Thursday, April 14, 2011

Cisco Anyconnect + Kaspersky: 'The VPN Client is unable to establish a connection'

Symptom: Cisco AnyConnect VPN Client is unable to establish a connection while Kaspersky Antivirus is protecting the computer. If you disable or exit Kaspersky, the VPN Client works fine.

Solution: The simplest way to solve this is to add the VPN Client service executable (vpnagent.exe) in the Trusted Zone.

To do this, open Kaspersky and click Settings.

Click Trusted Zone

Select the Trusted Applications tab and click Add.

Click Browse -> Applications and choose vpnagent.exe from the list

Check Do not scan network traffic. Do not scan opened files does not have to be checked.

OK OK Apply OK and that's all. AnyConnect should now be able to connect to the VPN.

Tuesday, March 29, 2011

Cisco Anyconnect: VPN Establishment capability from a Remote Desktop is disabled - wordaround

Symptom: When you try to connect to a VPN using Cisco AnyConnect VPN Client from a machine you're connected to with Remote Desktop, you get an error message saying 'VPN Establishment capability from a Remote Desktop is disabled. A VPN Connection will not be established.'

Workaround: A fairly easy workaround would be to use an alternative connection program (like TeamViewer) while establishing the tunnel. Once connected, you can connect back with Remote Desktop.

In a nutshell, the steps are the following:

  1. Install TeamViewer Full version in Service Mode
  2. Reboot the computer or manually start the Service
  3. Start TeamViewer, note the ID and Password
  4. Install TeamViewer Full or Portable on your local machine
  5. Disconnect the RDP Session and Connect via TeamViewer (or vice versa, doesn't matter)
  6. Connect to AnyConnect
  7. Disconnect with Teamviewer. Connect back with Remote Desktop.

The steps are detailed below.

1.  Your're connected to the machine with Remote Desktop. Now you need to Download and Install TeamViewer Full Version. The program is free for home use only so use accordingly. Unfortunately, installation is obligatory, TeamViewer QS won't work once the RDP session is disconnected.


A direct link to TeamViewer: http://www.teamviewer.com/download/TeamViewer_Setup.exe
Alternately, you can visit TeamViewer's website and go to the Download page.

Install TeamViewer following the wizard. It's basically a next-next-next procedure, but you do need to install it as a service (choose Yes at the 4th step).

Once installed, start TeamViewer and follow the configuration wizard. You have to set a password but don't need to create a TeamViewer account.


2. Once you finish the wizard, you should see the TeamViewer icon at the System Tray. If there's no icon there, you misconfigured something. Due to a bug in TeamViewer you need to restart the computer (A). You can also try manually start the service (B). If you will not be able to connect with TeamViewer, you still need to reboot the computer.

2. A. To reboot the computer, click on the empty start menu bar to bring it to focus.

Now hit Alt + F4 and choose Restart.

2. B. You can also try to manually start the TeamViewer Service. Go to Start -> Run and type services.msc.

Find the TeamViewer service, right-click and choose Start.


3. Once the machine is rebooted or the service is started open up TeamViewer and note the ID. You will have to use your predefined password and not the randomly generated one (TeamViewer bug).


4. On your computer you need to download TeamViewer Full version or the Portable one. I'll go with Portable because it does not require installation. The direct link to the portable version is: http://www.teamviewer.com/download/TeamViewerPortable.zip but it can also be found on TeamViewer's Download page.

5. Extract and Start TeamViewer and enter the previously noted ID and the predefined password to connect.

Once you're connected with TeamViewer, close the remote desktop session. This step is important because while the RDP session is open, AnyConnect will not let you to connect. (Do not log off, just disconnect the session with the red X).

6. Now connect to the VPN with Cisco AnyConnect.

7. Once you're connected to the VPN Tunnel you can disconnect from TeamViewer and connect back with Remote Desktop.








Monday, March 14, 2011

Adding WP-PostRatings to Thematic by creating a Child Template (WordPress)

As my previous post says, I wanted to add the WP-PostRatings plug-in to all posts in a Thematic theme. Later I found out that the recommended way of doing this is through WordPress Child themes.
So I read in this aricle the basics of how to create and customize a child template.
Basically the steps to include the plug-in are the following:
  • You start with an untouched Thematic theme
  • Go to wp-content/themes/thematic/
  • Move the thematicsamplechildtheme folder one level up (to wp-content/themes/) and rename it by preference. You just created your new Child Theme.
  • You may modify the template's name by editing the style.css file's first few lines.
  • To add the previously installed WP-PostRatings plug-in to the theme, edit the functions.php file and add the following to the file's end. I copied the function from the parnet theme's content-extensions.php file.
post_type == 'page') {
         $postheader = thematic_postheader_posttitle();        
     } else {
         $postheader = thematic_postheader_posttitle() . thematic_postheader_postmeta();    
     }
     
     echo apply_filters( 'thematic_postheader', $postheader ); // Filter to override default post header
    if(function_exists('the_ratings')) { the_ratings(); } // This command will actually insert the ratings in each post.
}
?>

Enjoy your new theme and I wish you high ratings! :-)

The WP-PostRatings plug-in and the Thematic theme (WordPress)

A few weeks ago I started playing with WordPress because I want to make a personal blog & portfolio website for my girlfriend.
The Thematic theme seems to fit my needs because it's very clean and minimalist. I also found the WP-PostRatings plug-in very nice and easy to use - unfortunately there is not much detail how to make the plug-in appear for each post by default. For someone who is not a (php) programmer this can be quite a challenge.

So, to make the little stars appear below each post's title:
UPDATE: Later I found out that messing with the original theme files is not recommended. Instead, creating a child theme is the preferred way of doing this. I noted the steps in my next post.
Edit the /wp-content/themes/thematic/library/extensions/content-extensions.php file
Find the definition of the thematic_postheader() function
paste the following line after the echo apply_filters(...) command:

if(function_exists('the_ratings')) { the_ratings(); }



















For the record, I was using:

  • WordPress 3.1
  • Thematic v0.9.7.7
  • WP-PostRatings v1.61
I think the approach will be similar for the WP-PostViews plug-in.

Friday, March 11, 2011

Calculating Time Difference in Batch

Sometimes you may want to know how much time it takes for a set of actions to run in batch. For example you have a Scheduled Task, or, you are doing some kind of benchmark you don't want to supervise. It is a bit hard to do time calculations in batch due to the lack of the time-calculating functions. But it's not impossible. The batch script below will gather the current system time through WMI (so it's regional-setting independent), convert it to seconds, and record in a variable. After running the tasks it will calculate the time again, and then format the difference to be human readable. In this example the difference will be echoed to the console, but it can be also recorded in a logfile by appending logfile.txt to the end of the echo line.

One case when the script gives incorrect values is at the end of the month (when the script starts this month but ends in the next month).

I will use this script in one of my next post when I will do a compression benchmark with 7-zip. It will calculate the time taken to compress a file.

So, here's the script:
@echo off
::::::::::::::::::::::::::::::::::::::::::
::  TimeDiff v1.00 by LEVENTE ROG       ::
::       www.thesysadminhimself.com     ::
::::::::::::::::::::::::::::::::::::::::::

::[ EULA ]:::::::::::::::::::::::::::::::::::::::::::::::::::::::::
::  Feel free to use this script. The code can be redistributed  ::
::  and edited, but please keep the credits.                     ::
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

::[ CHANGELOG ]::::::::::::::
::  v1.00 - First Version  ::
:::::::::::::::::::::::::::::


FOR /F "skip=1 tokens=1-6" %%A IN ('WMIC Path Win32_LocalTime Get Day^,Hour^,Minute^,Second /Format:table ^| findstr /r "."') DO (
 set Milisecond=%time:~9,2% 
 set Day=%%A
 set Hour=%%B
 set Minute=%%C
 set Second=%%D
)
set /a Start=%Day%*8640000+%Hour%*360000+%Minute%*6000+%Second%*100+%Milisecond%

::
::
:: PUT COMMANDS HERE
ping www.thesysadminhimself.com
::
::

FOR /F "skip=1 tokens=1-6" %%A IN ('WMIC Path Win32_LocalTime Get Day^,Hour^,Minute^,Second /Format:table ^| findstr /r "."') DO (
 set Day=%%A
 set Hour=%%B
 set Minute=%%C
 set Second=%%D
)
set Milisecond=%time:~9,2% 
set /a End=%Day%*8640000+%Hour%*360000+%Minute%*6000+%Second%*100+%Milisecond%
set /a Diff=%End%-%Start%
set /a DiffMS=%Diff%%%100
set /a Diff=(%Diff%-%DiffMS%)/100
set /a DiffSec=%Diff%%%60
set /a Diff=(%Diff%-%Diff%%%60)/60
set /a DiffMin=%Diff%%%60
set /a Diff=(%Diff%-%Diff%%%60)/60
set /a DiffHrs=%Diff%

:: format with leading zeroes
if %DiffMS% LSS 10 set DiffMS=0%DiffMS!%
if %DiffSec% LSS 10 set DiffMS=0%DiffSec%
if %DiffMin% LSS 10 set DiffMS=0%DiffMin%
if %DiffHrs% LSS 10 set DiffMS=0%DiffHrs%

echo %DiffHrs%:%DiffMin%:%DiffSec%.%DiffMS%


NOTE: To copy the entire code, just double-click and hit CTRL+C

Wednesday, March 9, 2011

Batch Compress SQL Backups and upload to FTP

I always repeat myself saying that compressing SQL backups is a really-really good thing. Storing backups at an offsite location is another good thing. Combining the two would be the first step in a disaster recovery plan. That's why I created a little script that will compress all files with .bak extension and upload them to an FTP server if needed. I added some variables for easier customization.

@echo off

::::::::::::::::::::::::::::::::
:: compress SQL backups v1.02 ::
::::::::::::::::::::::::::::::::

:: what's new
:: v1.02 - added ERRORLEVEL handling when forfiles find no files matching criteria
:: v1.01 - added BackupDeleteOlderThanDays function
:: v1.02 - fixing ERRORLEVEL

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: Variables:                                                                                                              ::
:: BACKUPDIRECTORY - the directory where the .bak files are located                                                        ::
:: BACKUPDELETEOLDERTHANDAYS - delete backup files older than x days. If no value specified, backups will not be deleted   ::
:: PACKLOWPRIORITY - use 1 to set 7-zip start in low priority mode. recommended.                                           ::
:: PACKONECPU - use 1 to set 7-zip use only one CPU for compression. recommended for servers with constantly high CPU load ::
:: PACKCOMPRESSION - use MAX or FAST - max will use LZMA2 Ultra compression while FAST will do PPMD Normal                 ::
:: UPLOADTOFTP and FTP* are self-explanatory                                                                               ::
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

set BackupDirectory=D:\SQLBackups\Scheduled
set BackupDeleteOlderThanDays=90
set PackLowPriority=1
set PackOneCPU=1
set PackCompression=MAX
set UploadToFTP=1
set FTPHost=10.192.32.11
set FTPUser=username
set FTPPass=password
set FTPDir=SQLBackups\Production

if %PackLowPriority% == 1 ( set PackLowPriority=/low ) ELSE ( set PackLowPriority=/normal )
if %PackOneCPU% == 1 ( set PackOneCPU=-mmt=off ) ELSE ( set PackOneCPU= ) 
if %PackCompression% == MAX ( set PackCompression=-mx9 -t7z -m0=lzma2 ) ELSE ( set PackCompression=-mx5 -t7z -m0=PPMd )
cd /d %BackupDirectory%

if %UploadToFTP% == 1 (
 echo user %FTPUser%> %temp%\daily_ftp.txt
 echo %FTPPass%>> %temp%\daily_ftp.txt
 echo cd %FTPDir%>> %temp%\daily_ftp.txt
 echo bin>> %temp%\daily_ftp.txt
)

FOR /r %%F IN (*.bak) DO (
 start "Pack" /w %PackLowPriority% "c:\Program Files\7-Zip\7z.exe" u %PackCompression% "%%F.7z" "%%F"
 if exist %%F.7z (
  IF !ERRORLEVEL! == 0 (
   del "%%F"
   if %UploadToFTP% == 1 ( echo put %%F.7z>> %temp%\daily_ftp.txt )
   )
 )
)

if %UploadToFTP == 1 (
 echo bye>> %temp%\daily_ftp.txt
 ftp -n -s:%temp%\daily_ftp.txt %FTPUser%
 del %temp%\daily_ftp.txt
 set FTPHost=
 set FTPUser=
 set FTPPass=
 set FTPDir=
)

if defined BackupDeleteOlderThanDays (
 set ErrorLevelOriginal=!ERRORLEVEL!
 Forfiles -p %BackupDirectory% -s -m *.bak -d -%BackupDeleteOlderThanDays% -c "cmd /c del /q @path" 
 Forfiles -p %BackupDirectory% -s -m *.zip -d -%BackupDeleteOlderThanDays% -c "cmd /c del /q @path" 
 Forfiles -p %BackupDirectory% -s -m *.rar -d -%BackupDeleteOlderThanDays% -c "cmd /c del /q @path" 
 Forfiles -p %BackupDirectory% -s -m *.7z -d -%BackupDeleteOlderThanDays% -c "cmd /c del /q @path" 
 set ERRORLEVEL=%ErrorLevelOriginal%
)



NOTE: To copy the entire code, just double-click and hit CTRL+C
NOTE: There are some issues with the syntax highlighter, some comment lines are colored red instead of green.

Sunday, March 6, 2011

Invalid 7bit DATA (in reply to end of DATA command)

Some users were complaining that their emails sometimes did not reach the destination but instead they got a failure delivery notification stating something similar:
<someone@destination.com>: host mx.destination.com [1.2.3.4] said: 552 5.2.0</someone@destination.com></div>
Invalid 7bit DATA (in reply to end of DATA command)
The 552 5.2.0 error code led me finally to the solution which is the IP address where the email is being sent from is blacklisted. Steps to confirm:

1. Navigate to www.myip.pk to find out the machine's public IP address
2. Lookup the IP at the www.mxtoolbox.com blacklist database
3. Most likely your IP will be listed there. This means spam was sent from that network, usually infected machines can cause this.