Carl’s Blog

Trying to do a physical to virtual conversion so that this blog can be put on the VMWare ESXi 4 box, and the little HP box can do Asterisk (VMWare didn’t play well with Asterisk).
After much frustration (need 32-bit libs on Fedora for the Converter to run), I still couldn’t quite fathom out why the converted machine failed to boot (“cannot find root”), then it dawned on me that the VMWare converter was not finding the root filesystem because it was on a linux raid1 mirror partition, which the converter doesn’t support.

Rather than transferring manually, here’s what I did:
fdisk
change partition type of RAID partition from type fd (linux raid autodetect) to 83 (linux ext). This might not be necessary, but it should prevent the kernel from auto-configuring RAID for that partition.
cd /etc
mv mdadm.conf mdadm.conf.old (i.e. remove the mdadm.conf configuration file, but keep as a backup just in case).
mkinitrd /boot/initrd-noraid-`uname -r`.img `uname -r`
(basically we’re doing “mkinitrd /boot/initrd-noraid-2.2.15-el5.img 2.2.15-el5″ if 2.2.15-el5 is your running kernel version.. the uname -r substitutes this for us.)
cd /boot/grub
edit grub.conf and change kernel boot parameter root= to reflect partition without raid, e.g. change from /dev/md0 to /dev/sda2, also change the initrd= line to /boot/initrd-noraid-x.x.x.img

Now the initial ramdisk has no mdadm.conf, and the partition type is no longer set to linux raid autodetect (type fd).
Power down, remove one of the RAID1 disks, and the system should boot and run now off the other disk without RAID.

VMWare converter now works. Job’s a good ‘un.

Internet Explorer 7 / 8 appear broken. Error pages such as “Certificate Error” do not display full information, lots of script errors, “more information” gives blank information, can’t click “continue” on certificate error pages (which means you can’t accept a self-signed cert).

Fix: (download subinacl first).

subinacl /subkeyreg HKEY_LOCAL_MACHINE /grant=administrators=f
subinacl /subkeyreg HKEY_CURRENT_USER /grant=administrators=f
subinacl /subkeyreg HKEY_CLASSES_ROOT /grant=administrators=f
subinacl /subdirectories C:\ /grant=administrators=f
subinacl /subkeyreg HKEY_LOCAL_MACHINE /grant=system=f
subinacl /subkeyreg HKEY_CURRENT_USER /grant=system=f
subinacl /subkeyreg HKEY_CLASSES_ROOT /grant=system=f
subinacl /subdirectories C:\ /grant=system=f

I have just installed the beta of Exchange 2010.

It seems that when accessing OWA through Firefox or Epiphany on Linux, we’re only given the option of OWA Light, therefore exactly the same experience as with Exchange 2007.

Firefox on Win32 works as expected. How obviously intentionally lame.

Fortunately we can override the useragent in both Firefox and Epiphany (my preferred browser due to FF’s annoying right-click Linux bug).

Go to about:config in the address bar, click on the “I’ll be careful” thing to carry on, and right-click, create a new String, called general.useragent.override with the following as the data:

Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.9.0.8) Gecko/2009032609 Firefox/3.0.8

Close and reopen Epiphany or Firefox and Exchange 2010’s OWA Premium works perfectly

Note: you must close all Epiphany or Firefox windows for this to take effect.

Even better is that you can use Prism to launch OWA “as an application”. You will need to edit /usr/share/prism/default/preferences/webrunner-prefs.js and add the following line:

pref(“general.useragent.override”, “Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.9.0.8) Gecko/2009032609 Firefox/3.0.8″);

See screenshot below:

OWA Premium from Exchange 2010 launched through Prism on Ubuntu Jaunty

I’ve just come across something concerning that I haven’t seen before.

Customer’s computer appears to be infected with something.

Banking websites such as rbsdigital.com , lloydstsb.com, hsbc.com , well, the website displays perfectly except that the security phrase box asks for the whole phrase instead of just particular characters from the phrase.

It’s as though something is intercepting and re-writing the page as it’s displayed (url and cert look fine, DNS of sites resolve fine).

Computer has various infections on it by the looks of it – twext.exe which I’ve come across enough times, and various random .dll’s fired up through rundll32.

What’s concerning me is how the page is modified in-line and the url and certificate are spot on.

Here’s the analysis results for the .dll, called through Run -> rundll32. Doesn’t look good for detection.
http://www.virustotal.com/analisis/9ec1b577f2bf5688597dc1c911bea47d

Here are the results for twext.exe, called through Winlogon -> Userinit.
http://www.virustotal.com/analisis/ae4eda13de80161b65b3a18122ead92f

c:\windows\system32\a.exe , doesn’t appear to be called from anywhere that I’ve noticed yet, but obviously suspect filename and file date. Same file as twext.exe.
http://www.virustotal.com/analisis/ae4eda13de80161b65b3a18122ead92f

c:\windows\system32\userinit32.exe , called via addition to Winlogon > Userinit, hidden from Windows API and only visable with icesword, but registry modification was re-creating itself after removal. File timestamp on this one is 2004-08-11 , same as most stock XP files.
http://www.virustotal.com/analisis/cf0b882c689a513443845f3edea5cb16
Microsoft Antivirus (whatever that is) misses this one.

c:\windows\usebexuyiruburu.dll – can’t remember where this was called from. Think it was HKCU -> Run, whereas others were HKLM -> Run
http://www.virustotal.com/analisis/4407b4eb1474268be3033b8268608877
Again Microsoft Antivirus does well while nearly all the other 38 antivirus programs fail.

Here is a short video clip I shot of a PowerEdge T300 alongside my normal workstation. As you can hear, the noise is not really a problem and I don’t think it is very loud at all.

This theme is so nice that I feel I couldn’t possibly ruin it with a banner advert at the top. I’ve only earned $33 from them in the last six months anyway!

RRAS won’t start because service “NetBIOSGroup” failed to start.

This is due to broken “NetBIOS Interface” service, which provides “Group = NetBIOSGroup”.

Import the following .reg file and reboot the server: http://www.css-networks.com/netbios.reg

The server is all done. One last thing to do – resize that Dell OS partition now that we have the Data partition on a separate 500gb RAID1.

Being an old fashioned person (read: not a Vista user, and new to SBS 2008), I didn’t think to use Disk Management to do the resize. I used Acronis Disk Director. This resulted in the system not booting, with the above error message.

I was at a bit of a loss for what to do. I ran chkdsk from an NTFS bootdisk and this made no difference. Obviously there is no boot.ini any more, and to make matters worse, the Dell supplied SBS 2008 DVDs are non-bootable, so I was a bit stuck.

Whilst waiting the 2hrs for the SBS 2008 DVD ISO to download from Microsoft.com, I thought I’d try out a Vista disk and see if that would repair the bootmgr. It did and now all is well.

The problem is apparently caused by the UUID of the partition changing, leaving the bootmgr unable to find it, as per this article.

Today I had to knock together a backup solution for a small company who have a very old SCO OpenServer 5.0.5 machine running some bespoke application, a Windows SBS 2003 machine running the usual, and a Mac OS X machine running err, OS X Tiger, all backing up to a USB hard disk on the director’s Windows XP computer.

I decided to use Rsync from the Samba people. It sounded good, but I had a lot of problems along the way with Rsync protocol errors between the SCO box and the XP machine. These problems mostly went away when I changed to using the rsync.exe provided in the Deltacopy package, rather than the one provided in the cwRsync package.

The backup script that I created is found below. It requires Devcon which you can find on Microsoft’s website with the help of Google. The “devcon remove” string at the bottom of the script will probably need the USB\VIDxxxx string changing to reflect that of your USB drive. Check in the details tab of Device Manager on the USB Mass Storage Device to see what the VID ID is. Leave the asterisk (*) at the end in the devcon remove line.

The clever part, in my opinion, of this script is that it will search for the USB hard drive and identify which drive letter has been assigned. Therefore, if the drive is usually assigned G:, but happens to be assigned H: for some reason (incorrect removal of the USB drive leaving a ghost G:  for example), then the script will still work. It does this by looking for a file named drvid.txt on the USB drive, so make sure you create that file on there. I had to make the script call itself in order for the for loop to work on the drvid part. For some reason using “if exist” with a colon, e.g. “if exist f:\drvid.txt” within a for loop is not possible within a batch file, but is possible from the command-line directly. Weird.

You will of course need to have rsync on the Windows machine. I downloaded Deltacopy (after struggling with cwRsync) and simply copied all the files from the Deltacopy directory into c:\windows\system32

What the script doesn’t do is character set conversion from the Mac. This is something I need to look into, as the Mac allows weird filenames, even asterisks in folder names, which of course poses quite a problem.

Also note the drive letter list within the brackets of the for loop. I have intentionally ommited some drive letters, those assigned to network drives and card readers. You will want to populate this properly, perhaps everything from E to Z.

Anyway, here’s the script, or you can download at http://www.css-networks.com/RsyncBackup.cmd

@echo off
SET CYGWIN=nontsec
if %1.==. goto noparams
goto drvid

:noparams
Echo Scanning for external HDD.
devcon rescan
ping localhost -n 30>NUL

for %%a in (g h j k l n o p q u r s t v w x y z) do call %0 %%a

:drvid
if exist %1:\drvid.txt goto found
goto end
:found
Set DRVID=%1
echo Drive found as %DRVID%:
ping localhost -n 30 >NUL
:doeric
Echo.
Echo Rsyncing SCO (Eric) Machine
rsync -avz 192.168.1.2::root /cygdrive/%DRVID%/Eric/
:doserver
echo.
Echo Rsyncing Windows Server Data
rsync -azv “192.168.1.1::Network Shares” /cygdrive/%DRVID%/Server
:dosimon
echo.
Echo Rsyncing Simon’s Data
rsync -azv “192.168.1.11::documents” /cygdrive/%DRVID%/Mac/Documents
rsync -azv “192.168.1.11::250gb” /cygdrive/%DRVID%/Mac/250gb
:remove hdd
Echo.
Echo Peparing external HDD for removal
devcon remove USB\VID_152D*
ping localhost -n 30>NUL
pause
:end