Missing Internet Settings GPO for Internet Explorer 11

Tuesday, April 14th, 2015

I had a request for a server running a tool to allow users to access it via Citrix and not have to enter the URL into the trusted sites.

With old versions of IE, you would simply modify the local GPO for Internet Settings. To my surprise, this was gone. It seems Microsoft decided to favor Global Policies starting with version 10 for such issues. It makes sense when it involves many systems; but It seems overkill for one system. I do not have access to the Domain Controllers so my choices were rather limited.

I decided to play around with the registry and found this could be accomplished by creating a couple keys and dwords.

Using regedit, I drilled down to : HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Internet Settings\ZoneMap

I created a new key called: EscDomains and inside that another key for the ServerName

This is used when enhanced security is enabled for IE.

Inside this key, I created two new DWORDS :   http and https and set both to 2 which signifies Trusted Site.

Not knowing why Enhanced Security was in use for this server, I decide to create a couple more entries in case somebody decided to disable it.

The two new keys went in the ZoneMap\Domains:   company.com\servername

Obviously you change that to your domain name and the name of the server.

Inside the servername key I created the same two dwords as before.

After that I tested the access and the users could get the login screen without modifying IE.

Granted not the best solution and caution should be used but it solved my issue.

Information used to research this:

MSDN Inhanced Security Zones

ServerFault post

Spiceworks

thesysadmins

Posted in 2008, Internet Explorer | Tagged , , , | Leave a comment

Winlogon initiates shutdown. Reason Code: 0x500ff

Thursday, April 9th, 2015

One machine decided it didn’t want to work anymore. The event viewer showed a message logged where the winlogon initiated a shutdown with the Reason Code: 0x500ff.

Not a typical error.  Power was ok and there wasn’t anything else obvious.

A Technet question found a similar issue happened to someone else.

The power supply was reseated and so far the system remains up.

Posted in 2008, troubleshooting, Windows | Tagged , | Leave a comment

iLO 3 reports (Error code: ssl_error_bad_mac_alert)

Monday, April 6th, 2015

We are transitioning our console management setup and one of the Windows systems reported an error when trying to access it through the iLO management port.

Secure Connection Failed
An error occurred during a connection to <FQDN>. SSL peer reports incorrect 
Message Authentication Code. (Error code: ssl_error_bad_mac_alert)
The page you are trying to view cannot be shown because the authenticity of 
the received data could not be verified.
Please contact the website owners to inform them of this problem.

It’s an odd error as this was the only system reporting it and it happened on different browsers (IE, Firefox, Chrome).

I tried resetting to factory defaults but that didn’t solve it.

Drivers were up to date but the firmware looked old.  I pulled down the latest version and installed it.

Problem solved.

Posted in 2008, troubleshooting | Tagged , , | Leave a comment

Correcting a bad superblock on Redhat

Saturday, April 4th, 2015

One system had an issue with the secondary drive. The monitoring system reported it was in a Read-Only state. Suspecting a bad superblock as they happen from time to time; I gave the system a reboot.

As expected; I received:

 *** An error occurred during the file system check.
 *** Dropping you to a shell; the system will reboot.
 *** When you leave the shell.
 Give root password for maintenance
 (or type Control-D)
 (repair file system)#
After entering the root password; it was time to repair. In my case, the problem was easy as the second drive is allocated to one mount. If you are not sure, you will have to look at the partitions.
To list out the partitions, simply enter:
fdisk -l

In my situation, I was interested in this part:

Disk /dev/cciss/c0d1: 146.7 GB, 146778685440 bytes
255 heads, 63 sectors/track, 17844 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes

           Device Boot      Start         End      Blocks   Id  System
/dev/cciss/c0d1p1   *           1       17844   143331898+  83  Linux

If you have multiple partitions, you can verify the label as a precaution (that is if it’s still intact) by using the e2label command. For example:

e2label /dev/cciss/c0d1p1

Having verified the partition, it’s time to restore the superblock by using backup. This is accomplished by using the mke2fs command. Note: if the OS is running, you will need to unmount the drive.

Example:

mke2fs -n /dev/cciss/c0d1p1

It will list output (I forgot to copy it), but at the bottom you will see:

Superblock backups stored on blocks:
(various numbers)

It doesn’t matter which one you choose; I picked the third one. To start the restore of the superblock; enter:

e2fsck -y -b <block number> /dev/your drive path

The “-y” option is a good idea if your partition is large. Otherwise, you will find yourself pressing the “y” key many many times.

Once it’s completed, reboot the system.

Don’t be surprised if it doesn’t solve it on the first pass. Simply re-list the backup superblocks and use a different one for the e2fsck command. In my situation, it took three attempts.

Much as I would like to impress you with my knowledge, I have to give people their acknowledgments for reviewing their blog and site for review.

Linux Expresso

Linux Forums

Posted in Linux, troubleshooting | Tagged , , , | Leave a comment

Filter the messages file

Thursday, March 19th, 2015

I had an issue which the vendor support needed messages from the messages log file.

There of course are messages which are frequent and could hide the needed debug messages.

I just needed to filter them out.

cat messages | grep -v "message not wanted" | grep "message repeated" > textfile

Smaller and more succinct detail for the vendor support people.

Legibility could be an issue for some so if you want to be nice; run the file through a conversion:

unix2dos <file> <outputfile>

Posted in grep, troubleshooting | Tagged | Leave a comment

LSF reports “CScript Error: Loading your settings failed. (Access is denied. )”

Wednesday, March 18th, 2015

This was an odd error. We are setting up a new image for our farm and one user reported this message when he submitted his jobs:

CScript Error: Loading your settings failed. (Access is denied. )

Everything looked in order but for some reason his vbscript job failed. Looking around the Net, I did find a kb article which mentioned enabling vbscript for CGI. It seemed odd bot be touching the users key but I gave it a try.

I created the following keys:

HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Script Host
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Script Host\Settings

The technote said to verify Everyone has access but I decided to leave it to the Users group.

I also decided to also add the following entries in the settings key:

BatchMode: REG_DWORD: 0
DisplayLogo: REG_DWORD: 0
Timeout: REG_DWORD: 0

There was no need for a reboot.

The user was able to submit jobs after that.

I did not heavily research the reason but I am assuming with Microsoft’s effort to go into Powershell (you should look at it if you haven’t); some things are left out of the Windows Scripting Host on new installs or this was a case of the user once being a local admin and that was removed.

-UPDATE-

Well now. This turned out to not be the case. We have working on automating the setups and this is what caused the problem. In the past, we would login as a specific user and finish the install. Debugging we would login as a user and the problem went away.

The villain?  No user profile on the system!

Once we logged in as the user and the profile was created; job submits worked!

A nuance that is easy to miss!

Posted in LSF, troubleshooting | Tagged , | Leave a comment

Apple Watch looks cool but…..

Tuesday, March 10th, 2015

Apple released it’s new watch and I must admit it looks interesting.  But when I heard the price, it started to loose my interest.

I decided I am going to pass on this for now.

The main reason is the old rule of not being an early adopter. Is there really “bragging rights” for being an early adopter? Experience has shown there will be new models that are better and cheaper later on.  Remember the first iPod? Then again, iPad really hasn’t dropped in price so maybe the same will be said for the watch?

Personal data is always an issue for me.  Everybody is out to get it and unfortunately the security world has shown it has a hard time keeping undesirables from getting at it.  Is iCloud secure now 😉  With a more paranoid view, could this type of thing quickly turn into “Hello this is your insurance company. We are going to raise your rates as we see that you are kind of lethargic and like to frequent fast food shops.”

Finally, there is the link to the iPhone.  You want email and other features; the iPhone has to be near.  Problem is much of the features are already available on the iPhone so is the convenience really just flicking your wrist rather then pulling out your iPhone?

Have we gotten that bad?

Posted in Apple | Tagged | Leave a comment

RIP Spock!

Friday, February 27th, 2015

Not exactly a post in line with the usual contents of this blog.  However, Leonard Nimoy died today. He was said to be a good man and many people have feelings of knowing him. For many he sparked imagination with the desires for the unknown; the desire to join Star Fleet and explore the unknown.

Towards the end he tweeted something profound:

“A life is like a garden. Perfect moments can be had, but not preserved, except in memory. LLAP”

Thank you for the memories Mr. Nimoy.

The world seems sadder….

Posted in Uncategorized | Leave a comment

How to get the server serial number with powershell

Saturday, February 14th, 2015

I had to update some drivers and did a quick check of the server database and found it was wrong. I remembered there were a couple server changes before this install and was not sure the correct server was listed.

I needed the serial number of to verify I was updating the right information in the database.

Powershell can do this.  Note: this is a 2012 install on new hardware.  Older models might not work.

From Powershell; simply enter;

gwmi win32_bios | fl SerialNumber

Posted in PowerShell | Tagged , , | Leave a comment

What model is my linux server?

Wednesday, January 28th, 2015

I had a request to identify the model of a server running Redhat. There is the asset database but I wanted a faster solution.

A quick Google search and I found the answer.

Log into the server and SU to root.

# dmidecode | grep -A3 '^System Information'

System Information
 Manufacturer: HP
 Product Name: ProLiant DL360 G7
 Version: Not Specified

Posted in commands, inventory | Tagged , | Leave a comment

« Previous Entries
Next Entries »