I tell people that I love doing my job because I like solving problems. After 20 years of working in Information Technology I have been able to learn a lot of things about how computers work. One of the nice things about Information Technology is that every day is a different day. There are always new problems to solve and new things to learn.
In the last two weeks I worked with one of the network admins in our network operation center to upgrade all of our servers and workstations to the latest version of Anti Virus and Anti Spyware software. Most of the updates happened automagically via the updates being pushed to our workstations at night. I had to update all 7 of our servers manually and I had to touch almost half of the workstations when it was all said and done due to one type of failure or another.
I spend a lot of time making sure that all of our computers and servers are free of virus or ad ware , malware infections. I always tell people that I hate supporting windows. Then again I have a job because Microsoft Windows is such a huge target for all of the script kiddies and those that have nothing better to do than wreak havoc with the Windows Operation System.
One of the draw backs to inheriting a position as an I.T. Manager is that I inherit the mess that the last I.T. Person left on their way out. In my particular situation I had to start this position with no training on the existing systems and there was little to no documentation to refer back to. Not only that but the main file server that runs our vacation rental management software blew up 4 weeks before I got there and a new server was put in place.
I have been in discovery zone for the last 9+ months and thanks to a lot of hard work I have been able to get a good grasp on our LAN and how it is put together. Slowly and methodically I have been able to gather the information that was there and I am working on documenting the network. I have also realized that over the years there have been several people before me who had their own unique interpretations of computer support and how it should be done.
When you support 66 people in three geographical locations you find yourself very being very busy. You also find that your predecessors in an effort to handle the computer problems onslaught fell into the bad habit of just applying band-aids everywhere they could vs troubleshooting the root problem and solving it.
Two weeks later I have spent some time looking at our workstations and troubleshooting the reasons why the AV/AS upgrades are not working properly. I have noticed the multiple profiles and how most of those profiles have been infested with all sorts of ad-ware, spy-ware, malware etc. The problem with these types of infections is that they are usually very time consuming to mitigate. Once your computer gets fully infested with this garbage it is sometimes faster to just pop in the system restore disk and wipe the hard disk clean and do factory restore.
If you are a home user you need to keep your OS and application restore CD that you get from your hardware manufacturer. Some manufacturers are not giving out media but putting everything on a utility partition. That means you have two choices of restoring your computer. One is by rebooting your system to a system restore disk OR by booting the computer and then hitting F10 or F12 to get to the utility partition. The utility partition also can contain any hardware diagnostics software specifically for that brand of computer.
In a corporate environment you typically find yourself using the same model of computer. Mostly in our shop we use Dell computers. We have five or six different models of Dell so it presents a unique challenge with regards to how fast I can restore a computer should it experience a catastrophic failure. Hard drives , ram, monitors, peripherals are all easy to replace however when a motherboard goes south you are forced to replace the machine and start over.
The fastest and most efficient way of restoring a computer is to use an application such as Symantec Ghost. In a perfect world I would have a ghost image of every model of Dell in our shop. The only problem with that is I am merely one mortal doing the job of two people and I have not had the time to get all of the images necessary. I have been able to use Ghost Enterprise edition on one of my servers to make an image back up of several critical upper management computers. Should one of those die a horrible death I can restore either the entire hard disk or just the data depending on whether we replace the dead hardware with brand new hardware or an older box that is the same model.
In an effort to reduce the amount of computer problems we lock down the workstation and we do not give administrator rights to just anyone. In years past the Internet was not something that everyone in the enterprise could access. Only selected management or users that had to have access as part of their job description were given access to the Internet. Fast forward to 2009 and having Internet access is fully expected and realized. Employers want people to leverage the power of the Internet as a research and search tool to do their jobs. The downside of this access is that people are tempted to download freeware that is chuck full of adware and viruses and install it to their workstations and thereby causing a support call to the help desk.
Do you remember the days of using Netscape Navigator and the old fashioned HTML code to create websites? I even remember when inserting tables into a website was considered as advanced. Those were the same days when the only time you had to worry about catching a computer virus was when someone would introduce removable media to your computer. Now all you have to do is visit a bad website and your computer automatically downloads nasty little applications to your hard drive which are capable of scanning for network drives , infecting the enterprise and stealing corporate data and sending the data to a remote zombie machine somewhere on the Internet.
Due to the complexities of many websites today your typical web browser has to have plugin applications that provide support for different types of media. One of those plugin applications is Adobe Flash Player. Several of my users requested to have Adobe Flash installed so they can view web pages that require it. Adobe Flash player is up to version 10 and unfortunately Adobe has seen fit to force workstation users to have administrative rights to their workstations in order to use the Flash Player plugin. One of the work arounds that I found was to install Adobe Flash Player as the administrator. I was then able to rename the users profile to profilename.old and then have the user log on and create a new profile. In several situations this has worked and allowed Adobe Flash Player to work. One of the computers I am working on is so hosed up now that I need to just rebuild it. Once I put a fresh OS load on that one it should work just fine.
Friday, June 19, 2009
Monday, February 09, 2009
Safe computing
In the last two months I have been priveleged (cursed) to endure the task of cleaning bugs off of an XP computer. The first machine was infected by several trojans via e-mail transmission and the second machine which I am still working on is so infected with trojans, spyware, malware etc that it has taken me several days to finally get control over it. It has taken me several days because I have been working on this workstation in between other tasks.
How do I know that this workstation is infested? The user told me that one of her nieces or nephews downloaded a lot of junk off the Internet and gummed up her computer. By the time she noticed this the computer was completely useless. At boot up I noticed several Internet Explorer pages that started up and went to some sort of advertisement web site. The problem really manifested itself when I tried to install a new version of Norton Anti Virus and then plugged in a network cable into the NIC.
Just as soon as the pc obtained an IP address IE fired up about 20 web pages and then a server busy dialog box popped up. There were so many web pages loading on this computer that it completely locked up the system. All available cpu cycles were being taken up because of multiple requests to open a web broswer and the RAM on the system was quickily overwhelmed which made the computer all the more slower.
The number one symptom of a problem on this computer was the fact that Norton Anti Virus was sending notifications in the system tray telling us that the program was not longer active with current virus definition files. That means that this particular computer was wide open and unprotected. Trojans, viruses, spyware, malware, hijackers etc all have several things in common.
A. they eat up all available resources on the infected machine
B. some of them try to take control of your computer
C. hijackers take control over your web browser and redirects you to other infected web sites
D. they can destroy your valuable data
E. they can use network shares to infect other data on servers
F. They can steal your valuable personal information and send it over the Internet to a website for collection.
The list goes on and on folks. It is imperative that you keep a registered and up to date Anti Virus software and spyware protection on your computer. Having a firewall that alerts you to applications that attempt to make connections to the Internet can be very useful as well.
How do I know that this workstation is infested? The user told me that one of her nieces or nephews downloaded a lot of junk off the Internet and gummed up her computer. By the time she noticed this the computer was completely useless. At boot up I noticed several Internet Explorer pages that started up and went to some sort of advertisement web site. The problem really manifested itself when I tried to install a new version of Norton Anti Virus and then plugged in a network cable into the NIC.
Just as soon as the pc obtained an IP address IE fired up about 20 web pages and then a server busy dialog box popped up. There were so many web pages loading on this computer that it completely locked up the system. All available cpu cycles were being taken up because of multiple requests to open a web broswer and the RAM on the system was quickily overwhelmed which made the computer all the more slower.
The number one symptom of a problem on this computer was the fact that Norton Anti Virus was sending notifications in the system tray telling us that the program was not longer active with current virus definition files. That means that this particular computer was wide open and unprotected. Trojans, viruses, spyware, malware, hijackers etc all have several things in common.
A. they eat up all available resources on the infected machine
B. some of them try to take control of your computer
C. hijackers take control over your web browser and redirects you to other infected web sites
D. they can destroy your valuable data
E. they can use network shares to infect other data on servers
F. They can steal your valuable personal information and send it over the Internet to a website for collection.
The list goes on and on folks. It is imperative that you keep a registered and up to date Anti Virus software and spyware protection on your computer. Having a firewall that alerts you to applications that attempt to make connections to the Internet can be very useful as well.
Wednesday, January 21, 2009
Too focused
How many times have we heard of end users stories? Silly stories about the folks that we support making silly mistakes. Well, this time the joke is on me. I decided to go for a walk around 2:15 pm and clear my head and get some exercise. I had not had lunch break yet so this was my opportunity to get out of my office for a spell. I walked down to a different building to clock out for lunch because I forgot to use the web based client on my pc before I left. I get to the building that I am going to and noticed the time clock pc was off due to power blinking on and off earlier. I am booting the pc back on when I hear the noise of a ups going off. I decided to kill two birds with one stone so I walk to the cubicle where the noise was coming from and I stop the noise which in turn killed the power to the phone and pc. DOH
It never occurred to me that I had just turned off the power to the UPS and that this person would come back to her desk and have no phone or LAN connection. I go on my walk and I had not been sitting down for more than 45 seconds when this ladies supervisor calls me and asks me if I had been around this ladies cubicle. We all hada good chuckle when I discovered what I had done. I ran down there with a batrery relpalcement for the UPS and popped it in and got the user back online within 5 minutes.
It never occurred to me that I had just turned off the power to the UPS and that this person would come back to her desk and have no phone or LAN connection. I go on my walk and I had not been sitting down for more than 45 seconds when this ladies supervisor calls me and asks me if I had been around this ladies cubicle. We all hada good chuckle when I discovered what I had done. I ran down there with a batrery relpalcement for the UPS and popped it in and got the user back online within 5 minutes.
Saturday, January 17, 2009
Do more with less
It has been a while since I have blathered about technology. That is not because there is a shortage of things to blather about but rather I have been very busy as of late. I guess you could say that I am a one man circus where I work juggling this and that.
Right before Christmas at work our network latency went through the roof. When I say network latency I mean that our connectivity to the Internet was very slow. It was as if someone had poured peanut butter into the ethernet cables and gummed up the network so badly that everything ground to a halt. This happened the last two weeks of December of 2008 and by the time I got around to hollering for help the folks at the NOC in Florida were already headed out the door for Christmas vacation.
Sometime between the week before Christmas and January 5th our network nodes all went back to green and now we are surfing the Net at speeds we are accustomed to. We have a Data T1 and a Voice T1 that handles all of our needs. We have 60 people who share the T1 at two remote sites and the main office. What that means is that there is not a lot of wiggle room for chattering network devices. During the two weeks while everyone else were on Christmas vacation I wandered around spot checking workstations and running a port checker on them. The port checker runs and identifies what TCP ports are either being listened to or transmitting through. In other words the applications on your computer communicate to other hosts through the Internet through these ports.
How do Denial of Service attacks happen? Zombie computers which have been hacked send out a flood of data packets to a target network and computer(s) with such frequency that it makes the network so busy it can no longer keep up with the data requests and therefore becomes unable to communicate. The general consensus was that this might have been happening on the network at the office except that something on my network was plugging up communications to the outside world by hammering the network with a constant stream of data. When I spot checked different machines in different buildings on the main complex I was unable to find a machine that the port monitoring software was able to identify as the offender.
We still have sporadic network latency so sometime next week after normal business hours I am going to work with the network engineers and systematically remove all the workstations from the picture as well as switches in each building until we find the offending device.
In the mean time I am working with computers purchased four or five years ago that only had 256 to 384 mb of ram installed with XP Pro. I am assuming the thought process was this. The main application that is used to book reservations runs on the server so there was no need to load up the workstations with lots of ram so lets just put the minimal amount to run Windows. I have spent the last 8 weeks ordering ram upgrades for as many machines as I was allowed to order for so that I can upgrade them to a minimum of 512 mb of ram. The more RAM you give Windows the faster it will run.
Right before Christmas at work our network latency went through the roof. When I say network latency I mean that our connectivity to the Internet was very slow. It was as if someone had poured peanut butter into the ethernet cables and gummed up the network so badly that everything ground to a halt. This happened the last two weeks of December of 2008 and by the time I got around to hollering for help the folks at the NOC in Florida were already headed out the door for Christmas vacation.
Sometime between the week before Christmas and January 5th our network nodes all went back to green and now we are surfing the Net at speeds we are accustomed to. We have a Data T1 and a Voice T1 that handles all of our needs. We have 60 people who share the T1 at two remote sites and the main office. What that means is that there is not a lot of wiggle room for chattering network devices. During the two weeks while everyone else were on Christmas vacation I wandered around spot checking workstations and running a port checker on them. The port checker runs and identifies what TCP ports are either being listened to or transmitting through. In other words the applications on your computer communicate to other hosts through the Internet through these ports.
How do Denial of Service attacks happen? Zombie computers which have been hacked send out a flood of data packets to a target network and computer(s) with such frequency that it makes the network so busy it can no longer keep up with the data requests and therefore becomes unable to communicate. The general consensus was that this might have been happening on the network at the office except that something on my network was plugging up communications to the outside world by hammering the network with a constant stream of data. When I spot checked different machines in different buildings on the main complex I was unable to find a machine that the port monitoring software was able to identify as the offender.
We still have sporadic network latency so sometime next week after normal business hours I am going to work with the network engineers and systematically remove all the workstations from the picture as well as switches in each building until we find the offending device.
In the mean time I am working with computers purchased four or five years ago that only had 256 to 384 mb of ram installed with XP Pro. I am assuming the thought process was this. The main application that is used to book reservations runs on the server so there was no need to load up the workstations with lots of ram so lets just put the minimal amount to run Windows. I have spent the last 8 weeks ordering ram upgrades for as many machines as I was allowed to order for so that I can upgrade them to a minimum of 512 mb of ram. The more RAM you give Windows the faster it will run.
Monday, December 08, 2008
Backupexec 12.5 update
I am sitting here updating Backupexec 12.1 to 12.5 and that process started around 4 pm today. I upgraded the backupexec media server first and then began to do a remote install to all of my servers for the remote agent. The remote agent allows the backupexec media server to connect to the server and process a scheduled backup job. I believe that the 12.1 version of the remote agent would have probably worked but I decided it would be best to keep all the version at the same level just to be safe. One of my servers decided that it did not want to allow a remote installation caused me some problems. I had to copy the entire install cd over the network to that server and then did a local install from there. Problem solved!!!
Now, all I have to do is confirm the backup job for tonight and make sure everything is selected correctly and I can go home for the night. Sweet....
Now, all I have to do is confirm the backup job for tonight and make sure everything is selected correctly and I can go home for the night. Sweet....
Should I plug it in or not?
I provide technical support for a local office for a resort company on the East Coast . I manage the five servers, network printers, switches and approximately 50 end user computers. I have been in this position now for about 98 days and though I am not anywhere near in Maytag Repairman mode I have come a long way towards that goal.
Just recently during my daily routine I was reminded of something that we take for granted. That thing is electricity and how much electricity we really have available to us. In an office setting whether it be in a hard walled office or a cubicle you will find an electrical outlet or two. You will also find that people like to install power strips and surge protectors into the receptacle and you will also find that people like to daisy chain a bunch of those power strips together in order to maximize how much stuff they can plug in.
Most of the time when you plug stuff in the electricity is there and everything magically works. Just as soon as the circuit is over loaded the breaker will engage and all electricity to that circuit will cease to exist. I was reminded of that the other day when a space heater was plugged in and did just that . Shortly after the power outtage occurred and the breaker was flipped back on I got a phone call because some of the computers were not getting onto the network properly. Computers and electronic gizmos in general are very dependent on electricity to perform and they are very sensitive to fluctuations in power or in this case power being terminated suddenly.
The moral of this story is this. Just because you have an available electrical outlet to plug into does not mean that the circuit your outlet is on will not overload when you plug that gizmo in. Talk to someone that is in the know such as the maintenance department or your systems administrator and see what they think. Taking the extra time to be safe will keep others from being inconvenienced when the power goes down unexpectedly not to mention the possible data loss when the computers go down suddenly.
The other thing I want to stress about space heaters is this. Space heaters can be dangrous and we need to be extra careful where we leave them plugged in and not to leave them running when we are not near them. All it takes is one spark and all of that paper in your office immediately becomes tender for a fire.
Just recently during my daily routine I was reminded of something that we take for granted. That thing is electricity and how much electricity we really have available to us. In an office setting whether it be in a hard walled office or a cubicle you will find an electrical outlet or two. You will also find that people like to install power strips and surge protectors into the receptacle and you will also find that people like to daisy chain a bunch of those power strips together in order to maximize how much stuff they can plug in.
Most of the time when you plug stuff in the electricity is there and everything magically works. Just as soon as the circuit is over loaded the breaker will engage and all electricity to that circuit will cease to exist. I was reminded of that the other day when a space heater was plugged in and did just that . Shortly after the power outtage occurred and the breaker was flipped back on I got a phone call because some of the computers were not getting onto the network properly. Computers and electronic gizmos in general are very dependent on electricity to perform and they are very sensitive to fluctuations in power or in this case power being terminated suddenly.
The moral of this story is this. Just because you have an available electrical outlet to plug into does not mean that the circuit your outlet is on will not overload when you plug that gizmo in. Talk to someone that is in the know such as the maintenance department or your systems administrator and see what they think. Taking the extra time to be safe will keep others from being inconvenienced when the power goes down unexpectedly not to mention the possible data loss when the computers go down suddenly.
The other thing I want to stress about space heaters is this. Space heaters can be dangrous and we need to be extra careful where we leave them plugged in and not to leave them running when we are not near them. All it takes is one spark and all of that paper in your office immediately becomes tender for a fire.
Labels:
amps,
circuits,
computers,
data loss,
electricity
Friday, October 17, 2008
Before you know it - it happens and the fun begins
Today started out as your typical sleepy "TGIF" Friday. I drive for an hour one way to get to work so by the time I get here I am happy to arrive. I sat down, checked my voice mail to see if anyone reported any problems and then I fired up IE beta 8 to view the work order queue to see if anything new had popped up over night. I noticed that the Intranet site tab was not connecting so I started to investigate. I soon discovered that not only was the website not coming up but I could not ping the server either. I went to the server room and the Compaq Presario server which sits on the floor was not showing any lights on the two ancient scsi drives. I rebooted the server and still could not get a ping response and I noticed that the server appeared to be in an endless reboot loop because of the beeps and the cd rom and floppy get getting pinged.
Since the server is so old and I doubt I would ever find parts for it I went to plan B which was to relocate all the Intranet files to one of my other Dell rackmount servers which are new and fully updated. Luckily for me there was no SQL or MyPHP or PHP databases to deal with and all the HTML files were all static files. All I had to do was install and configure IIS 6.0 on the server of choice and copy the files over to the wwwroot directory. I did have on hiccup in that I kept trying to point my web browser to the wrong IP address and could not figure out why I could not access the web site. I had a good friend of mine who used VPN to access my server and he started asking me what IP address I was pointing my browser to. When I told him the wrong one he laughed at me and set my feet (browser) on the correct path. Once I had that figured out we were good to go.
What should have taken all of one hour actually wound up taking me several hours. This reminded me that while I am in the habit of getting real deep with my troubleshooting skills it is always prudent to start out at square one and make sure the simple things are not ignored. Most of the time a computer problem is just a very simple thing and we I.T. professionals have a habit of making things too complicated.
Since the server is so old and I doubt I would ever find parts for it I went to plan B which was to relocate all the Intranet files to one of my other Dell rackmount servers which are new and fully updated. Luckily for me there was no SQL or MyPHP or PHP databases to deal with and all the HTML files were all static files. All I had to do was install and configure IIS 6.0 on the server of choice and copy the files over to the wwwroot directory. I did have on hiccup in that I kept trying to point my web browser to the wrong IP address and could not figure out why I could not access the web site. I had a good friend of mine who used VPN to access my server and he started asking me what IP address I was pointing my browser to. When I told him the wrong one he laughed at me and set my feet (browser) on the correct path. Once I had that figured out we were good to go.
What should have taken all of one hour actually wound up taking me several hours. This reminded me that while I am in the habit of getting real deep with my troubleshooting skills it is always prudent to start out at square one and make sure the simple things are not ignored. Most of the time a computer problem is just a very simple thing and we I.T. professionals have a habit of making things too complicated.
Subscribe to:
Posts (Atom)