I recently was given this error in a backup that was leveraging Symantec Backup Exec 2010 R2. I noticed that it wasn’t failing but was “Completing with Exceptions”. Upon investigation of the job log I found the errors above, and below.
Upon research I found that in this version of Backup Exec (13.0) against this version of Windows (2008 R2) the VSS looks for the two files when they are not there — then fails and says they were not included in the backup.
Fantastic. Easy fix. There are two ways you can do this. One, is that you go into “C:\Windows\INF\” and make a blank text file and name it oem13.inf and then again naming it oem14.inf. The operating system won’t ever utilize it, but it will calm the unwarranted errors in Backup Exec.
The other way to remedy this is to add two simple exceptions into the backup.
Launch the backup exec console, find your job in “Job Monitor” and edit the include/exclude under Source –> Selections. Add the path “C:\Windows\INF” and the file “OEM13.INF” then do this again for “OEM14.INF” like above.
All things considered, a very easy fix. I prefer the second option so that you’re not cluttering the critical areas of the file system.
Hope I’ve made your day a little easier!
One of the things you often find yourself thinking is, hmm…I should probably test my windows machines for security flaws, right? I’ve decided to share some very good tools for testing security from basic button clicking to advanced security testing.
As it relates to Windows-based computers, there are seven general types of security testing tools. These are:
- Port scanners
- Network/OS vulnerability scanners
- Application/database vulnerability scanners
- Password crackers
- File searching tools
- Network analyzers
- Exploit tools
All of these types of tools can and should be used when performing penetration tests, vulnerability assessments, and security audits on your Windows systems.
For the most part with security tools, you get what you pay for. There are, however, a handful of free tools that are a solid choice.
– Super Scan v3: Very fast and easy to use port scanner that can find live systems, look for open ports and running services, grab banner information including software versions.
– SoftPerfect Network Scanner: Maps MAC addresses to IP addresses which can help you locate rogue wired and wireless systems.
– WebFingerPrint: Windows enumeration tool that can ferret out patch levels, NetBIOS information, user information, and more.
– Microsoft Baseline Security Analyzer: Checks your local machine to identify missing security updates and common security misconfigurations.
– Metasploit: A great tool to exploit those Windows-based vulnerabilities that other tools find, for advanced users only.
As you build your compilation of security testing tools over time, you’ll find that there is no one best tool. Keep in mind that security tools are not the “easy button” for finding security vulnerabilities. That’s where Operating System, Application, Networking Knowledge, and most importantly, experience will come into play.
Where tools are required, you’ll see that the ones that are more specialized in finding specific types of vulnerabilities will provide you with the best results. It all comes down to personal preference and how comfortable you feel using each tool, but in the end your goal should be to find the greatest number of vulnerabilities, exerting the least amount of work, in the shortest amount of time. Get to know the tools on this list, use them consistently and you’ll be well on your way to a storm of work that you never thought you had before ;).
As IT Professionals we all know the word kerberos. We all know the protocol kerberos. We all know that it does…things. How much do most of us really know though? Let’s talk about that.
Here are a few facts you should probably know for IT water cooler-type talk.
- Kerberos is a network authentication protocol that works on a client-server model utilizing a trusted third-party certificate server and is an integral part of a Microsoft-product driven network ie. Active Directory.
- Kerberos is NOT a Microsoft proprietary protocol nor is it only used for Microsoft environments. It was developed by MIT in the 1980s.
- If Kerberos stops working, us sysadmins would probably lose our jobs.
( Link will be provided at the bottom of this post for more detailed information about kerberos)
Here is the quick and dirty way to demystify how kerberos works as shown above.
- Client needs to talk to server –> sends service ticket to KDC to authenticate him and encrypts the service ticket with his password.
- Server receives service request from client and verifies credentials using its’ Active Directory. If authentication is successful, the server sends a ticket-granting ticket (TGT) back to the client encrypted with the KDCs’ password.
- The client sends the TGT back to the KDC and requests that he have a ticket to open a kerberos authenticated session with the server. The KDC then validates the clients TGT, and creates a session key encrypted with the destination servers’ password.
- The client sends that session key to the server and the server decrypts it with his own password and verifies the authentication that the KDC gave the client.
- A kerberos authenticated session is now initiated between the client and the server.
A very good troubleshooting tool that can be used for kerberos is called kerbtray.exe. It unfortunately has not been updated to run on anything newer than Server 2003, but it will still run ok (just ignore the errors). A link will be provided at the bottom of the post for the download location.
After running the program, it will populate itself to the system tray, where you right click it for information. You can do one of two things — List or Purge.
Clicking Purge here will purge all kerberos tickets so that new ones may be obtained. Clicking list will show the following.
Here you can see what tickets you have, when they were obtained, when they expire, what flags they have, and what encryption type they’re using. This tool can be very useful for troubleshooting — if nothing else, it’s just cool to see.
Learn more about Kerberos:
Download for KerbTray: