Method ‘Upgrade’ in type ‘Microsoft.SharePoint.WorkflowServices.WorkflowServiceApplicationProxy’ Sharepoint 2013 pre SP1

We have an old install of Sharepoint 2013 which has the March 2013 PU installed. A bunch of security updates slipped through which patched Sharepoint. You will get the following error:

Method 'Upgrade' in type 'Microsoft.SharePoint.WorkflowServices.WorkflowServiceApplicationProxy' from assembly 'Microsoft.SharePoint.WorkflowServices, Version=15.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c' does not have an implementation.

This is apparently caused by newer security updates shipping with Sharepoint 2013 SP1 dll files. In order to fix this issue, download and install KB2880963. The install may take some time.

Installing 3CX v15 on Azure with Debian

I spent hours trying to sort out how to install 3CX on Microsoft’s Azure platform. Even though Microsoft Azure has a Debian 8.0 Jessie image, things do not quite go to plan. Also be aware, this isn’t officially supported, and as this post will show, we know why.

Here we go.

    1. Create a new Debain 8 instance in Azure. Configure this however you like.
      chrome_2016-11-18_22-50-38
    2. Once installed, SSH to your new instance.
    3. Once logged in, run the following commands:
      wget -O- http://downloads.3cx.com/downloads/3cxpbx/public.key | apt-key add -
      echo "deb http://downloads.3cx.com/downloads/3cxpbx/ /" | tee /etc/apt/sources.list.d/3cxpbx.list
      apt-get update
      apt-get install 3cxpbx

      Install all the things.

    4. Once installed, you will see the following. I suggest the web method
      putty_2016-11-18_22-53-31
    5. You will also need to open this port on Azure
      chrome_2016-11-18_22-54-47
    6. Now we are in business. BUT YOU ARE GOING TO RUN IN TO A BIG ISSUE. This is to do with the default template with the postgres database. If you don’t fix it, you will get the following error (text included for Google searches
      System.Exception: Error in CreatingCloudServerManagementDatabase.sql: 22023: new encoding (UTF8) is incompatible with the encoding of the template database (SQL_ASCII) ---> Npgsql.PostgresException: 22023: new encoding (UTF8) is incompatible with the encoding of the template database (SQL_ASCII) at Npgsql.NpgsqlConnector.DoReadMessage(DataRowLoadingMode dataRowLoadingMode, Boolean isPrependedMessage) at Npgsql.NpgsqlConnector.ReadMessageWithPrepended(DataRowLoadingMode dataRowLoadingMode) at Npgsql.NpgsqlDataReader.NextResultInternal() at Npgsql.NpgsqlDataReader.NextResult() at Npgsql.NpgsqlCommand.Execute(CommandBehavior behavior) at Npgsql.NpgsqlCommand.ExecuteScalarInternal() at PostInstall.DBConnection.ExecuteScriptInternal(NpgsqlConnection connection, String sqlQuery, IDictionary`2 parameters) at PostInstall.DBConnection.ExecuteScript(String sqlQuery, IDictionary`2 parameters) at _3CXCloudDBManager.DbConnectionExtensions.ExecuteScript(IDBConnection connection, Object configurationStructure, String scriptText, Boolean asResourceName) --- End of inner exception stack trace --- at _3CXCloudDBManager.DbConnectionExtensions.ExecuteScript(IDBConnection connection, Object configurationStructure, String scriptText, Boolean asResourceName) at _3CXCloudDBManager.CloudDBManager.CreateCloudServerManagementDatabase(IDBConnection superuser, CloudServerManagementDatabaseConfiguration configuration) at PostInstall.SetupExecutor.CreateDatabase(Action`1 stateChanged) at PostInstall.SetupExecutor.ExecuteSetup(SetupSettings setupSettings, Action`1 stateChanged) at PbxWebConfigTool.PbxSetupService.CreatePbxInternal(SetupSettings settings)

      chrome_2016-11-18_22-32-58

    7. Let’s fix this. Trying to login to psql is going to give you an error. So you need to type the following:
      sudo su - postgres
    8. Type psql and enter the followin
       UPDATE pg_database SET datistemplate = FALSE WHERE datname = 'template1';
      DROP DATABASE template1;
      CREATE DATABASE template1 WITH TEMPLATE = template0 ENCODING = 'UNICODE';
      UPDATE pg_database SET datistemplate = TRUE WHERE datname = 'template1';
      \c template1
      VACUUM FREEZE;
      \q
      

      spotify_2016-11-18_23-03-04

    9. Now run through the web setup on http://yourip:5015 and you will no longer get the error
      chrome_2016-11-18_23-04-40

If this saved you a huge amount of pain, please leave a comment 🙂

ERR_SPDY_INADEQUATE_TRANSPORT_SECURITY Server 2016/Exchange 2016

Over the weekend I’ve been installing Microsoft Server 2016 with Exchange 2016 on top. Once my SSL certificates were loaded, I got the following error when accessing OWA

ERR_SPDY_INADEQUATE_TRANSPORT_SECURITY

I’ve seen this before on Apache. However, I was amused that this was an issue with Server 2016 since I thought that Microsoft would have disabled the Cipher suites used which cause this error. Apparently not.

A brute-force way to quickly fix this is to disable SPDY. To do this, open up the following registry key

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Http\Paramaters

Add the following two dword keys

EnableHttp2Cleartext 0
EnableHttp2Tls 0

It should look like the following

vmware_2016-10-30_17-00-25

You can likely disable your offending cipher suites by following these guidelines.

Update 1: I solved my issue by disabling SHA and MD5 hashes on the Exchange server using IISCrypto. See below:

IIS Crypto

Chrome: Aw, Snap – Windows 10

Microsoft has released a new update. This update causes Google Chrome to produce an Aw, Snap error whenever opening Chrome. Even if you click on the settings page.

There have been fixes, such as the –no-sandbox command line. However, this isn’t a nice solution.

The best way (for now), is to set compatibility mode on all users to Windows 7.

To do this, navigate to:

  1. C:\Program Files (x86)\Google\Chrome\Application
  2. Right click on Chrome.exe and select properties.
  3. Click Compatibility
  4. Select Change Settings for All Users
    dllhost_2016-09-20_15-01-09
  5. Select Run this in compatibility mode for Windows 7
    dllhost_2016-09-20_15-02-27
  6. Click Ok

This will change the compatibility mode for all users. If you do not select all users, the setting will revert after the first time it’s run.

PHP Fatal error: Uncaught Error: Call to undefined function xml_parser_create()

I’ve recently upgraded this WordPress site to PHP7, along with Ubuntu 16. When logging in today, I received an error 500.

Looking through the /var/log/apache2/error.log I found

[Wed Sep 07 21:25:43.730755 2016] [:error] [pid 710] [client 84.247.81.102:43280] PHP Fatal error:  Uncaught Error: Call to undefined function xml_parser_create() in /var/www/tecfused.com/public_html/w               p-includes/class-IXR.php:264\nStack trace:\n#0 /var/www/tecfused.com/public_html/wp-includes/class-IXR.php(464): IXR_Message->parse()\n#1 /var/www/tecfused.com/public_html/wp-includes/class-IXR.php(432               ): IXR_Server->serve('<?xml version="...')\n#2 /var/www/tecfused.com/public_html/wp-includes/class-IXR.php(440): IXR_Server->__construct(Array, false, false)\n#3 /var/www/tecfused.com/public_html/wp-in               cludes/class-wp-xmlrpc-server.php(197): IXR_Server->IXR_Server(Array)\n#4 /var/www/tecfused.com/public_html/xmlrpc.php(84): wp_xmlrpc_server->serve_request()\n#5 {main}\n  thrown in /var/www/tecfused.c               om/public_html/wp-includes/class-IXR.php on line 264

This is because the XML module is missing. you can check this by typing php -m from the command line:

root@tecfused:~# php -m
[PHP Modules]
calendar
Core
ctype
date
exif
fileinfo
filter
ftp
gettext
hash
iconv
json
libxml
mysqli
mysqlnd
openssl
pcntl
pcre
PDO
pdo_mysql
Phar
posix
readline
Reflection
session
shmop
sockets
SPL
standard
sysvmsg
sysvsem
sysvshm
tokenizer
Zend OPcache
zlib

To fix this, type the following:

apt-get install php7.0-xml

Then

service apache2 restart

Your WordPress site should now be working. You can check your modules to make sure.

root@tecfused:~# php -m
[PHP Modules]
calendar
Core
ctype
date
dom
exif
fileinfo
filter
ftp
gettext
hash
iconv
json
libxml
mysqli
mysqlnd
openssl
pcntl
pcre
PDO
pdo_mysql
Phar
posix
readline
Reflection
session
shmop
SimpleXML
sockets
SPL
standard
sysvmsg
sysvsem
sysvshm
tokenizer
wddx
xml
xmlreader
xmlwriter
xsl
Zend OPcache
zlib

Veeam Backup Fails: VSS Writer Errror 0x800423f4 (Azure AD Connect)

Hi Guys.

An interesting issue over the last few days. Our backup logs have had the following failures in Veeam.

Unable to release guest. Error: Unfreeze error (over VIX): [Backup job failed. Cannot create a shadow copy of the volumes containing writer's data. A VSS critical writer has failed. Writer name: [SqlServerWriter]. Class ID: [{a65faa63-5ea8-4ebc-9dbd-a0c4db26912a}]. Instance ID: [{6323fe10-0205-47df-b015-4a5ff60c31e2}]. Writer's state: [VSS_WS_FAILED_AT_PREPARE_SNAPSHOT]. Error code: [0x800423f4].]
Error: Unfreeze error (over VIX): [Backup job failed. Cannot create a shadow copy of the volumes containing writer's data. A VSS critical writer has failed. Writer name: [SqlServerWriter]. Class ID: [{a65faa63-5ea8-4ebc-9dbd-a0c4db26912a}]. Instance ID: [{6323fe10-0205-47df-b015-4a5ff60c31e2}]. Writer's state: [VSS_WS_FAILED_AT_PREPARE_SNAPSHOT]. Error code: [0x800423f4].]

Digging through the event logs, you will see errors like the following:

  1. Inital backup
    SQLVDI: Loc=SignalAbort. Desc=Client initiates abort. ErrorCode=(0). Process=19908. Thread=18488. Client. Instance=LOCALDB#SH7A2278. VD=Global\{C7140958-2759-4979-BA55-0E3F258064ED}1_SQLVDIMemoryName_0.

    vpxclient_2016-09-08_13-09-55

  2. Followed by
    A VSS writer has rejected an event with error 0x800423f4, The writer experienced a non-transient error. If the backup process is retried,
    the error is likely to reoccur.
    . Changes that the writer made to the writer components while handling the event will not be available to the requester. Check the event log for related events from the application hosting the VSS writer. 
    
    Operation:
     PrepareForSnapshot Event
    
    Context:
     Execution Context: Writer
     Writer Class Id: {a65faa63-5ea8-4ebc-9dbd-a0c4db26912a}
     Writer Name: SqlServerWriter
     Writer Instance Name: SQL Server Code-Named 'Denali' CTP2:SQLWriter
     Writer Instance ID: {2f97c809-8eb4-431c-93ac-b0f81e610013}
     Command Line: "C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe"
     Process ID: 19908

    mstsc_2016-09-08_13-17-47

    mstsc_2016-09-08_13-18-02

We have found this issue is related to an update of the Microsoft Azure AD Connect client.

On all servers that were affected by this, we had just upgraded to the latest Azure AD Connect client. This seems to corrupt the SQL writer somehow.

We haven’t seen many reports of this. There are various fixes for the 0x800423f4 error, but the easiest fix is to repair the LocalDB SQL instance.

To do this:

  1. Go to Add/Remove Programs
  2. Select Microsoft SQL Server 2012 Express LocalDB
  3. Select Repair
    vpxclient_2016-09-08_13-11-17

Once this is finished, you will need to reboot.

We had this issue with many servers. This process fixed it on everyone.

VMWare Workstation: The VMware Authorization Service is not running

This error can occur after the Windows 10 update, either 1511 or 1607.

This issue occurs as part of the upgrade removes the VMWare authorization service. If you click Start->Run and type service.msc you will see the service missing.

Go to Control Panel->Add/Remove Programs and repair your VMWare Workstation installation.

The other option is to update your version. Ensure you have the correct licensing before you do this.

Block xmlrpc.php attacks with fail2ban + iptables wordpress

One of the issues I’ve faced on this server is xmlrpc.php attacks. These are normally bots trying to exploit old bugs in xmlrpc.php within WordPress. Many legit plugins use calls to this file such as Jetpack. So blocking it isn’t really an option.

In my case, I wanted to block these attacks with iptables. So I went about creating a rule using fail2ban.

To get started, get iptables and fail2ban installed:

apt-get install fail2ban iptables

Once installed, edit the default jail file. This won’t exist on a new install

nano /etc/fail2ban/jail.local

Add the following lines (make sure the path matches your own)

[xmlrpc]
enabled = true
filter = xmlrpc
action = iptables[name=xmlrpc, port=http, protocol=tcp]
logpath = /var/log/apache2/access.log
bantime = 43600
maxretry = 2

Now edit the following file (this won’t exist)

nano /etc/fail2ban/filter.d/xmlrpc.conf

Add the following lines

[Definition]
failregex = ^<HOST> .*POST .*xmlrpc\.php.*
ignoreregex =

Restart the fail2ban service

service fail2ban restart

You can watch the log in real-time to ensure it’s blocking correctly:

tail -f /var/log/fail2ban.log

putty_2016-08-12_13-25-33

IBM v3700 + Fusion MT HBA + Lenovo x3650 M5 – Multipath issue on VMWare 6

I’ve been working on an issue for the past week with the following hardware/software:

3x Lenovo x3650 M5 Type 5462
6x Fusion-MPT 12GSAS SAS3008 (two each host)
1x IBM v3700 SAN
VMWare 6.0 U2 (Lenovo image)

The HBA’s and SAN were configured in the following manner:

FC-attach+(1)

What I didn’t realise early on was that multipathing from the SAN to VMWare was not working. As I was in a rush, I saw the SAS connections were live. The SAN said everything was ok, so I didn’t think twice.

However, on closer inspection on the SAN, I found that only one SAS HBA on each host was active. Hmm, what was going on?

Capture (1)

VMWare was also reporting the same issue:

cap2

Initially, I thought this was a SAN issue. I contacted support who checked out the SAN and couldn’t find any issue.

I then contacted VMWare who initially said the configuration was not supported (driver wise). Actually, what I found is VMWare were referring to the wrong driver.

After about a week of going back and forward, I noticed the drivers that were shipped with the Lenovo VMWare image were not the latest. I proceed to update the drivers which in turn, enabled multi-pathing in VMWare.

VMWare:

chrome_2016-08-09_21-50-40

SAN:

chrome_2016-08-09_21-57-30

This was quite a simple issue but made a bit more complicated as all the hardware seemed supported and at the right driver level.

The correct driver was the lsi-msgpt3 driver found here. lsi-msgpt3 version lsi-msgpt3 version 13.00.00.00-1OEM. The installed version was lsi-msgpt3 version 12.00.00.00-1OEM.

Sometimes it pays to check the basics.

Fosshub.com compromised – Malware on popular downloads

As discovered tonight, popular download website, Fosshub, has been compromised.

Hackers have targeted popular downloads such as Audacity, WinDirStat, qBittorrent, MKVToolNix, Spybot Search&Destroy, Calibre, SMPlayer, HWiNFO, MyPhoneExplorer, IrfanView and others.

https://twitter.com/CultOfRazer/status/760668803097296897

When installing these programs from Fosshub, you will be infected with malware. This malware will re-write your MBR and you will not longer be able to boot into your operating system.

https://twitter.com/CultOfRazer/status/760752941066313728

CultOfTheRazor has claimed responsibility.