Sorry for the weather in Columbus, Ohio – we’ve migrated to Exchange 2010

My company would like to apologise for the weather (ie tons of snow) that Columbus, Ohio is currently experiencing. We believe it is entirely our fault as we have started our migration from Lotus Notes to Exchange 2010 – something I believe would only ever happen if Hell froze over. Therefore we are totally to blame for the weather.  Thankfully there is no way we are going back to Notes, so it looks like this weather is here to stay.

Symantec definitions slowly getting fixed.

Symantec have now released a patch that fixes the issue of definitions being dated 12/31/2009. However, the patch so far is only available for those running 11.03 or 11.05. For more details read the official statement on the Symantec forums or the Symantec Knowledgebase article . Most of our Endpoint Protection Servers were running 11.0.4 (as live update does not upgrade the server console component) so we have to upgrade to 11.0.5 first. This can be seen as a good thing as 11.0.4 has the nasty feature of filling up the hard drive of the server as Symantec downloads and keeps 3 copies of the av definitions every few minutes as it tries to download definitions dated in 2010 (and fails). So far, most of the Endpoint Protection Manager upgrades have been fairly simple with straightforward instructions – a 25 minute process after the files have been downloaded (including backing up the database) but we had one site that didn’t work and we had to reinstall every single Symantec Endpoint Protection client and server by hand. Not a lot of fun.

Symantec patch now fixes the definitions dated 91231

Yes I deliberately posted the date this way as that is how the shortsighted programmers as Symantec did it. Needless to say, when the year rolled around to 00101 this is a lot less that 91231 so the definitions were treated as old.  It scares me to see that this bug managed to get into the product – did they not learn anything from the Y2K issues?

To make matters worse we found some servers were continually downloading definitions onto the server and in one case filled up 73gb of disk space. The fix for this is to ensure that the endpoint protection manager software is running 11.0.5 – this is a new download and upgrade installation although for one of our clients it meant uninstalling and reinstalling every single pc at that location – not an upgrade at all.

To top it all, Symantec also decided this week to announce the end of life for the v10 of their products – the only version that was actually working with correct definition dates. Although end of life is in 2012, support should really have coordinated with sales to ensure that the notice didn’t go out *this* week.

I think I still have a few servers that haven’t updated, so I will be checking those out next week. If we continue to use Symantec (which I really do not want to do), I’m hoping to look at an MSP installation of the product – one server managing all the clients so I only have one place to check for client status (and only one server to install, patch and configure)

Symantec Definition date is stuck at December 31 2009

Most of our Symantec Endpoint Protection clients are alerting that the definition dates are old (we reduce the alert time to less than the default 30 days). These alerts are coming in through the desktop client and also through both of our monitoring systems. Apparently Symantec are aware of the issue (see “The date of the definitions in Symantec Endpoint Protection clients and Symantec Endpoint Protection Manager remain at Dec 31 2009”)  and their definitions cannot have a date in 2010. Therefore their work around is to push out new updates with a date of December 31st 2009 and they are just increasing the version number until engineering come up with a patch to fix the issue of not accepting dates in 2010.

I sure hope that their update plan works better than our most recent upgrade that meant we had to reinstall the client by hand at every desktop.  None of the upgrade processes would work.

Popular posts created in 2009 from Absoblogginlutely.net

Following up from the previous post on most viewed pages of Absoblogginlutely.net in 2009, here are the most popular posts that were written in 2009. All but two of these are solutions to problems that I encountered during the 2009. Some of them were quick google searches, others were based on research and experience but hopefully the solutions have helped others in the same situation that I’ve been in.

  1. Firewall exception requirements for Symantec Endpoint Protection
  2. MYSql failed to install with the most recent install package
  3. Skype plugin caused firefox to slow down
  4. How to install 32bit print drivers on a Windows 64bit server
  5. Windows7 upgrade advisor failed to work
  6. Archiving an Exchange2007 mailbox using Powershell
  7. Fix to Exchange2003 NDR’s being delivered weeks after the mail failed.
  8. Granting Full access to a mailbox allowed me to export from Exchange 2007
  9. Fix to Out Of Office in Outlook 2007 failing
  10. My attempts at dual booting Windows 7 and Windows XP with Truecrypt on the original XP Installation disk

Popular posts in 2009 from Absoblogginlutely.net

In common with a lot of other bloggers I’m posting a top 10 list of the most popular pages from Absoblogginlutely.net in the year 2009. It is rather worrying that all of the pages are from posts I have done in previous years. Even more concerning is that a couple of the posts are about updating antivirus software from 2004 so it is a bit scary that people were coming across the same problem in 2009. Either people are 5 years behind upgrading their antivirus software or Symantec still haven’t fixed the issue 5 years later…..

  1. Manually removing Google Desktop – my most popular post each year and of all time. Originally posted April 2005.
  2. Instructions on how to setup Dell’s Open Manage Server Administrator alerts. Rather than manually typing in all of the settings to configure a server, I wrote a script to configure the server and setup alerts. The setup process went from about 30 minutes per server to less than 5 minutes. Originally posted November 2007.
  3. A zero day exploit for a Microsoft vulnerability had us all rushing around trying to patch our client servers in the middle of the day and before the patches were available on WSUS servers. I posted direct links to the 958644 patch as Windows Update was having issues in providing the url to the downloads due to the vast number of servers being checked worldwide. Having the blog entry made it very quick for me and obviously lots of other users to grab the patch at each client location. Originally posted October 2008 for a zero day exploit it is concerning this was so popular in 2009.
  4. My instructions on how to Fixing a Blackberry hanging during the activation process was also still popular. Originally posted November 2007.
  5. Back in 2006 there was a wireless vulnerability and I posted about my experiences about trying to obtain a current version of Dell’s wifi drivers for the Inspiron 610m. At the time the Dell driver package was  corrupt so a link to the Intel package was posted. Originally posted October 2006. I can understand why this page is popular as navigating the Dell website for drivers can be rather confusing. Driver downloads are not too bad, but management software and applications can be missing from the driver list or poorly named so it’s not obvious which cd image should be downloaded.
  6. A little know utility, clientdiag, for debugging wsus client issues was my next popular post. I still find myself having to use this utility so I’m not surprised it’s still popular.
  7. Due to feedback and experience with my Dell OMSA setup script, the Dell Open Manage Server Administrator setup script was updated and the original page updated to link to this one. I would have thought that this page should therefore have got more hits. I guess some people must be running an old version of my script! Originally posted November 2008 I now have a category specifically for OMSA
  8. Way back in 2003 I discovered an issue that when Symantec Antivirus was updated, the outlook addin would not be correctly updated and an error message about vpmsece.dll would be displayed when outlook was started. Originally posted October 2003, it is very scary that this issue is still being discovered by users. I have seen references to my solution on Symantec support forums and I got several comments requesting help with the simple solutions.
  9. I used to use Audible in 2004 and found a way to convert Audible data to mp3 so I could listen to the audio books on devices other than my mp3 player. Originally posted June 2004. I’m not sure if this solution is still a viable option (or if it is needed) as I don’t need Audible anymore.
  10. Users not having their home directory mapped at login and cryptic msgina 1010 errors turned out to be users saving their passwords in Internet Explorer to access other servers on the network. Originally posted July 2007 but this is a problem that could occur at any point in time.

Preparing Network Connections message at startup of SBS – solved.

Today of all days we’ve had two clients that have had their server reboot for a couple of valid reasons but after reboot the server just sat at “preparing network connections” screen and would not continue. We’re not sure right now what caused this issue but the solution was to reboot the server, press F8 and choose the Last Known Good to be able to get into the server.

Today has not been a good day for this to happen as some clients have been closed so they’ve not been around to let us in to look at the server on site but at the same time we don’t really want to wait until Monday to get access to the server, yet this is a holiday weekend.

For me, it’s been a long week . I’ve started work at 4am twice this week and was working at 1am until 2.30am last night so I doubt I’ll be staying up for NewYear – but I think I can make it until 7pm when I’ll be able to watch BigBen strike midnight.

Happy New Year everyone and I hope 2010 starts off better than 2009 finished!

Unable to rdp to Windows2008 SBS server from XP client after KB969084 installed

We had an issue when all of a sudden we were not able to remote desktop to a clients SBS 2008 server using the rdp client and the TSGateway functionality. Remote Web Workplace would work fine and so would Windows7 clients.
After proving this patch was the culprit by removing the patch and finding my saved rdp session would work, I went back and read the kbarticle 969084 on this patch. I hadn’t initially read this (in common with a lot of other people) and also because the patch was pushed down via wsus. It turns out that XP does not turn on CredSSP by default and this is needed to work with the new RDP client. I followed the instructions at kb951608 and after a reboot, going to the control box/About I got the message that Network Level Authentication was supported and I was then able to connect succesfully.
MSTSC showing Network Level Authentication Supported
To summarize you need todo the following.

  1. Click Start , click Run , type regedit , and then press ENTER.
  2. In the navigation pane, locate and then click the following registry subkey:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
  3. In the details pane, right-click Security Packages , and then click Modify .
  4. In the Value data box, type tspkg . Leave any data that is specific to other SSPs, and then click OK .
  5. In the navigation pane, locate and then click the following registry subkey:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders
  6. In the details pane, right-click SecurityProviders, and then click Modify .
  7. In the Value data box, type credssp.dll . Leave any data that is specific to other SSPs, and then click OK .
  8. Exit Registry Editor.
  9. Restart the computer.