As a general rule I rarely if even use this product but if I ever needed to stop and ask myself why then Trend just gave me another reason. I am working with a client who uses this to protect there servers and desktops. They just expanded and need a few more licenses. Should be easy I would think, I call them, they punch some numbers into their systems and we have more licenses. Apparently that isn’t how it works. In order to get more licenses I have to install a second instance of the software on the server with the extra licenses. How in any way does that make sense. Now I will be the first person to tell you that I am not a huge fan of Symantec End Point protection even though I end up using it fairly regularly, but at the very least I don’t have to install a second instance of the software to get 2 more licenses. Yeesh.
I have installed WSUS 3.0 so many time’s I could likely do it while drunk (not that I advocate drinking and networking as a general rule), not that this is a particularly great accomplishment because it’s really not that complicated. That’s what makes it all the more aggravating when it doesn’t work. I was installing WSUS on a DC and it kept failing with error The setup has encountered an unexpected error while Setting Internal Properties.. I did everything I could think of here. I re-installed all the components of WSUS, I tried both an internal windows database as well as installing SQL and installed WSUS into a SQL instance. Nothing worked until for a completely un-related reason I had to demote and re-promote the server as a domain controller and after that WSUS installed without issues. Sometimes I think that even Sherlock Holmes would not be able to solve the mystery that is Microsoft software.
Let me preface this blog entry by saying that I like Watchguard firewalls, I acutally like them a lot, and no firewall products out there lack flaws ….. here comes the but … but sometimes some of the issues I see with Watchguards really make me scratch my head and wonder what the developers were thinking. On the Edge devices, which for those of you who are not aware of them are their entry level line for small to medium sized business’s as well as for branch offices, they have the options for both a trusted and an optional(DMZ) networks. The problem is that it lacks the ability to insert any type of granular control between them. Is it just me or does this not completely negate the entire purpose of a DMZ network? You can open all traffic between them which is completely useless or completely close all traffic which is fine for a guest network I guess, but you could accomplish the same task by putting a second $50 dollar linksys router in. What is even more mind boggling is that other similiar products on the market all have this ability so I am not sure why the Edge’s lack it other than that I assume they just don’t like me very much.
I don’t work with SQL jobs too much, but here is an error I just got, but I was troubleshooting an issue with SQL backup jobs failing, here was the error in event log.
tcpsvcs (2640) The backup has been stopped because it was halted by the client or the connection with the client failed.
Though the SQL server agent looked fine, I stopped ans started it anyways and that fixed the issue.
Here’s a tip to developers if you don’t want to be universally hated by me. If you want to create your VPN software so that it drop’s the tunnel after 3 minutes if it doesn’t receive keep alive packets on UDP ports 500 and 4500 thats fine. However please have the software create exceptions in widows firewall or alert me or document it somewhere on your site so that I don’t have to waste an entire morning trying to figure out why it’s not working. ARGH!
As a general rule I quite like the Citrix Print manager, overall it does it’s job quite well and I think it supports a diverse group of printers. What I don’t like is when some people buy the crappiest, cheapest printers imaginable and then get angry at me when they don’t work with Citrix, particularly when they have had this issue before and I sent them the approved printers list and this printer isn’t on it. So for those times when “Buy a better printer” isn’t an appropriate response, here is the best solution I have.
Set the printer up as a network printer (buy the absolute cheapest usb print server if you have to), and then create a startup script to map LPT1 to the network share.
net use lpt1: \\servername\printername
Create a new printer using the HP LJ 1100 driver and assign it to print to LPT1. Rename the printer to something the user will associate with to his printer.
It’s quick and dirty but it works.
So I am called in to fix a problem with a server being offline. I get onsite to find that the server is frozen and the last message was a delayed write failure. Give it a reboot and it blue screens. Boot into safe mode, works fine, I can get into windows, only suspicious event log errors are the delayed write failures. Boot into Safe Mode with Networking causes it to freeze again. Boot into normal mode with network cable unplugged and everything comes up ok. Plug in the network cable and try pinging, pings are intermitant, some work, some not, response is in the 1000’s of milliseconds. Try from another machine, same issue. Server freezes again. It’s about this time I realize the server is likely just a red herring (a crappy designed red herring) and start troubleshooting the network issue. Sometimes pings work fine, sometimes slow, sometimes not at all. Reboot all the main switches, same issue. So I start asking questions around. Turns out all the issues started around the time that someone dropped the small d-link hub by there desk. Bingo. Turn that off problems cease. Server comes back on, no more freezing. Now this was an interesting problem but it illustrates a rant. What the hell is wrong with server 2003? All the XP machines were fine, none of them froze up. I am not sure if it’s a server 2003 issue or an SBS issue (I wouldn’t be shocked, since SBS sucks) but regardless this is just bad.
I got this error today when trying to log into the only DC at one of our client sites. Needless to say this is a bad sign when a DC can’t see it’s own domain. After a few checks I quickly found that none of the machines could log into the domain at all. Didn’t take me long to figure out that DNS must be hooped. To get it working I logged in locally on another server, opened up services.msc, connected to the DC by IP address and stopped and started the DNS server service, and just like that everything came back. Now here is the rant, DNS is so tightly integrated with AD that you can get these catch-22 scenario’s where you can’t log into a server because DNS isn’t working but you need to log in to fix DNS. While one can easily restart a service from another machine, any other in depth troubleshooting is difficult especially since in this situation it would have been a 45 minute drive to get to the physical box.
I have been seeing this issue alot lately. Citrix Print manager service stops working properly so you go to restart the service and the service hangs. You end up having to kill the process CPSVC.EXE, then restart the spooler service and then start the Citrix Print Manager service. It’s really obnoxious but at least it’s a relatively quick fix to get it working. If this happens alot it can be resolved permanently by Citrix hot fix PSE400W2K3022.
Wireless networks are getting more and more common and with good reason, they are damn useful, particularly when you get a lot of guests or vendors who visit your office. However they can be an absolute pain in the butt to troubleshoot. Part of this is because in a 9 times of 10 the person installing it buys the cheapest linksys or d-link wireless router they can find and installs it with the standard settings so you end up have 15 networks in proximity all with the same name and all on the same channel. It also seems that some people don’t see the correlation between the 2.4 ghz router they bought and all those cordless phones in their office that say 2.4 ghz on them. Plus why don’t some people realize that security could be important. To quote one of my co-workers “God bless the people who don’t realize they should put some form of security on their wireless networks because otherwise I would have to pay for internet at home”, great for your neighbours, bad for your network.
So there is a bunch of stuff that can go wrong but how do you make it right? Well I like to use a little tool called Net Stumbler. A great tool which shows you all the networks in proximity, their names, which channel they are on, their signal strength, whether or not they are secure and what type encryption they are using. Take it from me, it is a god send when troubleshooting wireless network issues.