Jun 24, 2014

Microsoft SQL Server Database Services and Analysis Services Failed Update With Error Code 1603

The other night I was trying to configure a simple database backup maintenance job on one of my company's older Microsoft SQL 2005 servers. For some reason every time I tried to run the maintenance job I created it would fail for some reason.

Well after Googling around someone suggested that it might be a problem where Microsoft SQL Management Studio was a different version than the database services. Looking at it that was the case. Database services was at version 9.00.4035 and Microsoft SQL Management Studio was running 9.00.500. Apparently at some point, someone tried to run the SP4 upgrade and it failed and they just left it (Evil eyes goes to the DBA).

Anyhoo, so I decided to try and install SP4 for Microsoft SQL 2005, and it kept failing for database services and analysis services with an error similar to this:
Service Pack 4 for SQL Server Database Services 2005 ENU (KB2463332) could not be installed. Error code 1603.
Or

Service Pack 4 for SQL Server Analysis Services 2005 ENU (KB2463332) could not be installed. Error code 1603.
Apparently that is a common issue. To fix it you have to remove a few registry keys. MAKE SURE TO MAKE A BACKUP OF THOSE KEYS FIRST!

Remove the following to get database services to update:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SQL Server\MSSQL.1\Setup\SQLGroup
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SQL Server\MSSQL.1\Setup\AGTGroup
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SQL Server\MSSQL.1\Setup\FTSGroup
Remove the following to get analysis services to update:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SQL Server\MSSQL.2\Setup\ASGroup
That's it, after removing those registry keys the upgrade went smoothly... Oh, and the upgrade also fixed my maintenance job problem!
[Via SDP]

NetApp Not Failing Over Even Though NICs Are Configured For Failover

NetApp logo
 (Photo credit: Wikipedia)
At my company we use a few NetApp SAN's. One was configured before I came on board by a consulting firm. The second one was configured by my Systems Administrator with assistance from the consulting firm, and the third we just got my Systems Administrator and I configured it ourselves.

Well we did the initial setup and configued the NICs for failover (Or Takeover in NetApp land) but when we tested failover by unplugging the network cables it didn't trigger a takeover. Naturally I called NetApp support to find out what I was missing. Well it was simply that I didn't mark my network interfaces for failover. You can do that by running:
ifconfig <interfacename> nfo
So, if you are only using interfaces e0a and e0b on both controllers, you would run:
ifconfig e0a nfo
ifconfig e0b nfo
When do your setup you should also run the following on each controller to ensure takeover works correctly:


options cf enable                                          
options cf.takeover.on_network_interface_failure on
options cf.takeover.on_failure on
options cf.takeover.on_panic on
options cf.takeover.on_reboot on
options cf.takeover.on_short_uptime on
options cf.takeover.on_network_interface_failure.policy any_nic
options cf.giveback.auto.enable on

It was a good thing I called NetApp support, because I checked the second NetApp that was configured by my Systems Administrator and the consultant and it was missing the network failover options as well.

Do you use NetApps? How do you like them? Do you prefer other SANs? If so which ones? Let us know in the comments.

Jun 23, 2014

Can't Login To TeamPass After Upgrading Ubuntu to 14.04

The other day I upgraded my TeamPass server to Ubuntu 14.04 to stay current and to make sure I could get the latest security packages. I figured, what could possibly go wrong? All I'm running is a simple LAMP server right?

Well after upgrading Ubuntu from 12.04 to 14.04, I could no longer login to TeamPass. I got the login page fine, but after entering my credentials the little icon would just spin where it said "Please Identify yourself" and never do anything. WTF?

Well I was about to give up and go through the install strict again when I noticed the install script said I didn't have PHP mcrypt installed. I figured it must have been removed after the upgrade, so I went to install it and it was already installed.

It turns out that after Ubuntu 13.10 the mcrypt extension gets removed from Apache for some reason. To fix it I had to run the following:
sudo ln -s /etc/php5/conf.d/mcrypt.ini /etc/php5/apache2/conf.d/20-mcrypt.ini
After that I restarted the Apache service:
sudo service apache2 restart
Once Apache registered the mcrypt extensions Teampass was back in business!

Jun 20, 2014

The Three Big Over The Counter 24 Hour Allergy Medicines Don't Work

I decided to stray away from tech today and go on a rant!

I have been an allergy sufferer all my life. It is particularly bad in Colorado where I grew up and where I currently live. It didn't bother me as bad when I lived in San Diego, but now that I'm back to my home state I have been living in my own personal allergy hell until today.

You see when you go to the pharmacy and you look at the allergy section you see something like this:

In the above picture the only thing missing is Zyrtec. Usually what I see is four solid rows of shelves that are peddling Claritin (Loratadine), Allegra (Fexofenadine), Zyrtec (Cetirizine) or the generic counterpart to these. Don't believe me? Check some of the other boxes on the shelf. Chances are damned good the active ingredient is one of the big three.

Sure you might also see Benadryl (Diphenhydramine) on the shelf too, but if you are like me you only want to take that when you are ready to go into a coma!

I got fed up with these pills not working so I went to my doctor who went way overboard with prescribing me a nasal spray, eye drops, an inhaler and some steroids. WTF? I just want a decent pill that works!

When I was in high school I used to take Tavist-D (Clemastine) and it worked great. What the hell ever happened to that? Why have we been reduced to three bogus 24 hour snake oil pills that don't do shit?

Well today while at Walmart I happened across a box of generic Tylenol Allergy Multi-Symptom medicine. I decided to check the active antihistamine and they used Chlorpheniramine! Yup! Not one of the big three! This is the active ingredient in the tried and true Chlor Trimeton!

True, Chlorpheniramine has been known to cause drowsiness, but it's not like the "knock you on your ass" drowsiness you find in Benadryl. You can probably handle it.

Well I found the one box on in the entire allergy section that didn't have one of the big three antihistamines, so I decided to buy it and give it a shot. Guess what? It worked like a friggin' charm! Why don't they put more of this on the shelf? It actually works! Nope, instead they keep it hidden!

Until they start stocking the shelves with what works, I'll order mine from Amazon. I found this bottle of 1000 four hour Chlorpheniramine tablets for less than $9! That should last a while and save me a few bucks!

What do you use to fight off allergies? Did you find this article while looking for an alternative to Claritin, an alternative to Allegra or an alternative to Zyrtec? Let us know about your allergy struggle in the comments!

Jun 19, 2014

I Can't Uninstall Microsoft iSCSI Initiator From Add/Remove Programs in Windows 2003 Server

I have this old backup server that is still running Windows Server 2003. Sometime back it was only running with Service Pack 1, and that is when I initially installed the Microsoft iSCSI Initiator service so I could add some iSCSI LUNs.

Well recently while troubleshooting an issue with a brand new NetApp SAN I wanted to uninstall and re-install the iSCSI Intiator Service, but it wasn't in my Add/Remove Programs! WTF?

Well, according to Microsoft this is a known issue after installing a new service pack. For me it was after I installed SP2:
This issue occurs because the iSCSI Initiator installation package is installed as a hotfix. When a service pack is installed, the service pack removes the registry entries that allow for previous hotfix packages to be uninstalled. 
Well just because it isn't in your Add/Remove programs doesn't mean you can't install it. All you have to do is run the following from the command prompt:
%SYSTEMROOT%\$NtUninstalliscsi200$\spuninst\spuninst.exe
After that follow the prompts and reboot as normal!

Jun 18, 2014

Ubuntu Users Can Calm Down About The GnuTLS Vulnerability. Ubuntu Has Fixed It.

My posts for the last two days have been about the recent GnuTLS vulnerability that I read about on ZDNet. In that post it says that the only versions not affected by the security flaw are 3.1.25, 3.2.15, and 3.3.3. In my first post I said you could try changing your update repositories to Ubuntu 14.10's repositories, and in my second post I showed you how to install from source.

Well, forget all that, because Ubuntu has patched the flaw for the following versions of Ubuntu:
  • 14.04 LTS
  • 13.10
  • 12.04 LTS
  • 10.04 LTS
They are saying that you will be fine if you just upgrade to libgnutls26 by running sudo apt-get update && sudo apt-get upgrade. If you are not running one of these versions, I suggest you upgrade to one of them and get patched!

Sorry I didn't catch that earlier...

Jun 17, 2014

How To Install GnuTLS 3.1.23 From Source in Ubuntu 14.04

Yesterday I wrote an article about how you can replace the version of Ubuntu you are running in your /etc/apt/sources.list file so you can upgrade to the GnuTLS 3.2.15 which is only available in the Ubuntu 14.10 repositories at the moment, and is the only version in the repositories that is not vulnerable to the latest GnuTLS exploit according to ZDNet.

Well, I mention at the end of that post that doing that is not the recommended way of doing things, and you should probably install GnuTLS from source. So I will tell you how to do that in this article, but instead of using GnuTLS 3.2.15, we will install 3.1.23 which is also not vulnerable to the latest GnuTLS vulnerability.

Why 3.1.23 though? Because to compile it you need to have libnettle 1.5 installed. That is the version that is available in the Ubuntu 14.04 repository. I tried manually installing GnuTLS 3.3.3, but it kept failing because it was looking for libnettle 1.7. I also tried installing libnettle 1.7 from source and got errors there too. Trust me, upgrading to Ubuntu 14.04 and installing GnuTLS 3.1.23 will be less of a headache.

Anyway, here is how you do it:
  • Install the prequisitessudo apt-get install build-essential nettle-dev libgmp-dev
  • Download the GnuTLS source fileswget ftp://ftp.gnutls.org/gcrypt/gnutls/v3.1/gnutls-3.1.23.tar.xz
  • Extract the filesunxz gnutls-3.1.23.tar.xz && tar -xvf gnutls-3.1.23.tar
  • Change into the build directorycd gnutls-3.1.23
  • Compile and install./configure && make && make install
  • Add a symlink to your libgnutls.so.28 file so gnutls-cli can tell us what version we are runningln -s /usr/local/lib/libgnutls.so.28 /usr/lib/libgnutls.so.28
That's it! After that you can run gnutls-cli -v and you will have the following output:
gnutls-cli 3.1.23
Copyright (C) 2000-2012 Free Software Foundation, all rights reserved.
This is free software. It is licensed for use, modification and
redistribution under the terms of the GNU General Public License,
version 3 or later <http://gnu.org/licenses/gpl.html>
Boom! Hack me now!

Jun 16, 2014

How To Upgrade GnuTLS to 3.2.15 To Fix The Latest Critical Security Flaw

I swear to the sweet baby Jesus that if it isn't one thing it's another in network security. First there was Heartbleed that caused all my company's banking clients to flip their shit. Everything was cool on my end because all of our Linux servers used GnuTLS or Windows IIS. Heartbleed only affected OpenSSL users.

Well ZDNet recently reported on a major flaw with GnuTLS! Crap! From ZDNet:
According to RedHat, which issued an advisory for the latest bug on Saturday, GnuTLS runs an insufficient check on the session ID length during the TLS/SSL handshake between a client and server.

"A flaw was found in the way GnuTLS parsed session ids from Server Hello packets of the TLS/SSL handshake. A malicious server could use this flaw to send an excessively long session id value and trigger a buffer overflow in a connecting TLS/SSL client using GnuTLS, causing it to crash or, possibly, execute arbitrary code," the company wrote.
According to the article the only versions not affected are 3.1.25, 3.2.15 or 3.3.3. Checking the repositories for Ubuntu, the only version of Ubuntu that contains a GnuTLS version that is not susceptible to the bug is Utopic Unicorn (14.10) which hasn't been released yet. Crap! The version in the Utopic repositories is currently 3.2.15.

That leaves two options:
  1. Download and install from source
  2. Update your apt sources to use Utopic Unicorn's repositories
I went with the later on my personal mail server because it was easier. You may want to do number one because changing the the Utopic Repositories will update everything, not just GnuTLS. I like to live dangerously though, so this is what I did:
  • Change into your /etc/apt directory

    cd /etc/apt
  • Create a backup of your sources.list file

    cp sources.list sources.list.bak
  • Edit sources.list with your favorite text editor

    nano sources.list
  • Replace your current version's name with utopic. I tested this on 12.04, so I replaced precise with utopic
  • Save sources.list then update apt

    apt-get update
  • Next upgrade!

    apt-get upgrade
If you get an error saying:
dpkg: error: configuration error: /etc/dpkg/dpkg.cfg.d/multiarch:1: unknown option 'foreign-architecture'
E: Sub-process /usr/bin/dpkg returned an error code (2)
What you need to do is remove the /etc/dpkg/dpkg.cfg.d/multiarch file, then you can run sudo apt-get -f install to fixanything you're missing.

After doing this I ran gnutls-cli -v and received the following output:
gnutls-cli 3.2.15
Copyright (C) 2000-2014 Free Software Foundation, and others, all rights reserved.
This is free software. It is licensed for use, modification and
redistribution under the terms of the GNU General Public License,
version 3 or later <http://gnu.org/licenses/gpl.html>
Boom! GnuTLS 3.2.15! Hack me now!

In all honesty, and for stability purposes the method in this article probably isn't the recommended way. You should probably just install from source...

Jun 13, 2014

Attention Sales People! 3 Pieces of Technology to Make Your Life Easier

Being in sales is one of the toughest and most stressful jobs out there. You have quotas to meet or exceed, you spend hours on closing a deal and you lose sleep at the end of the month hoping all your deals go through. This will never change, however, technology advancements are making your day-to-day processes that much easier and efficient. There are new products and services coming out all the time, but here are three fundamental services that will alleviate some of your stress.

Salesforce

There is no Customer Relationship Management (CRM) service more prevalent in the sales world than Salesforce. With over 100,000 companies using its CRM services, as the Salesforce website boasts, you'll be hard pressed to find a process more tried and true to track your sales and relationships.

With Salesforce you can easily jot notes about your sales process to all employees near and far (due to its cloud infrastructure), and you can make sure that employees aren't contacting the same customer.

MozyEnterprise

The last thing you want happening after you've spent a lot of time drafting up a project, such as a qualification audit for a prospective customer or a detailed proposal, is your hard drive crashing. That's why you need a service like MozyEnterprise cloud backup.

Not only will cloud backup keep all your crucial files safe in the cloud, MozyEnterprise comes with mobile access. Whether you're at your PC or a thousand miles away equipped with only your smartphone, you can access all your files on the go. Using cloud backup ensures that you'll have access to all your files that you need to close that deal!

GoToMeeting

Working remotely used to be an arduous task, but luckily there's a product like Citrix's GoToMeeting that allows your office to be at home and to stay in touch with ease. You can have up to 25 people in one meeting.

Working remotely doesn't allow you the luxury of being able to see your coworkers like working in an office would. There's a high definition video chat option that allows you to collaborate with coworkers in a way that text chat over IM or a phone call just wouldn't allow.

If you have a territory across the country, GoToMeeting is an indispensable tool. Gone are the days that you have to travel week after week for meetings that just may fall through, and spend thousands of dollars to seal that deal. You can "meet" your customers face to face in the luxury of your own home or office. You can also share your screen and display a presentation from within the program.

Though being in sales will never be an easy task, technology is definitely making it a lot simpler and more efficient than it used to be. If this technology is any indication of where sales is headed, it's possible that offices may become a thing of the past very soon. Until then, you may just have to settle with that bumper-to-bumper traffic a while longer.

Jun 11, 2014

How To Enable TLS 1.1 and TLS 1.2 in Internet Explorer Via Group Policy

In an effort to better secure my organization I have been wanting to disable all SSL protocols below 1.1 on one of my internal servers. The problem I was running into was that some people in my organization still like to use Internet Explorer for some reason.

Well Internet Explorer doesn't enable the use of TLS 1.1 or TLS 1.2 by default for some stupid reason. Call me crazy, but wouldn't you want to have the best security possible enabled by default? I suppose you wouldn't if you were in cahoots with the NSA, but that is another story...

Anyway, so I wanted to make sure everyone who was using Internet Explorer in my organization could still access one of my internet web servers after I disabled TLS 1.0, and SSL 3.0. The way to do that is with a Group Policy Object or GPO right? Well I had a heck of a time trying to find that setting when creating the GPO, but I finally found it under Computer Configuration > Administrative Templates > Windows Components > Internet Explorer > Internet Explorer Control Panel > Advanced Page > Turn Off Encryption Support:


I know what you are thinking. I want to add TLS 1.1 and TLS 1.2 support, not remove it! Why the hell is the setting called Turn OFF Encryption Support? Well the answer is you can also disable certain protocols like SSL 2.0 etc.

Anyway, I set mine to allow SSL 3.0, TLS 1.0, TLS 1.1 and TLS 1.2. Not all public sites support TLS 1.1 or TLS 1.2 yet, so I didn't want to remove support for the all of the older protocols yet. you can select which protocols you want to use in the drop down box under Secure Protocol Combinations.


After applying my policy to my computers OU in Active Directory I ran gpupdate /force on my test computer, but noticed the change didn't take place until after a reboot. Still though, it worked like a charm!


Are you using TLS 1.1 or TLS 1.2 in your environment yet? Why or why not? Let us know in the comments!

Jun 9, 2014

Fatal Error: Contact system adminstrator when restoring osTicket

The other day at work I was testing an upgrade of osTicket from version 1.6 to 1.9. Since I didn't want to destroy my current server if the upgrade went wrong I decided to stand up a new server side-by-side with my production osTicket server and test the upgrade there. I would just backup the current files as well as the MySQL database and restore it on the new server. What could possible go wrong?

Well after restoring the database, and the files I browsed to my new server and was greeted by a message saying:
Fatal Error: Contact system adminstrator.
I thought perhaps there was a problem with my MySQL credentials, but that wasn't it. It turned out that I needed to enable PHP short open tags in my php.ini file. In Ubuntu that file is located in /etc/php5/apache2/. All you need to do is open php.ini in your favorite text editor and change short_open_tag = Off to short_open_tag = On.

After you save your changes, just restart Apache and you should see your normal osTicket page.
Enhanced by Zemanta

Jun 5, 2014

Can The Government Force You To Decrypt Your Data?



In the above video Marcia Hofmann, a Senior Staff Attorney for the EFF is giving a talk at DEFCON 20 in 2012. She breaks down your fifth amendment right against self incrimination.

From Youtube:
Can the government force you to turn over your encryption passphrase or decrypt your data? The law surrounding police attempts to force decryption is developing at breakneck speed, with two major court decisions [in 2012] alone. This talk will start off with an in-depth explanation of the Fifth Amendment privilege against self-incrimination, its origins, and how it applies to government attempts to force disclosure of keys or decrypted versions of data in the United States. We'll also discuss law enforcement authority to demand passphrases and decryption of data stored with third parties, and survey key disclosure laws in other countries. 
I always recommend encrypting your data. Especially in these days of 1984 style government domestic spying. I even did a video on the many ways you can encrypt your data on Tech Chop:


What do you think about Marcia's talk? Let us know in the comments.
Enhanced by Zemanta



Twitter Delicious Facebook Digg Stumbleupon Favorites More

 
Design by Free WordPress Themes | Bloggerized by Lasantha - Premium Blogger Themes | stopping spam