Archive for the ‘Bugs and Fixes’ Category

The difficulties of installing an SSL certificate on a ZyXEL ZyWall USG 300 firewall (if even possible!)

Having spent some time trying to install an SSL certificate from a trusted certification authority on this product, I felt I should share my findings as they might save someone else the headaches and time I had to spend on this.

For reference I used a ZyXEL ZyWall USG 300 with Firmware version: 2.20(AOE.6) / 1.11 / 2011-10-05 11:51:34

I assume this information is the same for pretty much all versions of ZyWall products, but I can not confirm this from own testing as I only had access to one edition.

About Intermediate SSL certificates

All certificates today that want to enjoy the WebTrust approval must use intermediate issuing certificate authorities, this means that a root certificate is no longer allowed to directly issue server certificates for customers. This makes good sense security wise, as it is much harder for a hacker to gain access over the root certificate when it is not online and in case of a compromise, it should be sufficient to close the intermediate, without having to "remove/uninstall" the root from every client in the world.

So most professional products around that uses SSL certificates must be able to install both a server certificate and the intermediate issuing certificate, because the client only knows the root certificate, it needs the server to give it both.

Installing SSL certificates on ZyXEL ZyWall USG 300 (the good part)

Go into Configuration -> Object -> Certificate

Some things to have in mind when installing Read the rest of this entry »

How to get rid of the anoying syntax error popup message when using Internet Explorer with Java so your mother-in-law will stop buggin’ you about it

Quite some time ago I encountered this error the first time, to be honest i can not even remember when it was. But I do know it was Windows 7 and Internet Explorer fully updated, together with the current Java runtime environment that gave me the problem, but I am getting ahead of myself.

Problem description:

  • Using Internet Explorer, Windows 7 and Java Runtime Environment - all updated to latest editions on completely clean installations
  • On all webpages loading Java the following error message appears twice (x2, two times, 2 times).
    Title: "Microsoft JScript compilation er...".
    Error message: "Syntax error".

Extra bonus information:

  • I have experienced this problem on Windows 7 with and without service packs, Internet Explorer 8 and 9
  • Usually the problem appears from "birth" with default settings
  • Settings in Internet Explorer for showing errors, debugging scripts, etc. are all set to default i.e. not to anoy the user
  • The error always comes two times and has absolutely no usefull information
  • The Java application works fine without any errors, the only error is the actual message about the error and yes it is realy anoying

So to continue... Read the rest of this entry »

How to fix missing PPTP Interfaces from RRAS console in ISA 2006 and stop a memory leak in the process

All PPTP VPN interfaces in ISA 2006 (sp1) disappeared from the Routing and Remote Access Service console, this problem was a cool problem both because it was challenging but also due to the unexpected results and solutions we found.

The first google attempt at finding a solution told us to try the following workaround - Not recommended!

  • Run the following command: C:\> netsh int ip reset c:\resetlog.txt

Well this solution might fix the problem here and now, but you might as well turn to the good old solution of restarting your server every time it fails, because this solution will do the following.

  • Enable DHCP and remove all IP configuration of all interfaces.
    Not the smartest move on a server, and you are stuck with having to retype all your settings again.
  • Most likely the problem will reappear again, since it does not fix the problem.

Now looking deeper into the error, we started looking at event logs - nothing here to help us (let us know if you had any usefull info here for this error). Then we tried various other things, including looking at a snapshot of the memory usage (you can just open taskmgr.exe) and found something surprising. Wspsrv.exe was using more memory handles than all other processes combined on the machine. A memory leak! It has been several years since I ran into a memory leak, it used to be the most common problem for programmers to avoid, but I rarely see them any more. Read the rest of this entry »

Todays update from Microsoft (KB974571) makes Office Communication Server think it is an expired evaluation!

The updates I mentioned in a previous post here http://www.sole.dk/post/microsoft-security-bulletin-for-october-2009/

Happened to have an update that kills Office Communication Server 2007 all editions (R2/Standard/Enterprise) and Live Communication Server 2005 (and SP1 edition).

The error that comes up in the event logs is that the server believes that it is an evaluation and just expired with this message: "The evaluation period for Microsoft Office Communications Server 2007 R2 has expired. Please upgrade from the evaluation version to the full released version of the product."

I also got this message in the event logs: "Error Code: C3E93C23 (SIPPROXY_E_INVALID_INSTALLATION_DATA)"

Event ids logged: 12290 Read the rest of this entry »

How to fix problems with automatic updates not installing hotfixes and service packs

Microsoft UpdatesSometimes the automatic updates service is interupted while updating the machine, this can result in updates with corrupted data that prevents the service from installing the updates correctly and failing the service. This means the machine will never get past the updates that are giving an error and continue to try and install over and over. This happens on just about any Windows machine that uses Automatic Updates, including Windows XP, Windows Vista, Windows Server 2003 and Windows Server 2008.

  • The error prevents the workstation or server in installing updates, roll up packs, hotfixes and service packs, both manually and automatically.
  • The error can also be that the Cryptographic service will not start correctly.
  • The event error message contains information like not able to verify integrity of update.inf and similair.
  • The error is in the verification of the update in Microsoft, this authentication is done with certificates by the Cryptographic service. 

The reason I am describing this error, is that it seems pretty normal, it can happen from servers being shutdown due to power failure, crashes, etc. It took me some while to find any good information on how to correct this error, or more correctly I found alot of information but little that helped.

Read the rest of this entry »

How to fix Exchange 2007 RPC over HTTPS/Outlook Anywhere on Windows Server 2008

A small but anoying bug in Microsoft Exchange 2007 in combination with Windows Server 2008, will under certain conditions make Outlook Anywhere (OA) fail no matter how correct your settings are in Exchange 2007.

The Outlook Anywhere error only shows under theese conditions.

  • Any Exchange 2007 version
  • Client Access Server (CAS) and Mailbox Server roles installed on the same server
  • Operating system any version and edition of Windows Server 2008, with RPC Proxy feature installed (required for OA).

The reason for the bug and the fix is very simple...

Read the rest of this entry »