[LabTech] IPBlock Windows Firewall plugin.

Block entire countries from seeing your PC on the Internet

Squidwork’s garage has released version 1 of their new IPBlock for Labtech RMM. IPBlock is a Country based Network Firewall plugin for Windows based systems. When deployed you can select different countries you do not want to have access to your IP address for any Windows Vista / 7 / 2008 or new system and block them from network access to your PC.

ipblock-main

How it works:

The plugin launches a script that goes out and refreshes a complete list of all countries and any IP ranges assigned to those countries. It imports them into the local host and stores them in zone files inside the LTSvc directory. Then based on your selection it applies each zone to the Windows firewall as a rule set.

What does this do for me?

This greatly reduces your Internet footprint and attack surface. Preventing access from countries that have large amounts of attacking systems. It also reduces your ability to be fully exploited by Trojans, Virus or Worms as if infected it makes it much harder to “Phone Home” if the attack comes from a Country you have blocked like “China”.

Version 1 only controls the lists that are applied to your PC it does not turn on or off the actual firewall on Windows. You will need to turn on firewall through the Windows control panel for rules to actually take effect. Then to stop the filtering shut down Windows firewall or go into plugin and select “None” and apply for all rule sets placed in by IPBlock to be removed.

Get Version 1.0.3 here

download

Enjoy Cubert 😎

How to fix NCSECDESC Failures in Active Directory after DCDiag reports a failure.

How to fix NCSECDESC  Failures in Active Directory. If you get the following when running DCDiag on a Windows AD Server do the following to correct.

 

Starting test: NCSecDesc
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn’t have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=ForestDnsZones,DC=MYDOMAIN,DC=local
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn’t have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=DomainDnsZones,DC=MYDOMAIN,DC=local         …………………….
MYHOST failed test NCSecDesc

 

Download fixfsmo.vbs and find or download ADPREP for your distribution of windows.

First run “cscript fixfsmo.vbs DC=DomainDnsZones,DC=MYDOMAIN,DC=local ” Change only the domain name to match domain, leave [DC=DOMAINDNSZONES]

Next  run “cscript fixfsmo.vbs DC=ForestDnsZones,DC=MYDOMAIN,DC=local ”  Change only the domain name to match domain, leave [DC=FORESTDNSZONES]

Next locate your ADPREP directory and change to\adprep,   now run  adprep /rodcprep . If you do not have the ADPREP tools you can get them from Microsoft’s website or on the original CD media your server came with.

Then rerun DCDiag to verify that the failures are gone.

 

 

Enjoy,

Cubert 😎

 

DCDiag fails with the host could not be resolved to an IP address check the DNS server, DHCP, server name, etc although the guid dns name couldn’t be resolved.

You run DCDiag and it returns a failure that names can not be resolved.

  
   testing server: default-first-site-name\mydomain
      starting test: connectivity
         the host 7397e120-1c8d-4f2d-b8cb-d829d16d949a._msdcs.mydomain.local could not be resolved to an
         ip address.  check the dns server, dhcp, server name, etc
         although the guid dns name
         (7397e120-1c8d-4f2d-b8cb-d829d16d949a._msdcs.mydomain.local) couldn't be
         resolved, the server name (myhost.mydomain.local) resolved to the ip
         address (192.168.1.5) and was pingable.  check that the ip address
         is registered correctly with the dns server. 
         ......................... myhost failed test connectivity

 

This is mainly due to bad or non existent DNS records on your AD server. Here are the steps to run through to make sure your Active Directory DNS has the correct records needed to allow Active Directory to function correctly in a Windows 2003 or Windows 2008 environment.

 

Steps to resolve:

  1. Verify SRV Records
    http://support.microsoft.com/kb/241515

  2.  SRV Records missing after Promo
    http://support.microsoft.com/kb/241505
  3. Verify All DC’s are point to one as “master”, Second to them self or another is better.
  4. Verify DHCP Client Service is running (needed for Dynamic DNS updates)
  5. Run at cmd prompt -> net stop netlogon && net start netlogon
  6. Run at CMD prompt -> netdiag /fix

  7. Re run at CMD prompt ->  DCDiag.exe 
You should now get a passing test when you run dcdiag.exe. You may see the following response to the dcdiag.exe execution.
Testing server: Default-First-Site-Name\MYDOMAIN
Starting test: Connectivity
*** Warning: could not confirm the identity of this server in
the directory versus the names returned by DNS servers.
If there are problems accessing this directory server then
you may need to check that this server is correctly registered
with DNS
……………………. MYHOST passed test Connectivity

 Enjoy
Cubert  😎

App Assure – Replay Core Mountability check for ‘Mailbox Database’ failed: Exchange database engine error: Error closing database

App Asure Replay CoreWith App Assure you may get the following errors after a new install of a Replay Core server and an the agent running on a Exchange 2010 server database.

Error

Thread: 2520

Logger: DsmRpChecker

Context:

Source Location: DsmRecoveryPointChecker.cpp:341

Details:

Mountability check for ‘Mailbox Database 0401075076’ failed: Exchange database engine error: Error closing database

and/or

Error

Thread: 2520

Logger: DsmRpChecker

Context:

Source Location: DsmRecoveryPointChecker.cpp:341

Details:

Mountability check for ‘Mailbox Database 0401075076’ failed: Exchange database engine error: Unable to initialize JET session. See log for details.

 

There is a known issue with Exchange 2010 running on SP1 with RollUps where this problem is experienced.

Please apply the below registry fix to the Replay Core server, and capture a new recovery point (snapshot) from the protected server to resolve the issue. Furthermore, after deployment of this fix you can go back and check the past recovery points that failed and “Force Recovery Point Check” to confirm they are good as well and get the green check symbol assigned to them.

Modify the registry on the Replay Core at the following location and assigned the specified value below:

Navigate to the location: HKEY_LOCAL_MACHINE\SOFTWARE\AppAssure\ReplayDSM\EseConfig

Modify value for “ForceDeleteUnicodeIndex” (type REG_DWORD) and assign a value of 2.

 

I hope this helps some one out there..

Enjoy 😎

Cubert

[Solved] A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005).

 

Customer Experience Improvement Program data fails to upload.

This alert is generated when a failure to upload the CEIP data to Microsoft fails on servers where you opted to be included in the CEIP. This is usually a firewall issue but sometimes admins may also have inatvertantly select to be included and really don’t want to be. To fix this or really turn it off you will find the task in the Task Scheduler under the Customer Experience Improvement Program.

 

1.Click Start, point to Administrative Tools, and then click Task Scheduler.
2.In the tree pane, open Task Scheduler Library, open Microsoft, open Windows, and then select Customer Experience Improvement Program.
3.In the results pane, Right Click the Uploader task and select to disable.

This will prevent the task from running and stop any more alerts.

Enjoy

 

Cubert

How-to Setup Windows 2008 R2 Server Core As An Active Directory Server

Setup Active Directory on a Windows Server 2008 core

 

This is pretty simple actually; Install Windows as normal but selecting a Server Core as your installation medium. It will install just like a normal Windows 2008 install until the reboot process when it loads Windows for the first time. At the point it will ask for you to set your admin password and then boot to a Window’ish

Setup Active Directory on a Windows Server 2008 core

 

This is pretty simple actually; Install Windows as normal but selecting a Server Core as your installation medium. It will install just like a normal Windows 2008 install until the reboot process when it loads Windows for the first time. At the point it will ask for you to set your admin password and then boot to a Window’ish desktop where only a Command shell is available.

At first log in there are several things we need to do to prepare the system.

 

We need to assign the server a hostname

netdom renamecomputer %computername% /newname:YourServerName

Then we add our network information

netsh interface ipv4 set address name="Local Area Connection" source=static address=192.168.1.10 mask=255.255.255.0 gateway=192.168.1.1

Then we add our DNS servers

This should be the DNS address of your Active Directory DNS Server so replace 4.2.2.2 with that IP address.
netsh interface ipv4 set dns name="Local Area Connection" source=static address=4.2.2.2 primary

Confirm your new IP setup information

ipconfig /all

Now lets restart the system

shutdown -r -t 0

After we log back in from our reboot we join the existing domain

netdom join %computername% /domain:YourDomainName.

You notice I have a “.” at the end of the line! the denotes the end of the domain name and should be used.

Lets restart the server and bring it up as a member of the domain

shutdown -r -t 0

We should go ahead and activate Windows 2008 R2 now.

 cscript C:\windows\system32\slmgr.vbs -ato

Now we need to add the DNS-Server-Core-Role

ocsetup DNS-Server-Core-Role
 

To check if it was really installed we can run.

oclist |more

Now we dcpromo the server in the unattended mode

dcpromo /unattend /replicaOrNewDomain:replica /replicaDomainDNSNAME:YourDomainName  /ConfirmGC:Yes /UserName:YourDomainName\Administrator /Password:* /safeModeAdminPassword:YourPasswordHere

The (/Password:*) tells the Server to ask you it during the request to add after you run the command. The (/safeModeAdminPassword) sets what you want the local admin password to be if you need to log in “off” the domain.

The AD DS role will be installed and afterwords the server will reboot as a domain controller.

 

Now to make your job easier lets turn on Remote Desktop so you can RDP to the Windows 2008 Server Core and operate the command shell from remote.

cscript c:\windows\system32\scregedit.wsf /AR 0

I hope this helps someone out there get a Windows 2008 Server Core up and running as a Active Directory Server quickly.

Cubert

😎

There was a problem starting oobefldr.dll The specified module could not be found

After installing Windows 2008 R2 and then running the updates you start getting “There was a problem starting oobefldr.dll The specified module could not be found” being displayed as a error pop up when logging in to the desktop?

Just remove…
/HKCU/Software/Microsoft/Windows/Currentversion/Run/WindowsWelcomeCenter
Log off and back on and and messages are now gone!

Enjoy

After installing Windows 2008 R2 and then running the updates you start getting “There was a problem starting oobefldr.dll The specified module could not be found” being displayed as a error pop up when logging in to the desktop?

Just remove…

/HKCU/Software/Microsoft/Windows/Currentversion/Run/WindowsWelcomeCenter

Log off and back on and and messages are now gone!

Enjoy