Skip to content

Troubleshooting

PC will not appear in my SCCM OS deployment collection

Here’s one we were having problems with a couple of months ago:

My colleague after registering two PC’s in “Operating System Deployment – Computer Association” and making them members of our “OS Pre-Staged Computers for Deployment” collection found there was absolutely no trace of either PC in the “OS Pre-Staged Computers for Deployment” collection when it came time to assign these PC’s to their required OU and role in order to kick off deployment.

It was a very odd situation as the PC’s had been purged from SCCM and AD before being re-registered for a bare-metal build scenario.

After going back and registering the PC tags and corresponding MAC details in “Computer Association”  I couldn’t find any trace of either PC in the OS Deployment collection even after “Updating Collection Membership” and refreshing the collection. Note re-registering PC details if it doesn’t register in your OS Deployment collection the first time probably isn’t that great an idea (duplicate entries in your SCCM database records) – but I was running out of options at that stage myself.

A double-check of the PC tag and the MAC address the PC was returning from a paused F12 PXE boot confirmed he used the correct details for the machines in question and I knew the PC’s had been removed from AD and SCCM but just for a hoot I double checked and found nothing. The PC’s could boot into F12 fine and pick up a valid IP address so this had me stumped.

After spending quite a bit of time trying to figure out why the PC tag was not registering in SCCM – I decided to perform an nslookup of the PC tag we were trying to associate in SCCM. It was at that point I noticed the IP address returned by nslookup was different to the ones assigned by PXE/DHCP boot for both PC’s, my conclusion was that DNS had not been doing it’s job properly purging old DNS registrations.

I asked our Security team to purge any old records of DNS registrations that matched the ones we were trying to build and about an hour later after re-registering the PC’s in the Computer Association node they finally appeared in our OS deployment collection and I was able to assign the PC to the correct OU and role.

Problem with Direct Access and Vodafone 3G/HSDPA – Update. SEP is the problem

I found the source of our Direct Access problems back in May during a lull period at work. Sorry for not updating then guys…

Here’s a link to my previous Direct Access post

I had a suspicion our anti-virus may have been causing our Direct Access problem so I went ahead and removed Symantec Endpoint Protection using CleanWipe which you can find here

I’m not that big a fan of Symantec as we had problems with our previous generation of PC’s – we suspected it was causing random out of the blue power downs of some PC’s while users were working. We could never prove it though as no event viewer logs were recorded just before the PC’s powered down unexpectedly. Luckily we’ve not had any problems of this type on our current generation of PC’s – they do have a new version of SEP installed though! In hindsight I should have tried removing SEP to test with Direct Access sooner in light of my previous experience with Symantec.

Anyway – Back to Direct Access. Once SEP was uninstalled with MS Security Essentials replacing it – Direct Access started behaving as it should on our laptops over a HSDPA/3G connection, and I didn’t have to run the “netsh interface 6to4 set state disabled” command  indicated in my previous post anymore.

I then decided to do  some more digging on the subject once I realised SEP was causing the problem and found this little nugget from a Symantec forum post.

So if you’re thinking about deploying Direct Access and have SEP deployed you have three choices:

1. Wait for the SEP update to come out in August 2012.

2. Uninstall SEP and replace with an antivirus that works with Direct Access (might be workable if you’ve only a small group of users that need to use Direct Access) i.e. replace AV for that group and leave the others with SEP.

3. Create a batch file that will run the “netsh interface 6to4 set state disabled” on start up on each laptop.

Hope this helps guys

 

Firefox crashing

If you’re having problems with Firefox crashing on your PC – the most likely culprit is Flash.

You’ll need the latest version of the Adobe’s Flash Plugin which you can find here:

http://get.adobe.com/flashplayer/

If the install fails using the above link the most likely reason is that your proxy/firewall is stopping the online installer from downloading the required install files.

In that case try downloading and installing from here (hopefully you have local admin privileges on your PC):

http://download.macromedia.com/pub/flashplayer/current/support/install_flash_player.exe

 

An automated WordPress update has failed to complete – please attempt the update again now.

I had some problems installing the updated version of JetPack (1.4.2) to my hosted WordPress blog a few days ago.

I tried the automatic install using the “Update Now” button but that failed and I got this error message under my dashboard after reloading/refreshing the admin page.

“An automated WordPress update has failed to complete – please attempt the update again now.”

The progress page you normally see when installing plugin’s would just stall for a long time and would not respond.

Not sure if the problem itself is specific to GoDaddy hosting but all I did to get JetPack to install properly was to deactivate the plugin temporarily then retry with a new install.

Don’t worry it won’t kill your previously accumulated stats!

Thought I’d share the above trouble-shooting tip as I haven’t found any guidance for this problem that recommends deactivating JetPack first.

Good Luck!

 

Problem with Direct Access and Vodafone 3G/HSDPA

I’ve been testing Microsoft’s Direct Access at work.

In my opinion it’s a true VPN killer, if you only need to deal with Windows Technology in your workplace.

Direct Access uses certificate/IPSEC based encryption/authentication to authorise a remote user and allow them to access a corporate network. The key thing here though is that the remote user doesn’t interact with any software to authenticate. The user’s authenticated without any action on their part – all they need to do is insert their username and password at the login screen much like you would if you were logging onto a terminal in the office.

No more fumbling around with a VPN dongle – if you have a broadband connection you can login and access network resources at the office from home.

I have noticed some problems using Direct Access with a Vodafone 3G/HSDPA connection though so I’d like to share what I did to get the service to work because it can be a pain in the butt to trouble shoot and the advanced diagnostic logs can be hard to decipher.

Firstly make sure you’re using the latest version of your Vodafone Mobile Broadband software (formerly called Vodafone Mobile Connect). I use version 10.2.302. Type “Vodafone Mobile Broadband Software” into Google and your first hit should take you to a page with the latest version. It’s important you get the latest version installed – I initially tried Vodafone Mobile Connect 9.4.6.20539 and couldn’t get Direct Access working no matter what.

The second part of the puzzle is 6to4. I had to completely disable this virtual adapter to force Direct Access to make a connection via Teredo. My suspicion (and this only seems to be a problem with mobile broadband connections) is that Direct Access doesn’t auto-configure the 6to4 adapter address properly and as a result Direct Access doesn’t fail over to any other connection type if it can’t communicate with the 6to4 adapter.

So start a CMD prompt with “Run as administrator” – as below. It’s important you start the CMD prompt with “Run as administrator” as a domain user even with local admin privileges will not be sufficient.

Once you have the CMD prompt up use the following command to disable 6to4:

netsh interface 6to4 set state disabled

And Direct Access should miraculously connect

The following command will take you back to where you started:

netsh interface 6to4 set state enabled

 

 

 

 

Have fun – I hope this helps you out of any Direct Access problems you may be having

iOS5 bricked my iPhone

It seems the upgrade/restore process for iOS5 is less then reliable with reports coming out of users having their phones deactivated when attempting the process

Symptoms include not being able to input your iPhone pass code

If this happens to you a remote wipe of your iPhone using MobileMe or iCloud should bring the phone back to an operable state.

BIOS VNC Server

In what looks like a boon for IT Admins everywhere news of a new BIOS based VNC Server solution comes from a partnership between Intel and RealVNC.

This motherboard based VNC Server will allow admins to VNC to a remote PC if the computer is off or doesn’t have a functioning OS.

Nice – Remote installs anyone? I’ve been waiting for a feature like this to come along for a long time.

You need a specific version of VNC (VNC Viewer Plus) along with a vPro Processor and AMT6.0 to support this. You also need a license for each installation of VNC Viewer Plus, but wow what a leap forward!

I had investigated AMT a few months ago but couldn’t figure out its benefits. The recent news makes it all clear…

This should make my job a lot easier – I’ll be able to connect PC’s directly up to the end-user network – no need to move them into the network room to build and have to move them a second time to users desks. I can build on the spot…

More information here

High iPhone bills

Two users at work were shocked to receive bills recently well over amounts normal users would incur.

Both were down to data usage even though those users had not used their iPhone data service in any significant way, preferring to use wifi to connect at home.

That can be a big problem if you’re a new iPhone user living in Ireland where we don’t have unlimited data plans like in the US.

If you’ve encountered this problem you need to look at the apps that are running in the background on your iPhone.

It’s not really advertised by Apple a lot but when starting another app on your iPhone the last one you were using will still run in the background unless you’ve closed it down. These location-based, e-mail, update or streaming media apps could all be running in the background eating through your data plan without you knowing it.

These apps may also be draining your battery unnecessarily.

To solve this double-click on the menu button twice in quick succession. You can now see the full list of apps that are running in the background toward the bottom of the screen. Now press and hold on one of those icons until they start to shake and you can see a minus symbol in the top right hand corner of those apps. Click on the minus symbol on each app to close.

iOS doesn’t give you a way to close apps from the applications themselves or close all background running apps at once without jail-breaking your phone so you’ll have to go through each one and close. That or restart your iPhone

chkdsk c: /f – An Unmountable_Boot_Volume story…

I had problems with a virus recently making posts to my Facebook profile of all things. When I first noticed the problem I started going through in my head what I did in the past couple of days to expose my laptop to malware. The cause was simply down to being lax updating my AVG antivirus.  Always, Always, Always keep your anti-virus up to date

So I got home after my work day and set to work killing this virus. First came MalwareBytes which detected two malware and one trojan.

It was then time for an AVG update. After one definition update I ran the updater a second time and more definitions were installed (I’d been very lax)

All was well until I restarted the laptop. Which is when my problems started. The laptop wouldn’t boot back into the OS.

I could detect a bluescreen but couldn’t see what the error message was.

If this happens to you boot into F8 (Safe Mode) then choose the option to “Disable automatic restart on system failure” – this will give you a chance to see what’s causing the blue screen.

In my case it was an Unmountable_Boot_Volume.

I can only put this down to the virus corrupting my MBR when Malware Bytes removed it. Nasty…

So I set about booting into my WinXP setup cd to access the recovery console and run the fixmbr cmd to repair my hard disks Master Boot Record. This had no effect however. Fixboot was a non starter also.

It was at this point that I began to think I’d need something more powerful. My second thought was Microsoft must have a fix for this?

CHKDSK – chkdsk really? The program that runs when your PC restarts after it’s power plug caught your foot? Yes – That chkdsk….

http://support.microsoft.com/kb/555302

chkdsk driveletter: /f

In my case chkdsk f: /f

Damn if it didn’t work! Here’s what I got back….

chkdsk


I’ll never underestimate chkdsk again…

The importance of regular server status reporting for unexpected events

The following scenario highlights the importance of having regular server status reporting in place for unexpected events.

For a couple of months at irregular intervals we had users complain that some mails (not all) they’d been expecting from external users were arriving days later or were not arriving at all.

I’d been examining the headers of delayed e-mails when they did arrive and had found that external mail servers delivering e-mails to ours were taking a number of hours or days to do so. Most of the delayed e-mails “seemed” to originate from Eircom (an ISP based in Ireland) so I chalked the problem down to an issue on Eircoms side. Our Security team agreed. This was an oversight on my part however which I’ll explain later…

As I examined more closely I was able to pull more delayed e-mails from external users whose e-mail were not routed through Eircom so logically this meant the problem wasn’t specifically with Eircom.

As a test I had some of the users that reported delays e-mail my employers e-mail address whilst CCing in my personal gmail address. Eventually the issue reproduced itself.

Mails arrived in my Gmail Inbox within a couple of minutes whilst e-mail destined for my employers e-mail address arrived a number of hours later. In the end I was able to reproduce the issue with the help of 4 seperate senders.

Convincing the Security team was a problem however as everything looked fine on our end. They had a hard time accepting the issue was on our side even though I could reproduce the problem with four seperate senders. Four seperate external mail servers behaving in the same way at the same time? and the problem is not on our end?

They needed more evidence…

So the next port of call was Eircom – They were able to provide the following logs. IP addresses and e-mail addresses removed:

2010-07-13 17:22:19.744009500 starting delivery 2146375: msg 3317173 to remote [email protected]
2010-07-13 17:28:59.581941500 starting delivery 2147602: msg 3317173 to remote [email protected]
2010-07-13 17:49:00.077173500 starting delivery 2150674: msg 3317173 to remote [email protected]
2010-07-13 18:22:19.009197500 starting delivery 2158998: msg 3317173 to remote [email protected]
2010-07-13 19:08:59.078851500 starting delivery 2171856: msg 3317173 to remote [email protected]
2010-07-13 20:08:59.270208500 starting delivery 2188502: msg 3317173 to remote [email protected]
2010-07-13 21:22:20.122931500 starting delivery 2203875: msg 3317173 to remote [email protected]
2010-07-13 22:48:59.138197500 starting delivery 2224308: msg 3317173 to remote [email protected]
2010-07-14 00:28:59.064738500 starting delivery 2244997: msg 3317173 to remote [email protected]
2010-07-14 02:22:19.239298500 starting delivery 2261581: msg 3317173 to remote [email protected]
2010-07-14 04:28:59.989719500 starting delivery 2279211: msg 3317173 to remote [email protected]
2010-07-14 06:48:59.004682500 starting delivery 2299239: msg 3317173 to remote [email protected]
2010-07-14 09:22:19.021063500 starting delivery 2342483: msg 3317173 to remote [email protected]
2010-07-14 12:08:59.033052500 starting delivery 2428140: msg 3317173 to remote [email protected]
2010-07-13 17:22:19.744009500 starting delivery 2146375: msg 3317173 to remote [email protected]

2010-07-13 17:24:09.861329500 delivery 2146375: deferral: Connected_to_<IPAddress>_but_sender_was_rejected./Remote_host_said:_451_#4.1.8_Domain

_of_sender_address_<3rdparty@theircompany.ie>_does_not_resolve/

From the above you can see that Eircoms gateway had attempted to deliver the mail in question numerous times over two days but was being rejected because the senders e-mail address could not be resolved.

So I asked the Security team to investigate if any work had been carried out on our DNS infrastructure (or any failures) on the 13th that would prevent the Ironport performing a DNS lookup.

They found that one of the DNS servers which our Ironport server was actively using for sender verification was restarting intermittently causing our Ironport to drop connection attempts when the external mail server attempted delivery. 

They didn’t have status reporting in place for the DNS servers to report any unexpected events.

Moral of the story – don’t rely on e-mail headers to judge mail delivery attempts (they only indicate successful connections) and make sure you have status reporting in place.

The Blog of Martin Birrane