Archive for category troubleshooting
Increase Virtual Hard Disk
Posted by Bloggylife in technology, troubleshooting on June 15, 2009
We’ve started with virtualization, I’ll talk about this beautiful sexy technology some other time. My hands are all over it.
When creating virtual machines, each seems to have it’s own hard disk and partitions, but in fact they all share a single storage to which the virtual server that manages the virtual machines points to.
I got one v-machine with 20 GB of hard disk space and I want to increase it. Through the setting of the machines you can increase the hard disk space. Back to the v-machine, go to computer management -> disk management, you’ll see the newly unallocated space, to partition and format.
I couldn’t extend my single primary partition with the tools available in windows, I think I’ll need third party softwares.
What I did, is clone my v-machine and as I was creating the new settings, increased the C volume space. of course, you’ll need enough space to be able to create this replica machine.
Don’t forget to, tick off the connected box in network settings, if you added a network, because you don’t want conflict issues, when powering on the new machine.
Will test it fully tomorrow, to make sure all is good. Give the same settings, IP, computer name, etc, to the newly created v-machine and shut down the original one. If all goes well after some time, delete the original one to free up some space.
Cont. Deploying Application Packages
Posted by Bloggylife in troubleshooting, windows on June 15, 2009
I’ll share some of the issues we faced along the way, we already deployed WSUS into our network that pushes Microsoft updates according to your GPO settings on the domain level.
I came across another product, Microsoft System Center Essentials (link), which also includes WSUS technology but adds to that updates of third parties software, how cool is that 
If you have problems installing the management software from a media, go to Microsoft website and download it from there along with SP1 (link). That solved the first problem I faced.
Upon the configuration, it’ll ask you if you want to automatically create a domain policy, you’ll need administrative privileges and then go ahead search for computers and add manually or in a bulk.
One advice, when choosing the server, take care it has enough hard disk space, for all the software updates and deployment packages it needs to store.
Pushing agents to computers, is through the management console, where you select a computer and provide administrator credentials. You can create package from .exe or .msi files.
You can group computers and approve package installation. For msi packages you can provide installation properties, The executable program that interprets packages and installs products is Msiexec.exe. To see the list of parameters, run this on a command prompt window Msiexec, the below should appear.
On a single domain, you can have only one Microsoft System Center, it’ll give you an error if you try to install another System Center on a network already managed by one.
You can force end computers to communicate with the system center to check for updates or software that needs to be downloaded through running this command on end machines.
wuauclt.exe /detectnow
If indeed there is something to be downloaded, the yellow shield will appear next to the time and date, machines may face problems downloading, check this out:
- Windows update service is running
- All antivirus applications are up to date, because if they are not, they will block such activities. Check if windows defender is installed, that was one of the problems that caused download to fail
After the download is complete and according to your global setting the installation should start, to check the time of installation, check your local windows update settings, which can be access through the control panel or on the domain level settings.
This product offers so much more, details about the machines it managing through their agents, it triggers alerts, and generates reports.
But for now, I was really glad to be able to push third party packages silently to end machines and check the status as successful
References:
Email Error: Invalid EHLO/HELO domain
Posted by Bloggylife in troubleshooting on May 27, 2009
Sending from my company email to another company email I got this error (link)
smtp; 550 5.5.0 Invalid EHLO/HELO domain
It’s because the other end mail server complies with SMTP standard (RCF 5321)
For our external email transfers, our spam filter handles it, that is Mail Transfer Agent (MTA). The problem was the FQDN configured didn’t publically resolve. Our MTA public IP didn’t have a Host A record on public DNS. It’s just natted to a public IP through our firewall.
You might wonder how this is possible?
See we receive through one SMTP connector (SMPTin.company.com) and send throughout another (SMTPout.company.com). So our DNS records, MX records, A records, are pointing to our (SMTPin.company.com)
So the HELO/EHLO value our mail server provided in the mail session when connected to the other end was not a publically resolvable FQDN. The value SMTPout.company.com, didn’t have an A record associated with it.
Updated the DNS records with the SMTPout.company.com A record.
I’m not sure how many mail servers out there comply with RFC5321 standard, but if you have this misconfiguration, you’ll face a problem when sending to such mail servers.
Thanks Nick for all the help you provided
Bind IP to DNS service
Posted by Bloggylife in troubleshooting, windows on May 16, 2009
We faced a problem with our DNS (link), that made me look deeper into its configuration.
Our server is Microsoft Server 2003 which runs two services FTP and DNS.
You can configure many IPs on a single network card, this is common with web servers running multiple sites. You can view the multiple IPs, in the Advance TCP/IP settings of your network card. Under the IP Settings tab.
For web services, in the IIS configuration you can assign each site an IP, because by default each site runs on the default port 80 (http), so if you want to run multiple sites on the same IP you need to assign different ports not used by other services. So to avoid all that and for end users to access directly through http default port, each site has an independent IP.
For DNS in Microsoft, if you go to the management console, there are some settings to which IP to listen to receive DNS requests and also, which DNS servers to trust to load records from. To know which IP the DNS is actually using, right click the DNS and select Launch nslookup, the IP that appears at the top of the command window is the IP binded to the DNS service.
What I came to notice, it’s the first IP in the IP addresses in the Advance TCP/IP settings.
Solution:
To overcome the problem, I faced in my previous post. I just removed the IP I wanted the DNS to use and added it again and it appeared on the top. And that solved the problem and I removed the IP used by the FTP from all our primary DNS settings.
In IIS settings, if you go to your FTP site, and see the properties, you’ll see the IP the FTP uses.
Email Problem: Fatal Error
Posted by Bloggylife in troubleshooting on May 12, 2009
Catchy title ;P A company contacted me regarding receiving a fatal error their email encounters when sending to our domain.
I saw the error message they are receiving, their email server, trying to resolve our domain using a local DNS in their premises and failing to do so.
This is how I troubleshooted:
- Checked our flow of emails, we are receiving and sending emails
- We have received emails from that company in the morning
- I nslookup-ed our email entries against our domain
- I used an external DNS and all our entries we resolving just fine
- I used external email account to send and receive emails with/without attachment (that took quite a while to reach its destination)
So I told them it’s a DNS problem, you’re having problem looking up our MX records in order to send us emails, check your DNS server.
Actually I was glad everything was fine from our end and left it at that and didn’t investigate thoroughly. The next day their IT person sends a report stating one of our DNS is giving them problems, so a temporarily solution, all DNS queries are forwarded to the functioning one!
WTF, I forgot to check the secondary DNS and what do you know, it’s not loading any records in any of the zones configured!!
So you see, they were having a problem, because their email server was querying our MX records against our secondary DNS server which had a problem. It wasn’t down or else it would’ve gone to the primary one, it was up and running with empty zones ;P
CONCLUSION, it was a DNS problem, but it was OURS not theirs ;P
Our secondary DNS is of course located in the DMZ, it’s running two services, DNS and FTP, each having their own IP. The issue was for security reasons, you configure your primary zone to allow zone transfers to listed IPs, I listed the seconday DNS IP but just to make sure you have configured the correct IP.
In DNS management console, right click the DNS server and select nslookup, the DNS IP should appear, that IP should be configured on the primary DNS.
Our problem, it was receiving DNS queries with one IP and loading zone information from primary DNS with the IP assigned for the FTP services!
I’m not quite sure why it’s doing that … I just included both IPs as trusted in the primary DNS configuration and voila it worked 
Sat down and wrote an apology email to the company and believe it or not when sending to their other company handling their IT services I got another error:
smtp; 550 5.5.0 Invalid EHLO/HELO domain.
What I did to solve this problem ;P used my gmail account to send the apology email to the IT person ;P I’ll just leave that to another day or as we all know tomorrow ;P
Send To Mail Recipient Error
Posted by Bloggylife in troubleshooting, windows on May 10, 2009
I get this error when trying to Send To Mail from within any application or using right click -> Send To -> Mail Recipient option for a file on the desktop for example.
mapi32.dll is an invalid Extended MAPI Library
To solve this problem. Since I still have my old machine running – it’s still doing me good – with the same office version 2007. I copies the dll file, mapi32.dll from (C:\WINDOWS\system32) and placed it the exact location of the new machine, closed outlook and opened it again and problem solved.
Outlook Address History
Posted by Bloggylife in troubleshooting, windows on May 7, 2009
I’ve transferred to a new machine. As my email client, I use outlook at work and I was annoyed that all my address history that I didn’t store in my contacts, aren’t displayed any more. After a quick search, I knew which file to transfer from my old machine to the new one to get this problem fixed.
C:\Documents and Settings\user name\Application Data\Microsoft\Outlook\Outlook.NK2
Copy the .NK2 file to the exact location of your new machine, but becareful that it’ll overwrite your cached addresses on your other machine!
Of course I had my outlook closed during the whole copy paste process, then I opened it to take in the new file, it detected that the outlook wasn’t closed properly and tried to repair. After the process finished, I typed in my old address and out they come
Changing Networks Tips
Posted by Bloggylife in technology, troubleshooting on April 9, 2009
It can get a bit tedious when changing the design of your network, if you have an existing configured network, it’s harder to change it then implement a new one all together.
If you look at a company’s network, it’s focal point is its firewall. Behind each interface is a network or a group of networks.
On the 3-layer switch level, you’ll have the VLANs configured and on that switching level, there are routing capabilities, all is routed to the gateway. ex. users private network will be routed to a single firewall interface (172.17.1.1), where as your DMZ private network, has it’s own interface on the firewall.
When changing the network, do it one step at a time, have your design layout and let it make sense, if you have VLANs, name your VLANs correlated with the network IP settings, ex. VLAN 3 is configured for network 10.3.x.x, something to make your life easier for future troubleshooting.
Change one thing a day (VLAN/switch) and start with the least network usage department/users. Which locations, uses the network resources less, they don’t depend on the email system, Internet, etc. Most of their tasks are local to their PCs. Preferable, if it has the less users mixture, what we call direct users who are configure on another level, firewall, to use services other than the normal ones, like direct access to application servers.
Adding a new VLAN, doesn’t mean you delete the old one, keep it still, the same VLAN maybe configured somewhere else you aren’t aware of and needs to be routed.
Don’t forget to go beyond the switch level, your firewall needs to be aware of the new settings. Route the new network to the proper interface and don’t forget to add the network group on the firewall application, it has to know that this is a valid network residing behind that specific interface, ex. network 10.x.x.x is behind interface 172.17.1.1, or else the firewall will drop the packets presuming it some kind of spoofing attack. These settings are needed for users with public IPs natted to their private ones.
Check everything after each configuration, even if you think it won’t effect what you are checking, believe me with IT crazy things that don’t make sense happen all the time!
Write everything down, day and what tasks were done and build up your documentation through that.
Leave the servers network last, this is a huge headache, you can have both old and new server network, working side by side, routing between each other and gradually shift them and don’t forget to PRAY throughout the whole process
Guest Networks
Posted by Bloggylife in troubleshooting on April 6, 2009
When configuring a guest network in your organization, you limit the access. Most probably you’ll only allow certain popular services such as (http, https) to the outside world and block all incoming traffic into your network.
That is guest network can not access private internal network.
One thing to keep in mind when assigning the network details, IP, gateway, DNS, etc. Is assign an external DNS to guest network clients.
They won’t have a problem as long as they are accessing sites and services outside your network but once they try to access anything within your network, there might be a problem.
If they are using your internal DNS to resolve names, they’ll have a problem when accessing for example your homepage, email page, since the internal DNS will resolve it to the internal IP and your firewall settings doesn’t allow guest users access to the internal network.
Where as, if you assign an external DNS, it’ll resolve to the public IP, so they’ll access your published sites and services, like all other outside users, then you won’t have a problem. And that will save you the headache of configuring the firewall to allow guest users access to published sites and services via internal IP.
Each network has their own setup and configuration, but the outcome is the same.
Simple IT
Posted by Bloggylife in troubleshooting, work on March 9, 2009
How gmail notifier is helping me at work?
Whenever the exclamation mark (!) comes on, something is wrong.
So as you can see, this is a snapshot, from my work PC, our ISP disconnected us again Internationally. wAllah, I don’t know if they’re doing it on purpose or not, at home my KEMs 1Mb account, is slow, I’m not sure if they are throttling traffic or not, but when I go to testing sites, it shows 800Kb/sec, but the browsing is slow and no downloads at all. Are they prioritizing these sites, maybe …
What’s with these International fiber cuts?? It’s reported 6 STM-1 lines are down, the data rate of each one is 155Mb/sec, so that’s about near 1Gb … How long has this been going, I believe since three weeks …
These are simple utilities that might be taken for granted but are useful for on the spot detection and troubleshooting. Sij ena once, I got the (!) mark and it turned out that the application itself got corrupted and I had to uninstall it … ya3nee salfa … but it’s a nice way to keep your eyes on things in a simple way.
Recent Comments