Who’s Hacking My Exchange OWA? Check with Log Parser 2.2

I am one of the few on the planet that still hosts my own servers in house. Sorry, but I don’t really see the benefit of moving everything to the cloud when keeping it in house allows me the control and flexibility I want. I especially like having an Exchange OWA server in house.

With that said, hosting your own systems can be troublesome as well. Maintaining the hardware, infrastructure and security are items that would get farmed out in a cloud environment. This post focuses on the security end, or rather attempting to track hack attempts.

In January, I sent up a trigger to alert me every time a user is locked out. -> Know instantly when a user is locked out <- Its a good read if you’re interested. This trigger reads the event logs, looks for the lockout event and sends the info to me via email. A great help in being proactive with my users. It also alerts me to hack attempts. Too many incorrect login attempts on OWA would trigger a lockout event. During a recent weekend, I was receiving lockout emails every 30 minutes. So who was doing this? What did they want?

How to check Exchange OWA IIS logs

Continue reading “Who’s Hacking My Exchange OWA? Check with Log Parser 2.2”

Exchange 2016 – ECP ERROR 500 – OWA Working Fine!

As an IT professional for over 20 years I have run into a lot of strange errors in my time. I also have an extensive home “production” lab so I can stay up to date on changes in tech and its fun! Recently I installed Exchange 2016 in a Hyper-V virtual machine. It was a simple migration from 2013. I was in the process of decommissioning an older Hyper-V host. Some of my guest vm’s were migrated while others were built from scratch.

I had  completed my migration and Exchange, OWA, & ECP were working just fine. About a month later I tried to access the ECP and was greeted with a 500 Error!

Tracking Down The Error

Continue reading “Exchange 2016 – ECP ERROR 500 – OWA Working Fine!”

Cooling your Motioneye Pi Zero Security Camera

Welcome to part two of my post. Previously I spoke about building a security system using a Raspberry Pi Zero and MotioneyeOS. (Read Here) I built and installed the system in February and it was working great.  I even caught some Ass-Hat driving over my lawn and trash (Read Here). I ran into one issue with this system. Once Summer was here and the outside temperatures hit 90° (32°c) The processor temperature of the Pi Zero was topping 161° (72°C) and lack of cooling was causing my Pi Zeros to crash

According to the Raspberry Pi foundation the boards are specked to approach 80°C but mine were failing in the mid 70’s. So now to work on a solution.

How to cool your outdoor Motioneye camera

My first attempt was an obvious one – Paint the camera white.
The waterproof boxes I was using to house the camera had a clear cover. To reduce the amount of sunlight, I simply painted the box white

Painting the box was helpful and kept the system cooler , but it still wasn’t enough.  The next step was to vent the box simply by drilling a few small holes at the bottom. I know this compromises my “waterproof” concept, but I am hedging my bets if any rain water was to enter the box, it would remain at the bottom and not touch the electronics.

Still not good enough! I want to add a fan, but I only want the fan to run when the CPU hits a specific temperature. There is no need to run the fan on cool nights or during the winter. So I decided to use the GPIO pins on the PI Zero to control the fan.

Controlling the cooling fan via GPIO pins

Parts List

  • 5 Volt cooling fan
  • 1 NPN Transistor
  • 1 1KΩ Resistor (or equivalent)
  • Small breadboard
  • Soldering iron / solder
How to assemble

Its probably not a good idea to connect a fan directly to one of the GPIO pins, so I used a simple transistor and resistor to help limit the current being drawn via the pin

Continue reading “Cooling your Motioneye Pi Zero Security Camera”

Microsoft Edge Crashes On Launch – Faulting Module EMODEL.DLL

I had a user this week call me complaining that Microsoft Edge would freeze on launch and then crash and close. After investigating her event logs it was determined the faulting module was emodel.dll

Faulting application name: MicrosoftEdge.exe, version: 11.0.16299.371, time stamp: 0x5abdaed4
Faulting module name: EMODEL.dll, version: 11.0.16299.371, time stamp: 0x5abdaf79
Exception code: 0xc0000409
Fault offset: 0x000000000018bcae
Faulting process id: 0x2900
Faulting application start time: 0x01d3e794d12ebc95
Faulting application path: C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
Faulting module path: C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\EMODEL.dll
Report Id: 560abf0f-e6c8-4b45-8b96-d448f9aa934d
Faulting package full name: Microsoft.MicrosoftEdge_41.16299.371.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: MicrosoftEdge

I have not seen this error before and there were no other users in the environment experiencing this issue. My first troubleshooting step was to see if there were any unique applications that  were specific to this user.

This particular user is the CFO of the company and logs into a number of banking websites. To enhance security many banks force customers to download additional software to supplement logins in order to prevent intrusion and hack attempts. This user was using a product from IBM

IBM Trusteer Rapport & Microsoft Edge EMODEL.DLL

Continue reading “Microsoft Edge Crashes On Launch – Faulting Module EMODEL.DLL”

Spruce up your laptop with SSD

Laptops and Notebook computers cost a fraction of what they did years ago. A decent general purpose laptop can be had today for around $500. However as time marches on our older computers can begin to feel slower due to more resource demanding applications and operating systems.

Maybe its not time to toss out that used laptop! With some easy modifications you can spruce up your laptop and get a few more years of good service life out of it.

Add a Solid State Hard Drive – SSD

Continue reading “Spruce up your laptop with SSD”

Know instantly when users are LOCKED OUT of Active Directory

One of the dreaded jobs of the Sys. Admin is getting the call, I’m locked out. Its the same call every time:”I don’t know what happened, I’m just locked out.” You say something to the effect of, “Did you forget your password? Did you type it in wrong? Caps lock on?” No matter what the case wouldn’t it be nice to know a user was locked out before they called you. Plus it would be great to know if someone was hacking away internally or externally at your network.

Passwords Are Important.

Continue reading “Know instantly when users are LOCKED OUT of Active Directory”

Remote Desktop 2012r2 – Shadowing Unspecified Error

In an effort to combat the Specter/Meltdown vulnerability Microsoft has rushed a few patches out into the wild that have been creating some odd issues on workstations and servers alike. I want to address the Unspecified Error when attempting to shadow a session in Remote Desktop 2012r2.

This is what happens when you rush a patch into the wild:

Continue reading “Remote Desktop 2012r2 – Shadowing Unspecified Error”

Remote Fix Your Parents Computer (from the comfort of your own home)

If your parents are like mine they are tech savvy enough to get by. What I mean by that is they know how to launch Fire Fox and surf the web, maybe play checkers or chess and print a few documents when necessary. The problem arises when something goes wrong with their computer. Maybe they click on something they shouldn’t and get a virus or malware infection. Then again a Microsoft update could change some setting they are not familiar with and causes stress and a phone call to you. These days you have your own family and live an hour away from your parents and really can’t make the trip back home right now. This is where a remote solution comes into play!

Remote Solutions

Next time you are at your parents house, install one of these remote solutions and be prepared for the dreaded “my computer is broken” phone call.

Skype

Microsoft’s free video-calling software doubles as a very decent screen sharing program. Although you can’t directly interact with your friend’s desktop or take control of their computer yourself, you can view their screen as you both continue speaking, which makes the troubleshooting process more straightforward. And with the recent revamp of its appearance, Skype is easier to use than ever.
SKYPE.COM

Chrome Remote Desktop

This extension for Google Chrome can go beyond the web browser to share anything on a computer screen with someone else. Chrome Remote Desktop gives one user full control over the other computer for an experience almost like sitting in front of your mom’s  machine.
CHROME REMOTE DESKTOP

TeamViewer

Businesses use the professional TeamViewer tool, but it’s simple enough for anyone to use. And for personal,  use—like helping out Dad with computer problems, it’s also free. It allows full control of the remote system
TEAMVIEWER.US

 

Remember when installing any remote viewing tools to keep passwords safe and out of prying eyes. Other than its nice to visit Mom and Dad for a few hours and fix their computer, a remote solution can come in handy when time is short or distance is long.

Thank you for reading my blog,
Joe

 

Detecting an Unsupported Browser with Apache Mod_Rewrite

I am a man who wears many hats at my day job, and one of my favorite hats is maintainer of our new Intranet site. I built the site on a WordPress foundation figuring any functionality I need could be added via plugin down the road. Recently ran into an issue with users accessing the site via an unsupported browser.

In the office I have designated the domain XXXX.LOCAL for anything that needs to resolve internally. Currently we purchase a piece of browser based software from a company that only supports IE in compatibility mode. This forces us to set XXXX.LOCAL to compatibility mode in all IE browsers. My WordPress intranet site does not like compatibility mode one bit. Since all my users have Edge, Firefox and some have Chrome as their available browsers the thought entered my mind to force them to use one of them.

HOW TO DESIGNATE iNTERNET EXPLORER AS AN UNSUPPORTED BROWSER

Continue reading “Detecting an Unsupported Browser with Apache Mod_Rewrite”

Virus Email Reminder – Word Macros Are Bad!

I had a couple of users in the office this week attempt to enable word macros on a document they received in email. I try to give my users as much information as I can to avoid viruses and malware, but each week the hackers come up with additional methods to attempt unauthorized network access.

Exploit Vector:

This time around the hack was email based and the email came from a known  source.  The attacker has already gained control of the senders workstation and had sent the message as a reply to an earlier thread. Continue reading “Virus Email Reminder – Word Macros Are Bad!”