Pearl Tech » JohnP

Microsoft Office SharePoint Server 2007 SQL user account failure audits in the Application log

JohnP — Mon, 24 May 2010 10:02:57 +0000

If you’re like me, you cant stand any repetitive errors in your event log.

The other day I was reviewing the application log on my MOSS 2007 server and found the following events:

Great…Like clockwork, every minute, another error. This is a screen shot of my Application Log, shouldn’t this nonsense be in the Security Log?!?….

Well, before i start to panic, I look at my change com and see that a couple days ago some work was done on the Shared Service Provider (SSP). You know, that suite of services that handles all the cool stuff in MOSS.

Profiles and Audiences
My Sites
Search
All of Excel Services
All of the BDC (Business Data Catalog)

The interesting thing…All of those “cool” services were just fine.

So, I do some exploring, specifically inside SQL management Studio

(Considering that’s the source of the problem, not to mention Global Warming, Locust outbreak in Canton Illinois, etc).

What’s this? Under My SQL Jobs, there is a list of 4 DB_Job_DeleteExpiredSessions (of which, none are actually my current SSP)

HMMM>>>>So, I right click and disable all of them…

After a couple hours I come back and no new logs. COOL!

to finish, I delete the previous jobs and clear my event logs:

Considering myself lucky, I decided to reverse engineer a “Google” fix. Of course, I found the answer on Eventid.net, specifically this entry:

http://eventid.net/display.asp?eventid=18456&eventno=8175&source=MSSQLSERVER&phase=1

Mark Kelsay
In my case, this SQL server was hosting several MOSS 2007 databases. I found that the SQL agent was trying to login to a database that did not exist. MOSS uses SQL Server Jobs to delete expired sessions on a set schedule, every minute, to free up resources that are not being used. You will need to go into SQL Server management studio and disable the job called SharedServices_DB_job_deleteExpiredSessions. Once this is done you should no longer see those error messages in the event log. If you disable the right job, and the error message no longer appears, you can then delete the job. Always disable first. You do not want to delete until you are sure you got the right job.

Maybe you will find it useful,

Until then,

Shared Services Provider stuck at (Unprovisioning)

JohnP — Fri, 14 May 2010 18:54:25 +0000

I ran into this the other day.

Backstory:

I attempted to delete the Shared Services Provider (SSP)

Technorati Tags: Shared Services Provider Sharepoint 2007 MOSS MOSS 2007 Microsoft, but after letting it run for several hours, it never moved passed the “Unprovisioning” state on the Central Administration Website.

No Problem!

STSadm to to rescue…again:

when this happens, you have no choice but to get out the command line toolbox and force the Shared Services Provider to be removed.

the following command to do that is:

stsadm –o deletessp –title –force.

let it chew a little while, then reload the Central Admin page and the SSP should be gone.

Snippet

JohnP — Thu, 13 May 2010 20:40:38 +0000

A neat new tool in Windows 7 is the “Snipping tool”.

It can be found in “All Programs” >”Accessories” > Snipping tool

Drag it to your “Quick Launch” bar and have fun!

Avoiding Social Engineering and Phishing Attacks

JohnP — Wed, 28 Oct 2009 18:26:51 +0000

I’ve grabbed this post directly off of teh US-CERT security site. To review the original and other great articles, please visit the site at

http://www.us-cert.gov/cas/tips/ST04-014.html

National Cyber Alert System

Cyber Security Tip ST04-014

Avoiding Social Engineering and Phishing Attacks

Do not give sensitive information to anyone unless you are sure that they are indeed who they claim to be and that they should have access to the information.

What is a social engineering attack?

In a social engineering attack, an attacker uses human interaction (social skills) to obtain or compromise information about an organization or its computer systems. An attacker may seem unassuming and respectable, possibly claiming to be a new employee, repair person, or researcher and even offering credentials to support that identity. However, by asking questions, he or she may be able to piece together enough information to infiltrate an organization’s network. If an attacker is not able to gather enough information from one source, he or she may contact another source within the same organization and rely on the information from the first source to add to his or her credibility.

What is a phishing attack?

Phishing is a form of social engineering. Phishing attacks use email or malicious websites to solicit personal information by posing as a trustworthy organization. For example, an attacker may send email seemingly from a reputable credit card company or financial institution that requests account information, often suggesting that there is a problem. When users respond with the requested information, attackers can use it to gain access to the accounts.

Phishing attacks may also appear to come from other types of organizations, such as charities. Attackers often take advantage of current events and certain times of the year, such as

natural disasters (e.g., Hurricane Katrina, Indonesian tsunami)
epidemics and health scares (e.g., H1N1)
economic concerns (e.g., IRS scams)
major political elections
holidays

How do you avoid being a victim?

Be suspicious of unsolicited phone calls, visits, or email messages from individuals asking about employees or other internal information. If an unknown individual claims to be from a legitimate organization, try to verify his or her identity directly with the company.
Do not provide personal information or information about your organization, including its structure or networks, unless you are certain of a person’s authority to have the information.
Do not reveal personal or financial information in email, and do not respond to email solicitations for this information. This includes following links sent in email.
Don’t send sensitive information over the Internet before checking a website’s security (see Protecting Your Privacy for more information).
Pay attention to the URL of a website. Malicious websites may look identical to a legitimate site, but the URL may use a variation in spelling or a different domain (e.g., .com vs. .net).
If you are unsure whether an email request is legitimate, try to verify it by contacting the company directly. Do not use contact information provided on a website connected to the request; instead, check previous statements for contact information. Information about known phishing attacks is also available online from groups such as the Anti-Phishing Working Group (http://www.antiphishing.org).
Install and maintain anti-virus software, firewalls, and email filters to reduce some of this traffic (see Understanding Firewalls, Understanding Anti-Virus Software, and Reducing Spam for more information).
Take advantage of any anti-phishing features offered by your email client and web browser.

What do you do if you think you are a victim?

If you believe you might have revealed sensitive information about your organization, report it to the appropriate people within the organization, including network administrators. They can be alert for any suspicious or unusual activity.
If you believe your financial accounts may be compromised, contact your financial institution immediately and close any accounts that may have been compromised. Watch for any unexplainable charges to your account.
Immediately change any passwords you might have revealed. If you used the same password for multiple resources, make sure to change it for each account, and do not use that password in the future.
Watch for other signs of identity theft (see Preventing and Responding to Identity Theft for more information).
Consider reporting the attack to the police, and file a report with the Federal Trade Commission (http://www.ftc.gov/).

A Blank IIS Manager

JohnP — Fri, 23 Oct 2009 16:38:17 +0000

So, you’ve installed SharePoint Portal 2007 on a Windows 2003 R2 box. You go to launch IIS manager and BAM…nothing there.

WHAT! ARG! I QUIT!. But settle down, we’ve got you covered.
This is a bug and MS has a hotfix.
It appears the problem has to do with the SharePoint Timer Service.
Generally, doing an iisreset fixes the issue, but for a permanent fix, check out this KB, and get yourself the hotfix!

http://support.microsoft.com/kb/946517

Happy Collaborating!

Drag and Drop for Cloud Storage

JohnP — Wed, 14 Oct 2009 19:02:55 +0000

I imagine most of us are familiar with the newest technology buzz phrase…”Cloud Computing”. I would also be willing to bet that most of us are even using some sort of “Cloud Computing” service (whether we know it or not). In this post, I’d like to talk about a gem of an integration program a client just introduced me to.

The Programs:

Microsoft SkyDrive http://skydrive.live.com
Free Online Cloud storage service provided by Microsoft Live which allows up to 25GB of storage space!
Gladinet http://www.gladinet.com
Free or Purchase Desktop Integrator for Cloud Storage

The Setup

The first thing you need to do is get yourself a Windows Live account if you dont have one. Then simply go to skydrive.live.com and login. you should see a screen similar to this:

Skydrive Screen Shot

Pretty straight forward as far as what you can do…Now, let’s kick it up a notch.

Adding Spice:

Now that you have your Cloud Storage vendor/account ready to go, it’s now time to add a little “cool factor” by going out and getting an application called Gladinet. Gladinet is a Desktop Integrator for Cloud Storage and has a free version as well as a Professional version. Be sure to check them out here: http://www.gladinet.com/

Just download and follow the simple install.
64bit Version
32bit Version

Once your done, simply go to programs and launch the application:

Now you have a new drive that you can drag and drop files into!! What’s even better? Gladinet supports automated backups and a whole host of vendors outside of Microsoft, like Google, etc.

Good luck and Happy Cloud Computing!