Archive for category troubleshooting
PC Infected: kbppsysguard.exe
Posted by Bloggylife in troubleshooting on November 25, 2009
My laptop got hit! I was down for most of the day with a trojan that I don’t know how it got installed, I just entered a cooking site, leqafa, and then stuff started popping up!
It disabled my Antivirus and everytime I opened my task manager, it closed it.
I booted in safe mode, F12, and scanned my PC and amazingly, neither AVG nor Ad-aware detected it. I booted back in normal mode and then my anti-spyware detected abnormalities in (…/AppData/Local/…) directory, so I decided to just delete it manually, but couldn’t do that while the malicious software was running, I couldn’t kill the process, thus I was not able to delete the executable.
I booted back to safe mode, it was located under (…/AppData/Local/ywuvh/kbppsysguard.exe) and deleted it, I deleted everything under Temp folder, I then searched my registry for entries (kbppsysguard) and deleted two. I didn’t empty my recycle bin, I’ll tell you why in a minute.
I restarted my PC and customized my scan settings and included the recycle bin and now it detected it! Weird!!
Anyway it took me almost all day to sort this out but thank GOD I managed to remove that silly infection.
I wasn’t able to browse and that seems weird because I successfully authenticated to the university network and got a public IP, but couldn’t browse … think what could be the problem ….
Checked my proxy settings on all of my browsers and it was configured to local host (127.0.0.1)! Removed that and happily browsing 
Just A Question
Posted by Bloggylife in troubleshooting on July 25, 2009
Does “Connections” even if accompanied with “Stupidity” overpower “Hard Work” ??
TCPView for Windows
Posted by Bloggylife in troubleshooting, windows on July 19, 2009
In any client server scenario, it’s hard to connect the process running on the server to the client on basic windows commands. Usually all processes will run under system account. This is an awesome tool that makes the task much easier.
TCPView is a Windows program that will show you detailed listings of all TCP and UDP endpoints on your system, including the local and remote addresses and state of TCP connections. On Windows Server 2008, Vista, NT, 2000 and XP TCPView also reports the name of the process that owns the endpoint. TCPView provides a more informative and conveniently presented subset of the Netstat program that ships with Windows. The TCPView download includes Tcpvcon, a command-line version with the same functionality.
Site: Link
Download software: Link
Increase Virtual Hard Disk
Posted by Bloggylife in technology, troubleshooting on June 15, 2009
We’ve started with virtualization, I’ll talk about this beautiful sexy technology some other time. My hands are all over it.
When creating virtual machines, each seems to have it’s own hard disk and partitions, but in fact they all share a single storage to which the virtual server that manages the virtual machines points to.
I got one v-machine with 20 GB of hard disk space and I want to increase it. Through the setting of the machines you can increase the hard disk space. Back to the v-machine, go to computer management -> disk management, you’ll see the newly unallocated space, to partition and format.
I couldn’t extend my single primary partition with the tools available in windows, I think I’ll need third party softwares.
What I did, is clone my v-machine and as I was creating the new settings, increased the C volume space. of course, you’ll need enough space to be able to create this replica machine.
Don’t forget to, tick off the connected box in network settings, if you added a network, because you don’t want conflict issues, when powering on the new machine.
Will test it fully tomorrow, to make sure all is good. Give the same settings, IP, computer name, etc, to the newly created v-machine and shut down the original one. If all goes well after some time, delete the original one to free up some space.
Cont. Deploying Application Packages
Posted by Bloggylife in troubleshooting, windows on June 15, 2009
I’ll share some of the issues we faced along the way, we already deployed WSUS into our network that pushes Microsoft updates according to your GPO settings on the domain level.
I came across another product, Microsoft System Center Essentials (link), which also includes WSUS technology but adds to that updates of third parties software, how cool is that 
If you have problems installing the management software from a media, go to Microsoft website and download it from there along with SP1 (link). That solved the first problem I faced.
Upon the configuration, it’ll ask you if you want to automatically create a domain policy, you’ll need administrative privileges and then go ahead search for computers and add manually or in a bulk.
One advice, when choosing the server, take care it has enough hard disk space, for all the software updates and deployment packages it needs to store.
Pushing agents to computers, is through the management console, where you select a computer and provide administrator credentials. You can create package from .exe or .msi files.
You can group computers and approve package installation. For msi packages you can provide installation properties, The executable program that interprets packages and installs products is Msiexec.exe. To see the list of parameters, run this on a command prompt window Msiexec, the below should appear.
On a single domain, you can have only one Microsoft System Center, it’ll give you an error if you try to install another System Center on a network already managed by one.
You can force end computers to communicate with the system center to check for updates or software that needs to be downloaded through running this command on end machines.
wuauclt.exe /detectnow
If indeed there is something to be downloaded, the yellow shield will appear next to the time and date, machines may face problems downloading, check this out:
- Windows update service is running
- All antivirus applications are up to date, because if they are not, they will block such activities. Check if windows defender is installed, that was one of the problems that caused download to fail
After the download is complete and according to your global setting the installation should start, to check the time of installation, check your local windows update settings, which can be access through the control panel or on the domain level settings.
This product offers so much more, details about the machines it managing through their agents, it triggers alerts, and generates reports.
But for now, I was really glad to be able to push third party packages silently to end machines and check the status as successful
References:
Email Error: Invalid EHLO/HELO domain
Posted by Bloggylife in troubleshooting on May 27, 2009
Sending from my company email to another company email I got this error (link)
smtp; 550 5.5.0 Invalid EHLO/HELO domain
It’s because the other end mail server complies with SMTP standard (RCF 5321)
For our external email transfers, our spam filter handles it, that is Mail Transfer Agent (MTA). The problem was the FQDN configured didn’t publically resolve. Our MTA public IP didn’t have a Host A record on public DNS. It’s just natted to a public IP through our firewall.
You might wonder how this is possible?
See we receive through one SMTP connector (SMPTin.company.com) and send throughout another (SMTPout.company.com). So our DNS records, MX records, A records, are pointing to our (SMTPin.company.com)
So the HELO/EHLO value our mail server provided in the mail session when connected to the other end was not a publically resolvable FQDN. The value SMTPout.company.com, didn’t have an A record associated with it.
Updated the DNS records with the SMTPout.company.com A record.
I’m not sure how many mail servers out there comply with RFC5321 standard, but if you have this misconfiguration, you’ll face a problem when sending to such mail servers.
Thanks Nick for all the help you provided
Bind IP to DNS service
Posted by Bloggylife in troubleshooting, windows on May 16, 2009
We faced a problem with our DNS (link), that made me look deeper into its configuration.
Our server is Microsoft Server 2003 which runs two services FTP and DNS.
You can configure many IPs on a single network card, this is common with web servers running multiple sites. You can view the multiple IPs, in the Advance TCP/IP settings of your network card. Under the IP Settings tab.
For web services, in the IIS configuration you can assign each site an IP, because by default each site runs on the default port 80 (http), so if you want to run multiple sites on the same IP you need to assign different ports not used by other services. So to avoid all that and for end users to access directly through http default port, each site has an independent IP.
For DNS in Microsoft, if you go to the management console, there are some settings to which IP to listen to receive DNS requests and also, which DNS servers to trust to load records from. To know which IP the DNS is actually using, right click the DNS and select Launch nslookup, the IP that appears at the top of the command window is the IP binded to the DNS service.
What I came to notice, it’s the first IP in the IP addresses in the Advance TCP/IP settings.
Solution:
To overcome the problem, I faced in my previous post. I just removed the IP I wanted the DNS to use and added it again and it appeared on the top. And that solved the problem and I removed the IP used by the FTP from all our primary DNS settings.
In IIS settings, if you go to your FTP site, and see the properties, you’ll see the IP the FTP uses.
Email Problem: Fatal Error
Posted by Bloggylife in troubleshooting on May 12, 2009
Catchy title ;P A company contacted me regarding receiving a fatal error their email encounters when sending to our domain.
I saw the error message they are receiving, their email server, trying to resolve our domain using a local DNS in their premises and failing to do so.
This is how I troubleshooted:
- Checked our flow of emails, we are receiving and sending emails
- We have received emails from that company in the morning
- I nslookup-ed our email entries against our domain
- I used an external DNS and all our entries we resolving just fine
- I used external email account to send and receive emails with/without attachment (that took quite a while to reach its destination)
So I told them it’s a DNS problem, you’re having problem looking up our MX records in order to send us emails, check your DNS server.
Actually I was glad everything was fine from our end and left it at that and didn’t investigate thoroughly. The next day their IT person sends a report stating one of our DNS is giving them problems, so a temporarily solution, all DNS queries are forwarded to the functioning one!
WTF, I forgot to check the secondary DNS and what do you know, it’s not loading any records in any of the zones configured!!
So you see, they were having a problem, because their email server was querying our MX records against our secondary DNS server which had a problem. It wasn’t down or else it would’ve gone to the primary one, it was up and running with empty zones ;P
CONCLUSION, it was a DNS problem, but it was OURS not theirs ;P
Our secondary DNS is of course located in the DMZ, it’s running two services, DNS and FTP, each having their own IP. The issue was for security reasons, you configure your primary zone to allow zone transfers to listed IPs, I listed the seconday DNS IP but just to make sure you have configured the correct IP.
In DNS management console, right click the DNS server and select nslookup, the DNS IP should appear, that IP should be configured on the primary DNS.
Our problem, it was receiving DNS queries with one IP and loading zone information from primary DNS with the IP assigned for the FTP services!
I’m not quite sure why it’s doing that … I just included both IPs as trusted in the primary DNS configuration and voila it worked 
Sat down and wrote an apology email to the company and believe it or not when sending to their other company handling their IT services I got another error:
smtp; 550 5.5.0 Invalid EHLO/HELO domain.
What I did to solve this problem ;P used my gmail account to send the apology email to the IT person ;P I’ll just leave that to another day or as we all know tomorrow ;P
Send To Mail Recipient Error
Posted by Bloggylife in troubleshooting, windows on May 10, 2009
I get this error when trying to Send To Mail from within any application or using right click -> Send To -> Mail Recipient option for a file on the desktop for example.
mapi32.dll is an invalid Extended MAPI Library
To solve this problem. Since I still have my old machine running – it’s still doing me good – with the same office version 2007. I copies the dll file, mapi32.dll from (C:\WINDOWS\system32) and placed it the exact location of the new machine, closed outlook and opened it again and problem solved.
Outlook Address History
Posted by Bloggylife in troubleshooting, windows on May 7, 2009
I’ve transferred to a new machine. As my email client, I use outlook at work and I was annoyed that all my address history that I didn’t store in my contacts, aren’t displayed any more. After a quick search, I knew which file to transfer from my old machine to the new one to get this problem fixed.
C:\Documents and Settings\user name\Application Data\Microsoft\Outlook\Outlook.NK2
Copy the .NK2 file to the exact location of your new machine, but becareful that it’ll overwrite your cached addresses on your other machine!
Of course I had my outlook closed during the whole copy paste process, then I opened it to take in the new file, it detected that the outlook wasn’t closed properly and tried to repair. After the process finished, I typed in my old address and out they come
-
You are currently browsing the archives for the troubleshooting category.
Recent Comments