Wednesday, July 28, 2010

P2V conversion failure fixed

I’ve been trying to convert a Windows 2000 SP4 server to a VMWare machine now for a while and running into the same issue.  I would always get a KMODE_EXCEPTION_NOT_HANDLED BSOD right after the login screen would appear.  I tried the normal fixes listed on the VMWare website including the right SP4 rollup 1 v2 and checking the versions of scsiport.sys.  Fortunately, I stumbled across this wonderful article:

http://www.networkworld.com/news/2005/041105-windows-crash.html?page=1

I set the virtual machine to a kernel mode dump and let it BSOD as recommended by the article.  I then copied to memory.dmp file to my Windows 7 workstation where I had installed the debugging tools referenced in the article.  I quickly identified usbsp.sys as the offending driver.  I renamed it on the virtual and rebooted.  Result?  Perfect!  I will definitely make sure I use this in the future to get a handle on blue screens when they pop up.

Here is the relevant data from the process with the info highlighted in red.   How cool is that?

EXCEPTION_PARAMETER1:  00000000

EXCEPTION_PARAMETER2:  00000000

ERROR_CODE: (NTSTATUS) 0 - STATUS_WAIT_0

BUGCHECK_STR:  0x1E_0

DEFAULT_BUCKET_ID:  DRIVER_FAULT

PROCESS_NAME:  System

LAST_CONTROL_TRANSFER:  from f2695af5 to 8042be0b

STACK_TEXT: 
f245fc78 f2695af5 0000001e 00000001 804b1cd8 nt!KeBugCheck+0xf
WARNING: Stack unwind information not available. Following frames may be wrong.
f245fc90 804b1d5e 828696f0 82614000 f219fd08 usbsp+0xaf5
f245fd58 804b1f9f 0000008c 82614000 f219fd08 nt!IopLoadDriver+0x672
f245fd78 80417b47 f219fd08 00000000 00000000 nt!IopLoadUnloadDriver+0x3f
f245fda8 80457838 f219fd08 00000000 00000000 nt!ExpWorkerThread+0xaf
f245fddc 8046c8e6 80417a98 00000001 00000000 nt!PspSystemThreadStartup+0x54
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16

STACK_COMMAND:  kb

FOLLOWUP_IP:
usbsp+af5
f2695af5 8d45f4          lea     eax,[ebp-0Ch]

SYMBOL_STACK_INDEX:  1

SYMBOL_NAME:  usbsp+af5

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: usbsp

IMAGE_NAME:  usbsp.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  3cc859dd

FAILURE_BUCKET_ID:  0x1E_0_usbsp+af5

BUCKET_ID:  0x1E_0_usbsp+af5

Followup: MachineOwner

Wednesday, July 21, 2010

Sonicwall Guest Services with third party access points

Problem:  We are using an old D-Link hotspot to allow guest access in our building.  This D-Link feed a VLan that is distributed to 7 D-Link access points.  These APs support multiple SSIDs on different VLAN making them very convenient for distributing multiple wireless networks around the facility.  The new Sonicwall has Guest Services, but how can we make it all work together?  It seems like Sonicwall wants us to use their own proprietary (and expensive) access points.

In our server room we have a port dedicated to feeding the VLAN through the building.  I connected that port to X5 on our Sonicwall TZ210.  Now the configuration on the SW.

First, let’s add a new Zone and call it Guest.  For initial testing I am leaving the security settings turned off.

image image

Now let’s configure port X5 to be in our Guest zone with a static IP address of 192.168.1.1 on a standard Class C subnet.  Do this from Interfaces.  I have enabled management and ping plus user logins on this interface.  After testing I will disable the management except for Ping.  Make sure you enable login so your users can actually log in!

image

Verify a firewall rule exists for traffic from the GUEST to WAN zones.  With my firmware, this was automatically created.  I enabled some bandwidth limiting on it as well.

image

Now turn on the DHCP server for this interface with the appropriate settings.  Note that it is configured for interface X5.  Make sure the DHCP server is actually enabled in the top check box.  I forgot this part the first time around.

image

Anyone that connects to the VLAN or physical network on X5 should now receive a DHCP address in your range and be greeted in a web browser with the Sonic Wall Login page.

Adding users is very easy!  Just head down to Users|Guest Accounts and you can have them automatically generated for you or create your own.  You can also specify how long they are active for.  You can also click on Guest Status to see your logged in guests!

Monday, July 19, 2010

Adding Macros and Custom Menu bars in Outlook for Spiceworks

One of the common things we do here at work is work with helpdesk tickets through Spiceworks.  This is a great FREE help desk application and it suits our department style well.  I was looking for some more convenient ways to work with tickets and Remote tickets is a cool way to do it.

First thing first…check your Macro security in Outlook.  Click on Tools, Macro, Macro Security.  I set mine to No security for testing purposes, but you should change it to Warnings for all Macros.

image

Next, create some macros to do things with Spiceworks:  Tools|Macro|Macros

I added one called AddClosedTicket when I want to add a ticket and also show that it’s already been solved. Also, I have one for just adding a ticket.  You can see I am adding a Ticket Anywhere command to the body below by typing in msg.Body = “#closed”.  This pre-adds the closed command to my new message.

image

Now I am going to create a drop down menu at the top to easily start these messages.  You could create a button too.  Right-click the top menu bar and go to Customize…

image

Find the New Menu item and drag it to the top menu bar.  Now click the “Modify Selection” button.  I named mine “&Spiceworks”.  Just like Visual Studio this adds the ALT-S shortcut for the new Spiceworks menu item.

Next up click the “Rearrange Commands” button.  Chose your new menu at the top, in my case, Spiceworks.

image

Now click the Add button to start adding menu items.  I am going to change to Macros and add in my two Macros.

image

After you add these you can click on “Modify Selection” again to rename them to a simpler name such as my “Add Closed Ticket” above.

There are a lot more thing you can do with Macros, this is just a sample! :)  Have fun and experiment.  If you want to backup these customizations, they default to these files:

Windows Vista drive:\Users\user\AppData\Roaming\Microsoft\Outlook\outcmd.dat

Windows XP or Windows Server 2003 drive:\Documents and Settings\user\Application Data\Microsoft\Outlook\outcmd.dat

Monday, July 12, 2010

Packet loss on Dell Power Connect switches

I upgraded many Dell 6248 switches to the latest and greatest firmware over the weekend.  I have been experiencing more packet loss than I would ever want to see on an internal LAN.  Connecting from the servers on the same switch would yield a periodic lost packet for no apparent reason.  There were some clues on the switch with logged “spanning tree topology changes” in the log file.  During this log event, I would drop packets not only on the local switch, but other connecting switches as well.  All of these switches are configured with Rapid STP, LAG groups between them, and two VLANs.

Reading up on the dell site, I saw some good advice entailing turning on “Port Fast” on every port that isn’t an edge link between switches, namely ports connected to switches and servers.  This advice appears to be valid.  With the latest firmware I could go to Global STP settings and simply enable Port Fast.  It was smart enough to not turn it on for the LAG groups and switch interconnects with multi-vlans on them.  So far so good…over the past few hours I haven’t had any dropped packets.

image

Thursday, July 8, 2010

Sonicwall troubleshooting with SBClient over VPN

Installing a new firewall always presents a challenge. In this case it was our ERP client, SBClient, timing out after 15 minutes of inactivity across the VPN.  I started with the excellent Sonicwall VPN troubleshooting guide.

http://www.sonicwall.com/downloads/site_to_site_vpn_troubleshooting_on_sonicwall_security_appliances.pdf

Running Wireshark on the client, I see a RST packet coming from the ERP server at 15:01 which corresponds to a 15 minute timeout on TCP connections over the VPN connection.  I modified four rules for LAN->VPN and the reciprocal on both end sonicwalls for 60 minute TCP timeout values.  Here you can see a reset packet when properly closing our ERP client.  The timeout reset packets do not contain the ACK on them, only a 0x4 RST packet.  These are actually being generated by the sonicwall.

image

One gotcha that I fell into was the modification of the firewall access rules.  You must modify both the LAN => VPN and the VPN => LAN on both sides.  Modify the TCP timeout values on the Advanced tab.

image