Adding policy pages to McAfee ePolicy Orchestrator

Posted on By Mark Wilson

After installing Networks Associates/McAfee ePolicy Orchestrator (ePO) for a client, I was mystified by the lack of a policy page for VirusScan Enterprise 7.x. VirusScan Enterprise 8.0 was there, as were competitive products (e.g. Norton Antivirus Corporate Edition v7.5x/7.6/8.0).

Eventually, I found a document on the McAfee website, which described that the policy pages (NAP) required to change settings for VirusScan 4.5.1 and VirusScan Enterprise 8.0i were added to the server repository at install time but before it is possible to change settings for other products, their policy pages must be added to the server repository. These policy pages are stored locally and contain the files needed to change policy settings and create scheduled tasks for products.

Locating the VSE710.NAP file was reasonably straightforward (it is contained with the installation source for Virus Scan Enterprise 7.1). Once I had the file, I could follow the McAfee instructions for adding policy pages to the server repository, although with the version of ePO I was using (v3.5.0) the import process was slightly different to that illustrated as the check in package and check in NAP options have been separated.

Although this information is also available in the ePO v3.5 Product Guide, it does help to know that the key to this is a .NAP file. I spent a considerable amount of time trying to find this out, so I thought I’d blog it here for the benefit of anyone else…

Using server side includes in web pages served from IIS

Posted on By Mark Wilson

Last year I blogged about using server side includes in web pages. My SSI code has all been working well on my ISP’s Apache servers, but my development server runs under IIS 5 on Windows 2000. Even with the default document list set to include index.shtml, I was getting HTTP 404 errors for pages that I knew existed. I checked that I had application mappings in place for .shtml files, but what none of the documentation told me was that I needed to change the executable path for .shtml from %systemroot%\System32\inetsrv\404.dll to %systemroot%\System32\inetsrv\ssinc.dll. Once I had made that change, everything jumped into life and my dynamic pages were served as expected.

Tracking down the vendor portion of a MAC address

Posted on By Mark Wilson

I was trying to track down the source of an IP address conflict earlier today and I came across two sites offering a search service for the initial 24-bit (6 digit hexadecimal) vendor portion of an Ethernet media access control (MAC) address. The IEEE service is the official one, from where you can also download the complete listing, but MAC finder is also useful as you can use the ?string=00%3a00%3a00 command on the end of the URL (replacing the zeros with the appropriate hexadecimal digits).

Disabling the Shutdown Event Tracker in Windows Server 2003 (and XP)

Posted on By Mark Wilson

I run Windows Server 2003 on my work laptop (largely because I’m getting up to speed with Windows SharePoint Services right now). I find that pretty much anything designed for Windows XP runs under Windows Server 2003, but there are some configuration differences out of the box. One of these is the shutdown event tracker – a useful feature on enterprise servers, but not so useful for me on my everyday laptop – so I was pleased to stumble across Microsoft’s advice on configuring the shutdown event tracker, including how to disable it. Interestingly, Microsoft knowledge base article 293814 reports that the functionality is also available in Windows XP but is disabled by default.

(Finally) joining the iPod generation

Posted on By Mark Wilson

There. Done it. Bought an iPod Mini on the way out of Heathrow this morning…

(and my iTrip Mini should be in the post later today…)

So I finally joined the iPod generation (and I’m well impressed). Okay, so the software setup had a few hiccups on Windows Server 2003 – but that is an unsupported platform after all. I still got up and running pretty quickly. I know I’ve previously expressed concerns about Apple’s use of its proprietary AAC format, but Stuart pointed out to me that iPods can also play MP3 at up to 192kbps and let’s face it, Apple products are very stylish.

Right… off to find some good podcasts for the flight back home tomorrow…

I’m famous (sort of)

Posted on By Mark Wilson

Some people have commented that I may be a little biased towards Microsoft… and whilst at times that may be a fair comment, if you look at my computers I use various open source programs, I do criticise the software giant from time to time and, let’s face it, I work for a systems integrator, primarily focusing on building solutions using Microsoft infrastructure products.

I also have a tendency to use my blog as a dumping ground for notes after I attend events, which seems to have caught the attention of the the IT professional technical evangelist team at Microsoft UK (hopefully not too annoyed at the plagiarism of their presentations). Last month, they created a new blog on the TechNet web site for articles contributed by “industry insiders” – people who don’t work for Microsoft, but who have real world experience of implementing Microsoft products, possibly even in conjunction with competitive products from other vendors – and yesterday, after a couple of weeks of discussions, Steve Lamb posted what I hope will be the first of many contributions from yours truly.

Installing and verifying the configuration of an ISA Server 2000 array

Posted on By Mark Wilson

Just over a year ago, I posted a blog entry which gives a 10,000 feet view of Microsoft ISA Server 2000. I haven’t done anything with ISA Server since then but over the last few days, I’ve been installing an new ISA Server 2000 array into an existing enterprise for a client.

Nothing too complicated about that – once I had secured the network interfaces and installed the ISA servers, there were just a few extra settings to configure (see getting started with ISA Server) to ensure that the new array would allow outbound traffic, but I did start to doubt myself when my test clients were receiving error 10060 connection timeouts (although the logs from the upstream firewall reported that it was letting the outbound requests pass). It transpired that there was an issue with the ISP’s network, but as anyone who has ever been in that situation will know, convincing an ISP that there is a problem their end is not always easy, and I also asked two of my colleagues to check my configuration (just in case!).

Although I installed in integrated mode (for future flexibility), my client only needed the caching functionality, so I stopped and disabled the Microsoft Firewall service. Everything seemed fine as the clients were connecting okay via HTTP, HTTPS or FTP and the upstream firewall logs reported all the client requests as coming from my proxy servers; but I wanted to be sure that the array servers were co-operating and that the cache was being populated as my test clients hit the new array.

Understanding how the client requests are processed is straightforward – by default, ISA Server maintains a log file in %programfiles%\Microsoft ISA Server\ISALogs\, which for the Microsoft Web Proxy service is named webextdyyyymmdd.txt. This file contains a whole host of information about requests received and how they were answered, including a useful field called s-object-source, which shows where the request was retrieved from (e.g. “member” for another member of the array, “inet” for the Internet or “cache” for the ISA Server cache – full details can be found in the Microsoft Internet Security and Acceleration Server Enterprise Edition product documentation). From looking at the ISA Server logs, I was confident that both servers were working, and resolving requests between one another using the cache array routing protocol (CARP) but I still wanted to check that the caches on both of the ISA Servers in the array were being populated.

Microsoft provides a useful utility with ISA Server 2000 – the ISA Server Cache Directory Tool (cachedir.exe), found on the ISA Server CD in the \support\tools\troubleshooting\ folder. Once copied to the ISA Server folder (by default, %programfiles%\Microsoft ISA Server\), this can be used to view the contents of the cache. I could see some entries in the cache on one server, but not the most recent requests, and running the tool on the other server returned an empty cache. Then I remembered that ISA server caches in memory first (by default 50% of available RAM), and only uses (slow) disk cache when the (fast) memory cache is full. The different results on each server were because I had restarted the Microsoft Web Proxy service on one server but not on the other. Once I restarted the Microsoft Web Proxy service on the second server, I could see all of the expected cache entries on disk as the memory cache is flushed to disk when the Web Proxy service is stopped. For reference, the ISA Server documentation gives an explanation of the ISA cache files.

All in all, it has been a successful implementation, if slightly protracted by the ISP issues and my stupidity around cache contents. Now I can put those issues down to experience, but I thought posting them into the blogosphere might help out some other poor soul with an ISA server to configure in a hurry.

RSS and Atom aggregator web part for SharePoint

Posted on By Mark Wilson

One of the most useful web parts that I’ve seen for SharePoint is FeedReader, from Smiling Goat. It is, quite simply, an RSS and Atom aggregator for SharePoint sites, implemented as a web part that can consume multiple feeds and represent them in a clear, concise view with a number of display and formatting options. Best of all, it is free! The screen shot below is an example on my Windows SharePoint Services site:

FeedReader webpart on a WSS page

Like many free web part downloads, installation is not as simply as running the supplied Windows Installer (.MSI) file; however it only requires one command – registration of the web part using the stsadm.exe tool which is part of Windows SharePoint Services, found at %programfiles%\Common Files\Microsoft Shared\Web Server Extensions\60\BIN\. The full command for installation is stsadm -o addwppack -filename "C:\Program Files\Smiling Goat\FeedReader\smilinggoat.feedreader.cab" -globalinstall -force, after which it is available for import into a web page.

Now all I need to do is to find something just as good (and that is browser agnostic) to use in static HTML pages.

(Purely co-incidentally, my RSS and Atom aggregator of choice is also called FeedReader, although apart from its purpose, it is an totally unrelated product).

An introduction to blogcasting

Posted on By Mark Wilson

I suffer from information overload. I don’t read half my e-mails, and much of the syndicated weblog content that I subscribe to passes me by too. I’m a family man, with little time right now for much else apart from baby talk, nappies, mowing the lawn and maybe a bit of DIY when I’m not working (alright, perhaps a few hours of watching the telly each week); however, I do spend a lot of time in the car (perhaps as much as 20 hours some weeks) and a couple of weeks back, Alex introduced me to the idea of podcasting.

Now, I was fairly late onto the blogging bandwagon, and I’m probably a bit behind the times with podcasting too, but after some initial scepticism (I tended to agree with Anu Gupta and Paulo Valdemarin), I’ve come around to the view that it’s a great idea! In fact, I think it’s such a good idea that I’m seriously considering buying an iPod and an iTrip (one of those tune-your-car-radio-into-an-iPod-gadget-thingies) so that I can listen to podcasts instead of Terry Wogan or Today on my way to work (what does that say about my listening habits?) – although I’ll probably still pick up the BBC Radio 4 comedy on my way home. I have no intentions of creating such content myself (I lose enough of my bandwidth to weblogs as it is, without going multimedia, and besides which, who wants to hear my voice!), but sites like liberated syndication provide a hosting service for podcasters and it was one of their sites that sold me onto this idea – How to pour the perfect Guinness from Tod Maffin’s How to Do Stuff site (thanks to Owen for the original link).

On a similar note to the podcasting idea (but requiring full attention as they are generally video-based), the IT professional technical evangelist team at Microsoft UK have begun to produce blogcasts. It was Eileen Brown that initially alerted me to this, but Steve Lamb has started to blogcast too and now a blogcast repository has been created. Well worth a look if for a quick demonstration of how to do something.

Handy little 10/100 Ethernet switch

Posted on By Mark Wilson

Sometimes, when I’m on a client site, I think that it would be really useful to have an Ethernet switch with me but generally they are too big to carry around (even my excellent NetGear DS108 hub is a bit on the chunky side). GS-SW005 (front)Then, last week, I spotted one of my colleagues using a small network switch, about the size of a packet of cigarettes, with four ports (plus uplink). It turns out to be a GS-SW005 10/100Mbps switch from Gigabyte Technology. Now I’ve got one and it’s great! Although it is supplied with a DC power adapter, it was the USB power cord that sold it to me, meaning one less power supply to carry around. I got mine from Scan Computers although for a £24.68 item I thought £10 for shipping was a bit steep (and even the £24.68 is a bit high considering it is also available in Australia for just AUS$20).

GS-SW005 (back)One word of warning – the product no longer appears on the Gigabyte Technology website, so it may have been discontinued; even so I would certainly recommend it to anyone who frequently needs to create ad-hoc networks for PC builds, demonstrations, or when working in a meeting room with only a single live network port.