MultyTask Network Services

24May/101

Exporting certificate from IIS to ISA Server

When exporting a certificate from an existing IIS server to import into ISA server and publish in a rule, it’s crucial to export it from the MMC console “Certificates” rather then from within IIS management.  By doing so, the cert then has two “purposes” associated with it.  ISA server looks for a cert that’s purpose is “Client Authentication.”  When you export it from IIS, all you get is a cert with “Server Authentication” and when imported into ISA, it’s ignored and you get the infamous certificate error.

NOTES:
Make sure you have forms based authentication enabled on only one side of the configuration.  (OWA/IIS or ISA)  If both are enabled at the same time, you’ll login and be returned to another login page.

11Feb/100

Dr.Web CureIt!

So... if you haven't given this piece of software a shot, definitely try it on your next infected machine!! This just helped me get rid of BackDoor.Tdss.565 and 1365 after no other AV could!

http://www.freedrweb.com/download+cureit/

4Feb/100

Exporting certificate from IIS to ISA Server

When exporting a certificate from an existing IIS server to import into ISA server and publish in a rule, it’s crucial to export it from the MMC console “Certificates” rather then from within IIS management.  By doing so, the cert then has two “purposes” associated with it.  ISA server looks for a cert that’s purpose is “Client Authentication.”  When you export it from IIS, all you get is a cert with “Server Authentication” and when imported into ISA, it’s ignored and you get the infamous certificate error.  I’ll expand upon this more with a proper walkthrough when time permits.

29Jan/100

SMTP Protocol in Exchange locks up frequently

In testing with both Untangle and MS Forefront mail filtering we had numerous occurrences of queues freezing multiple times a day.  After reviewing our SMTP IIS logs we were able to see a pattern between the time the Spam Quarantine emails went out and the time the server would stop receiving new messages.  We weren’t sure whether the sheer volume of emails flooding the server at that time was causing the crash, or if it was the makeup of the actual email.  We fought this for months…  Resetting the InetInfo.exe service would force the email to retry and eventually deliver.

It wasn’t until this morning, when the queues wouldn’t recover, even after resetting the InetInfo.exe service, that I was able to solve the problem.  Fortunately it was happening so frequently that I was able to try a lot of different tests in a short amount of time and the queue was full of the MS Forefront Spam Quarantine emails.  After finally shutting off IMF (Intelligent Message Filtering) in Exchange, the emails flew through the queue and haven’t locked up since.

image

10Dec/090

Windows XP Auto log off problem after removing virus

If after removing viruses from your machine your user account won't login, it's most likely because the userinit and shell values in the registry are corrupted. Load the SYSTEM hive into Local Machine using another computer and make sure the following values are set correctly under:

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon

Shell = explorer.exe
Userinit=C:\windows\system32\userinit.exe

The registry files can be found under C:\windows\system32\config

9Oct/090

Uninstalling Acronis Products under Vista (BSOD 0x0000007B)

If after you uninstall an Acronis product under Windows Vista you receive a blue screen of death with error message 0x0000007B, it's because your upper filters that are used during bootup still have references to Acronis files in them. Follow this post here to resolve your problem:
http://blogs.mgtechgroup.com/markc/archive/2007/06/24/Acronis-Uninstall-caused-Vista-to-BSOD-with-0x0000007B-in-crcdisk.sys.aspx

IMPORTANT! - Also remember to remote "timounter" from your upperfilters as well if this exists. Some Acronis products use this upper filter and my system wouldn't reboot until it was removed.

21Aug/090

Thermal compound

I cannot stress enough, the importance of thermal compound. This is a laptop that came in because of random reboots and because the fan was running too loud. Whoever serviced this machine previously, not only removed the thermal compound, but scraped it off with a screwdriver leaving microscopic valleys on the surface of both the CPU and the heatsink. The thermal properties of both these surfaces won't be the same unless they are lapped. NEVER do this! Clean with alcohol and non abrasive clothes, then always remember to re-apply a thin layer of thermal compound to fill in the metal imperfections. This will allow the heat from the CPU to transfer properly to the heatsink where it can be disappated.

Filed under: IT Related No Comments
14Aug/093

GoDaddy FTP account hacked…

Today my GoDaddy FTP account was compromised...  Called them up after changing my account password and FTP password.  Tech specialist was extremely helpful and let me know that because I'm hosting on a Linux environment, they have a new backup process in place that allows me to restore a snapshot of my server from the last 30 days.  I downloaded and archived all the hacked content (injected with all kinds of HTML links and redirects) which I will investigate further at a later date, then restored all the content back to normal.  This saved me HOURS worth of work and the possibility of never getting my server back to normal again.

THANKS GODADDY!

HACKER, OWNED!

Filed under: IT Related 3 Comments
29Jul/080

Reading Minidumps

1) Download and install the Debugging Tools from Microsoft
2) Locate your latest memory.dmp file- C:\WINDOWS\Minidump\Mini081505-01.dmp or whatever
3) Open a CMD prompt and cd\program files\debugging tools for windows\
4) type the following stuff:
Code:
c:\program files\debugging tools>kd -z C:\WINDOWS\Minidump\Mini081505-01.dmp (it will spew a bunch)
kd> .logopen c:\debuglog.txt
kd> .sympath srv*c:\symbols*http://msdl.microsoft.com/download/symbols
kd> .reload;!analyze -v;r;kv;lmnt;.logclose;q
5) You now have a debuglog.txt in c:\, open it in notepad and post the content here

Filed under: IT Related No Comments