Windows Deployment Services startup issue

If you get errors like the following ones, please check the correct DNS Server settings on the WDS server first:

An error occurred while trying to start the Windows Deployment Services server.

Error Information: 0x3A

An error occurred while trying to start the Windows Deployment Services server.

Error Information: 0x54B

Posted in Computer und Internet | Tagged | Leave a comment

Citrix XenApp 6.5 – Errors/Event ID 30001, 31003, 10001

The following errors/Event IDs occur because my XenApp 6.5 Farm/Setup lost the Citrix Start-up License|Server License. After re-adding, it works again.

image

CITRIX WEB INTERFACE

EVENT ID 30001

Site path: C:\inetpub\wwwroot\Citrix\XenApp.

An error occurred while attempting to read information from the Citrix servers: An existing connection was forcibly closed by the remote host. This message was reported from the XML Service at address http://XXXXXXXXXX:8080/scripts/wpnbr.dll [com.citrix.xml.NFuseProtocol.RequestAddress]. The specified Citrix XML Service could not be contacted and has been temporarily removed from the list of active services. [Unique Log ID: XXXXXXXX]

For specific information about this message, see the Web Interface documentation at http://support.citrix.com/proddocs/topic/web-interface-impington/wi-log-messages-event-ids-hardwick.html.

EVENT ID 31003

Site path: C:\inetpub\wwwroot\Citrix\XenApp.

All the Citrix XML Services configured for farm xenapp failed to respond to this XML Service transaction. [Unique Log ID: XXXXXXXX]

For specific information about this message, see the Web Interface documentation at http://support.citrix.com/proddocs/topic/web-interface-impington/wi-log-messages-event-ids-hardwick.html.

ZDC

EVENT ID 10001

A usable server cannot be found on which to launch the application. Application: WordPad, Client: XXXX.-XXXX-XXXX–nshic (address: X.X.X.X;;;), User XXXX.XXXX. Check your worker group definitions and load balancing policies to verify appropriate servers are assigned for WordPad.

QFARM /LOAD = Server Load: 20000

Links that helped me on the way to the solution resp. some other solutions based on the Errors/Event ID:

Application Launch Requests Might Fail on a Provisioned XenApp Version 6.0 or 6.5 Multihomed Server

A usable server cannot be found.. Citrix XenApp 6.5

Unable to Launch Published Applications from XenApp 6.x

Configure new Citrix XenApp 6.5 permanent licenses throws the error: “No product licenses found on license server”

Explain Citrix License and how it works?

Citrix Licensing Server: A Troubleshooting Process

Posted in Computer und Internet | Tagged | Leave a comment

Dell Latitude E7440 – Using a MSATA SSD in the MSATA WWAN Port = Yes, you can!

I asked myself if a MSATA SSD could be used within the MSATA WWAN port as the boot HDD so that I can use a second HDD within the SATA slot. And yes, this works (the Dell Tier 1 Support (via phone) confirmed it too)!

image

image

clip_image002

Remark: The SATA HDD height shouldn’t be more than 7mm!

Posted in Computer und Internet | Tagged | Leave a comment

Malware attack, McAfee and a Group Policy error

You have an corporate setup and push McAfee or any other AV solution to all your clients via an AV management environment? Ok, that is great! But every standard have disadvantages too because a malware writer knows where the executable paths are.

So, think about the situation that a system is infected with malware and this type of malware changes a lot like the Backdoor:Win32/Vawtrak.A. You grab different AV Solutions and Tips and Tricks and get rid of it mostly.

But finally the corporate AV solution executable cannot be opened and you get the error message “This program is blocked by group policy. For more information, contact your system administrator”:

image

You try to remove and reinstall the AV solution via the AV management environment but the error occurs again.

You look into gpedit.msc and secpol.msc but don’t find anything there.

Mmmmh, so it needs to be a bare metal registry setting, but where to look into?

Look here: HKLM\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers

This is a clean system:

image

This is an infected system:

image

image

image

image

image

Posted in Computer und Internet | Tagged | Leave a comment

Hyper-V and Windows Server 2012 R2 with Update – Cannot find License Terms Error

I thought 512 Mbyte is enough for an IIS web server on a Windows 2012 R2 with Update Server Core, so I choose that amout of memory and started up the VM to install the OS. But then, I got the following error: “Windows cannot find the Microsoft Software License Terms. Make sure the installation sources are valid and restart the installation.”

image

So firstly I checked the Hash value of the ISO but that wasn’t the problem. Furthermore I followed some guides from the internet with not choosing the ISO while setting up the VM and adding it afterwards (Parallels and VMware issues), but that wasn’t the solution either.

After some research I came to the conclusion that you need to assign a minimum of 576 Mbyte for the VM to bypass this error.

Posted in Computer und Internet | Tagged , | 8 Comments

Hardening Internet Explorer and Java 6 #infosec

java-icon

As an IT guy you would always like to upgrade to the latest patched version of an OS/Framework/App etc. to be more secure in this Wild Wild West Internet thing. But what if your business still uses the Internet Explorer 8 or 9 and your business apps stuck at Java 6, so Java 6 Update 45 is your highest possible version (insecure, really insecure –> Hackers target Java 6 with Security Exploits)? I made some research and these Registry settings should mitigate the attack surface of the Internet Explorer in combination with Java 6 Update 45 on the Internet while still be able to run Java on INTRANET sites:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3]

“1C00″=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3]

“1C00″=dword:00000000

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA}\iexplore\AllowedDomains\*]

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8AD9C840-044E-11D1-B3E9-00805F499D93}\iexplore\AllowedDomains\*]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND]

“iexplore.exe”=dword:00000000

The first two prevents IE from starting up an Internet Zone Java Applet but still keep Intranet Zone Java Applets open.

Internet Zone Java Applet example: http://www.natice.noaa.gov/ims/loop/nhem-1mo-loop.html

The last three ones remove the trusted domains for Internet Java Objects calls and prevent users to add domains to be “Allowed”, but still keep Intranet Zone Java Objects calls open:

Internet Zone Java Object example: http://deletethis.net/dave/qbp/

The first two are easy to be embed into an OS Image process but the last three ones only as a user GPO/Script.

Some sites that helped me out resp. interesting stuff for further reading:

Controlling Java in Internet Explorer, Securing the Java plug-in in Internet Explorer, How to use Java in the Enterprise while Limiting Exposure with IE Trusted Sites

Posted in Computer und Internet | Tagged , , , | Leave a comment

VMware ESXi 5.x onto a Dell OptiPlex 9020 (Intel I217-LM)

You would like to setup a VMware Lab but don’t have the budget for a real server? What about using a Desktop like a Dell OptiPlex 9020? “I would”, you say, “but I know that standard Desktops are not supported by VMware and that there are mostly issues with the NIC drivers.” You are right, the NIC and SATA drivers can cause issues on so called ‘White boxes’. But luckily, someone on the wide, wide Internet made already all the hard work and created some great tools/resources to help out.

So, every ‘white box’ is different but I will show you here how to get ESXi (in this case ESXi 5.1.0) running onto the Dell OptiPlex 9020:

1.) Download the ESXi-Customizer

2.) Download the net-e1000e-2.3.2.x86_64.vib file for the onboard Intel NIC card here (see also here)

3.) Start the ESXi-Customizer and choose the options like here:

image

4.) You will get a message that existing drivers will be replaced – this is OK resp. this is what we want:

image

5.)  Check the ESXi-Customizer.log (it’s in the working directory – in my example C:\VMware\Work) if everything went fine.

6.) Burn the ISO ESXi-5.x-Custom.iso (it’s in the working directory – in my example C:\VMware\Work) onto a CD or create a USB Stick with a tool like UNetbootin.

DONE!

Some additional resources which helped me here: vm-help.com, Home IT Lab, ivobeerens.nl, VMware Front Experience

Posted in Uncategorized | Tagged | 2 Comments