Archive for News

Ransomware Still Causing Havoc

Nearly two years ago (October 2013) I wrote a blog post titled “Beware Cryptolocker Malware Madness”, a warning about a new strain of ransomware called “Cryptolocker”.  At that time, I immediately implemented new protection software and strengthened security policies on the servers and workstations that I manage.

The Detroit Free Press recently ran an updated article about ransomware attacks on computers:

image

During these past two year, there have been several new variations of this malware threat. It has found its way into home computers as well as multi-national companies. Unfortunately, it is not easily detected by security or anti-virus programs. I have had to cleanup a ransomware attack only three times. In all three cases, we had backups available to restore those files that had been encrypted.

When a computer has been attacked, the virus begins to put a highly secured password on all your files. Suddenly, you find that you cannot open up letters, pictures, spreadsheets, as well as data files (Quicken, QuickBooks, etc.). And, if your computer is on a home or business local network, this ransomware can quickly spread to other computers or servers.

The reason it is called “ransomware” is because you generally have 72 hours to pay their ransom, which can range from $200 to thousands of dollars, to unlock your files. Unless you have a backup of those files, you either pay the ransom or lose those files for good.

In the near future I will be communicating with my clients on additional security precautions I will be recommending to minimize the threat and damage caused by this malware.

Will there be a Windows Server Essentials 2016?

imageWindows 10 for desktops and mobile devices is just around the corner.

That would be July 29th if you’ve been on vacation! –>

And … the next version of Windows Server will be Windows Server 2016.

The current version is Windows Server 2012, which includes a specific (post-SBS) version called Windows Server 2012 R2 Essentials.

So, it is only fair to have people ask: “Will there be also be a Windows Server 2016 Essentials (W2016E for short) released?”image

The following public Technet article mentions W2016E by name. So it would be a reasonable conclusion to think that they are planning on a W2016E version.

But — given that Server 2016 will not be rolled out until next year, things can always change.

http://blogs.technet.com/b/sbs/archive/2015/07/23/client-connector-availability-with-windows-home-server-small-business-server-and-windows-server-essentials-for-supported-client-os.aspx

image

Funny Quotes about the Internet and the Cloud

I don’t generally post funny things on this blog site, but these two quotes, worth re-quoting, were sent to me this week. I had such a good laugh from both of them that I wanted to share them with everyone.IMG_1400

This first one reminds me of something my dad shared with me when I was a teenager: “Don’t believe everything you read”. This has been updated for the 21st century:

The trouble with quotes from the Internet is that you can never know if they are genuine. Signed, Abraham Lincoln”

The second one answers a question that I am often asked by customers and friends:
“What is ‘the cloud’?”

imageI usually respond with this analogy: “If I move your computer box to another room where you can’t see it, but you can keep your monitor, keyboard and mouse and you can continue to work – that’s ‘the cloud’. It’s a computer you can’t see!”

“There is NO CLOUD, just some other people’s computers”

MaxFocus Releases BitDefender Support for Their RMM Solution

MaxFocus (formerly GFI) formally released today a new AV engine, powered by BitDefender, for their Remote Management (RMM) platform. You can read the details on their blog site.

Their current AV engine (Vipre) will be supported for the near future, which will allow us to test and transition customers to BitDefender in an orderly manner.

For MSPs, like myself, there are several new things that will make managing AV easier and better:

  1. imageThere are only three policies (server, desktop and laptop) with BD, versus separate policies for different O/S and Server versions
  2. Snooze feature allows you to temporarily disable the Managed Antivirus (MAV) for up to one hour when doing system maintenance on a device. Previously, you would need to create a “Disable AV” policy and then move a device or system to that policy.
  3. Direct communication from the dashboard to MAV managed devices is now available. This means that scanning and update commands are sent instantly, rather than waiting for the next time the device checks in with the system.

Customers and users may ask why a new AV engine?

The threat landscape in today’s environment is constantly changing. So it is critical that we offer the best solution for antivirus and malware protection . Some of the benefits for customers are;

  1. BitDefender has been shown to be more effecting against fighting malware and viruses, with less false positives
  2. Behavioral (heuristic) scanning is added, along with Active Protection, provides another layer of defense

For your reading pleasure:

image

Support for Windows Server 2003 ends today

The end of an era occurs today when Microsoft officially drops extended support for Windows Server 2003.

This means that Microsoft will no longer issue security updates for any version of Windows Server 2003, which includes Small Business Server 2003, and Windows Home Server.

image

Samsung 850 EVO SSD crashes Windows 2012 R2 Server

I have personally used Samsung’s 850 SSD drives in a few workstations, and they appear to work great.

However, there are several recent posts of Windows 2012 R2 and 2012 R2 Essentials servers crashing. The common denominator? Samsung’s 850 EVO SSD drives.

One person wrote that a 2012 R2 Essentials server will produce 100% crashes. Any other 2012 R2 server will crash if the write cache is disabled, which happens when a server is promoted to a DC. Hopefully, it’s a firmware issue with those drives that Samsung can address. Also, the Samsung 840 SSD drives appear to work just fine, and does NOT cause similar crashes.

Here are some links for your further reading pleasure that identify the issues at hand:

https://social.technet.microsoft.com/Forums/windowsserver/en-US/81c6d52f-578c-44c8-a6ec-18c03a818295/cant-promote-server-2012-r2-to-domain-controller-get-error-0xc000021a?forum=winserverDS

https://social.technet.microsoft.com/Forums/windowsserver/en-US/ebc71806-37ab-49c4-9218-9964b30d958a/0xc000021a-during-server-2012-r2-essentials-setup?forum=winserveressentials

http://community.spiceworks.com/topic/869314-warning-do-not-use-samsung-850-evo-ssd-with-windows-server-2012-r2

Exchange 2007 SP3 Rollup 17 Released

The Microsoft’s Exchange Team released Rollup 17 for Exchange 2007 SP3 (KB 3056710) on June 16, 2015

This release provide minor improvements and fixes for customer reported issues.

Download Update Rollup 17 for Exchange Server 2007 SP3

Exchange 2010 SP3 Rollup 10 Released

The Microsoft’s Exchange Team released Rollup 10 for Exchange 2010 SP3 (KB 3049853) on June 16, 2015

This release provide minor improvements and fixes for customer reported issues. Update Rollup 10 is the last scheduled release for Exchange Server 2010. Exchange Server 2010 is in extended support and will receive security and time zone fixes on-demand on a go-forward basis.

Download Update Rollup 10 for Exchange Server 2010 SP3 (KB3049853)

Note: although RU10 is labeled as the last scheduled release for Exchange 2010, they indicate that a future update (RU11) will be required in order to support upgrading to Exchange 2016. But as no release date for Exchange 2016 has been announced, this information is subject to change.

How to Configure a Custom Domain Suffix when Installing Windows 2012 R2 Essentials

For as long as I can remember, Microsoft’s Small Business Server (SBS) and Essentials Server would default to using .local for the internal domain suffix during installation. So, if your company name was Contoso, it would create Contoso.local as your internal domain.

And for me, using .local worked great all these years. The customer would still use .com (such as Contoso.com) for their public web site and for their email address. Contoso.local was strictly for internal DNS purposes.

But SSL Certificate authorities have announced that they will not issue new UCC/SAN SSL certificates that contain non-public local Intranet domain suffixes (such as .local) or IP addresses.

See detail announcements from these vendors: GoDaddy   DigiCert  

So … the question was raised recently within my Microsoft MVP group: how does one install Windows Server 2012R2 Essentials with a custom internal domain suffix, since by default Essentials uses .local?

My good MVP friend, Robert Pearman, took the time to post a solution today on his blog site. He gives step by step instructions, along with screen shots:

http://titlerequired.com/2015/06/27/install-windows-server-essentials-with-a-custom-domain-suffix/

Here is a quick summary of the steps:

  • Perform the pre-install of Essentials 2012 R2
  • When the Essentials Configuration Wizard (ECW) starts up, click CANCEL.
  • From System Properties, change the name of your server
  • Now add Active Directory Domain Services as a server role (Systems Manager > Manage > Add Roles and Features) and use all the defaults.
  • Then run the Post Deployment task and promote the server to a domain controller.
    • Select to create a new forest and enter your root domain name.
    • Note: many now suggest using a subdomain of your public domain name. So if your public domain is Contoso.com, you might use Corp.Contoso.com)
    • After the pre-requisite check, use the defaults to complete the install of the server role.
    • After the server has rebooted, login as the domain admin, and the ECW will start up again.

Quickbooks dbdata11.dll and Vipre/MAV

Friday morning (6-26-2015) I started receiving calls from several of my customers saying that they could not run Quickbooks, and that they were getting an alert that the file “dbdata11.dll” has been quarantined.

image

With the help of other members of The ASCII Group, we quickly determined that it was a false positive due to a bad definition file update from Vipre (or the RMM version called MAV).

Soon after, MAXFocus (previously GFI) sent out a service status alert of the issue, and that it had been resolved with definition version 41468 and above. It was recommended to add the file (dbdata11.dll) to the Vipre/MAV exception list, before updating systems with the newer definition file.

Note: make an exception only for the file, and not the folder and file, as the folder name is randomly generated by QuickBooks.

That should have been it. Right? … Wrong!

I received a call from one of my users saying that one of their systems with QuickBooks installed on it had locked up. At about the same time they reported this issue, I received an email alert from the RMM service I use saying that the C: drive of this system had dropped to below 20% free space.

Once we got the system rebooted, I logged in and discovered that there 44,175 folder taking up nearly 62GB of disk space. The location of these folders were in C:\Users\QBDataServiceUser22\appdata\local\temp. Each of these folders contained a single file: dbdata11.dll.

It turns out that every time Vipre/MAV quarantined this file, QuickBooks created a new temp folder with the same file!

So once I had the A/V definition file updated, and we rebooted the system, I went in and safely deleted all 44,175 folders! 

What a fun way to spend a Friday!