Author: admin

CMS – NHS problem

There is a problem which seems to occur mostly on Mondays when a user connects from the NHS gateway {IP 81.145.165.2}. This is causing some threads of the java process that runs sitemanager to hang while still consuming CPU cycles. The system can operate with 1 of these as its a dual CPU server but once there are 2 or more of these then the service will degrade steadily.  There is a case raised with Terminal 4 who are investigating but in the meantime they advise restarting tomcat. The user interface will keep running for up to an hour but as publishing slows down and these back up then the perfomance will fall off. The rsync to the live server is badly affected as well. These gradually build up. The nagios service can also be used to view the problem. Look under “Apache Status” and select the entry”CMS tomcat” or go directly to http://cmst4.qub.ac.uk:8080/manager/status

The cpu guzzling processses will be obvious, but check with top.

There are 2 possible actions 1. restart tomcat 2. renice java and keep it running for a while  (I would do this if its 4.30 keeping things ticking over until after 5.00 and then restart tomcat}

1. restart tomcat

{on jackie}
ps -ef | grep java
kill -9 {java process id}
rm /usr/local/tomcat/temp/catalina.pid
/etc/init.d/tomcat start

2. change priorities

ps -ef | grep java
renice +19 {java process id}
renice -19 {process ids of the rsync process}

Also of note is that the NHS gateway can be blocked by adding the following line immediately under the input directive to the iptables config. in /etc/sysconfig:

:INPUT ACCEPT [0:0]
-A INPUT -s 81.145.165.2 -j DROP

There is a copy of the iptables file with this line included called iptables-hsblock. This is a measure of last resort as it also blocks NHS staff accessing an eform which they are using at present to register for a workshop.

Cache root file systems

The root filesystem on the squid cache server marge can become full due to a couple of temporary files in /var/tmp growing very large. These files can only be cleared when squid is stopped, the following commands will help solve this:

/usr/local/squid/sbin/squid -kshutdown
/usr/local/squid/sbin/squid -f /usr/local/squid/etc/squid-qub.conf  -kshutdown
ps -ef | grep squid | grep -v dns # check for the active squid processes
tail -f /usr/local/squid/logs/access.log # check activity on the service
tail -f /usr/local/squid/logs/cache.log # watch for the squid shutdown message – takes 30secs
rm /var/tmp/UR_COUNT_ALL
rm /var/tmp/UR_COUNT_ALLTCP
rm /var/tmp/UR_COUNT_ALLUDP
/etc/rc.d/rc3.d/S98squid start
/etc/rc.d/rc3.d/S98squid_qub start

Adding Public Folder Permissions

The powershell command to add client permissions is –

Add-PublicFolderClientPermissions -Identity <PublicFolder> -User “Username” -AccessRights <Right>

You need to include a leading ‘\’ character in front of the public folder name. The following is a list of client user access rights:

  • ReadItems   The user has the right to read items within the specified public folder.
  • CreateItems   The user has the right to create items within the specified public folder and send e-mail messages to the public folder if it is mail-enabled.
  • EditOwnedItems   The user has the right to edit the items that the user owns in the specified public folder.
  • DeleteOwnedItems   The user has the right to delete items that the user owns in the specified public folder.
  • EditAllItems   The user has the right to edit all items in the specified public folder.
  • DeleteAllItems   The user has the right to delete all items in the specified public folder.
  • CreateSubfolders   The user has the right to create subfolders in the specified public folder.
  • FolderOwner   The user is the owner of the specified public folder. The user has the right to view and move the public folder, create subfolders, and set permissions for the folder. The user cannot read items, edit items, delete items, or create items.
  • FolderContact   The user is the contact for the specified public folder.
  • FolderVisible   The user can view the specified public folder, but cannot read or edit items within the specified public folder.

The only problem with this is that the command is not recursive i.e. if you set the permission for a top level folder for a user they will not be able to access any of the sub-folders. You have to resort to a script to set permissions recursively. The script is located in C:\Program Files\Microsoft\Exchange\Scripts and it is called AddUsersToPFRecursive.ps1. You can use it as in the following example –

.\AddUsersToPFRecursive.ps1 -TopPublicFolder “\MyFolder” -User “7654321” -Permission “PublishingEditor”

Strictly speaking you only need to include the double quotes if there is a space in any of the names.

Render Disconnected Mailboxes Visible in EMC

When you initially disable an Exchange 2007 mailbox it normally does not become visible in the EMC until after the administrative tasks have run overnight. You can speed this process up using the Clean-MailboxDatabase commandlet e.g.

C:>Clean-MailboxDatabase -Identity ex2k7-virt-1\v1sg1\v1sg1db

It may take a minute or two to appear in the disconnected mailbox list.

 

Detecting Country of Website Visitor

We have added GeoIP technology to the main web service which allows us to add this functionality to websites on request.

The GeoIP technology allows you to use Server Variables to detect the country your visitor is located in.This allows website authors to tailor content for specific visitors based on the country they are located in. For example, if targeting Chinese visitors a landing page could be created welcoming visitors in Mandarin and specifying links useful to Chinese visitors trying to make a decision on whether to come to this University.

An example in PHP follows:

<?php
if($_SERVER[‘GEOIP_COUNTRY_CODE’]==’GB’){

echo “Hello you are based in the UK”;

}

?>

You should contact webmaster [@] qub . ac . uk to have this functionality enabled on your website if you wish to use it.

QUB Web Stats Service Updated

We have now updated the Web Statistics service to AWStats version 7.0 which should give better results for mobile browser and operating systems. We have also improved the graphs in the Standard Interface which should make them a little easier to look at. This includes a world map showing the countries of visitors.

Also on the Standard Interface we have extra links in the ‘Hosts’ section under the column ‘Follow Me’. Clicking on the ‘Zoom’ link will show a visitor’s path through the website – if this information is available for the chosen visitor.

 

Exchange 2007 Log Filesystem Full

The exchange log filesystems sometimes become full, usually as a result of a failure of the backup job to clear old log files. This will result in dependent databases being taken offline. There are two solutions to this –

  1. Ask someone from the SAN team to extend the LUN that hosts the log files and then grow the volume on the Windows system. You should only do this if you want a permanent increase in the log filesystem size.
  2. Remove some of the log files to clear some space. Follow the advice at http://support.microsoft.com/kb/240145

PowerShell Logs

Some time ago the Windows PowerShell event log replaced the PowerShell event log in server 2003. Initially this meant there both categories appeared in the event viewer and the PowerShell event log would fill up with errors. The solution is to remove the registry key –

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\PowerShell

Unfortunately the application of some windows updates results in the re-creation of the PowerShell key so you need to check this occasionally and remove when appropriate.

Rendering Student Entries Invisible in the GAL

You would think that the AD entry Exchange attribute msExchHideFromAddressLists should hide an entry from the GAL if set to TRUE. However, if there are entries for the non-Exchange attribute ShowInAddressBook that will override the other setting. You need to use the Quest AD utilities to seek out and update the rogue entries where this is the case. The command string below did the job –

Get-QADUser -sizelimit 0 -searchroot ‘ads.qub.ac.uk/QUB/Student’ -Includedproperties showinaddressbook |where-object {$_.showinaddressbook -ne $null} |Set-QADUser -ObjectAttributes @{msExchHideFromAddressLists=”TRUE”;ShowInAddressBook=””}

Grepping for LizaMoon infected website files

The Liza Moon attack targets Microsoft SQL Server installations injecting javascript tags into website files. Although we are primarily using Unix/Linux servers I performed some scans using the following to check for lizamoon infection:

find . -type f -exec egrep “\<script src=http\:\/\/.*\/ur\.php” {} \;

On Windows Server I used Powershell and the following command:

Get-ChildItem * -Recurse | Select-String -Pattern ur.php