Reclaiming space from WSUS

If you’re not using WSUS then there are several things you can do to remove those gigabytes of updates that have accumulated. The best method of doing this is to disable WSUS instead of trying to uninstall it which may be a problem on SBS 2003 or SBS 2008. Here is how you do it:

  • Open Windows Server Update Services in Administrative Tools
  • Expand the server and click on Options
  • Open Synchroniztion Schedule and change it to Manual
  • Open Automatic Approvals and delete the automatic approval rule
  • Expand Updates > All Updates. Select all updates, right click and select Decline
  • Click on Options and Server Cleanup Wizard and run the wizard

Ubuntu 11.04 RVM Gem Problem

I recently encountered this issue when using Ubuntu 11.04 to set up a new Rails server with RVM, Passenger, Apache. The first indication of a problem is when you see this line at the end of the rvm install 1.9.2 output:

ruby-1.9.2-p180 - #importing default gemsets (/home/user/.rvm/gemsets/)
'gem' command not found, cannot select a gemset.
Install of ruby-1.9.2-p180 - #complete

This means it had issues compiling ruby, rubygems in particular. You will also notice this error when using the gem command to install any gems:

ERROR:  Loading command: install (LoadError)
no such file to load -- zlib
ERROR:  While executing gem ... (NameError)
uninitialized constant Gem::Commands::InstallCommand

To fix this you’ll have to install the zlib libraries with the command:

sudo apt-get install libghc6-zlib-dev

This won’t fix the problem immediately, you’ll have to rebuild ruby by using:

rvm install 1.9.2

Then you’ll be able to properly install any gems you require.

Asterisk AMI via HTTP Intro

The Asterisk Manager Interface can be accessed in two ways. The first is through TCP port 5038 using the AMI protocol and the second is through the HTTP protocol on port 8088. Both of these ports can be change in the manager.conf or http.conf config files.

Once Asterisk is configured properly for AMI access, you can issue standard AMI commands through a HTTP query string interface and have results returned as text, html, or xml.

To configure AMI over HTTP, the following line needs to be added or modified in the manager.conf file:

webenabled = yes

The following lines need to be added or modified in the http.conf file:

enabled = yes
bindaddr = ;to allow connections from any IP address.
bindport = 8088
prefix = asterisk ;the virtual directory to be used for the interface, ie. http://asteriskserver:8088/asterisk/

Reload the config files with the reload command at the CLI and the webserver should be running. In asterisk 1.6 you can run the command http show status to see the status of the server. It will also show you the paths to use to return the desired results.

HTTP Server Status:
Prefix: /asterisk
Server Enabled and Bound to
Enabled URI’s:
/asterisk/httpstatus => Asterisk HTTP General Status
/asterisk/phoneprov/… => Asterisk HTTP Phone Provisioning Tool
/asterisk/manager => HTML Manager Event Interface
/asterisk/rawman => Raw HTTP Manager Event Interface
/asterisk/static/… => Asterisk HTTP Static Delivery
/asterisk/mxml => XML Manager Event Interface

You can view the HTML interface to AMI at the following path http://asteriskserver:8088/asterisk/manager. Keep in mind that asteriskserver is the hostname or IP of your particular server. Each command issued should have an action argument. So, it would look like http://asteriskserver:8088/asterisk/manager?action=actionname. If the action has any arguments, pass them along with argumentname=argumentvalue.

For every method of issuing AMI commands, the authenticated session information is stored in a cookie in the browser or in whatever client you use to access AMI. The cookie is called mansession_id and, after login, should be passed back to the server for every subsequent command.

To login to the HTML interface, go to http://asteriskserver:8088/asterisk/manager?action=login&user=admin&secret=amp111 and make sure you are able to accept the mansession_id cookie.

The above login action uses the default manager username and password from a trixbox installation. In other asterisk installations, you can add or modify users in the manager.conf config file.

The complete list of AMI commands can be found here:

Trixbox Asterisk Dynamic Agent Toggle

Using dynamic agents on any asterisk based system can be a struggle. First, the phone digit maps or dial plans have to allow the login/logout commands like queue*extension# for logging in and queue**extension# for logging out.

Also, asterisk allows you to log into a queue with any extension, including system extensions. We’ve seen people log into a queue with extension 2 which ends up causing calls into that queue to go into an infinite loop.

The following code was originally found here: but since it seems like they’ve locked the thread i’ll post my changes here.

exten => s,1,Wait(1)
exten => s,n,Set(CALLBACKNUM=${CALLERID(number)})
exten => s,n,AddQueueMember(queue1,Local/${CALLBACKNUM}@from-internal/n)
;If they’re already logged in, log off
exten => s,n,GotoIf($[“${AQMSTATUS}” = “MEMBERALREADY”]?a2)
exten => s,n,Playback(non-crisis-login)
exten => s,n,UserEvent(Agentlogin,Agent: ${CALLBACKNUM})
exten => s,n,Hangup()
exten => s,n(a2),RemoveQueueMember(queue1,Local/${CALLBACKNUM}@from-internal/n)
exten => s,n,UserEvent(Agentlogoff,Agent: ${CALLBACKNUM})
exten => s,n,Playback(non-crisis-logoff)
exten => s,n,Hangup()

The only thing we’ve changed was AddQueueMember(${ARG1}) to AddQueueMember(queue1,Local/${CALLBACKNUM}@from-internal/n).

This caused the correct trixbox interface to be added to the queue. Just passing the extension number to AddQueueMember caused the extension to ring but would not follow any of the queue rules such as skip busy agents.

We’ve also expanded on this to log agents into multiple queues at the same time. This was necessary since for some calls, we’ll allow the caller to wait in a queue for a little bit, then direct them to an IVR for the chance to leave a message, then back into a second queue with music to hold for an agent.

exten => s,1,Wait(1)
exten => s,n,Set(CALLBACKNUM=${CALLERID(number)})
exten => s,n,AddQueueMember(queue1,Local/${CALLBACKNUM}@from-internal/n)
;If they’re already logged in, log off
exten => s,n,GotoIf($[“${AQMSTATUS}” = “MEMBERALREADY”]?a2)
exten => s,n,AddQueueMember(queue2,Local/${CALLBACKNUM}@from-internal/n)
exten => s,n,Playback(crisis-login)
exten => s,n,UserEvent(Agentlogin,Agent: ${CALLBACKNUM})
exten => s,n,Hangup()
exten => s,n(a2),RemoveQueueMember(queue1,Local/${CALLBACKNUM}@from-internal/n)
exten => s,n,RemoveQueueMember(queue2,Local/${CALLBACKNUM}@from-internal/n)
exten => s,n,UserEvent(Agentlogoff,Agent: ${CALLBACKNUM})
exten => s,n,Playback(crisis-logoff)
exten => s,n,Hangup()

Cracking windows passwords with ophcrack and rainbow tables

Our company specializes in both system administration and also computer forensics. One skill that I find useful in both areas is the ability to reverse passwords residing in a windows domain.

As you may know, NT passwords are created using a one way hash algorithm, which means, they can not be decrypted to obtain the plaintext password. But, what if you had a listing of the hashes of every password? Then you would just be able to compare the hashes until you found one that matched, right?

Well, this is certainly possible. To crack windows XP and server 2003 passwords that are less that 14 characters and contain letters, numbers and symbols, you’ll need about 7.5GB of “rainbow tables.” These tables are the listings of plaintext passwords and their corresponding hash. The entire process will require a few tools:

  • pwdump or the newer fgdump: This will export the password files from a local computer or a windows domain to a .pwdump file.
  • Ophcrack: This is a utility that is used to compare the .pwdump file to the rainbow tables.
  • Rainbow Tables: these were explained earlier. They can be purchased or you can download a utility to create them yourself.

Once you have all the tools, the process is pretty simple. The recovery rate is pretty high for Windows XP and Server 2003. Password hashes have change for Vista, Windows 7 and Server 2003 so you’ll need a different set of rainbow tables that can be acquired similarly to the XP tables.

Sophos Automated Software Rollout

I recently had to install the Sophos Anti-Virus suite at a client office and had issues with a few PCs during the automated rollout of the software. The problem seemed to be that the server with Sophos Control Center was not able to remotely administer several client PCs. The way I was able to test this out was by using Computer Manager to test connecting to each one of the PCs I was having problems installing the software on.

On each PC experiencing the issue, I was not able to remotely connect with Computer Manger. Once I was able to connect with Computer Manager, the Sophos software installed successfully.

There were two reasons this was failing in our environment consisting of Windows XP and Windows 7 workstations.

The problem with Windows XP was that the XP firewall as blocking remote administration. I solved this problem by setting the firewall to allow remote administration through group policy. To do this:

  1. From the server desktop, click Start, click Run, type mmc, and then click OK.
  2. On the File menu, click Add/Remove Snap-in.
  3. On the Standalone tab, click Add.
  4. In the Available Standalone Snap-ins list, click Group Policy Object Editor, and then click Add.
  5. In the Select Group Policy Object dialog box, click Browse.
  6. In the Browse for a Group Policy Object, click the Group Policy object that you want to update with the new Windows Firewall settings. I decided to choose Default Domain Policy since then it would apply to all PCs in the domain.
  7. Click OK.
  8. Click Finish to complete the Group Policy Wizard.
  9. In the Add Standalone Snap-in dialog box, click Close.
  10. In the Add/Remove Snap-in dialog box, click OK.
  11. In the console tree, open Computer ConfigurationAdministrative TemplatesNetworkNetwork Connections, Windows Firewall, and then Domain Profile.
  12. Edit the properties for Windows Firewall: Allow Remote Administration Exception.
  13. Select enable and enter the IP of your server so that you don’t open up remote administration to everyone.

After a restart of the PC, you should be able to deploy Sophos or any other remotely installed software.

For Windows 7 PCs, the problem was that remote administration and installation of software requires the remote registry service to be running. It is set to Automatic startup on Windows XP but set to Manual startup on Windows 7. After changing the startup type to Automatic and starting the service I was able to easily deploy Sophos.

Installing BES 5 with Exchange 2010

I have recently just had the pleasure of setting up a new Exchange 2010 server along with the new Blackberry Enterprise Server 5. The installation seemed very similar to BES 4 installations but there were a few more screens of information to fill out.

The big change to note was that the new BES server configuration is all web based. Sort of like VMWare Server 2. At this point I still don’t like it because it only seems to be enabled from the local host so what is the point of having it web based anyway. I would like to see it working over a VPN on a remote computer but have not accomplished this yet. There are two authentication methods for this web based administration site called BlackBerry Administration Server (BAS). In the BAS configuration screen to can choose to use built-in BAS authentication or to use Active Directory authentication. At first I choose AD authentication but wasn’t able to get it working. I did some research on the issue and concluded that almost nobody got it working. To switch back to BAS authentication you have to fully uninstall and re-install BES.

The second issue I noticed was this error below. I haven’t been able to find anyone else having this problem but I was able to ignore the issue and everything seems to be working OK.

The last and biggest issue encountered was the fact that BES was not picking up Activation e-mails out of the user’s mailboxes. There didn’t seem to be any log entries in MAGT or any other log files. I finally found one post that mentioned turning off IP6 on the BES server and after restarting, those e-mails were being picked up and BlackBerries were activating.

Instruction for turning off IPv6 in Windows Server 2008 can be found here.

Usefullness of Apple’s Airport Express

I recently purchased an Apple AirPort Express in order to listen to my iTunes music on my home stereo. The initial setup I had was the AirPort Express joined to my main wireless network. I was able to configure the AirPort by connecting to it wirelessly from my Mac and running the AirPort configuration utility to join it to my existing network. This configuration worked great.

Eventually, I was able to plug the AirPort into my wired network. I set it up as a separate access point that I could use in a different area of the house and also used it to pipe some music to my stereo. This worked even better because there was no more wireless connection between the AirPort and the computer that was streaming music.

At this point I really looked into the AirPort setting and found it to be a pretty useful device. Besides from being wireless N compatable and using channels in the 5GHz range, it was also able to:

  • Use the AirPort as a router for an internet connection and share the connection wirelessly.
  • Operate as a wireless access point on an existing network.
  • Extend another wireless network.
  • Become a client of another wireless network in order to stream music wirelessly.

This turned out to be an incredibly useful, and tiny, device. It is also nice that Remote on an iPhone or iPod touch is able to control remote speaker volume and select which speakers music is played from.