Archive for category IT

Exchange 2010 EMC not opening “The WinRM client cannot complete the operation within the time specified”

When I open the Microsoft Exchange EMC on a server, the following error message displayed.

Initialization failed

The following error occurred when getting management role assignment for ‘domainname.local/MyBusiness/Users/SBSusers/Administrator’:

Processing data for a remote command failed with the following error message: The WinRM client cannot complete the operation within the time specified. Check if the machine name is valid and is reachable over the network and firewall exception for Windows Remote Management service is enabled. For more information, see the about_Remote_Troubleshooting Help topic.

Click here to retry

There are no additional errors in the Eventlogs. The server is running Exchange 2010 SP2. No proxy configured. Windows update is up-to-date. Windows firewall is off.

Exchange is still functioning but there is no management of the service.
The first lead I found here, suggested antivirus.

https://social.technet.microsoft.com/Forums/exchange/en-US/a675a48e-75a3-43c7-b99b-ec86527adb1d/emc-initialization-failed-with-winrm-error-exchange-2010-sp2?forum=exchange2010

As the site is using Trend Micro Worry Free Advanced, I opened the TMWF console, created a new Server container, dragged the server into it from the old container, refreshed the client on the server and can now access the EMC.

Now that I know what caused it, looking over the Trend Knowledge base reveals http://esupport.trendmicro.com/Pages/Unable-to-access-Exchange-2010-Management-Console-.aspx

The issue of not being able to open the Exchange Management console can occur when there is no Internet Connection after a server restart.
This can affect any server coming up without an internet connection as the default configuration of the virus software on the server is configured to look at the internet before allowing connection to the EMC
You can change this behaviour by following the steps in the Trend KB article.

The issue occurs because the Proxy hooks the Exchange 2010 management console query URL and it fails to get score from the Internet because there is no connection.

To resolve the issue:

  1. Ensure that the Exchange Server has Internet connection.
  2. Log on to Worry-Free Business Security (WFBS) web console.
  3. Go to Security Settings > Add group.
  4. Under Group type, select Servers.
  5. Specify a name for the group.
  6. Click Save.

Note: The created group will have the default settings if the Import settings from group check box is unticked.

  1. Disable the Web Reputation and URL Filtering feature for the newly created group.
  2. Go to Security Settings, then select the new group.
  3. Click Configure.
  4. Select the Web Reputation tab and unmark Enable Web Reputation for In-Office and Out-of-Office.
  5. Click Save.
  6. Select URL Filtering and unmark Enable URL Filtering.
  7. Click Save.
  8. Move the Security Agent of the Exchange 2010 Server in the previously edited group.
  9. Go to Security Settings and select the server group where Exchange Server 2010 is listed.

Note: This step refers to the Exchange Server Client/Server Security Agent and not the Messaging Security Agent.

    1. Drag and drop the selected Exchange Server to the group you created.

 

Tags: , ,

Should I tell someone about eCrime ??? YES !!!!

I know that I am in Australia and my experience might not reflect other countries, but I say yes. If you have had an eCrime committed against you (not your general virus or malware) then REPORT IT!!!

The more you report, the more the problem is taken notice of, the more investigation happens.

My post today to Facebook

A win for the good guys.

We had a business client scammed out of a large amount of money through an email.
We pursued it. We recommended and assisted in filling in the eCrime report.
We pushed it along. The police told the client, nothing will come of this. The client also felt that they were banging their head against a wall.
Well, today they receive notification that the money is about to be transferred back.
We helped chase the criminal through the Czech republic and into Spain.
Now, the person is cornered and my client has been offered a chance to be there in court and be a part of the process.

Reporting eCrime is the smart choice ! Things can happen !!!

Tags: ,

Microsoft Access Runtime 2007 error 2950 yet Database location is trusted ???

An error 2950 normally means that your database is in an untrusted location on your hard drive. (not always … but normally).

Refer https://support.microsoft.com/en-us/kb/931407

You can normally fix this with a registry edit e.g.

[HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Access\Security\Trusted Locations\Location0]
AllowSubFolders (REG_DWORD) = 1
Path (REG_EXPAND_SZ) “C:\Your Path\Your Program\”

(Location0 can be any key name you like).

What do you do if this does not work and the dreaded 2950 error continues?

a) Look for an error in your macro/vbs code in your access file. There is loads of information online on how to sort this out.

b) Look for other resources you need. (What ???)

I know it sounds fairly obscure however, here’s an example from my own troubles with “2950”

I copied the database into C:\Windows as that is trusted.

I double clicked the file and it went looking for Excel.exe and could not find it and then gave the 2950 error. I never saw the Excel.exe error when the Access file was in it’s original location.

I downloaded the Ms Excel Viewer and renamed the viewer executable to Excel.exe and then ran my Access file. Not only does my database now open, but all the macros run. I put the file back into the original trusted location and still no error 2950.

All this time my Access database was looking for Excel. Now it works.

Never underestimate what your Access file is looking for. 2950 does not always mean your program is in an untrusted location !

 

Tags: ,

New Encryption Virus: Ransomware : CryptoWall v 4.0

WARNING: New very dangerous virus that can cripple your business
 Summary of things to do:

 

  • Don’t open attachments in emails you are not expecting (at work and home)
  • Pass this warning on to others, teach them the same practices you follow.
  • Do not visit websites you do not know or trust
  • Do not trust Word (Doc), Adobe (PDF) and other email attachment files
  • Do not forward unusual emails onto other staff members
  • Do not ignore weird popups or things that are running slow or behaving a little “strange”
  • If you start finding files on your system come up as “Corrupt” call your IT!
  • If you start seeing files on your own machine, that are having their names changed or can no longer be opened, unplug your machine from the network immediately and call your IT
  • Make sure you have a backup that is removed from your network daily. It must be powered down and not plugged in. (Dropbox, SkyDrive and the like do not count)
  • Ask your IT to block .JS, .CHM, .EXE and other known attack files from coming in via email (if you have this feature available).

 

A new Ransomware dubbed “CryptoWall 4.0” has been found.
This new virus circumnavigates current antivirus and has new Features such as Encrypted File Names.
CryptoWall continues to use the same e-mail and website distribution methods as previous version.  The samples we analysed were pretending to be a resume inside a zipped e-mail attachments.
These resumes, though, were actually JavaScript (.JS)  files that when executed would download an executable, save it to a temporary folder, and the execute it.

CryptoWall 4.0 continues to utilize the same Decrypt Service site as previous versions.  From this site a victim can make payments, find out the status of a payment, get one free decryption, and create support requests.

We have passed along a sample of this virus to Antivirus companies and they are working towards a solution.

This virus first reported on the Bleeping computer forums
For those that want more technical detail:
When installed CryptoWall 4.0 will inject itself into Explorer.exe and disable System Restore, delete all Shadow Volume Copies, and use bcdedit to turn off Windows Startup Repair.
It will then inject itself into svchost.exe and encrypt the data on all local drives, removable drives, and mapped network drives.
Once it has completed encrypting your files it will launch the ransom notes that explain what happened and how to purchase the decrypter.

 The more people you pass this blog to, the more you can help stamp out these types of threats. Reducing the likelihood of this virus being triggered, reduces the virus writers payday.

 SAVE THE DAY, REDUCE THEIR PAY DAY!

550 “Sender address is invalid [route]:”

A quick look on the internet shows an increasing amount of people reporting an error 550 “Sender address is invalid [route]:”  with bouncing emails. This is new as of August 2015. No one knows what the error means.

It seems for Aussie clients with this recent issue, the likely fault is with TPP Wholesale whom upgraded security/mail filtering on their network and they are now aware of the issue and are working to resolve for multiple clients.

They have old webmail service lines / interbnal routes existing in Webcentral accounts which is creating conflicts.

Webcentral, MelourneIT, TPP etc are all now the same company.

If you need this resolved, contact TPP.

Tags: ,

Is the new right hand pane in Adobe Reader DC, messing with your workflow ?

The new Adobe Reader DC looks nice but then when you go to use it, you have less work space. So how do you remove the right hand pane (This contains export pdf, create pdf, edit pdf, etc.) on Reader DC? (It takes up a quarter of the screen and many people don’t even use the tools.)

To remove it temporarily, you can either click the Right Hand Panel bar or you can use the keys Control+H to go into “Read Mode”. Note that “Read Mode” just displays the document and no panels. Also note that “Read Mode” does not stay between documents or sessions either. Opening another document brings the right hand pane back.

If you are an avid reader of PDF’s and do not need the tools, here is a permanent solution.

Open the install directory,
i.e.” C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU” or ” C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU

Create a new subfolder (I used “Disabled”). Move 3 files from the “ENU” folder into the new “Disabled” folder. (Exit Adobe reader first).

Move  –

  • AppCenter_R.aapp
  • Home.aapp
  • Viewer.aapp.

Open a PDF and the Tool Pane is gone. It does also disable some menu items so if you want to still use the tools, read on.

Backup the file called Viewer.aapp. Edit the file with notepad (the file is XML abd located in “Adobe/Acrobat Reader DC/Reader/AcroApp/ENU/Viewer.aapp”)

The file contains a few lines however, edit it so that the following line is the only remaining line.

<Application xmlns=”http://ns.adobe.com/acrobat/app/2014″ title=”Viewer” id=”Viewer” majorVersion=”1″ requiresDoc=”true” minorVersion=”0″/>

Now open Adobe DC and the tools pane is gone but the menu items still work.

Life can get back to some normallity.

Tags: , ,