ALI Blog

Executive and Technical Blogs

  • Home
    Home This is where you can find all the blog posts throughout the site.
  • Categories
    Categories Displays a list of categories from this blog.
  • Login
    Login Login form

Posted by on in Technical
If you have noticed an increase in spam recently, there is a good reason - the amount of spam in the Internet has more than doubled in volume since January.

Posted by on in Technical

A quick note to advise that due to some port changes at Comcast, some clients may experience some issues with outbound email.

 

Posted by on in Technical

A quick note to advise that scammers are continuing to try to use UPS and FexEx as avenues for scams and viruses.  For awhile it was virus-infected attachments that claimed to be invoices or delivery notices.  These are scannable and filterable, so they have changed tactics.

 

Posted by on in Technical

The HP Proliant G6-generation (and newer) servers have a new type of high-efficiency power supply that is sensitive to the waveform output of UPS units.  If you find your UPS is not carrying the new G6 server (it immediately shuts down upon power loss), check the specifications of the UPS unit(s).  The output must be True Sinewave.  If it is anything else (Stepped Approximation to Sinewave is the usual alternative), then the server will not run on it.

If you need help with this or any other support issue, please don't hesitate to contact me at the ALI Technical Assistance Center at (540) 443-3398.

Brice Stevens
Advanced Logic Industries
Technical Assistance Center (TAC)
tac@ali-inc.com

Some Lexmark printer software and/or drivers can cause problems whereby the Print Spooler service conflicts with the Server service on Windows workstations and servers.  Symptoms include very long (15 minute) waits on first starting Windows before it responds, as well as events logged in the System section of Event Viewer for "The Server service hung on starting".  The Print Spooler is attempting to start at the same time, which causes Server service to hang.
 
The solution is to make the Print Spooler service dependent on the Server service, so it will not start until after the Server service is started.
  1. Click Start, and then click Run.
  2. In the Open box, type regedt32, and then click OK.
  3. Locate and click the following registry key:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Spooler
  4. Click Add Value on the Edit menu.
  5. Type DependOnService in the Value Name box.
  6. Click REG_MULTI_SZ in the Data Type box, and then click OK.
  7. Type LanmanServer in the Data box, and then click OK.
  8. Click Exit on the Registry menu to quit Registry Editor.
  9. Restart your computer.
For steps 4 through 7: If the "DependOnService" value already exists and has an entry, you can add another by double-clicking the value and entering it on a new line.

If you need help with this or any other support issue, please don't hesitate to contact me at the ALI Technical Assistance Center at (540) 443-3398.

Brice Stevens
Advanced Logic Industries
Technical Assistance Center (TAC)
tac@ali-inc.com

Hits: 20145

Posted by on in Technical

Are you running DHCP on your OES 2 server?
Would you like to view the DHCP leases in use?
Well, now you can in OES 2 SP3!

Please contact the ALI TAC to schedule the upgrade and configure DHCP for this feature!


 


 

 

Viewing Dynamic Leases Under The DNS/DHCP Management Console From OES 2

This document (7006450) is provided subject to the disclaimer at the end of this document.

Environment

Novell DHCP Management Console
Novell DNS Management Console
Novell Open Enterprise Server 2 (OES 2) Linux Support Pack 3

Situation

Starting with OES 2 SP 3, administrators can view DHCP leases utilizing the DNS/DHCP management console; however, before doing so one of the following errors or messages may be encountered:
  • Configure the "DHCP server IP address" to view the leases
  • Configure the "omapi-key" setting of the DHCP server object to view the leases
  • Configure the following DHCP server settings to view the leases: DHCP Server IP address, omapi-key
  • ERROR: EOMAPI1
  • ERROR: DHCP server connection failed

Resolution

To address the "DHCP server IP address" portion of the message(s), do the following:

  1. Launch the DNS/DHCP management console and login to the server (NOTE:  Novell Client is no longer needed with the latest versions of the DNS/DHCP Java Management Console)
  2. Click on the 'DHCP (OES Linux) tab toward the top of the console
  3. Find the DHCP Server object at the bottom of the console and select it
  4. Toward the top-right hand side of the console select the GENERAL tab and find the section called DHCP SERVER
  5. Click the ADD button and enter the IP address of the DHCP server
    • NOTE:  If doing this step on OES 2 SP 2 the buttons may be greyed out.  This is due to the schema not being extended.  This option is officially supported on OES 2 SP 3
  6. Click on the SAVE button toward the top, left-hand side of the console (looks like a floppy disk)
To address the "omapi-key" portion of the message(s), do the following:
  1. The first step in addressing this issue is to create a TSIG key if one has not already been created.
    • NOTE:  At the time this TID (Technical Information Document) was created, the secret for the TSIG key must be divisible by four (4).  If it is not DHCP will not load.  For instance, if the key's secret is set to SECRET then DHCP will fail to load as the secret is not divisible by four; however, if SECRET12 is used instead, then DHCP will load as the secret is now divisible by four.
      1. Launch the DNS/DHCP management console and login to the server (NOTE:  Novell Client is no longer needed with the latest versions of the DNS/DHCP Java Management Console)
      2. Click on the 'DHCP (OES Linux) tab toward the top of the console
      3. Highlight the SERVICE object (assuming it has already been created) and click on the CREATE button located at the top, left-hand side of the console (looks like a 3-dimensional box)
      4. Select 'TSIG Key" and assign the KEY NAME and SECRET.  Keep in mind the note above regarding the secret to make sure the number of characters used in the secret is divisible by four
      5. After hitting CREATE on the key the key should show up under the service object that was highlighted
  2. The second step in addressing this issue is to add the omapi-key setting itself
    1. While in the DNS/DHCP management console, and with the 'DHCP (OES Linux)' tab selected, highlight the DHCP SERVER object toward the bottom of the console
    2. Select the SETTINGS tab toward the top, right-hand side of the console (next to the GENERAL tab)
      • NOTE:  At this point the administrator should see a setting for the OMAPI-PORT already configured for port 7911.  If it is not there, the click the MODIFY button, find the setting, add it and assign it a port of 7911 (which is the default)
    3. Click on MODIFY and find the OMAPI-KEY setting (likely at the bottom of the list).  A drop down menu should appear after adding it, and a list of found TSIG keys should be presented.  Select the appropriate key
      • NOTE:  If the key doesn't show up at this point, review the steps above and create the key as specified
    4. Review the settings and make sure there is an OMAPI-PORT and OMAPI-KEY setting, each assigned a valid value
    5. Click on the SAVE button toward the top, left-hand side of the console (looks like a floppy disk)

At this point it may be necessary to hit the TREE REFRESH button located at the top, left-hand side of the console.  It is found next to the SAVE button.  Once the tree refresh is complete, expand the SUBNET and then the POOL to view any current leases that may be assigned out.  If one of the following errors is encountered, it is likely due to the fact that the leases file has not yet been populated with any leases.  This error should resolve itself once there is a lease to be found in the dhcpd.leases file on the server:

  • ERROR: EOMAPI1
  • ERROR: DHCP server connection failed

NOTE: The 'omapi-port' and 'omapi-key' settings cannot be added, modified, or managed from iManager in any way at the time this TID was written.  This has been reported to Engineering.   The steps described in this TID should be completed from the DNS/DHCP Management Console.

Posted by on in Technical

Contributed by Brian Ogden
2011-08-30

The Verizon Droid 3 phone is not supported by Novell Data Synchronizer due to the change in the phone software.

When you setup an account on the device, the certificate setting isn't visible on the initial screen. However, "Use a secure connection" and "Verify Certificate" is automatically enabled. Since we always use a self-signed certificate, this cert is not part of the trusted authority on the device. If you use the workaround below, you can setup an account that works, then uncheck verify certificates and switch to the config of the customer Novell Data Synchronizer.

Here is a workaround:

  1. Set-up a corp-sync or Exchange Activesync account
  2. Use your google account to create a corporate sync account . The prompt for server name should be “m.google.com” and the prompt for user name is your gmail address (the entire email address, not simply the first half/user part). So, as an example:
  3. Server: m.google.com
  4. Username: username@gmail.com
  5. After the account is created, go into settings -> accounts and select the EAS account created
  6. In the first screen, un-check the option "Verify Certificate"
  7. Change the credentials to the account needed

If you find you need more assistance with this issue, please don't hesitate to contact us!


ALI Technical Assistance Center
(540) 443-3398
tac@ali-inc.com

Posted by on in Technical

Important LiveUpdate Certificate Expiration Notice

 Problem

An older Symantec root certificate, SymRoot1, will expire on April 30, 2011. With an expired certificate, older LiveUpdate clients would no longer authenticate, download, or install content such as AntiVirus definitions or product updates.

Solution

To allow customers additional time to plan migrations, Symantec has introduced a workaround that allows LiveUpdate to continue to successfully authenticate valid content from Symantec through July 4, 2012. This date may be extended if needed on a product-by-product basis.

In addition, a newer Symantec root certificate, SymRoot2, will expire on August 23, 2020. Newer Symantec products and recently patched products are compatible with SymRoot2. All customers utilizing SymRoot1-based products are recommended to upgrade to SymRoot2-based products.

What is the impact of using SymRoot1 definitions after the certificate expiration?

The product will continue to download and install new updates, such as AntiVirus definitions and product updates. You do not need to do anything to continue to receive definitions for these products after the certificate expiration, but you are encouraged to upgrade to a version that supports SymRoot2 as soon as feasible.

Will products without SymRoot2 support still be able to use Intelligent Updater or Rapid Release to update definitions?

Yes, Intelligent Updater and Rapid Release definition packages will be signed by both SymRoot1 and SymRoot2.

Which products are affected?

The following table shows which product versions support SymRoot2 in green, which product versions will continue to receive SymRoot1 definitions after the certificate expiration in orange, and which product versions require an upgrade in red.

Product

Version

Status

Action Needed

AntiVirus Corporate Edition

10.1 MR 10

SymRoot2 Support

None

AntiVirus Corporate Edition

10.x

SymRoot1 Support

Upgrade recommended

AntiVirus Corporate Edition

9.x

No definitions after 4/30/2011

Upgrade required

AntiVirus for Linux

MR 10

SymRoot2 Support

None

AntiVirus for Linux

MR 9 and earlier

SymRoot1 Support

Upgrade recommended

AntiVirus for Macintosh

10.x

SymRoot2 Support with LiveUpdate 5.1.2

Update to LiveUpdate for Macintosh 5.1.2

Brightmail Gateway

7.7 and later

SymRoot2 Support

None

Brightmail Gateway

5.x through 7.6

SymRoot1 Support

Upgrade recommended

Brightmail Message Filter

All

Does not use SymRoot

None

Client Security

3.1 MR 10

SymRoot2 Support

None

Client Security

3.x

SymRoot1 Support

Upgrade recommended

Client Security

2.x

No definitions after 4/30/2011

Upgrade required

Endpoint Protection

12.0 / 11.0

SymRoot2 Support

None

Enterprise Security Manager

10.x

SymRoot2 Support

None

Enterprise Security Manager

9.x and later

SymRoot2 Support with LiveUpdate 3.3

Update to Windows LiveUpdate 3.3

Enterprise Security Manager

6.5.x

No definitions after 4/30/2011

Upgrade required

IM Manager

8.4.1.16

SymRoot2 Support

None

IM Manager

Prior to 8.4.1.16

SymRoot1 Support

Upgrade recommended

LiveUpdate Administrator

2.x

SymRoot2 Support

None

LiveUpdate Administration Utility

1.5

SymRoot1 Support

Upgrade recommended

Mail Security for Domino

8.0.5 and later

SymRoot2 Support

None

Mail Security for Domino

8.0, 8.01, 8.02, 8.03

SymRoot1 Support

Upgrade recommended

Mail Security for Domino

7.5

SymRoot2 Support

None

Mail Security for Domino

5.x

SymRoot1 Support

Upgrade recommended

Mail Security for Domino

4.x and earlier

No definitions after 4/30/2011

Upgrade required

Mail Security for Domino MPE

3.2

SymRoot1 Support

Upgrade or Java LiveUpdate patch recommended

Mail Security for Domino MPE

3.0

No definitions after 4/30/2011

Upgrade required

Mail Security for Exchange

6.5

SymRoot2 Support

None

Mail Security for Exchange

6.0.x

SymRoot2 Support

None

Mail Security for Exchange

5.0.x

SymRoot1 Support

Update recommended

Mail Security for Exchange

4.6

SymRoot1 Support

Upgrade recommended

Mail Security for Exchange

4.5 and earlier

No definitions after 4/30/2011

Upgrade required

Mail Security for SMTP

5.x

SymRoot1 Support

Upgrade recommended

Scan Engine

5.2.8

SymRoot2 Support

None

Scan Engine

5.2.7 and earlier

SymRoot1 Support

Upgrade recommended

Security Information Manager

4.7 MP3 (release TBD)

SymRoot2 Support

None

Security Information Manager

4.7.2 and earlier

No updates after 4/30/11

Upgrade required

 My product version will not be updated. How do I upgrade?

If possible, Symantec recommends that you upgrade to a version that supports SymRoot2. SymRoot2 compatible products appear in green in the table above. You can download the latest version of your product from File Connect or from the Business Critical Services Web site.

For some products, you may need to apply patch instead of upgrading. For additional assistance, the Technical Assistance Center line is available to provide support (540) 443-3398 or contact your ALI representative for further assistance.

Linux tip:
How to find out the most recent installed packages with RPM


You probably know the last software package you installed, but are you aware of all the dependencies that were also installed?  Here's a tip to help you.

Use this command to show the newest installed packages at the top:  rpm -qa - -last

The newest packages will be at the top. Since the list is probably long, you might want to pipe the output to less:

rpm -qa - -last | less

Type q to exit less. You can also pipe the output with grep to search for a specific day or date with Jun as an example like this:

rpm -qa - -last | grep Jun

You can also pipe the request to a text file:

rpm -qa --last > filename

Looking for more help with your Linux systems?  Contact us and we'll be happy to set you up with an engineer who can help!