I noticed that a folder with the name of a website I removed keeps appearing under /var/www. I checked and it is created by www-data. I suspect that it's something malicious.
How can I find out what causes this?
I converted 2 MS-Dos 6.22 machines to virtual machines. Both computers have software that communicates over NETBEUI and IPX (I came to that conclusion after inspecting autoexec.bat - It loads IPX stack).
I followed this Vmware Forums post and installed the DOS amd_pcnet driver, configured it, and bound it to the required protocols. Also i installed the ODI driver for IPX/SPX did the same steps as above for it.
It seems they have NetBEUI communication, but I cannot PING between them using IPXPING.exe. I used the network address 00:00:00:00 and the MAC of the second computer when pinging.
How can I absolutely make sure there is NetBEUI and IPX communication between the 2 VM's?
UPDATE 1: I found that c:\net\ has an .ini files with the name of other machines on the network. I assumed that the files store connection configuration, and found that the file actually has a parameter netcard=DRIVER_FILE and changed it to the correct driver.
UPDATE 2: I ran Wireshark on the VMNet0 and I see that both VM's use IPX, NETVIOS, SMB and other protocols. I will inspect the packets and try to find more clues.
UPDATE 3: From the packet inspection I can see that both machines have successfully communicated over NetBIOS, established a session and transferred files using SMB. I think that is a solid indicator that NetBIOS is not the issue.
IPX, on the other side seems to have malformed packets. Both hosts broadcasted an announcement and both announcements were malformed.
A question: Is there a command to check connectivity over NetBIOS?
UPDATE 4: After much effort in both trying to solve the problem and trying to find an MS-DOS expert the client decided to discontinue the project.
The instructor got me confused on this one:
Exchange transaction logs get committed during full/normal backup. Incremental and differential backups only backup the logs. OK that is clear. But he also mentioned that the frequency of the committment is depending on the database size.
If the second is true than the logs get committed not only on full/normal backups, that means that the archive bit on EDB and STM files should be set, as they have changed. Than why are EDB and STM files not backed up in differential and incremental backups, they both use the archive bit don't they?
I have some basic question about SMTP (try not to laugh too much).
When i try to use SMTP via telnet to send email on google it requires authentication. Mail servers use SMTP to relay messages between them right? So how do they relay using SMTP without authenticating to each other? I queried for the MX of googles mail servers and tried initiating SMTP session via telnet, but it didn't seem to work, I just had a black screen, no HELO, no EHLO, nothing.
I configured a 2 node cluster on 2 Windows 2003 machines with Exchange 2003
The resources:
- Majority node set
- Data volume
- Cluster IP
- Cluster network name
- Exchange 2003 system attendant (and all it's dependent resources)
When both are online, I can successfully failover from one node to the other by stoping the cluster service on one of the nodes, and Exchange 2003 works properly.
I tried disabling the network interfaces on one server to see if it propperly failovers in more realistic scenario and something weird occured - The cluster service on the other node has stopped and the whole cluster is unavailable.
The service is trying to restart but fails. The event log shows:
Event ID 1009:
Cluster service could not join an existing server cluster and could not form a new server cluster. Cluster service has terminated.
I'f it failovers only if you manually disable the service in one node, thet defeats the whole purpose of having the cluster in the first place.
Please advice.
I created a test cluster in Windows 2003 running on Virtual Box. The virtual disk to be used as a cluster resource has been changed to type shereable using VBoxManage command line utility. On that disk I created a primary partition and mounted it on one server as drive D. The cluster has been created successfully using Majority Node Set for quorum.
When adding drive D as a resource it failes and becomes unavailible in explorer, removing the disk from the resources makes it availible again.
To eliminate the Shereable vdi disk as the cause I created a new virtual disk on a new virtual SCSI controller, which does not have Shereable for it's Type. Still when added as a cluster resource it fails and becomes unavailible.
I installed 3 CA's in lab environment:
- SA Root CA
- SA Intermediate CA
- Enterprise CA (also DC)
The instructor recommends taking Root and Intermediate CA's offline once the Enterprise CA has been issued it's certificate. I took Root and Intermediate CA's offline and now the Enterprise CA's certificate cannot be verified because both Root and Intermediate CA's are in the chain of trust and are unavailible.
To overcome that I thought to publish the CRL's to a shared folder on a server that is always availible, but CRL's are valid only for a week. That means I have to bring both Root and Intermediate CA's up every week to publish CRL's?
What is the commonly proposed solution to such scenario?
I just finished the 70-294 Kit, and I am left with a huge knownegde gap:
The instructor says that replication taked place 15 seconds after a change is made, and 3 seconds addition for any additional DC.
Likewise, some changes trigger urgent replication between sites (security related).
OK, that makes sence.
Then why, in AD Sites and Services, do the Intersite link objects have an attribute of Replication Schedule? Is there another replication that takes place regardless of changes?
We have a Windows Server 2008 R2 running Remote Desktop Services. Some user receives an error 'Not enough resources or memory' when trying to view address book in Outlook 2007. Also when trying to open a file in MS Word 2007.
I installed Terminal Services on Windows 2003 DC, configured everything and successfully connected as a Terminal user from another ws.
I configured in AD Users and Computer under the 'Environment' tab, 'Start the following program at logon' the calc.exe to run. The instructor clearly said that if you close it, the session disconnects. I loged on witht he user, closed the calculator and was left with a grey desktop. The session remains open.
Another issue is that although I enabled remote control under 'Remote Control' tab, when I right-click a user session under Terminal Services Manager, 'Remote Control' is greyed out.
When you connect to a server through an MMC console on a local computer (dsa.msc for example), what ports does the connection occur on?
Is there any kind of protection from a rogue station hijaking the connection?
I want to use the command line to install something, we have 2 OS's in 2 languages. To install the package in correct language I need to find out what the system language is.
How do I get the system language from the command line?
That sounds very unlikely to me, but just to be sure: Can a member of 'Domain Users' join a computer to the domain (granted that he has the local administrator account)?
The instructor said it, and it sounds very wrong. I tested it and I got 'Access denied' when I tryied to supply a regular users credentials. Am I missing something here?
Update: You get Access Denied if you already have a computer with that name in AD. If you delete the account, any user with local Administrator account could join the computer, auto creating an account in AD. UNBELIEVABLE.
I created a roaming mandatory profile, logged in as the user with the mandatory profile and made some changes to test it.
After I logged off and logged in again as the user, I saw that the changes were not reverted back to the mandatory profile. The profile on the server was not altered.
I logged in as the administrator and tried to delete the profile, but when viewing it through User Profiles dialog in System Properties I am unable to make changes to it, as if the user is still logged in.
Fast User Switching service is set to 'Manual' and isn't running.
I reset the workstation and logged it as the user with the mandatory profile and the changes reverted back as supposed.
Why is the profile locked even when the user is not logged in?
I tried to put commands that return output into batch file. When I run the batch file it executes the command over and over until I cancel with CTRL+C.
I observed this behavior in Windows CE, Windows XP, Windows 7 and Server 2003. At first I thought I made a mistake with LDIFDE but the same thing goes for PING.
Is there something I missed with batch scripting?
The file contains one line:
ping google.com
Can someone explain TCT/IP > Properties > Advanced > 'DNS' tab please? I know what DNS, primary DNS suffix and DNS suffix are, but this tab has some confusing properties.
One of the workstations we have had it's security log full. The reason to that was constantly appearing event 861, that is Widows Firewall blocks processes svchost.exe and lsass.exe from listening to non-system over UDP. By non-system ports I mean high number ports such as 1500, 3000, 6000 (not limited to those).
Why on earth would the Services Host process would be listening to ports usually used by programs over UDP?
I scanned for infections using 3 different anti-malware tools and found nothing. This looks like an infection, but no infection is found. I am investigating which processes actually run under the process ID's that listen. I will post the services a bit later.
Hey, I've been troubleshooting network issues on servers with 2 NICs and laptops with wired and wireless cards. How can I force the PING and TELNET to be sent from a specific adapter? I know it's a trouble with windows. Turning off one of the adapters is not an option, I am always connected through one of the adapters. There must be some command line option to prefer one adapter over the other.
Thanks
Hey, I have a server running Windows 2003, the server seems to be slow when controlled remotely. I opened the performance monitor and moved the window, the CPU usage peaked to 100% for a moment, then it went back to being close to zero. Is that a normal situation?
When trying to Send/Recieve Outlook throws 0X8004010F 'Cant find Object', the account is an Exchange account, Exchange 2007. I tried stopping MSExchangeFDS, deleting OAB, Updating OAB and restarting MSExchangeFDS.
Please advice.