Sonicwall "DNS NAT Loopback"

The Issue

An internal client attempts to reach an external address tied to their domain and gets page cannot be displayed.

The Resolve

Using SonicWALL SonicOS 5.x:

• Create a new NAT policy with the following parameters:
  • Original Source: LAN Subnets
  • Translated Source: WAN Primary IP
  • Original Destination: (the server’s external IP address)
  • Translated Destination: (the server’s real/internal IP address)
  • Original Service: Any
  • Translated Service: Original
  • Inbound Interface: Any
  • Outbound Interface: Any

Fix SVCHost.exe Errors

Symptoms
SVCHost.exe or Generc Win32 Processes may crash randomly. In the event log, one of a few errors you may receive may be:

Faulting application svchost.exe, version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000.

While there may be several issues for this, the most common are isses with windows updates.

Resolution

1. Ensure the needed Services are running
-Go to Start, and click on Run
-Ensure both "Automatic Update Services" and "Background Intelligent Transfer Service (BITS)" are started and set for automatic startup.
-Double click the "Automatic Update Services", click on the Log On tab and ensure that "Local System Account" is selected and the checkbox below it, "Allow service to interact with the desktop" is unchecked.
-Repeat the last step for the "Background Intelligent Transfer Service (BITS)".

2. Reregister DLL's.
A. The Easy way
-Download Dial-A-Fix
-Click the Check all button
-Run it, check the time and allow it to finish.
-Restart the workstation, problem should be resolved.

B. Manual
-If the easy way did not work or you want to do it the manual way, here are the DLL's to reregister for Windows Update:

• REGSVR32 WUAUENG.DLL
• REGSVR32 WUAUENG1.DLL
• REGSVR32 ATL.DLL
• REGSVR32 WUCLTUI.DLL
• REGSVR32 WUPS.DLL
• REGSVR32 WUPS2.DLL
• REGSVR32 WUWEB.DLL

-Clear the Contents of the SoftwareUpdate folder in the event of corrupt update files

• net stop WuAuServ (It may already be stopped)
• Delete the folder c:\windows\softwaredistribution
• net start WuAuServ
• Restart the workstation

3. If the problem persists, try reinstalling the windows installer 3.1 from microsoft

• Windows Installer 3.1

Good Luck!

-JJ

3 Methods to Figure Out Which Version of Linux is Running

There are several ways of figuring out a correct version of the linux OS you are running. Probably the easiest is to reboot and watch what displays on start-up. If that option is not available then you can try the following:

Method #1

dmesg | grep "Linux Version"

The dmesg command contains the kernel buffer, which can be rather extensive. Which is why it is important to grep the command. The Kernel buffer wont always list the linux version, so you may want to play with the command, like grep "linux" or grep "ver".

Method #2

cat /proc/version

This method looks at a file with the version listed in it. This may be especially helpful on redhat boxes that may be harder to find. Though there still may be some confusion in the case of systems based on redhat (e.g. CentOS, Fedora)

Method #3

uname -a

The uname command may possibly tell you what you need to know, however often times it may just report the kernel version.


Conclusion

Hopefully these commands will help locate the information you need. There are a few other ways to check that may just be a matter of logical troubleshooting or example which type of package management is available? Good Luck!


References:

http://www.novell.com/coolsolutions/qna/11175.html
http://en.wikipedia.org/wiki/Dmesg
http://www.programmersheaven.com/mb/Linux/313775/313775/how-to-check-linux-version-from-command-line/?S=B20000
http://www.linuxforums.org/forum/redhat-fedora-linux-help/35851-find-redhat-linux-version.html

Mount an NTFS Partition as read/write in Suse10+

By default SUSE Enterprise 10 with sp2 does not allow writing to an NTFS partition. However the automount may have detected and mounted the various partitions for you as ro (Read-only).

To start, we need to install an add-on which will allow for write capabilities. For this I use the built-in package manager Yast. In Yast search for NTFS-3g (or just ntfs and it will show it). Install the package and then onto editing fstab (which determines which drives to mount on bootup).

vim /etc/fstab

If the drive is already mounted then change the NTFS portion to say ntfs-3g.
If not, this is an example and may vary

/dev/sda1 /mnt/windows ntfs-3g defaults 0 0

Next you have a couple options, you can reboot or if that is not an option you can use the mount command.

If the drive is already mounted, use the umount command to unmount the drive, then remount the drive

mount -t ntfs-3g /dev/sda1 /mnt/windows

References:
http://www.ntfs-3g.org/

Change computer name of a Domain Controller

This walk-through is a quick rip from:

http://www.petri.co.il/windows_2003_domain_controller_rename.htm

Method #1 - Through the GUI

Although easier to implement, if you rename a domain controller through the System Properties dialog box instead of using the Netdom.exe tool, DNS and Active Directory replication latency may delay the ability of clients to locate or authenticate to the renamed domain controller. The length of this latency depends on your network design and the replication topology of your organization.

To rename a DC with the name from SERVER101 in the DPETRI.NET domain to ZEUS follow the next steps:

1. Open the System applet in Control Panel (or right-click My Computer and choose Properties).

2. In the Computer Name tab click Change.

3. A warning message appears. Read it and if you accept, click Ok.

3. In the Computer Name box type the new host name of the Domain Controller. Click Ok.

4. In the Computer Name Changes window, type the name and password of a user that is a member of the Domain Admins group.

5. A warning window appears saying that you must restart your computer. Acknowledge it.

6. Click Ok all the way out, reboot your computer.

Method #2 - By using Netdom.exe

This method is considered by most professionals to be much safer and better than the first method. By using the Netdom.exe tool, you ensure that there is little or no disturbance for the domain and client operations.

Important: To rename a domain controller using the Netdom.exe tool, the domain functional level must be set to Windows Server 2003.

In order to use Netdom.exe you must first install the Windows Server 2003 Support Tools. Double-click the Suptools.msi file found on the \Support\Tools folder on the installation CD (also see Download Windows 2003 SP1 Support Tools
).

To rename a DC with the name from SERVER101 in the DPETRI.NET domain to ZEUS follow the next steps:

1. Open Command Prompt and type:

C:\WINDOWS>netdom computername server101.dpetri.net /add:zeus.dpetri.net Successfully added zeus.dpetri.net as an alternate name for the computer. The command completed successfully.

This command will update the service principal name (SPN) attributes in Active Directory for this computer account and register DNS resource records for the new computer name. The SPN value of the computer account must be replicated to all domain controllers for the domain and the DNS resource records for the new computer name must be distributed to all the authoritative DNS servers for the domain name. If the updates and registrations have not occurred prior to removing the old computer name, then some clients may be unable to locate this computer using the new or old name.

You can verify the new name was indeed added to the computer object by viewing it through Adsiedit.msc (like Netdom.exe, installed when you install the Windows Server 2003 Support Tools). Navigate to the computer object and right-click it. Select Properties:

Scroll down in the list of available attributes till you reach the attribute called msDS-AdditionalDnsHostName:

Notice that the new name should appear in the attribute's properties.

2. Ensure the computer account updates and DNS registrations are completed, then type:

C:\WINDOWS>netdom computername server101.dpetri.net /makeprimary:zeus.dpetri.net Successfully made zeus.dpetri.net the primary name for the computer. The computer must be rebooted for this name change to take effect. Until then this computer may not be able to authenticate users and other computers, and may not be authenticated by other computers in the forest. The specified new name was removed from the list of alternate computer names. The primary computer name will be set to the specified new name after the reboot. The command completed successfully.

Again, you can inspect the change with Adsiedit.msc. Scroll down in the list of available attributes for the computer object (notice how the server now appears with the new name) till you reach the attribute called msDS-AdditionalDnsHostName:

Notice that the old name should appear in the attribute's properties.

3. Restart the computer.

4. From the command prompt, type:

C:\WINDOWS>netdom computername zeus.dpetri.net /remove:server101.dpetri.net Successfully removed server101.dpetri.net as an alternamte name for the computer. The command completed successfully.

5. Make sure that the changes have successfully been replicated to all the DCs.

Renaming a domain controller requires that you first provide a FQDN as a new computer name for the domain controller. All of the computer accounts for the domain controller must contain the updated SPN attribute and all the authoritative DNS servers for the domain name must contain the host (A) resource record for the new computer name. Both the old and new computer names are maintained until you remove the old computer name. This ensures that there will be no interruption in the ability of clients to locate or authenticate to the renamed domain controller, except when the domain controller is restarted.

Securing SNMP

SNMP - Simple Network Management Protocol

A popular protocol that is widely utilized for network management. SNMP (RFC 1157) can be very useful for network and systems administrators as it can provide real-time alerts and remote administration options (such as restarting a device over a network). On paper this protocol sounds like the perfect compliment to the IT professional, however it can actually cause more heartache then good if not planned and implemented properly. While reading this article please try not to get lost in the lingo and keep in mind that the basic point of SNMP is for communication between 2 machines.

How does SNMP work?

The Simple Network Management Protocol is part of the IP suite and resides on the applicaton layer of the OSI model. There are other aspects that define the protocol, including a database schema and data objects. The main components to any SNMP system are:

1. Monitored/managed devices: The device that we want to manage
   
2. SNMP Agent: Acts as the communicator between the NMS and Managed Device
   
3. MIB (Management Information Bases): Decides which data to collect on the managed device
   
4. Network management systems (NMSs): Collects the information about the managed device and can allow for remote management.
   

Examining the following diagram you will see how the components interact with each other:


Operation Modes

There are 2 basic modes in which information can be collected. In the more generic form of SNMP you may have your NMS poll each managed device for information. This is fine unless you are managing a lot of devices, as response time would slow. To address this the other basic mode is to have the SNMP agent on the managed devices send the information to the NMS. This is also referred to as an SNMP Trap, because the agent is trapping the information and then sending a Trap (or INFORM) signal to the NMS. The NMS can then be configured to accept trap messages.

Security Considerations

It is important to note that SNMP is considered to be insecure and should not be used if not needed. There are ways to secure it, but first it is important to understand the vulnerabilities.

1. There are 3 versions of SNMP, version 1, 2, & 3. The current and most highly recommended implementation is version 3.
   
2. Versions 1 & 2 are passed over a network in clear text and only version 3 includes encryption.
   
3. Windows 2003 utilizes only Versions 1 & 2.
4. All versions of SNMP are vulnerable to brute force cracking

Keeping these flaws in mind, there are ways to address these issues.

• If possible, do not use SNMP
  
• Use the most recent version of SNMP (v3) if supported
• If v1 or v2 is used, you may consider encrypting network traffic with ipsec
• Consider utilizing an administrative VLAN segregated away from a VLAN with workstations
  
• Do not use default community strings (you wouldn't use a generic password that everyone knows; this is the same concept)
• Use a community string that is not easily guessed or cracked (utilize numbers and special characters and absolutely no dictionary words)
• Restrict access to the agents to only the SNMP Management IP(s)
• If read/write access if not required then only allow Monitor access on the agent and, if hardware permits, on the switch.
  
• In conjunction with the previous bullet, if write access is not required and hardware permits then Disable the SET command, which allows the SNMP agent to be configured.
• If not needed, some hardware will allow you to disable the option for rebooting the device over the network.
• Lastly, consider the use of an IDS (Intrusion Detection System), as it can alert you of any malformed packets or traffic that is unusual or out of place.

Conclusion

SNMP can be a great tool for network management, assuming the need is there. There are other forms of network management which may be more suited to your needs, however if done correctly and securily SNMP is a viable option.

References

Wikipedia

Cisco

Add Date and Time Stamps to Your Batch Files

Ever want to setup a windows batch file to output a date or time without using vbscript? My specific reason for researching this function was to dynamically generate a new log file each time my script was run. The following code will set the date and time into variables names %cdate% and %ctime% and then generate a text file named backup-DATE-TIME.txt (obviously replacing DATE and TIME with the current date and time).

@echo off
REM This section sets the date variables
FOR /F "tokens=1-4 delims=/- " %%a in ('date/T') do set CDATE=%%b%%c%%d
REM The following formats the date variable to MMDDYY
SET CDATE=%CDATE:~0,4%%CDATE:~-2%
FOR /F "tokens=1-4 delims=:., " %%a in ("%TIME%") do set CTIME=%%a%%b%%c
echo.
echo. > c:\logs\backup-%cdate%-%ctime%.txt
echo.

This script can be inserted into almost any script fairly easy and you can utilize the date and time variables anywhere in the script.

References:
Batchfiles FAQ