Windows Installer service could not be accessed

"The Windows Installer Service Could Not Be Accessed" error message when you install a program in Windows XP

Ran into this today on a Windows XP machine that had Service Pack 3 and appeared to be freshly patched. To fix the problem, simply do the following from start->run:

msiexec /unregister
msiexec /regserver

This will re-register the Microsoft Installer service which will then fix this error when you try to add or remove programs.

Reverse DNS and Exchange 2007

One of the ways that spam is being attempted to be controlled is via reverse DNS entries. For example, if you attempt to send an email from a SMTP server to a Comcast email address, the first thing Comcast will attempt to do is resolve your sending IP address to a hostname. This generally means that your IP address can be considered "legitimate" but obviously this is not always the case. In my example, let's assume you had two separate Internet connections that you were load balancing. 50% of the time your connection went through one pipe, and the other 50% of the time it went through the other pipe. If your second IP address did not have a reverse DNS entry from your provider, then Comcast would block delivery of the email. AOL is also fairly notorious about doing this as well.

If you do not own your IP block, then you will need to contact your ISP and ask them to create a reverse DNS entry for your outgoing IP address to resolve to some host name, such as a MX record of some sort - mx03.yourcompany.com. Once this is complete and you can test via nslookup, then you can successfully send emails again to these providers. Just go into your Exchange 2007 Management Toolbox and go to the Queue viewer, find the offending queue and right click and hit retry. You should now see these emails flowing properly from your edge transport server.

DNS and IP entries play a big part of successful communication with other email servers outside your enterprise. Keep this in mind as you troubleshoot your external email flow.

Pix 500 series Password Recovery

Password Recovery and AAA Configuration Recovery Procedure for the PIX [Cisco PIX 500 Series Security Appliances] - Cisco Systems

Handy page if you need to reset the password for your Pix 500 series firewall that you might have bought off of EBay - even if your Pix does not have a floppy. There are plenty of free TFTP servers out there you can use which you will need if you do not have access to a floppy drive on one of the smaller PIX's in the lineup.

Dell Lease offer of 0% interest for 36 months now running

For those in IT who are having a hard time coming up with good ROI numbers and justifications for projects when capital expenditures are being cut, Dell has stepped up to the plate in a big way to provide a leasing offer that is pretty incredible. Between November 2, 2009 and January 29, 2010 Dell is offering a 36 month lease with 0% interest and a $1 lease buyout option at the end of the lease. Basically this means 36 months same as cash with $1 to buy it out at the end - wow! IT folks should realize that usually at the end of the lease you pay for the fair market value of the equipment and a relatively high interest rate along the way. This is a heck of a deal and really should be looked at seriously for any company that would qualify for this deal. Talk to your sales rep to figure out what qualifies for you but ask about any and all upcoming projects you may have. Your accounting department should love you as well because this is a deal that we probably won't see again any time soon.


It makes you wonder just how bad the economy is for IT purchases or if Dell is really struggling to gain business at the end of the year but this is a major steal for the consumer.

Using TestDisk to recover partitions, partition tables and boot sectors

TestDisk Step By Step - CGSecurity

Recently I had an issue with a MDX1000 external array and RedHat Enterprise Linux 5.4 where after I installed the OS and formatted /dev/sda to be a volume group the OS could not find the partition table for /dev/sdb. I wasn't too concerned during the installation process because I wasn't using that disk anyway but I definitely wanted to keep the 1.7TB partition since it had a lot of data on there that I did not want to recover from tape. Once the install was done, I was unable to mount /dev/sdb1 and a fdisk -l was not showing any partitions on the disk - this obviously was bad. To further compound matters, the total size of this array was 3.9TB which fdisk could not handle since it was larger than 2.2TB and I needed to use parted to try to get it work.

Once I got into parted, I discovered that the partition table was corrupted and needed to be rebuilt. I then found the utility testdisk which will work on Windows or Linux and does a great job of allowing you to find lost partitions and backup superblocks on the disk. I had the software recreate the partition table and set it to a EFI disk which allowed larger than 2.2TB disks and then it was able to find the lost partition with all of my data intact. I wrote the new partition table to disk and rebooted the server and was then able to successfully mount and use /dev/sdb1 just as it was before the 64 bit "upgrade" of the server.

I have not personally tried this yet on Windows or another flavor of Unix but I am now a big believer in this tool when all seems lost. And you can't beat the price: free.

Using and understand the yum command for Redhat Linux 5

yum command: Update / Install Packages under Redhat Enterprise / CentOS Linux Version 5.x

With Redhat 5, up2date was retired and now the yum utility has been introduced as the method for keeping your system up to date and fully patched. You can also use this utility to install packages that you might have forgotten when you originally built your system which can come in handy when you want to install a new application to mess with.

The first step you will need to do in order to use the yum utilities is to register your server with Redhat using the rhn_register command. This will allow Redhat to keep track of the patches and versioning information of the packages you are using.

Once that is done, we can have yum list the updates that are needed by simply doing:

yum list updates

We can then update individual packages or update everything on the box. You will be prompted to confirm the download's and to actually install the packages but when I first build a box I just update everything. Depending on your application compatibility you may want to exclude certain packages but that is up to you.

To install the updates, simply type:

yum update

We can then show whatever is installed on the system by doing:

yum list installed | grep -i "whatever package you want"

If you decide later you want a FTP server but you haven't installed it yet, you can simply do the following:

yum list | grep -i ftp

Pick out the package you want to install, and then:

yum install "name of package"

The package will be downloaded and installed on your system.

If you later want to uninstall a package, simply do:

yum remove "name of package"

All in all - this is a great way to manage software and keep things simple in terms of patch management and installation procedures for new packages that are controlled and built by Redhat.

Configuring Telnet/FTP to login as root (Linux)

Configuring Telnet/FTP to login as root (Linux)

Slight correction on this article - everything is now under:

/etc/vsftpd/

and is called ftpusers and user_list

Obviously you want to do this from a secure network on your internal LAN and not over an untrusted network such as the Internet but it is useful for when you need to connect and upload some files over FTP. I like to disable root access from telnet and just use SSH for all of my administration needs.

X11 forwarding over SSH on a Mac

One of the many reasons I love to use my Mac is that I am an Unix administrator at heart. In the old dark ages I used to buy Exceed and use it for my X sessions to my Unix boxes that I took care of at my various places of employment. Along came CYGWIN and other free X servers for Windows but they were clunky and slow.

Since X is built into my Mac and I can easily take advantage of X11 forwarding over SSH from any linux or Unix server. First and foremost, remember to patch your servers and make sure SSH is fully secure just as you would any other software. I tend to rely on VPN's to get me connected and then SSH into whatever box I would like. I do not encourage you deploy an Internet facing SSH server unless it is absolutely necessary but that is a topic for another day.

Once you have configured OpenSSH to allow X11 forwarding, you can go to your terminal application in Leopard and do the following:

notorious:~ rick$ ssh -X root@server

This will enable X11 forwarding through your SSH session on your box and when you launch something like xclock you can then have it graphically display on your machine. Very handy and useful in situations where you are doing remote administration and do not have access to the console.

For more information on configuring X11 forwarding via OpenSSH please check out:

http://www.cyberciti.biz/tips/linux-mac-osx-x11-forwarding-over-ssh-howto.html

Date and time management via the Linux command line

A simple reminder for some who may be new to the world of Linux but here are a few quick ways to set your time and date on your new box via the command line - remember that GUI's are bad, okay?

This will set your time and date to whatever you would like.

# date -s "13:52:30 April 9, 1979"

This will query a time server to make sure you can connect to it over the Internet

# ntpdate -q clock.redhat.com

This will set you clock to match what is on the time server once you have successfully queried the time server in the step before

# ntpdate clock.redhat.com

You need to start ntpd and make sure it is going to start on boot. Check out /etc/ntp.conf for more configuration options.

# /etc/init.d/ntpd start

# chkconfig --level 345 ntpd on

And now you have a running NTP server that is ready to keep your machine's time synced.

Date and Time management on Linux

A simple reminder for some who may be new to the world of Linux but here are a few quick ways to set your time and date on your new box via the command line - remember that GUI's are bad, okay?

# date -s "13:52:30 April 9, 1979"

This will set your time and date to whatever you would like.

Dell Server Update Utility (suu) DVD image problems

Problem with SUU DVD image?

In the process of attempting to update an older PowerEdge 2950 server from Dell that was running Redhat Enterprise Linux 5.4 we decided to download the latest 6.1.1 DVD iso's from Dell's support website so we could boot from this DVD and install all of the firmware updates we needed. The website lists two ISO images so we downloaded the first one and burnt it to a DVD and had trouble booting from the disk. I then mounted the DVD and discovered I had problems reading some of the files from the repository and getting the suu command to run properly. I took the DVD to a Windows box and attempted to pull off the appropriate firmware binary files and discovered that half of the repository seemed to be missing. Scratching my head and wanting to bang it on a wall at the same time, we decided to try to use ISOBuster to bust the ISO image of the 2nd image up to see what was inside of it - this time we got a ton of CRC errors.

Using the magic of google, I discovered the page above that said you must take both ISO image downloads and merge them together by doing the following:

copy /b OM* OM_610_MERGED.iso

Dell managed to release a SPLIT ISO image of a DVD download which to me is absolutely insane. Finally after merging these two iso's together we were able to bust out the appropriate firmware updates that I was then able to FTP off to my linux server in order to get everything working properly. A complete waste of time and yet another reason for me to shake my head and ask "why?" over and over again.

Move or migrate user accounts from old Linux server to a new Linux server

Move or migrate user accounts from old Linux server to a new Linux server

One of the problems you may face in completing a 64 bit server migration in Linux is that you do not want to rebuild all of your local accounts once you have completed the reinstall of the OS. Obviously if you were using LDAP or some other mechanism for central account management this would not be a problem but if you happen to be using legacy authentication then this is a big help. I recently had to do this and found the following awk commands very helpful in getting a copy of the local user database as well as tar'ing up the contents of /home so that everything would be like normal once the box was rebuilt. Check out the link above for steps on how to accomplish this task. Of course this would work on just moving accounts from one box to another and other situations as well so its a great trick to keep in your toolbox.

Linux LVM/volume group backup and restores

If you have a LVM (a volume group) and you want to back up the configuration and restore it once you rebuild an OS (or if you decided to upgrade a kernel from 32-bit to 64-bit), there are two built in commands you will want to run. The first is vgcfgbackup - simple enough. When you run this command, you will create a backup of your volume group configuration in /etc/lvm/backup with a name of the volume group you are backing up. In order to see the volume groups on your box, just type vgdisplay to get the name of the volume group. Once you have backed up your configuration and taken a copy of this file to another spot for safe-keeping, you can now blow away the box and then put the file back in order to recreate the volume group.

Once the box has been restored or recovered, you can then run the command: vgcfgrestore with the name of the file to restore from as an option. This will recreate the volume group using the same disks that you used before. All of your data will be there and you won't have to do a full recovery or rebuild the volume group. Very handy if you are deciding to upgrade a kernel from 32-bit to 64-bit since it usually requires a complete OS reinstall in order to be supported from a major vendor like Redhat.

How to extend a data volume in Windows

How to extend a data volume in Windows Server 2003, in Windows XP, in Windows 2000, and in Windows Server 2008

One of the nice features of a RAID controller or even a SAN is the ability to add additional space to an existing array. The better and faster your storage system performs the quicker this operation can take place. Consider the following scenario:

1. Server A was built with (4) 144gb SCSI hard drives that was set up as a single RAID 5 disk.
2. The OS had a 30 gig partition on the disk, and your data partition was the remaining space.
3. The disk is created as a basic disk since you are using Windows

Fairly standard set up, but now what if your second partition is starting to fill up and you need additional space on the disk? You can't convert just the second partition to dynamic since it is just a partition on the 1st disk. Obviously you could take the extreme approach of blowing the entire disk away and creating two separate disks on the RAID controller, but that will take a lot of work.

In this situation, you can add additional disks to your RAID group and extend the volume to those extra disks. This is time consuming and will take quite a while depending on the amount of disks you have in your system. In this example, lets say we add (2) additional 144gb SCSI drives to the array and wait for the rebuild of the LUN to take place. During this time the performance of you server will be degraded signifigantly so please do this outside of normal business hours.

Once this rebuild is complete, you can rescan your disks and see the extra space. However, your partition was for the original amount of space you had available. How do you get the OS to see that extra space as part of your partition?

We can turn to the command line and use diskpart.exe which is described in the knowledge base article above. We select the volume we want to extend and then just type "extend" to have the OS see this extra space as part of the original partition. Once that command is complete, you can now see the additional space on your drives.

This command will work the same on your LUN's as well since you are effectively doing the exact same thing except without the overhead of rebuilding your entire array. This will keep you away from dynamic disks and allow you to grow your storage requirements as needed without having to rely on additional disks that would need to be purchased.

How to transfer the logins and the passwords between instances of SQL Server 2005 and SQL Server 2008

How to transfer the logins and the passwords between instances of SQL Server 2005 and SQL Server 2008

Migrating databases should be fairly simple these days. This is a common problem and one that the GUI should be able to solve for you, especially when dealing with SQL Server. Unfortunately, there is no easy way to transfer the database logins to another box. For example, lets say you want to migrate your SQL Server databases to another server. Pretty simple, right? Install SQL Server and the appropriate service pack/hotfixes on the new box and then shutdown the SQL Server services on the old box. Copy the data and log files to the new server and attach the databases to that instance. Point your users and applications to the new box and set back and pat yourself on the back. Unfortunately you see a ton of these in your SQL Server error logs:

Login failed for user 'MyUser'. (Microsoft SQL Server, Error: 18456)

Oops. What went wrong?

SQL Server does not store the credentials inside of the individual databases. The new server does not have any idea what those credentials are or should be. Unfortunately the only way to get around this is to run a script on the old server that dumps these credentials in a new script that you can copy and paste and run on the new server. This will re-create all of the credentials and allow you access to your databases again without re-entering all of the credentials by hand. I really would like to see this added to the GUI because I am positive this is a common problem that could easily be handled by a few clicks. In any event, check the link above for the actual script and the KB article describing the procedure in more detail.

Exchange 2007 Management through AD users and computers

U-BTech Solutions LTD - Exchange Tasks 2007

One of the biggest drawbacks to running Exchange 2007 in comparison to Exchange 2003 is the inability to manage your mailboxes from AD Users and Computers. Going back to the Exchange 2000 ways of doing things, all mailbox management should be done via the Exchange Management Console which can be time consuming when you are used to doing everything through one interface. Fortunately, there are a number of third party utilities that allow you to continue to manage Exchange through the ADUC mmc console. One of the best ones I have found and used is called Exchange Tasks 2007 which is linked above. This simplifies your management and allows for mailbox creation from a single console without having the mailbox be created with legacy attributes and having to upgrade the mailbox via Exchange Power Shell.

Use your iPhone as a portable hard drive

iPhone Explorer - A USB iPhone browser for Mac and PC

I do not want to jailbreak my iPhone and frankly most people don't want to bother with that either. However, I have been searching for an application that will allow me to store and retrieve files and documents on my iPhone. I am a MobileMe user and I can store files on my iDisk for free but of course I have to have a connection to the server in order to get the files. What if I didn't have a connection but still wanted to be able to access my documents?

I found GoodReader which is a $0.99 application in the app store which allows you to do just that. You install the app and then from your PC or Mac go to their website to download the free transfer application that allows you to upload and manage the files on your iPhone. It is very slick and the only feature I wish it had was an automatic sync but that is something that I think can be scripted in whatever language you choose.

In any event, give it a shot and let me know what you think.

Anonymous SMTP Relay with Exchange 2007

As I found out this morning, there are a lot of copiers and scanners out there (I am looking at you Xerox) who don't support proper authentication with Exchange 2007's SMTP service. In order to fix this issue, we need to create a new Receive Connector that will allow for anonymous access FROM YOUR INTERNAL clients only. You definitely do not want to do this for your Internet facing client access servers because you will create an open relay. However, if you do this for your internal Exchange 2007 servers, you should be okay.

You need to open up Exchange Management Console and navigate to Hub Transport under your Server configuration. Select the appropriate Hub Transport Server and right click to create a new Receive Connector. Call the receive connector something like "relay' and then configure it to only allow anonymous connections from your internal IP range. By default, it will allow connections from all IP addresses but we don't want that. Once your connector is configured on your server, go into Exchange Power Shell and type the following:

"Get-ReceiveConnector 'connector name' | Add-ADPermission -User 'NT AUTHORITY\ANONYMOUS LOGON' -ExtendedRights 'ms-Exch-SMTP-Accept-Any-Recipient'"

This will allow anonymous users to connect and send anonymous emails without any authentication.

Once this command is complete, go ahead and restart the Exchange Transport Service for the changes to take effect. You can now telnet into your SMTP server and attempt to send an email or use your scanner/copier to make the magic happen.