Hi,
Many of us could have encounterd problem while executing VB Scripts or WMI Queries from ISA Server and got "RPC Unavailable" error.
In order to allow DCOM traffic, you can create a rule in ISA to "Allow RPC to ISA from trusted servers".
Disable "RPC strict compliance (to allow DCOM)" after which WMI Queries and VB Scripts execution will be successful.
Happy Learning!!!
Saturday, February 27, 2010
Thursday, February 25, 2010
Windows 2003 Account Management Security Events
As System Administrators, we want to capture few events such as Account Created, Account Deleted, Account lockout etc for audit and security compliant purpose. I'm hereby providing details of few security events which are mostly useful.
Event ID--OS--Eventlog Source--Description
539--Win NT,DC--Security--Account Lockout (In WinNT)
624--Win2000, Win2003--Security--User Account Created
630--Win2000, Win2003--Security--User Account Deleted
631--Win2000, Win2003, DC--Security--Global security group created
634--Win2000, Win2003, DC--Security--Security global group deleted
634--Win2000, Win2003, DC--Security--Security global group deleted
635--Win2000, Win2003, DC--Security--Local security group created.
638--Win2000, Win2003, DC--Security--Security local group deleted
644--Win2003,DC--Security--Account Lockout (In Win2k3)
647--Win2000, Win2003, DC--Security--Computer Account Deleted
648--Win2000, Win2003, DC--Security--Distribution local group created
652--Win2000, Win2003, DC--Security--Distribution local group deleted
653--Win2000, Win2003, DC--Security--Global distribution group created
657--Win2000, Win2003, DC--Security--Distribution global group deleted
658--Win2000, Win2003, DC--Security--Security universal group created
662--Win2000, Win2003, DC--Security--Security universal group deleted
663--Win2000, Win2003, DC--Security--Distribution universal group created
667--Win2000, Win2003, DC--Security--Distribution universal group deleted
Event ID--OS--Eventlog Source--Description
539--Win NT,DC--Security--Account Lockout (In WinNT)
624--Win2000, Win2003--Security--User Account Created
630--Win2000, Win2003--Security--User Account Deleted
631--Win2000, Win2003, DC--Security--Global security group created
634--Win2000, Win2003, DC--Security--Security global group deleted
634--Win2000, Win2003, DC--Security--Security global group deleted
635--Win2000, Win2003, DC--Security--Local security group created.
638--Win2000, Win2003, DC--Security--Security local group deleted
644--Win2003,DC--Security--Account Lockout (In Win2k3)
647--Win2000, Win2003, DC--Security--Computer Account Deleted
648--Win2000, Win2003, DC--Security--Distribution local group created
652--Win2000, Win2003, DC--Security--Distribution local group deleted
653--Win2000, Win2003, DC--Security--Global distribution group created
657--Win2000, Win2003, DC--Security--Distribution global group deleted
658--Win2000, Win2003, DC--Security--Security universal group created
662--Win2000, Win2003, DC--Security--Security universal group deleted
663--Win2000, Win2003, DC--Security--Distribution universal group created
667--Win2000, Win2003, DC--Security--Distribution universal group deleted
Saturday, February 13, 2010
Unable to install any Application
The issue could be with ePO for McAfee VirusScan
1.Click Start > Run.
2.Type cmd and press Enter.
3.Type cd\ and press Enter.
4.Type cd program files and press Enter.
5.Type cd mcafee and press Enter.
6.Type cd common framework and press Enter.
7.Type frminst /remove=agent and press Enter.
8.The McAfee Agent and Updater Setup window will open and begin removing ePolicy Orchestrator
http://www.helpdesk.ilstu.edu/kb/index.phtml?kbid=1217
1.Make a backup of your registry before you begin. Proceed with these instructions only if you are confident about what you are doing.
2.Click Start > Run.
3.Type regedit and press Enter. This will open Registry Editor.
4.Double-click HKEY_LOCAL_MACHINE > SOFTWARE.
5.Locate the McAfee registry key and the Network Associates registry key. You may have one or both of these.
6.Expand the McAfee and Network Associates registry keys to inspect their contents and sub-keys.
If you have McAfee or Network Associates software installed on your computer apart from McAfee VirusScan and McAfee ePO, then you should use caution when considering whether or not you want to delete these registry keys. If you delete these registry keys, you may find that other McAfee or Network Associates software no longer functions as expected. If you are sure that you do not have any additional McAfee or Network Associates software installed, delete the McAfee registry key and the Network Associates registry key.
1.Click Start > Run.
2.Type cmd and press Enter.
3.Type cd\ and press Enter.
4.Type cd program files and press Enter.
5.Type cd mcafee and press Enter.
6.Type cd common framework and press Enter.
7.Type frminst /remove=agent and press Enter.
8.The McAfee Agent and Updater Setup window will open and begin removing ePolicy Orchestrator
http://www.helpdesk.ilstu.edu/kb/index.phtml?kbid=1217
1.Make a backup of your registry before you begin. Proceed with these instructions only if you are confident about what you are doing.
2.Click Start > Run.
3.Type regedit and press Enter. This will open Registry Editor.
4.Double-click HKEY_LOCAL_MACHINE > SOFTWARE.
5.Locate the McAfee registry key and the Network Associates registry key. You may have one or both of these.
6.Expand the McAfee and Network Associates registry keys to inspect their contents and sub-keys.
If you have McAfee or Network Associates software installed on your computer apart from McAfee VirusScan and McAfee ePO, then you should use caution when considering whether or not you want to delete these registry keys. If you delete these registry keys, you may find that other McAfee or Network Associates software no longer functions as expected. If you are sure that you do not have any additional McAfee or Network Associates software installed, delete the McAfee registry key and the Network Associates registry key.
Friday, February 12, 2010
WMI Test fails with error 0x80070005
Hi,
If WMI Test fails with below error.
\root\cimv2 Remote WMI access test FAILED
Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))
1. Ensure that Windows Management Instrumentation (WMI) Service is running on Remote System
2. Ensure that all Firewalls are turned off (Windows Firewall, Personal Firewall etc) or allow exception for RPC traffic
3. Execute WMI Diag and check for Error Codes, Reasons and solutions for the issue. Most of the times, WMI Diag result itself gives solution to all errors.
For above error, the reason could be as below in WMI Diag result.
32104 00:05:58 (1) !! ERROR: DCOM Status: ................................................................................................. ERROR!
32105 00:05:58 (1) !! ERROR: => The DCOM configuration on this computer is DISABLED
This prevents WMI to work correctly.
You can fix the DCOM configuration by
1. Executing the 'DCOMCNFG.EXE' command.
2. Expanding 'Component Services' and 'Computers' nodes.
3. Editing properties of 'My Computer' node.
4. Editing the 'Default properties' tab.
5. Activate the 'Enable Distributed COM on this computer' checkbox.
From the command line, the DCOM configuration can be corrected with the following command:
'REG.EXE Add HKLM\SOFTWARE\Microsoft\Ole /v EnableDCOM /t REG_SZ
If WMI Test fails with below error.
\root\cimv2 Remote WMI access test FAILED
Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))
1. Ensure that Windows Management Instrumentation (WMI) Service is running on Remote System
2. Ensure that all Firewalls are turned off (Windows Firewall, Personal Firewall etc) or allow exception for RPC traffic
3. Execute WMI Diag and check for Error Codes, Reasons and solutions for the issue. Most of the times, WMI Diag result itself gives solution to all errors.
For above error, the reason could be as below in WMI Diag result.
32104 00:05:58 (1) !! ERROR: DCOM Status: ................................................................................................. ERROR!
32105 00:05:58 (1) !! ERROR: => The DCOM configuration on this computer is DISABLED
This prevents WMI to work correctly.
You can fix the DCOM configuration by
1. Executing the 'DCOMCNFG.EXE' command.
2. Expanding 'Component Services' and 'Computers' nodes.
3. Editing properties of 'My Computer' node.
4. Editing the 'Default properties' tab.
5. Activate the 'Enable Distributed COM on this computer' checkbox.
From the command line, the DCOM configuration can be corrected with the following command:
'REG.EXE Add HKLM\SOFTWARE\Microsoft\Ole /v EnableDCOM /t REG_SZ
Subscribe to:
Posts (Atom)