27 May 2011

Redirect scripts to change the default landing location

By default a when an IIS site is setup the landing page is iisstart.htm.  To change this there are a few things you can do.

The Default Document contains a list of files it will try, in order till one works.

  • Default.htm
  • Default.asp
  • Index.htm
  • Index.html
  • iisStart.htm

If any of those are present they will be loaded instead of iisstart.  The easiest and simplest is just to set the Default Document to the new file.

If however you application installs to a virtual directory you cannot simply change the default document to be one that is on the virtual directory.  You will have to redirect to it.  There are many ways of doing this but I will go through two of them, both using my "disturb as little as possible" principle.

Method 1 - Edit the iisstart.htm file

Dropping a client side script into this file will redirect the user on page load to the desired page.

add the following in the <head> section

<script language="JavaScript">
var time = null
function move() {
window.location = 'http://www.yourdomain.com/folder/page.asp'

add the following in the <body> section

<body onload="timer=setTimeout('move()',0)">

What happens is that when the page is loaded the browser will then execute the script that will load up the new page. So two pages are loaded.

Method 2 - Use the default.asp file

By using the asp file we can make use of a server side script to do the redirect.  Create a file and save it as default.asp in the c:\inetpub\wwwroot folder.  Copy the following into it.

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<%@ Language=VBScript %>
Response.Status="301 Moved Permanently" 
Response.AddHeader "Location", "http://www.yourdomain.com/folder/page.asp"

When the page is requested the server parses the script and only sends the 1 page instead of the original landing and then the redirected page as per the client side method.

Both examples will work in most cases but you might only be able to use one of them depending on whether serverside scripting or client side scripting is allowed.

Method 3 - Use Custom Error Pages

By default when a page is requested from a server that does not exist you will receive the 404 error page.  With IIS you can use custom error pages, or you can have re director as an alternative to displaying the error page.  A nice touch here is that you can have a relative or absolute redirect.

Select your site and click on the Error Pages icon

Select 404 from status code column and edit

Select "Respond with a 302 redirect" and specify the full URL you want to redirect to.
The alternative here is also to edit the actual error page, you can for instance include the javascript in the error page as opposed to the iisstart page.

The actual error pages are located in C:\inetpub\custerr\en-US\

24 May 2011

Private IP address ranges and the APIPA

Certain IP address ranges have been reserved for private network use.  These are listed in RFC 1918 http://tools.ietf.org/html/rfc1918.  These ranges can safely be used for internal networks.

Microsoft has also allocated a block of addresses called the Automatic Private IP Addressing (APIPA)  These are used by machines when no IP has been allocated and DHCP is not available. These auto allocted IPs are tomporary and will be superced as soon as a DHCP address becomes available.  http://support.microsoft.com/kb/220874

Range Start

Range End

of hosts




16 777 216

24-bit block

1 048 576

20-bit block

65 536

16-bit block

65 536


When building lab or setting up new environments use the table as a guide to pick Which black or IPs or even part of the block that you want to use.  Bearing in mind that the some of address may already be route-able in your private network.

23 May 2011

Automatically purge old files and folder using vbscript

At some point everyone get to a system that generates log files or something similar that only needs to be retained for a specific period of time.  These are generally log files or similar.

The following script deletes all files older than 20 days

'Create File System Object

  Set filesys = CreateObject("Scripting.FileSystemObject") 
'Specify Parent folder
  Set Directory = filesys.GetFolder("C:\Program Files\Logs")
  Set Files = Directory.Files
'Delete files
  For Each Modified in Files
    If DateDiff("D", Modified.DateLastModified, Now) > 20 Then Modified.Delete

The following script deletes all subfolders including files in them that are older than 20 days

'Create File System Object
  Set filesys = CreateObject("Scripting.FileSystemObject") 
'Specify Parent folder
  Set Directory = filesys.GetFolder("C:\Program Files\Logs")
  Set Folders = Directory.Subfolders
'Delete folders and files
  For Each Modified in Folders
    If DateDiff("D", Modified.DateLastModified, Now) > 20 Then Modified.Delete

The following deletes subfolders and files in the root folder older than 20 days

Set filesys = CreateObject("Scripting.FileSystemObject") 
Set Directory = filesys.GetFolder("C:\Program Files\Logs")
Set Files = Directory.Files
  For Each Modified in Files
    If DateDiff("D", Modified.DateLastModified, Now) > 20 Then Modified.Delete

Set Folders = Directory.Subfolders
  For Each Modified in Folders
    If DateDiff("D", Modified.DateLastModified, Now) > 20 Then Modified.Delete

Using the DateDiff you can specify "D" for days "W" for weeks and "M" for months.  Change the number to represent the value you want to specify.

Specify the relevant edited script as a file to execute in a scheduled task and you are set.

20 May 2011

Forefront Endpoint Protection 2010 SQL Server prerequisite verification error

During the installation of Forefront Endpoint Protection 2010 there is a prerequisite verification step.  Most were fairly easy to resolve except for the SQL one

Checking the details for the failure you get:

"Setup cannot verify the service principal name (SPN) for this account. Ensure that there is a single valid SPN entry for this account in the Active Directory Domain Services.
Account: Yourdomain\accountname"

To resolve this you need to manually specify a SQL SPN for the account being used

Launch a command prompt as administrator
Execute the following:

setspn -a  mssqlsvc/accountname yourdomain\accountname

You should see an updated object line confirming that the change was successful
To verify that the SPN was added correctly execute:

setspn -l yourdomain\accountname

The prerequisite check should now complete without errors and you can proceed with the installation.
setspn -a  MSOLAPSvc.3/accountname yourdomain\accountname

17 May 2011

Very short interview with Caroline Wong from Zynga games

Caroline Wong, CISSP, manages the Security Program at Zynga Inc. She was formerly the Chief of Staff for the Global Information Security Team at eBay and built eBay's security metrics program from the ground up. Caroline is a frequent featured speaker at numerous industry conferences, including RSA, Metricon, the Executive Women's Forum, and the Information Security Forum. Caroline is a founding member of the Cloud Security Alliance Metrics Working Group and was awarded the 'One to Watch' category at the Executive Women's Forum Women of Influence Awards in 2010. 

She was one of the best speakers at the ITWeb Security Summit.  I grabbed a little bit of her time for a little interview.  Literally. She was not allowed by PR to answer most of my questions.  See some more of her input on http://fixmyitsystem.com/2011/05/itweb-security-summit-2011-part-i.html

Q:  How many times has you definition of cloud computing changed?
A:  Many times

Q:  How many hours a week do you spend playing Zynga games?
A:  Classified

Q:  Do you have an i-Pad?
A:  Yes

Q:  Do you have you a PC or a MAC
A:  PC

Q: What smart phone do you use
A: Black berry - because i have to be able to type a lot.

Some questions I had to ask that she was not allowed to answer are below,  If you have any input, add a comment.

Q:  What are the biggest fear corporates have for moving services into the cloud?

Q:  What is the expected uptake and migration period for corporates to move to either private or public clouds?

Q:  How can you take traditional application and leverage some cloud advantages

Q:  What are some guiding principles around choosing a cloud vendor / provider / or 3rd party partner

Q:  Do you know of any story of regrets because of  problems companies have had when migrating services into the cloud

So basically she was only able to answer the "just for fun questions"

She and Lynn Terwoerds from Microsoft and CSA are publishing a book later this year called "Security Metrics, A Beginners Guide"


TMG non web server protocol does not work with a perimeter network present

This is a summary form a case that myself and AJ were looking at.  I was not able to assist him till completion but the findings they discovered might be very useful to publish, and he has graciously allowed me to publish his findings.

The network layout.

External Network - TMG - Perimeter Network - FTP perimeter IP

The problem symptoms

When attempting to connect to his published FTP server from the external network his connections got dropped.  Checking the TMG logs he found the following

Denied Connection TMGServer 4/14/20xx 10:26:28 PM
Log type: Firewall service
Status: The policy rules do not allow the user request.
Rule: Default rule
Source: Perimeter (xxx.xx.xxx.xx:2801)
Destination: Local Host (xxx.xx.xx.xx:21)
Protocol: FTP

The FTP server was accessible via the internal network.  The TMG localhost could also connect to the FTP via the perimeter network, but no connection from the external network made it through.

We went through a number of basic checks but were stumped because he a some web site published in the same manner as he was attempting to publish the ftp site.

At this point I was heading offshore on holiday - with no internet access.

The Resolution
AJ managed to get a resolution for the problem from Microsoft directly.  Here is his findings

"We had Perimeter Network on our TMG 2010 server. Non-web Server protocol publishing rules will not work on a Forefront 2010 TMG that was configured as a Back Firewall unless the Perimeter Network is removed.  So, we took the following steps to correct our problem:
  1. On the Network Rules tab in Networking, we removed Perimeter Network rules (we had two rules - rule 4 and 5 listed as Perimeter Network Rules. At first, we were unable to remove rule 5 rules because it was attached with the existing policy. So we had to take step 2 and 3) and keep External (Built in network.) Network Rule
  2. We edited the system policy from the Tasks tab on the Firewall Policy page by selecting DHCP under Network Services, select the From tab and removed the Perimeter traffic source
  3. We removed the last Perimeter network under the Networks tab in Networking
  4. We reconfigured all our web servers (as they were configured for Perimeter Network Rules as well)
I configured the Non-web Server Protocol Publishing FTP rule on my TMG. I opened FTP client and tried accessing FTP server, it worked without any issues.  "

Mitigate "lost phone" risks with BlackBerry Protect

A big problem facing companies today is data leakage.  This is the unauthorized access to internal company data.  This could be the emails, stored documents, or access to the corporate network.   Worse yet, a compromised personal-liable device like a smart phone can be used to send an receive emails as the user and this can lead to all sorts of corporate compromises.

Research In Motion (RIM) has released the free BlackBerry Protect application in March this year.  It provides the functionality to either clear the device of all data and to find the device again.  It also provides the convenience of making device migration easier because all data is backed up and can be restored to the new device.

Here is the blurb from the Site and it is actually accurate so I can quote it directly

"BlackBerry® Protect is a free application designed to keep your information secure if your BlackBerry® smartphone goes missing. If you’re on an applicable consumer data plan (enterprise plans are not supported at this time), you can download BlackBerry Protect  and then log into the website where you can lock, locate or wipe your smartphone from wherever you are. You can also choose to have your crucial data backed up wirelessly and automatically, as often as you choose (daily, weekly, or monthly).

Can’t find your BlackBerry? Go to www.blackberry.com/protect to

  • Locate it on a map
  • Set a password and lock it to protect your information
  • Wipe all the contents 
  • Make your BlackBerry ring loudly to help find it
  • Display a message on the homescreen instructing whoever finds it on how to return it

Wireless Backup and Restore

  • Wirelessly back up  contacts, calendar, memos, tasks, browser bookmarks, and text messages
  • Automatically back up daily, weekly, or monthly
  • Wirelessly restore your backed up data when switching to a new BlackBerry "

It is very encouraging to see that manufacturer provide these levels of functionality to reduce the risks for corporates (and individuals.) As a recommendation, I would strongly suggest or enforce your users to make use of this application.  I cannot think of a single drawback to using this app.  Blackberry enterprise server provides remote wipe capabilities already and therefor does not allow Blackberry protect on BEZ managed devices.  

Check https://appworld.blackberry.com/webstore/content/20844  for all the details and supported devices.

16 May 2011

Blogger outage - What does this mean for the public cloud

There was a serious blogger outage at the end of last week.  The explanation was that there was data corruption following routine maintenance.  You can check the foll blogger status here http://status.blogger.com/  What it meant for this blog was that some of "the latest" articles were temporarily removed, only to be restored later.

This bring into question the trustworthiness of public cloud computing.  After all, I one of Google's services can go down for so long, what about smaller players.  Need I remind you this is not the only public cloud service that has had interruptions.  Most of them has had a similar problem over the lifespan of their existence. 

As an IT professional I had conflicting emotions when the site was down.
Primarily I felt powerless to do anything to try and fix it.  Secondly - and this is key - relieved that this was someone else's problem.  Someone who is far more competent at fixing blogger than I would be.  If I had a proper SLA agreement with blogger where I could apply financial penalties for down time, it would not be too bad a situation.

I suppose the crux of public cloud is this, if you outsource you services you also outsource you problems, you just need to learn to relax while you hope -{frantically}- that everything will come back to normal...

11 May 2011

ITWEB Security Summit 2011 - Part II

Day two of the ITWEB Security Summit 2011
The presentations, exhibitions and I-pad lucky draws continues...
Again here are some summaries form the better presentations.

Security strategies for a changing world: the balance between risk and user benefit
  Sinisha Patkovic, Director, BlackBerry Security, Research In Motion

He explain how they have seen and defined three stages of of mobility

Stage 1 Mobilizing the mobile worker (Basic Email)
Stage 2 Mobilizing data centre value (starting to leverage business apps)
Stage 3 Redefine business practice with mobility

With every progression of stage there is increased risk as the sensitive data mobility increases.

The concept of smart phone or tablet or even user supplied laptop are defined as user-liable business-use devices.  This is predicted to reach 61% or corporate user devices according to IDC.

Another concept to be aware of is "Rare event bias" this is the exclusion of certain problems because "it's a 1 in a million chance"  This extend to "there is no exploit for this device that I am aware of so i am not going to do anything to prevent it..."

No matter how much you try the following remains true "Software cannot protect software"  the idea is that no AV or similar product can completely protect a security weak application"

Vulnerabilities and malware: statistics and research for malware identification
   Wolfgang Kandek, CTO, Qualys

Wolfgang gave a in depth product overview for the Qualsys product set.  The non product specific best quote is
"90% of attacks are simple and not complicated or advanced, so by doing the basics right you greatly improve your security profile"

And of course the Qualsys product will help you identify not just the basic but also the advance vulnerabilities

Web security, the Google way
  Parisa Tabriz, Information Security Engineer, Google Inc.

XSS (cross site scripting) is the most common exploit.  To prevent this is hard because developers make mistakes and testing for this is hard.  Scanning tools cannot get full application coverage.  Manual auditingalso tends to be a once off check.

The richer the application the more user content types are typiucally stores For Google this is mail, images, HTML, multimedia, docs and others.

Poor application or browse behavoir can be exploted.  As an example if a web page element's content type is not set, browsers will switch to content sniffing to determine the type.  In the case of a PNG image file you can embed javascript in the file that will then be executed by the browser during the content sniff stage.

To help secure Google apps they have started using a vulnerabilities rewards program.  Essentially if you find a weakness you tell google and they give you some money.

Her best quote " The Google vulnerabilities reward progrma has , since August 2010, paid out over $18 000 000 -- that is Jamaican Dollars (about $215 000 USD)"

Her closing points are:

Humans make mistakes. Make security the default.
The web is scary. Defense in depth
Security is hard by yourself.  Work together

The CIA, the lead box at the bottom of the ocean.... and other stories
  Allen Baranov, Information Security Analyst, SABMiller

He had a very candid look at how we put a lot of time and effort into doing the wrong thing. DLP stats: 20% of victims did not know that they had the data.  86% of breaches are not discovered by the victim.

Best Quote: "Your security vendor is lying to you"

His advice is to sensibly continue improving you approach holistically.

How to prioritise security initiatives based on real world case and statistics
  John Yeo, Trustwave SpiderLabs' European director

Stat fest from Spiderlab's findings

  • 85% of targeted data is payment card data - because it is the easiest to monetise.
  • 66% harvested in the Transit phase
  • 75% or targets are in the Food and beverage or retail industries
  • 75% of targeted systems are POS devices, 11% employee workstations and only 9% are e-commerce sites
  • 44% of data is exported via legitimate HTTP channel and 55% through malware channels

A large problem is that a lot of data is still transfered as clear text on the wire.

Some of the guides for moving forward.

  • Develop a proper mobile security program
  • Virtually patch web applications until problems are fixed (application firewalls)
  • Eradicate clear text traffic

Fig Leaf Security - the lies we tell ourselves
  Haroon Meer, researcher, thinkst Applied Research

"We build, secure networks we cant't protect"
"We write secure code that is not secure"

The take is simple.  People do not even attempt to do thing securely form the ground up.  There is then a perception that these things are impossible to achieve without buying a security package.  The problem then is that we expect a software package to protect and inherently poor application or network.

"Management should not be involved when deciding to apply a security patch"

"Machines that have been compromised by a virus should not just be cleaned.  It needs to be rebuilt from the ground up to be 100% trusted again"

An underlying theme through the talk is that it will be hard to do things thing properly but this is what you do to get a really good solution.  Do not take the "easy route" and do not drop out, do it properly.

"Fig leaves" we hide behind

Stuff is lame
Academic self indulgence- only valid for academics
That does not impress me or "that guys has too much time on his hands"
There are no interesting problems

Stop hiding and get out there and do what matters.

The roundup
It again was a very informative summit to attend, good quality speakers and presentations with relevant up to date information.  If you take the time to chat to all the exhibitors and the speakers - when you can find them.  You can learn loads not only about what they are selling but what the industry humm is at the moment.

A lot of the exhibitors also went to great lengths to ensure even us mere delegates got the concepts.

10 May 2011

ITWEB Security Summit 2011 - Part I

This year I am attending my second ITWEB annual security summit.  The event is the premier security summit in Africa.  There are numerous exhibitors and sponsors all waiting to tell us about emerging  security concerns and also to hopefully sell us something to plug the hole.

You can check the official site here http://www.itweb.co.za/index.php?option=com_content&amp;view=article&amp;id=38100&amp;Itemid=2330

Here is my quick out takes from selected sessions.

Securing the cloud
  Caroline Wong, strategic security manager, Zynga Game Network.  Caroline will be discussing Zynga’s business drivers for using cloud services as well as security implications and mitigation techniques

Zynga is the company responsible for Farm ville and other Facebook social games.  They had to very rapidly grow infrastructure capacity.    She refers to as cloud services as "Fat Pants"  it has space for when you need it.

The main business drivers for moving to cloud are, speed , space,elastic, scale and cost.   The combination of those left them really no other option than using amazon cloud services.

Her main cloud challenges are:

  • Provider Transparency
  • Leakage or data loss
  • Account service hijacking
  • Data confidentiality
  • Availability
  • Vulnerability assessment

Her recommendation for negating cloud risk.

  • Use the cloud vendor provided security services
  • Find 3rd party or build your own extention or plugins for your cloud
  • Know you data and where you want to store it
  • Keep up as the cloud technologies matures

Her best quote " Perfect security is not possible"

Building a security ecosystem
  Robert Fly, head of Product Security team, SalesForce

Robert's presentation was interesting as it was from a providing a cloud perspective.  The main focus was around enabling your cloud consumers to build a scalable and secure services.  Basically they created a number of tools for their developers to use to cleanup and secure their code.  They had massive improvements and this is also his best quote.

"We did nothing.  We gave them the tools and they used it"

Security is not a single items it is a whole ecosystem that involves education, design, development and testing.

Stuxnet, Wikileaks and the militarization of computer security
  Patrick Gray, Host, RiskyBusiness Security News Podcast

Interesting look at how governments and military are using malware and security vulnerabilities.  Has an interesting comparison between the potential development cost of Stuxnet as a weapon compared with conventional ones.  It is more cost effective to have a digital war with offensive digital weapons.
Pretty grim - but then again he is from Australia.

His best quote: "Wikileaks is the Mother of all red herrings"

Life after Stuxnet: what business should know and do
  Rik Ferguson, director security research & communication EMEA, Trend Micro

This presentation had very little to do with stuxnet!
There were some really interesting out take form this.  Zero day vulnerabilities have reduced considerable over time, especially WRT to OS and Browsers.  The big problem areas are still the 3rd party apps that have a big monoculture base, like Adobe reader , flash and Java.

The interesting summary he brings across is that - although zero day exploits are important they are less important that re-mediating old exploits.

The key problem areas are in order or importance:

  • Social engineering
  • Insecure application environments
  • Cybercrime as a service
  • Commercially available attack toolkits
  • Rapid incorporation of new vulnerabilities

A large percentage of successful exploits rely on exploiting old unfixed vulnerabilities

A really insightful statistic is something like this....

 " 94% of infection root sources is HTTP.  It is a massively overlooked attack vector by corporate companies" 

Drive by exploits are when a machine is compromised through no additional actions other than visiting a site.

He has two great quotes

"Javascript is evil"
"It's all about the monoculture.  The cloud is the new monoculture"

Based on the last quote , he suggest big resource investment needs to be spend in designing and implementing security for cloud infrastructure, cloud data encryption, cloud applications and the endpoint revolution (no longer just windows PCs)

Hot To Beat the Recession: Become a Cyber Criminal
    Bradley Anstis VP, Technical Strategy M86 Security

This was a very candid look at what drives cyber crime, and how some many people are doing it.  Essentially it comes down to a 5 step process

  1. Select and buy your exploit kit
  2. Load up your exploit kit with malware you have bought
  3. Infect a target web site for drive by exploitation
  4. Track successful infection
  5. Manage your ongoing attack
  6. Monitor and maintain malware infection detection levels.
Since there are various parties involved here it is hard to be able to prosecute an single party for a crime.  For instance the exploit kit authors just write and sell software... The legitimate site that infected the user is an unknowing party to the crime....

Essentially it is a paint by numbers criminal activity.

Best quote: "84% of exploit web sites are legitimate sites that have been compromised."

There were of course many different presentations but since I cannot attend 3 at the same time, I have only commented on the ones I attended AND liked.

More tomorrow as the summit continues...

09 May 2011

Best of Microsoft Management Summit 2011

I attended part of the Best of Microsoft Management Summit 2011 recently hosted in Cape Town.  The presentation "SCVMM 2012 : What's in it, and how it enables the Building Clouds" was really good and informative.  This is a significantly different application stack compared to the current SCVMM It show a definite shift from using virtual machines to using private clouds based on virtual machines.  They also have a big push for "application services" for the cloud.

Importantly they mentioned the guided evaluation program available when you download the SCVMM 2012 Beta.  This is to not only inform but also guide through the new concepts and featured available in the new release.

Here are the key links for the beta and guided evaluation.

06 May 2011

Prevent the Sophos Web Intelligence Service for running on machine that do not require added web protection

The "Sophos Web Intelligence Service" (swi_service.exe) performs "Protects against threats from malicious websites."  This is something that is not required on certain devices that are dedicated to certain non web functions.  This is especially relevant if these are resouce contrained machines - such as old, under powered Windows based POS devices.

This service is controlled by the policy settings under Anti-Virus and HIPS in the Web protection section.  Turning the setting to Off prevents the service from protecting you, but it does not turn off the service.

You can see this by watching the process IO in task manager.  It start going up as soon as IE starts up and increments every time a new page is loaded.

The only way to stop this from happening it to turn the service off. And disable it so it does not start up again.

Here are two vb scripts to assist you with this.

This one turns off the service and sets the startup type to be Disabled.

strComputer = "."
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")

Set colServiceList = objWMIService.ExecQuery ("Select * from Win32_Service where Name = 'swi_service'")

For Each objService in colServiceList
    If objService.State = "Running" Then
        Wscript.Sleep 10000
    End If
    errReturnCode = objService.ChangeStartMode("Disabled")   

This one reverse the actions from the script above and change the startup type back to Automatic and starts the service.

strComputer = "."
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")

Set colServiceList = objWMIService.ExecQuery ("Select * from Win32_Service where Name = 'swi_service'")

For Each objService in colServiceList
errReturnCode = objService.ChangeStartMode("Automatic")       
        Wscript.Sleep 10000

05 May 2011

HTTPS to HTTP redirect causes endless loop through TMG

When a mixed HTTP / HTTPS web application is published through TMG you might get stuck in and endless loop that ends in TMG dropping you because of flood mitigation.

This will only occur when certain criteria exists.

The TMG listener needs to be configured to accept connections on 80 and 443.  TMG should also be configured NOT to do any HTTP to HTTPS redirection.

The publishing rule bridging setting also need to forwards requests to 80 and 443.
This setup would then rely on the application to do the switching between HTTP and HTTPS for the relevant pages.

From Microsoft

"In this scenario, when the Web server receives an HTTP request, it redirects the request to the TMG server as an SSL request (HTTPS). For example, http://www.contoso.com is redirected to https://www.contoso.com.

Then TMG translates SSL requests to HTTP requests and redirects it to the Web server. This causes an endless loop."

In our scenario what happened was that our session would successfully go from HTTP to HTTPS but when when were redirected by the application down to HTTP again we would get stuck in the loop.

A trace would show the following loop

This would end with TMG dropping all request from this client and you would end up with a "Internet Explorer cannot display the webpage" that would persist as long as TMG is dropping connection from that client IP.

To resolve the issue you need to explicitly define link translations for HTTP to HTTP and HTTPS to HTTPS. This seems a redundant configuration but it is required.

Thanks to Chris Lotter for figuring this out based on info from  http://support.microsoft.com/kb/924373 and http://social.technet.microsoft.com/Forums/en/Forefrontedgegeneral/thread/6b58c704-7d42-4168-82e6-8fa302d5e12f

Mitsubishi Lancer MIVEC electric power steering Service required error

This is not so much a post about fixing the issue as it is about the process of fixing the issue.

I have had my car for about 2 years by now.  After about 6 months of owning the car I had a strange problem come up.  The alert message came up informing me that the power steering needed service.  When this happened the power to steering was removed and you had to manually put in the effort to turn the wheel.  The strange thing is that turning the car off and then on again would fix the problem.  Sound familiar?  This happened a few time and taking it to the Mitsubishi dealer did not help much as I need to have the error active for the advance electronic diagnostic tools to detect and diagnose it.  Then the problem disappeared for 18 months.

The other day the error came up again.  I was near a Mitsubishi dealer so I drove there and left the car running, the diagnostic was run and it gave a really extensive troubleshooting list of things to check and do,  Check this sensor adjust this voltage etc etc.  The dealer then advised I bring the car in and leave it for an extended period so that they can try and fix this strange intermittent error.

On the way home that afternoon I stopped for fuel, I noticed the front left tyre was quite deflated.  After correcting the pressure the steering error message disappeared and has not come back.

Now for the moral of the story.  Sometimes the  answer to a complex electronic system error is a really simple right in front of your eyes answer.

I informed the Mitsubishi technician about the solution and his answer was "Of course that makes perfect sense. The differing tyre pressures would affect all the load sensors on the one side, causing a unexpected imbalance that would be flagged as an error"

It would be really nice if the troubleshooting instruction from Mitsubishi started of with "Check the tyre pressures...."

04 May 2011

Sophos Endpoint Protection command line installation paramaters

I always end up looking for this...

These installation options are normally only configured for automated or  scripted deployments.  As a result I can never remember what they are.

If you are cloning machines you can use the following scripts http://fixmyitsystem.com/2011/04/sophos-endpoint-protection-create-new.html or simply only install Sophos once the machine is unique with a configured command line.

The parameters below map to the fields from the setup gui:

Command line parameters:

Example: SETUP [-mng yes|no] [-scf] [-nac http://<NACSERVERADDRESS>] [-crt R] [-updp <path>] [-user <username>] [-pwd <password>] [-mngcfg <RMS config path>] [-compname <computername>] [-compdesc <computerdescription>] [-domain <domainname>] [-G <groupname>] -s -ni -?




-mng yes|no


Is the computer to be managed?


Install Sophos Client Firewall
(Windows 2000+)


Installs network access control and
specifies the address of the Sophos NAC server

-crt R

Removes third-party security
software automatically


<location of setup.exe>

Location of the primary CID from
where the computer will get its updates.

-user <username>


Account for accessing the primary
CID location.



Password for the above account.


Obfuscated account name for
accessing the CID location, if required.


Obfuscated password.

<RMS config path>

<location of Setup.exe>

Location of the RMS configuration


Specify a
computer name to override the one used in Windows. This name will appear in
Enterprise Console.
The name must be shorter than 31 characters.
If you would like to include a space, it must be
enclosed in "double quotes".

-compdesc <computerdescription>

Specify a computer description to override the one used in Windows.
This description will appear in Enterprise Console.

-domain <domainname>

Specify a domainname to override that on the
client. This name will appear in Enterprise Console.

-G \<nameofserver>\<Groupname>

Specifies the
group (set up in Enterprise Console) to which the computer will belong.

The path:
is case sensitive
must not end in a backslash
must include the management server
must be enclosed in "double quotes" if
switches (backslashes) are used


Start reinstallalation on Windows 95/98/Me
computers from login scripts.


Start installation on Windows 95/98/Me computers from login scripts.



Perform installation silently.



Perform a non-interactive installation.


Display command line parameter help.

Setup.exe can return one of the following values:




Installation was successful.


A command line parameter value is
missing or an unrecognized parameter was specified.


Verification of the AutoUpdate package failed. The package files did not
match the manifest.


AutoUpdate was already


AutoUpdate does not support
this operating system.


AutoUpdate requires
Internet Explorer 5.0 or above; the system does not have this version of IE.


Installation of AutoUpdate


Some file that was required could
not be found e.g. an RMS configuration file or Sophos AutoUpdate.msi


Some other error occurred.