Forefront TMG IP Issue

Coding, ,

I typically have two issues that I run into with our Forefront TMG (aka ISA 2010) proxy server:

  1. I have certain blocks of IP addresses blocked on the Cisco firewall and occasionally a user will repeatedly hit a website that sits in one of those blocks.  I will then have to find out who is doing this as the firewall will always just report the address of the proxy server for the traffic.
  2. Occasionally a user will download malware and I’ll need to find out where they got it from so that the source of the traffic can go into the block list in point #1.

Either way I end up running a report on a system at the site which has SQL Server Management Studio installed on it with a query something like the below:

SELECT [ClientIP]
      ,[ClientUserName]
      ,[ClientAgent]
      ,[ClientAuthenticate]
      ,[logTime]
  FROM [ISALOG_20110317_WEB_000].[dbo].[WebProxyLog]
 WHERE [ISALOG_20110317_WEB_000].[dbo].[WebProxyLog].[DestHostIP] = ‘d3bd0e17-FFFF-0000-0000-000000000000’

You’ll note that the address on the bottom line is rather unintelligible since it uses a semi-IPv6 format used by TMG.  To work around this I had been doing hand translation using the calculator in Windows to figure out what the address I am looking for should be.  However, I grew tired of that and wrote a program that will handle the translation/conversion to and from a regular IPv4 address and Forefront TMG 2010 address (because of some apparent vague interest, I’ve packed a zip with just the executable (no code) here).

I want to note though, that since it was casually put together I didn’t code it to handle any exceptions.  The source code is included though, so if you want to code around some fat fingering then feel free.

Expensive Computer Tool

Desktop Support

Justin scopes out some optical ejection tools that many a tech has to rely on from time to time.  I figured I’d point out this snazzy version in my possession:

expensive optical drive tool

What makes it so expensive is that it was crafted by an expert IBM DBA who crafted this while he was waiting forever for an AIX system to complete some series of tasks (which on AIX systems of that gen, pretty much every task took forever).  By my estimates that’s about $300 computer tool.  At least he had the courtesy to leave it with us since we footed the bill for it.

Outsource-Insource-Outsource-Etc

Uncategorized

Back when I was first interested in pursuing a career in computers in the early to mid-nineties, the consensus on staffing an IT department was that it was much cheaper to outsource, or in other words, hire in contractors to fill your staffing needs on demand.  Not to be outdone, many a corporate accounting department canned their IT department, though usually by transferring them to the payroll of a contracting firm and paying significantly more per hour to have them on staff.

Over time the consensus on that mindset shifted.  Since I worked for a contracting firm when I first started out it was easy to see why: any work performed by computer consultants that is in the best interest of the company hosting them is strictly a coincidence.  With the IT staff concerns unmoored from those of the company indirectly paying their salaries, companies found that they weren’t really saving all that much money, especially when the product which was delivered was factored into the equation.

With Y2K consultant extortion still fresh in the minds of management, a different mindset came about in the post dotcom bust when IT pay rates came down and in-house staffing became more attractive.  The idea behind this strategy was that IT would be a driver for the business.  IT in this situation wouldn’t just be a mindless socket in the wall from which other departments would draw resources, but would be a partner in implementing new ideas of different business units and indeed, would be a driver for new ideas themselves.  This has a great deal of appeal to me since it makes sense that if a business has their own internal IT resources, they should justifiably expect that those people would be intimately familiar with how the business operates and that they should be able to apply technological efficiencies to everyday issues encountered within the business.  In other words, IT wouldn’t be about just fielding helpdesk calls, it would be about meeting with department heads and employees to find out their operations in order to make sure that IT isn’t an impedance, or IT could offer solutions to problems that are encountered in the differing department’s day-to-day jobs.

That strategy seemed to stick for a bit until the great recession bit in and businesses found that, although they valued IT, they were rather broke and the quality mattered less and less.  This ‘great cheapening’ didn’t only affect IT, but many IT services are distinctly sensitive to it since they can be easily farmed out beyond the geographical boundaries from where the service is required.  Which brings up the issue of the ‘cloud’.

Continue reading Outsource-Insource-Outsource-Etc

Scanning to Email

email,

I have a friend with a Toshiba ‘e-STUDIO3530C’, a pretty typical ‘mopier’ machine.  They use the scan-to-email fairly extensively, but it started giving them issues recently where the scanned document would appear to go off to no where.  After checking the logs on the Exchange 2010 server, it turned out that the ‘scan’ e-mails were being caught up in the IMF/spam filter that comes packed with Exchange.  Scans were either going to the ‘junk e-mail’ folder, the quarantine e-mail box, or rejected outright (in which case an error would appear on the scanner).

After browsing around it turned out that the best workaround was to have the mopier sign-in to send the message since authenticated users were automatically white listed (indeed, the only white listing that the built in spam scanner appears to offer).  Luckily we already had secure SMTP authentication set up on the Exchange server so that users could send e-mail with their phones, but it still took a little experimenting to get the correct settings on the Toshiba, and these settings on the ‘SMTP client’ appeared to do the trick:

Obviously a dedicated user account will need to be created for the scanner and the appropriate information changed for your own purposes.

Kaspersky Install Error

Desktop Support, ,

I’ve decided to move us away from McAfee and onto Kaspersky.  I’ve used McAfee’s product here for more than ten years and have been pretty happy with it and it’s protection has been pretty top notch, too ‘top notch’ as a matter of fact.  I’ve in fact gotten away from even installing McAfee on mission critical systems due to it’s penchant for bringing systems to their knees at seemingly random intervals.  It had gotten to the point that I didn’t even see the point of paying for McAfee since I had so sparesly installed.

It was at that point I knew a change was required: a virus scanner barely wroks to begin with, but not at all if it’s not installed.  I’ve had a foul experience with Symantec (doesn’t seem to stop anything) and Trend (ditto, at least for their home product), so I decided to go with Kaspersky.

What was interesting though was when I first went to install it on a batch of PCs I got a bluescreen error on one of the PCs (my bosses system!) of 0x000000d1.

As it turned out though, the issue had nothing do to with Kaspersky, and everything to do with some bum DNS entries.  In my initial testing I was installing to two computers of users who weren’t in that day, but then my boss called and said that it was installing on hers.  I thought this was odd, but when I checked the logs Kaspersky did indeed say that I had installed it to the incorrect system.  Flustered, I ran it again while double checking the computer name (which is fairly similar), and around that time my bosses PC bluescreened and Kaspersky again said that I was installing to the wrong computer.  At that point I resolved that I would use the IP address of the computer I wanted to use, so I pinged it and plugged it into the script and as a joke before running it I pinged my bosses computer to see what it was, and it turned out that it was the same.  My desired target PC had the wrong address assigned to it in DNS.

Kaspersky proved rather extra adept since it detected the name failure and then helpfully replaced the ‘wrong’ name with the ‘right’ name that the system was reporting and the blue screen was caused by trying to force an install over the existing install.