Tuesday, October 15, 2013

VMWARE Unable to connect to the MKS:

after I did patching for ESX, I found that I could not able to open the console of VM guest in vcenter which i have accessed from another server vsphere client . it shows "Unable to connect to the MKS:"




when i try to do it from the vcenter server vsphere cleint it was successful




up on checking the esx firewall settings port 902 was opened and configured and i could able to open the vmconsole from vcenter server  and there is no issue.

moreover i have asked network team whether this port is blocked by firewall? the answer is YES. i have raised the request ticket  to open this port in firewall and the issue was solved

Thursday, October 10, 2013

CISCO UCS balde / fabric / path down; reason waiting for flogi ALERT

Today I have patched my esxi server which is installed in UCS blade server and rebooted. after I reboot, I found in UCS Manager that there is two alarm was triggered as below but it supposed to be cleared automatically
Solution:

solution 1: once again I rebooted but this time the same alert triggered on fabric B. then I just found  the quick solution is need to just shutdown the server for 1 or 2 mins and power it on again. now there is no more error in the ucs manager, all alert was cleared automatically it self.

Easiest Solution:

check which server HBA having this issue and reset connectivity for that HBA. So that It will be soaked again and will get resolved



Cisco reason for the cause:

This is know issue in UCS. Bug no is CSCtn89396 and upgrade the UCS to latest Cisco suggested version








Wednesday, October 9, 2013

Windows Unquoted/Trusted Service Paths Privilege Escalation Security Issue

Issue:

Recently, I have received security scan report from my company security team. in that report the have stated one of my windows server has Windows Unquoted/Trusted Service Paths Privilege Escalation Security Issue


Issue as below:

Windows Unquoted/Trusted Service Paths Privilege Escalation Security Issue
QID: 105484 CVSS Base: 6.8 [1]
Category: Security Policy CVSS Temporal: 6.4
CVE ID: -
Vendor Reference: -
Bugtraq ID: -
Service Modified: 04/04/2013
User Modified: -
Edited: No
PCI Vuln: Yes
THREAT:
There exists a security issue with Windows when handling the paths of services running on the system. When the service path is a long name and
contains a space and not quoted, the file name becomes ambiguous.
For example, consider the string "c:\program files\sub dir\program name". This string can be interpreted in a number of ways. The system tries to
interpret the possibilities in the following order:
c:\program.exe files\sub dir\program name
c:\program files\sub.exe dir\program name
c:\program files\sub dir\program.exe name
If an attacker is able to place a malicious executable in one of these unexpected paths, sometimes escalate privileges if run as SYSTEM.
IMPACT:
Successfully exploiting this security issue might allow a remote attacker to gain escalated privileges
SOLUTION:
There are no-vendor supplied patches available at this time.

Workaround:
Properly enclose all the service paths with quotes if they have spaces in them.
RESULTS:
Service Name Image Path
C:\Program Files (x86)\Skype\Updater\Updater.exe


Solution:

I have run below command on command prompt and it has listed out issue vulnerabilities


wmic service get name,displayname,pathname,startmode |findstr /i "auto" |findstr /i /v "c:\windows\\" |findstr /i /v """

wmic service get name,displayname,pathname,startmode |findstr /i "auto" |findstr /i /v "c:\windows\\" |findstr /i /v """
Then I found that one of my server service was not quoted in registry path. I quoted and the issue was solved

example path:
 before:

BINARY_PATH_NAME :  C:\Program Files (x86)\Skype\Updater\Updater.exe”

after

make changes in registry

BINARY_PATH_NAME : C:\Program Files (x86)\Skype\Updater\Updater.exe”