Archive for April, 2015

Missing Internet Settings GPO for Internet Explorer 11

Tuesday, April 14th, 2015

I had a request for a server running a tool to allow users to access it via Citrix and not have to enter the URL into the trusted sites.

With old versions of IE, you would simply modify the local GPO for Internet Settings. To my surprise, this was gone. It seems Microsoft decided to favor Global Policies starting with version 10 for such issues. It makes sense when it involves many systems; but It seems overkill for one system. I do not have access to the Domain Controllers so my choices were rather limited.

I decided to play around with the registry and found this could be accomplished by creating a couple keys and dwords.

Using regedit, I drilled down to : HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Internet Settings\ZoneMap

I created a new key called: EscDomains and inside that another key for the ServerName

This is used when enhanced security is enabled for IE.

Inside this key, I created two new DWORDS :   http and https and set both to 2 which signifies Trusted Site.

Not knowing why Enhanced Security was in use for this server, I decide to create a couple more entries in case somebody decided to disable it.

The two new keys went in the ZoneMap\Domains:   company.com\servername

Obviously you change that to your domain name and the name of the server.

Inside the servername key I created the same two dwords as before.

After that I tested the access and the users could get the login screen without modifying IE.

Granted not the best solution and caution should be used but it solved my issue.

Information used to research this:

MSDN Inhanced Security Zones

ServerFault post

Spiceworks

thesysadmins

Advertisements

Winlogon initiates shutdown. Reason Code: 0x500ff

Thursday, April 9th, 2015

One machine decided it didn’t want to work anymore. The event viewer showed a message logged where the winlogon initiated a shutdown with the Reason Code: 0x500ff.

Not a typical error.  Power was ok and there wasn’t anything else obvious.

A Technet question found a similar issue happened to someone else.

The power supply was reseated and so far the system remains up.

iLO 3 reports (Error code: ssl_error_bad_mac_alert)

Monday, April 6th, 2015

We are transitioning our console management setup and one of the Windows systems reported an error when trying to access it through the iLO management port.

Secure Connection Failed
An error occurred during a connection to <FQDN>. SSL peer reports incorrect 
Message Authentication Code. (Error code: ssl_error_bad_mac_alert)
The page you are trying to view cannot be shown because the authenticity of 
the received data could not be verified.
Please contact the website owners to inform them of this problem.

It’s an odd error as this was the only system reporting it and it happened on different browsers (IE, Firefox, Chrome).

I tried resetting to factory defaults but that didn’t solve it.

Drivers were up to date but the firmware looked old.  I pulled down the latest version and installed it.

Problem solved.

Correcting a bad superblock on Redhat

Saturday, April 4th, 2015

One system had an issue with the secondary drive. The monitoring system reported it was in a Read-Only state. Suspecting a bad superblock as they happen from time to time; I gave the system a reboot.

As expected; I received:

 *** An error occurred during the file system check.
 *** Dropping you to a shell; the system will reboot.
 *** When you leave the shell.
 Give root password for maintenance
 (or type Control-D)
 (repair file system)#
After entering the root password; it was time to repair. In my case, the problem was easy as the second drive is allocated to one mount. If you are not sure, you will have to look at the partitions.
To list out the partitions, simply enter:
fdisk -l

In my situation, I was interested in this part:

Disk /dev/cciss/c0d1: 146.7 GB, 146778685440 bytes
255 heads, 63 sectors/track, 17844 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes

           Device Boot      Start         End      Blocks   Id  System
/dev/cciss/c0d1p1   *           1       17844   143331898+  83  Linux

If you have multiple partitions, you can verify the label as a precaution (that is if it’s still intact) by using the e2label command. For example:

e2label /dev/cciss/c0d1p1

Having verified the partition, it’s time to restore the superblock by using backup. This is accomplished by using the mke2fs command. Note: if the OS is running, you will need to unmount the drive.

Example:

mke2fs -n /dev/cciss/c0d1p1

It will list output (I forgot to copy it), but at the bottom you will see:

Superblock backups stored on blocks:
(various numbers)

It doesn’t matter which one you choose; I picked the third one. To start the restore of the superblock; enter:

e2fsck -y -b <block number> /dev/your drive path

The “-y” option is a good idea if your partition is large. Otherwise, you will find yourself pressing the “y” key many many times.

Once it’s completed, reboot the system.

Don’t be surprised if it doesn’t solve it on the first pass. Simply re-list the backup superblocks and use a different one for the e2fsck command. In my situation, it took three attempts.

Much as I would like to impress you with my knowledge, I have to give people their acknowledgments for reviewing their blog and site for review.

Linux Expresso

Linux Forums