Monthly Archives: September 2012

vCenter ADWS error

After checking the logs of my newly installed vCenter host (on ESXi 5.1 server) I came across the following error:

Sep 27 02:33:23 1.2.3.4 ADWS[1209] Category:ADWS Instance Events; User:; Active Directory Web Services encountered an error while reading the settings for the specified Active Directory Lightweight Directory Services instance. Active Directory Web Services will retry this operation periodically. In the mean time, this instance will be ignored.Instance name: ADAM_VMwareVCMSDS

also in the Windows event viewer this error was easy to spot:

Log Name: Active Directory Web Services
Source: ADWS
Date: 9/27/2012 12:58:23 PM
Event ID: 1209
Task Category: ADWS Instance Events
Level: Warning
Keywords: Classic
User: N/A
Computer: host
Description:
Active Directory Web Services encountered an error while reading the settings for the specified Active Directory Lightweight Directory Services instance. Active Directory Web Services will retry this operation periodically. In the mean time, this instance will be ignored.

Instance name: ADAM_VMwareVCMSDS

To resolve this error open regedit and go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\ADAM_VMwareVCMSDS\Parameters
Find and delete the parameter called “Port SSL” and recreate it as DWORD (same name) and with the value 636 (decimal)
After restarting the “Active Directory Web Services” service the error should be gone.

Server Message Block (SMB) signing enable

During a regular security scan of a Windows 2008 Server, Nessus came up with the following “Severity: Medium” vulnerability:

Synopsis: Signing is disabled on the remote SMB server.
Description
Signing is disabled on the remote SMB server. This can allow
man-in-the-middle attacks against the SMB server.
Solution
Enforce message signing in the host’s configuration. On Windows,
this is found in the Local Security Policy. On Samba, the setting is
called ‘server signing’. See the ‘see also’ links for further
details.
[…]
Plugin ID: 57608
Port/Service: cifs(445/tcp)

There seems to be some discussion going on whether enabling or disabling this feature/service is useful/dangerous or not.

Anyway, if you want to get rid of this vulnerability (if it is one or not) just go to “Control Panel\System and Security\Administrative Tools” and open “Local Security Policy”.
In “Local Policies/Security Options” find the following Policies and set them to “Enabled”
Microsoft network server: Digitally sign communications (always)
Microsoft network client: Digitally sign communications (always)

Scan the host again and you should not find the vulnerability again.

Source: http://technet.microsoft.com/en-us/library/cc731957.aspx
Nessus plugin documentation: http://www.tenable.com/plugins/index.php?view=single&id=57608

Basic configuration of Cisco Catalyst switch

Some time ago I was asked to do a basic configuration of a Cisco Catalyst Switch. Apart from applying a correct VLAN configuration I did the following:

  • Configure NTP
  • Create user
  • Set enable password
  • Configure remote logging

Configure NTP

switch1(config)#ntp server 1.1.1.1
switch1(config)#clock timezone CEST +1
switch1(config)#clock summer-time CEST recurring

run “show ntp status” and check for “Clock is synchronized” Please use the correct timezone for your location.

Create User

switch1(config)#username user privilege 15 secret p@ssw0rd
This creates a user (user) with highest privileges and with the password p@ssw0rd

Set enable password

switch1(config)#enable secret abc123
This configures the enable password

Configure remote logging


switch1(config)#logging on
switch1(config)#logging trap debugging
switch1(config)#logging host 1.1.1.1

This configures the remote logging to the syslog server with the IP address 1.1.1.1. Don’t forget to configure the syslog server accordingly. The log-level here is “debugging” which is rather noisy – change it to something different if you like.