Windows – Page 6 – sigtar.com

McAfee – Setting ePO via client package

Posted on May 26, 2009 by Daz — No Comments ↓

I’ve been doing a bit of work recently on McAfee 8.7i enterprise and ePO 4. I wanted to push out the McAfee client via SMS straight after a gold disk build…

First you need to export the repository sitelist.xml and the various keys from your ePO server…

The security keys must be located in the same folder as the site list. Use ePolicy Orchestrator to export the files:

Export the siteinfo file:

Select Software | Master Repository.

Click Export Sitelist.

Save the file to a new location.

Export the security keys:

Select Configuration | Server Settings | Security Keys, and click Edit.

Select Master Agent-server secure communication key, and click Export.

Save the files to the same location as the siteinfo file.

Next you need to create your FramePkg.exe via ePO. Go to systems, click “new systems” near bottom left, then choose “create and download agent installation package”, save this into your shared install directory.

Now to deploy run this from the shared location (or via sms);

framepkg.exe /install=agent /forceinstall /s

I generally use /forceinstall to stop any issues with versioning. /s is for silent install.

Done.

WPAD – Web Proxy Autodiscovery Protocol

Posted on May 17, 2009 by Daz — No Comments ↓

When using wpad there are some things that you should take note of;

DHCP wpad will override DNS wpad
DHCP 252 option can in some cases be slightly slower to resolve than DNS – there may be a patch for WinInet to resolve this.
You should always use lower case – wpad.dat (it is case sensitive)
DHCP will allow either a URL or a file location for wpad.dat

Within IE on the LAN settings tab if you have WPAD “automatically detect settings” enabled and also configure a proxy server the WPAD should override the manual proxy configuration.

There is some good detail at the usual places http://en.wikipedia.org/wiki/Web_Proxy_Autodiscovery_Protocol

I’ve done a bit of work around WPAD, but have yet to write up a decent “how-to”. I’ll update this the next time i dabble in the area.

If you are using DNS you may have to remove the globalqueryblock for the wpad entry : http://support.microsoft.com/kb/968732/en-us

Here is a quick example of the syntax of a typical wpad.dat file…

   function FindProxyForURL(url, host) {
      // our local URLs from the domains below example.com don't need a proxy:
      if (shExpMatch(url,"*.example.com/*"))                  {return "DIRECT";}
      if (shExpMatch(url, "*.example.com:*/*"))               {return "DIRECT";}

      // URLs within this network are accessed through 
      // port 8080 on fastproxy.example.com:
      if (isInNet(host, "10.0.0.0",  "255.255.248.0"))    {
         return "PROXY fastproxy.example.com:8080";
      }

      // All other requests go through port 8080 of proxy.example.com.
      // should that fail to respond, go directly to the WWW:
      return "PROXY proxy.example.com:8080; DIRECT";
   }

Windows Cluster – removing orphaned .dll file

Posted on May 5, 2009 by Daz — No Comments ↓

Recently i uninstalled scanmail off an exchange 2007 cluster environment but had issues when trying to reapply a newer version. The problem was related to an orphaned .dll file that scanmail had left behind, seems the uninstall was not as clean as i had hoped.

Within the cluster management MCC the cluster appears in a partially active state. If you go to cluster resource types you can see the .dll that hasn’t loaded properly (the orphaned file). To remove this issue make a note of the .dll that is not loading and its display name. Drop to a CMD and type the following…

cluster clustername resourcetype

This should output all of your current resource types in your cluster. You should be able to see the “resource name” and the “resource type name” that is causing the problems. Take note of the resource type name. Now to remove type…

cluster clustername resourcetype resourcetypename /delete /type

Done.

sntp – fixing time issues within a windows domian

Posted on April 17, 2009 by Daz — No Comments ↓

I’ve had some problems with dcdiag failing on the advertising check, and this relates back to the DC not getting its time from the PDCE properly.

Fixing timesync is different according to the machine type…

If it’s a standard Domain Controller then behave as if its a member server (below)

If it’s a PDCEmulator then make sure you allow port 123TCP/UDP outbound on your firewall and configure the external sntp site by entering this at the command line (note: i use pool.ntp.org instead of default microsoft sntp)

NET TIME /SETSNTP:pool.ntp.org

If it’s a member server or a standard Domain Controller:

Members of the Active Directory sync with their local DC (local as in local AD site). The DCs then sync with the PDCEmulator. (Note: if you have root domain then sntp requests are sent up the chain to that)

Diagnosis of timesync errors is difficult, but do not be tempted to use NET TIME /SETSNTP: on all machines in the domain (as suggested to many questions like this one, unless it’s a PDCE), as it specifically overrides the natural internal operation of the time service within Active Directory.

These commands are written for Windows 2003 and Windows XP. There are some equivalents for windows 2000, use W32tm /? or W32Time /? from the command line to look for alternatives on older OSs.

NET TIME /SETSNTP:
to clear any entry and return to the default settings

NET TIME /SET /YES
to synch NOW with your authenticating DC and begin the diagnosis:

Start by verifying your domain is synching AD by using REPLMON.EXE in the support tools pack on the Windows installation CD.

If this is OK then run this from the command line:
W32TM /monitor

to ensure that each member server/workstation is actually pointing to a DC.

If this is OK then run this from the command line:
W32TM /resync /rediscover

followed by:
W32TM /resync /nowait

and check the system eventlog for W32TIME errors. This process does a full reset and recheck of the time system as it relates to one member machine on your AD.

Offine Files – Remove prompt about excluded files error

Posted on April 1, 2009 by Daz — No Comments ↓

You may get an error such as this popup during a offline files sync…

Offline files (\\server\share on server): Unable to make ‘archive.pst’ available offline on \\server\share\folder. Files of this type cannot be made available offline.

Microsoft have said that even if the file is in the excluded list then by design offline files will still complain about it when it tries to sync.

There is a way to remove the warning prompt for specific files; (you may need to update your machine to the latest support pack in some cases)

Create a new “key” at HKLM/Software/Microsoft/Windows/CurrentVersion/NetCache called “ExclusionErrorSuppressionList”
Within this key create a new DWORD registry entry for each of the files you wish to exclude at that prompt
The DWORD format should be similar to “\\*\*\*\*.pst” if you which to exclude pst files on any server, share and folder.
You can add as many DWORD registry entries as you require within the “ExclusionErrorSuppressionList”

Done.

See the following KB for more information : http://support.microsoft.com/kb/811660