两极人生，八度空间

Today, when finished the ePolicy Orchestrator v4.5 Patch1 installtion on Windows Server 2008, and logon successfully. However, after i restart the computer, and when i am preparing to logon the ePO server again, unfortunately, a window prompts that load the license fail and saying the license is invalid.

How to address this issue? i looked up the McAfee webiste, and got the license is stored in SQL Server database. Once the ePO server couldn't connect to SQL Server, it may appear this error.

Know how solution:

Step1: Check the SQL Server 2005 Network Configuration, remember the first to open SQL Server Configuration Manager,
and extend the SQL Server 2005 Network Configuration,  click on Protocols for EPO( it's SQL Name instance), double click on TCP/IP, click on IP Address lable, drag the slider to the bottom, check what the TCP dynamic port is. Refer to below figure

Step 2: Check the ePO Server's database configuration.
Go to the directory "d:\program files\McAfee\ePolicy Orchestrator\Server\conf\orion\db.properties", and open it with notepad.
Carefully check the item "db.port=xxxx", to see whether the xxxx is equal as 1129, that is the TCP Dynamic ports for SQLServer.

Step 3: If the db.port with a different port value, it must be the true reason leading to the loading license fail issue. Correct the value equal to TCP dynamic port value for dp.port object.

Today, i encounted the problem just like this, so when i finished the correction of dp.port value as TCP dynamip ports's value, the issue disappeared at once.

Sometimes, one machine installed with the McAfee Antivirus Enterprise software has some fault with it, maybe , you are planning to uninstall the McAfee Antivirus software, and then you have to encounter some issues created by incorrect way of uninstalling. That is, your outlook will report an error that the add-in “outlook scan” can’t be loaded and disabled by outlook when you open your outlook every time. So how to address this situation?

KNOW HOW SOLUTION :

1. When you open your outlook, but encountered an error report like below.



2. That is not a big deal, just click ok. Open outlook 2007, click tools->Trust Center…

Further step to click on Add-ins and go to the right corner of the bottom in current window. Select Exchange Client Extensions under Manage drop-down box, and click go button.



 3. Uncheck Outlook Scan, and click ok.



4. Restart your Microsoft Outlook 2007, you will be glad to find that the unsavory error report has disappeared already.

 

http://linsec.ca/
http://securiteam.com
http://securityfocus.com
http://www.secureroot.com	Computer Security Resource
http://www.77169.com/	华盟网
http://www.netpower.com.cn/	京中科网威信息技术有限公司
http://www.nsfocus.com	中联绿盟公司主页
http://www.rising.com.cn/	北京瑞星科技股份有限公司
http://www.is-one.net/	安氏中国
http://www.chinaunix.net/
http://www.hacker.com.cn	黑客防线
http://www.cnhacker.com	中国黑客联盟
http://www.hackart.org	黑客技术老友记
http://www.chinawill.com	鹰眼安全文化网
http://www.chinahacker.com	中国黑客联盟
http://www.cncisa.com/index.php	国际信息安全学习联盟
http://www.infosecurity.org.cn/forum/index.php	中国信息安全组织论坛
http://bbs.cisps.org/index.php	华安信达信息安全专业论坛

以上汇总了一些可以正常访问的安全站点。等以后有新的发现比较好的安全站点了再更新。以前很多安全站点都关闭了。不能正常访问了。以上列表中的站点都是经过测试的。打算好好学学安全方面的东西。

今天做实验,所采用的设备及软件如下：
1.Microsoft  ISA Server 2004: 硬件由VMware Workstation ACE 模拟。操作系统系统---Microsoft Windows Server 2003 Standard Edition Service Pack 1.

2. Domain Controller---已经安装AD和DNS。硬件由VMware Workstation ACE模拟。操作系统---Micorosoft Windows Server 2003 Enterprise Edition.

在安装Micorosoft ISA Server 2004前，ISA Server 没有加入域中，在完成安装后，想加入域（gcv.cn)中。right click->my computer->system properties->computer name->change->member of ->domain (gcv.cn)

结果报告一个错误：remote procedue call failure and didn't execute.

查看微软知识点，找到解决方案：

下载Microsoft ISA 2004 Server Patch1, 安装，重启ISA Server.，再加入域时，一切顺利。

There is one server located  test area, which can’t get the IP address from DHCP server. The staff can’t access it from other place. 

1. Check the TCP/IP status ok.

2. Check the DHCP status and discover it was stopped. Using the command ‘sc query dhcp’

3. Try to start DHCP service from command console but getting the result of failure.

4. Check the permission for DHCP service. Run ‘regedit’, and locate the position at ‘My computer\HEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dhcp\Parameters’

Right click on item ‘Parameters’ and click ‘permissions’. And finding the group or user names ‘network service’ is lost. It is required to add into the security. Click Add button and browser the ‘network service’ to finish the operation.

 

5. Assign the Full Control Permissions for network service
6. Start the DHCP service and finishing the troubleshooting.

 

在这个远程访问方案中，包含以下几个组件：
1. 专用的远程工作站Dell Precision R5400 Workstation
2. Graphics Card
3. Remote Access HOST CARD (PCI-e)
4. Portal Dell FX100
如下图所示：



Graphics Card支持复杂的多个监视器，R5400的图形卡有NIDIA和ATI（AMD)的可供用户选择。最多可以连接四台显示器。通过FX100可以最多连接两台监视器。


PCI-e Remote Access HOST Card被用来连接DELL Precision R5400工作站和远程访问设备FX100. 这张卡将工作站图形卡输出的数据压缩，加密，打包，并最终通过标准的IP 网络传递到远端的Monitor。Host Card 也支持远程的USB 和音频控制器。这样就可以将USB键盘和鼠标垫数据也传递给远端用户。



Dell FX100 Remote Access Device (即User Portal FX100), 是一种使用PC-over-IP技术的高性能的通讯方案，它是远程用户可以访问一个主机系统的全部性能。



在实施的时候，首先要将HOST Card和DELL R5400的一个本地网口相连，以便对HOST CARD进行初始化配置。只有对HOST CARD正确初始化配置后，才能实现HOST CARD与DELL FX100的连接。

用一根网线将HOST CARD的RJ45口连接至R5400的其中一本地网口，并给你设置IP 地址如 192.168.1.200, 子网掩码255.255.255.0，默认网关为192.168.1.1. 一般host卡的默认web访问地址为192.168.1.100.
配置完成后，在浏览器中输入https://192.168.1.100, 点击login，然后disable DHCP Server，记录下HOST Card的MAC地址。进行初始化设置完成之后，保存。
然后将HOST CARD与FX100连接如下图：



连接完之后，远端显示器将会显示一下画面：

Sometimes, it is required to backup the configuration or IOS of firewalls to a dedicated machine in
case of malfunction with firewall. The farmiliar way is setting a tftp server on a workstation. Connect
you  latitude  to  firewall’s console part with attached console cable,  if you have a  terminal program
such  as  SecureCRT  or  windows  Hypertrm,  you  would  enter  into  CLI  of  firewalls.  Just  use  the
command like as below to backup the file necessary. If you don’t know which command to take, just
enter”?” to find context help.  
FWL# copy flash to tftp
    if you want to know some instances of firewall flash, you can use the command:
FWL#show flash  
 
-#- --length-- -----date/time------ path
    6 8515584        Sep 11 2008 14:14:30 asa724-k8.bin
    7 4181246        Sep 11 2008 14:15:30 securedesktop-asa-3.2.1.103-k9.pkg
    8 398305          Sep 11 2008 14:15:48 sslclient-win-1.1.0.154.pkg
    9 6514852        Sep 11 2008 14:17:36 asdm-524.bin
  12 0                    Sep 11 2008 14:21:38 crypto_archive
We can see from above information shown by the command “show flash”, which not hard to know
the model of firewall, the name of IOS file and the version of ASDM.  
 
If you plan to upgrade you ASA devices IOS, you have to enter the rommon mode. When firewall
reboot press ESC key to enter rommon mode. Perhaps you need make some configuration under
this mode so as to build communication with tftp server.  
 
rommon #1> set    
ROMMON Variable Settings:
    ADDRESS=192.168.0.1(firewall’s address
    SERVER=192.168.0.2 (TFTP server IP
    GATEWAY=192.168.0.2 (also set as TFTP IP)
    PORT=Ethernet0/0 (the port connects to tftp of firewall’s)
    VLAN=untagged 
    IMAGE=asa724-k8.bin  (case sensitive) 
    CONFIG=
    LINKTIMEOUT=20
    PKTTIMEOUT=4
    RETRY=3      (as possible as short)
After finish these setting, then you have to save these new configuration into NVRAM.
Rommon#1>sync
At  the  last  step,  that  is,  excute  tftp  download. Download  the  new  version  IOS  from  tftp  to  your
firewall.  
Rommon#1>tftpdnld
Wait for a minute until it finished all process, then the firewall has booted to user exec mode, such
as :
Firewall>
Enter enable and go into privilege mode, go ahead, because the preceding you finished procedure
just boot your firewall from the IOS exisiting in tftp, you must copy tftp to your firewall’s flash.
Firewall# copy tftp: flash:
According to prompt until success
Finally, excute “firewall#copy running-config startup-config”and end the process of upgrading IOS.

There is a case like this. There is an process automatic control system, which requires the system time to sychronize with an external time source (such as GPS), furthermore, this systems's time takes precedence of the windows system clock. It will override windows time changes. But how to implement it ?

There are a Windows client, a server connected to a dedicated system and an external GPS. The server is synchronizing with GPS, and the windows client will take the server's time as its time source.

I have tested the time synchronization between PRM client and PRM server（simulated）,the detailed process as below:

RRM server side:

In register, you need to change a item as picture shows:

 

Next, open group policy editor of RRM server and make a change:

2. What should be set on PRM client?

Everything as the document described what I have provided .

3.After finishing step 2 and 3, please use the following commands to restart W32time service and resynchronize with remote server. Note: this step will be performed on windows client machine.

It believe it will be success, good luck.

在windows 2003 active directory 架构的域当中。当客户端加入域后。那么域控制器就是一个time master,作为客户端的一个time source。理论上客户端会自动与DC进行时间同步。但实际，当客户端的时间发生变化后。是不能自动与域控制器进行时间同步的。要实现这个目的。我们还需要在DC上做些改变。将DC配置为不使用外部时间源，则更改DC上的公告标志。首先在“运行”中输入regedit 进入注册表编辑器。按下图修改。

配置为DC是使用自己的时钟来提供时间源。
为了能使域中的client能主动找DC进行时间同步。所以还需要在DC的默认域策略上对Windows time做个配置。如下图

这样，DC便成为了在Windows域中名副其实的time master。我们检测下客户端，改一下客户端的时间。然后再命令行界面下输入：
net stop w32time
net start w32time
那么你就会发现。你改变过的时间已经变回正常时间了。再来查看一下系统日志。如下图所示：

明显看出。client  192.168.5.30 与time source 192.168.5.1（DC）通过ntp 的123端口进行了时间同步。
关于windows域的时间同步就介绍到这里。