Monday 16 June 2008

Symantec AntiVirus 10.x license expired at client

Got an SBS2003 network with around 20 clients on. I installed the new licence at the server but one of the clients refused to cooperate and just appeared in the Symantec System Center Console with a license expired and refused to deploy the new one even though there were unallocated seats. The error I was getting was 0x80004005 - helpful yeah!

Turned out the Windows Firewall was getting in the way. Disabling it fixed the problem temporarily so the licence would install but there was no client management available. All the tools like view event log failed. I found Symantec doc 2004070817071248 which talked about using port 2967 for client communications. Using the Group Policy Management in the server management console let me add a firewall port exception to enable this for all PCs on the network.

I updated the Windows Firewall policy under Computer Configuration > Administrative templates > Network > Network Connections > Windows Firewall > Domain profile
and edited the Define Port Exceptions to include this line:
2967:TCP:*:Enabled:Symantec AntiVirus Management - Port

Friday 13 June 2008

Media Player authorisation

Recently put a new SBS2003 R2 Premium server in at a client. We're using the ISA Server 2004 component of Premium to provide monitoring and some internet access control. Someone spotted that you couldn't play video files from, in particular the British Touring Car Championship (BTCC) ones. They use embedded media player for playback and kept giving an ISA server authorisation prompt.

The ISA logging at the server showed this error:
Denied Connection
SERVER 13/06/2008 09:31:10
Log type: Web Proxy (Forward)
Status: 12209 The ISA Server requires authorization to fulfill the request. Access to the Web Proxy service is denied.

Tracked the fix down to this article which talked about an error when Media Player tries to resolve the proxy name. With Microsoft ISA Firewall Client installed you can disable the Media Player proxy setting for HTTP (Tools>Options>Network>HTTP>Configure and change from browser to do not use). The Firewall Client will then handle ISA authorisation correctly.

Using the GPO method to apply the change across all PCs made life easy:
"User Configuration\Administrative Templates\Windows Components\Windows Media Player\Networking"
set the "Configure HTTP Proxy" option to "Disabled"

Saturday 7 June 2008

Who to blame - Microsoft or cheap kit?

So that cheap router you bought to connect to the internet was meant to save you some £. Turns out one of the cheap models out there, the Billion 5200 series doesn't get on with the latest big update from Microsoft - Windows XP Service Pack 3. Billion blame Microsoft - which I can't see. Surely the router should be stable and not go into a constant reboot cycle, irrespective of what random data gets hurled down the line at it. I'm sure there must be worse hitting it from the internet side. At least they've made updates available.

So next time you have to make a choice on cheap kit or recommended kit that costs a bit more but is likely to have had better design and testing, you might want to think twice.

Wonder if there are any other dodgy routers to come out of the closet yet? Just waiting those phone calls once SP3 gets the green light through Microsoft Update ...

Trust 1&1 Internet for your domain name registration, from only £1.99/year!. Check now!