Re-establish Remote Connection to Integrated Remote Console via iLO ports

my current production infrastructure is managed well, however let me list out one of the recent issues which  we faced during remote connection to blade server via iLO port using web browsers. We initially thought of browser issue. We tried sorting this issue using internet explorer v9, google chrome, firefox, safari and opera and in most cases minimum problems were noted using IE ver6.

Issue:

"Integrated Remote Console is unavailable, it is already in use by a different client" - This message pops-up when a remote session is already open from one of the bays.

Blade Server Chassis- BladeSystem c7000 series Enclosure. status – blue blink indicating the server on bay 2 is in use

Click device bays and check the UID for description 'Blink'; in real-time blinks with blue LED.

Click the iLO (integrated Lights Output) IP address associated to server.

select Diagnostics

and finally click Reset will reset the counter to 0 and wait for a fresh remote connection request.

degraded message: Blade Server ProLiant BL460c G6

BladeSystem c7000 Enclosures: Device is reporting an internal degraded status from one of the Blade Server ProLiant BL460c G6

This error in usual cases fades when RAM is removed and placed on slots again. For almost 6 months we could live with that simple troubleshooting. However, if the symptom recurs after 2-3 days check the IML Logs. Check for exact memory module (ex. Processor 2, Memory Module 2) and change it.

Memory degraded message on one of the blade server at Bay 6 on BladeSystem c7000 Enclosures

SharePoint 2010 content level backup using Symantec Backup Exec

..after our recent upgrade from MOSS 2007 to SharePoint 2010, we had to re-think about real scenario restoration; balancing compliance with the organizational SLAs.

Never we had a second thought that we should rely on with one kind of backup for our infrastructure. So we bridged 4 kinds of SharePoint backups including real-time replication functionality from third party vendors.

• Backup using SharePoint STSADM command which starts with a script and alerts the completion status.
• SQL Content DB level backups
• SharePoint 2010 content level backups from Symantec Backup Exec
• Real-Time replication to the disaster recovery site using AvePoint's DocAve replicator.

I'm also testing the SQL mirroring which would eventually eliminate the third party applications for replication. The only hurdle is huge database data transfer over MPLS line and fine tuning and enabling proper listner ports. I will shortly achieve that.. anyhow, I'm highlighting below the only issue what we encountered during 3rd party content backup.

Issues and remediation:

using Symantec Backup Exec 2010R3, server farm addition ended up with error: "none of the web servers for the specified server farm could be accessed"

adding backup exec system account (BESA) to the SP Farm Admin's group and addition of BESA to SharePoint's BE DB server with public and sysadmin privilege sorted the issue.

Sharepoint Farm visible from Backup Exec application

here you can restore a single file, site or anything which went erroneous before the previous backup.

note: make sure you have a valid SharePoint per server license from the vendor.

ref: http://www.symantec.com/business/support/index?page=content&id=TECH139224&actp=search&viewlocale=en_US&searchid=1338968135697

Tips for SharePoint 2010 Backup

SharePoint 2010 Backup

.. I will shortly add more steps tested, accomplished and documented in our environment.

high availability WFE for development labs

..just sharing this architectural diagram which last year I had created and deployed from scratch for our development team..

2 Tier Architecture. here WFEs are redundant. In 3-T architecture we can go with WFE and Database layer redundancy.

Latest Flame/W32 Malware protection released in market

Speculations about the ‘most sophisticated cyber weapon yet unleashed’ especially in the middle-east has remediation, exactly interpreting Newton’s Third Law of motion “For every action there is an equal and opposite reaction”. That’s why the antivirus giants are made for..!

Flame/W32 Malware

Cyber attacks are becoming increasingly sophisticated through programs that can operate many actions remotely without being detected easily. This Notice will illustrate the function of “Worm.W32/FLAME” a malware targeting Windows based systems (XP, Vista and Windows 7), presenting an incredible set of features that would capture sensitive information and send it to remote servers for criminal, espionage or other malicious activities.

I just reviewed our antivirus protection labs online which says that we are protected with this outbreak. I confirmed to my colleagues for not to be panic as that our infrastructure running McAfee ePO - McAfee DAT protection has taken care of this virus/malware coz. we were currently running 6727 Dat ver. released yesterday. The AV & ASpyware coverage for W32/Skywiper was included in 6726 version itself.

http://www.mcafee.com/us/about/skywiper.aspx << Mcafee Labs briefings

[AV / MWG Coverage is provided in the 6726 DATs released on May 29) as "Skywiper"]

http://blogs.mcafee.com/mcafee-labs/jumping-in-to-the-flames-of-skywiper

In a nutshell: (..also read my article about - Information Security Awareness)

Spreading method

The malware spreads via networks or removable media; it may also hold different names as described in a table in the Appendix B of this document.

Risks

The most direct and immediate risk highlighted by this event is the theft of sensitive information or records. In general, the risks are multiple when considering the number of existing or upgradeable functions that this malware allows to plug-in.

Detection

Watch carefully for the presence of the following files on your system:

1. Perform a search for the file ~DEB93D.tmp. Its presence on a system means that it either is or has been infected by Flame.

2. Check the registry key HKLM_SYSTEM\CurrentControlSet\Control\Lsa\ Authentication Packages.
    If you find mssecmgr.ocx or authpack.ocx in there - you are infected with Flame.

3. Check for the presence of the following catalogs. If present - you’re infected.
    C:\Program Files\Common Files\Microsoft Shared\MSSecurityMgr
    C:\Program Files\Common Files\Microsoft Shared\MSAudio
    C:\Program Files\Common Files\Microsoft Shared\MSAuthCtrl
    C:\Program Files\Common Files\Microsoft Shared\MSAPackages
    C:\Program Files\Common Files\Microsoft Shared\MSSndMix

4. Perform a search for the following files:

svchost1ex.mof

Svchostevt.mof

frog.bat

netcfgi.ocx

authpack.ocx

~a29.tmp

rdcvlt32.exe

to961.tmp

authcfg.dat

Wpab32.bat

ctrllist.dat

winrt32.ocx

winrt32.dll

scsec32.exe

grb9m2.bat

winconf32.ocx

watchxb.sys

sdclt32.exe

scaud32.exe

pcldrvx.ocx

mssvc32.ocx

mssui.drv

modevga.com

indsvc32.ocx
comspol32.ocx
comspol32.dll

browse32.ocx

Recommendations/Risk Mitigation

The following actions will help to contain and remove the infection of the malware:

·         Patch your Windows system, office applications and instant messenger applications

·         Update your antivirus/antimalware solution

·         Specific removal tools exist as vendors have started to deploy them. From McAfee Labs stinger tools are available here.

Virus detected by AV software

The malware can have various names and here is a list below with has been identified with different naming:

Antivirus          Result

AhnLab-V3       -

AntiVir             TR/Flamer.A

Antiy-AVL        -

Avast   -

AVG     -

BitDefender    Trojan.Flame.A

ByteHero         -

CAT-QuickHeal            -

ClamAV           -

Commtouch    -

Comodo           -

DrWeb             Win32.HLLW.Flame.1

Emsisoft          Worm.Win32.Flame!IK

eSafe   -

F-Prot -

F-Secure          Trojan.Flame.A

Fortinet           -

GData Trojan.Flame.A

Ikarus Worm.Win32.Flame

Jiangmin          -

K7AntiVirus     EmailWorm

Kaspersky        Worm.Win32.Flame.a

McAfee           SkyWiper

McAfee-GW-Edition    Artemis!BDC9E04388BD

Microsoft        Worm:Win32/Flame.gen!A

NOD32            Win32/Flamer.A

Norman           -

nProtect          Worm/W32.Flame.6166528

Panda -

PCTools           Malware.Flamer

Rising -

Sophos             W32/Flame-Gen

SUPERAntiSpyware     -

Symantec        W32.Flamer

TheHacker       -

TotalDefense   -

TrendMicro     WORM_FLAMER.A

TrendMicro-HouseCall           -

VBA32             BScope.Trojan.MTA.01233

VIPRE   Worm.Win32.Flame.a

ViRobot           Worm.Win32.S.Flame.6166528

VirusBuster     -

.. more Antivirus & Antispyware
.. more Antivirus Free recommended Downloads

Windows 7 starts with a temporary profile

i'm posting the below nature of concern which we commonly noticed in our environment and was quite frustrating.
This can happen if an admin deletes the domain user profile (say xyz) from c:\users\xyz and thereafter  the same deleted user (xyz) logins to the system.

Note that if a user is logged in with a temporary  profile means that any changes he/she makes  while the user is logged in will be saved temporarily under c:\users\temp folder which also means that when the user logs off from the system the saved changes will be deleted automatically. So, unless the actual issue is resolved this vanishing pattern would remain same.

simple remediation:

ask the user to logoff again.
go to registry .. take a backup of registry values as a best practice before any modification.

select the user profile HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList  and delete the duplicate profile list as highlighted in the picture. (In one of the duplicated profilelist you can see the ProfilImagePath value set to c:\users\Temp. So, delete the profilelists related to the temp and user (in our case xyz user) profile  with extention .bak under ProfileList). 

problem should be resolved.