Nagios process check simple fix

I'm setting up Nagios for the second time and I'm having to refresh my memory while setting up the service checks. I found a quick fix for one of the template services that always seems to fail - the process check for Explorer.exe. On all of the servers I setup Nagios reported that Explorer.exe wasn't running and was in a critical state. I couldn't see what was wrong with the check initially and that's because at first glance there isn't anything wrong with it. Until you look closer at the process information in task manager and notice that the process for Windows Explorer is called explorer.exe (lower case). It turns out that Nagios process checks are now case sensitive. I tested this with a couple of other processes, testing with upper case, lower case and normal case spellings and this confirmed it for me.

Slow down a network file copy

I've recently been virtualising our servers at work and I completed a P2V of our main server. This has been the most difficult to do because it previously hosted all of the network services, so it's been difficult to take offline and separate out the roles onto virtual machines without causing too much disruption. Anyway I was down to the last step, which was to virtualise the remaining database server but it generated a massive 400GB VM to copy onto the Hyper-V host.

I kicked off the copy from the physical server to it's new home and thought nothing of it, until one of my colleagues sitting next to me started to complain that database access had really slowed down. I checked task manager and discovered that the copy process had consumed 100% of the network bandwidth on the server. I quickly cancelled the copy and everyone in the building thanked me for working my magic and getting things working again!

I decided that if I wanted to complete this transfer and get started setting up the new VM I needed to find a way to copy the VHD file without using up all of the bandwidth on the server. Fortunately it only took a short amount of Google searching to find what I was looking for. The really handy Robocopy program built into Windows has an option called inter-packet gap that allows you to specify a copy speed when copying across the network. In my case I reduced the copy speed to only 25% of the network card bandwidth and although it took longer it copied successfully without interfering with the network based services on the server.

You can find out all about the options for Robocopy (including the wonderful inter-packet gap) here.

Word 2007 Macro Error

After a recent install of Word 2007 one particular computer kept giving the following error message when Word started:

The function you are attempting to run contains macros or content that requires macro language support. When this software was installed, you (or your administrator) chose not to install support for macros or controls.

After much searching of the internet I discovered that this error could be caused by incompatible plugins. Checking the running plugins in Word, I discovered that a particular PDF converter was responsible. Seeing as Word 2007 now supports saving as PDFs natively I decided to remove the incompatible plugin. Success! Temporarily at least. 

Some time later the error message started reappearing on the same computer. So back to the drawing board I went to seek out a permanent solution. That's when I discovered that this error message is also caused when the Visual Basic for Applications component is not installed. This can be installed by going to the Control Panel and selecting the Change option for Microsoft Office 2007, then expanding Office Shared Features and setting the Run from my computer option for Visual Basic for Applications.

Voila! Problem solved!

CSS automatically resize fonts for different resolutions and browser sizes

I've recently been rebuilding a website and getting my web design skills up to scratch. One of the problems that I've had to deal with is automatic resizing of elements on an page when faced with mobile devices and different browser/screen sizes. With a little help from the forums on the Stack Overflow website I've managed to coble together this handy piece of CSS that seems to do the job. It might not be perfect as I'm still learning advanced CSS, but for a quick easy solution it does the job:

@media screen and (max-width:767px) {
    .content1, .content2, .content3 {
        font-size: 70%;
    };
}

@media screen and (min-width:768px) {
    .content1, .content2, .content3 {
        font-size: 80%;
    };
}

@media screen and (min-width:992px) {
    .content1, .content2, .content3 {
        font-size: 90%;
    };
}

@media screen and (min-width:1200px) {
    .content1, .content2, .content3 {
        font-size: 100%;
    };
}

Antivirus exclusion list for servers

Based on all of the resources linked on Microsoft Technet article, this is a complete list of AV exceptions that should be in place on servers running AD, DHCP, Hyper-V, SQL and Exchange. There are more exceptions listed in the article but these were the ones that applied to my server configurations at the time.

*.mdf
*.ldf
*.ndf
*.bak
*.trn
*.trc
*.sqlaudit
*.sql
%ProgramFiles%\Microsoft SQL Server\MSSQL.X\OLAP\Backup\*.*
%ProgramFiles%\Microsoft SQL Server\MSSQL.X\OLAP\Log\*.*
%ProgramFiles%\Microsoft SQL Server\MSSQL10_50.BACKUPEXEC\MSSQL\Binn\SQLServr.exe
%ProgramFiles%\Microsoft SQL Server\MSSQL10_50.BACKUPEXEC\Reporting Services\ReportServer\Bin\ReportingServicesService.exe
%ProgramFiles%\Microsoft SQL Server\MSSQL10_50.BACKUPEXEC\OLAP\Bin\MSMDSrv.exe
%windir%\SoftwareDistribution\Datastore\*.*
%windir%\SoftwareDistribution\Datastore\Logs\*.*
Edb*.jrs
Edb.chk
Tmp.edb
*.edb
*.sdb
*.log
*.chk
*.jrs
%allusersprofile%\NTUser.pol
%SystemRoot%\GroupPolicy\Machine\Registry.pol
%SystemRoot%\GroupPolicy\User\Registry.pol
%windir%\Ntds\*.*
%windir%\Ntfrs\*.*
%systemroot%\Sysvol\Staging areas\*.*
%systemroot%\Sysvol\Domain\*.*
%systemdrive%\System Volume Information\DFSR\*.*
%systemroot%\System32\DHCP\*.*
%systemroot%\System32\Dns\*.*
%allusersprofile%\Microsoft\Windows\Hyper-V\*.*
C:\Users\Public\Documents\Hyper-V\Virtual Hard Disks\*.*
%systemroot%\System32\vmms.exe
%systemroot%\System32\vmwp.exe
%ExchangeInstallPath%\*.*
%SystemRoot%\System32\Inetsrv\*.*
%Winnt%\Cluster\*.*
%Windir%\Cluster\*.*
%SystemDrive%\inetpub\temp\IIS Temporary Compressed Files\*.*
%SystemRoot%\System32\Inetsrv\*.*
C:\Inetpub\logs\logfiles\w3svc\*.*
Cdb.exe
Microsoft.Exchange.Search.Exsearch.exe
Cidaemon.exe
Microsoft.Exchange.Servicehost.exe
Clussvc.exe
MSExchangeADTopologyService.exe
Dsamain.exe
MSExchangeFDS.exe
Microsoft.Exchange.EdgeCredentialSvc.exe

SSL security and Microsoft Exchange

This year the SSL Certificate Authorities announced that they would no longer be allowing SSL certificates to be issued for private IP and internal domain names. In my company this meant that when our SSL certificate recently expired we could no longer renew it for the internal exchange server name (exchange.domain.local). This was all well and good for OWA and our external staff who used our external domain address in their email clients, but it caused Outlook to have a major hissy fit and complain that the SSL certificate wasn’t valid and kept popping up an annoying warning message.

So off I went to hunt down a solution to the problem. There were two main suggestions that permeated throughout the internet:

1. Map the internal server name to the matching external name by setting up new DNS zones on the domain controller.
2. Changing the Exchange server to user external DNS names.

Option number 1 didn’t work properly for me. It was probably a configuration fault on my part as others have reported success with that approach. However, it is kind of cumbersome as you have to create a new DNS zone for each external address (you’ll need at least two – server.domain.com and autodiscover.domain.com).

Option 2 however was far more successful. Using a guide provided online by Digicert I discovered that using the Exchange Management Shell on the server, there are three Exchange entries that you need to change with the following commands:

• Set-ClientAccessServer -Identity HostName -AutodiscoverServiceInternalUri https://mail.yourdomain.com/autodiscover/autodiscover.xml
• Set-WebServicesVirtualDirectory -Identity "HostName\EWS (Default Web Site)" -InternalUrl https://mail.yourdomain.com/ews/exchange.asmx
• Set-OABVirtualDirectory -Identity "HostName\oab (Default Web Site)" -InternalUrl https://mail.yourdomain.com/oab

Once you have run these commands in Exchange Management Shell on the server, you need to then open IIS Manager, expand Application Pools, right click on MSExchangeAutodiscoverAppPool and then choose the Recycle option.

Once you’ve done this Outlook will no longer complain about invalid SSL certificates.

Remote Desktop goes black after login

When trying to login remotely to a server today I discovered that on every attempt, when I was redirected from a successful login to the desktop, the screen would go black and be unresponsive. The server was running fine and the login worked fine from the console. After a bit of searching I discovered a thread on the Microsoft Technet forums discussing this very issue.

The solution to this problem was very simple but completely unexpected. By pressing CTRL + ALT + END I could trigger the Windows security screen (much like CTRL + ATL + DEL does on a local computer). Pressing cancel on this box then restored my desktop on the server.

Others have reported online having to take an extra step of disconnecting their RDP session and then reconnecting again in order to fully restore the desktop. Many thanks to Rob Kraft on the Technet forums for this deliciously simple solution.