During migration to our new one of our new firewalls, I became aware that our outbound mail was not getting out and the queue was just growing. After a bit of digging around I found that our internal mail server could establish a SMTP connection to the server it was trying to send to, the message just wasn’t going down the connection.
I telnet’ed to the SMTP server that we were trying to deliver to, to try and manually send a message by issuing SMTP commands, the conversation went something like the following:
RECV> 220 ****2************************************
SEND> HELO mail. squiggle.org
RECV> 500 5.5.1 Command unrecognized: “XXXX”
Every command that I issued resulted in not being recognised, but each letter substituted as XX’s. After a bit more investigation (netcat listning on port 25 to see what was really being sent), it became apparent that something was altering the SMTP commands, and also the server header on the initial 220 by the looks of it.
After looking into what could be making these alterations, I found out that the likly culprit was our newly configured Cisco PIX firewall… Cisco fixup can run on a firewall and inspect the data in a SMTP session, to try and secure it more, by restricting it to a certain commandset, ours just looked to be restricting the whole lot! Disabling the fixup for SMTP with the following command fixed the issue:
> no fixup protocol smtp 25
As soon as this rule was added, mail started flowing again!
Posted in Networking
I came across a peculiar issue today with Lotus Notes 7, running on my newish Vista system, I was doing some c# development with the Notes COM objects, but was having some trouble, and needed to edit my notes.ini file to try and fix something.
The peculiar part was that in my program files directory, there was a notes.ini file – but with no real config in it, only a few lines – this files usually full of stuff! I also couldn’t see my ID file in the notes data directory when using explorer, but Notes could see it and access it fine!
After a bit of Googling, it turned out it was Vista redirecting application write access to the program files folder to “C:\Users\ %USERNAME% \AppData\Local\VirtualStore’. When the app reads from the program files folder it sees a merged version of the real program files folder and the users VirtualStore, so in essence forces apps to support multi users by the looks of it.
Posted in Apps, OS
From time to time you’ll come across the problem where a system’s machine account in active directory has either become out of sync (Usually due to multiple systems with the same name) or has just been deleted somehow! Telltale signs of this are errors about domain’s being unavailable, and trust relationships failing whenever the system tries to perform any authentication. In these situations you can usually log in as a local administrator, unjoin/rejoin the domain, then reboot and the problem is sorted.
However, this isn’t so easy if you aren’t in front of the system (which is often the case), although it is possible to do:
First you need to locate the IP address of the system (Names will be unreliable if you’ve got multiple systems with the same name!). The best way to find the IP is probably from looking at DHCP leases on your DHCP server. Once you have the IP address, run regedit.exe on another system, then from the file menu select ‘Connect remote registry’. In the following box, connect to \\<IPaddress>. You should then be able to log on to the system as the local admin user (SYSTEMNAME\Administrator), you should then be able to navigate to:
HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server
In this key, look for the ‘fDenyTSConnection’ value, and set this to 0. This should enable remote desktop if it isn’t already, you’ll need to reboot in order to enable this:
shutdown -m \\<IPAddress> -r
Once the system has rebooted, you should be able to remote desktop to it, log in as the local admin user, and rejoin as if you were in front of it. Although if it was a case of multiple systems with the same name, don’t forget to give it a unique name!
I should also point out that if it was a deleted computer account, you could always restore the object in AD, but that’s another story…
Posted in Networking, OS, Tips