for these things because ...well...I'm an idiot and didn't confirm our backup guy installed backup software on these servers as I stood them up (process error on my part since I should confirm it's on there). None of these store data - they all talk to a backend SQL and the Terminal Servers are used to run apps that are slow if they run the same apps over VPN. SharePoint we got back quick because we do have a staging equivalent of it, so it was repoint to a config and content DB, DNS change, and done. I do have copious notes on how I built the others and can rebuild from scratch easily enough (I just finished the three TS boxes), but dude...six servers at once? The most frustrating part was discovering that the 4 systems that had been powered off could have been migrated before power off and there would have been no issue with them - the power down nuked 'em. Oh, and the lone surviving server - the PGP Universal Server that manages the encrypted machines. (Yes, the PGP machines will still boot w/out the server up, but still, I've been on this server 50% of my time over the last two weeks!). Dave ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: AV Opinions
Or Vipre, because Joseph has already indicated that he's familiar with them. He's looking for other recommendations... *ASB* * * On Fri, Oct 8, 2010 at 1:12 AM, Ryan Finnesey ryan.finne...@harrierinvestments.com wrote: No one as commented on the Forefront products. *From:* Maglinger, Paul [mailto:pmaglin...@scvl.com] *Sent:* Thursday, October 07, 2010 4:04 PM *To:* NT System Admin Issues *Subject:* RE: AV Opinions We thought their management sucked too. Their SALES management, that is. J *From:* Ray [mailto:rz...@qwest.net] *Sent:* Thursday, October 07, 2010 2:39 PM *To:* NT System Admin Issues *Subject:* RE: AV Opinions We thought pretty much everything about their management sucked, including agents. *From:* Alan Davies [mailto:adav...@cls-services.com] *Sent:* Thursday, October 07, 2010 5:48 AM *To:* NT System Admin Issues *Subject:* RE: AV Opinions Hmmm ... my comments were more around the ability to manage/control agents than how nice the console was to use. Also, on the additional functionality side, their local FW and software NAC components were very immature feature wise. Support varied - UK support a million times better than the out of hours US support! a -- *From:* Ray [mailto:rz...@qwest.net] *Sent:* 07 October 2010 12:42 *To:* NT System Admin Issues *Subject:* RE: AV Opinions That’s interesting, because we absolutely hated McAfee and it’s enterprise console, and couldn’t wait to get rid of it. We’ve ended up with significantly better coverage with Sophos than we ever did with McAfee. *From:* Alan Davies [mailto:adav...@cls-services.com] *Sent:* Thursday, October 07, 2010 2:42 AM *To:* NT System Admin Issues *Subject:* RE: AV Opinions Sophos seem to be excellent detection wise. As for not detecting Conficker below, that'll have been another issue as there is no AV product out there that can't detect it. If I had to guess, perhaps one host was infected and locked out AD, but all the Sophos alerts were from machines missing MS08-067 that were getting infected because the OS could not protect against it, but immediately cleaned by Sophos. Certainly behaviour I've seen before. You must patch Windows, AV can do everything on its own. One negative comment about Sophos - they are still, in my opinion, very low down the pecking order in Enterprise Management. They have a long, long way to catch up on McAfee and the like for agent management, alerting, mandatory policies, etc. You can work around these things and it's a great AV product, but if you're a large, sensitive environment, it may frustrate you a little. Going from 7 to 9 didn't improve these grumbles much ... a -- *From:* Ames Matthew B [mailto:mba...@qinetiq.com] *Sent:* 07 October 2010 08:12 *To:* NT System Admin Issues *Subject:* RE: AV Opinions We run Sophos here, and it seems to do a reasonable job. Corporate IS got caught last year with their pants down after a departmental server without any AV on it (or seriously out of date - guess someone got a good telling off for that) managed to get Conficker. Given we don't have a direct net connection to our deskstops or services network, they had not bothered to install the hotfixes to prevent this For what ever reason Sophos did not detected it, and quite a few machines got infected, and a couple of thousand user accounts got locked out. Took them a few days to get things under control - I wrote a little ldap tool to monitor the number of locked out user accounts :-) Sophos is a bit of a memory hog (not sure how it compares to other versions), taking around 150MB (savservice.exe alone is taking 108MB on my machine currently). We are currently using 7.6.20 tht, Matt -- *From:* Jim Holmgren [mailto:jholmg...@xlhealth.com] *Sent:* 07 October 2010 01:23 *To:* NT System Admin Issues *Subject:* RE: AV Opinions Give Sophos a long look. I firmly believe they are the best of breed that nobody seems to talk about. They don't market to the non-corporate crowd, so that probably has something to do with it. I asked this list and a few other resources when I was evaluating solutions. I did not hear from a single person using Sophos that did not like it. We are replacing Symantec with Sophos right now and it is going very well so far. Sophos will sync with AD (if you want) to automatically protect computers when you add them. It will remove Symantec cleanly (so far on about 25 test/pilot users it has been perfect) when pushing it out. It includes device control (want to block USB storage devices...2-3 clicks and you are done), a NAC component, and a firewall. It also includes clients for Mac/Linux and with each corporate license, you get a free at-home license. NFI - just a very satisfied customer so far. Jim
Re: How'd this for a bad day? AKA bad me
Yes, process failures can be deadly... Also, it is more important in this day and age of massive consolidation to make sure that your backups and DR are effective, because cascading failures can take out much more of your infrastructure than ever before. *ASB *(My XeeSM Profile) http://XeeSM.com/AndrewBaker *Exploiting Technology for Business Advantage...* * * On Fri, Oct 8, 2010 at 5:51 AM, David Lum david@nwea.org wrote: I have 7 production systems running on 3 different ESX boxes in an ESX cluster, and 2 different logical SAN volumes (sorry am not SAN savvy, I just know I have two different SAN volumes to choose from when making a VM). Today, a SAN blows up and takes out half – our SharePoint server (heavily used), a Terminal Server , and an internal occasionally-used web server (Namescape rDirectory). Then somehow, when I was told to power down the other 4 VM’s so our VMWare guy could reboot a vCenter server, 3 of the 4 remaining VM’s decided to go AWOL (a combination of “missing” and “disconnected”). That took out my other two Terminal Servers and another lightly used internal web server. Did I mention I don’t have the normal backups for these things because …well…I’m an idiot and didn’t confirm our backup guy installed backup software on these servers as I stood them up (process error on my part since I should confirm it’s on there). None of these store data – they all talk to a backend SQL and the Terminal Servers are used to run apps that are slow if they run the same apps over VPN. SharePoint we got back quick because we do have a staging equivalent of it, so it was repoint to a config and content DB, DNS change, and done. I do have copious notes on how I built the others and can rebuild from scratch easily enough (I just finished the three TS boxes), but dude…six servers at once? The most frustrating part was discovering that the 4 systems that had been powered off could have been “migrated” before power off and there would have been no issue with them – the power down nuked ‘em. Oh, and the lone surviving server – the PGP Universal Server that manages the encrypted machines. (Yes, the PGP machines will still boot w/out the server up, but still, I’ve been on this server 50% of my time over the last two weeks!). Dave ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: AV Opinions
Don't see much Trend chatter either. - Original Message - From: Ryan Finnesey ryan.finne...@harrierinvestments.com To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Sent: Friday, October 8, 2010 1:12:24 AM Subject: RE: AV Opinions No one as commented on the Forefront products. From: Maglinger, Paul [mailto:pmaglin...@scvl.com] Sent: Thursday, October 07, 2010 4:04 PM To: NT System Admin Issues Subject: RE: AV Opinions We thought their management sucked too. Their SALES management, that is. J From: Ray [mailto:rz...@qwest.net] Sent: Thursday, October 07, 2010 2:39 PM To: NT System Admin Issues Subject: RE: AV Opinions We thought pretty much everything about their management sucked, including agents. From: Alan Davies [mailto:adav...@cls-services.com] Sent: Thursday, October 07, 2010 5:48 AM To: NT System Admin Issues Subject: RE: AV Opinions Hmmm ... my comments were more around the ability to manage/control agents than how nice the console was to use. Also, on the additional functionality side, their local FW and software NAC components were very immature feature wise. Support varied - UK support a million times better than the out of hours US support! a From: Ray [mailto:rz...@qwest.net] Sent: 07 October 2010 12:42 To: NT System Admin Issues Subject: RE: AV Opinions That’s interesting, because we absolutely hated McAfee and it’s enterprise console, and couldn’t wait to get rid of it. We’ve ended up with significantly better coverage with Sophos than we ever did with McAfee. From: Alan Davies [mailto:adav...@cls-services.com] Sent: Thursday, October 07, 2010 2:42 AM To: NT System Admin Issues Subject: RE: AV Opinions Sophos seem to be excellent detection wise. As for not detecting Conficker below, that'll have been another issue as there is no AV product out there that can't detect it. If I had to guess, perhaps one host was infected and locked out AD, but all the Sophos alerts were from machines missing MS08-067 that were getting infected because the OS could not protect against it, but immediately cleaned by Sophos. Certainly behaviour I've seen before. You must patch Windows, AV can do everything on its own. One negative comment about Sophos - they are still, in my opinion, very low down the pecking order in Enterprise Management. They have a long, long way to catch up on McAfee and the like for agent management, alerting, mandatory policies, etc. You can work around these things and it's a great AV product, but if you're a large, sensitive environment, it may frustrate you a little. Going from 7 to 9 didn't improve these grumbles much ... a From: Ames Matthew B [mailto:mba...@qinetiq.com] Sent: 07 October 2010 08:12 To: NT System Admin Issues Subject: RE: AV Opinions We run Sophos here, and it seems to do a reasonable job. Corporate IS got caught last year with their pants down after a departmental server without any AV on it (or seriously out of date - guess someone got a good telling off for that) managed to get Conficker. Given we don't have a direct net connection to our deskstops or services network, they had not bothered to install the hotfixes to prevent this For what ever reason Sophos did not detected it, and quite a few machines got infected, and a couple of thousand user accounts got locked out. Took them a few days to get things under control - I wrote a little ldap tool to monitor the number of locked out user accounts :-) Sophos is a bit of a memory hog (not sure how it compares to other versions), taking around 150MB (savservice.exe alone is taking 108MB on my machine currently). We are currently using 7.6.20 tht, Matt From: Jim Holmgren [mailto:jholmg...@xlhealth.com] Sent: 07 October 2010 01:23 To: NT System Admin Issues Subject: RE: AV Opinions Give Sophos a long look. I firmly believe they are the best of breed that nobody seems to talk about. They don't market to the non-corporate crowd, so that probably has something to do with it. I asked this list and a few other resources when I was evaluating solutions. I did not hear from a single person using Sophos that did not like it. We are replacing Symantec with Sophos right now and it is going very well so far. Sophos will sync with AD (if you want) to automatically protect computers when you add them. It will remove Symantec cleanly (so far on about 25 test/pilot users it has been perfect) when pushing it out. It includes device control (want to block USB storage devices...2-3 clicks and you are done), a NAC component, and a firewall. It also includes clients for Mac/Linux and with each corporate license, you get a free at-home license. NFI - just a very satisfied customer so far. Jim From: Joseph L. Casale [mailto:jcas...@activenetwerx.com] Sent: Wed 10/6/2010 7:09 PM To: NT
RE: AV Opinions
Yup, And FF is prohibitively expensive in small environments, but it is my favorite. Most reliable I have ever used, _never_ had an FP or a dead machine or a bad dat. Its detection rates aren't quite as good as the top guys but you compromise I guess. Right now, I am keen on Sophos for the multiplatform agent. Their console appears ok, it appears their agent is an exe so the method they use to install the agent by GPO is a startup scrip, not cool:( Avira has a Postfix compatible MTA product and a Squid compatible (by ICAP) product which is cool. I like how they don't distinguish clients (file servers vs. desktops in licensing terms). I have yet to see their console though. Thanks for everything guys, jlc From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Friday, October 08, 2010 4:05 AM To: NT System Admin Issues Subject: Re: AV Opinions Or Vipre, because Joseph has already indicated that he's familiar with them. He's looking for other recommendations... ASB On Fri, Oct 8, 2010 at 1:12 AM, Ryan Finnesey ryan.finne...@harrierinvestments.commailto:ryan.finne...@harrierinvestments.com wrote: No one as commented on the Forefront products. From: Maglinger, Paul [mailto:pmaglin...@scvl.commailto:pmaglin...@scvl.com] Sent: Thursday, October 07, 2010 4:04 PM To: NT System Admin Issues Subject: RE: AV Opinions We thought their management sucked too. Their SALES management, that is. :) From: Ray [mailto:rz...@qwest.netmailto:rz...@qwest.net] Sent: Thursday, October 07, 2010 2:39 PM To: NT System Admin Issues Subject: RE: AV Opinions We thought pretty much everything about their management sucked, including agents. From: Alan Davies [mailto:adav...@cls-services.commailto:adav...@cls-services.com] Sent: Thursday, October 07, 2010 5:48 AM To: NT System Admin Issues Subject: RE: AV Opinions Hmmm ... my comments were more around the ability to manage/control agents than how nice the console was to use. Also, on the additional functionality side, their local FW and software NAC components were very immature feature wise. Support varied - UK support a million times better than the out of hours US support! a From: Ray [mailto:rz...@qwest.netmailto:rz...@qwest.net] Sent: 07 October 2010 12:42 To: NT System Admin Issues Subject: RE: AV Opinions That's interesting, because we absolutely hated McAfee and it's enterprise console, and couldn't wait to get rid of it. We've ended up with significantly better coverage with Sophos than we ever did with McAfee. From: Alan Davies [mailto:adav...@cls-services.commailto:adav...@cls-services.com] Sent: Thursday, October 07, 2010 2:42 AM To: NT System Admin Issues Subject: RE: AV Opinions Sophos seem to be excellent detection wise. As for not detecting Conficker below, that'll have been another issue as there is no AV product out there that can't detect it. If I had to guess, perhaps one host was infected and locked out AD, but all the Sophos alerts were from machines missing MS08-067 that were getting infected because the OS could not protect against it, but immediately cleaned by Sophos. Certainly behaviour I've seen before. You must patch Windows, AV can do everything on its own. One negative comment about Sophos - they are still, in my opinion, very low down the pecking order in Enterprise Management. They have a long, long way to catch up on McAfee and the like for agent management, alerting, mandatory policies, etc. You can work around these things and it's a great AV product, but if you're a large, sensitive environment, it may frustrate you a little. Going from 7 to 9 didn't improve these grumbles much ... a From: Ames Matthew B [mailto:mba...@qinetiq.commailto:mba...@qinetiq.com] Sent: 07 October 2010 08:12 To: NT System Admin Issues Subject: RE: AV Opinions We run Sophos here, and it seems to do a reasonable job. Corporate IS got caught last year with their pants down after a departmental server without any AV on it (or seriously out of date - guess someone got a good telling off for that) managed to get Conficker. Given we don't have a direct net connection to our deskstops or services network, they had not bothered to install the hotfixes to prevent this For what ever reason Sophos did not detected it, and quite a few machines got infected, and a couple of thousand user accounts got locked out. Took them a few days to get things under control - I wrote a little ldap tool to monitor the number of locked out user accounts :-) Sophos is a bit of a memory hog (not sure how it compares to other versions), taking around 150MB (savservice.exe alone is taking 108MB on my machine currently). We are currently using 7.6.20 tht, Matt From: Jim Holmgren [mailto:jholmg...@xlhealth.commailto:jholmg...@xlhealth.com] Sent: 07 October 2010 01:23 To: NT System Admin Issues Subject: RE: AV Opinions Give
RE: How'd this for a bad day? AKA bad me
All I can say is OUCH! :-( From: David Lum [mailto:david@nwea.org] Sent: Friday, October 08, 2010 5:51 AM To: NT System Admin Issues Subject: How'd this for a bad day? AKA bad me I have 7 production systems running on 3 different ESX boxes in an ESX cluster, and 2 different logical SAN volumes (sorry am not SAN savvy, I just know I have two different SAN volumes to choose from when making a VM). Today, a SAN blows up and takes out half our SharePoint server (heavily used), a Terminal Server , and an internal occasionally-used web server (Namescape rDirectory). Then somehow, when I was told to power down the other 4 VMs so our VMWare guy could reboot a vCenter server, 3 of the 4 remaining VMs decided to go AWOL (a combination of missing and disconnected). That took out my other two Terminal Servers and another lightly used internal web server. Did I mention I dont have the normal backups for these things because well Im an idiot and didnt confirm our backup guy installed backup software on these servers as I stood them up (process error on my part since I should confirm its on there). None of these store data they all talk to a backend SQL and the Terminal Servers are used to run apps that are slow if they run the same apps over VPN. SharePoint we got back quick because we do have a staging equivalent of it, so it was repoint to a config and content DB, DNS change, and done. I do have copious notes on how I built the others and can rebuild from scratch easily enough (I just finished the three TS boxes), but dude six servers at once? The most frustrating part was discovering that the 4 systems that had been powered off could have been migrated before power off and there would have been no issue with them the power down nuked em. Oh, and the lone surviving server the PGP Universal Server that manages the encrypted machines. (Yes, the PGP machines will still boot w/out the server up, but still, Ive been on this server 50% of my time over the last two weeks!). Dave ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: How'd this for a bad day? AKA bad me
Being slightly serious for a moment, it's a pretty good illustration of how something like a SAN in isolation is no use :-) -Original Message- From: John Aldrich [mailto:jaldr...@blueridgecarpet.com] Sent: 08 October 2010 13:43 To: NT System Admin Issues Subject: RE: How'd this for a bad day? AKA bad me All I can say is OUCH! :-( From: David Lum [mailto:david@nwea.org] Sent: Friday, October 08, 2010 5:51 AM To: NT System Admin Issues Subject: How'd this for a bad day? AKA bad me I have 7 production systems running on 3 different ESX boxes in an ESX cluster, and 2 different logical SAN volumes (sorry am not SAN savvy, I just know I have two different SAN volumes to choose from when making a VM). Today, a SAN blows up and takes out half - our SharePoint server (heavily used), a Terminal Server , and an internal occasionally-used web server (Namescape rDirectory). Then somehow, when I was told to power down the other 4 VM's so our VMWare guy could reboot a vCenter server, 3 of the 4 remaining VM's decided to go AWOL (a combination of missing and disconnected). That took out my other two Terminal Servers and another lightly used internal web server. Did I mention I don't have the normal backups for these things because ...well...I'm an idiot and didn't confirm our backup guy installed backup software on these servers as I stood them up (process error on my part since I should confirm it's on there). None of these store data - they all talk to a backend SQL and the Terminal Servers are used to run apps that are slow if they run the same apps over VPN. SharePoint we got back quick because we do have a staging equivalent of it, so it was repoint to a config and content DB, DNS change, and done. I do have copious notes on how I built the others and can rebuild from scratch easily enough (I just finished the three TS boxes), but dude...six servers at once? The most frustrating part was discovering that the 4 systems that had been powered off could have been migrated before power off and there would have been no issue with them - the power down nuked 'em. Oh, and the lone surviving server - the PGP Universal Server that manages the encrypted machines. (Yes, the PGP machines will still boot w/out the server up, but still, I've been on this server 50% of my time over the last two weeks!). Dave ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin -- MIRA Ltd Watling Street, Nuneaton, Warwickshire, CV10 0TU, England Registered in England and Wales No. 402570 VAT Registration GB 114 5409 96 The contents of this e-mail are confidential and are solely for the use of the intended recipient. If you receive this e-mail in error, please delete it and notify us either by e-mail, telephone or fax. You should not copy, forward or otherwise disclose the content of the e-mail as this is prohibited. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: How'd this for a bad day? AKA bad me
Yep. Good point. :-) VERY good point! -Original Message- From: Paul Hutchings [mailto:paul.hutchi...@mira.co.uk] Sent: Friday, October 08, 2010 8:55 AM To: NT System Admin Issues Subject: RE: How'd this for a bad day? AKA bad me Being slightly serious for a moment, it's a pretty good illustration of how something like a SAN in isolation is no use :-) -Original Message- From: John Aldrich [mailto:jaldr...@blueridgecarpet.com] Sent: 08 October 2010 13:43 To: NT System Admin Issues Subject: RE: How'd this for a bad day? AKA bad me All I can say is OUCH! :-( From: David Lum [mailto:david@nwea.org] Sent: Friday, October 08, 2010 5:51 AM To: NT System Admin Issues Subject: How'd this for a bad day? AKA bad me I have 7 production systems running on 3 different ESX boxes in an ESX cluster, and 2 different logical SAN volumes (sorry am not SAN savvy, I just know I have two different SAN volumes to choose from when making a VM). Today, a SAN blows up and takes out half - our SharePoint server (heavily used), a Terminal Server , and an internal occasionally-used web server (Namescape rDirectory). Then somehow, when I was told to power down the other 4 VM's so our VMWare guy could reboot a vCenter server, 3 of the 4 remaining VM's decided to go AWOL (a combination of missing and disconnected). That took out my other two Terminal Servers and another lightly used internal web server. Did I mention I don't have the normal backups for these things because ...well...I'm an idiot and didn't confirm our backup guy installed backup software on these servers as I stood them up (process error on my part since I should confirm it's on there). None of these store data - they all talk to a backend SQL and the Terminal Servers are used to run apps that are slow if they run the same apps over VPN. SharePoint we got back quick because we do have a staging equivalent of it, so it was repoint to a config and content DB, DNS change, and done. I do have copious notes on how I built the others and can rebuild from scratch easily enough (I just finished the three TS boxes), but dude...six servers at once? The most frustrating part was discovering that the 4 systems that had been powered off could have been migrated before power off and there would have been no issue with them - the power down nuked 'em. Oh, and the lone surviving server - the PGP Universal Server that manages the encrypted machines. (Yes, the PGP machines will still boot w/out the server up, but still, I've been on this server 50% of my time over the last two weeks!). Dave ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin -- MIRA Ltd Watling Street, Nuneaton, Warwickshire, CV10 0TU, England Registered in England and Wales No. 402570 VAT Registration GB 114 5409 96 The contents of this e-mail are confidential and are solely for the use of the intended recipient. If you receive this e-mail in error, please delete it and notify us either by e-mail, telephone or fax. You should not copy, forward or otherwise disclose the content of the e-mail as this is prohibited. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Need System/Application Security Advice
Agreed, but the OP was talking about a product that his client is selling. Consulting with their customers about their network/domain design may be way beyond the scope of their business. I interpreted the post as looking for suggestions to improve the security of the product that might be installed on any number of widely varying domain and network configurations. What would you suggest in that regard? Jeff On Fri, Oct 8, 2010 at 4:52 AM, Alan Davies adav...@cls-services.comwrote: That's not really security. Once you have an account on a domain, you are far more likely to be able to privilege escalate and further penetrate the network/domain. The solution depends on how deep your pockets are and how critical the data is. You could do it with a DMZ based domain I guess .. at least you're not exposing your internal network then and making swiss cheese out of your firewall! Still not ideal. Realistically, if this is critical and you're serious about protecting it, the internal domain is never exposed to a DMZ. That's way OTT for a lot of smaller companies though. You need a risk assessment of what you're trying to protect, how strong your current mitigating controls are, etc. before you can figure out what's cost effective. One suggestion was to pass authentication back to the DB tier - this is very poor practice and should not be done for Internet facing services. Ideally, you should be able to invoke any code at all from the web app until you pass through a separated authentication layer. This way anonymous users can never attempt to directly attack your application or database. a -- *From:* Jeff Bunting [mailto:bunting.j...@gmail.com] *Sent:* 07 October 2010 22:05 *To:* NT System Admin Issues *Subject:* Re: Need System/Application Security Advice Wouldn't restricting the systems the account can logon to in AD prevent this? I've done this in the past, but the web servers were in their own domain. Jeff On Thu, Oct 7, 2010 at 1:53 PM, Klint Price kpr...@arizonaitpro.comwrote: So what steps should be taken to secure it since no instructions are provided to do so? Because IIS knows the password for the xyzweb account. If someone can get IIS to execute arbitrary code (e.g. by uploading some of their own webpages) then IIS can connect to serverB using the domain\xyzweb account, and that account has privileges on serverB. By running your website as a domain user it is basically giving permission to your web server to access anything that the user has access to on the entire domain. Wouldn’t that mean that if someone manages to take advantage of one of the many IIS vulnerabilities they very well may have access to information all over your network instead of just the one machine? A workaround or possible solution would be to instruct the customer that if they are going to use a domain account (which by architecture they are forcing them to do), that they should use a non-privileged account, and remove it from the “domain users” group. That way the account can be considered “authenticated”, but has no other default rights on the domain. Additional settings should be implemented to prevent the password from expiring, and locking out. *From:* Brian Desmond [mailto:br...@briandesmond.com] *Sent:* Thursday, October 07, 2010 10:49 AM *To:* NT System Admin Issues *Subject:* RE: Need System/Application Security Advice *It’s very common. There are many things you simply cannot do if you run in a local security context. FYI if you run the app pool as Network Service on a domain joined machine that provides it the domain rights of the server’s computer account.* ** *If an internet facing app even not in a corp environment runs on a web farm and is anything other than static content you’re almost guaranteed to have a domain and shared domain accounts running it too.* ** *Thanks,* *Brian Desmond* *br...@briandesmond.com* ** *c - 312.731.3132* ** ** *From:* Klint Price [mailto:kpr...@arizonaitpro.com] *Sent:* Thursday, October 07, 2010 7:36 PM *To:* NT System Admin Issues *Subject:* RE: Need System/Application Security Advice Internal corporate, yes. Directly exposed to the internet? I would hope not. *From:* Brian Desmond [mailto:br...@briandesmond.com] *Sent:* Thursday, October 07, 2010 10:34 AM *To:* NT System Admin Issues *Subject:* RE: Need System/Application Security Advice *Ermm what you describe (as I understand it) is probably how 75-90 percent of apps run on IIS in a corporate environment.* ** *Thanks,* *Brian Desmond* *br...@briandesmond.com* ** *c - 312.731.3132* ** ** *From:* Klint Price [mailto:kpr...@arizonaitpro.com] *Sent:* Thursday, October 07, 2010 7:28 PM *To:* NT System Admin Issues *Subject:* Need System/Application Security Advice My off-hour job is consulting for various companies. One such small company
Re: How'd this for a bad day? AKA bad me
Why do you need to power down VMs to reboot vCenter? vCenter might be the problem with the missing VMs. VMWare support might be able to help you with those. Jeff On Fri, Oct 8, 2010 at 5:51 AM, David Lum david@nwea.org wrote: I have 7 production systems running on 3 different ESX boxes in an ESX cluster, and 2 different logical SAN volumes (sorry am not SAN savvy, I just know I have two different SAN volumes to choose from when making a VM). Today, a SAN blows up and takes out half – our SharePoint server (heavily used), a Terminal Server , and an internal occasionally-used web server (Namescape rDirectory). Then somehow, when I was told to power down the other 4 VM’s so our VMWare guy could reboot a vCenter server, 3 of the 4 remaining VM’s decided to go AWOL (a combination of “missing” and “disconnected”). That took out my other two Terminal Servers and another lightly used internal web server. Did I mention I don’t have the normal backups for these things because …well…I’m an idiot and didn’t confirm our backup guy installed backup software on these servers as I stood them up (process error on my part since I should confirm it’s on there). None of these store data – they all talk to a backend SQL and the Terminal Servers are used to run apps that are slow if they run the same apps over VPN. SharePoint we got back quick because we do have a staging equivalent of it, so it was repoint to a config and content DB, DNS change, and done. I do have copious notes on how I built the others and can rebuild from scratch easily enough (I just finished the three TS boxes), but dude…six servers at once? The most frustrating part was discovering that the 4 systems that had been powered off could have been “migrated” before power off and there would have been no issue with them – the power down nuked ‘em. Oh, and the lone surviving server – the PGP Universal Server that manages the encrypted machines. (Yes, the PGP machines will still boot w/out the server up, but still, I’ve been on this server 50% of my time over the last two weeks!). Dave ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: How'd this for a bad day? AKA bad me
+1 I'm just getting caught up on emails this morning. vCenter reboot shouldn't necessitate a reboot of a host server. On Fri, Oct 8, 2010 at 9:34 AM, Jeff Bunting bunting.j...@gmail.com wrote: Why do you need to power down VMs to reboot vCenter? vCenter might be the problem with the missing VMs. VMWare support might be able to help you with those. Jeff On Fri, Oct 8, 2010 at 5:51 AM, David Lum david@nwea.org wrote: I have 7 production systems running on 3 different ESX boxes in an ESX cluster, and 2 different logical SAN volumes (sorry am not SAN savvy, I just know I have two different SAN volumes to choose from when making a VM). Today, a SAN blows up and takes out half – our SharePoint server (heavily used), a Terminal Server , and an internal occasionally-used web server (Namescape rDirectory). Then somehow, when I was told to power down the other 4 VM’s so our VMWare guy could reboot a vCenter server, 3 of the 4 remaining VM’s decided to go AWOL (a combination of “missing” and “disconnected”). That took out my other two Terminal Servers and another lightly used internal web server. Did I mention I don’t have the normal backups for these things because …well…I’m an idiot and didn’t confirm our backup guy installed backup software on these servers as I stood them up (process error on my part since I should confirm it’s on there). None of these store data – they all talk to a backend SQL and the Terminal Servers are used to run apps that are slow if they run the same apps over VPN. SharePoint we got back quick because we do have a staging equivalent of it, so it was repoint to a config and content DB, DNS change, and done. I do have copious notes on how I built the others and can rebuild from scratch easily enough (I just finished the three TS boxes), but dude…six servers at once? The most frustrating part was discovering that the 4 systems that had been powered off could have been “migrated” before power off and there would have been no issue with them – the power down nuked ‘em. Oh, and the lone surviving server – the PGP Universal Server that manages the encrypted machines. (Yes, the PGP machines will still boot w/out the server up, but still, I’ve been on this server 50% of my time over the last two weeks!). Dave ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: How'd this for a bad day? AKA bad me
I don't know the exact details (and don't remember at the moment), my guess is they needed to do something SAN side - I just now heard one SAN store is what died. Today is gonna bite.. From: Jeff Bunting [mailto:bunting.j...@gmail.com] Sent: Friday, October 08, 2010 6:35 AM To: NT System Admin Issues Subject: Re: How'd this for a bad day? AKA bad me Why do you need to power down VMs to reboot vCenter? vCenter might be the problem with the missing VMs. VMWare support might be able to help you with those. Jeff On Fri, Oct 8, 2010 at 5:51 AM, David Lum david@nwea.orgmailto:david@nwea.org wrote: I have 7 production systems running on 3 different ESX boxes in an ESX cluster, and 2 different logical SAN volumes (sorry am not SAN savvy, I just know I have two different SAN volumes to choose from when making a VM). Today, a SAN blows up and takes out half - our SharePoint server (heavily used), a Terminal Server , and an internal occasionally-used web server (Namescape rDirectory). Then somehow, when I was told to power down the other 4 VM's so our VMWare guy could reboot a vCenter server, 3 of the 4 remaining VM's decided to go AWOL (a combination of missing and disconnected). That took out my other two Terminal Servers and another lightly used internal web server. Did I mention I don't have the normal backups for these things because ...well...I'm an idiot and didn't confirm our backup guy installed backup software on these servers as I stood them up (process error on my part since I should confirm it's on there). None of these store data - they all talk to a backend SQL and the Terminal Servers are used to run apps that are slow if they run the same apps over VPN. SharePoint we got back quick because we do have a staging equivalent of it, so it was repoint to a config and content DB, DNS change, and done. I do have copious notes on how I built the others and can rebuild from scratch easily enough (I just finished the three TS boxes), but dude...six servers at once? The most frustrating part was discovering that the 4 systems that had been powered off could have been migrated before power off and there would have been no issue with them - the power down nuked 'em. Oh, and the lone surviving server - the PGP Universal Server that manages the encrypted machines. (Yes, the PGP machines will still boot w/out the server up, but still, I've been on this server 50% of my time over the last two weeks!). Dave ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Need rack vendor recommendations
I used these guys: http://www.racksolutions.com/ They were incredibly helpful. On Thu, Oct 7, 2010 at 9:49 PM, Angus Scott-Fleming angu...@geoapps.comwrote: All I'm putting in a rack for about 6 servers in a vault at a client and need recommendations on what rack systems you're happy with. Also need a vendor recommendation. Since it's my first rack system I don't even know what questions to ask or features to look for or to avoid. TIA Angus ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
DNS on 2008R2
Anyone tell me why 2 AD DNS servers that were running perfectly find would suddenly stop doing all recursive queries outside of the network. I had to run this dnscmd /config /EnableEDNSProbes 0 which apparently disables larger UDP packets, but I am trying to find out if there was an recent update that would have caused this, or someone who is not supposed to be playing with the servers is being a bad boy. Drove me nuts for 2 days until I stumbled upon a thread that recommended trying that cmd and it fixed it immediately after I ran it on both servers. Thx Greg ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: HP PODs
Crickets.. No POD people here ? From: pchow...@yahoo.com pchow...@yahoo.com To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Sent: Thu, October 7, 2010 2:54:57 PM Subject: HP PODs Anyone have good or bad reviews on the HP POD or other containerised DC? Sent from my Verizon Wireless BlackBerry ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: DNS on 2008R2
BTW their was no firewall change, same one that has been in their for 6 months at least. From: greg.swe...@actsconsulting.net [mailto:greg.swe...@actsconsulting.net] Sent: Friday, October 08, 2010 10:49 AM To: NT System Admin Issues Subject: DNS on 2008R2 Anyone tell me why 2 AD DNS servers that were running perfectly find would suddenly stop doing all recursive queries outside of the network. I had to run this dnscmd /config /EnableEDNSProbes 0 which apparently disables larger UDP packets, but I am trying to find out if there was an recent update that would have caused this, or someone who is not supposed to be playing with the servers is being a bad boy. Drove me nuts for 2 days until I stumbled upon a thread that recommended trying that cmd and it fixed it immediately after I ran it on both servers. Thx Greg ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Need rack vendor recommendations
+1 on the APC NetShelter line, but be careful on the model you choose! I say that, because some of them don't have enough space, in my opinion, for high density applications (at least not the models we're using). Our biggest issue is not having enough space to run all the cables for a high density install, such as the copper pass through cables for our IBM BladeCenter. The BladeCenter is capable of 14 blades, with a maximum potential of 4 NICs per blade. Between that and CAT5e cables to other pizza box servers, BIG power cables for the 240 V PDUs, and CAT5e cables for KVM connectivity, it gets TIGHT really quick. The more space you have behind and on the sides for cable management, in my opinion, the better. Also, because it is so tight, the cable management of the deeper servers requires that we pull some of the cable management rings out of the rack, which is a pain. We specifically have the AR3107, which is not as wide as the AR3140 or AR3150, which I believe would better suit our needs. The AR3357 is almost a full 6 inches wider and more than 5 inches deeper than what we have. Finally, be sure to take a look at your service elevators and stairs if that is an issue. Too big and you'll be lugging these things up the stairs, which is doable with enough people, but if you're not careful, the hypotenuse of a right triangle can bite you in the rear after the purchase. I haven't been bitten, but I've cut it REALLY close. APC has a rack configurator herehttps://configurator.apcc.com/products/powerstruxure/configurator/psx_chooseRackTool.cfm?out=yescc=USstartCfg=rackConID=Guest, which may help you. I would also consider contacting an experienced APC VAR if you want some design help. APC pre-sales support can help you find a suitable VAR in your area, if one exists. If not, you should be able to get support directly from APC. You can also compare models herehttp://www.apc.com/products/resource/include/techspec_index.cfm?base_sku=AR3100tab=compare (I used the AR3100 as a base). HTH! Jonathan L. Raper, A+, MCSA, MCSE Technology Coordinator Eagle Physicians Associates, PA jra...@eaglemds.com www.eaglemds.com -Original Message- From: Bill Humphries [mailto:nt...@hedgedigger.com] Sent: Friday, October 08, 2010 12:21 AM To: NT System Admin Issues Subject: Re: Need rack vendor recommendations Hi Angus, We spec APC Net Shelter SX racks for most of our clients. I like them. I really, really prefer the wider 750mm racks if you want to mounts things like PDUs vertically. We just buy everything through CDW. http://www.apc.com/products/category.cfm?id=10 Bill Angus Scott-Fleming wrote: All I'm putting in a rack for about 6 servers in a vault at a client and need recommendations on what rack systems you're happy with. Also need a vendor recommendation. Since it's my first rack system I don't even know what questions to ask or features to look for or to avoid. TIA Angus ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin Any medical information contained in this electronic message is CONFIDENTIAL and privileged. It is unlawful for unauthorized persons to view, copy, disclose, or disseminate CONFIDENTIAL information. This electronic message may contain information that is confidential and/or legally privileged. It is intended only for the use of the individual(s) and/or entity named as recipients in the message. If you are not an intended recipient of this message, please notify the sender immediately and delete this material from your computer. Do not deliver, distribute or copy this message, and do not disclose its contents or take any action in reliance on the information that it contains. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
OT Friday Not Funny
I think I'm the violin player on the deck of the Titanic. You have good intentions, but it is going to end badly for you. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: OT Friday Not Funny
Oh no. What's up? On Fri, Oct 8, 2010 at 11:19 AM, Bill Humphries nt...@hedgedigger.comwrote: I think I'm the violin player on the deck of the Titanic. You have good intentions, but it is going to end badly for you. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: OT Friday Not Funny
That don't sound good. All ok? On Oct 8, 2010 11:23 AM, Candee can...@gmail.com wrote: Oh no. What's up? On Fri, Oct 8, 2010 at 11:19 AM, Bill Humphries nt...@hedgedigger.com wrote: I think I'm the v... ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: How'd this for a bad day? AKA bad me
+1 from here as well. A vCenter reboot should not require a host reboot. If it did, that would (IMHO) be a huge problem in the design and purpose behind VMware. Talk to VMware. If your maintenance is not current, get current. On a related note, YESTERDAY, one of our storage groups on our SAN ran out of space (fortunately I'm not in or over the group responsible for that anymore!), and thus took down a number of systems, all part of our core electronic medical record system, eClinicalWorks, all virtual... We were without that app for more than 6 hours, and are still dealing with database replication issues today as a result TGIF! Jonathan L. Raper, A+, MCSA, MCSE Technology Coordinator Eagle Physicians Associates, PA jra...@eaglemds.comBLOCKED::mailto:%20jra...@eaglemds.com www.eaglemds.comBLOCKED::http://www.eaglemds.com/ From: Jonathan Link [mailto:jonathan.l...@gmail.com] Sent: Friday, October 08, 2010 9:40 AM To: NT System Admin Issues Subject: Re: How'd this for a bad day? AKA bad me +1 I'm just getting caught up on emails this morning. vCenter reboot shouldn't necessitate a reboot of a host server. On Fri, Oct 8, 2010 at 9:34 AM, Jeff Bunting bunting.j...@gmail.commailto:bunting.j...@gmail.com wrote: Why do you need to power down VMs to reboot vCenter? vCenter might be the problem with the missing VMs. VMWare support might be able to help you with those. Jeff On Fri, Oct 8, 2010 at 5:51 AM, David Lum david@nwea.orgmailto:david@nwea.org wrote: I have 7 production systems running on 3 different ESX boxes in an ESX cluster, and 2 different logical SAN volumes (sorry am not SAN savvy, I just know I have two different SAN volumes to choose from when making a VM). Today, a SAN blows up and takes out half - our SharePoint server (heavily used), a Terminal Server , and an internal occasionally-used web server (Namescape rDirectory). Then somehow, when I was told to power down the other 4 VM's so our VMWare guy could reboot a vCenter server, 3 of the 4 remaining VM's decided to go AWOL (a combination of missing and disconnected). That took out my other two Terminal Servers and another lightly used internal web server. Did I mention I don't have the normal backups for these things because ...well...I'm an idiot and didn't confirm our backup guy installed backup software on these servers as I stood them up (process error on my part since I should confirm it's on there). None of these store data - they all talk to a backend SQL and the Terminal Servers are used to run apps that are slow if they run the same apps over VPN. SharePoint we got back quick because we do have a staging equivalent of it, so it was repoint to a config and content DB, DNS change, and done. I do have copious notes on how I built the others and can rebuild from scratch easily enough (I just finished the three TS boxes), but dude...six servers at once? The most frustrating part was discovering that the 4 systems that had been powered off could have been migrated before power off and there would have been no issue with them - the power down nuked 'em. Oh, and the lone surviving server - the PGP Universal Server that manages the encrypted machines. (Yes, the PGP machines will still boot w/out the server up, but still, I've been on this server 50% of my time over the last two weeks!). Dave ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin Any medical information contained in this electronic message is CONFIDENTIAL and privileged. It is unlawful for unauthorized persons to view, copy, disclose, or disseminate CONFIDENTIAL information. This electronic message may contain information that is confidential and/or legally privileged. It is intended only for the use of the individual(s) and/or entity named as recipients in the message. If you are not an intended recipient of this message,
Re: How'd this for a bad day? AKA bad me
On Fri, Oct 8, 2010 at 5:51 AM, David Lum david@nwea.org wrote: I have 7 production systems ... Oh, boy. Fun. I've had days like that. Not many, fortunately (and knock on wood). Hope you get it all sorted out in time for the weekend! Today I find myself having to arbitrate a pooch screw regarding important procedures, and thus get everyone's story and try and make sense of it all. I feel like I'm playing the cop in a police interrogation scene. I much prefer dealing with recalcitrant machines than people. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: OT Friday Not Funny
On Fri, Oct 8, 2010 at 11:19 AM, Bill Humphries nt...@hedgedigger.com wrote: I think I'm the violin player on the deck of the Titanic. You have good intentions, but it is going to end badly for you. That sounds bad. As in don't cross the streams bad. Things are fine, the upcoming semester approaches like a brick wall and we're in a 1962 Corvair with no brakes. -- Paul Sand, chief sysadmin, UNH -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: How'd this for a bad day? AKA bad me
Machines are recalcitrant, they're just misunderstood. On Fri, Oct 8, 2010 at 12:15 PM, Ben Scott mailvor...@gmail.com wrote: On Fri, Oct 8, 2010 at 5:51 AM, David Lum david@nwea.org wrote: I have 7 production systems ... Oh, boy. Fun. I've had days like that. Not many, fortunately (and knock on wood). Hope you get it all sorted out in time for the weekend! Today I find myself having to arbitrate a pooch screw regarding important procedures, and thus get everyone's story and try and make sense of it all. I feel like I'm playing the cop in a police interrogation scene. I much prefer dealing with recalcitrant machines than people. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Anyone used the Sonicwall NSA 2400?
It seems like a good firewall to use. I always liked external computers... It's only about $1,000 if you look around. Anyone had better use of any others? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: How'd this for a bad day? AKA bad me
If the systems are still actually on the LUNs, then you should be able to reconnect them and bring them up. Rebooting vCenter should not have had anything to do with shutting down guests but rebooting the SAN might possibly have been required to address it's fire. From vCenter just reconnect to the ESX hosts, and then start connecting to the guests. Frankly I'd get on hold with VMware now. They are pretty good at getting this sort of thing sorted out so rebuilding shouldn't be necessary unless the data on the SAN went poof. Steven Peck http://www.blkmtn.org . On Fri, Oct 8, 2010 at 9:20 AM, Jonathan Link jonathan.l...@gmail.comwrote: Machines are recalcitrant, they're just misunderstood. On Fri, Oct 8, 2010 at 12:15 PM, Ben Scott mailvor...@gmail.com wrote: On Fri, Oct 8, 2010 at 5:51 AM, David Lum david@nwea.org wrote: I have 7 production systems ... Oh, boy. Fun. I've had days like that. Not many, fortunately (and knock on wood). Hope you get it all sorted out in time for the weekend! Today I find myself having to arbitrate a pooch screw regarding important procedures, and thus get everyone's story and try and make sense of it all. I feel like I'm playing the cop in a police interrogation scene. I much prefer dealing with recalcitrant machines than people. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: How'd this for a bad day? AKA bad me
Your not is AWOL *ASB * * * On Fri, Oct 8, 2010 at 12:20 PM, Jonathan Link jonathan.l...@gmail.comwrote: Machines are recalcitrant, they're just misunderstood. On Fri, Oct 8, 2010 at 12:15 PM, Ben Scott mailvor...@gmail.com wrote: On Fri, Oct 8, 2010 at 5:51 AM, David Lum david@nwea.org wrote: I have 7 production systems ... Oh, boy. Fun. I've had days like that. Not many, fortunately (and knock on wood). Hope you get it all sorted out in time for the weekend! Today I find myself having to arbitrate a pooch screw regarding important procedures, and thus get everyone's story and try and make sense of it all. I feel like I'm playing the cop in a police interrogation scene. I much prefer dealing with recalcitrant machines than people. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: How'd this for a bad day? AKA bad me
That's not the only thing... On Fri, Oct 8, 2010 at 12:32 PM, Andrew S. Baker asbz...@gmail.com wrote: Your not is AWOL *ASB * * * On Fri, Oct 8, 2010 at 12:20 PM, Jonathan Link jonathan.l...@gmail.comwrote: Machines are recalcitrant, they're just misunderstood. On Fri, Oct 8, 2010 at 12:15 PM, Ben Scott mailvor...@gmail.com wrote: On Fri, Oct 8, 2010 at 5:51 AM, David Lum david@nwea.org wrote: I have 7 production systems ... Oh, boy. Fun. I've had days like that. Not many, fortunately (and knock on wood). Hope you get it all sorted out in time for the weekend! Today I find myself having to arbitrate a pooch screw regarding important procedures, and thus get everyone's story and try and make sense of it all. I feel like I'm playing the cop in a police interrogation scene. I much prefer dealing with recalcitrant machines than people. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: How'd this for a bad day? AKA bad me
I've said it before, but I will say it again. In a highly virtualized, heavily consolidated world, we need more planning, more thinking and more time for effective execution. Cutting corners will become more and more painful, and will bite more and more organizations. Hopefully, enough near misses will teach enough entities to do the right thing. That's just my optimism speaking, however. It will be incumbent on each technology professional to advocate or fight for the right solutions, or have an excellent exit strategy planned out. :) *ASB *(My XeeSM Profile) http://XeeSM.com/AndrewBaker *Exploiting Technology for Business Advantage...* * * On Fri, Oct 8, 2010 at 11:27 AM, Raper, Jonathan - Eagle jra...@eaglemds.com wrote: +1 from here as well. A vCenter reboot should not require a host reboot. If it did, that would (IMHO) be a huge problem in the design and purpose behind VMware. Talk to VMware. If your maintenance is not current, get current. On a related note, YESTERDAY, one of our storage groups on our SAN ran out of space (fortunately I’m not in or over the group responsible for that anymore!), and thus took down a number of systems, all part of our core electronic medical record system, eClinicalWorks, all virtual… We were without that app for more than 6 hours, and are still dealing with database replication issues today as a result…. TGIF! Jonathan L. Raper, A+, MCSA, MCSE Technology Coordinator Eagle Physicians Associates, PA* *jra...@eaglemds.com* *www.eaglemds.com -- *From:* Jonathan Link [mailto:jonathan.l...@gmail.com] *Sent:* Friday, October 08, 2010 9:40 AM *To:* NT System Admin Issues *Subject:* Re: How'd this for a bad day? AKA bad me +1 I'm just getting caught up on emails this morning. vCenter reboot shouldn't necessitate a reboot of a host server. On Fri, Oct 8, 2010 at 9:34 AM, Jeff Bunting bunting.j...@gmail.com wrote: Why do you need to power down VMs to reboot vCenter? vCenter might be the problem with the missing VMs. VMWare support might be able to help you with those. Jeff On Fri, Oct 8, 2010 at 5:51 AM, David Lum david@nwea.org wrote: I have 7 production systems running on 3 different ESX boxes in an ESX cluster, and 2 different logical SAN volumes (sorry am not SAN savvy, I just know I have two different SAN volumes to choose from when making a VM). Today, a SAN blows up and takes out half – our SharePoint server (heavily used), a Terminal Server , and an internal occasionally-used web server (Namescape rDirectory). Then somehow, when I was told to power down the other 4 VM’s so our VMWare guy could reboot a vCenter server, 3 of the 4 remaining VM’s decided to go AWOL (a combination of “missing” and “disconnected”). That took out my other two Terminal Servers and another lightly used internal web server. Did I mention I don’t have the normal backups for these things because …well…I’m an idiot and didn’t confirm our backup guy installed backup software on these servers as I stood them up (process error on my part since I should confirm it’s on there). None of these store data – they all talk to a backend SQL and the Terminal Servers are used to run apps that are slow if they run the same apps over VPN. SharePoint we got back quick because we do have a staging equivalent of it, so it was repoint to a config and content DB, DNS change, and done. I do have copious notes on how I built the others and can rebuild from scratch easily enough (I just finished the three TS boxes), but dude…six servers at once? The most frustrating part was discovering that the 4 systems that had been powered off could have been “migrated” before power off and there would have been no issue with them – the power down nuked ‘em. Oh, and the lone surviving server – the PGP Universal Server that manages the encrypted machines. (Yes, the PGP machines will still boot w/out the server up, but still, I’ve been on this server 50% of my time over the last two weeks!). Dave ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Multiple net segments on W2k8r2
I have some configuration changes I am planning for and this involves adding a NIC to a W2k8r2 box that's untagged into a Storage vlan on a different segment. So long as that interface is not set to register itself in DNS (it will never be addressed by this ip) is there anything else I need/should do? The client side segment these servers are on is the only addressable segment they would ever be used by. Thanks! jlc ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Anyone used the Sonicwall NSA 2400?
Is that $1000 with all the services? Or just for the device? SonicWall is okay, although I haven't used their devices in a few years. I prefer the Fortigate devices from Fortinet - http://www.fortinet.com/products/fortigate/ - http://www.fortinet.com/doc/FortinetMatrix.pdf *ASB *(My XeeSM Profile) http://XeeSM.com/AndrewBaker *Exploiting Technology for Business Advantage...* * * On Fri, Oct 8, 2010 at 12:23 PM, Holstrom, Don dholst...@nbm.org wrote: It seems like a good firewall to use. I always liked external computers… It’s only about $1,000 if you look around. Anyone had better use of any others? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
IT Solutions for a tiny Deployment
Looking to utilize an IM solution for about 3 users right now. Might expand to about 10 users - so please, no over the top large enterprise recommendations. Requirements: Security Trail/Logging Can work over WAN I can provide a backend server if needed. A virtual appliance would be even better. Any quick pointers are appreciated in conjunction with the research I will be doing. TIA, Sam ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: IT Solutions for a tiny Deployment
Haven't looked to much into it, but Exchange 2007 and 2010 have unified communications built in. I would think that you would be able to lock it down via AD and GP. _ Cameron Cooper Network Administrator | CompTIA A+ Certified Aurico Reports, Inc Phone: 847-890-4021 | Fax: 847-255-1896 ccoo...@aurico.com | www.aurico.com From: Sam Cayze [mailto:sam.ca...@rollouts.com] Sent: Friday, October 08, 2010 11:48 AM To: NT System Admin Issues Subject: IT Solutions for a tiny Deployment Looking to utilize an IM solution for about 3 users right now. Might expand to about 10 users - so please, no over the top large enterprise recommendations. Requirements: Security Trail/Logging Can work over WAN I can provide a backend server if needed. A virtual appliance would be even better. Any quick pointers are appreciated in conjunction with the research I will be doing. TIA, Sam ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: IT Solutions for a tiny Deployment
Jabber??? I know you can deploy your own Jabber server. Not sure if it would meet all your requirements, but it might be something to look at. From: Sam Cayze [mailto:sam.ca...@rollouts.com] Sent: Friday, October 08, 2010 12:48 PM To: NT System Admin Issues Subject: IT Solutions for a tiny Deployment Looking to utilize an IM solution for about 3 users right now. Might expand to about 10 users so please, no over the top large enterprise recommendations. Requirements: Security Trail/Logging Can work over WAN I can provide a backend server if needed. A virtual appliance would be even better. Any quick pointers are appreciated in conjunction with the research I will be doing. TIA, Sam ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: How'd this for a bad day? AKA bad me
Yeah I seem to run into this kind of I should change my career event once every five years or so, although this event isn't nearly as stressful as being at a client (these down systems are at %dayjob%) and having a RAID5 card die and thinking I don't even know how the RAID volumes were configured, this setup pre-dated me..., this on their primary SBS server. The worst in my 15 years was P2V-ing a different customer's SBS server with Hyper-V, then about two months later when I rebooted the host, SCVMM (MS's fancy VM manager) tells me No virtual machines found... Current status of my disaster: I have 5 of 6 servers back up and 95%+ back to normal, not too bad for 12 hours of work...or is it? The last server is low on the critical list, I believe I will not suffer a heart attack this day. Dave -Original Message- From: Ben Scott [mailto:mailvor...@gmail.com] Sent: Friday, October 08, 2010 9:16 AM To: NT System Admin Issues Subject: Re: How'd this for a bad day? AKA bad me On Fri, Oct 8, 2010 at 5:51 AM, David Lum david@nwea.org wrote: I have 7 production systems ... Oh, boy. Fun. I've had days like that. Not many, fortunately (and knock on wood). Hope you get it all sorted out in time for the weekend! Today I find myself having to arbitrate a pooch screw regarding important procedures, and thus get everyone's story and try and make sense of it all. I feel like I'm playing the cop in a police interrogation scene. I much prefer dealing with recalcitrant machines than people. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: IT Solutions for a tiny Deployment
Would this work for you? I don't know about logging, but it is hosted, so you would only have to pay a monthly fee. You don't have to have a Cisco infrastructure in order to use it. You would only need Cisco if you wanted IP phone and/or soft phone integration...and it can connect from behind a firewall without any issue. http://www.webex.com/enterprise/cisco-webex-connect.html Jonathan L. Raper, A+, MCSA, MCSE Technology Coordinator Eagle Physicians Associates, PA jra...@eaglemds.comBLOCKED::mailto:%20jra...@eaglemds.com www.eaglemds.comBLOCKED::http://www.eaglemds.com/ From: Sam Cayze [mailto:sam.ca...@rollouts.com] Sent: Friday, October 08, 2010 12:48 PM To: NT System Admin Issues Subject: IT Solutions for a tiny Deployment Looking to utilize an IM solution for about 3 users right now. Might expand to about 10 users - so please, no over the top large enterprise recommendations. Requirements: Security Trail/Logging Can work over WAN I can provide a backend server if needed. A virtual appliance would be even better. Any quick pointers are appreciated in conjunction with the research I will be doing. TIA, Sam ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin Any medical information contained in this electronic message is CONFIDENTIAL and privileged. It is unlawful for unauthorized persons to view, copy, disclose, or disseminate CONFIDENTIAL information. This electronic message may contain information that is confidential and/or legally privileged. It is intended only for the use of the individual(s) and/or entity named as recipients in the message. If you are not an intended recipient of this message, please notify the sender immediately and delete this material from your computer. Do not deliver, distribute or copy this message, and do not disclose its contents or take any action in reliance on the information that it contains. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: How'd this for a bad day? AKA bad me
Just be glad it didn't happen on a Monday! Terrible way to start off a week! Jonathan L. Raper, A+, MCSA, MCSE Technology Coordinator Eagle Physicians Associates, PA jra...@eaglemds.com www.eaglemds.com -Original Message- From: David Lum [mailto:david@nwea.org] Sent: Friday, October 08, 2010 12:54 PM To: NT System Admin Issues Subject: RE: How'd this for a bad day? AKA bad me Yeah I seem to run into this kind of I should change my career event once every five years or so, although this event isn't nearly as stressful as being at a client (these down systems are at %dayjob%) and having a RAID5 card die and thinking I don't even know how the RAID volumes were configured, this setup pre-dated me..., this on their primary SBS server. The worst in my 15 years was P2V-ing a different customer's SBS server with Hyper-V, then about two months later when I rebooted the host, SCVMM (MS's fancy VM manager) tells me No virtual machines found... Current status of my disaster: I have 5 of 6 servers back up and 95%+ back to normal, not too bad for 12 hours of work...or is it? The last server is low on the critical list, I believe I will not suffer a heart attack this day. Dave -Original Message- From: Ben Scott [mailto:mailvor...@gmail.com] Sent: Friday, October 08, 2010 9:16 AM To: NT System Admin Issues Subject: Re: How'd this for a bad day? AKA bad me On Fri, Oct 8, 2010 at 5:51 AM, David Lum david@nwea.org wrote: I have 7 production systems ... Oh, boy. Fun. I've had days like that. Not many, fortunately (and knock on wood). Hope you get it all sorted out in time for the weekend! Today I find myself having to arbitrate a pooch screw regarding important procedures, and thus get everyone's story and try and make sense of it all. I feel like I'm playing the cop in a police interrogation scene. I much prefer dealing with recalcitrant machines than people. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin Any medical information contained in this electronic message is CONFIDENTIAL and privileged. It is unlawful for unauthorized persons to view, copy, disclose, or disseminate CONFIDENTIAL information. This electronic message may contain information that is confidential and/or legally privileged. It is intended only for the use of the individual(s) and/or entity named as recipients in the message. If you are not an intended recipient of this message, please notify the sender immediately and delete this material from your computer. Do not deliver, distribute or copy this message, and do not disclose its contents or take any action in reliance on the information that it contains. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: IT Solutions for a tiny Deployment
Openfire/Spark? Looks promising and can be put on Windows or Linux. Looks like it can also integrate with AD. Dunno if it meets all your requirements or not, but here's the site: http://www.igniterealtime.org/projects/openfire/documentation.jsp From: Sam Cayze Sent: Friday, October 08, 2010 9:47 AM To: NT System Admin Issues Subject: IT Solutions for a tiny Deployment Looking to utilize an IM solution for about 3 users right now. Might expand to about 10 users - so please, no over the top large enterprise recommendations. Requirements: Security Trail/Logging Can work over WAN I can provide a backend server if needed. A virtual appliance would be even better. Any quick pointers are appreciated in conjunction with the research I will be doing. TIA, Sam ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Multiple net segments on W2k8r2
You don't need to have Microsoft File Sharing on this NIC at all, right? *ASB * * * On Fri, Oct 8, 2010 at 12:38 PM, Joseph L. Casale jcas...@activenetwerx.com wrote: I have some configuration changes I am planning for and this involves adding a NIC to a W2k8r2 box that’s untagged into a Storage vlan on a different segment. So long as that interface is not set to register itself in DNS (it will never be addressed by this ip) is there anything else I need/should do? The client side segment these servers are on is the only addressable segment they would ever be used by. Thanks! jlc ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: IT Solutions for a tiny Deployment
Please define security in this context. *ASB* * * On Fri, Oct 8, 2010 at 12:47 PM, Sam Cayze sam.ca...@rollouts.com wrote: Looking to utilize an IM solution for about 3 users right now. Might expand to about 10 users – so please, no over the top large enterprise recommendations. Requirements: Security Trail/Logging Can work over WAN I can provide a backend server if needed. A virtual appliance would be even better. Any quick pointers are appreciated in conjunction with the research I will be doing. TIA, Sam ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: How'd this for a bad day? AKA bad me
Amen -Original Message- From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Friday, October 08, 2010 11:36 AM To: NT System Admin Issues Subject: Re: How'd this for a bad day? AKA bad me I've said it before, but I will say it again. In a highly virtualized, heavily consolidated world, we need more planning, more thinking and more time for effective execution. Cutting corners will become more and more painful, and will bite more and more organizations. Hopefully, enough near misses will teach enough entities to do the right thing. That's just my optimism speaking, however. It will be incumbent on each technology professional to advocate or fight for the right solutions, or have an excellent exit strategy planned out. :) ASB (My XeeSM Profile) http://XeeSM.com/AndrewBaker Exploiting Technology for Business Advantage... On Fri, Oct 8, 2010 at 11:27 AM, Raper, Jonathan - Eagle jra...@eaglemds.com wrote: +1 from here as well. A vCenter reboot should not require a host reboot. If it did, that would (IMHO) be a huge problem in the design and purpose behind VMware. Talk to VMware. If your maintenance is not current, get current. On a related note, YESTERDAY, one of our storage groups on our SAN ran out of space (fortunately I'm not in or over the group responsible for that anymore!), and thus took down a number of systems, all part of our core electronic medical record system, eClinicalWorks, all virtual... We were without that app for more than 6 hours, and are still dealing with database replication issues today as a result TGIF! Jonathan L. Raper, A+, MCSA, MCSE Technology Coordinator Eagle Physicians Associates, PA jra...@eaglemds.com www.eaglemds.com From: Jonathan Link [mailto:jonathan.l...@gmail.com] Sent: Friday, October 08, 2010 9:40 AM To: NT System Admin Issues Subject: Re: How'd this for a bad day? AKA bad me +1 I'm just getting caught up on emails this morning. vCenter reboot shouldn't necessitate a reboot of a host server. On Fri, Oct 8, 2010 at 9:34 AM, Jeff Bunting bunting.j...@gmail.com wrote: Why do you need to power down VMs to reboot vCenter? vCenter might be the problem with the missing VMs. VMWare support might be able to help you with those. Jeff On Fri, Oct 8, 2010 at 5:51 AM, David Lum david@nwea.org wrote: I have 7 production systems running on 3 different ESX boxes in an ESX cluster, and 2 different logical SAN volumes (sorry am not SAN savvy, I just know I have two different SAN volumes to choose from when making a VM). Today, a SAN blows up and takes out half - our SharePoint server (heavily used), a Terminal Server , and an internal occasionally-used web server (Namescape rDirectory). Then somehow, when I was told to power down the other 4 VM's so our VMWare guy could reboot a vCenter server, 3 of the 4 remaining VM's decided to go AWOL (a combination of missing and disconnected). That took out my other two Terminal Servers and another lightly used internal web server. Did I mention I don't have the normal backups for these things because ...well...I'm an idiot and didn't confirm our backup guy installed backup software on these servers as I stood them up (process error on my part since I should confirm it's on there). None of these store data - they all talk to a backend SQL and the Terminal Servers are used to run apps that are slow if they run the same apps over VPN. SharePoint we got back quick because we do have a staging equivalent of it, so it was repoint to a config and content DB, DNS change, and done. I do have copious notes on how I built the others and can rebuild from scratch easily enough (I just finished the three TS boxes), but dude...six servers at once? The most frustrating part was discovering that the 4 systems that had been powered off could have been migrated before power off and there would have been no issue with them - the power down nuked 'em. Oh, and the lone surviving server - the PGP Universal Server that manages the encrypted machines. (Yes, the PGP machines will still boot w/out the server up, but still, I've been on this server 50% of my time over the last two weeks!). Dave ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to
RE: Multiple net segments on W2k8r2
Sì signore, It will only have TCP Port 3260, pings actually are disabled anyway on the SAN... I guess I can uncheck the Client for Microsoft Networks, QoS Packet Scheduler and the File and Printer Sharing for Microsoft Networks. jlc From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Friday, October 08, 2010 11:01 AM To: NT System Admin Issues Subject: Re: Multiple net segments on W2k8r2 You don't need to have Microsoft File Sharing on this NIC at all, right? ASB On Fri, Oct 8, 2010 at 12:38 PM, Joseph L. Casale jcas...@activenetwerx.commailto:jcas...@activenetwerx.com wrote: I have some configuration changes I am planning for and this involves adding a NIC to a W2k8r2 box that's untagged into a Storage vlan on a different segment. So long as that interface is not set to register itself in DNS (it will never be addressed by this ip) is there anything else I need/should do? The client side segment these servers are on is the only addressable segment they would ever be used by. Thanks! jlc ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: IT Solutions for a tiny Deployment
The standard edition of OCS2007r2 can do this on one server. It will also provide you with additional nice tools in the way of desktop sharing and video conferencing between these folks should that be desirable later. If by security you mean secure communications between clients, then OCS2007r2 works for that as well. Tools for retrieving the archived data is lacking but there is sample code for the SQL queries to build your own front end or a PowerShell script that works nicely. On Fri, Oct 8, 2010 at 9:47 AM, Sam Cayze sam.ca...@rollouts.com wrote: Looking to utilize an IM solution for about 3 users right now. Might expand to about 10 users – so please, no over the top large enterprise recommendations. Requirements: Security Trail/Logging Can work over WAN I can provide a backend server if needed. A virtual appliance would be even better. Any quick pointers are appreciated in conjunction with the research I will be doing. TIA, Sam ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: OT chicago ISP
We used to have McCleod and switched over to Cimco. They were great to work with what we already had in place and were very helpful with any issues. Very little down time. _ Cameron Cooper Network Administrator | CompTIA A+ Certified Aurico Reports, Inc Phone: 847-890-4021 | Fax: 847-255-1896 ccoo...@aurico.com | www.aurico.com -Original Message- From: Bill Humphries [mailto:nt...@hedgedigger.com] Sent: Friday, September 24, 2010 4:04 PM To: NT System Admin Issues Subject: OT chicago ISP Hey guys, We have a client with a remote office in Chicago. They have outgrown their 2 bonded T1 connection provided by Cbeyond.. What product/provider do you like in that area? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: OT chicago ISP
At the moment we have 2 bonded T1's and one leased Point-2-Point line with them. Once we move to a new building later this year we are switching over to fiber. _ Cameron Cooper Network Administrator | CompTIA A+ Certified Aurico Reports, Inc Phone: 847-890-4021 | Fax: 847-255-1896 ccoo...@aurico.com | www.aurico.com -Original Message- From: Bill Humphries [mailto:nt...@hedgedigger.com] Sent: Friday, September 24, 2010 4:04 PM To: NT System Admin Issues Subject: OT chicago ISP Hey guys, We have a client with a remote office in Chicago. They have outgrown their 2 bonded T1 connection provided by Cbeyond.. What product/provider do you like in that area? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Setting SPN's on Clustered SQL (2005)
Has anyone had to manually add a SPN to a multi-node cluster SQL 2005 box before? I used the spn_query.vbs script from Microsoft to look at each of the nodes of the cluster and the Cluster Name and the SQL Server name ( Still default instance) Used the best practices that doesn't have the SQL Service accounts for SQLServer,Agent and Full Text Search as a normal user during the installation which leads me to believe that the SPN's didn't get written because when I look at the properties of the service account they don't have permissions to read or write SPN. And I get this error when troubleshooting Shavlik 7.60 with Domain Accounts from multiple consoles... SPI handshake failed with error code 0x8009030c while establishing a connection with integrated security; the connection has been closed. [CLIENT: IP_Address_of_client. Has anyone had to do this before for their clusters? Been looking at Microsoft KB 811889 which talks about the Cannot Generate SSPI Context error message. http://support.microsoft.com/kb/811889 Any ideas on this one? Z Edward E. Ziots CISSP, Network +, Security + Network Engineer Lifespan Organization Email:ezi...@lifespan.org Cell:401-639-3505 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: IT Solutions for a tiny Deployment
We use Spark, love it. Integrates with our Asterisk system, AD, Website(in testing). We can transfer a phone call from our phone to the chat client and vice versa from anywhere. Features are good, lots of customization. It does take some work to get it going. From: James Winzenz [mailto:james.winz...@hotmail.com] Sent: Friday, October 08, 2010 12:56 PM To: NT System Admin Issues Subject: Re: IT Solutions for a tiny Deployment Openfire/Spark? Looks promising and can be put on Windows or Linux. Looks like it can also integrate with AD. Dunno if it meets all your requirements or not, but here's the site: http://www.igniterealtime.org/projects/openfire/documentation.jsp From: Sam Cayzemailto:sam.ca...@rollouts.com Sent: Friday, October 08, 2010 9:47 AM To: NT System Admin Issuesmailto:ntsysadmin@lyris.sunbelt-software.com Subject: IT Solutions for a tiny Deployment Looking to utilize an IM solution for about 3 users right now. Might expand to about 10 users - so please, no over the top large enterprise recommendations. Requirements: Security Trail/Logging Can work over WAN I can provide a backend server if needed. A virtual appliance would be even better. Any quick pointers are appreciated in conjunction with the research I will be doing. TIA, Sam ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Replacement for Windows 7 Offline files?
Sound Solutions, Inc. 8400 Highland Dr. Wausau, WI 54401 Tel: 715-842-7665 Fax: 715-842-7620 I set up a laptop with Windows 7 and Offline Files yesterday. The Offline Files is terrible in Windows 7. You have to click too much for the normal user. Does anyone know of any decent replacements for Offline files? Looking for something Open Source. -- This message has been scanned for viruses and dangerous content by Sound Solutions' Avalon Spam Wizard http://www.sound-solutions.biz/ , and is believed to be clean. -- Sound Solutions, Inc. - Since 1995 We Appreciate Your Business and Referrals This message (and any associated files) is intended only for the use of the individual or entity to which it is addressed and may contain information that is confidential, subject to copyright or constitutes a trade secret. If you are not the intended recipient you are hereby notified that any dissemination, copying or distribution of this message, or files associated with this message, is strictly prohibited. If you have received this message in error, please notify us immediately by replying to the message and deleting it from your computer. Messages sent to and from us may be monitored. Internet communications cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. Therefore, we do not accept responsibility for any errors or omissions that are present in this message, or any attachment, that have arisen as a result of e-mail transmission. If verification is required, please request a hard-copy version. Any views or opinions presented are solely those of the author and do not necessarily represent those of the company. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadminimage/gif
RE: IT Solutions for a tiny Deployment
Mainly that all communication is over an encrypted connection; such as SSL. I'm just started my research, trying to become aware of other concerns as well. Also, my subject line was supposed to be IM, not IT... Sam From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Friday, October 08, 2010 12:03 PM To: NT System Admin Issues Subject: Re: IT Solutions for a tiny Deployment Please define security in this context. ASB On Fri, Oct 8, 2010 at 12:47 PM, Sam Cayze sam.ca...@rollouts.com wrote: Looking to utilize an IM solution for about 3 users right now. Might expand to about 10 users - so please, no over the top large enterprise recommendations. Requirements: Security Trail/Logging Can work over WAN I can provide a backend server if needed. A virtual appliance would be even better. Any quick pointers are appreciated in conjunction with the research I will be doing. TIA, Sam ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Replacement for Windows 7 Offline files?
Please state the nature of your medical emergency... What you do mean you have to click too much?!? *ASB *(My XeeSM Profile) http://XeeSM.com/AndrewBaker *Exploiting Technology for Business Advantage...* * * On Fri, Oct 8, 2010 at 1:52 PM, Craig Gauss cra...@sound-solutions.bizwrote: I set up a laptop with Windows 7 and Offline Files yesterday. The Offline Files is terrible in Windows 7. You have to click too much for the normal user. Does anyone know of any decent replacements for Offline files? Looking for something Open Source. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Multiple net segments on W2k8r2
Leave the gateway entry empty, clear the box on register with DNS and on the WINs tab uncheck the box for LMHOST lookup. In the advanced networking make sure the binding order has this NIC second. (Note in Windows 2008 you may have to enable menu's to see the menu.) Also consider renaming the NIC to something easily identifiable as not Primary Steven Peck http://www.blkmtn.org On Fri, Oct 8, 2010 at 10:09 AM, Joseph L. Casale jcas...@activenetwerx.com wrote: Sì signore, It will only have TCP Port 3260, pings actually are disabled anyway on the SAN… I guess I can uncheck the “Client for Microsoft Networks”, “QoS Packet Scheduler” and the “File and Printer Sharing for Microsoft Networks”. jlc *From:* Andrew S. Baker [mailto:asbz...@gmail.com] *Sent:* Friday, October 08, 2010 11:01 AM *To:* NT System Admin Issues *Subject:* Re: Multiple net segments on W2k8r2 You don't need to have Microsoft File Sharing on this NIC at all, right? *ASB * * * On Fri, Oct 8, 2010 at 12:38 PM, Joseph L. Casale jcas...@activenetwerx.com wrote: I have some configuration changes I am planning for and this involves adding a NIC to a W2k8r2 box that’s untagged into a Storage vlan on a different segment. So long as that interface is not set to register itself in DNS (it will never be addressed by this ip) is there anything else I need/should do? The client side segment these servers are on is the only addressable segment they would ever be used by. Thanks! jlc ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Setting SPN's on Clustered SQL (2005)
I have had this problem before. I don't remember a lot firsthand, but I do have my notes about it. Copied/pasted below. When multiple computers are traversed for integrated authentication (e.g. computer connects to web server which connects to SQL server), there are certain requirements for Kerberos to work properly. One of the key things needed in this scenario is for the Service Principal Name (SPN) to be properly set on the service account in Active Directory. This normally happens transparently, but some extra configuration may be required with clustered servers. If authentication fails in a scenario like this, one of the first things to check is the SPN. Basic troubleshooting steps follow. NOTE: The SetSPN utility is required and must be installed on the local computer (not server). 1.Confirm the port on which SQL Server is listening. When a single instance is installed, this should be 1433. When multiple instances are installed, such as with a cluster, you will need to check. 1.1.On the SQL Server in question, open SQL Server Configuration Manager. 1.2.Expand SQL Server 2005 Network Configuration. 1.3.There should be a Protocols for... entry for each named instance. Select the appropriate named instance. 1.4.In the right column, open TCP/IP. 1.5.Choose the IP Addresses tab in the resulting window. 1.6.Scroll down to the bottom, finding the section with the header IPAll. Record the value of TCP Dynamic Ports. 1.7.Close all windows. 2.From the workstation with SetSPN installed, run the following command, where serviceaccountname represents the service account running the SQL Server service instance: setspn -L serviceaccountname 3.Look for an entry for the server/instance name in question and note the port indicated (at the end of the line). If an entry exists and the port matches, this is not the problem. NOTE: Technical documents from Microsoft indicate that clustered instances should have an entry without a port and one with. I have not been able to confirm that the record without a port number is absolutely necessary, but add it when it doesn't exist and there is a problem. 4.If the entry doesn't exist, add it with the following command (where serviceaccountname is the service name, clustername is the cluster name, and is the port number recorded earlier): setspn -A MSSQLSvc/clustername.mydomain.local: serviceaccountname 5.Per Microsoft's recommendation, you can also add an entry without the port number: setspn -A MSSQLSvc/clustername.mydomain.local serviceaccountname 6.Do another list to confirm the entries were properly added. 7.Synchronize the domain to replicate the changes and try again. -Original Message- From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Friday, October 08, 2010 1:34 PM To: NT System Admin Issues Subject: Setting SPN's on Clustered SQL (2005) Has anyone had to manually add a SPN to a multi-node cluster SQL 2005 box before? I used the spn_query.vbs script from Microsoft to look at each of the nodes of the cluster and the Cluster Name and the SQL Server name ( Still default instance) Used the best practices that doesn't have the SQL Service accounts for SQLServer,Agent and Full Text Search as a normal user during the installation which leads me to believe that the SPN's didn't get written because when I look at the properties of the service account they don't have permissions to read or write SPN. And I get this error when troubleshooting Shavlik 7.60 with Domain Accounts from multiple consoles... SPI handshake failed with error code 0x8009030c while establishing a connection with integrated security; the connection has been closed. [CLIENT: IP_Address_of_client. Has anyone had to do this before for their clusters? Been looking at Microsoft KB 811889 which talks about the Cannot Generate SSPI Context error message. http://support.microsoft.com/kb/811889 Any ideas on this one? Z Edward E. Ziots CISSP, Network +, Security + Network Engineer Lifespan Organization Email:ezi...@lifespan.org Cell:401-639-3505 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Replacement for Windows 7 Offline files?
Sound Solutions, Inc. 8400 Highland Dr. Wausau, WI 54401 Tel: 715-842-7665 Fax: 715-842-7620 From what I experienced you had to go into sync center, then offline files, then through the folder hierarchy to finally get to the files. Unlike XP where it was directly in the folder on the desktop. Maybe I missed something? From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Friday, October 08, 2010 12:51 PM To: NT System Admin Issues Subject: Re: Replacement for Windows 7 Offline files? Please state the nature of your medical emergency... What you do mean you have to click too much?!? ASB (My XeeSM Profile) http://XeeSM.com/AndrewBaker Exploiting Technology for Business Advantage... On Fri, Oct 8, 2010 at 1:52 PM, Craig Gauss cra...@sound-solutions.biz wrote: I set up a laptop with Windows 7 and Offline Files yesterday. The Offline Files is terrible in Windows 7. You have to click too much for the normal user. Does anyone know of any decent replacements for Offline files? Looking for something Open Source. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin -- This message has been scanned for viruses and dangerous content by Sound Solutions' Avalon Spam Wizard http://www.sound-solutions.biz/ , and is believed to be clean. -- Sound Solutions, Inc. - Since 1995 We Appreciate Your Business and Referrals This message (and any associated files) is intended only for the use of the individual or entity to which it is addressed and may contain information that is confidential, subject to copyright or constitutes a trade secret. If you are not the intended recipient you are hereby notified that any dissemination, copying or distribution of this message, or files associated with this message, is strictly prohibited. If you have received this message in error, please notify us immediately by replying to the message and deleting it from your computer. Messages sent to and from us may be monitored. Internet communications cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. Therefore, we do not accept responsibility for any errors or omissions that are present in this message, or any attachment, that have arisen as a result of e-mail transmission. If verification is required, please request a hard-copy version. Any views or opinions presented are solely those of the author and do not necessarily represent those of the company. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadminimage/gif
Re: OT Friday Not Funny
Just frustrated. Small consulting company, disengaged/distracted owner. The one person around here that I don't really do his job for him just quit...so now I'm figuring out how to do his job too. Sorry for the venting, guys. Candee wrote: Oh no. What's up? On Fri, Oct 8, 2010 at 11:19 AM, Bill Humphries nt...@hedgedigger.com mailto:nt...@hedgedigger.com wrote: I think I'm the violin player on the deck of the Titanic. You have good intentions, but it is going to end badly for you. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com mailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com mailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: OT chicago ISP
Thanks for the info, Cameron. Cameron Cooper wrote: We used to have McCleod and switched over to Cimco. They were great to work with what we already had in place and were very helpful with any issues. Very little down time. _ Cameron Cooper Network Administrator | CompTIA A+ Certified Aurico Reports, Inc Phone: 847-890-4021 | Fax: 847-255-1896 ccoo...@aurico.com | www.aurico.com -Original Message- From: Bill Humphries [mailto:nt...@hedgedigger.com] Sent: Friday, September 24, 2010 4:04 PM To: NT System Admin Issues Subject: OT chicago ISP Hey guys, We have a client with a remote office in Chicago. They have outgrown their 2 bonded T1 connection provided by Cbeyond.. What product/provider do you like in that area? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Setting SPN's on Clustered SQL (2005)
Bill thanks for the offline comments, we are going to try and move it off a SQL cluster for this time, if that doesn't help stuff then well go the SPN route, which I believe its going to have to happen anyways to fix the clusters accordingly, Unless I temporarly make the accounts DA, recycle the servers and see if the SPN creates ( I don't think it will but its an idea to get around fiddingly with asdiedit or the setspn) Z Edward E. Ziots CISSP, Network +, Security + Network Engineer Lifespan Organization Email:ezi...@lifespan.org Cell:401-639-3505 -Original Message- From: Mayo, Bill [mailto:bem...@pittcountync.gov] Sent: Friday, October 08, 2010 1:53 PM To: NT System Admin Issues Subject: RE: Setting SPN's on Clustered SQL (2005) I have had this problem before. I don't remember a lot firsthand, but I do have my notes about it. Copied/pasted below. When multiple computers are traversed for integrated authentication (e.g. computer connects to web server which connects to SQL server), there are certain requirements for Kerberos to work properly. One of the key things needed in this scenario is for the Service Principal Name (SPN) to be properly set on the service account in Active Directory. This normally happens transparently, but some extra configuration may be required with clustered servers. If authentication fails in a scenario like this, one of the first things to check is the SPN. Basic troubleshooting steps follow. NOTE: The SetSPN utility is required and must be installed on the local computer (not server). 1.Confirm the port on which SQL Server is listening. When a single instance is installed, this should be 1433. When multiple instances are installed, such as with a cluster, you will need to check. 1.1.On the SQL Server in question, open SQL Server Configuration Manager. 1.2.Expand SQL Server 2005 Network Configuration. 1.3.There should be a Protocols for... entry for each named instance. Select the appropriate named instance. 1.4.In the right column, open TCP/IP. 1.5.Choose the IP Addresses tab in the resulting window. 1.6.Scroll down to the bottom, finding the section with the header IPAll. Record the value of TCP Dynamic Ports. 1.7.Close all windows. 2.From the workstation with SetSPN installed, run the following command, where serviceaccountname represents the service account running the SQL Server service instance: setspn -L serviceaccountname 3.Look for an entry for the server/instance name in question and note the port indicated (at the end of the line). If an entry exists and the port matches, this is not the problem. NOTE: Technical documents from Microsoft indicate that clustered instances should have an entry without a port and one with. I have not been able to confirm that the record without a port number is absolutely necessary, but add it when it doesn't exist and there is a problem. 4.If the entry doesn't exist, add it with the following command (where serviceaccountname is the service name, clustername is the cluster name, and is the port number recorded earlier): setspn -A MSSQLSvc/clustername.mydomain.local: serviceaccountname 5.Per Microsoft's recommendation, you can also add an entry without the port number: setspn -A MSSQLSvc/clustername.mydomain.local serviceaccountname 6.Do another list to confirm the entries were properly added. 7.Synchronize the domain to replicate the changes and try again. -Original Message- From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Friday, October 08, 2010 1:34 PM To: NT System Admin Issues Subject: Setting SPN's on Clustered SQL (2005) Has anyone had to manually add a SPN to a multi-node cluster SQL 2005 box before? I used the spn_query.vbs script from Microsoft to look at each of the nodes of the cluster and the Cluster Name and the SQL Server name ( Still default instance) Used the best practices that doesn't have the SQL Service accounts for SQLServer,Agent and Full Text Search as a normal user during the installation which leads me to believe that the SPN's didn't get written because when I look at the properties of the service account they don't have permissions to read or write SPN. And I get this error when troubleshooting Shavlik 7.60 with Domain Accounts from multiple consoles... SPI handshake failed with error code 0x8009030c while establishing a connection with integrated security; the connection has been closed. [CLIENT: IP_Address_of_client. Has anyone had to do this before for their clusters? Been looking at Microsoft KB 811889 which talks about the Cannot Generate SSPI Context error message. http://support.microsoft.com/kb/811889 Any ideas on this one? Z Edward E. Ziots CISSP, Network +, Security + Network Engineer Lifespan Organization Email:ezi...@lifespan.org Cell:401-639-3505 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here:
RE: Replacement for Windows 7 Offline files?
I haven’t seen, used or set it up yet, but I know Synch Toy has started being used on a handful of workstation machines here. No complaints heard, only that it works “better” than offline files. Don Guyer Systems Engineer - Information Services Prudential, Fox Roach/Trident Group 431 W. Lancaster Avenue Devon, PA 19333 Direct: (610) 993-3299 Fax: (610) 650-5306 don.gu...@prufoxroach.com mailto:don.gu...@prufoxroach.com From: Craig Gauss [mailto:cra...@sound-solutions.biz] Sent: Friday, October 08, 2010 1:52 PM To: NT System Admin Issues Subject: Replacement for Windows 7 Offline files? Sound Solutions, Inc. 8400 Highland Dr. Wausau, WI 54401 Tel: 715-842-7665 Fax: 715-842-7620 I set up a laptop with Windows 7 and Offline Files yesterday. The Offline Files is terrible in Windows 7. You have to click too much for the normal user. Does anyone know of any decent replacements for Offline files? Looking for something Open Source. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin -- This message has been scanned for viruses and dangerous content by Sound Solutions' Avalon Spam Wizard http://www.sound-solutions.biz/ , and is believed to be clean. Sound Solutions, Inc. - Since 1995 We Appreciate Your Business and Referrals This message (and any associated files) is intended only for the use of the individual or entity to which it is addressed and may contain information that is confidential, subject to copyright or constitutes a trade secret. If you are not the intended recipient you are hereby notified that any dissemination, copying or distribution of this message, or files associated with this message, is strictly prohibited. If you have received this message in error, please notify us immediately by replying to the message and deleting it from your computer. Messages sent to and from us may be monitored. Internet communications cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. Therefore, we do not accept responsibility for any errors or omissions that are present in this message, or any attachment, that have arisen as a result of e-mail transmission. If verification is required, please request a hard-copy version. Any views or opinions presented are solely those of the author and do not necessarily represent those of the company. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin image001.gif
RE: Setting SPN's on Clustered SQL (2005)
No problem, Edward, although I honestly am not sure how I managed to reply offline. D'oh! -Original Message- From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Friday, October 08, 2010 2:25 PM To: NT System Admin Issues Subject: RE: Setting SPN's on Clustered SQL (2005) Bill thanks for the offline comments, we are going to try and move it off a SQL cluster for this time, if that doesn't help stuff then well go the SPN route, which I believe its going to have to happen anyways to fix the clusters accordingly, Unless I temporarly make the accounts DA, recycle the servers and see if the SPN creates ( I don't think it will but its an idea to get around fiddingly with asdiedit or the setspn) Z Edward E. Ziots CISSP, Network +, Security + Network Engineer Lifespan Organization Email:ezi...@lifespan.org Cell:401-639-3505 -Original Message- From: Mayo, Bill [mailto:bem...@pittcountync.gov] Sent: Friday, October 08, 2010 1:53 PM To: NT System Admin Issues Subject: RE: Setting SPN's on Clustered SQL (2005) I have had this problem before. I don't remember a lot firsthand, but I do have my notes about it. Copied/pasted below. When multiple computers are traversed for integrated authentication (e.g. computer connects to web server which connects to SQL server), there are certain requirements for Kerberos to work properly. One of the key things needed in this scenario is for the Service Principal Name (SPN) to be properly set on the service account in Active Directory. This normally happens transparently, but some extra configuration may be required with clustered servers. If authentication fails in a scenario like this, one of the first things to check is the SPN. Basic troubleshooting steps follow. NOTE: The SetSPN utility is required and must be installed on the local computer (not server). 1.Confirm the port on which SQL Server is listening. When a single instance is installed, this should be 1433. When multiple instances are installed, such as with a cluster, you will need to check. 1.1.On the SQL Server in question, open SQL Server Configuration Manager. 1.2.Expand SQL Server 2005 Network Configuration. 1.3.There should be a Protocols for... entry for each named instance. Select the appropriate named instance. 1.4.In the right column, open TCP/IP. 1.5.Choose the IP Addresses tab in the resulting window. 1.6.Scroll down to the bottom, finding the section with the header IPAll. Record the value of TCP Dynamic Ports. 1.7.Close all windows. 2.From the workstation with SetSPN installed, run the following command, where serviceaccountname represents the service account running the SQL Server service instance: setspn -L serviceaccountname 3.Look for an entry for the server/instance name in question and note the port indicated (at the end of the line). If an entry exists and the port matches, this is not the problem. NOTE: Technical documents from Microsoft indicate that clustered instances should have an entry without a port and one with. I have not been able to confirm that the record without a port number is absolutely necessary, but add it when it doesn't exist and there is a problem. 4.If the entry doesn't exist, add it with the following command (where serviceaccountname is the service name, clustername is the cluster name, and is the port number recorded earlier): setspn -A MSSQLSvc/clustername.mydomain.local: serviceaccountname 5.Per Microsoft's recommendation, you can also add an entry without the port number: setspn -A MSSQLSvc/clustername.mydomain.local serviceaccountname 6.Do another list to confirm the entries were properly added. 7.Synchronize the domain to replicate the changes and try again. -Original Message- From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Friday, October 08, 2010 1:34 PM To: NT System Admin Issues Subject: Setting SPN's on Clustered SQL (2005) Has anyone had to manually add a SPN to a multi-node cluster SQL 2005 box before? I used the spn_query.vbs script from Microsoft to look at each of the nodes of the cluster and the Cluster Name and the SQL Server name ( Still default instance) Used the best practices that doesn't have the SQL Service accounts for SQLServer,Agent and Full Text Search as a normal user during the installation which leads me to believe that the SPN's didn't get written because when I look at the properties of the service account they don't have permissions to read or write SPN. And I get this error when troubleshooting Shavlik 7.60 with Domain Accounts from multiple consoles... SPI handshake failed with error code 0x8009030c while establishing a connection with integrated security; the connection has been closed. [CLIENT: IP_Address_of_client. Has anyone had to do this before for their clusters? Been looking at Microsoft KB 811889 which talks about the Cannot Generate SSPI Context error message. http://support.microsoft.com/kb/811889 Any ideas on this one? Z Edward E. Ziots
Re: OT Friday Not Funny
Sorry to hear that. Hope they at least compensate you with his pay. :) But that would be wishful thinking. If you need anything, let us know. On Fri, Oct 8, 2010 at 2:21 PM, Bill Humphries nt...@hedgedigger.comwrote: Just frustrated. Small consulting company, disengaged/distracted owner. The one person around here that I don't really do his job for him just quit...so now I'm figuring out how to do his job too. Sorry for the venting, guys. Candee wrote: Oh no. What's up? On Fri, Oct 8, 2010 at 11:19 AM, Bill Humphries nt...@hedgedigger.commailto: nt...@hedgedigger.com wrote: I think I'm the violin player on the deck of the Titanic. You have good intentions, but it is going to end badly for you. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com mailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com mailto: listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
3rd Defrag Utilities
Good morning/afternoon! I wanted to get some feedback from you all regarding the use of 3rd party Defrag utilities. We've used Diskkeeper for as long as I can remember (from NT4, Win2000, etc.) We're all Windows 2003 with a few Windows 2008 servers in production and more on the way. One of my fellow analysts is working on upgrading Diskkeeper to the latest version and I threw out the question of whether we even need it, or more importantly, why do we install it on every single server? I can see the benefit on large file repositories that would be subject to fragmentation, but it's part of our standard build process so EVERY server has it installed (SQL, App, IIS, etc.). We do use the scheduling features so defragmentation only occurs during off-hours, but I still can't help but think it's a resource hog regardless of when defragmentation is running. Not to mention we've seen countless occurrences where the defragementation policies weren't applied correctly so the process would execute at any time. Anyway, we have several hundred servers so if anything we could be looking at signficant cost savings if we were a little more analytical in our approach. What servers would you recommend a 3rd party defrag utility be installed on? - Sean ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Replacement for Windows 7 Offline files?
I haven't had to do that. The offline files are right where I have expected them to be if the drive was previously mapped. Also available if you use UNC mapping to the location. *ASB* * * On Fri, Oct 8, 2010 at 2:03 PM, Craig Gauss cra...@sound-solutions.bizwrote: From what I experienced you had to go into sync center, then offline files, then through the folder hierarchy to finally get to the files. Unlike XP where it was directly in the folder on the desktop. Maybe I missed something? -- *From:* Andrew S. Baker [mailto:asbz...@gmail.com] *Sent:* Friday, October 08, 2010 12:51 PM *To:* NT System Admin Issues *Subject:* Re: Replacement for Windows 7 Offline files? Please state the nature of your medical emergency... What you do mean you have to click too much?!? *ASB *(My XeeSM Profile) http://XeeSM.com/AndrewBaker *Exploiting Technology for Business Advantage...* * * On Fri, Oct 8, 2010 at 1:52 PM, Craig Gauss cra...@sound-solutions.biz wrote: I set up a laptop with Windows 7 and Offline Files yesterday. The Offline Files is terrible in Windows 7. You have to click too much for the normal user. Does anyone know of any decent replacements for Offline files? Looking for something Open Source. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Setting SPN's on Clustered SQL (2005)
DOh, Silly me... too fried these days... Z Edward E. Ziots CISSP, Network +, Security + Network Engineer Lifespan Organization Email:ezi...@lifespan.org Cell:401-639-3505 -Original Message- From: Mayo, Bill [mailto:bem...@pittcountync.gov] Sent: Friday, October 08, 2010 2:28 PM To: NT System Admin Issues Subject: RE: Setting SPN's on Clustered SQL (2005) No problem, Edward, although I honestly am not sure how I managed to reply offline. D'oh! -Original Message- From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Friday, October 08, 2010 2:25 PM To: NT System Admin Issues Subject: RE: Setting SPN's on Clustered SQL (2005) Bill thanks for the offline comments, we are going to try and move it off a SQL cluster for this time, if that doesn't help stuff then well go the SPN route, which I believe its going to have to happen anyways to fix the clusters accordingly, Unless I temporarly make the accounts DA, recycle the servers and see if the SPN creates ( I don't think it will but its an idea to get around fiddingly with asdiedit or the setspn) Z Edward E. Ziots CISSP, Network +, Security + Network Engineer Lifespan Organization Email:ezi...@lifespan.org Cell:401-639-3505 -Original Message- From: Mayo, Bill [mailto:bem...@pittcountync.gov] Sent: Friday, October 08, 2010 1:53 PM To: NT System Admin Issues Subject: RE: Setting SPN's on Clustered SQL (2005) I have had this problem before. I don't remember a lot firsthand, but I do have my notes about it. Copied/pasted below. When multiple computers are traversed for integrated authentication (e.g. computer connects to web server which connects to SQL server), there are certain requirements for Kerberos to work properly. One of the key things needed in this scenario is for the Service Principal Name (SPN) to be properly set on the service account in Active Directory. This normally happens transparently, but some extra configuration may be required with clustered servers. If authentication fails in a scenario like this, one of the first things to check is the SPN. Basic troubleshooting steps follow. NOTE: The SetSPN utility is required and must be installed on the local computer (not server). 1.Confirm the port on which SQL Server is listening. When a single instance is installed, this should be 1433. When multiple instances are installed, such as with a cluster, you will need to check. 1.1.On the SQL Server in question, open SQL Server Configuration Manager. 1.2.Expand SQL Server 2005 Network Configuration. 1.3.There should be a Protocols for... entry for each named instance. Select the appropriate named instance. 1.4.In the right column, open TCP/IP. 1.5.Choose the IP Addresses tab in the resulting window. 1.6.Scroll down to the bottom, finding the section with the header IPAll. Record the value of TCP Dynamic Ports. 1.7.Close all windows. 2.From the workstation with SetSPN installed, run the following command, where serviceaccountname represents the service account running the SQL Server service instance: setspn -L serviceaccountname 3.Look for an entry for the server/instance name in question and note the port indicated (at the end of the line). If an entry exists and the port matches, this is not the problem. NOTE: Technical documents from Microsoft indicate that clustered instances should have an entry without a port and one with. I have not been able to confirm that the record without a port number is absolutely necessary, but add it when it doesn't exist and there is a problem. 4.If the entry doesn't exist, add it with the following command (where serviceaccountname is the service name, clustername is the cluster name, and is the port number recorded earlier): setspn -A MSSQLSvc/clustername.mydomain.local: serviceaccountname 5.Per Microsoft's recommendation, you can also add an entry without the port number: setspn -A MSSQLSvc/clustername.mydomain.local serviceaccountname 6.Do another list to confirm the entries were properly added. 7.Synchronize the domain to replicate the changes and try again. -Original Message- From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Friday, October 08, 2010 1:34 PM To: NT System Admin Issues Subject: Setting SPN's on Clustered SQL (2005) Has anyone had to manually add a SPN to a multi-node cluster SQL 2005 box before? I used the spn_query.vbs script from Microsoft to look at each of the nodes of the cluster and the Cluster Name and the SQL Server name ( Still default instance) Used the best practices that doesn't have the SQL Service accounts for SQLServer,Agent and Full Text Search as a normal user during the installation which leads me to believe that the SPN's didn't get written because when I look at the properties of the service account they don't have permissions to read or write SPN. And I get this error when troubleshooting Shavlik 7.60 with Domain Accounts from multiple consoles... SPI handshake failed with error code
RE: Setting SPN's on Clustered SQL (2005)
Yeah and the 64bit SQL box didn't work, go figures... back to the hell next week. Z Edward E. Ziots CISSP, Network +, Security + Network Engineer Lifespan Organization Email:ezi...@lifespan.org Cell:401-639-3505 -Original Message- From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Friday, October 08, 2010 2:25 PM To: NT System Admin Issues Subject: RE: Setting SPN's on Clustered SQL (2005) Bill thanks for the offline comments, we are going to try and move it off a SQL cluster for this time, if that doesn't help stuff then well go the SPN route, which I believe its going to have to happen anyways to fix the clusters accordingly, Unless I temporarly make the accounts DA, recycle the servers and see if the SPN creates ( I don't think it will but its an idea to get around fiddingly with asdiedit or the setspn) Z Edward E. Ziots CISSP, Network +, Security + Network Engineer Lifespan Organization Email:ezi...@lifespan.org Cell:401-639-3505 -Original Message- From: Mayo, Bill [mailto:bem...@pittcountync.gov] Sent: Friday, October 08, 2010 1:53 PM To: NT System Admin Issues Subject: RE: Setting SPN's on Clustered SQL (2005) I have had this problem before. I don't remember a lot firsthand, but I do have my notes about it. Copied/pasted below. When multiple computers are traversed for integrated authentication (e.g. computer connects to web server which connects to SQL server), there are certain requirements for Kerberos to work properly. One of the key things needed in this scenario is for the Service Principal Name (SPN) to be properly set on the service account in Active Directory. This normally happens transparently, but some extra configuration may be required with clustered servers. If authentication fails in a scenario like this, one of the first things to check is the SPN. Basic troubleshooting steps follow. NOTE: The SetSPN utility is required and must be installed on the local computer (not server). 1.Confirm the port on which SQL Server is listening. When a single instance is installed, this should be 1433. When multiple instances are installed, such as with a cluster, you will need to check. 1.1.On the SQL Server in question, open SQL Server Configuration Manager. 1.2.Expand SQL Server 2005 Network Configuration. 1.3.There should be a Protocols for... entry for each named instance. Select the appropriate named instance. 1.4.In the right column, open TCP/IP. 1.5.Choose the IP Addresses tab in the resulting window. 1.6.Scroll down to the bottom, finding the section with the header IPAll. Record the value of TCP Dynamic Ports. 1.7.Close all windows. 2.From the workstation with SetSPN installed, run the following command, where serviceaccountname represents the service account running the SQL Server service instance: setspn -L serviceaccountname 3.Look for an entry for the server/instance name in question and note the port indicated (at the end of the line). If an entry exists and the port matches, this is not the problem. NOTE: Technical documents from Microsoft indicate that clustered instances should have an entry without a port and one with. I have not been able to confirm that the record without a port number is absolutely necessary, but add it when it doesn't exist and there is a problem. 4.If the entry doesn't exist, add it with the following command (where serviceaccountname is the service name, clustername is the cluster name, and is the port number recorded earlier): setspn -A MSSQLSvc/clustername.mydomain.local: serviceaccountname 5.Per Microsoft's recommendation, you can also add an entry without the port number: setspn -A MSSQLSvc/clustername.mydomain.local serviceaccountname 6.Do another list to confirm the entries were properly added. 7.Synchronize the domain to replicate the changes and try again. -Original Message- From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Friday, October 08, 2010 1:34 PM To: NT System Admin Issues Subject: Setting SPN's on Clustered SQL (2005) Has anyone had to manually add a SPN to a multi-node cluster SQL 2005 box before? I used the spn_query.vbs script from Microsoft to look at each of the nodes of the cluster and the Cluster Name and the SQL Server name ( Still default instance) Used the best practices that doesn't have the SQL Service accounts for SQLServer,Agent and Full Text Search as a normal user during the installation which leads me to believe that the SPN's didn't get written because when I look at the properties of the service account they don't have permissions to read or write SPN. And I get this error when troubleshooting Shavlik 7.60 with Domain Accounts from multiple consoles... SPI handshake failed with error code 0x8009030c while establishing a connection with integrated security; the connection has been closed. [CLIENT: IP_Address_of_client. Has anyone had to do this before for their clusters? Been looking at Microsoft KB 811889 which talks about the Cannot
Re: HP PODs
No - we defeated the aliens and chased them off the planet... On Fri, Oct 8, 2010 at 07:51, Pete Howard pchow...@yahoo.com wrote: Crickets.. No POD people here ? -- *From:* pchow...@yahoo.com pchow...@yahoo.com *To:* NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com *Sent:* Thu, October 7, 2010 2:54:57 PM *Subject:* HP PODs Anyone have good or bad reviews on the HP POD or other containerised DC? Sent from my Verizon Wireless BlackBerry ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: OT Friday Not Funny
On Fri, Oct 8, 2010 at 2:21 PM, Bill Humphries nt...@hedgedigger.com wrote: Small consulting company, disengaged/distracted owner. The one person around here that I don't really do his job for him ... Sounds like my last job. That's why I quit. After 5 years, I realized it wasn't going to improve. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Replacement for Windows 7 Offline files?
We use folder redirection for users' desktops and My Documents folders, and offline files so that they'll still have access to their stuff if they lose connection to the network. Can't say I've seen any clicking necessary, except in cases of file version conflicts. John Hornbuckle MIS Department Taylor County School District www.taylor.k12.fl.us On Fri, Oct 8, 2010 at 2:03 PM, Craig Gauss cra...@sound-solutions.bizmailto:cra...@sound-solutions.biz wrote: From what I experienced you had to go into sync center, then offline files, then through the folder hierarchy to finally get to the files. Unlike XP where it was directly in the folder on the desktop. Maybe I missed something? From: Andrew S. Baker [mailto:asbz...@gmail.commailto:asbz...@gmail.com] Sent: Friday, October 08, 2010 12:51 PM To: NT System Admin Issues Subject: Re: Replacement for Windows 7 Offline files? Please state the nature of your medical emergency... What you do mean you have to click too much?!? ASB (My XeeSM Profile)http://XeeSM.com/AndrewBaker Exploiting Technology for Business Advantage... On Fri, Oct 8, 2010 at 1:52 PM, Craig Gauss cra...@sound-solutions.bizmailto:cra...@sound-solutions.biz wrote: I set up a laptop with Windows 7 and Offline Files yesterday. The Offline Files is terrible in Windows 7. You have to click too much for the normal user. Does anyone know of any decent replacements for Offline files? Looking for something Open Source. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin NOTICE: Florida has a broad public records law. Most written communications to or from this entity are public records that will be disclosed to the public and the media upon request. E-mail communications may be subject to public disclosure. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Interesting run-down on Stuxnet from F-Secure
On Thu, Oct 7, 2010 at 2:41 PM, Carl Houseman c.house...@gmail.com wrote: The avenue closes as the percentage of XP machines ... how long for that? I'm guessing XP is less than 50% of Windows users before April 2014, and if not by then, real soon afterwards. People running as admin when they shouldn't doesn't go away with UAC. These users are already clicking Yes to download/install this stuff. They'll continue to click Allow under Vista/Win 7. I've seen it happen. It's harder to do by accident, but no number of dialog boxes will ever stop a click-happy user. And many (if not most) users are click-happy. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Procurve Routing Issue
I have a 2824 with two vlans, 100 for prod and 103 for ip san. It's not currently in routed mode, but I want assign ips to the two vlans and set it up in routed mode so the switch can route traffic between servers and the san vlan for bandwidth reasons. My issue is the lack of acl's, any client on a downstream switch in vlan 100 could see vlan 103 if they create a route to the vlan 100 ip. So, my only course of action is leave it in non-routed mode and tag a nic into the san vlan as I was going to do (waste of hardware and ports that I don't have lots of) or come up with something more creative. The HP routes by best match starting with connected routes, so I presume even if I setup a manual route for only the servers of choice to the ip san, the fact vlan 100 is connected as by default when its created sorta makes that useless? Obviously I am sure there is a way around this, anyone know what to do here? Thanks! jlc ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Interesting run-down on Stuxnet from F-Secure
On Thu, Oct 7, 2010 at 8:08 PM, Andrew S. Baker asbz...@gmail.com wrote: And I would say that we are were we are because as consumers and corporate customers, we don't push for things to be different. Not that technology companies don't have their own responsibility to do the right thing, but they'll always favor features over security is *we* favor features over security. What really sucks is that for those of us who actually care about security, we're told that everything is fine, nothing is broken, nobody else is worried about this, you want to much, ha ha cute little user, etc., etc., etc. :-( -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Interesting run-down on Stuxnet from F-Secure
Yep, its defintely like that, until they get royally 0wned, then its Chicken Little the Sky is falling, and by then its too late you are the next poster boy for newspapers, and the fallout. So really who wants to be the next TJX/Hannaford Foods/ etc etc, sorry I will pass. I don't care if I die trying :) Z Edward E. Ziots CISSP, Network +, Security + Network Engineer Lifespan Organization Email:ezi...@lifespan.org Cell:401-639-3505 -Original Message- From: Ben Scott [mailto:mailvor...@gmail.com] Sent: Friday, October 08, 2010 4:03 PM To: NT System Admin Issues Subject: Re: Interesting run-down on Stuxnet from F-Secure On Thu, Oct 7, 2010 at 8:08 PM, Andrew S. Baker asbz...@gmail.com wrote: And I would say that we are were we are because as consumers and corporate customers, we don't push for things to be different. Not that technology companies don't have their own responsibility to do the right thing, but they'll always favor features over security is *we* favor features over security. What really sucks is that for those of us who actually care about security, we're told that everything is fine, nothing is broken, nobody else is worried about this, you want to much, ha ha cute little user, etc., etc., etc. :-( -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Need System/Application Security Advice
On Thu, Oct 7, 2010 at 4:13 PM, Brian Desmond br...@briandesmond.com wrote: Personally I think you’re making a mountain out of a mole hill. Like I said this is really a common design. Without knowing more (and we on this list don't really know the details from that post), I think the OP *may* have a point. Least privilege should be applied everywhere, not just to end-user accounts. So if you've got two separate things (ProductA and ProductB in this example), and they don't need *all* the same data to do their job, then they should not both have access to *all* the data. The fact that it's a very common design doesn't mean it's not a bad idea. Everyone runs as local admin was a very common design (possibly still is) and that was known to be a very bad idea from day one. As was noted in a contemporary thread, we have the responsibility to ask for security as much as publishers have the responsibility to provide it. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Interesting run-down on Stuxnet from F-Secure
+9000 -- From: Ben Scott mailvor...@gmail.com Sent: Friday, October 08, 2010 1:02 PM To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Subject: Re: Interesting run-down on Stuxnet from F-Secure On Thu, Oct 7, 2010 at 8:08 PM, Andrew S. Baker asbz...@gmail.com wrote: And I would say that we are were we are because as consumers and corporate customers, we don't push for things to be different. Not that technology companies don't have their own responsibility to do the right thing, but they'll always favor features over security is *we* favor features over security. What really sucks is that for those of us who actually care about security, we're told that everything is fine, nothing is broken, nobody else is worried about this, you want to much, ha ha cute little user, etc., etc., etc. :-( -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Procurve Routing Issue
On Fri, Oct 8, 2010 at 4:02 PM, Joseph L. Casale jcas...@activenetwerx.com wrote: I have a 2824 with two vlans, 100 for prod and 103 for ip san. It’s not currently in routed mode, but I want assign ips to the two vlans and set it up in routed mode so the switch can route traffic between servers and the san vlan for bandwidth reasons. I would not use the 2824 as a router for anything serious, and bandwidth reasons makes it sound serious. The 2800 series is intended as a layer two switch. It's an excellent layer two switch. Routing, not so much. IMO, the layer three features of that switch are mainly intended for management purposes, not for production payload traffic. ... anyone know what to do here? Use something else as the router. HP makes layer-3-and-higher switches, but the 2800 series isn't one of them. If you want to keep your existing 2800, use an external device as a router. If you're short on ports and don't need a *ton* of bandwith but do need high packets-per-second, you could put multiple VLANs tagged on a single switch port, and then put a router-on-a-stick on that port. (Router-on-a-stick = router with only a single physical connection, using VLANs.) -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Procurve Routing Issue
I would not use the 2824 as a router for anything serious, and bandwidth reasons makes it sound serious. Do you know what it takes to route even at gig speeds? It doesn't need to be serious at all to desire to route faster than most routers:) Its iSCSI traffic, letting even a 2824 pass it around is better than most options. Use something else as the router. HP makes layer-3-and-higher switches, but the 2800 series isn't one of them. Heh, not an option:( I just re-confirmed with an HP guy, as the switch process connected routes first than best match, any downstream user in client vlan can route traffic and jump vlans (stupid imho to make the order process this way, when it could do static first so a null/reject could actually be of use). Bah, in Linux we use one physical interface and tag a virtual int into a vlan. So I use one port for example. I am not that savvy with Windows, but I sure have never seen a way to do this with Windows drivers:( I guess I could bridge but that's just getting messy... jlc ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Root cause of: RE: How'd this for a bad day? AKA bad me
So, the root cause: ESX 3.5 OS was installed onto SAN volume that contained my VM's. The install of that OS (effectively) removes pointers that VM's need when they boot up. Best practice is to disconnect the SAN links when installing this version of the OS so this doesn't happen. In fact our SE did this but apparently didn't disconnect one far enough. If we had left the VM's running we could have used a VM converter to move them to a different storage location. ESX 4.0 doesn't allow this activity. Our SE feels really about out the work he created for me - personally I'm just really happy he's a stand up guy and explained what happened. You do this stuff long enough and something like this eventually happens - it's called experience. Dave From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Friday, October 08, 2010 9:36 AM To: NT System Admin Issues Subject: Re: How'd this for a bad day? AKA bad me I've said it before, but I will say it again. In a highly virtualized, heavily consolidated world, we need more planning, more thinking and more time for effective execution. Cutting corners will become more and more painful, and will bite more and more organizations. Hopefully, enough near misses will teach enough entities to do the right thing. That's just my optimism speaking, however. It will be incumbent on each technology professional to advocate or fight for the right solutions, or have an excellent exit strategy planned out. :) ASB (My XeeSM Profile)http://XeeSM.com/AndrewBaker Exploiting Technology for Business Advantage... On Fri, Oct 8, 2010 at 11:27 AM, Raper, Jonathan - Eagle jra...@eaglemds.commailto:jra...@eaglemds.com wrote: +1 from here as well. A vCenter reboot should not require a host reboot. If it did, that would (IMHO) be a huge problem in the design and purpose behind VMware. Talk to VMware. If your maintenance is not current, get current. On a related note, YESTERDAY, one of our storage groups on our SAN ran out of space (fortunately I'm not in or over the group responsible for that anymore!), and thus took down a number of systems, all part of our core electronic medical record system, eClinicalWorks, all virtual... We were without that app for more than 6 hours, and are still dealing with database replication issues today as a result TGIF! Jonathan L. Raper, A+, MCSA, MCSE Technology Coordinator Eagle Physicians Associates, PA jra...@eaglemds.com www.eaglemds.com From: Jonathan Link [mailto:jonathan.l...@gmail.commailto:jonathan.l...@gmail.com] Sent: Friday, October 08, 2010 9:40 AM To: NT System Admin Issues Subject: Re: How'd this for a bad day? AKA bad me +1 I'm just getting caught up on emails this morning. vCenter reboot shouldn't necessitate a reboot of a host server. On Fri, Oct 8, 2010 at 9:34 AM, Jeff Bunting bunting.j...@gmail.commailto:bunting.j...@gmail.com wrote: Why do you need to power down VMs to reboot vCenter? vCenter might be the problem with the missing VMs. VMWare support might be able to help you with those. Jeff On Fri, Oct 8, 2010 at 5:51 AM, David Lum david@nwea.orgmailto:david@nwea.org wrote: I have 7 production systems running on 3 different ESX boxes in an ESX cluster, and 2 different logical SAN volumes (sorry am not SAN savvy, I just know I have two different SAN volumes to choose from when making a VM). Today, a SAN blows up and takes out half - our SharePoint server (heavily used), a Terminal Server , and an internal occasionally-used web server (Namescape rDirectory). Then somehow, when I was told to power down the other 4 VM's so our VMWare guy could reboot a vCenter server, 3 of the 4 remaining VM's decided to go AWOL (a combination of missing and disconnected). That took out my other two Terminal Servers and another lightly used internal web server. Did I mention I don't have the normal backups for these things because ...well...I'm an idiot and didn't confirm our backup guy installed backup software on these servers as I stood them up (process error on my part since I should confirm it's on there). None of these store data - they all talk to a backend SQL and the Terminal Servers are used to run apps that are slow if they run the same apps over VPN. SharePoint we got back quick because we do have a staging equivalent of it, so it was repoint to a config and content DB, DNS change, and done. I do have copious notes on how I built the others and can rebuild from scratch easily enough (I just finished the three TS boxes), but dude...six servers at once? The most frustrating part was discovering that the 4 systems that had been powered off could have been migrated before power off and there would have been no issue with them - the power down nuked 'em. Oh, and the lone surviving server - the PGP Universal Server that manages the encrypted machines. (Yes, the PGP machines will still boot w/out the server up, but still, I've been on
RE: Interesting run-down on Stuxnet from F-Secure
UAC prompting isn't the major benefit of UAC. The major benefit is that, for admins, programs that aren't admin-by-nature run without admin rights. If the admin user runs a malware executable that tries to write something to a protected file/registry area, it will fail (unless it also exploits a privilege escalation bug). Carl -Original Message- From: Ben Scott [mailto:mailvor...@gmail.com] Sent: Friday, October 08, 2010 3:59 PM To: NT System Admin Issues Subject: Re: Interesting run-down on Stuxnet from F-Secure On Thu, Oct 7, 2010 at 2:41 PM, Carl Houseman c.house...@gmail.com wrote: The avenue closes as the percentage of XP machines ... how long for that? I'm guessing XP is less than 50% of Windows users before April 2014, and if not by then, real soon afterwards. People running as admin when they shouldn't doesn't go away with UAC. These users are already clicking Yes to download/install this stuff. They'll continue to click Allow under Vista/Win 7. I've seen it happen. It's harder to do by accident, but no number of dialog boxes will ever stop a click-happy user. And many (if not most) users are click-happy. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Root cause of: RE: How'd this for a bad day? AKA bad me
Experience may not be the best teacher, but it is the most expensive one... On Fri, Oct 8, 2010 at 13:34, David Lum david@nwea.org wrote: So, the root cause: ESX 3.5 OS was installed onto SAN volume that contained my VM’s. The install of that OS (effectively) removes pointers that VM’s need when they boot up. Best practice is to disconnect the SAN links when installing this version of the OS so this doesn’t happen. In fact our SE did this but apparently didn’t disconnect one far enough. If we had left the VM’s running we could have used a VM converter to move them to a different storage location. ESX 4.0 doesn’t allow this activity. Our SE feels really about out the work he created for me – personally I’m just really happy he’s a stand up guy and explained what happened. You do this stuff long enough and something like this eventually happens – it’s called “experience”. Dave From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Friday, October 08, 2010 9:36 AM To: NT System Admin Issues Subject: Re: How'd this for a bad day? AKA bad me I've said it before, but I will say it again. In a highly virtualized, heavily consolidated world, we need more planning, more thinking and more time for effective execution. Cutting corners will become more and more painful, and will bite more and more organizations. Hopefully, enough near misses will teach enough entities to do the right thing. That's just my optimism speaking, however. It will be incumbent on each technology professional to advocate or fight for the right solutions, or have an excellent exit strategy planned out. :) ASB (My XeeSM Profile) Exploiting Technology for Business Advantage... On Fri, Oct 8, 2010 at 11:27 AM, Raper, Jonathan - Eagle jra...@eaglemds.com wrote: +1 from here as well. A vCenter reboot should not require a host reboot. If it did, that would (IMHO) be a huge problem in the design and purpose behind VMware. Talk to VMware. If your maintenance is not current, get current. On a related note, YESTERDAY, one of our storage groups on our SAN ran out of space (fortunately I’m not in or over the group responsible for that anymore!), and thus took down a number of systems, all part of our core electronic medical record system, eClinicalWorks, all virtual… We were without that app for more than 6 hours, and are still dealing with database replication issues today as a result…. TGIF! Jonathan L. Raper, A+, MCSA, MCSE Technology Coordinator Eagle Physicians Associates, PA jra...@eaglemds.com www.eaglemds.com From: Jonathan Link [mailto:jonathan.l...@gmail.com] Sent: Friday, October 08, 2010 9:40 AM To: NT System Admin Issues Subject: Re: How'd this for a bad day? AKA bad me +1 I'm just getting caught up on emails this morning. vCenter reboot shouldn't necessitate a reboot of a host server. On Fri, Oct 8, 2010 at 9:34 AM, Jeff Bunting bunting.j...@gmail.com wrote: Why do you need to power down VMs to reboot vCenter? vCenter might be the problem with the missing VMs. VMWare support might be able to help you with those. Jeff On Fri, Oct 8, 2010 at 5:51 AM, David Lum david@nwea.org wrote: I have 7 production systems running on 3 different ESX boxes in an ESX cluster, and 2 different logical SAN volumes (sorry am not SAN savvy, I just know I have two different SAN volumes to choose from when making a VM). Today, a SAN blows up and takes out half – our SharePoint server (heavily used), a Terminal Server , and an internal occasionally-used web server (Namescape rDirectory). Then somehow, when I was told to power down the other 4 VM’s so our VMWare guy could reboot a vCenter server, 3 of the 4 remaining VM’s decided to go AWOL (a combination of “missing” and “disconnected”). That took out my other two Terminal Servers and another lightly used internal web server. Did I mention I don’t have the normal backups for these things because …well…I’m an idiot and didn’t confirm our backup guy installed backup software on these servers as I stood them up (process error on my part since I should confirm it’s on there). None of these store data – they all talk to a backend SQL and the Terminal Servers are used to run apps that are slow if they run the same apps over VPN. SharePoint we got back quick because we do have a staging equivalent of it, so it was repoint to a config and content DB, DNS change, and done. I do have copious notes on how I built the others and can rebuild from scratch easily enough (I just finished the three TS boxes), but dude…six servers at once? The most frustrating part was discovering that the 4 systems that had been powered off could have been “migrated” before power off and there would have been no issue with them – the power down nuked ‘em. Oh, and the lone surviving server – the PGP Universal Server that manages the encrypted machines.
Re: Procurve Routing Issue
On Fri, Oct 8, 2010 at 4:31 PM, Joseph L. Casale jcas...@activenetwerx.com wrote: I would not use the 2824 as a router for anything serious, and bandwidth reasons makes it sound serious. Do you know what it takes to route even at gig speeds? To the best of my knowledge, simply sending or receiving full frames at gig speeds is enough to stress most PCs, let alone forwarding them. The bottleneck is usually bus bandwidth or interrupt load. While I don't know, I would expect the routing on the 2800 to be done on the management CPU, not the switch ASIC, so you're talking about a PowerPC running at 266 MHz, with very little bandwidth to the network. But if you disagree, find an old PC, install Linux and a gigabit NIC, and do the router-on-a-stick configuration. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Could use your feedback...
KnowBe4 will soon release it's first Internet Security Awareness Training product. It will make end-users aware of the dangers of social engineering and spear phishing. If you are interested, here is a beta you can check out: http://www.ptrain.com/isat/draft1/ We need your input about the product name. Please rate these four options, or let me know if you want to propose another name: http://www.ptrain.com/isat/draft1/ Warm regards, and thanks in advance!! Stu .. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: How'd this for a bad day? AKA bad me
Sounds like you should home the redundant sets of VMs on different SAN volumes/whatever? Thanks, Brian Desmond br...@briandesmond.com c - 312.731.3132 From: David Lum [mailto:david@nwea.org] Sent: Friday, October 08, 2010 11:51 AM To: NT System Admin Issues Subject: How'd this for a bad day? AKA bad me I have 7 production systems running on 3 different ESX boxes in an ESX cluster, and 2 different logical SAN volumes (sorry am not SAN savvy, I just know I have two different SAN volumes to choose from when making a VM). Today, a SAN blows up and takes out half - our SharePoint server (heavily used), a Terminal Server , and an internal occasionally-used web server (Namescape rDirectory). Then somehow, when I was told to power down the other 4 VM's so our VMWare guy could reboot a vCenter server, 3 of the 4 remaining VM's decided to go AWOL (a combination of missing and disconnected). That took out my other two Terminal Servers and another lightly used internal web server. Did I mention I don't have the normal backups for these things because ...well...I'm an idiot and didn't confirm our backup guy installed backup software on these servers as I stood them up (process error on my part since I should confirm it's on there). None of these store data - they all talk to a backend SQL and the Terminal Servers are used to run apps that are slow if they run the same apps over VPN. SharePoint we got back quick because we do have a staging equivalent of it, so it was repoint to a config and content DB, DNS change, and done. I do have copious notes on how I built the others and can rebuild from scratch easily enough (I just finished the three TS boxes), but dude...six servers at once? The most frustrating part was discovering that the 4 systems that had been powered off could have been migrated before power off and there would have been no issue with them - the power down nuked 'em. Oh, and the lone surviving server - the PGP Universal Server that manages the encrypted machines. (Yes, the PGP machines will still boot w/out the server up, but still, I've been on this server 50% of my time over the last two weeks!). Dave ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Interesting run-down on Stuxnet from F-Secure
On Fri, Oct 8, 2010 at 4:51 PM, Carl Houseman c.house...@gmail.com wrote: UAC prompting isn't the major benefit of UAC. The major benefit is that, for admins, programs that aren't admin-by-nature run without admin rights. If the admin user runs a malware executable that tries to write something to a protected file/registry area, it will fail (unless it also exploits a privilege escalation bug). The privilege escalation bug in this case would be the user clicking Allow, is my point. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: DNS on 2008R2
Are you using forwarders? Have they been changed? Our older version Cisco Network Registrar goes bonkers if I dont disable EDNS Probes on the 2008R2 dc's that forward to it. -Anders On Fri, Oct 8, 2010 at 4:48 PM, greg.swe...@actsconsulting.net wrote: Anyone tell me why 2 AD DNS servers that were running perfectly find would suddenly stop doing all recursive queries outside of the network. I had to run this “dnscmd /config /EnableEDNSProbes 0” which apparently disables larger UDP packets, but I am trying to find out if there was an recent update that would have caused this, or someone who is not supposed to be playing with the servers is being a bad boy. Drove me nuts for 2 days until I stumbled upon a thread that recommended trying that cmd and it fixed it immediately after I ran it on both servers. Thx Greg ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Procurve Routing Issue
To the best of my knowledge, simply sending or receiving full frames at gig speeds is enough to stress most PCs, let alone forwarding them. The bottleneck is usually bus bandwidth or interrupt load. While I don't know, I would expect the routing on the 2800 to be done on the management CPU, not the switch ASIC, so you're talking about a PowerPC running at 266 MHz, with very little bandwidth to the network. The 2824 routes on its backplane at wire speed until the route table fills, then it routes at/in software (slowly). But if you disagree, find an old PC, install Linux and a gigabit NIC, and do the router-on-a-stick configuration. I disagree, but I won't play with the old PC:) jlc ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Interesting run-down on Stuxnet from F-Secure
Indeed our Blink product goes way beyond traditional anti-virus by actually preventing the exploitation of vulnerabilities that lead then to attackers loading malware. Most all AV and related are simply looking for the malware that is deployed to a system after it has been exploited and in doing that you are in a constant arms race of signatures and staying ahead of the bad guys which is a failing endeavor. Blink on the other hand will for example generically prevent things like buffer overflow exploits against Adobe Reader, whether your system is patched or unpatched, zeroday or otherwise, does not matter. By preventing software vulnerabilities from being exploited in the first place you get out of the rat race of malware signatures. http://www.eeye.com/blink We also have a version of Blink that is called Retina Protection Agent which comes included with our next generation vulnerability management platform Retina CS. Difference with RPA is that it can co-exist with your existing AV to fill in the gaps that traditional AV has. http://www.eeye.com/Products/Retina/CS.aspx Happy Friday! BTW, I am not sure if you folks saw, I think I forgot to mention it here, but we recently re-launched our Zero-Day Tracker website: http://www.eeye.com/zdt -Marc -Original Message- From: Jon Harris [mailto:jk.har...@gmail.com] Sent: Thursday, October 07, 2010 6:42 PM To: NT System Admin Issues Subject: Re: Interesting run-down on Stuxnet from F-Secure Marc, not that this is the correct thread to ask this but, doesn't eEye have an AV product that concentrates more on the actions of a file and less on the definitions? Jon On Thu, Oct 7, 2010 at 8:43 PM, greg.swe...@actsconsulting.net wrote: I'm a lot cheaper. Just give me a cold coke.. From: William J. Robbins [mailto:dangerw...@gmail.com] Sent: Thursday, October 07, 2010 8:27 PM To: NT System Admin Issues Subject: Re: Interesting run-down on Stuxnet from F-Secure Who hasn't sold out for a beer? :) WJR - from my Crackberry. If you find yourself in a fair fight, your tactics suck. From: Andrew S. Baker asbz...@gmail.com Date: Thu, 7 Oct 2010 20:08:04 -0400 To: NT System Admin Issuesntsysadmin@lyris.sunbelt-software.com ReplyTo: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Subject: Re: Interesting run-down on Stuxnet from F-Secure You sold out for a beer? :) These things are a great example of always being one step behind the bad guys but NOT because we actually had to be ... only because technology companies allowed it to be. And I would say that we are were we are because as consumers and corporate customers, we don't push for things to be different. Not that technology companies don't have their own responsibility to do the right thing, but they'll always favor features over security is *we* favor features over security. ASB (My XeeSM Profile) http://xeesm.com/AndrewBaker Exploiting Technology for Business Advantage... On Thu, Oct 7, 2010 at 7:33 PM, Marc Maiffret mmaiff...@eeye.com wrote: Privilege escalation bugs are pretty much here and now and being used more commonly in attacks as the sophistication level is not necessarily as high as one would think. This has always been an area of interesting at eEye as we started discovering some of the first windows priv. escalation vulns by the handful almost 5 years ago knowing this was the future and hoping people would pay attention (security industry, technology companies) and be ready for it. We obviously are not ready as we all know the technology OS makers like Microsoft only just in the last years finally even got around to least privilege user roles and just as they played catch up with that they will now again play catch up to privilege escalation vulnerabilities which completely make all of this we run as non-admin stuff totally an irrelevant point anymore. These things are a great example of always being one step behind the bad guys but NOT because we actually had to be ... only because technology companies allowed it to be. P.S. My marketing department told me if I mentioned this new cheesily named thing I am doing they would buy me a beer, so consider this the mention: http://www.eeye.com/Company/News-and-Events/Minute-With-Maiffret.aspx Signed, Marc Maiffret Co-Founder/CTO eEye Digital Security Web: http://www.eeye.com http://www.eeye.com/ Blog: http://blog.eeye.com http://blog.eeye.com/ Twitter: http://www.twitter.com/marcmaiffret
RE: Interesting run-down on Stuxnet from F-Secure
No, the UAC prompt may not happen. UAC prompting only happens for specific programs that are recognized as needing elevation. It does NOT happen for every API call that might fail if not elevated. Yes, the malware writers could make their malware smart enough to cause the UAC prompt and gain elevation, but that's not my point. My point is that plenty of malware that succeeds for admin users under XP will fail for admin users under Vista/7 because UAC is enabled, and the user will not be prompted to override that protection. Carl -Original Message- From: Ben Scott [mailto:mailvor...@gmail.com] Sent: Friday, October 08, 2010 5:17 PM To: NT System Admin Issues Subject: Re: Interesting run-down on Stuxnet from F-Secure On Fri, Oct 8, 2010 at 4:51 PM, Carl Houseman c.house...@gmail.com wrote: UAC prompting isn't the major benefit of UAC. The major benefit is that, for admins, programs that aren't admin-by-nature run without admin rights. If the admin user runs a malware executable that tries to write something to a protected file/registry area, it will fail (unless it also exploits a privilege escalation bug). The privilege escalation bug in this case would be the user clicking Allow, is my point. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Could use your feedback...
Stu, My first feedback, before I can comment on the content, is that it RUDELY maximized my browser window on my screen without asking, and without need, it doesn't even come close to filling up the screen on my 22 monitor. In most cases, when a site does that, I'm not to fast to return. Just my two cents on what I consider invasive web design Erik Goldoff IT Consultant Systems, Networks, Security ' Security is an ongoing process, not a one time event ! ' -Original Message- From: Stu Sjouwerman [mailto:s...@sunbelt-software.com] Sent: Friday, October 08, 2010 5:04 PM To: NT System Admin Issues Subject: Could use your feedback... KnowBe4 will soon release it's first Internet Security Awareness Training product. It will make end-users aware of the dangers of social engineering and spear phishing. If you are interested, here is a beta you can check out: http://www.ptrain.com/isat/draft1/ We need your input about the product name. Please rate these four options, or let me know if you want to propose another name: http://www.ptrain.com/isat/draft1/ Warm regards, and thanks in advance!! Stu .. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Could use your feedback...
So far, so good. When the finished product comes out, I'd pass that link around to our staff. I didn't see options for the name, however. On Fri, Oct 8, 2010 at 14:03, Stu Sjouwerman s...@sunbelt-software.com wrote: KnowBe4 will soon release it's first Internet Security Awareness Training product. It will make end-users aware of the dangers of social engineering and spear phishing. If you are interested, here is a beta you can check out: http://www.ptrain.com/isat/draft1/ We need your input about the product name. Please rate these four options, or let me know if you want to propose another name: http://www.ptrain.com/isat/draft1/ Warm regards, and thanks in advance!! Stu .. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin