Fix: McAfee ePo Error “Server Policy Invalid”

July 10, 2009 — Julie

The following entries were found in the C:\Documents and Settings\All Users\Application Data\McAfee\Common Framework\Db\Agent_servername.log file on my Windows 2003 server:

20090709133245 I #1972 InetMgr Adding site ePO_mysite to failover list.
20090709133245 I #1972 InetMgr After calling UploadFileResponse()
20090709133245 i #1972 Agent Package uploaded to ePO Server successfully
20090709133245 i #1972 Agent Agent communication session closed
20090709133245 i #1972 Agent Agent received POLICY package from ePO server
20090709133245 I #1972 Agent Started processing a package..
20090709133245 I #1972 Agent Processing PropsResponse package
20090709133245 I #1972 Agent Looking for new sitelist from server
20090709133245 i #1972 Agent New Site List file was received
20090709133245 I #1972 Agent Looking for new event filter from server
20090709133245 I #1972 Agent Looking for new policy from server
20090709133245 I #1972 IPLock writeLock – providing write lock
20090709133245 E #1972 Xml Error trace:
20090709133245 E #1972 MgRcSvX [Merge server.xml]->
20090709133245 E #1972 Xml [useExistingFile,C:\Documents and Settings\All Users\Application Data\McAfee\Common Framework\Server.xml]->
20090709133245 E #1972 Xml [ReadBufferFromFileNoExp,C:\Documents and Settings\All Users\Application Data\McAfee\Common Framework\Server.xml]->
20090709133245 E #1972 Xml Couldn’t convert to Unicode
20090709133245 I #1972 IPLock writeUnLock – unlocking the write lock successful
20090709133245 e #1972 Agent New server policy was NOT successfully merged
20090709133245 i #1972 Agent Enforcing newly downloaded policies
20090709133245 I #1972 Agent Agent Enforce Policy Interface called
20090709133245 i #1988 Agent Agent Started Enforcing policies
20090709133245 I #1988 Agent Thread signal occurred
20090709133245 I #1988 Manage Enforcing policies
20090709133245 i #1972 Agent Agent will connect to the ePO Server in 60 minutes and 0 seconds.
20090709133245 I #1988 IPLock writeLock – providing write lock
20090709133245 i #1988 Manage Compiling policies
20090709133245 I #1988 Manage CPolicyFile::InitializePolicyFiles() – Server policy invalid
20090709133245 I #1988 Manage Compiling Policies FAILED, result=-3
20090709133245 I #1988 IPLock writeUnLock – unlocking the write lock successful
20090709133245 I #1988 Agent Agent policy enforcement failed, result=-3
20090709133245 i #1988 Agent Agent finished Enforcing policies
20090709133245 i #1988 Agent Next policy enforcement in 5 minutes
20090709133300 i #1988 Agent Agent Started Enforcing policies
20090709133300 I #1988 Agent Thread signal occurred
20090709133300 I #1988 Manage Enforcing policies
20090709133300 I #1988 IPLock writeLock – providing write lock
20090709133300 i #1988 Manage Compiling policies
20090709133300 I #1988 Manage CPolicyFile::InitializePolicyFiles() – Server policy invalid
20090709133300 I #1988 Manage Compiling Policies FAILED, result=-3

The Solution

1. Stop the McAfee Framework Service

2. In the C:\Documents and Settings\All Users\Application Data\McAfee\Common Framework directory delete the following two files:

server.xml
compiled.xml

3. Restart the McAfee Framework Service

4. Perform Agent wakeup per KB52707 by executing

C:\Program Files\Common Framework\cmdagent.exe /C

This command checks for new policies/tasks

See McAfee KB60422 for additional details

Posted in Uncategorized. Tags: , , . Leave a Comment »

Free Microsoft eBook: Windows Vista Resource Kit, Second Edition

February 25, 2009 — Julie

Microsoft Press is making the Windows Vista Resource Kit, Second Edition a free download for one month only.

The catch is you have to sign up for the Microsoft Press Book Connection Newsletter, which will give you notification of offers, register, and download the free eBook selection of the month.

The book is written by Mitch Tulloch, Tony Northrup, and Jerry Honeycutt with the Windows Vista Team. If you’d like to purchase the print copy of the book, you can pick it up for $44.09 on amazon.com, a savings of $25.00.

Posted in Uncategorized. Tags: , , , , , , , . 1 Comment »

Reinstalling the McAfee Common Management Agent Framework (framepkg.exe) without a reboot

February 17, 2009 — Julie

Normally reinstalling the McAfee Common Management Agent (CMA) requires a reboot in order for the server to be properly displayed in the EPO management interface.  Here’s how to perform the reinstall, minus the reboot requirement. 

1.  Connect to the Windows server console by logging directly onto the server, or by connecting via RDP by running mstsc.exe /console
 
2.  Open the VirusShield Console.  
 
3.  Double click Access Protection.  Uncheck:
  • Prevent McAfee Services from being stopped
  • Enable Access Protection.  
Click OK.
 
4.  Launch a command prompt with administrative credentials
 
5.  Change to the installation directory by typing

cd C:\Program Files\McAfee\Common Files 

6.  Perform the uninstall by typing
 
FrmInst.exe /Remove=agent
 
7.  Launch Regedit
 
8.  Delete the following registry keys
 
HKEY_Local_Machine\Software\Network Associates\ePolicy Orchestrator
 
HKEY_Local_Machine\Software\Network Associates\TVD\Shared Components\Framework
 
9. Run FramePkg.exe to reinstall the CMA and Framework Service
 
For additional information, see McAfee KB57061
Posted in Uncategorized. Tags: , , , , , , , , . Leave a Comment »

Dell Dset utility default password

December 29, 2008 — Julie

I always forget this, so I’m posting this here for the next time I need to review a Dell Dset report, that the default password is ‘dell’.

If you are not familiar with Dset, you can download it from http://ftp.us.dell.com/sysman/Dell_DSET_1.5.0.120.exe

It’s a nifty utility that provides configuration and diagnostic information for Dell’s technical support staff. I like it because I can have someone run it on a remote server and email me the report. It’s very helpful when trying to determine if a hardware failure has occurred (or is occurring).

The Dset readme describes the product in the following manner:

Dell Server E-Support Tool (DSET) provides the ability to collect hardware, storage and operating system information of a Dell PowerEdge or PowerVault server. This information is consolidated into a single “System Configuration Report” that can be useful for troubleshooting or inventory collection of a system. The browser user interface provides a convenient means to view specific data through hierarchical menu trees.

DSET is intended to be a small, non-intrusive tool that does not require a reboot of the system to provide full functionality. DSET can collect information about Linux modules, services, network settings, etc. as well as system logs. DSET will also collect extended hardware information such as processors, memory, PCI cards, ESM log, BIOS/firmware versions and system health (fan/voltage levels) as well as storage configuration information (RAID controllers, hard drives).

Posted in Uncategorized. Tags: , , . 1 Comment »

Fix: Groupwise Webaccess error CMC initialization of the GroupWise domain database failed (f107)

October 30, 2008 — Julie

Earlier I wrote about loading Groupwise WebAccess 7.0.3HP1 into it’s own memory address space to lessen the effects of the MapSCCErrtoGWDCAErr-SCCErr errors.  My solution worked great for most of my WebAccess servers, but gwinter would fail to load on one of the Netware 6.5.5/Groupwise 7.0.3HP1 with the following error: 

Groupwise Webaccess error CMC initialization of the GroupWise domain database failed (f107)

TID 10063398 describes issues with loading WebAccess into protected memory when the agent is remote from the domain, which is how this server is configured.  I was trying to load WebAccess into it’s own address space, but not protecting it, but nevertheless this solution worked for me:
 
1)  Loading strtweb.ncf from the autoexec.ncf with the following syntax
 
protect strtweb.ncf
 
2)  Adding the following line to strtweb.ncf per TID 10063398
 
load dsapi.nlm
 
3)  adding the following line to stopweb.ncf
 
unload dsapi.nlm
 
My theory is dsapi.nlm needs to be loaded into the same address space as gwinter.nlm whenever the WebAccess is not on the same server as it’s MTA.  I’ll test this theory next time I can take WebAccess down for testing.
Posted in Uncategorized. Tags: , , , , , , , , , , . Leave a Comment »

Fix: Cannot Telnet from computer running McAfee VirusScan due to port blocking rules

October 7, 2008 — Julie

I’ve been trying to troubleshoot an email server problem all day, and one of the tests I’ve been performing is trying to connect to port 25 of the mail server through Telnet.  Every time I tried I get connection refused messages, and the connection would drop. 

My work computer is running McAfee VirusScan Enterprise 8.5.0i and Windows XP SP2.  I verified the Windows XP firewall was disabled and not blocking my connection.
 
Next I looked at the McAfee VirusScan log file by clicking Start -> Programs -> McAfee -> VirusScan Console.  From the menu I selected Task -> View Log
 
I quickly noticed the following message:
 
Blocked by port blocking rule C:\WINDOWS\system32\telnet.exe Anti-virus Standard Protection:Prevent mass mailing worms from sending mail 192.168.1.83
 
Obviously McAfee was blocking my attempt to Telnet.  In order to unblock Telnet I did the following:
 
  1. Started McAfee VirusScan Console
  2. Double clicked Access Protection
  3. Highlighted the Anti-Virus Standard Protection category from the left column
  4. Highlighted the Prevent mass mailing worms from sending mail rule in the right column

    5.  

  5. Pressed Edit
  6. Under Processes to Exclude, I put my cursor at the end of the list of processes, which was winpm-32.exe in my case.  I typed a comma following winpm-32, exe, and then added a space and telnet.exe to the list
  7.  I pressed OK twice, exited VirusScan Console, and was able to Telnet to my mail server.
 
For more information, see McAfee KB42354
 
Posted in Uncategorized. Tags: , , , . 2 Comments »

Perfomance test – Windows Server 2003 R2 partition alignment on an EMC SAN

September 10, 2008 — Julie

I’m preparing to migrate our Netware 6.5/Groupwise 6.5 servers to Windows 2003 R2 SP2/Groupwise 7.0.3, with the Groupwise data located on an EMC Clariion SAN with 4GB fibre channel connectivity.  The Groupwise agents will run locally on the server’s direct attached storage.  

Lately I’ve read much about the little known requirement that Windows machines partitions be aligned on a 4KB boundary to minimize the need for extra reads and writes.  Here are some excellent posts that explain the details better than I could.  Here are some links on using DiskPart.exe to configure the partition offset, which affects performance greatly, as you will soon see.
 
I’ve had great difficulty in finding guidance as to the appropriate offset to use with Groupwise.  I’ve found articles suggesting Microsoft Exchange use and offset of 32 or 64, while the Clariion Blog suggests offsets of 128 and this EMC best practices white paper says the same.  
 
I setup a test environment consisting of one Dell PowerEdge 1950 Windows 2003 R2 SP2 server, connected to our EMC Clariion SAN via a standard 4GB QLogic Fibre Channel adapter.  The Windows installation was nothing special, installed to local storage with the only modifications to the default installation I made was to assign a static IP address.  I did disable the Windows firewall and disabled it’s service as well to make sure there was no potential interference by it in my tests.
 
My SAN administrator carved me out a 20GB LUN for me to test with, and I used the entire 20GB when creating my test paritions.  I used HD Tune version 2.55 to perform the hard drive read tests detailed below because I could granularly specify the block size when testing.  I’ll need to find another utility to perform the write tests, but that’s for another post.  Why use HD Tune and not some SAN specific testing utility?  Because I hope to perform similar tests on direct attached storage, and wanted a tool that supported both so I could do some comparisons.
 
To determine the average size of files in my Groupwise post offices I ran an inventory report in Novell’s Remote Manager on the Groupwise Post Office directory.  Each of my 5 post offices came back with a file distribution similar to the graph shown below:
 
As you can see, the majority of files within the Post Office are 1KB to 256KB in size.  Because of this finding, I decided to focus on block sizes of 4KB, 8KB, 16KB, 64KB, and 256KB in my initial tests.  Later I expanded the test to 1MB and 4MB files just to ensure I saw similar results with the larger file sizes.
 
To create my baseline, I used Microsoft’s Disk Management utility to create a new partition of 20GB on a basic disk.  I accepted all default settings, then performed a quick NTFS format.  Next, I installed the HD Tune utility to the server’s boot drive and started my tests.
 
The first item I had to configure was to select my LUN, rather than the boot drive as the device to test.  The LUN is shown as DGC RAID 5 (21GB) in the below image.
 
 
Next I selected the options button
 
and on the benchmark tab I changed the block size to 4KB.  I kept the Test Speed/Accuracy slider at the default level, which prioritized accuracy over speed.
 
Next I pressed start to begin the test.  The test took approximately 4.5 minutes to perform on my test box and returned the following results.
 
I performed the test for the following block sizes 4KB, 8KB, 16KB, 64KB, 256KB, 1MB, and 4MB to develop my baseline readings.  I then rebooted the server, and began to create my new partition using the Microsoft DiskPart.exe tool.
 
The steps I performed were
 
1) from a command prompt, run diskpart.exe
2) select disk 2
3) create partition primary align=32
4) exit diskpart
5) format the partition using defaults in Disk Management GUI
 
 
 
Once the format was completed, I ran the HD Tune benchmarks for block sizes 4KB, 8KB, 16KB, 64KB, 256KB, 1MB, and 4MB, and documented them on a spreadsheet.
 
After this round of tests completed, I deleted the test partition, restarted the server, then repartitioned using create partition primary align=64.
 
After that test finished I also performed the same batch of tests using the same methodology for create partition primary align=128 and create partition primary align=1024.
 
My test results:
 
 
 
Post Test General Conclusions
 
1) CPU utilization is minimally affected by the default partition alignment setting.
 
2) The rate of data transfer when reading can be greatly increased for 4KB and 8 KB sized blocks by modifying the default partition alignment setting
 
3) 256KB blocks seem to be minimally affected by any of the partition alignment settings
 
4) All of the tested settings showed improvements in the Xfer Max MB/s over the default settings
 
5) Read access times decrease for small files (4KB, 8KB) and larger files (1MB, 4MB) when compared to default settings.  This is a good thing.
 
My plan of action – to follow EMC’s recommendation,  which is to use a starting block of 128 to align the partition to the 64KB boundary. If your storage vendor makes no specific recommendation, use a starting block that is a multiple of 8KB.
 
Note: For Microsoft Windows 2008, as long as you formatted the disk using the Windows 2008 operating sytem, the disk requires no further alignment actions.
Posted in Uncategorized. 1 Comment »

CMU announces free Firefox add-on to increase browser security against DNS flaw and digital signature problems

August 26, 2008 — Julie

Carnegie-Mellon University is making available a free add-on for Firefox 3.0 that’s intended to increase browser security.

The Firefox add-on was developed at the university’s School of Computer Science and College of Engineering and is available for free download. The Perspectives software not only protects Firefox users against attacks that might occur because of the recently disclosed software flawin the DNS, but it also defends against some digital certificate problems.

The extension provides two primary benefits:

  1. If you connect to a website with an untrusted (e.g.,self-signed certificate)*, Firefox will give you a very nasty security error and force you to manually install an exception. Perspectives can detect whether a self-signed certificate is valid, and automatically overrides the annoying security error page if it is safe to do so.
  2. It is possible that an attacker may trick one of the many Certificate Authorities trusted by Firefox into incorrectly issuing a certificate for a trusted website. Perspectives can also detect this attack and will warn you if things look suspicious.

* The same is true for HTTPS sites with certificates that contain mismatched domain names (e.g., www.gmail.com uses a certificate for mail.google.com) or certificates that are expired.

Because of the API used, the code only works in Firefox 3.x, not Firefox 2.x.

How it works, from the CMU web page:

“Perspectives is a new approach to help clients securely identify Internet servers in order to avoid “man-in-the-middle” attacks. Perspectives is simple and cheap compared to existing approaches because it automatically builds a robust database of network identities using lightweight network probing by “network notaries” located in multiple vantage points across the Internet.”

Original Source: networkworld.com

Posted in browser add-ons, security. Tags: , , , , , . Leave a Comment »

Ubuntu 8.10 Alpha 4 now available as VMware Virtual Appliance

August 26, 2008 — Julie

Ubuntu 8.10 Alpha 4 is now available as a VMware Virtual Appliance free download.

The fourth alpha release of Ubuntu 8.10 “Intrepid Ibex” is ready for testing.

New features:

  • X.Org server 1.5 brings much better support for hot-plugable input devices such as tablets, keyboards, or mice
  • Linux kernel 2.6.26
  • encrypted private directory
  • guest session – the GNOME user switching applet now provides an extra entry for starting a guest session, this creates a temporary password-less user account with restricted privileges
  • Network Manager 0.7 which comes with long-expected features, such as managing system-wide settings, 3G connections (GSM/CDMA.), multiple active devices, PPP and PPPoE connections, devices with static IP configurations, routes for devices.

Last updated: 08/25/2008

Posted in Linux, virtualization. Tags: , , . 1 Comment »

Adobe Acrobat 9.x co-existance issues with previous versions

August 18, 2008 — Julie

Better think twice about integrating Adobe Acrobat 9.x into your environment.  From Adobe KB Technote 333223.

Although you can install Adobe Acrobat 9.x or Adobe Reader 9.x on a computer that contains an installation of previous Acrobat versions, it is not recommended. Acrobat 9.x Professional and Acrobat 9.x Standard use the Acrobat 9.x version of PDFMaker and Adobe PDF printer. When two or more versions of Acrobat are installed on the same computer, removing one version of Acrobat may disable functionality.

If two versions of Acrobat are installed on the same computer, only the Acrobat 8.0.x version of PDFMaker and Adobe PDF printer will be used, although conflicts may occurs if multiple version PDFMaker files are attempting to load.

When multiple versions of Acrobat exist on a machine, the running version will be used to display PDF files regardless of the preferences.

Removing previous versions of Acrobat or Adobe Reader after you install a more recent version can disable functionality. Repair the current version of Acrobat after removing the previous version. If the repair process does not restore all functionality, reinstall the current version.

Note: Adobe Technical Support does not recommend or support having multiple versions of Acrobat or Adobe Reader installed on the same machine (for example Acrobat 8, with Adobe Reader 9 or Acrobat 7 with Adobe Reader 8) . Acrobat and Adobe Reader have numerous components that have similar functionality and can cause conflicts on a machine. The most prevalent among these conflicts involves the plug-ins for rendering PDF files in the browser, PDFMaker inside of Office Applications, and the Adobe PDF printer. Using the Version Interoperability table below, remove all versions of Acrobat and Adobe Reader, and then install the current version.

Version interoperability

This chart shows what will happen if you install Adobe Acrobat 8.0.x when the computer already has Acrobat or Adobe Reader installed.

Product Acrobat 9 Standard
 Acrobat 9 Professional
 Acrobat 9 Professional Extended Edition Acrobat 9 Trial Adobe Reader 9
 Notes
Acrobat Reader 5.0.5 or earlier Allowed Allowed Allowed Allowed Uninstalls previous version. Browser uses version 8.
Adobe Reader 6.0 Allowed Allowed Allowed Allowed Uninstalls previous version. Browser uses version 8.
Adobe Reader 7.0 Allowed Allowed Allowed Allowed Unstalls previous verison. Browser uses version 8.
Adobe Reader 8.0 Allowed Allowed Allowed Allowed Repair Reader will prompt for browser version.
Elements 6.0 Rec Auto Removal Rec Auto Removal Rec Auto Removal Rec Auto Removal Allowed Installed reader controls browser.
Elements 7.0 Rec Auto Removal Rec Auto Removal Rec Auto Removal Rec Auto Removal Allowed Installed reader controls browser.
Acrobat 5.x full Rec Removal.§ Rec Removal.§ Rec Removal.§ Rec Removal.§ Allowed Browser uses version 8.
Acrobat 6.0 Standard Rec Auto Removal Required Auto Removal Required Auto Removal Required Auto Removal Allowed Reader will prompt for browser version.
Acrobat 7.0 Standard Rec Auto Removal Rec Auto Removal Rec Auto Removal Rec Auto Removal Allowed Reader will prompt for browser version.
Acrobat 8.0 Standard Repair Rec Auto Removal Rec Auto Removal Rec Auto Removal Allowed Reader will prompt for browser version.
Acrobat 6.0 Professional Rec Auto Removal Required Auto Removal Required Auto Removal Required Auto Removal Allowed Reader will prompt for browser version.
Acrobat 7.0 Professional Rec Auto Removal Rec Auto Removal Rec Auto Removal Rec Auto Removal Allowed Reader will prompt for browser version.
Acrobat 8.0 Professional Manually Remove Repair Required Auto Removal Repair Allowed Reader will prompt for browser version.
Creative Suite 1.0 Rec Auto Removal Rec Auto Removal Rec Auto Removal Rec Auto Removal Allowed Reader will prompt for browser version.
Creative Suite 1.3 Manually Remove Rec Auto Removal Rec Auto Removal Rec Auto Removal Allowed Reader will prompt for browser version.
Creative Suite 2.0 Manually Remove Rec Auto Removal Rec Auto Removal Rec Auto Removal Allowed Reader will prompt for browser version.
Creative Suite 3.0 Manually Remove Repair Rec Auto Removal Repair Allowed Reader will prompt for browser version.
Acrobat 3D Rec Auto Removal Rec Auto Removal Required Auto Removal Rec Auto Removal Allowed Reader will prompt for browser version.
Acrobat 3D Trial Rec Auto Removal Rec Auto Removal Rec Auto Removal Rec Auto Removal Allowed Reader will prompt for browser version.
Acrobat 3D 8.0 Manually Remove Manually Remove Repair Manually Remove Allowed Reader will prompt for browser version
Acrobat 9 Pro Extended Replace Replace Repair Repair Allowed  
Acrobat 9 Professional Replace Repair Manually Remove Repair Allowed  
Acrobat 9 Standard Repair Manually Remove Manually Remove Manually Remove Allowed  
  • Allowed indicates that this state will function and should not generate any error messages.
  • Replace indicates that the new version will replace the original version with no option to remove the original version.
  • Repair indicates that you are trying to install a version of Acrobat or Adobe Reader that is already installed on your computer, and the installer allows you to modify, repair, or remove the program.
  • Rec Removal indicates that you should cancel the installation of Acrobat 8.0.x and remove the older version, reboot, and then install Acrobat 8.0.x
  • Rec Auto Removal indicates that you will receive a warning indicating that an older version has been encountered. You can remove the older version or ignore it and have Acrobat and Adobe Reader coexist.
  • Required Auto Removal indicates that you will receive a warning that an older or less functional product has been detected. You can remove the less functional product or cancel the installation.
  • Manually Remove indicates that you must quit the installer, remove the version of Acrobat or Adobe Reader that is currently installed, and then install Acrobat 8.0.x.

Upgrade eligibility

The following products do not qualify for an upgrade to Acrobat 9:

  • Acrobat 5.x or earlier
  • Acrobat Elements
  • Acrobat Business Tools
  • Acrobat Approval
  • Adobe Reader
  • Acrobat Reader
  • Acrobat Reader-Writer
  • Acrobat Distiller PE or LE, or any version of Acrobat Distiller that’s bundled with Adobe PageMaker or Adobe FrameMaker
Posted in Uncategorized. Tags: , , . 3 Comments »
« Older posts