Feeds:
Posts
Comments

 Problem 

I’m currently working on a project and I was asked to create a secure configuration GPO according to CIS Standard.

I’ve noticed  that  “MSS:” prefixed is not visible in the Group Policy Management Editor , to reveal these setting please perform the following:

(Location: Computer Configuration > Policies > Windows Settings > Security Settings > Local Policies > Security Options)

3

 Solution

  • My recommendation is to use a test virtual machine or a test server before proceeding
  • Prerequisites:

Please  make sure that the following software installed on the server:

  • Microsoft .Net Framework 4
  • SQL Server  installed
  • Download Security Compliance Manager (SCM) and install it on the server

http://technet.microsoft.com/en-us/solutionaccelerators/cc835245.aspx

  • After installing SCM, copy  “LocalGPO.msi” file from the following path: “C:\Program Files (x86)\Microsoft Security Compliance Manager\LGPO\LocalGPO.msi” to your AD server.
  • Run and install the file “LocalGPO.msi” on the AD server.

1

  • Execute the following command: cscript LocalGPO.wsf /ConfigureSCE

9

10

  • Close and open Group Policy Management Editor and you’ll notice that MSS Prefixed was added!

11

Idit :-)

Problem

I tried to unallocate a LUN that was previously connected to a *VIO server but I have received the following error: “An error occurred during processing on the storage system (The LDEV is being used by the host, or an error occurred in the VSP procedure) (KAIC06400-E)”

scsi reservation

The LUN was removed from the AIX host prior to my attempt to unallocated the LUN.

*VIO= The Virtual I/O Server is software that is located in a logical partition. This software facilitates the sharing of physical I/O resources between client logical partitions within the server. The Virtual I/O Server provides virtual SCSI target, virtual fibre channel, Shared Ethernet Adapter, and PowerVM™ Active Memory Sharing capability to client logical partitions within the system. As a result, client logical partitions can share SCSI devices, fibre channel adapters, Ethernet adapters, and expand the amount of memory available to logical partitions using paging space devices.  To make things short it is similar to VMware only provided by IBM to virtual Unix servers.

Solution

The problem was that the LUN (LDEV) that I was trying to unallocate still had SCSI reservation which took ownership on the LUN.

There are two ways to overcome this error:

  1. By connecting to the Server by PUTTY and removed the SCSI reservation on the LUN
  2. By connecting to Storage Manager and remove the SCSI reservation

Connecting to the Server by PUTTY and removed the SCSI reservation on the LUN

  • Connect to the server by putty
  • Enter the following command: /usr/DynamicLinkManager/bin/dlmpr –k DISK_NUMBER In order to see if the disk has SCSI reservation
  • Enter the following command: /usr/DynamicLinkManager/bin/dlmpr –c DISK_NUMBER In order to delete the SCSI reservation

Untitled

Connecting to Storage Manager and remove the SCSI reservation

  • Connect to storage navigator
  • Go to Ports/Host Groups and go to one of the ports that the LUN you are trying to unallocated is connected to
  • Mark the host name that the LUN is allocated to

scsi reservation2

  • Go to LUNs > stand on one of the LUNs > More Actions > View Host Reserved LUNs

scsi reservation1

  • Mark the LUN you want to unallocated > Release Host Reserved LUNs

scsi reservation3

Idit :)

 A lot of times we feel that our control over users is slipping away due to the management overhead.

I believe that from time to time we need to re observe our build in features.

For example: VMware Alarms.

How often do you use Alarms such as : VM Max Total Disk Latency (ms) or VM Snapshot Size (GB) ?

Still thinking about it?

You should use it, it will make your management a little bit easier… :)

Idit.

Soft Zoning

Soft zoning is zoning which is implemented in software.

Soft zoning uses filtering implemented in fibre channel switches to prevent ports from being seen from outside of their assigned zones. The security vulnerability in soft zoning is that the ports are still accessible if the user in another zone correctly guesses the fibre channel address.

Soft zone concept is that the enforcement relies on the WWN of the node in the fabric.

Soft Zoning means that the FC switch will place a host WWN in a zone, without dealing with the port numbers they’re connected to in the FC switch.

Pros and Cons

Pros:

You can Connect to any port on the switch

Cons:

you will need to know to which port the host is connected to for maintenance purposes  

It’s possible that a hacker will attempt to spoof WWN

Hard Zoning

Hard zoning is zoning which is implemented in hardware.

Hard zoning physically blocks access to a zone from any device outside of the zone.

Usually hard zoning is used when using VLANs. You would associate a port into a zone

Idit :)

Problem:
Today I encountered a problem with IPV6 (Internet Protocol Version 6) configuration, when I  tried to ping a windows 2008 R2 server I got response from IPV6 interface (Reply from ::1: time<1ms)

so I disabled the IPV6 under network connection, in spite of that I continued to get the same reply.
 Solution:

  • Open Registry Editor (regedit).
  • 2. Navigate to the following registry key:
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tcpip6\Parameters\
  • Create the following registry value (DWORD type): DisabledComponents
  • Set value to 0
  • Restart your server.

Yaron

To manage a data source that connects to a 32-bit driver under 64-bit platform, use c:\windows\sysWOW64\odbcad32.exe.

To manage a data source that connects to a 64-bit driver, use c:\windows\system32\odbcad32.exe.

Taken from: http://msdn.microsoft.com/en-us/library/windows/desktop/ms712362(v=vs.85).aspx

Idit. :)

Are you sitting? If not – please do :)

In vSphere 5 VMware has removed any patch operation support in virtual machines.

According to “http://pubs.vmware.com/vsphere-50/topic/com.vmware.ICbase/PDF/vsphere-update-manager-50-install-administration-guide.pdf” – Update Manager 5.0 does not support virtual machine patch operation.

Update Manager 5 , can performs the following:

  • VMware Tools and virtual machine hardware upgrade operations, Update Manager works with ESX/ESXi version 4.0 and later.
  • ESX/ESXi host patching operations, Update Manager works with ESX/ESXi 3.5 and later.
  • ESX/ESXi host upgrade and migration operations, Update Manager works with ESX/ESXi 4.0 and later.

Idit.

Follow

Get every new post delivered to your Inbox.