Internet Explorer error pages blank and missing information, can’t click continue or more information.
by Carl Farrington on May.07, 2009, under Uncategorized
Internet Explorer 7 / 8 appear broken. Error pages such as “Certificate Error” do not display full information, lots of script errors, “more information” gives blank information, can’t click “continue” on certificate error pages (which means you can’t accept a self-signed cert).
Fix: (download sublinacl first).
subinacl /subkeyreg HKEY_LOCAL_MACHINE /grant=administrators=f
subinacl /subkeyreg HKEY_CURRENT_USER /grant=administrators=f
subinacl /subkeyreg HKEY_CLASSES_ROOT /grant=administrators=f
subinacl /subdirectories C:\ /grant=administrators=f
subinacl /subkeyreg HKEY_LOCAL_MACHINE /grant=system=f
subinacl /subkeyreg HKEY_CURRENT_USER /grant=system=f
subinacl /subkeyreg HKEY_CLASSES_ROOT /grant=system=f
subinacl /subdirectories C:\ /grant=system=f
Exchange 2010 blocks Linux from using Premium OWA.
by Carl Farrington on Apr.19, 2009, under News & Reviews, Tips & Tricks
I have just installed the beta of Exchange 2010.
It seems that when accessing OWA through Firefox or Epiphany on Linux, we’re only given the option of OWA Light, therefore exactly the same experience as with Exchange 2007.
Firefox on Win32 works as expected. How obviously intentionally lame.
Fortunately we can override the useragent in both Firefox and Epiphany (my preferred browser due to FF’s annoying right-click Linux bug).
Go to about:config in the address bar, click on the “I’ll be careful” thing to carry on, and right-click, create a new String, called general.useragent.override with the following as the data:
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.9.0.8) Gecko/2009032609 Firefox/3.0.8
Close and reopen Epiphany or Firefox and Exchange 2010’s OWA Premium works perfectly 
Note: you must close all Epiphany or Firefox windows for this to take effect.
Even better is that you can use Prism to launch OWA “as an application”. You will need to edit /usr/share/prism/default/preferences/webrunner-prefs.js and add the following line:
pref(”general.useragent.override”, “Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.9.0.8) Gecko/2009032609 Firefox/3.0.8″);
See screenshot below:
OWA Premium from Exchange 2010 launched through Prism on Ubuntu Jaunty
Curious phishing rootkit modifies banking webpages in-line, requesting full password instead of select characters.
by Carl Farrington on Apr.03, 2009, under Computer Stuff, News & Reviews
I’ve just come across something concerning that I haven’t seen before.
Customer’s computer appears to be infected with something.
Banking websites such as rbsdigital.com , lloydstsb.com, hsbc.com , well, the website displays perfectly except that the security phrase box asks for the whole phrase instead of just particular characters from the phrase.
It’s as though something is intercepting and re-writing the page as it’s displayed (url and cert look fine, DNS of sites resolve fine).
Computer has various infections on it by the looks of it - twext.exe which I’ve come across enough times, and various random .dll’s fired up through rundll32.
What’s concerning me is how the page is modified in-line and the url and certificate are spot on.
Here’s the analysis results for the .dll, called through Run -> rundll32. Doesn’t look good for detection.
http://www.virustotal.com/analisis/9ec1b577f2bf5688597dc1c911bea47d
Here are the results for twext.exe, called through Winlogon -> Userinit.
http://www.virustotal.com/analisis/ae4eda13de80161b65b3a18122ead92f
c:\windows\system32\a.exe , doesn’t appear to be called from anywhere that I’ve noticed yet, but obviously suspect filename and file date. Same file as twext.exe.
http://www.virustotal.com/analisis/ae4eda13de80161b65b3a18122ead92f
c:\windows\system32\userinit32.exe , called via addition to Winlogon > Userinit, hidden from Windows API and only visable with icesword, but registry modification was re-creating itself after removal. File timestamp on this one is 2004-08-11 , same as most stock XP files.
http://www.virustotal.com/analisis/cf0b882c689a513443845f3edea5cb16
Microsoft Antivirus (whatever that is) misses this one.
c:\windows\usebexuyiruburu.dll - can’t remember where this was called from. Think it was HKCU -> Run, whereas others were HKLM -> Run
http://www.virustotal.com/analisis/4407b4eb1474268be3033b8268608877
Again Microsoft Antivirus does well while nearly all the other 38 antivirus programs fail.
Audio/Video demonstrating the noise levels of Dell’s PowerEdge T300 server.
by Carl Farrington on Feb.20, 2009, under Computer Stuff, News & Reviews
Here is a short video clip I shot of a PowerEdge T300 alongside my normal workstation. As you can hear, the noise is not really a problem and I don’t think it is very loud at all.
New theme.
by Carl Farrington on Feb.13, 2009, under News & Reviews
This theme is so nice that I feel I couldn’t possibly ruin it with a banner advert at the top. I’ve only earned $33 from them in the last six months anyway!
Moved to Apache
by Carl Farrington on Feb.13, 2009, under Uncategorized
We’ve moved! Or rather the blog has moved from running on my Exchange 2003/Server 2003 box to the £99 HP Proliant ML110 G5 server that I bought a few months ago. I wish I could buy more of these at that price. They’re £400 now 
Happy days. Move was a piece of cake except for SELinux context problems of moved webserver datafiles.
Expect unreliability as I tweak firewall rules.
The Routing and Remote Access service failed to start due to dependency service NetBIOSGroup failed to start.
by Carl Farrington on Feb.03, 2009, under Computer Stuff, Tips & Tricks
RRAS won’t start because service “NetBIOSGroup” failed to start.
This is due to broken “NetBIOS Interface” service, which provides “Group = NetBIOSGroup”.
Import the following .reg file and reboot the server: http://www.css-networks.com/netbios.reg
Google says the Internet may harm your computer, even Google themselves are dangerous!
by Carl Farrington on Jan.31, 2009, under Uncategorized
I just did some googling, and it seems every single website that Google knows about “may harm your computer”, and you cannot click through to them from the search results.
Here are a couple of screenshots:
Scheduled Backup to RDX / RD1000 with SBS 2008 and wbadmin
by Carl Farrington on Jan.20, 2009, under Computer Stuff, Tips & Tricks
@echo off set Logfile="c:\network shares\company\Backup Log.txt" rem Should be called with backup name as parameter, backup will be stored in that backup name's folder. echo. >>%logfile% Echo ***** Backup starting at %date% on %time% >>%logfile% Echo Creating Backup Directory at \\server\rd1000\%* >>%logfile% if not exist "\\server\rd1000\%*" md "\\server\rd1000\%*" >>%logfile% Echo. >>%logfile% Echo ***** Starting Data and System files backup >>%logfile% wbadmin start backup -backuptarget:"\\server\rd1000\%*" -include:c: -quiet >>%logfile% Echo. >>%logfile% Echo ***** Starting Exchange Server Backup >>%logfile% del "C:\Users\Administrator\AppData\Local\Microsoft\Windows NT\NTBackup\data\*.log" ntbackup backup "@C:\Users\Administrator\AppData\Local\Microsoft\Windows NT\NTBackup\data\Exchange.bks" /a /d "Exchange Server" /v:no /r:no /rs:no /hc:off /m normal /j "Exchange Server" /l:s /f "\\server\rd1000\%*\Exchange Server.bkf" type "C:\Users\Administrator\AppData\Local\Microsoft\Windows NT\NTBackup\data\*.log" >>%logfile% echo. >>%logfile% echo ***** Starting IRIS backup >>%logfile% sqlcmd -S SERVER\IRISPRACTICE -Q "BACKUP DATABASE [IRIS] TO DISK = N'\\server\rd1000\%*\IRIS-FUll Backup.bak' WITH NOFORMAT, INIT, NAME = N'IRIS-Full Database Backup', SKIP, NOREWIND, NOUNLOAD, STATS = 10" >>%logfile%
Save the script as c:\dobackup.cmd , and call as “c:\dobackup Daily Backup” or “C:\dobackup Monday” with the Task Scheduler. Obviously make sure there is enough space on your RD1000 for five backups. If not, alter the script or just call it with “Set1″ and “Set2″ instead of Monday, Tuesday, Wednesday etc.
Although it looks like there is nothing there to say “Back up the Exchange IS”, there is an “Application” entry for Exchange in the registry under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WindowsServerBackup\Application Support\{76fe1ac4-15f7-4bcd-987e-8e1acb462fb7} , and the output of the backup says “Running consistency check for application Exchange.” This confirms Microsoft’s documentation that SBS’ version of Windows Server Backup does indeed back up Exchange.
Because I am a wuss, and I have no faith, I am also doing an NTBackup of the Exchange IS to a file on the disk. The NTBackup files that you will need to run NTBackup on SBS 2008 can be found here. Extract them to C:\Windows, because there is a VSSAPI.DLL in Windows\System32 that NTBackup doesn’t like. If you extract the files to \Windows, ntbackup will use the VSSAPI.DLL in its own directory.
SBS 2008 Unbootable after partition resize - winload.exe; Status: 0xc0000225; Info: The selected entry could not be loaded because the application is missing or corrupt.
by Carl Farrington on Jan.18, 2009, under Computer Stuff, Tips & Tricks
The server is all done. One last thing to do - resize that Dell OS partition now that we have the Data partition on a separate 500gb RAID1.
Being an old fashioned person (read: not a Vista user, and new to SBS 2008), I didn’t think to use Disk Management to do the resize. I used Acronis Disk Director. This resulted in the system not booting, with the above error message.
I was at a bit of a loss for what to do. I ran chkdsk from an NTFS bootdisk and this made no difference. Obviously there is no boot.ini any more, and to make matters worse, the Dell supplied SBS 2008 DVDs are non-bootable, so I was a bit stuck.
Whilst waiting the 2hrs for the SBS 2008 DVD ISO to download from Microsoft.com, I thought I’d try out a Vista disk and see if that would repair the bootmgr. It did and now all is well.
The problem is apparently caused by the UUID of the partition changing, leaving the bootmgr unable to find it, as per this article.
