I have just been looking at a problem with IIS (OWA outlook web access and sharepoint http://companyweb were not responding) and remote access to the RDS server had stopped. The application event log was full of event ID 1500 and 1501 for the user spwebapp.
The Windows SBS 2011 is running Exchange/OWA and IIS and has the remote gateway configured to redirect to the RDS server.
I restarted the remote gateway service which fixed the remote access problem.
The next problem was OWA and Company web not responding. I restarted IIS by running the IISreset from an admin command prompt but this didn’t change anything.
As you can see the event were happening frequently (about 20 a second). I have no idea when this started as the log was full and overwriting older events.
Recently I’ve come across a new PCI compliance failure “Web Application Potentially Vulnerable to Clickjacking”.
What is Clickjacking ?
Clickjacking uses IFrames to basically put a tranparent layer over a website and therefore can hijack the clicks and keystrokes the user enters. This is also known as a “UI redress attack” as it is changing the Users Interface.
I had a bit of a worrying time last week when a colleague upgraded an old (but live) Dell PowerEdge R310 server running Hyper-V with some new RAM.
He powered down the old server, upgraded the RAM and booted the server back up.
A few minutes later he was looking at the screen loading windows, when it failed. He put the DVD and tried to repair windows but when he got to the System recovery window it didn’t show any installations of Windows.
He then looked to restore from backup to another server to get the Hyper-V clients running while we fix this server.
Yes, you know what’ coming here, the latest backup we had was over a year old. Our client had not swapped out the drives for that length of time and something had corrupted the one drive that was plugged in. Windows Backup was reporting successful backups, but when you try to restore, you cannot see any dates to select from. An investigation for another day I think !
I’ve been having some issues with a Draytek 2820 at home lately. I’d made some changes to my network and swapped out a none WiFi Draytek 2820 with the WiFi version. Whilst configuring the new router I took the opportunity to upgrade the Firmware to the latest version (18.104.22.168 , Release Jan 2016).
A few days later I started getting an error message browsing the internet:
“You have reached the maximum number of permitted Internet sessions. Please close one or more applications to allow further Internet access. Contact your system administrator for further information.”
I rebooted the router, which solved the problem, and didn’t think much of it. This happened again a few days later, so I checked the Session Limit, under Bandwidth management, and this was disabled. I did note that the message I saw in the browser was the same message that would be displayed if the Session Limit was enabled.
I tried enabling session manager and then disabling, just in case the GUI was not reporting it correctly, but still the same problem.
OK, well todays problem I’ve not come across before is strange.
A user reports that they have moved some emails into a subfolder in outlook and they’ve disappeared. I check the folder and it’s empty. Hmm. I send a test email to the account, move it to the folder and all is good. I move the email back to the inbox and ask the user to move it. It disappears.
I then search the whole mailbox and it appears in the search results. When hovering over it I see the folder name is different to the folder name in outlook.I found the folder buried under several sub folders which contained all the emails the user had moved.
The user was happy not have lost any emails and will delete the top level folder and just use the sub-folder where the emails currently are. I checked the rules under the users profile but there is nothing set up to move emails from this folder that I can find.
I’ve not manged to replicate this and I have no idea how the user managed to create what appeared to be a shortcut.