Pearl Tech » Miscellaneous

Microsoft Office SharePoint Server 2007 SQL user account failure audits in the Application log

JohnP — Mon, 24 May 2010 10:02:57 +0000

If you’re like me, you cant stand any repetitive errors in your event log.

The other day I was reviewing the application log on my MOSS 2007 server and found the following events:

Great…Like clockwork, every minute, another error. This is a screen shot of my Application Log, shouldn’t this nonsense be in the Security Log?!?….

Well, before i start to panic, I look at my change com and see that a couple days ago some work was done on the Shared Service Provider (SSP). You know, that suite of services that handles all the cool stuff in MOSS.

Profiles and Audiences
My Sites
Search
All of Excel Services
All of the BDC (Business Data Catalog)

The interesting thing…All of those “cool” services were just fine.

So, I do some exploring, specifically inside SQL management Studio

(Considering that’s the source of the problem, not to mention Global Warming, Locust outbreak in Canton Illinois, etc).

What’s this? Under My SQL Jobs, there is a list of 4 DB_Job_DeleteExpiredSessions (of which, none are actually my current SSP)

HMMM>>>>So, I right click and disable all of them…

After a couple hours I come back and no new logs. COOL!

to finish, I delete the previous jobs and clear my event logs:

Considering myself lucky, I decided to reverse engineer a “Google” fix. Of course, I found the answer on Eventid.net, specifically this entry:

http://eventid.net/display.asp?eventid=18456&eventno=8175&source=MSSQLSERVER&phase=1

Mark Kelsay
In my case, this SQL server was hosting several MOSS 2007 databases. I found that the SQL agent was trying to login to a database that did not exist. MOSS uses SQL Server Jobs to delete expired sessions on a set schedule, every minute, to free up resources that are not being used. You will need to go into SQL Server management studio and disable the job called SharedServices_DB_job_deleteExpiredSessions. Once this is done you should no longer see those error messages in the event log. If you disable the right job, and the error message no longer appears, you can then delete the job. Always disable first. You do not want to delete until you are sure you got the right job.

Maybe you will find it useful,

Until then,

Shared Services Provider stuck at (Unprovisioning)

JohnP — Fri, 14 May 2010 18:54:25 +0000

I ran into this the other day.

Backstory:

I attempted to delete the Shared Services Provider (SSP)

Technorati Tags: Shared Services Provider Sharepoint 2007 MOSS MOSS 2007 Microsoft, but after letting it run for several hours, it never moved passed the “Unprovisioning” state on the Central Administration Website.

No Problem!

STSadm to to rescue…again:

when this happens, you have no choice but to get out the command line toolbox and force the Shared Services Provider to be removed.

the following command to do that is:

stsadm –o deletessp –title –force.

let it chew a little while, then reload the Central Admin page and the SSP should be gone.

Snippet

JohnP — Thu, 13 May 2010 20:40:38 +0000

A neat new tool in Windows 7 is the “Snipping tool”.

It can be found in “All Programs” >”Accessories” > Snipping tool

Drag it to your “Quick Launch” bar and have fun!

Setting Siebel EIM Process Batch Number in Command Line

Geer — Thu, 25 Mar 2010 15:02:19 +0000

My customer’s current process of importing data into Siebel database is to use Siebel EIM interface. The data which needs to be imported will be formatted and inserted into EIM tables (or the staging tables), and then an EIM process will be ticked off in the command line to import the data into Siebel base tables. The command is fairly simple, and should be similar to the following:

[Path to The Siebel Application Bin folder]\srvrmgr.exe /g [Siebel Application Server Name] /e [Target Siebel Environment] /s [Siebel Application Server Name] /u [User Name] /p [User Password]

run task for component EIM with config=”[Config File].ifb”,Process=”[Process Name]“

The first command starts the srvrmgr program, and the second one ticks off the EIM process. The configuration file ([config File].ifb) specifies all the parameters needed by the EIM interface in order to complete the process. One of the important parameters we need to set in the .ifb file is the BATCH, which is the identifier for the group of data being handled during the current process. Normally, we set it to a fixed number or a range of numbers (for example, 500-600). So, when the EIM process runs, only the data with a batch number equal to the BATCH or falling in the range specified in the .ifb file will be processed. If in the EIM tables there are some records which are not ready to be processed at this moment, they can be skipped by identifying themselves with a different batch number. This is helpful when you are managing multiple data importing tasks which share the same set of EIM tables, and run at different time.

However, we soon realized that it would be getting harder and harder to manage these .ifb files and to make sure these EIM processes don’t interfere with each other. For example, one of our custom applications needs to import data into Siebel using EIM interface upon users’ requests. The data importing process is exactly the same for all these requests, except for the data needed to be imported. Multiple users need to be allowed to submit their requests at the same time, and their requests should be handled separately. If we were going to do it in the old fashion, we would need to have a .ifb file for each of their requests, and use different batch numbers in these .ifb files. It is not realistic, or it is something we want to do either.

The solution is actually very simple. We took the BATCH setting out of the .ifb file, and instead we set it in the command line. This was not documented in the Siebel EIM Admin Guide, but after our testing it was proved to be a working solution. The command will look like the following now:

[Siebel Application Bin folder]\srvrmgr.exe /g [Siebel Application Server Name] /e [Target Siebel Environment] /s [Siebel Application Server Name] /u [User Name] /p [User Password]

run task for component EIM with config=”[Config File].ifb”,Process=”[Process Name]“,BATCH=[Batch Number]

This way the application can choose a BATCH number unique to the user’s request, construct the command, and then execute it to tick off the EIM process, and all these requests can share the same .ifb file.

To manage the batch numbers among different applications, we reserved a range of batch numbers for each application. For example, from 500 to 549 will be used only by application A, and from 550 to 599 will be used only by application B. Within each application, a batch number is assigned to each request based on the request identifier and the range of batch numbers reserved for the application. In our case, the request ID is an auto-incrementing integer, and the equation for calculating the batch number is:

[Batch Number] = [Request ID] % [Total Number of Allocated Batch Numbers] + [The Lowest Batch Number]
(Where % stands for the modulus operator)

For example, if the allocated batch numbers are from 500 to 549, and the current request ID is 1034, the batch number for this request will then be:

534 = 1034 % (549 – 500 + 1) + 500

This way the adjacent requests would have different batch numbers, and the batch numbers are used in a cycle. In our case, we will never have more than 50 users submitting their requests at the same time, but if this was for a larger user base, we could allocated a bigger range of batch numbers.

So, we finally were able to manage all users’ requests using limited batch numbers and a single .ifb file without the requests being interfered by each other. Task accomplished!

Green IT

GregJ — Fri, 05 Mar 2010 16:47:31 +0000

Applying sound environmental practices to your technology just makes sense for business. Green technologies not only help the environment, but also save money and improve business operations.

Recycle – Computers, monitors, and other electronics contain toxic materials that can harm the environment and create an estimated 70% of the toxins found in US landfills. There are recycling programs and companies who can take your obsolete equipment off your hands and dispose of it correctly.

Reuse – Gently used PCs and other equipment can be donated to a nonprofit organization—some tax incentives are offered for this. Be sure that any machines you donate are wiped clean of any potentially sensitive data and that the charity or school you choose has the resources to handle this type of donation.

Reduce – Learn to identify the worst e-waste offenders and make the most of your resources. Reduce cost and resource usage by implementing green solutions throughout your business.

A very helpful article on reducing e-waste and utilizing more “Green IT” in your company’s business operations, “5 Steps to Green IT,” can be found at http://www.eweek.com/c/a/IT-Infrastructure/5-Steps-to-Green-IT/.

The article states the importance of companies building Green IT solutions into their budgets and RFPs, not only for environmental reasons, but for significant savings.

It stresses that businesses need to create a recycling plan that will address how they dispose of obsolete equipment and to hold hardware vendors responsible for recycling and disposal. Sun Microsystems, Microsoft, and Apple are examples given that all have impressive e-waste reducing programs in place.

Windows 7: Your PC, simplified

GregJ — Fri, 26 Feb 2010 17:07:37 +0000

Microsoft asked its customers how they can improve Windows, and the outcome of their research is that it is now easier to use. It’s simple to find and manage files, and performance is faster and more reliable. Pearl Technology hosted a Microsoft 7 event on February 18 so we could show people how the new Windows 7 works through tutorials with our Microsoft experts and workstations to test it out. Visit http://www.pearltechnology.com/windows7/ for more information on that event.

Below are the Top 10 Windows 7 Improvements according to http://windows.microsoft.com:

1 A better desktop that lets you work faster. The taskbar has bigger buttons, full-sized previews, and allows for one-click access to programs. Jump Lists provide shortcuts to files, folders, and websites. And Snap, Peek, and Shake help juggle open windows.

2 Smarter search. Search results appear instantly, grouped by category, and you can narrow it with filters like date or file type—and be sure you get what you’re looking for with a preview pane.

3 Easy sharing of files and printers on your home network. With HomeGroup, you can connect two or more PCs running Windows 7, and share music, pictures, videos, and documents.

4 Built for speed. Windows 7 takes up less memory and runs background services only when necessary. Programs run faster and you can sleep, resume, and reconnect to wireless networks more quickly. Also includes 64-bit support.

5 Better wireless networking—it now takes just a couple of clicks to connect your laptop. Click on an available network in the taskbar and connect. Windows will remember your network connections so you can connect automatically the next time.

6 Windows Touch. Use your fingers to browse the web, flip through photos, and open files and folders on a touchscreen PC. Includes gestures for zooming, rotating, and even right-clicking.

7 Plays well with devices. Device Stage works like a home page for portable music players, smartphones, and printers. When plugged in, compatible devices make a menu appear with information popularly requested.

8 Improved media streaming. Windows Media Player 12 lets you enjoy your media library anywhere—from your PC to your stereo or TV (you may need additional hardware) or over the Internet from one computer running Windows 7 to another.

9 Live TV and movies on your PC. Internet TV gathers programming from sites all over the Internet. Add a TV tuner, and your PC becomes a digital video recorder you can use to watch, pause, and record live TV.

10 Nag-free notifications. Action Center puts you in control of maintenance and security messages. If Windows needs your attention, you’ll see a notification on the taskbar.

Avoiding Social Engineering and Phishing Attacks

JohnP — Wed, 28 Oct 2009 18:26:51 +0000

I’ve grabbed this post directly off of teh US-CERT security site. To review the original and other great articles, please visit the site at

http://www.us-cert.gov/cas/tips/ST04-014.html

National Cyber Alert System

Cyber Security Tip ST04-014

Avoiding Social Engineering and Phishing Attacks

Do not give sensitive information to anyone unless you are sure that they are indeed who they claim to be and that they should have access to the information.

What is a social engineering attack?

In a social engineering attack, an attacker uses human interaction (social skills) to obtain or compromise information about an organization or its computer systems. An attacker may seem unassuming and respectable, possibly claiming to be a new employee, repair person, or researcher and even offering credentials to support that identity. However, by asking questions, he or she may be able to piece together enough information to infiltrate an organization’s network. If an attacker is not able to gather enough information from one source, he or she may contact another source within the same organization and rely on the information from the first source to add to his or her credibility.

What is a phishing attack?

Phishing is a form of social engineering. Phishing attacks use email or malicious websites to solicit personal information by posing as a trustworthy organization. For example, an attacker may send email seemingly from a reputable credit card company or financial institution that requests account information, often suggesting that there is a problem. When users respond with the requested information, attackers can use it to gain access to the accounts.

Phishing attacks may also appear to come from other types of organizations, such as charities. Attackers often take advantage of current events and certain times of the year, such as

natural disasters (e.g., Hurricane Katrina, Indonesian tsunami)
epidemics and health scares (e.g., H1N1)
economic concerns (e.g., IRS scams)
major political elections
holidays

How do you avoid being a victim?

Be suspicious of unsolicited phone calls, visits, or email messages from individuals asking about employees or other internal information. If an unknown individual claims to be from a legitimate organization, try to verify his or her identity directly with the company.
Do not provide personal information or information about your organization, including its structure or networks, unless you are certain of a person’s authority to have the information.
Do not reveal personal or financial information in email, and do not respond to email solicitations for this information. This includes following links sent in email.
Don’t send sensitive information over the Internet before checking a website’s security (see Protecting Your Privacy for more information).
Pay attention to the URL of a website. Malicious websites may look identical to a legitimate site, but the URL may use a variation in spelling or a different domain (e.g., .com vs. .net).
If you are unsure whether an email request is legitimate, try to verify it by contacting the company directly. Do not use contact information provided on a website connected to the request; instead, check previous statements for contact information. Information about known phishing attacks is also available online from groups such as the Anti-Phishing Working Group (http://www.antiphishing.org).
Install and maintain anti-virus software, firewalls, and email filters to reduce some of this traffic (see Understanding Firewalls, Understanding Anti-Virus Software, and Reducing Spam for more information).
Take advantage of any anti-phishing features offered by your email client and web browser.

What do you do if you think you are a victim?

If you believe you might have revealed sensitive information about your organization, report it to the appropriate people within the organization, including network administrators. They can be alert for any suspicious or unusual activity.
If you believe your financial accounts may be compromised, contact your financial institution immediately and close any accounts that may have been compromised. Watch for any unexplainable charges to your account.
Immediately change any passwords you might have revealed. If you used the same password for multiple resources, make sure to change it for each account, and do not use that password in the future.
Watch for other signs of identity theft (see Preventing and Responding to Identity Theft for more information).
Consider reporting the attack to the police, and file a report with the Federal Trade Commission (http://www.ftc.gov/).

A Blank IIS Manager

JohnP — Fri, 23 Oct 2009 16:38:17 +0000

So, you’ve installed SharePoint Portal 2007 on a Windows 2003 R2 box. You go to launch IIS manager and BAM…nothing there.

WHAT! ARG! I QUIT!. But settle down, we’ve got you covered.
This is a bug and MS has a hotfix.
It appears the problem has to do with the SharePoint Timer Service.
Generally, doing an iisreset fixes the issue, but for a permanent fix, check out this KB, and get yourself the hotfix!

http://support.microsoft.com/kb/946517

Happy Collaborating!

Drag and Drop for Cloud Storage

JohnP — Wed, 14 Oct 2009 19:02:55 +0000

I imagine most of us are familiar with the newest technology buzz phrase…”Cloud Computing”. I would also be willing to bet that most of us are even using some sort of “Cloud Computing” service (whether we know it or not). In this post, I’d like to talk about a gem of an integration program a client just introduced me to.

The Programs:

Microsoft SkyDrive http://skydrive.live.com
Free Online Cloud storage service provided by Microsoft Live which allows up to 25GB of storage space!
Gladinet http://www.gladinet.com
Free or Purchase Desktop Integrator for Cloud Storage

The Setup

The first thing you need to do is get yourself a Windows Live account if you dont have one. Then simply go to skydrive.live.com and login. you should see a screen similar to this:

Skydrive Screen Shot

Pretty straight forward as far as what you can do…Now, let’s kick it up a notch.

Adding Spice:

Now that you have your Cloud Storage vendor/account ready to go, it’s now time to add a little “cool factor” by going out and getting an application called Gladinet. Gladinet is a Desktop Integrator for Cloud Storage and has a free version as well as a Professional version. Be sure to check them out here: http://www.gladinet.com/

Just download and follow the simple install.
64bit Version
32bit Version

Once your done, simply go to programs and launch the application:

Now you have a new drive that you can drag and drop files into!! What’s even better? Gladinet supports automated backups and a whole host of vendors outside of Microsoft, like Google, etc.

Good luck and Happy Cloud Computing!

Exchange 2007 Header Firewall

CoreyM — Mon, 12 Oct 2009 13:28:34 +0000

With the never ending fight to reduce spam, phishing messages, malicious attachments and other evil message trends it never amazes me how far some companies are willing to take their spam filters to protect themselves. It’s always that once piece of the security triad that seems to be the kicker. Availalbility! I completely understand companies saying “drop all attachments”, “no html”, etc. On the hand at what point can one crack down on the spammers yet still consider email as a valid and reliable source of communication. I have recently come across a scenario where maybe .05% of emails were not actually making it the intended recipeints but no NDR was produced. It turns out that the messages were being marked as spam.

So, I looked at the normal things that may cause that; are they on a blacklist, does the RDNS record exist and is it valid, can I email AOL/Gmail/etc (those will point out most issues), does the sending server show a clean record of delivering said items. Everything in this case proved successful. So I ran the messages, the same messages getting blocked through 2 different spam engines and look at what it was giving them a rating as. Barracuda and MailScanner/SpamAssassin showed the message in the negatives (perfectly fine) and were far from scoring a blockable item.

I started searching Microsoft’s sites to find out if there is an issue with Exchange 2007 failing to send out mail without providing an NDR. After several white papers I found that the problems were in the “Received:” and “Thread-Index:” message headers of the email. Custom rules were created at the recipient locations that blocked the message if the “Received:” routing information was not verifiable or the IP addresses in the header were anything other than the matching RDNS MX record.

There are a couple of different ways to correct this. For this specific scenario, where an Edge Transport server was utilized, removing not only the edge transport server from the permissions regarding the “Send Routing Headers” rights.

In the Exchange shell this would be:
Remove-AdPermission -identity “EdgeSync – ” -User “MS Exchange\Edge Transport Servers” -ExtendedRights MS-Exch-Send-Headers-Routing

(without an edge transport)
Remove-ADPermission -id “Organization to Internet” -User “NT Authority\Anonymous Logon” -ExtendedRights Ms-Exch-Send-Headers-Routing

This can also be accomplished by using ADSIEdit.msc and right clicking on “CN=Configuration -> CN=Services -> CN=Microsoft Exchange -> CN= -> CN=Administrative Groups -> CN=Exchange Administrative Group -> CN=Routing Groups -> CN=Exchange routing Group -> CN=Connections -> CN=”Select Send Header Name” Once there go to properties -> security -> Advanced. Here you can change the accounts permission on the Send Routing Headers and remove any “Account Unkowns”, Anonymous Logon and/or Edge Trasport users. By removing them from the permissions list it will also take them out of the Organization and Forest Header information. This seems to have takent the Thread-Index issue from getting caught as spam as well.