Warning “Valid SP-Cache is for Storage Processor SP…” event code 0x7241

February 15th, 2017 No comments

On a VNX 5300 array, after powering down, unseating, and re-seating a SP I encountered the event code 0x7241 with warning message “Valid SP-Cache is for Storage Processor SP…”.

Disabling write and read caches on each SP did not resolve.  Restarting management services on the SPs did not resolve.

To resolve, I restarted one SP within the Unisphere GUI, then after it was back up, I restarted the other SP.

 

 

 

 

Categories: EMC VNX Tags:

VMWare SRM – When trying to protect a VM – There are not enough licenses installed to perform the operation

April 6th, 2016 No comments

So there were plenty of licenses, what else can be wrong?

 

Within the log files @ C:\ProgramData\VMware\VMware vCenter Site Recovery Manager\Logs I saw the following:

2016-04-06T15:38:31.479-05:00 [09472 warning ‘Licensing’] Unable to decode license ”: INVALID_SERIAL
2016-04-06T15:38:31.480-05:00 [07916 info ‘Licensing’] Initializing with license key:
2016-04-06T15:38:31.480-05:00 [07916 verbose ‘PropertyProvider’] RecordOp ASSIGN: asset, DrLicenseManager
2016-04-06T15:38:31.480-05:00 [07916 warning ‘Licensing’] The license key ” expired on 1970-01-01T00:00:00Z
2016-04-06T15:38:31.481-05:00 [09240 warning ‘Licensing’] This SRM instance is no longer in compliance. 41 4(s) are not licensed for protection.

In the web client under home > licensing > solutions I found something that didn’t exactly refer to SRM but I assigned the SRM key to it anyways.  After assigning this key the problem was resolved.

Categories: Uncategorized Tags:

Return the X-Frame-Options HTTP header in IIS 7 for Exchange OWA

December 18th, 2015 No comments

To prevent click-jacking, add the HTTP response header “X-Frame-Options” into IIS for websites and or Exchange OWA:

– Open IIS Manager and click on the server name in the left column.  Drill down if you only want to apply to one website.
– In Features View, double-click HTTP Response Headers.
– On the HTTP Response Headers page, in the Actions pane, click Add.
– In the Add Custom HTTP Response Header dialog box, add a header called “X-FRAME-OPTIONS”, and assign it’s value to “SAMEORIGIN”.
– Click OK

 

You can validate correct function by visiting one of these websites:

https://securityheaders.io
http://web-sniffer.net/

Categories: Uncategorized Tags:

Server Connection: Not Connected to SRM server

December 17th, 2015 2 comments

I was unable to find this problem documented anywhere, though there was a reference to it on another blog here:   http://www.virtualmachinery.co.uk/2015/03/upgrading-site-recovery-manager-55-to.html

 

The problem presents itself this way, looking at SRM in the web client in version 5.5 of VMWare, 5.8.1 of SRM:

Capture

As you can see, client connection shows as connected, however server connection shows as “Not Connected to SRM server”.  It wasn’t obvious to me, but what this means is the sites are not connecting to each other, even though they are paired and everything else looks green.

Additionally you will notice that the option to replicate changes to the secondary site before failover will be grayed out.

I spent several days troubleshooting this before I found an indicator in the logs that pointed to certificate errors.  I believe that if I was able to un-pair and then re-pair the sites, this would have been resolved.  However in order to un pair sites, you must first delete the recovery plans and protection groups.  When attempting to delete, the status would say deleting and never complete.

Ultimately to resolve I uninstalled SRM at both sites, deleting all data from database.  I then reinstalled and reconfigured SRM, protection groups, and recovery plans.

 

Categories: Uncategorized Tags:

Recommended extensions to block @ spam filter

December 10th, 2015 No comments

*.ade
*.adp
*.arj
*.asx
*.bas
*.bat
*.cab
*.chm
*.cmd
*.com
*.cpl
*.crt
*.exe
*.hlp
*.hta
*.inf
*.ins
*.jar
*.js
*.jse
*.jsp
*.lib
*.lnk
*.mdb
*.mde
*.msi
*.msp
*.nsc
*.pcd
*.pif
*.pptm
*.ps1
*.reg
*.rwa
*.scr
*.sct
*.shs
*.vb
*.vbe
*.vbs
*.wmd
*.wsc
*.wsf
*.wsh

Additionally you may consider scanning these closer, quarantining, or blocking:
*.rar (block any that are encrypted/can not be scanned)
*.zip (block any that are encrypted/can not be scanned)
*.pdf (block any that are encrypted/can not be scanned)
*.xlsm (macro enabled xls)
*.docm (macro enabled docs)
*.doc (block any that are macro enabled if possible)

Categories: Uncategorized Tags:

Phishing test providers I recommend

August 6th, 2015 No comments
  • phishingbox
  • threatsim
  • wombat security
  • knowbe4

If training isn’t important to you, go with phishingbox. They are the cheapest.

If training is important to you, go with ThreatSim or Wombat Security.

I find knowbe4’s training materials to be meh, but that may just be me.

My personal recommendation is ThreatSim. Their training is lagging behind, but their support is beyond excellent. I suspect they will become a major player in a year from now.

Edit: ThreatSim has been acquired by Wombat Security – this will likely increase the cost of ThreatSim in 2016

Categories: Uncategorized Tags:

Spam filtering techniques

January 30th, 2015 No comments

The most significant things I’ve done to decrease spam and phishing attempts

  • bl.spamcop.net and zen.spamhaus.org RBLs
  • vendor RBL (barracuda)
  • blocked entire subnets of countries we don’t do business with
  • email rate control
  • attachment filters
  • virus filter
  • heuristics
  • subject line filters for cryptowall attempts and multi ip distributed campaigns
  • block some foreign countries if their reverse DNS resolves back to their country TLD (ex: cn = china), however I don’t block if reverse DNS rules don’t exist or are incorrect
  • block TLDs in header and body that are heavily abused (list below)

Heavily abused TLDs
.asia
.br
.click
.cn
.fr
.it
.link
.rocks
.ru
.tw
.ua
.ve
.xxx
.xyz

Categories: Uncategorized Tags:

Veeam repository recommendation

January 26th, 2015 No comments

I repost this so much on reddit I decided to just create an entry here to reference:

This is what I recommend if you want cheap, without support, but with decent reliability/redundancy and excellent performance. Use RAID 6 for capacity, RAID 10 for highest reliability and performance. Deduplication will increase your available space by 25-50% or more depending on what you are storing. Increase number of disks and JBODs for more storage. This requires a dedicated server to provide NFS, however I think iSCSI is built into 2012r2 now. It has the advantage of being able to house Veeam also, though you should use at least one VM as a proxy for a hot add disk performance boost.

JBOD enclosure with space for 45 SAS drives. Use any server you have laying around that supports PCIx2 and install Server 2012r2 with deduplication enabled.

JBOD chassis (1x) – $2000 SuperMicro CSE-847E26-RJBOD1 http://www.newegg.com/Product/Product.aspx?Item=N82E16811152143

SAS RAID controller (1x) – $689 LSI 9280-8e http://www.newegg.com/Product/Product.aspx?Item=N82E16816118109

RAID controller backup battery (1x) – $160 MegaRAID LSIiBBU08 http://www.newegg.com/Product/Product.aspx?Item=N82E16816118163&Tpk=N82E16816118163

SAS cables (2x) – $70ea=$140 SFF-8088(M) to SFF-8088(M) http://www.newegg.com/Product/Product.aspx?Item=N82E16816116105

Disks (??x) – $288ea=? Seagate ST4000NM0023 4tb Enterprise Capacity 128mb 7200rpm http://www.newegg.com/Product/Product.aspx?Item=9SIA5EM1PU0823&cm_re=ST4000NM0023-_-22-178-306-_-Product

Internal mini SAS cables (2x) = $60 http://www.cdw.com/shop/products/Tripp-Lite-3ft-Internal-SAS-Cable-mini-SAS-SFF-8087-to-mini-SAS-SFF8087-1M/1464242.aspx

Categories: Uncategorized Tags:

MS14-025/KB2928120: An Update for Group Policy Preferences

May 15th, 2014 No comments

Looking at this article: http://blogs.technet.com/b/srd/archive/2014/05/13/ms14-025-an-update-for-group-policy-preferences.aspx

I grabbed the check script from here (bottom of the page) http://support.microsoft.com/kb/2962486

and ran it on my domain controller.  The script immediately gave me the error “cannot bind to argument to parameter ‘path’ because it is null”.

Apparently this is an uncaught exception when no XML files exist in the path subfolders.  It appears that ONLY group policy preferences are stored in XML, and this XML file will only show up if group policy preferences are implemented, meaning if you don’t have XML files in %windir%\SYSVOL\domain then you are not affected by this patch.  Group policies themselves appear to be stored as INF and other types.

 

Categories: Uncategorized Tags:

Bringing a single domain controller up in an isolated network

May 14th, 2014 No comments

 

I wanted to create a quick test lab so I spun up a copy of a virtualized domain controller into an isolated network. The domain controller came up in a failed state with DNS and Active Directory non-functional.

Apparently in a multi domain controller network it is a requirement that the domain controller be able to sync with other domain controllers/role masters in order to function.

Because this was the only domain controller in the network, and I wanted to get the test network up quickly, I performed the following workarounds:

 

(Thanks to user zabo2012 on the veeam forums at http://forums.veeam.com/vmware-vsphere-f24/restoring-2012-domain-controller-vm-t18629.html for the awesome instructions)

 

boot the machine up in dsrm ( bcdedit /set safeboot dsrepair )

log in with ds repair mode password .\Administrator

run the bcdedit command to set and remove dsrepair mode ( bcdedit /deletevalue safeboot )

net stop ntfrs

open regedit and

Open Regedit
Browse to the following extension: HKLM\SYSTEM\CurrentControlSet\Services\NTDS\Parameters
Add the following dword (32 bit) value: Repl Perform Initial Synchronizations
And leave this set to 0.
http://www.veeam.com/kb_articles.html/kb1280
then

open regedit and expand: hklm\SYSTEM\CurrentControlSet\Services\NtFrs\Parameters\Backup/Restore\Process at Startup
Set the burflags to d2 (sometimes you will have to use d4, but only do this in isolated network or it will overwrite other DC’s during replication)
http://www.veeam.com/kb_articles.html/kb1278

reboot

Edit:

I noticed that although I was able to get other servers to authenticate off the DC after doing the above, I wasn’t able to access AD Users and Computers on the DC itself.

Seizing the roles from the other DCs (that are not available in the isolated test lab) fixed this.  To seize the other domain controller FSMO roles:

ntdsutil
roles
connections
connect to server <dns name of local dc server>
quit

seize schema master
seize naming master
seize rid master
seize PDC
seize infrastructure master

quit
quit

After seizing roles I now see the expected information in AD Users and Computers

Edit 2:

I continued to have problems with an Exchange server that was in the same test lab as the isolated domain controller so I made a few more changes:

I performed a metadata cleanup, removing all the domain controllers that were not in the isolated lab environment, using the GUI > http://technet.microsoft.com/en-us/library/cc816907%28v=ws.10%29.aspx#bkmk_graphical

I then set the burflag to d4 (below) and restarted the domain controller.  After that exchange was working correctly.

open regedit and expand: hklm\SYSTEM\CurrentControlSet\Services\NtFrs\Parameters\Backup/Restore\Process at Startup
Set the burflags to d4
http://www.veeam.com/kb_articles.html/kb1278

 

 

Categories: Uncategorized Tags: