Resetting Domain Admin Passwords

Posted on December 8, 2006 by chrismay

I have been researching ways to reset a domain admin password for a client who forgot what they typed in when they set the password.

Most password crackers work only on local accounts, not for anything on a domain. It seems like the way to go about this is to reset the local admin account, then login using Directory Service Recovery Mode to reset the domain admin account.

Here are some of the articles I have been reading:

http://www.jms1.net/nt-unlock.shtml <– this idiot won’t let you view his pages if you are running IE, so use firebox, but again, that’s just stupid

http://www.nobodix.org/seb/win2003_adminpass.html

http://home.eunet.no/~pnordahl/ntpasswd/

http://www.loginrecovery.com/about.html

http://www.petri.co.il/reset_domain_admin_password_in_windows_server_2003_ad.htm

Anti-Spam GreyListing

Posted on October 24, 2006 by chrismay

I recently started getting some soft bounces coming back from Yahoo.

I believe that this is a “greylisting” operation on their part: “Message delivery has been delayed.”

The typical “lists” are Blacklists (all email is rejected) and Whitelists (all email is accepted).

Greylists utilize what is called a soft error, or soft bounce on the email server.

When sending an email, there are some errors that cause the transmission to fail and halt, and there are others that indicate that the sender should “try again later.”

For example, if you try to send an email to an account that doesn’t exist, the sending server will not try to deliver the message again. But if the error is something like “Mailbox is full”, then the sender will keep trying N number of times.

Almost all spammers will not bother to resend these soft bounces. They are kicking of millions of emails, it isn’t worth their time to deal with these soft bounces.

So greylisting does the soft bounce, and sees if the sender tries again. If they do, then yahoo labels them as an OK sender, and allows their email through. If they don’t try again, yahoo can label them a spammer, and block them out.

Backup/Restore Cisco Pix Configuration

Posted on August 11, 2006 by chrismay

To do this you

Need a TFTP server running (solarwinds)
Need to telnet into the device
Need to be in enable mode

First to make the backup:

write net 192.168.1.2:MyBackup.pixconfig

where the IP is the IP of your TFTPserver

Then to restore it later, you need to enter config terminal mode first and then restore the file:

config term
configure net 192.168.1.2:MyBackup.pixconfig

and there you have it…

The changes will take immediate effect, but you will still need to write them into the non volatile memory, or the changes will be lost when you reboot the device.

Resetting a PIX password

Posted on July 21, 2006 by chrismay

Here is a quick trick for resetting a pix password:

http://www.tech-recipes.com/cisco_firewall_tips639.html

You need console access to do so.

Some Good Links For Updating Cisco PIX Devices

Posted on July 19, 2006 by chrismay

Problem getting PDM running:
http://www.experts-exchange.com/Security/Firewalls/Q_21611023.html

Installing PDF on a Pix Firewall:
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_61/pdm_ig/pdm_inst.htm

Upgrade/Update/Flash a Cisco Pix:
http://www.windowsitpro.com/Article/ArticleID/20281/20281.html?Ad=1

Change Password on Pix:
http://www.linuxhomenetworking.com/cisco-hn/dsl-pix.htm

Backing up Cisco router settings

Posted on July 6, 2006 by chrismay

Working with Cisco products is not an everyday event for me, but when I do work with them I want to make sure I backup the config files before I do anything.

To do this you can follow the instructions on this page:
http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_tech_note09186a008020260d.shtml#tftp

You can also download a free TFTP server at this location:
http://www.solarwinds.net/Tools/Free_tools/TFTP_Server/

Problems moving from System.Web.Mail to System.Net.Mail

Posted on June 1, 2006 by chrismay

I recently went through the painful process of updating all our codebase to remove all warning messages after our “successful” convesion from .net 1.1 to 2.0.

After I made all the adjustments to remove all warnings, all seemd to be well. In fact, it was going to well, as this morning I relized that I hadn’t seen an exception report come through my email in a week.

Sure enough, I went into the database where I log everything and found exceptions that were not being emailed to our development team.

The exceptions that were being thrown when we tried to email were stuff like this:

Email address problemsError sending Error Report: Message: The specified string is not in the form required for an e-mail address.
Stack:   at System.Net.Mime.MailBnfHelper.ReadMailAddress(String data, Int32& offset, String& displayName)
   at System.Net.Mime.MailBnfHelper.ReadMailAddress(String data, Int32& offset)
   at System.Net.Mail.MailAddressCollection.ParseValue(String addresses)
   at System.Net.Mail.MailAddressCollection.Add(String addresses)
   at System.Net.Mail.Message..ctor(String from, String to)
   at System.Net.Mail.MailMessage..ctor(String from, String to)
   at System.Net.Mail.MailMessage..ctor(String from, String to, String subject, String body)
   at Walshgroup.Logging.ApplicationAudit.EmailErrorToDevelopmentTeam(String sErrorMessage, Int32 iLoginID) in x.vb:line 586 on machine y
Subject problemsError sending Error Report: Message: The specified string is not in the form required for a subject.
Stack:   at System.Net.Mail.Message.set_Subject(String value)
   at System.Net.Mail.MailMessage..ctor(String from, String to, String subject, String body)
   at Walshgroup.Logging.ApplicationAudit.EmailErrorToDevelopmentTeam(String sErrorMessage, Int32 iLoginID) in C:x.vb:line 586 on machine y

It turns out that we were doing 2 things that System.Web.Mail seemed to accept, but System.Net.Mail did not.

Email Address: We were using the MS Outlook way of email concatenation (using a semicolon) to send an email to multiple people (e.g. bill@asdf.com;jack@asdf.com;pete@asdf.com). Once I changed it to use commas, everything worked, but we still had errors related to the subject line.

What we were doing for the subject line was simply to take the first 50 characters of the email error message. In this case, this included some CRLF. Once those were removed the email sent w/o a problem.

For more info on these classes check out http://www.systemwebmail.com/ and http://www.systemnetmail.com/.

AWStats

Posted on May 4, 2006 by chrismay

This is a well known log analyzer application that can provide a nice web interface for viewing we stats.

http://awstats.sourceforge.net/

Virtual Server Networking With External Access

Posted on April 25, 2006 by chrismay

I was having such a hard time getting MS Virtual Server setup so that my virtual servers could access the public network and vice versa.

In the end the problem was caused by a service that is running to enable my VPN connections.

The service is called:

Cisco Systems, Inc. VPN Service.

As soon as I turned off that service, everything with my virtual servers network worked just fine.

Moving a Network

Posted on April 22, 2006 by chrismay

This weekend I helped a client of mine move their computer system to a new factility. In the new location I racked up and configured an HP Procurve switch, and 2 Cisco APs.

All in all the move went well. I had some problems getting into the Procurve at first. I think the problem was a bad serial cable, but in the end I got it working right.

We didn’t quite have enough ports on Procurve, so I uplinked a couple of their old switches until I could procure some more modules for the HP.

The Cisco 1100 APs had great range. I was able to blanket the entire facility with WIFI access. Pretty nice!

Chris May

{.NET + SQL_Server + Azure + devLeadership + technology}

Category Archives: Networking