Daily IT Matters, this is the place where I post my daily findings on IT.

Tuesday, May 15, 2012

[Solved] Avira keeps it quiete about the mess they made...

Solution below

I was having some problem since yesterday that my DllHost.exe process was blocked by Avira.
I suspected that I was infected with some kind of worm, which is odd since I run several layers of security to prevent this.

Today I had enough and sought after a solution on the internet, I was dumbfounded to find this.

Please Note its in German and it published 10:44 +1 GMT (DST)

Sehr geehrter Avira Nutzer,

nach dem Produktupdate der Avira Software werden diverse Anwendungen als gefaehrlich eingestuft und von der Komponente ProActiv blockiert. Unsere Entwicklung arbeitet derzeit mit Hochdruck an einem automatischen Update zur Beseitigung des Fehlers. Damit Sie Ihren Computer wieder wie gewohnt benutzen koennen haben wir 2 Loesungsvorschlaege die wir Ihnen im Moment anbieten koennen:

Loesung A: ProActiv deaktivieren

1. oeffnen Sie das Avira Control Center
2. druecken Sie die Taste "F8" um die Konfiguration zu oeffnen
3. aktivieren Sie links oben den Expertenmodus falls dieser noch nicht aktiv ist
4. oeffnen Sie die Option "Echtzeit Scanner -> ProActiv
5. entfernen Sie den Haken bei "ProActiv aktivieren"
6. schliessen Sie das Fenster mit dem "OK" Button
7. starten Sie den Computer neu

Loesung B: ProActiv Ausnahmen erstellen

Hierzu haben wir bereits einen Eintrag in unserer Wissensdatenbank der die Vorgehensweise beschreibt:


Wir werden Sie informieren sobald das automatische Update verfügbar ist um die Erkennung zu korrigieren. Danach können Sie ProActiv wieder über den selben Weg wie oben beschrieben aktivieren. Die Ausnahmen sind danach nicht mehr notwendig.
Stefan Berka
Avira Operations GmbH & Co. KG

Es werden keine unangeforderten Supportanfragen per PN beantwortet. Bitte nutzen Sie den ihrem Produkt entsprechenden Bereich im Forum.
There is no support for unsolicited PM requests available. Please use the board section which accords to your product.


Solution is to manually update Avira (via the control center) and then do reboot.
I have no clue why Avira keeps playing the silent game here.

Friday, May 11, 2012

Const ForReading = 1

Dim arrTapes()
Redim arrTapes(1)
strPrevTapeNumber = "xxxx"

Dim objDictionary
Set objDictionary = CreateObject("Scripting.Dictionary")

'Reading Arguments from the commandline
Set args = WScript.Arguments
argTapesExportFile = args.Item(0)
argPoolName = args.Item(1)

Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objTextFile = objFSO.OpenTextFile(argTapesExportFile, ForReading)

Do While objTextFile.AtEndOfStream <> True
  strLine = objtextFile.ReadLine
  If inStr(strLine, argPoolName) Then
    strTapeNumber = Mid(strLine,InStr(strLine,argPoolName) - 7,7)
      if not inArray(arrTapes,strTapeNumber) then
        redim preserve arrTapes(ubound(arrTapes)+1)
        arrTapes(ubound(arrTapes)) = strTapeNumber
        wscript.echo arrTapes(ubound(arrTapes))
      end if
   End If
   strPrevTapeNumber = strTapeNumber

function inArray(a,value)
  for each v in a
    if v = value then
     inarray = true
     exit function
   end if
end function

Restore Exchange 2003 Database from Dirty Shutdown

Friday, normally a very quiet day, today was going to be different than I had anticipated.

I got in the in office and overheard a collegue, talking with a sysadmin from a subdivision about an exchange server. Damn I knew it immediately it was the one from yesterday that wend down 30 times in 12 hours.
They had replaced the systemboard, and where now knocking on our doors for help because the Mailbox database wouldn't mount, and before I even got a cup of coffee I was on the phone and started the rdp session to the server. Our exchange environment consists of about 135 exchange 2003 servers. But the one I now needed to rdp to I knew the hostname already.

On the phone with the sysadmin I started the needed actions, and I've written them down so it maybe helps someone in the future.

This article explains all the steps you need to take to be a bring a exchange 2003 mailbox store that is in a "Dirty" Shutdown state back to life.

Actions performed for exchange 2003 dirty shutdown restore.

1. Bring the server gracefully down.

This to let exchange try to automatically forward the logs
into the store after the clean reboot.

2. Ran the following command to check the state of both mailbox store database and public folder database.

eseutil /mh "E:\Exchsrvr\FirstStorageGroup\PFStore1\PFStore1.edb"
eseutil /mh "E:\Exchsrvr\FirstStorageGroup\MBStore1\MBStore1.edb"

Output from the MBStore1 was mailbox state was "Dirty Shutdown"

And the Repair Count was 0 and the last fullbackup was from 5/9/2012 21:30:14

3. Ran the following command on the logs, to check if the log files are all ok, this to make sure a soft repair will work.

eseutil /ml "D:\Exchsrvr\FirstStorageGroup\Logs\E00"

Output was ok logs are valid, so we can start with a "soft repair"

4. Eseutil /r E00 /l "D:\Exchsrvr\FirstStorageGroup\Logs" /d "E:\Exchsrvr\FirstStorageGroup\MbxStore1\MbxStore1.edb"

Operation terminated with error -1216 (JET_errAttachedDatabaseMismatch, An outstanding database attachment has been detected at the start or end of recovery, but database is missing or does not match attachment info) after 44.62 seconds

5. Due to the error above I had to ignore streaming errors by adding the /i switch.

Eseutil /r E00 /l "D:\Exchsrvr\FirstStorageGroup\Logs" /d "E:\Exchsrvr\FirstStorageGroup\MbxStore1\MbxStore1.edb" /i

After this I started ESM and mounted both the mailbox store en public folder store without errors.

Wednesday, April 11, 2012

How to save your work from a system drive with Bitlocker

This is real small tip but a very crucial one.
When you have bitlocker on your systemdrive and somehow your windows installation becomes corrupt then this is the procedure on how to access your data still on the systemdrive.

1. Get the system drive physically out of your system.
2. Attach the drive to another system running windows.
3. When you want to access your data browse to the drive and access it like your reguraly do.
4. You will be prompted to type your PIN.

You can see that this only will work when you know your PIN.