We have recently had this complain from our various Shared hosting as well as Dedicated Server hosting clients that MSSQL Webadmin ASP .NET Enterprise Manager is having a virus / trojan on it. When the first complain arrived we too thought that there seems to be a problem with the server and might be MSSQL Webadmin ASP .NET Enterprise Manager has got an injection in it. But after receiving too many complains from most of our dedicated server clients we started investigating the problem and now we knew that this is something that has happen globally. After viewing MSSQL Webadmin ASP .NET Enterprise Manager on Plesk server it looked as the picture below:
Archive for the Category ◊ Window Hosting ◊
Clustering in Windows 2003 Dedicated or Shared hosting is a means of providing High Availability to your applications and websites. Clustering is a group of machines acting as a single entity to provide resources and services to the network. In time of failure, a fail over will occur to a system in that group that will maintain availability of those resources to the network. You can be alerted to the failure, repair the system failure, and bring the system back online to participate as a provider of services once more. You learn about many forms of Windows clustering. Clustering in Windows 2003 hosting can allow for failover to other systems and it can also allow for load balancing between systems. Load balancing in Windows 2003 hosting is using a device, which can be a server or an appliance, to balance the load of traffic across multiple servers waiting to receive that traffic. The device sends incoming traffic based on an algorithm to the most underused machine or spreads the traffic out evenly among all machines that are on at the time. A good example of using this technology would be if you had a web site that received 2,000 hits per day. If, in the months of November and December, your hit count tripled, you might be unable to sustain that type of increased load. Your customers might experience time outs,
We read allot of articles on how one can use MRTG as an Intrusion detection tool or to creating traffic graph for a particular network subnet or a single IP address on Linux platform with Apache web server. But we find very few that allow us to have graphs on Windows Dedicated server with IIS Web Server.
Here are some steps that can be used to create graphs on Windows Dedicated server with IIS as the web servers. And there is no need to take all the efforts to configure MRTG as we can simply have graphs with the use of logparser and the RRDtool from Tobias Oetiker and you can use the RRDtool perfectly without the rest of MRTG.
Some times Configuring MSDTC and their error can ruin your Windows Cluster service and your time as well. You may get one of the following error when you failover the MSDTC service from one Dedicated node to another.
This would only happen if the Cluster services has been installed before installing and configuring MSDTC Service. Hence it is highly recommended that you first install and configure MSDTC and then configure the Windows Cluster Service.
Event ID: 4097
MS DTC started with the following settings: Security Configuration (OFF = 0 and ON = 1): Network Administration of Transactions = 1, Network Clients = 0, Distributed Transactions using Native MSDTC Protocol = 1, Transaction Internet Protocol (TIP) = 0, XA Transactions = 1.
Event ID: 4395
MSDTC detected that MSDTC related information in the local registry is different from that in the shared cluster registry. Error Specifics: d:ntcomcom1xdtcsharedmtxclumtxclusetuphelper.cpp:541, CmdLine: C:WINNTSystem32msdtc.exe, Pid: 796
0000: 05 40 00 80 .@.?
Event ID: 4384
MS DTC was unable to start because the installation was not configured to run on a cluster. Please run comclust.exe and restart MS DTC. Error Specifics: d:ntcomcom1xdtcsharedmtxclumtxclusetuphelper.cpp:668, CmdLine: C:WINNTSystem32msdtc.exe, Pid: 796
Event ID : 7024
Source : Service Control Manager
Description: The MSDTC service terminated with service specific error 3221229584.
Initially you should try and run the command below and check if it solves the problem:
If that does not help then follow the fix below:
This checklist helps you prepare for installation. It is very important to go through all of them else it make it very difficult to restart if either one of them is missed or not configured:
• Microsoft Windows Server 2003 Enterprise Edition or Windows Server 2003 Datacenter Edition installed on all dedicated servers in the cluster.
• A name resolution method such as Domain Name System (DNS), DNS dynamic update protocol, Windows Internet Name Service (WINS), HOSTS, and so on.
Steps to Configure Windows DNS Server/Service.
Here is a very simple way to configure a DNS service on Windows Dedicated Server that hosts your website.
1. You should have one of the following Windows OS to install the DNS service:
— Windows XP Professional edition.
— Windows Vista.
— Windows 2003 Server Data center edition.
— Windows 2003 Server Enterprise edition.
— Windows 2003 Server Standard edition.
You cannot install DNS service on Windows 2008 Server with the steps below as it does not have an option to add remove Windows Components. You will have to use the Server Manager option to install Services on your Windows 2008 Server.
Remote Desktop [RDP] not Working..?
This applies to all versions of Windows 2003 and Windows 2008 and also to Vista and XP Professional. This problem normally occurs to our client with Dedicated Server hosting. So I thought I will create a check list to make their hosting service a bit easy.
Yes, you will need physical access to the machine to check this, it is obvious that you will not be able to check this problem unless you have remote access to the server. These steps can only be performed if you have physical access to the dedicated server or through a Keyboard-Video-Mouse [KVM]. So there we go:
* First thing that you need to check is whether the Remote Desktop Console [RDC] is enabled on your server.
Go to Desktop >> My Computer >> Properties >> Remote Tab
Check the box for “Enable Remote Desktop on this computer” and click OK.
Disable specific devices such as USB, CDROM, Floppy, on your local Windows machine or the Windows server..
Recently I’ve seen people having issues with certain devices attached via USB to their thinking machines… Issues that included, Spyware, Malware, Viruses.. ugh, many more.. Wouldn’t it be good to disable these unwanted creepy devices when on a shared/public windows machines? Ok, follow these steps & get yourself a bit secured.
This can be implemented on your local Windows Machine or on the Windows Dedicated servers, please make sure to backup the Windows registry before following these steps. As making incorrect changes in Windows registry can make the system unbootable.
Most of our users have this problem with there Windows Plesk Dedicated hosting as well as Windows Shared hosting packages with recent Parallels Plesk versions. I have had so many instance of support about the sitepreview not working on our Windows Shared Servers with Plesk for different reasons and I had to scratch my head to get things sorted for our valuable Windows dedicated hosting customers. And it is an important feature for our Shared hosting customers without the dedicated IP address to check their site before moving their name server to us. So I decided to write this blog with the steps to troubleshoot the problem with Plesk sitepreview in few simple steps. I will try and put every thing that I have figured while investigation.
There are 3 types of problems with site preview in Plesk:
This has been a regular problem with most of our Windows dedicated Server Clients as well as Windows Shared hosting client that has Plesk 8.4 installed on them, specially for those who need write permissions on web user for the ASP .NET/MSSQL and PHP/MySQL application, that the write permissions on the folder get removed own its own without any changes being made by us or the client. After allot of scratching and investigation we were finally able to reveal the secrete about the permissions issue. The problem was not with Plesk but the way we use to set permissions on the folder.
While I was searching for the solution I found the KB articel on Parallels sites below:
One can point your site to any designated IP address you want without changing the Name server of your Domain. Yes, you will be able to view/test your site on new server without changing the name servers as well as having trouble of using site Preview options in Control panel like Plesk. This option is also helpful in the case of some site that use .js script in their codes since those scripts don’t work in Plesk site preview option. Specially in case of sites that work on DotNetNuke [DNN].
So here we go:
On your local machine, [AND NOT THE SERVER]:
Goto START >> Run >> and Type:
And hit Enter
It is very easy to block a single IP address on a Linux server but Windows Default firewall doesn’t allow us to block a single IP address on the server or for particular ports. However Microsoft released this and introduced IP Security Polices in their Local Security Polices option in the release of their SP2. But most of us are not aware of this option and we mostly adopted third party firewall and pay for their heavy license. However Firewall onl Windows 2008 Server is far more advanced than that on Windows 2003.
It would not be the case now as I have listed detailed steps along with the images on how to block IP using the IP security policy in Windows. This option is also available in XP as well as Windows 2003 Server edition.
How to BLock IP Using Windows:
You can either open MMC from START >> RUN >> MMC and add a new Snapin for IP Security policy with steps below:
There are times when the Windows remove the firewall service thinking it as a harmful application OR the Windows Firewall service may also disappear if you make make major changes with your Network Adapter. And when every you try to click to manage Firewall it will give you an error that “No Service was configured”. There is a very simple way to fix this problem.
— Backup the Registry of your computer and save it on a safe place.
Group Policy is a core part of Microsoft’s IntelliMirror technology.You can use Group Policy to manage all aspects of the Server environment for Windows Server, including Registry settings, software installation, scripts, security settings, and so on.The possibilities of what can be done with Group Policy are almost limitless.With VBScript or Jscript, you can write entire applications to execute via Group Policy.You can install software automatically across the network and apply patches to applications. When deciding on the Group Policies you plan to enforce on your network, you should keep in mind that the more policies applied, the more network traffic, and hence the longer it could take for users to log onto the network. Group policies are stored in Active Directory as Group Policy Objects (GPO).These objects are the instructions for the management task to perform. Group Policy is implemented in four ways:
The clustered nodes use a “heartbeat” signal to check whether each node is alive, at both the operating system level and the SQL Server level. At the operating system level, the nodes in the cluster are in constant communication, validating the health of all the nodes.
After installing a SQL Server failover cluster, the node hosting the SQL Server resource uses the Service Control Manager to check every 5 seconds whether the SQL Server service appears to be running. This “LooksAlive” check does not impact the performance of the system, but also does not do a thorough check; the check will succeed if the service appears to be running even though it might not be operational. Because the LooksAlive check does not do a thorough check, a deeper check must be done periodically; this “IsAlive” check runs every 60 seconds.
The IsAlive check runs a SELECT @@SERVERNAME Transact-SQL query against SQL Server to determine whether the server can respond to requests. Although a reply to the IsAlive query confirms that the SQL Server service is available for requests, it does not guarantee that all user databases are available, or that the user databases are operating within necessary performance/response-time requirements.
Using Certificates to Encrypt Data
Certificates are parallel with asymmetric keys in the SQL Server 2005 encryption hierarchy. A certificate is simply a method of using asymmetric encryption. Certificates bind public keys to individuals who hold the associated private key. Certificates use the same RSA algorithm as asymmetric keys; therefore, they are resource-intensive and their use is normally restricted to encrypting other keys. SQL Server contains an integrated certificate authority, which it uses to issue its own selfsigned, and industry standard X.509 certificates. Alternatively, you can import certificates from an external certificate authority.The use of external certificates allows you to use a wider range of key lengths, which can provide enhanced security. Certificates are the most secure way in which to encrypt data natively within SQL Server 2005.You can use the CREATE CERTIFICATE statement to create a certificate within SQL Server 2005.
EFS can be used to encrypt SQL Server 2005 data files and folders. EFS is supported on Windows 2000 and later operating systems with New Technology File Systems (NTFS) formatted drives. EFS uses a combination of symmetric and asymmetric methods to provide transparent SQL Server 2005 data encryption. On Windows 2003 Server and newer operating systems, EFS by default creates a random File Encryption Key, which is a 256-bit AES key to perform data encryption.The File Encryption Key is then itself encrypted with the user’s public key and stored within the encrypted file or folder.
To encrypt SQL Server 2005 data files and folders using EFS, follow these steps:
1. Stop the SQL Server service.
2. Log out and log in using the SQL Server service account credentials.
3. Right-click on the file or folder to be encrypted and select Properties | General Tab | Advanced.
Why Secure Data in your Windows MSSQL database?
Databases often contain sensitive financial, healthcare, and corporate data. As mentioned earlier, data security breaches are occurring at an alarming rate and international legislations have been passed, which set regulations on how organizations must protect this sensitive data. The Payment Card Industry (PCI), Health Insurance Portability and Accountability Act (HIPAA), Personal Information Protection and Electronic Documents Act (PIPEDA), Gramm-Leach-Bliley Act (GLBA), and the UK Data Protection Act are just a few of these regulations. Several regulations require that sensitive data be encrypted and that organization’s must identify and report data disclosure or misuse. If these regulations are not followed, organizations can face serious repercussions, ranging from financial penalties to imprisonment of responsible parties. Depending on the nature of your business, the above regulations may not apply, but before you discount the need to encrypt data
Smooth working of Mail server totally depends upon Mail Enable Mail Transfer Agent , as the name suggest, Mail Enable MTA is a program running on Mail Server responsible for transferring email messages between computers over the Internet.
Mail Server works with other programs in collaboration to make up what we know as Messaging System. Messaging system must work without any flaws to keep smooth movement of Inbound and Outbound emails. Mail System uses following protocols to send and receive email messages.
SMTP (Simple Mail Transfer Protocol) – For Sending emails
POP3 (Post Office Protocol 3) or – For Receiving emails.
IMAP (Internet Message Access Protocol)
At any point you found out that emails are not reaching their destination, there are high chances of these emails would get stuck in Mail Queue. Only way to release emails from mail queue is to restart mail services. Restarting mail services is done from Mail Server. Make sure before restarting mail service you ask anyone who has good knowledge of doing it.
There are several points that Microsoft suggests before configuring your MS SQL Server.
BEST PRACTICES ACCORDING TO MICROSOFT
- Install only those components that you will use immediately. Microsoft recommends that you create a list of components that you will be using, and only enable those. If the need arises, you can install the additional components at that time. The components in a SQL Server installation are the Database Engine, Analysis Services Engine, Reporting Services, Integration Services, Notification Services, and Documents and Samples. more…