From Geoff Courts @macnamara_geoff
The reasons for limiting the administrator rights of users are numerous. Don’t let them install any old application they find (they can do that on their iPhone), but perhaps more importantly, don’t let them install the viruses and malware that arrive through ads and spoof e-mails, that require in some cases lengthy clean-up operations and the PC out of action for the duration.
But as an Administrator, how can you effectively monitor the administrator rights across all your machines and all your users?
At Macnamara, we developed some time ago the method of only assigning admin rights to users upon request from an authorised client contact, along with the stated reason. But, instead of assigning the user the rights to their machine, we add them to a security group in Active Directory called ‘Local PC Admins’.
The benefits of this approach are:
1. you can centrally manage the admin rights of all your users
2. you don’t need access to the user’s PC remotely to assign it
3. if their PC is off, you don’t risk them logging back on as Administrator before you can revoke their privileges
4. You can assign 1 user rights on all machines, and delegate software installs and updates (where Kaseya cannot do this) to them.
As always, however, monitoring is the key.
Monitor the local Administrator Group
We only ever have 4 members of the local Administrators group.
1. Domainname\Domain Admins (Domain Administrators Group – i.e. us!)
2. Domainname\Local PC Admins (Our group for assigning local PC administrator privileges)
3. Administrator (The local Administrator account – password protected, of course)
4. Lynx-admin (Our own fall-back local logon user account)
Since this will never change, all we have to do is to output the membership to a file on a regular basis, then use Kaseya to monitor that file for any changes. Any unauthorised additions to the account since the last hourly check will create an alert.
A Script is run every hour that runs the CMD “net localgroup administrators” and outputs the results to a text file on the PC. The same script then uses the ‘Get File’ command to upload the log to the Kaseya Server.
Under Alerts monitoring, we use the ‘Get File’ alert to call a second script if the file content has changed. This raises an alert, and sends us an e-mail with the contents of the file, and hence the membership of the local account. Any users not in the 4 listed above can be easily identified.
Monitor the Server ‘Local PC Admins’ Group
Similarly, we can monitor the membership of the group we use in Active Directory for central management of the Admin Rights of our clients. Because we assign these rights ourselves, through request, we can monitor the membership using our ticketing system. All users are requested to let us know when they can finished what they are doing so we can revoke their rights, and then a log off is requested.
We don’t therefore need to monitor membership hourly, but it is good to have a reminder at the end of the day if anyone has been added who has not been removed. We therefore check every 8 hours, starting at 08:30am, so that at 4:30pm we receive an alert if anyone has been added during the day but not yet removed.
The process is the same as for the local Administrators group, but the CMD is slightly different. At 08:30am, the first script runs ‘net group “local pc admins” /domain’ and outputs the user membership to a file, which is uploaded to the Kaseya Server using the ‘Get File’ command. This is then run again at 4:30 and any changes are seen and an alert e-mail is sent with the membership of the group.
Benefits
Since we implemented these controls on administrator rights, we have seen the number of Support calls drop substantially, since Users are just not in the same position that they were to break their machines. Without these rights they can install bad applications that ruin system performance, nor viruses and malware, nor change protected system files. The results are cleaner machines, and more time for real work.
Tuesday 6 July 2010
Friday 11 June 2010
Using the SBS 2008 Connect Wizard when you have multiple subnets.
From Ciaran Kenny @CiaranJKenny
Back in the SBS 2003 days multiple subnets, most commonly to allow for site-to-site hardware VPNs, caused a bit of a problem when using the SBS 2003 ConnectComputer Wizard. In the case of SBS 2003 the reason for this was that the IIS ConnectComputer sub site had a default restriction to only allow connections from the subnet in which the SBS server was installed. To cater for additional sites/subnets you would add the relevant subnets to the ‘access granted’ list of subnets and - job done.
Like everything else, things are a little different with SBS 2008. There don’t seem to be any subnet restrictions on the ‘Connect’ sub site. Or, if there, I can’t see them anywhere. But when you try to run Connect from a VPN connected site using a different subnet you will find that you get a page cannot be displayed error. So you can then spend some time tearing your hair out trying to figure out how to add an extra subnet in IIS 7 – before realising that ‘Page Cannot Be Displayed’ is obviously a name resolution error.
Usually for a small branch office subnet without its own server you are going to set the IP addressing information manually on each PC – with the main office SBS server as the DNS server etc. (not DHCP of course)
The problem is that, without knowing what domain to add to a host name, the PC in the branch office has no way of resolving what it sees as a single host name – 'Connect'.
So, the key is to add the internal domain name as a dns suffix to the IP configuration of the network cards of the PCs in the branch office. This is a good idea anyway and will make your network run more smoothly.
Using connect.domain.local doesn’t work as this will send an http request with the wrong header information.
If anyone knows a better way do please let me know (apart from having a Windows DHCP server in the 2nd subnet).
Back in the SBS 2003 days multiple subnets, most commonly to allow for site-to-site hardware VPNs, caused a bit of a problem when using the SBS 2003 ConnectComputer Wizard. In the case of SBS 2003 the reason for this was that the IIS ConnectComputer sub site had a default restriction to only allow connections from the subnet in which the SBS server was installed. To cater for additional sites/subnets you would add the relevant subnets to the ‘access granted’ list of subnets and - job done.
Like everything else, things are a little different with SBS 2008. There don’t seem to be any subnet restrictions on the ‘Connect’ sub site. Or, if there, I can’t see them anywhere. But when you try to run Connect from a VPN connected site using a different subnet you will find that you get a page cannot be displayed error. So you can then spend some time tearing your hair out trying to figure out how to add an extra subnet in IIS 7 – before realising that ‘Page Cannot Be Displayed’ is obviously a name resolution error.
Usually for a small branch office subnet without its own server you are going to set the IP addressing information manually on each PC – with the main office SBS server as the DNS server etc. (not DHCP of course)
The problem is that, without knowing what domain to add to a host name, the PC in the branch office has no way of resolving what it sees as a single host name – 'Connect'.
So, the key is to add the internal domain name as a dns suffix to the IP configuration of the network cards of the PCs in the branch office. This is a good idea anyway and will make your network run more smoothly.
Using connect.domain.local doesn’t work as this will send an http request with the wrong header information.
If anyone knows a better way do please let me know (apart from having a Windows DHCP server in the 2nd subnet).
Thursday 10 June 2010
Microsoft Office 2010: Briefly Explained (heavy on the details, light on the tech)
From @Macnamara_MB
Following my post last week, giving a brief overview of Office 2010, as promised here is the follow up for those who are less technical but still want their IT to work to its optimum.
To start, system requirements for running Office 2010 are as follows:
Office 2010 will be available in both 32-bit and 64-bit versions
Office 2010 will run on Windows XP SP3, Windows Vista and Windows 7
You don’t need to replace hardware that is capable of running 2007, it will support Office 2010. Like Windows 7 has demonstrated, we realise that taking advantage of the hardware you already own is just as important as supporting all the new technology coming out.
Microsoft 2010 consists of 5 core programs; Word, Excel, PowerPoint, Access and Outlook.
Each of these core programs specializes in manipulating different data. Word manipulates words, sentences and paragraphs; Excel manipulates numbers; PowerPoint manipulates text and pictures to create a slideshow; Access manipulates data, such as inventories and Outlook manipulates personal information such as email addresses and phone numbers.
So what’s new?
1. You can embed videos in your presentations (PowerPoint).
2. Quick steps in Outlook (email) i.e reply & delete
3. Document printing made easy (no new window)
4. You can now save Office documents to the Cloud
5. Built in PDF writer (word)
6. Broadcast slideshows within PowerPoint (share option)
7. PowerPoint now includes powerful video editing features
8. Distribute your slides as video (option “share”, create “video”)
9. Built-in screen capture (word) (option “insert” then “screenshot”)
10. Outlook gets social (There’s a green add button that lets you “add that person to your online social networks from Outlook” but the service isn’t live yet)
Important: Before installing Office 2010
If you are installing Office 2010 beta for the first time, the default settings will upgrade your existing copy of Microsoft Office. You can however, customise this setting and, install Office 2010 alongside an older version of Office.
If you already have Office 2010 Technical Preview on your computer, make sure you completely uninstall this edition before attempting to install Office 14 beta. In case you still have trouble installing Office, use the clean-up utility tool to remove all traces of the previous version of Office from your system.
Tweet me @Macnamara_MB or comment on the blog. . . .
Following my post last week, giving a brief overview of Office 2010, as promised here is the follow up for those who are less technical but still want their IT to work to its optimum.
To start, system requirements for running Office 2010 are as follows:
Office 2010 will be available in both 32-bit and 64-bit versions
Office 2010 will run on Windows XP SP3, Windows Vista and Windows 7
You don’t need to replace hardware that is capable of running 2007, it will support Office 2010. Like Windows 7 has demonstrated, we realise that taking advantage of the hardware you already own is just as important as supporting all the new technology coming out.
Microsoft 2010 consists of 5 core programs; Word, Excel, PowerPoint, Access and Outlook.
Each of these core programs specializes in manipulating different data. Word manipulates words, sentences and paragraphs; Excel manipulates numbers; PowerPoint manipulates text and pictures to create a slideshow; Access manipulates data, such as inventories and Outlook manipulates personal information such as email addresses and phone numbers.
So what’s new?
1. You can embed videos in your presentations (PowerPoint).
2. Quick steps in Outlook (email) i.e reply & delete
3. Document printing made easy (no new window)
4. You can now save Office documents to the Cloud
5. Built in PDF writer (word)
6. Broadcast slideshows within PowerPoint (share option)
7. PowerPoint now includes powerful video editing features
8. Distribute your slides as video (option “share”, create “video”)
9. Built-in screen capture (word) (option “insert” then “screenshot”)
10. Outlook gets social (There’s a green add button that lets you “add that person to your online social networks from Outlook” but the service isn’t live yet)
Important: Before installing Office 2010
If you are installing Office 2010 beta for the first time, the default settings will upgrade your existing copy of Microsoft Office. You can however, customise this setting and, install Office 2010 alongside an older version of Office.
If you already have Office 2010 Technical Preview on your computer, make sure you completely uninstall this edition before attempting to install Office 14 beta. In case you still have trouble installing Office, use the clean-up utility tool to remove all traces of the previous version of Office from your system.
Tweet me @Macnamara_MB or comment on the blog. . . .
Monday 7 June 2010
Some minor SharePoint irritations solved
From Ciaran Kenny @CiaranJKenny
I’ve used SharePoint on and off for clients since it first appeared about 10 years ago but I have only really got into it myself recently as we have started to use it as the core repository for our client project documentation.
We’ve been using it in the office and at home and the degree of control over document development pretty much leaves everything else standing. We have been using SharePoint via the SBS 2K8 Remote web Workplace. It’s very nice but two things have been really irritating me about it when using it from home: 1) the constant password prompts (come on you know who I am by now) and 2) that supremely irritating security warning message
“Do you want to view only the webpage content that was delivered securely? This webpage contains content that will not be delivered using a secure HTTPS connection, which could compromise the security of the entire webpage."
Though this warning message doesn’t quite compare to the brilliant error message pre SBS 2K8 Update Rollup 4 “This computer doesn’t meet the maximum operating system requirements … it is out of the same mould in that you have to really think before you respond. The response options are ‘Yes’ and ‘No’ – if you actually want to see the web page that prompted the warning then the correct response to ‘No’.
Anyway, the logic behind the warning is sound enough. It means that the page that is about to be displayed with an HTTPS address also contains some material from a location which is delivering its content without the protection of HTTPS.
In the case of SharePoint this is probably going to be some graphics on the page or something similar. Since Internet Explorer 8 the default setting has been to keep you safe by warning about stuff like this. Assuming you are happy to ignore best practice in order to avoid irritating messages here’s what you need to do:
To stop the warning from appearing go to:
Tools --> Internet Options --> Security
With the Internet zone highlighted click on Custom Level, scroll down to the Miscellaneous section and for the 'Display mixed content' option change from the default selection of 'Prompt' to 'Enable'
Click OK, accept the security warning and Click OK again - then restart the browser.
NB – this advice is offered with the clear caveat that strictly speaking you are introducing a security risk.
As an alternative you may prefer to click the 'Disable' option above. This will eliminate the problem with SharePoint and does not have any negative impact on the functionality of the site. However, some other HTTPS sites may not display or function correctly.
It should also be possible to achieve the same effect by adding the SharePoint site to the Trusted and/or Intranet zones and enabling the setting only for those zones. However, this option didn't work on testing.
This leaves the problem of the constant password prompts. To stop these all you have to do is add your SharePoint site (or Remote Web Workplace site) to the Intranet zone uner IE Tools --> Internet Options --> Security.
Any feedback on the security implications of either or both of the above changes (especially when taken together) would be very gratefully received. I can’t see a realistic problem but would be happy to told otherwise.
I’ve used SharePoint on and off for clients since it first appeared about 10 years ago but I have only really got into it myself recently as we have started to use it as the core repository for our client project documentation.
We’ve been using it in the office and at home and the degree of control over document development pretty much leaves everything else standing. We have been using SharePoint via the SBS 2K8 Remote web Workplace. It’s very nice but two things have been really irritating me about it when using it from home: 1) the constant password prompts (come on you know who I am by now) and 2) that supremely irritating security warning message
“Do you want to view only the webpage content that was delivered securely? This webpage contains content that will not be delivered using a secure HTTPS connection, which could compromise the security of the entire webpage."
Though this warning message doesn’t quite compare to the brilliant error message pre SBS 2K8 Update Rollup 4 “This computer doesn’t meet the maximum operating system requirements … it is out of the same mould in that you have to really think before you respond. The response options are ‘Yes’ and ‘No’ – if you actually want to see the web page that prompted the warning then the correct response to ‘No’.
Anyway, the logic behind the warning is sound enough. It means that the page that is about to be displayed with an HTTPS address also contains some material from a location which is delivering its content without the protection of HTTPS.
In the case of SharePoint this is probably going to be some graphics on the page or something similar. Since Internet Explorer 8 the default setting has been to keep you safe by warning about stuff like this. Assuming you are happy to ignore best practice in order to avoid irritating messages here’s what you need to do:
To stop the warning from appearing go to:
Tools --> Internet Options --> Security
With the Internet zone highlighted click on Custom Level, scroll down to the Miscellaneous section and for the 'Display mixed content' option change from the default selection of 'Prompt' to 'Enable'
Click OK, accept the security warning and Click OK again - then restart the browser.
NB – this advice is offered with the clear caveat that strictly speaking you are introducing a security risk.
As an alternative you may prefer to click the 'Disable' option above. This will eliminate the problem with SharePoint and does not have any negative impact on the functionality of the site. However, some other HTTPS sites may not display or function correctly.
It should also be possible to achieve the same effect by adding the SharePoint site to the Trusted and/or Intranet zones and enabling the setting only for those zones. However, this option didn't work on testing.
This leaves the problem of the constant password prompts. To stop these all you have to do is add your SharePoint site (or Remote Web Workplace site) to the Intranet zone uner IE Tools --> Internet Options --> Security.
Any feedback on the security implications of either or both of the above changes (especially when taken together) would be very gratefully received. I can’t see a realistic problem but would be happy to told otherwise.
Thursday 3 June 2010
Microsoft Office 2010: Briefly Explained
From @Macnamara_MB
Microsoft Office 2010, codenamed Office 14, is a productivity suite for Microsoft Window’s and the successor to Microsoft Office 2007 for Microsoft Windows. Office 2010 includes extended file compatibility user interface updates and a refined user experience. It will be available for Windows XP SP3 (32-bit), Windows Vista SP1, and Windows 7. With the introduction of Office 2010, a 64-bit version of Office is available for the first time, although only for Windows Vista SP1, Windows Server 2008 SP1, Windows 7 and Windows Server 2008 R2 Neither the 32-bit edition of Office 2010 nor the 64-bit edition is supported on Windows XP Professional x64 Edition.
On April 15, 2010, Microsoft announced that Office 2010 had been released to manufacturing, with those Volume Licensing customers who have Software Assurance being able to download the software from April 27. It will be available in June in retail stores in the US and Europe.
Office 2010 marks the debut of free online versions of Word, Excel, PowerPoint, and OneNote, which will work in popular web browsers (Internet Explorer, Mozilla Firefox, Google Chrome and Apple Safari). A new edition of Office, Office Starter 2010, will replace the current low-end home productivity software, Microsoft Works.
Microsoft's update to its mobile productivity suite, Office Mobile 2010, will also be released for Windows Phones running Windows Mobile 6.5 and Windows Phone 7. In Office 2010, every application has the Ribbon, including OneNote 2010, Publisher 2010, InfoPath 2010, SharePoint Workspace 2010 (the new name for Microsoft Office Groove 2007) and the new Office Web Apps.
Tweet me @Macnamara_MB or comment on the blog.
Next Week: Microsoft Office 2010: Pros and Cons
I’ve worked in the tech industry for 4 years and have recently joined Macnamara and believe in giving credit where credit is due. As well as my own knowledge, for this rundown I gathered information from these articles:
diTii.com D'
http://www.ditii.com/2010/03/30/sharepoint-workspace-spw-2010-part-of-microsoft-office-2010-professional-plus-explained/
PCmag.com
http://www.pcmag.com/article2/0,2817,2350052,00.asp
Microsoft Office 2010, codenamed Office 14, is a productivity suite for Microsoft Window’s and the successor to Microsoft Office 2007 for Microsoft Windows. Office 2010 includes extended file compatibility user interface updates and a refined user experience. It will be available for Windows XP SP3 (32-bit), Windows Vista SP1, and Windows 7. With the introduction of Office 2010, a 64-bit version of Office is available for the first time, although only for Windows Vista SP1, Windows Server 2008 SP1, Windows 7 and Windows Server 2008 R2 Neither the 32-bit edition of Office 2010 nor the 64-bit edition is supported on Windows XP Professional x64 Edition.
On April 15, 2010, Microsoft announced that Office 2010 had been released to manufacturing, with those Volume Licensing customers who have Software Assurance being able to download the software from April 27. It will be available in June in retail stores in the US and Europe.
Office 2010 marks the debut of free online versions of Word, Excel, PowerPoint, and OneNote, which will work in popular web browsers (Internet Explorer, Mozilla Firefox, Google Chrome and Apple Safari). A new edition of Office, Office Starter 2010, will replace the current low-end home productivity software, Microsoft Works.
Microsoft's update to its mobile productivity suite, Office Mobile 2010, will also be released for Windows Phones running Windows Mobile 6.5 and Windows Phone 7. In Office 2010, every application has the Ribbon, including OneNote 2010, Publisher 2010, InfoPath 2010, SharePoint Workspace 2010 (the new name for Microsoft Office Groove 2007) and the new Office Web Apps.
Tweet me @Macnamara_MB or comment on the blog.
Next Week: Microsoft Office 2010: Pros and Cons
I’ve worked in the tech industry for 4 years and have recently joined Macnamara and believe in giving credit where credit is due. As well as my own knowledge, for this rundown I gathered information from these articles:
diTii.com D'
http://www.ditii.com/2010/03/30/sharepoint-workspace-spw-2010-part-of-microsoft-office-2010-professional-plus-explained/
PCmag.com
http://www.pcmag.com/article2/0,2817,2350052,00.asp
The Hijacked Browser
From: Dan Shterev @Macnamara_Dan
Today I would like to share a issue which arose with one of our clients recently, and most importantly, the solution.
The problem was quite tricky - when internet explorer is opened a message pops up on the screen asking you to complete a survey otherwise will not let you browse the page.
Of course, if you click to start the survey you were automatically redirected to one of those silly websites where you can play poker, games etc.
The funny thing was that you could not get rid of this message in any way in Internet explorer.
It would be natural to assume that it could be easily fixed, however this was not the case.
I tried to reset Internet Explorer-which in most of the cases would solve your problem with Internet explorer. However, in this case the message kept appearing.
I tried logging on as administrator but the message continued to appear even when opening stable sites like bbc.co.uk or aol.com.
Interesting enough was that there wasn’t any information in Google about this message in particular which I was getting on the screen so I had to find my way to resolve this issue.
After running an antivirus scan I did not get any viruses detected, then I tried Malwarebytes but it was the same-the computer looked clean and not infected at all.
I checked the running processes but still I didn’t see anything suspicious but I decided to run one more check with Trojan Remover. The difference between Malwarebytes and Trojan remover is that TR checks all running processes and if some of them are infected it tries to clean and repair them. To my surprise TR detected infected file called infocard.exe, which I had noticed before with HijackThis but ignored because the description of the file says: "infocard.exe is a Windows CardSpace from Microsoft Corporation belonging to Microsoft® .NET Framework". This naturally made me think it was insignificant.
Basically the file was needed by Windows but it was infected and this was causing the browser to be hijacked-meaning that whatever you do when try to open page this process was trying to redirect you to certain web pages - potentially unsafe ones.
After rebooting the machine, TR had successfully cleaned the file and the problem was gone.
Problem:
Message popup in Internet Explorer could not let you access address bar or browse websites – instead trying to redirect you to unsafe websites.
Solution:
1. Run Trojan Remover – disinfecting “infocard.exe”
2. Reboot
Today I would like to share a issue which arose with one of our clients recently, and most importantly, the solution.
The problem was quite tricky - when internet explorer is opened a message pops up on the screen asking you to complete a survey otherwise will not let you browse the page.
Of course, if you click to start the survey you were automatically redirected to one of those silly websites where you can play poker, games etc.
The funny thing was that you could not get rid of this message in any way in Internet explorer.
It would be natural to assume that it could be easily fixed, however this was not the case.
I tried to reset Internet Explorer-which in most of the cases would solve your problem with Internet explorer. However, in this case the message kept appearing.
I tried logging on as administrator but the message continued to appear even when opening stable sites like bbc.co.uk or aol.com.
Interesting enough was that there wasn’t any information in Google about this message in particular which I was getting on the screen so I had to find my way to resolve this issue.
After running an antivirus scan I did not get any viruses detected, then I tried Malwarebytes but it was the same-the computer looked clean and not infected at all.
I checked the running processes but still I didn’t see anything suspicious but I decided to run one more check with Trojan Remover. The difference between Malwarebytes and Trojan remover is that TR checks all running processes and if some of them are infected it tries to clean and repair them. To my surprise TR detected infected file called infocard.exe, which I had noticed before with HijackThis but ignored because the description of the file says: "infocard.exe is a Windows CardSpace from Microsoft Corporation belonging to Microsoft® .NET Framework". This naturally made me think it was insignificant.
Basically the file was needed by Windows but it was infected and this was causing the browser to be hijacked-meaning that whatever you do when try to open page this process was trying to redirect you to certain web pages - potentially unsafe ones.
After rebooting the machine, TR had successfully cleaned the file and the problem was gone.
Problem:
Message popup in Internet Explorer could not let you access address bar or browse websites – instead trying to redirect you to unsafe websites.
Solution:
1. Run Trojan Remover – disinfecting “infocard.exe”
2. Reboot
Tuesday 1 June 2010
Blog update
From: Kate Coles @Macnamara_Kate
We now have 2 blogs.
For the tech savvy check out Our Technical Archive is a catalogue of technical help and support.
For clients and those with an interest in Macnamara Our Blog details business developments and interesting articles which we want to share our perspective on.
For a micro blogging Macnamara hit, check out our twitter.
We now have 2 blogs.
For the tech savvy check out Our Technical Archive is a catalogue of technical help and support.
For clients and those with an interest in Macnamara Our Blog details business developments and interesting articles which we want to share our perspective on.
For a micro blogging Macnamara hit, check out our twitter.
Tuesday 25 May 2010
BSOD on XP Re-Installation on a Vista - Ready Hardware
If you are re-installing a PC or Laptop that has just come back from the manufacturer with Windows Vista or XP, or if you need to clean install XP and the machine was deigned for use with XP, you may get a BSOD during the inital setup.
This often indicates a hard drive error. Vista uses a different method of detecting SATA hard drives, which is not recognised by XP, and this might be resolved by going into the BIOS settings and changing the configuration on the hard drive to ATA.
XP Should now be able to see the hard drive and allow setup to continue.
This often indicates a hard drive error. Vista uses a different method of detecting SATA hard drives, which is not recognised by XP, and this might be resolved by going into the BIOS settings and changing the configuration on the hard drive to ATA.
XP Should now be able to see the hard drive and allow setup to continue.
Thursday 20 May 2010
How to Install Windows 2008 Terminal Server (Remote Desktop Services) with Remote Application Sharing
How to Install Windows 2008 Terminal Server (Remote Desktop Services) with Remote Application Sharing
Terminal Services has been renamed for Windows Server 2008 to Remote Desktop Services.
After installing Server Standard or Enterprise 2008, you will need to add the Remote Desktop Services Role to the Server.
1) Open Server Manager
2) Select Roles
3) Select Add Roles
4) Click next on the first Screen
5) From the Selection List select Remote Desktop Services
You will be presented with a selection of different defined options under this role. Standard Terminal Services is covered under 'Remote Desktop Session Host'
6) Select Remote Desktop Session Host (formerly Terminal Server)
7) Install
You will need to restart the Server after the installation.
Remote Application Sharing
You can run Software in Terminal Services mode using the Remote Desktop Services RemoteApp Manager. For example, Quick Books (an accounting software used by small businesses) can be accessed from another office without having to log on to the terminal server under an RDP session. Instead, you can send a link to the application which will run in Terminal Server, or Remote Application, mode.
You will need to install the software you wish to run on the Server first.
To configure Remote application sharing on the Terminal Server:
1) Open Administrative Tools, Remote Desktop Services, RemoteApp Manager
2) From the selection list on the right hand side, select Add RemoteApp Programs
3) In the RemoteApp Wizard, click Next
4) Select the program or programs that you wish to run and click Next
5) Click Finish
(Note: Remote Users need to have a user account in your Domain you log onto)
Create an Remote Desktop Shortcut to your RemoteApp
1) From the list of RemoteApp Programs, select your program, e.g. Quick Books
2) From the slection list on the right hand side, select Create .rdp File
3) The RemoteApp Wizard will open again - click Next
4) Select the location to save the package. The default is C:\Program Files\Packaged Programs
5) Select the server name. This is the external dns address of your Domain e.g. serverts.domainname.com that resolves to your location.
6) Select the Server Port. The default is 3389 for Remote Desktop. If you have Port Redirection enabled on the local router, you should change the port to the port assigned to the Terminal Server.
7) Leave the other settings as default
8) Click Next and Finish
You can e-mail this shortcut to your clients, or make it available for download through FTP. When the user double clicks on the icon, they will be prompted a variant of teh Remote Desktop Window, be prompted for their Username and Password for your domain. The application will open in Terminal Services, with all the appearances of opening on the local computer.
Terminal Services has been renamed for Windows Server 2008 to Remote Desktop Services.
After installing Server Standard or Enterprise 2008, you will need to add the Remote Desktop Services Role to the Server.
1) Open Server Manager
2) Select Roles
3) Select Add Roles
4) Click next on the first Screen
5) From the Selection List select Remote Desktop Services
You will be presented with a selection of different defined options under this role. Standard Terminal Services is covered under 'Remote Desktop Session Host'
6) Select Remote Desktop Session Host (formerly Terminal Server)
7) Install
You will need to restart the Server after the installation.
Remote Application Sharing
You can run Software in Terminal Services mode using the Remote Desktop Services RemoteApp Manager. For example, Quick Books (an accounting software used by small businesses) can be accessed from another office without having to log on to the terminal server under an RDP session. Instead, you can send a link to the application which will run in Terminal Server, or Remote Application, mode.
You will need to install the software you wish to run on the Server first.
To configure Remote application sharing on the Terminal Server:
1) Open Administrative Tools, Remote Desktop Services, RemoteApp Manager
2) From the selection list on the right hand side, select Add RemoteApp Programs
3) In the RemoteApp Wizard, click Next
4) Select the program or programs that you wish to run and click Next
5) Click Finish
(Note: Remote Users need to have a user account in your Domain you log onto)
Create an Remote Desktop Shortcut to your RemoteApp
1) From the list of RemoteApp Programs, select your program, e.g. Quick Books
2) From the slection list on the right hand side, select Create .rdp File
3) The RemoteApp Wizard will open again - click Next
4) Select the location to save the package. The default is C:\Program Files\Packaged Programs
5) Select the server name. This is the external dns address of your Domain e.g. serverts.domainname.com that resolves to your location.
6) Select the Server Port. The default is 3389 for Remote Desktop. If you have Port Redirection enabled on the local router, you should change the port to the port assigned to the Terminal Server.
7) Leave the other settings as default
8) Click Next and Finish
You can e-mail this shortcut to your clients, or make it available for download through FTP. When the user double clicks on the icon, they will be prompted a variant of teh Remote Desktop Window, be prompted for their Username and Password for your domain. The application will open in Terminal Services, with all the appearances of opening on the local computer.
Message Includes an Invalid Address
From @ciaranjkenny
When a message is sent from the Blackberry handset it initially appears to go but is then displayed on the handset marked with a red X, meaning it hasn't been sent. When the message is opened it shows a status: 'message includes an invalid address'
This can be caused if the Exchange server has been restarted and the BES server is running on a different box. In this case the CDO MAPI connection made by the BES server to the Exchange server is disrupted in the same way that an Outlook connection to Exchange is disrupted by restarting the Exchange server. Outlook will sometimes restore its connection but, more often, it is necessary to restart Outlook. In the case of the CDO MAPI connection from BES to Exchange the quickest fix for the problem is to restart the box on which the BES is running.
Related Tickets
When a message is sent from the Blackberry handset it initially appears to go but is then displayed on the handset marked with a red X, meaning it hasn't been sent. When the message is opened it shows a status: 'message includes an invalid address'
This can be caused if the Exchange server has been restarted and the BES server is running on a different box. In this case the CDO MAPI connection made by the BES server to the Exchange server is disrupted in the same way that an Outlook connection to Exchange is disrupted by restarting the Exchange server. Outlook will sometimes restore its connection but, more often, it is necessary to restart Outlook. In the case of the CDO MAPI connection from BES to Exchange the quickest fix for the problem is to restart the box on which the BES is running.
Related Tickets
Wednesday 19 May 2010
The Ghost File!
From @macnamara_dan
I have recently dealt with a BSOD (Blue Screen of Death) with one of our clients. It was causing constant reboots with message:
Problem seems to be caused by the following file aopyjy.sys.
Fault found in nonpaged area.
My first step was to research for information about the file and see what it is. To my surprise my search yielded no info about this file(!) I tried Google search, Yahoo, Bing, Ask, Livesearch but found nothing-zero! No info whatsoever. The file was located in C:\Windows\System32\Drivers\aopyjy.sys
My first thought was that could be some kind of malware so I started with antivirus scan which returned with: no threats found.
I then I ran Malware bytes antimalware-updated to latest version, full scan- still no threats found.
I then I ran HiJack this -I looked over the log and there was nothing unusual.
Next step was ADS spy scan plus Trojan remover, and yet again – no threats found!
Next I ran the registry scan for this file and found a key in registry under Search assistant-ACMru-5603 folder key (a typical place for storing malware files). I removed this key, but the BSOD kept appearing.
Then I decided to check what why this file was in this particular directory and see if there was any way to remove it manually.
What I noticed was that, the file was around 800kb and the strangest thing is that the file was being modified every minute. It was as if someone or something was constantly using the file and modifying it in the background. That was scary but this was not the only issue.
I tried to delete or rename it however, surprise surprise, this was not possible. To try and remedy this I went into Safe mode-no luck. The file was being loaded with the operating system and was not possible to delete whilst Windows is running.
So my next step was to log on from another windows installation through Windows Live CD boot disk-I have tried couple of them, such as Hiren Boot CD and Erd Commander but no luck- this time I got another blue screen. So I decided to try to logon through Windows recovery console from Windows installation CD but this was not possible-another blue screen.
In this case I gave up and ran some check disk tests, because I had in mind that there was possible hard drive failure (info which I gleaned from the second blue screen. Obviously, if you suspect that the hard drive is failing, you run command prompt "chkdsk" the integrated tool in Windows designed to check the disk for errors. So if you have bad sectors on your hard drive, then you should strongly consider replacing the hard drive, because it's possible to lose all your data when the hard drive eventually fails.
The command prompt returned bad sectors, which confirmed my concerns for failed hard drive. A failed hard drive is obviously a serious issue which can be costly. So I checked the computer was still under warranty by phoning Dell.
At Macnamara we use Dell as our partner because we feel they offer the best after sales service and support in the business. Following my telephone call they have resolved the problem by replacing the hard drive-which resolved my problem once for all. However, I keep wondering, what this file was and why there is no information about it anywhere on the Web!!!
Has anyone else encountered this problem and how did they solve it? If you have read this post whilst researching for a resolution to the aopyjy.sys file, we hope our experience helped you.
If you have used our solutions, we’d love to hear from you. Just drop us a comment on our blog.
I have recently dealt with a BSOD (Blue Screen of Death) with one of our clients. It was causing constant reboots with message:
Problem seems to be caused by the following file aopyjy.sys.
Fault found in nonpaged area.
My first step was to research for information about the file and see what it is. To my surprise my search yielded no info about this file(!) I tried Google search, Yahoo, Bing, Ask, Livesearch but found nothing-zero! No info whatsoever. The file was located in C:\Windows\System32\Drivers\aopyjy.sys
My first thought was that could be some kind of malware so I started with antivirus scan which returned with: no threats found.
I then I ran Malware bytes antimalware-updated to latest version, full scan- still no threats found.
I then I ran HiJack this -I looked over the log and there was nothing unusual.
Next step was ADS spy scan plus Trojan remover, and yet again – no threats found!
Next I ran the registry scan for this file and found a key in registry under Search assistant-ACMru-5603 folder key (a typical place for storing malware files). I removed this key, but the BSOD kept appearing.
Then I decided to check what why this file was in this particular directory and see if there was any way to remove it manually.
What I noticed was that, the file was around 800kb and the strangest thing is that the file was being modified every minute. It was as if someone or something was constantly using the file and modifying it in the background. That was scary but this was not the only issue.
I tried to delete or rename it however, surprise surprise, this was not possible. To try and remedy this I went into Safe mode-no luck. The file was being loaded with the operating system and was not possible to delete whilst Windows is running.
So my next step was to log on from another windows installation through Windows Live CD boot disk-I have tried couple of them, such as Hiren Boot CD and Erd Commander but no luck- this time I got another blue screen. So I decided to try to logon through Windows recovery console from Windows installation CD but this was not possible-another blue screen.
In this case I gave up and ran some check disk tests, because I had in mind that there was possible hard drive failure (info which I gleaned from the second blue screen. Obviously, if you suspect that the hard drive is failing, you run command prompt "chkdsk" the integrated tool in Windows designed to check the disk for errors. So if you have bad sectors on your hard drive, then you should strongly consider replacing the hard drive, because it's possible to lose all your data when the hard drive eventually fails.
The command prompt returned bad sectors, which confirmed my concerns for failed hard drive. A failed hard drive is obviously a serious issue which can be costly. So I checked the computer was still under warranty by phoning Dell.
At Macnamara we use Dell as our partner because we feel they offer the best after sales service and support in the business. Following my telephone call they have resolved the problem by replacing the hard drive-which resolved my problem once for all. However, I keep wondering, what this file was and why there is no information about it anywhere on the Web!!!
Has anyone else encountered this problem and how did they solve it? If you have read this post whilst researching for a resolution to the aopyjy.sys file, we hope our experience helped you.
If you have used our solutions, we’d love to hear from you. Just drop us a comment on our blog.
Tuesday 18 May 2010
Getting our blog on
We are hoping to start frequently posting blogs within the next week.
We know that so much of the IT community is online and we, like many, troubleshoot for solutions online.
We hope to give you plenty to read from updating you on any problems the guys have faced working on client projects (and, more importantly, the solutions!) to links to interesting developments in technolgy.
We hope you enjoy reading our posts during this time of constant development.
We know that so much of the IT community is online and we, like many, troubleshoot for solutions online.
We hope to give you plenty to read from updating you on any problems the guys have faced working on client projects (and, more importantly, the solutions!) to links to interesting developments in technolgy.
We hope you enjoy reading our posts during this time of constant development.
SBS 2008 - Sharepoint 3.0
An interesting quirk in setting up SBS 2008. If you try and add users before running the 'Set Up Your Internet Address' Wizard, when you subsequently try and run the wizard, it fails; true to MS form, it doesn't give you any reason for this failure.
In the System Event Log, it coincides with the Event:
Log Name: Application
Source: Windows SharePoint Services 3
Date: 18/05/2010 13:47:30
Event ID: 5586
Task Category: Database
Level: Error
Keywords: Classic
User: N/A
Computer: SERVER01.ingealtoir08.local
Description:
Unknown SQL Exception 33002 occured. Additional error information from SQL Server is included below.
Access to module dbo.proc_getObjectsByClass is blocked because the signature is not valid.
Event Xml:
5586
2
484
0x80000000000000
41874
Application
SERVER01.ingealtoir08.local
33002
Access to module dbo.proc_getObjectsByClass is blocked because the signature is not valid.
<:event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">A Google search may lead you to believe that any one of a number of Hotfixes are required, followed by running the 'Sharepoint Products and Technologies Configuration Wizard'. In actual fact, all that is required is to run this Wizard in the first place. Once compelted, you can run the Set Up Your Internet Address Wizard and it completes sucessfully.
In the System Event Log, it coincides with the Event:
Log Name: Application
Source: Windows SharePoint Services 3
Date: 18/05/2010 13:47:30
Event ID: 5586
Task Category: Database
Level: Error
Keywords: Classic
User: N/A
Computer: SERVER01.ingealtoir08.local
Description:
Unknown SQL Exception 33002 occured. Additional error information from SQL Server is included below.
Access to module dbo.proc_getObjectsByClass is blocked because the signature is not valid.
Event Xml:
33002
Access to module dbo.proc_getObjectsByClass is blocked because the signature is not valid.
<:event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">A Google search may lead you to believe that any one of a number of Hotfixes are required, followed by running the 'Sharepoint Products and Technologies Configuration Wizard'. In actual fact, all that is required is to run this Wizard in the first place. Once compelted, you can run the Set Up Your Internet Address Wizard and it completes sucessfully.
Friday 19 February 2010
Use Kaseya to Boot in to Safe Mode with VNC Access
Have you ever had trouble with a Remote PC, maybe with a virus, or a driver corruption, where you just needed to get into Safe Mode but didn't want to arrange a site visit?
The following Kaseya Scripts will add the VNC Client and the Kaseya Agent to the startup registry for Safe Mode, then restart the machine (with a 2 minute warning to the User) that machine is about to reboot into Safe Mode.
The Script edits boot.cfg so that the next time the machine restarts it boots into Safe Mode with Networking.
--
Script Name: Boot Into Safe Mode With VNC (PT1)
Script Description: [posted by geoff@lynxcomputing.com]
Edits the Registry to include WinVNC and KaseyaAgent in safe mode services. Edits boot.ini. Reboots into Safe Mode after 2 mins - Remote Controllable!
IF True
THEN
Set Registry Value
Parameter 1 : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinVNC4\
Parameter 2 : Service
Parameter 3 : REG_SZ
OS Type : 0
Pause Script
Parameter 1 : 10
OS Type : 0
Set Registry Value
Parameter 1 : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\KaseyaAgent\
Parameter 2 : Service
Parameter 3 : REG_SZ
OS Type : 0
Pause Script
Parameter 1 : 10
OS Type : 0
Send Message
Parameter 1 : This Machine Will ReBoot Into Safe Mode in 2mins. Please Save All Open Documents.
Parameter 2 : 1
OS Type : 0
Pause Script
Parameter 1 : 120
OS Type : 0
Write Script Log Entry
Parameter 1 : The Machine Was Sent A Command To ReBoot Into Safe Mode
OS Type : 0
Execute Shell Command
Parameter 1 : bootcfg /Raw "/safeboot:network /sos /bootlog /noguiboot" /id 1
Parameter 2 : 1
OS Type : 0
Pause Script
Parameter 1 : 10
OS Type : 0
Reboot
OS Type : 0
ELSE
--
Hey Presto! The PC reboots, the agent comes back online, and you have remote access to the PC in Safe Mode.
Now you need to restart the machine into normal mode. You'll need another script that changes boot.cfg to restart the machine normally.
--
Script Name: Boot Into Safe Mode With VNC (PT2)
Script Description: [posted by geoff@lynxcomputing.com]
Restores Boot.ini to standard. Reboots into Windows (Instant).
IF True
THEN
Execute Shell Command
Parameter 1 : bootcfg /Raw "/noexecute=optin /fastdetect" /id 1
Parameter 2 : 1
OS Type : 0
Pause Script
Parameter 1 : 10
OS Type : 0
Write Script Log Entry
Parameter 1 : The Machine Was ReBooted into Windows
OS Type : 0
Reboot
OS Type : 0
ELSE
--
Posted by Geoff
Follow Lynx on Twitter
http://twitter.com/geoff_lynx
http://twitter.com/CiaranJKenny
The following Kaseya Scripts will add the VNC Client and the Kaseya Agent to the startup registry for Safe Mode, then restart the machine (with a 2 minute warning to the User) that machine is about to reboot into Safe Mode.
The Script edits boot.cfg so that the next time the machine restarts it boots into Safe Mode with Networking.
--
Script Name: Boot Into Safe Mode With VNC (PT1)
Script Description: [posted by geoff@lynxcomputing.com]
Edits the Registry to include WinVNC and KaseyaAgent in safe mode services. Edits boot.ini. Reboots into Safe Mode after 2 mins - Remote Controllable!
IF True
THEN
Set Registry Value
Parameter 1 : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinVNC4\
Parameter 2 : Service
Parameter 3 : REG_SZ
OS Type : 0
Pause Script
Parameter 1 : 10
OS Type : 0
Set Registry Value
Parameter 1 : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\KaseyaAgent\
Parameter 2 : Service
Parameter 3 : REG_SZ
OS Type : 0
Pause Script
Parameter 1 : 10
OS Type : 0
Send Message
Parameter 1 : This Machine Will ReBoot Into Safe Mode in 2mins. Please Save All Open Documents.
Parameter 2 : 1
OS Type : 0
Pause Script
Parameter 1 : 120
OS Type : 0
Write Script Log Entry
Parameter 1 : The Machine Was Sent A Command To ReBoot Into Safe Mode
OS Type : 0
Execute Shell Command
Parameter 1 : bootcfg /Raw "/safeboot:network /sos /bootlog /noguiboot" /id 1
Parameter 2 : 1
OS Type : 0
Pause Script
Parameter 1 : 10
OS Type : 0
Reboot
OS Type : 0
ELSE
--
Hey Presto! The PC reboots, the agent comes back online, and you have remote access to the PC in Safe Mode.
Now you need to restart the machine into normal mode. You'll need another script that changes boot.cfg to restart the machine normally.
--
Script Name: Boot Into Safe Mode With VNC (PT2)
Script Description: [posted by geoff@lynxcomputing.com]
Restores Boot.ini to standard. Reboots into Windows (Instant).
IF True
THEN
Execute Shell Command
Parameter 1 : bootcfg /Raw "/noexecute=optin /fastdetect" /id 1
Parameter 2 : 1
OS Type : 0
Pause Script
Parameter 1 : 10
OS Type : 0
Write Script Log Entry
Parameter 1 : The Machine Was ReBooted into Windows
OS Type : 0
Reboot
OS Type : 0
ELSE
--
Posted by Geoff
Follow Lynx on Twitter
http://twitter.com/geoff_lynx
http://twitter.com/CiaranJKenny
Thursday 14 January 2010
Monitoring Services using Kaseya
Monitoring Services on a Server is one of the top tasks for any IT Support company. Getting a stopped service restarted before anybody notices can save you a lot of time and effort, and ensures that the Client experiences minimal downtime. Imagine if you never had to wait for someone to call to let you know their e-mail isn't working? Exchange Information store stops, but because you are monitoring it, and have set the correct recovery options, it restarts by itself without any intervention from you, and without the client even noticing?
Kaseya can monitor these services, however getting the appropriate restart response and alerts can be tricky.
Monitor Sets can be set up for each service on the Server (or indeed on a PC), and can be configured to attempt to restart the Service 3 times at selected intervals. The Monitor set can then send you an e-mail and set up a dashboard alert.
However, what we really need is to be alerted only if the service is not sucessfully re-started. This requires a little more work, but gives very much more satisfying results. No intervention is necessary unless the service didn't restart after 3 attempts, in which case it might by symptomatic of something bigger going on, in which case you'll need/want to intervene anyway.
Monitor Set
Configure your Monitor Set in Kaseya to monitor the Selected Service; in this example I'll use the POP3svc Service. Configure the recovery options to 3 restart attempts at 1 minute intervals.
However, do not set the monitor set to alarm or to e-mail. We only need to know if the Service did not restart. Instead, we want it to call a script to check that the service has restarted.
Script 1
Script Name: 10.1.1.5a) Wait 5 mins
Script Description: [GMC]
Wait 5 mins then check POP3SVC Service is running
IF True
THEN
Schedule Script
Parameter 1 : 10.1.1.5b) MS Exchage POP3
Parameter 2 : 5
Parameter 3 :
OS Type : 0
ELSE
This waits 5 minutes, giving the monitor set enough time to attempt the restart, then calls script 2 to check that it is running:
Script 2
Script Name: 10.1.1.5b) MS Exchange POP3
Script Description: [GMC]
Monitor Set - Lynx - Exchange POP3
IF Service is Running
Parameter 1 : pop3svc
THEN
Write Script Log Entry
Parameter 1 : 10.1.1.5 MS Exchange POP3 Service was restarted by Lynx Monitoring
OS Type : 0
ELSE
Execute Shell Command
Parameter 1 : eventcreate /l system /so "LYNX MONITORING" /t warning /id 601 /d "The POP3Svc Service failed to restart after 3 attempts by Lynx Monitoring. An alert was raised."
Parameter 2 : 0
OS Type : 0
Write Script Log Entry
Parameter 1 : 10.1.1.5 The POP3Svc Service failed to restart after 3 attempts by Lynx Monitoring. An alert was raised.
OS Type : 0
This 2nd script checks that the service is running. If it is, it writes to the script log that Lynx Monitoring (thats us!) saw that the service stopped, and was restarted.
If the service is not running, then using the command line, it writes a System Event using the eventcreate cmd, ID 601 from source Lynx Monitoring.
Alerts
This is the good bit. You then configure an alert to search the Event Log for Event ID 601 (or whatever you chose as your ID) from source Lynx Monitoring (replace, obviously, with your own company name). If it finds this event, only then will you receive an e-mail and an alert on your monitoring dashboard, indicating that the service is still not running after 5 minutes and 3 attempted restarts.
The best bit about this is that you only need 1 alert for all the services on the server. Each Service needs it's own monitor set, and its own small script to check that they have restarted, but the Alert is only looking for ID 601 from Lynx Monitoring. When you configure your alert e-mail, it will populate the contents with the details of the service, which you entered using the 'eventcreate' command.
Summary
A little time is needed to set up the monitor sets for each service and creating the scripts, but once you have the details set, it should just be a case of changing the service name in each new script. And just think, you'll never have to check the services on startup ever again.
Also, ss long as you remember to create the script log entry, you will also be able to fully report to the client on every service you restarted over the month.
Kaseya can monitor these services, however getting the appropriate restart response and alerts can be tricky.
Monitor Sets can be set up for each service on the Server (or indeed on a PC), and can be configured to attempt to restart the Service 3 times at selected intervals. The Monitor set can then send you an e-mail and set up a dashboard alert.
However, what we really need is to be alerted only if the service is not sucessfully re-started. This requires a little more work, but gives very much more satisfying results. No intervention is necessary unless the service didn't restart after 3 attempts, in which case it might by symptomatic of something bigger going on, in which case you'll need/want to intervene anyway.
Monitor Set
Configure your Monitor Set in Kaseya to monitor the Selected Service; in this example I'll use the POP3svc Service. Configure the recovery options to 3 restart attempts at 1 minute intervals.
However, do not set the monitor set to alarm or to e-mail. We only need to know if the Service did not restart. Instead, we want it to call a script to check that the service has restarted.
Script 1
Script Name: 10.1.1.5a) Wait 5 mins
Script Description: [GMC]
Wait 5 mins then check POP3SVC Service is running
IF True
THEN
Schedule Script
Parameter 1 : 10.1.1.5b) MS Exchage POP3
Parameter 2 : 5
Parameter 3 :
OS Type : 0
ELSE
This waits 5 minutes, giving the monitor set enough time to attempt the restart, then calls script 2 to check that it is running:
Script 2
Script Name: 10.1.1.5b) MS Exchange POP3
Script Description: [GMC]
Monitor Set - Lynx - Exchange POP3
IF Service is Running
Parameter 1 : pop3svc
THEN
Write Script Log Entry
Parameter 1 : 10.1.1.5 MS Exchange POP3 Service was restarted by Lynx Monitoring
OS Type : 0
ELSE
Execute Shell Command
Parameter 1 : eventcreate /l system /so "LYNX MONITORING" /t warning /id 601 /d "The POP3Svc Service failed to restart after 3 attempts by Lynx Monitoring. An alert was raised."
Parameter 2 : 0
OS Type : 0
Write Script Log Entry
Parameter 1 : 10.1.1.5 The POP3Svc Service failed to restart after 3 attempts by Lynx Monitoring. An alert was raised.
OS Type : 0
This 2nd script checks that the service is running. If it is, it writes to the script log that Lynx Monitoring (thats us!) saw that the service stopped, and was restarted.
If the service is not running, then using the command line, it writes a System Event using the eventcreate cmd, ID 601 from source Lynx Monitoring.
Alerts
This is the good bit. You then configure an alert to search the Event Log for Event ID 601 (or whatever you chose as your ID) from source Lynx Monitoring (replace, obviously, with your own company name). If it finds this event, only then will you receive an e-mail and an alert on your monitoring dashboard, indicating that the service is still not running after 5 minutes and 3 attempted restarts.
The best bit about this is that you only need 1 alert for all the services on the server. Each Service needs it's own monitor set, and its own small script to check that they have restarted, but the Alert is only looking for ID 601 from Lynx Monitoring. When you configure your alert e-mail, it will populate the contents with the details of the service, which you entered using the 'eventcreate' command.
Summary
A little time is needed to set up the monitor sets for each service and creating the scripts, but once you have the details set, it should just be a case of changing the service name in each new script. And just think, you'll never have to check the services on startup ever again.
Also, ss long as you remember to create the script log entry, you will also be able to fully report to the client on every service you restarted over the month.
Subscribe to:
Posts (Atom)