Archive for Technical Posts
Errors during verify phase of backup to USB Drives on BackupExec 10d
Posted by: | CommentsWhen backing up to external USB drives from Backup Exec 10d it may fail on the verification stage with the following errors:
Final error: 0xe00084c8 – The backup storage device has failed.
Final error category: Backup Device ErrorsFor additional information regarding this error refer to link V-79-57344-33992
And then…
Final error: 0xe00084c8 – The backup storage device has failed.
Final error category: Backup Device ErrorsFor additional information regarding this error refer to link V-79-57344-33992
In the application event log there may also be the following:
Event Type: Error
Event Source: Backup Exec
Event Category: None
Event ID: 33808
Date: 06/02/2010
Time: 19:02:25
User: N/A
Description:
An error occurred while processing a B2D command.
Drive: ReadMTFData() ReadFile failed (N:\VERITAS\B2D\B2D001024.bkf). Error=1450For more information, click the following link:
http://eventlookup.veritas.com/eventlookup/EventLookup.jhtml
Event Type: Error
Event Source: Backup Exec
Event Category: None
Event ID: 57665
Date: 06/02/2010
Time: 19:02:25
User: N/A
Description:
Storage device “Friday N:” reported an error on a request to read data from media.Error reported:
Insufficient system resources exist to complete the requested service.
.For more information, click the following link:
http://eventlookup.veritas.com/eventlookup/EventLookup.jhtml
Data:
0000: aa 05 00 00 c8 84 00 e0 ª…È.à
0008: 00 80 00 00 00 00 00 00 .……
0010: 92 03 00 00 …
Event Type: Error
Event Source: Backup Exec
Event Category: None
Event ID: 34113
Date: 06/02/2010
Time: 19:02:25
User: N/A
Description:
Backup Exec Alert: Job Failed
(Job: “Friday – Backup to N:”) Friday – Backup to N: — The job failed with the following error: The backup storage device has failed.For more information, click the following link:
http://eventlookup.veritas.com/eventlookup/EventLookup.jhtml
A lot of people have this problem but there seemed to be no definitive answer. For me the following steps solved the problem:
1) From within device manager set the USB drive to “Optimize for performance”:
2) From within Backup Exec Devices – Set the maximum size for Backup-To-Disk files to 2GB
3) From within Backup Exec Devices – Disabled auto-detect device settings and enabled “Buffered Reads” and “Buffered Writes”
There is no clear resolution for this problem. Different settings seem to solve the problem for different systems. This is running on a Dell PowerEdge 2850 / Windows 2003 Standard and 4Gb. Backup size is approx 250Gb.
Enabling ping on Thompson Speedtouch 605s
Posted by: | CommentsTo enable ping on the WAN/Internet interface on the Thompson Speedtouch 605s (and probably lots of other speedtouch models)
Telnet to the router:
Default username is Administrator (note the capital A)
Default password is empty
Then run:
service system ifadd name=PING_RESPONDER group=wan
You should now be able to ping the wan address.
Just been trying to install Exchange 2007 SP1 on a freshly installed Windows 2008 R2 and come up against the following error during the installation of the Mailbox Role:
Mailbox Role
FailedError:
An error occurred. The error code was 3221684229. The message was Access is denied..
Simple fix for this is to run setup.exe in compatibilty mode. I chose Vista SP2 and then the installation went through normally.
But before you go rushing to finish your installation it is worth noting that Exchange 2007 SP2 will not be supported on Windows 2008 R2, and therefore you may want to reconsider doing the installation at all! Read here:
http://msexchangeteam.com/archive/2009/09/21/452567.aspx
I flattened the installation and went back to Windows 2008 Standard.
Update: Microsoft have changed the policy to support Exchange 2007 on Windows 2008 r2:
PPTP VPN Problems with Vista SP1 and ZoneAlarm
Posted by: | CommentsYesterday I advised a customer who is a remote VPN/Terminal Services user to upgrade to Vista SP1 in order to make "Terminal Services Easy Print" available.
After the installation of SP1 the user was not able access the corporate VPN.
When trying to connect Vista hangs at "Verifying username and password" and eventually shows an 828 error. On the server side event 20209 was logged.
There is a discussion on the ZA forums as to where the blame lies for the problem but there does not seem to be a clear answer.
For the sake of simplicity, I have found that:
On Vista SP1 machines with version 7.1.248 of ZoneAlarm free installed PPTP VPN connections to Windows 2003 Based RRAS servers do not work. Also note that disabling ZoneAlarm does not help. Uninstalling the product solved the issue immediately.
Always a pain when you try to solve one problem and create another in the process. On a positive note Terminal Services easy print in Windows 2008 worked really well once we got the user reconnected.
Malware/Virus delivered through fake e-mail from UPS
Posted by: | CommentsI have had several incidents this week of customer systems being infected by executables attached to e-mails appearing to be from UPS.
Looking around the blogs, these e-mails seem to be having a higher than normal infection rate. It is time consuming to get rid of and makes the infected machines unusable and creates a huge number of network connections.
The exact subject line of the email’s that have been received is:
UPS Tracking Number 5440074870
Attached to the e-mail is a zip file containing an executable which when executed installs "XP Security Center".
Much more information about the detail of the actual email can be found on the Trend Malware Blog. The worrying thing about this e-mail is that both of the machines that it infected have their e-mail filtered by very well known external 3rd party mail systems, then have virus scanning on their own Exchange servers and finally on their desktop machines. At the moment this e-mail is still slipping through the net.
This virus does a LOT of clever things to prevent you getting rid of it. I noticed that when trying to run Autoruns from Sysinternals that it just would not work. Renaming the autoruns executable allows it to run. It also stops you being able to install/download Windows Defender, disables system restore, removes the system tools program group amongst other things.
Not a very sophisticated solution but for now I have edited the Exchange IMF custom weighting file on customer systems to ensure that messages with "UPS Tracking" in the subject line are never delivered to the recipients and definitely classed as spam.
I had written a separate post on how to remove the virus manually, but at the moment I am still monitoring the infected machines to ensure they are completely clean.
Using packet capture to find virus infected clients
Posted by: | CommentsToday a customer started to get a lot of their e-mails bounced. In fact they could not even e-mail me to let me know about the problem as my own mail servers were rejecting their messages.
The reason for this was because their IP address had been listed on the CBL.
I had a poke around the server and everything seemed to be in good order; patched up to date, virus scanner had nothing interesting to report, netstat did not show any abnormal connections and Exchange queues seemed normal. So I assumed that the problem must be coming from one of the network PCs.
This customer has a dual nic SBS 2003 Standard edition server, not my preferred set-up, but the system had to be implemented in this way to fit in with existing infrastructure. It is not possible to see what traffic is passing through the NAT gateway on RRAS with the built in tools, but Microsoft Netmon 3.1 should be able to show up any strange network traffic. I installed it and ran the following filter:
Tcp.dstport == 25 and ipv4.Address != 192.168.200.1
192.168.200.1 is the IP address of the internet facing NIC on the SBS machine.
Within a couple of minutes this filter showed all the machines on the network sending SMTP based traffic except for the SBS server itself. Fortunately there was only one. I took remote control of the machine and from the command line ran:
netstat -ano |find ?��Ǩ?�:25?��Ǩ�?
The output of this command showed me the local processes which were attempting to communicate with other hosts on port 25 and gave me confirmation that this PC was definitely infected with some kind of mass mailing virus or worm. Killing the process listed by the netstat command stopped the mass mailer and gave some breathing space to find the cause of the problem.
Turns out the machine in question had its virus checker disabled. So I turned it back on and ran a full scan which turned up almost 6,000 files infected with W32/MyDoom.
Once the problem had been found it was easy to sort, but because I have so few customers with this set-up it had not occurred to me how little visibility you get over network traffic with the SBS 2003 standard edition tools.
The joys of travelling sales laptops 