Dusty Cables dot com

a tech blog

Asian Domain Scams

May 11th, 2010. Published under Uncategorized. 1 Comment.

Back in 2008 I posted about this domain scam, and it seems the scam is still making rounds, as I just received another very similar message from a Hong Kong address.  Here is the entirety of the message, with my real domain name being swapped out with “domainname”:

From: Gavin [Gavin@ansl.hk]
Subject: About “domainname” Domain dispute (To Principal)

Dear Principal,

We are a domain name registration and dispute organization in Asia which mainly deal with the global companies’ domain names registration and internet Intellectual property right protection.

We have a very important issue need to confirm with your company. On May 09,2010, we received an application from one company named

“MC-BSSD Technology,LTD” who wanted to apply for registering some domain names related to “domainname” and Network Keyword through our company.
But after our initial investigation, we found that these domain names and Network Keyword were related to your company’s web keyword.

I am wondering if you consigned MC-BSSD Technology,LTD to register these domain names and Network Keyword in our company or not? If you did, we will complete their registration. If not, please let me know because this may bring some negative impact to your company.

If you are the person in charge of this, I will feedback some problems to you; if you are not, please forward my letter to your company’s corporate representative or web administrator. In order to deal with this issue better, please contact us by email or phone as soon as possible.

Best Regards,

Gavin Yue
Auditing  Department

Chris at Firetrust.com has a good post about this with many pages of comments from others who have received these scam messages.

Add-ons list in Firefox is empty / blank

March 4th, 2010. Published under Uncategorized. No Comments.

In Firefox 3.6, I was suddenly unable to install or edit any of my add-ons. The list of add-ons was blank, and it would not let me install any new or update any existing add-ons. The add-ons themselves worked just fine in Firefox.

After doing some searching, I found the issue had to do with the use of Personas.  This issue also can occur in Firefox 3.5.x.  The following solution (found here) fixed the issue for me:

  1. Enter about:config (type “about:config” in the address bar of a new tab)
  2. Filter for “lightweightThemes”
  3. Erase the value for lightweightThemes.usedThemes
  4. Change the value to “false” for lightweightThemes.isThemeSelected
  5. Close and restart Firefox

Doing this of course removed the Persona I had loaded, but it solved the issue.

CD / DVD drive missing / not recognized by Windows

March 3rd, 2010. Published under Uncategorized. No Comments.

Recently an associate came across this issue, where a Windows XP laptop was not showing a drive letter for the DVD drive. The drive was obviously powered since it would open when the eject button was pressed. In Device Manager, the drive was showing the yellow exclamation point symbol for a device that had a driver issue. The usual action of deleting the device in Device Manager and restarting did not change this; it just came back with the yellow exclamation mark.

Googling for this issue let to several forum posts where the solution was a quick deletion of two values in the registry. The solution, which works for Windows 2000, Windows XP, Windows Vista, and Windows 7, can be found at the Microsoft Support site.

A quick reboot after the registry deletions fixed the issue on this laptop.

DHCP database and Jet errors caused by AVG 9

December 3rd, 2009. Published under Uncategorized. No Comments.

Suddenly my Windows Server 2003 AD controller was throwing errors about the DHCP Server service running on it and the Jet database.  The Event IDs were 485, 215, 1014, 1016, and 1010.  Here are the specific errors logged:

* Event Time: 23 Nov 2009 01:31:41 AM
* Source: ESENT
* Event Log: Application
* Type: Error Event
* Event ID: 485
* tcpsvcs (3800) An attempt to delete the file “C:\WINDOWS\System32\dhcp\j500322E.log” failed with system error 5 (0x00000005): “Access is denied. “.  The delete file operation will fail with error -1032 (0xfffffbf8).

——————————————————-

* Event Time: 23 Nov 2009 01:31:41 AM
* Source: ESENT
* Event Log: Application
* Type: Error Event
* Event ID: 215
* tcpsvcs (3800) The backup has been stopped because it was halted by the client or the connection with the client failed.

——————————————————-

* Event Time: 23 Nov 2009 01:31:41 AM
* Source: DhcpServer
* Event Log: System
* Type: Error Event
* Event ID: 1014
*
The following problem occurred with the Jet database -1032:

Jet database read or write operations failed. If the computer
or database has just been upgraded, then this message can be
safely ignored. If this message appears frequently, either there
is not enough disk space to complete the operation or the database
or backup database may be corrupt.  To correct this problem,
either free additional space on your hard disk or restore the
database. After you restore the database, ensure that conflict
detection is enabled in DHCP server properties. For information
about restoring the database, see Help and Support Center.

Additional Debug Information: JetBackup.

——————————————————-

* Event Time: 23 Nov 2009 01:31:41 AM
* Source: DhcpServer
* Event Log: System
* Type: Error Event
* Event ID: 1016
* The DHCP service encountered the following error when
backing up the database:
An error occurred while accessing the DHCP database. Look at the
DHCP server event log for more information on this error.

——————————————————-

* Event Time: 23 Nov 2009 01:31:41 AM
* Source: DhcpServer
* Event Log: System
* Type: Error Event
* Event ID: 1010
* The DHCP service encountered the following error while cleaning
up the database:
An error occurred while accessing the DHCP database. Look at the
DHCP server event log for more information on this error.

These were driving me nuts.   I tried a few things like copying over the DHCP configuration files from my other AD controller (which was configured with DHCP Server but disabled for backup purposes), but nothing I did worked.

Then I realized the day before these errors began I upgraded the AVG client software from AVG Antivirus Network Edition 8.5 to AVG Antivirus Business Edition 9.0.  So I Googled about these errors and threw “AVG” into the search and found this forum thread, which supported my theory of the AVG upgrade being the culprit.

I then contacted AVG Technical Support about the issue, and the response I received instructed me to “remove the AVG Service for optimizing scans”.  The specific instruction was to run command line switches on the installation package.  So using a recent installation package, I typed the following from a command line:

avg_ipw_stf_all_90_707a1765.exe /REMOVE_FEATURE
fea_AVG_NtfsChangeJournalCach

A wizard dialog will appear where I selected (per instruction) “Add or remove components”, and just clicked “Next” through the wizard.  Do not modify the component selection.  The instructions also said to restart the server after this wizard, which I did NOT, and the issue still was resolved even though I have not restarted.

How to access Administrative Shares on Vista (C$)

November 23rd, 2009. Published under Uncategorized. No Comments.

Found this gem recently about turning on the hidden administrative shares in Vista.

Text clipped from http://www.paulspoerry.com/2007/05/09/how-to-access-administrative-shares-on-vista-c/

To enable administrative shares you gotta make a registry change. Click on the orb and in the search box type ‘regedit’ and hit enter. Browse to HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System. Add a new DWORD called “LocalAccountTokenFilterPolicy” and give it a value of 1. Reboot and yer done!

Definitions not updating from Symantec Endpoint Protection 11 console

July 19th, 2009. Published under Uncategorized. No Comments.

If you are unfortunate enough to have to deal with Symantec Endpoint Protection (version 11 particularly here), and you find your clients aren’t updating their virus definitions, here is a fix that worked for me.

  1. Download the newest definitions to your server from a Symantec FTP site.
  2. Move the .jdb file you downloaded to the “C:\Program Files\Symantec \Symantec Endpoint Protection Manager\data\inbox\content\incoming” folder (edit path if your installation is not default).
  3. Wait a little bit.

This seemed to “un-jam” the issue causing the clients not to update their definitions from the management console server.  Don’t know if this is a long-term solution…I have to monitor for a while.

Giving credit where credit is due: Thanks AussieRyan for this solution, found here on Symantec’s forums.