VMWare Security Advisory for ESXi and ESX in openwsman

VMware has released a Security Advisory (VMSA-0008-0015) indicating it has updated the ESXi and ESX 3.5 packages to address a vulnerability in “openwsman”. This vulnerability is due to several buffer overflow conditions in the handling of HTTP basic authentication headers. Exploitation of this vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code on the host running ESXi or ESX.

US-CERT encourages users and administrators to review VMware Security Advisory VMSA-0008-0015 and apply any necessary updates to help mitigate the risks.

http://www.us-cert.gov/current/index.html#vmware_releases_security_advisory_vmsa

Resolving DNS Event ID: 4515 – Duplicate DNS Zones

While working on a server today I ran into a reoccurring DNS event error:

This error hits the event log every time you start the DNS Service

Source: DNS
Type: Warning
Event ID: 4515

MicrosoftDNS but another copy of the zone has been found in directory partition DomainDnsZones.Domain.local. The DNS Server will ignore this new copy of the zone. Please resolve this conflict as soon as possible.

If an administrator has moved this zone from one directory partition to another this may be a harmless transient condition. In this case, no action is necessary. The deletion of the original copy of the zone should soon replicate to this server.

If there are two copies of this zone in two different directory partitions but this is not a transient caused by a zone move operation then one of these copies should be deleted as soon as possible to resolve this conflict.

Some online searching led me to the Microsoft Knowledgebase article here.

In my case the following steps resolved the issue:

First I started with Option 1:

For Option 1: [ForestDNSZones]

1. Click Start, click Run, type adsiedit.msc, and then click OK.
2. In the console tree, right-click ADSI Edit, and then click Connect to.
3. Click Select or type a Distinguished Name or Naming Context, type the following text in the list, and then click OK:

DC=ForestDNSZones, DC=contoso, DC=com
4. In the console tree, double-click DC=ForestDNSZones, DC=contoso, DC=com.
5. Double-click CN=MicrosoftDNS, and click the zone (contoso.com). You should now be able to view the DNS records which exist in this DNS partition. If you desire to remove this partition, right-click on contoso.com and then click Delete.

Note Deleting a zone is a destructive operation. Please confirm that a duplicate zone exists before you perform a deletion.

6. If you have deleted a zone, restart the DNS service. To do this, follow these steps:

a. Click Start, point to All Programs, point to Administrative Tools, and then click DNS.
b. In the console tree, right-click contoso.com, point to All Tasks, and then click Restart.

I was able to verify the DNS Zone existed there like the event log stated.

Next I Opened the Domain level with Option 2:

For Option 2: [DomainDNSZones]

1. Click Start, click Run, type adsiedit.msc, and then click OK.
2. In the console tree, right-click ADSI Edit, and then click Connect to.
3. Click Select or type a Distinguished Name or Naming Context, type the following text in the list, and then click OK: DC=DomainDNSZones,DC=contoso,DC=com.
4. In the console tree, double-click DC=DomainDNSZones,DC=contoso,DC=com
5. Double-click CN=MicrosoftDNS, and click the zone (contoso.com). You should now be able to view the DNS records which exist in this DNS partition. If you desire to remove this partition, right-click on contoso.com and then click Delete.

Note Deleting a zone is a destructive operation. Please confirm that a duplicate zone exists before you perform a deletion.

6. If you have deleted a zone, restart the DNS service. To do this, follow these steps:

a. Click Start, point to All Programs, point to Administrative Tools, and then click DNS.
b. In the console tree, right-click contoso.com, point to All Tasks, and then click Restart.

I was again able to confirm the duplicate zone existed.

I Before making any changes I fired up my backup software and took a system state backup of my DC.

Next I removed the duplicate Zone using ADSIEdit

Finally I restarted the DNS Server Service to verify the Event Log didn’t return.

Repairing Volume Shadow Copy Services

One of my coworkers at Adoni Networks ran into an issue tonight where backup software wouldn’t run.  The first software Acronis Trueimage kept crashing with the following error:

faulting application TrueImageService.exe  faulting module TrueImageService.exe fault address 0x00450f9c

After several attempts to correct the problem we switched to a backup software, DriveImage XML.  It failed backup while complaining that volume shadow services were not running however when he checked the services volume shadow copy showed running.

Checking the event logs revealed the following error:

Volume Shadow Copy Service initialization error: the control dispatcher cannot be started [0x80070427].

After some digging he found the folloiwng Microsoft Article: http://support.microsoft.com/kb/940032

The article details the following Steps to reregister Volume Shadow copy services:

1. Click Start, click Run, type cmd, and then click OK.
2. Type the following commands at a command prompt. Press ENTER after you type each command.

cd /d %windir%\system32
Net stop vss
Net stop swprv
regsvr32 ole32.dll
regsvr32 oleaut32.dll
regsvr32 vss_ps.dll
vssvc /register
regsvr32 /i swprv.dll
regsvr32 /i eventcls.dll
regsvr32 es.dll
regsvr32 stdprov.dll
regsvr32 vssui.dll
regsvr32 msxml.dll
regsvr32 msxml3.dll
regsvr32 msxml4.dll

Note The last command may not run successfully.

3. Perform a backup operation to verify that the issue is resolved.

VMware Launches VMware Fusion 2.0 – The Second Generation of Its Award-Winning Windows-on-Mac Software

VMware Launches VMware Fusion 2.0 – the second generation release of it’s software made to allow windows to run in Mac OS X.  I have been a user of VMware fusion through the entire beta and it’s a great upgrade.  With added support for more 3D technologies and games, mirroring of key folders such as desktop and pictures, and an improved interface it’s a great upgrade.  VMware has also released 2.0 as a free upgrade for existing 1.0 users.  Check out the original news release here and give the product a try.

Mac OS X 10.5.5 Available for Download Now

The following news, courtesy of Gizmodo showed up in my RSS Reader – original story here.

Mac OS X 10.5.5 update just hit Software update, and has a laundry list of fixes for not just the OS core, but apps like iCal and Mail, as well as the MobileMe and Time Machine services. TUAW got a heads up from it’s readers, and shortly after, it popped up in our Software Update. Check out the update list below. [Apple via TUAW]

What’s included?

General

* Includes recent Apple security updates.
* Addresses stability issues with video playback, processor core idling, and remote disc sharing for MacBook Air.
* Addresses an issue in which some Macs could unexpectedly power on at the same time each day.
* Resolves a stability issue in TextEdit that could be found when accessing the color palette.
* Improves Spotlight indexing performance.
* Fixes an issue in which contacts might not sync properly with PalmOS-based devices.
* Improves iPhone sync reliability with iCal and Address Book.
* Includes improvements to Active Directory (see this article for more information).
* Improves Speech Dictionary.
* Fixes Kerberos authentication issues for Mac OS X 10.5 clients that connect to certain Samba servers, such as Mac OS X Server version 10.4.
* Includes extensive graphics enhancements.

Address Book

* Addresses stability issues that may occur when creating a Smart Group.
* Resolves a printing issue with address cards containing information that spans more than one page.

Disk Utility and Directory Utility

* Improves reliability when rebuilding a software mirror RAID volume in Disk Utility.
* Improves reliability of server status displayed in Directory Utility.

iCal

* Updates iCal to more accurately handle repeating events.
* Improves performance when choosing meeting attendees.
* Resolves an issue in which the “Refresh All” option may be dimmed (“grayed out”) in the contextual menu for certain calendars.
* Fixes issues with read-only calendars.
* Addresses an issue that prevents an invitee from moving an event to a different calendar.
* Resolves an issue with syncing published calendars.

Mail

* Addresses performance issues related to displaying IMAP messages.
* Resolves an issue with SMTP settings for AIM, Compuserve, Hanmail, Yahoo!, and Time Warner Road Runner email accounts.
* Addresses stability issues that may occur when dragging a file to the Mail icon in the Dock.
* Addresses an issue with the “Organized by Thread” view in which the date does not appear when the thread is collapsed.
* Resolves an issue in which RSS feeds could temporarily disappear from the sidebar.
* Improves Mail robustness when sending messages.
* Improves reliability when saving drafts that have attachments.

MobileMe

* Improves overall sync reliability.
* Improves Back to My Mac reliability.

Time Machine

* Improves Time Machine reliability with Time Capsule.
* Addresses performance issues that may affect initial and in-progress backups.
* Fixes an issue in which an incorrect alert message could appear stating that a backup volume does not have enough free space.
* Time Machine can now back up iPhone backups that are on your Mac, as well as other items in (~/Library/Application Support).

ESXi: Could not power on VM: Admission Check Failed

After building a dev server on the newly free ESXi software from VMware I tried to add a couple VM’s – The first virtual machine ran great however the second would fail with the following error:

“Could not power on VM: Admission check failed for memory resource”

After some digging I found the following thread on VMWare forums:
http://communities.vmware.com/thread/140488?tstart=0&start=15

It seems in my case my server which only has 1GB of Ram currently could not support the overhead of running 2 virtual machines due to a system memory reservation.  The fix was easy, buy more Ram.  However, I wanted to have both VM’s running right away and further down the page I found a fix:

The Memory Reservation on the Resource Allocation tab reflects the portion of memory that ESXi thinks it can give to VMs (i.e. Virtual Machines memory – VM memory overhead). With ESX regulary that number is around 200 MB but with ESXi its up around 700 MB. Not such an issue when you have 16 GB, but it is with 1 / 2 GB. To free up some more memory

1) Go to Configuration \ system resource allocation
2) Click on advanced.
3) Find the VIM object and change the reservation from 512 MB to 192 MB.

Sure enough I could now launch two virtual machines however I was then greeted by a second error:

“Could not power on VM: Admission check failed for cpu resource”

Here again my server only had 1 CPU with Hyperthreading (an older xeon).

Some experimenting resulted in a solutiion:

On each of my virtual machines I went into edit settings – then into the Resources Tab.

I configured my CPU with a reservation of 0Mhz, then I verified that Advanced CPU had Hyperthreaded Cored Shared Mode set to Any.  I was then able to launch both of my virtual machines without issue.

Featured Tool – Anti-Malware Tookit

I came across a great tool today for malware removal – The Anti-Malware Toolkit is a program that contains a collection of applications available to download to help a user clean their computer and keep it in excellent running condition.  Many of the tools it downloads I already use to clean up malware infestations – now their avaialble in one easy to use utility.  Find our More or give it a try at http://wiki.lunarsoft.net/wiki/Anti-Malware_Toolkit