Posts

Posted on

How to fix “The update is not applicable to your computer” error.

How to fix “The update is not applicable to your computer” error.

It’s not often one will have this issue with an update, and it’s not easy to find a solution.
Because of that, I’ll share one example of how to do it and hopefully you can extrapolate this method to your case.

Abstract

You need to install a single patch, out of your regular patch cycle. Maybe it is to enable some functionality (my case). Maybe it is some hotfix specific to your case.
You download the patch, run it and then …
… What do you mean is not applicable. It’s not in any list of existing patches …
And here is when this method might just come in very handy.
Method

Step 1 – Logs

The first step has to be the logs.
Patching logs in Windows are kept in %systemroot%\Logs\CBS\CBS.log.
Open the log file and search for the KB number of your patch.
You can use any text editor you like. I like notepad++
Having found the KB reference, one can follow it to understand what is happening in the background.
As a little side note, more often than not, a patch is composed of multiple components and each one is tested for applicability
In this case, the first component was already marked as Superseded, as you can see highlighted. It might not always be the case, but it is here.
As we scroll through the log file we will see a sequence of log events going from the component to be updated until the evaluation of applicability and the result of Superseded. (Image below)
Note the component name and versions. The first version, ending in 23444 is the version we are trying to install of that component. The second version number is the existing lower version holder. That is to say, the current version of the component lower than the one we are trying to install.
At this point the log file will not help much more, so …

Step 2 – The source of all knowledge. The Windows Registry.

Disclamer: As usual, changes done to the registry can damage the Windows installation. Use some form of backup before starting and be very careful while navigating the registry
That’s right. If it’s not in the registry, Windows does not know about it. Or something of the sort.
At this point we open the registry editor (as Administrator) and we start digging.
The first piece of the puzzle is to search for the component we found in the CBS.log. In this example amd64_netfx-system_b03f5f7f11d50a3a.
The find function in the registry editor will lead you to something like the image below.
You can see the component selected, but we’re not there yet.
Scroll down and find the latest version of that component.
Now that we’ve found the latest version for this component, note the termination from arrow 1. .23744. And not the termination of the one before, pointed with the arrow 2. .23369.
What this means is that we have one version of this component higher than the one we are trying to install, and, at least in this case higher that the one the update we’re trying to install needs.
At some point, a patch was installed with the higher version and now, it’s up to us to find out which one.
So let’s jump onto the right hand pane and select the first binary key. The one that looks like a long GUID.
We need that value name to continue digging. So let’s modify and double click the value name to select it and copy it.

Step 3 – Digging deeper

Having copied the value name, we need to search for it in HKLM\COMPONENTS\CanonicalData\Catalogs (where Windows stores it’s component catalog).
Registry should find the value name inside a key, without any additional information, however, the key will help us get to the solution, because that key is present in yet another catalog.
So let’s select the key on the left pane. Right click and Rename, just so we can copy it.
Note: Don’t use the Copy Key Name functionality. For some reason beyond my understanding it does not work for the next search.
Once again, having copied the key name, we need to find it, this time under HKLM\COMPONENTS\CanonicalData\Deployments.
Once the search is done, we are presented with a list of packages and their KB numbers.
These packages have updated the component and will need to be uninstalled, in order to install the desired package.

Step 4 – Uninstall the superseding packaged

The next step is the easy one. Uninstall the 2 packages identified. Reboot if needed and then install our original patch.
And we’re done, or are we …

Step 5 – Back to the top

At this point, one would think we could just install the original patch and that was the end of it, but …
You see, Windows Registry was created in a time where efficiency was very needed. Windows registry allows application to share DLL’s rather than keeping multiple copies wasting space. It also keeps it’s catalogs so that application can know if they need to install new DLL’s or if they already exist, and as a consequence of that, Windows Registry also keeps records of what patches are installed or were attempted to install and what was the result. that way, it will not need to validate the applicability of a patch twice, because it already knows the result. It’s all about efficiency.
And so we go back to the CBS.log and find out patch number.
Select the highlighted Package_for_KB<insert your KB number here> and back to the registry editor.
Once in the registry edit (as Administrator), search for the above string and delete it.
This is the only registry change in the whole process and it is safe to do as it is only the record for the applicability evaluation.
This will make Windows evaluate your patch installation again and hopefully allow it’s installation.

Conclusion

There you have it folks. The not so easy fix, but very valuable in machines you can’t just rebuild (also a lot faster once you know where to look).
Do note that other components in a patch might also be superseded and you might have to repeat this process a few times.
Hope this can help someone.

Footnotes

  1. This blog post was built from a real life example using Windows 2008 R2 machines.
  2. As much as I would like to take credit for the discovery of the process, I must admit that I’ve learned this from a wise colleague of mine, Robert de Tulio, that collated some scattered information on the web using his expert knowledge and then taught me the process.
Posted on

Protect public Linux servers with fail2ban

Do you have public facing Linux servers?

Of course you do. Who doesn’t!?!? Or why would you be here if you wouldn’t?

I’m not a big fan of security through obscurity, so I need, or we all need, a way to protect our known public ports.

I know, iptables or any of it’s derivatives are always there, but, what about that one port that must stay opened and accessible? After all, if you didn’t need a public facing service, you wouldn’t need to to make it public, would you?

fail2ban to the rescue

fail2ban is a very useful utility that creates rules on your firewall to block failed authentication attempts. It can be used with any service that generates log files. As an example I will use SSH.

How To

Installation

Installation of fail2ban is as easy as it gets. Just make sure you have your repositories up to date and to a yum install fail2ban or apt-get install fail2ban.

Configuration

First step to configure fail2ban is to copy it’s config file to a .local file.
cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

fail2ban configuration should be done only on the new .local file

In the jail.local file, let’s search for the area [ssh] or [ssh-iptables] depending if you use a Debian base or red hat base distro.

Make sure that it is enabled and the log file is pointing to the right location.

We can also set the ban duration and the number of tries before banning. I like to ban for 1 hour (value in seconds) and after 5 retries.

[ssh]
enabled = true
port = ssh
filter = sshd
logpath = /var/log/auth.log
banaction = iptables-allports ; ban retrys on any port
bantime = 3600 ; ip address is banned for 10 minutes
maxretry = 5 ; allow the ip address retry a max of 10 times

After the configuration done, let’s start the service and see it in action.

Seeing it all come together

If you have anyone testing your defences you should see fail2ban in action very fast. Just to a word count of the number of lines in auth.log with failed attempts like so:
less /var/log/auth.log | grep ‘sshd.*Failed’ | wc -l
The follow up with a listing of your iptables rules with iptables -L.

Wrap up

Very useful tool this fail2ban. There are many more configuration possible, for other services, for e-mail notifications, for different actions, etc.

This is just a very basic starting point.
Now go explore and stay safe.

Posted on

Powershell – One liner from one of the best

Let’s talk about re-setting passwords.

I know this is hardly news but, I saw this small one liner in a MVA video with Ashley McGlone and thought I would share it.
This is very useful for all junior team members suffering with the password change onslaught. That way, there’s no need to open AD Users and Computers, and when pressed for time, there is nothing quite like a quick and fast one liner.
 
Just put it in a .bat or .cmd file and distribute and start re-setting passwords.
@echo off&&powershell -NoE -C “&{ipmo ActiveDirectory;Set-ADAccountPassword -I ($u=Read-Host ‘User’) -R;Set-ADUser $u -Ch 1}”
Posted on

Active Directory accounts – Security Auditing (The very basics – part 2)

How many Domain Admins are there in my ActiveDirectory domain?

Have you ever asked yourself this question? If you haven’t, you should … or you landed in the wrong blog!!

If you have, there is a very usefull script to have in your utility belt. And before anyone asks, no, this is not my code, but it is available in Technet and there is no use in re-inventing the wheel.

 

I’m attaching a copy of it here, but do go onto https://gallery.technet.microsoft.com/scriptcenter/List-Membership-In-bff89703 and find out more.

PrivilegedUser3.0.ps1

Now let’s have some fun and start cleaning those priviledged accounts.

Posted on

Move hidden Window

Dear reader,
Recent events made me get this tip way from my old days. When I was young and Windows 3.1 was the most amazing thing i had ever seen.
Ahh the good old days!
Anyway, have you ever struggled with a window that opens outside the visible screen? Or even the ones that stays just ever so slightly off that your mouse pointer just can’t move them?
Mostly the cause is simple different screen resolutions, removing an additional screen, going from a remote session in Full HD to a lame laptop screen… who cares.
It just happens.
Well at least now you’ll know what to do, with a few simple steps, and a working keyboard:
1.     Alt-tab to the misbehaving window;
2.     Press Alt+Space;
3.     Press M;
4.     Press any Arrow keys to bring the window back to full visibility or just once and then move the mouse. The window position should now follow the mouse cursor.
There you go.
No more plugging screens and rebooting or any other time wasting trickery.
Enjoy.
Bonus tip: Since Windows 7, you can do it even faster, by using the snap window function. Just select the window with Alt + tab and use Windows Key + Arrow key to snap to one of the sides.
Posted on

AD Recycle Bin

Dear reader,

Do yourself a favor and enable AD Recycle Bin. You might never use, but if you ever do, I’m sure you’ll be thankful.

Enable AD Recycle Bin

Before hand make sure you are running your domain and forest at least as 2008 level.
Then, run the following command in a Active Directory Powershell console:

Enable-ADOptionalFeature ‘Recycle Bin Feature’ -Scope ForestOrConfigurationSet -Target (Get-ADForest).RootDomain -Server (Get-ADForest).DomainNamingMaster

After this, your action in Active directory will be protected by AD Recycle Bin.

Protect from accidental deletion

The next step is to protect your objects form deletion. This will make sure that you can’t just press delete. you have to disable this option for that object and then delete.
You can run the below commands in an Active Directory Powershell console:

Get-ADUser -Filter * | Set-ADObject -ProtectedFromAccidentalDeletion:$true

Get-ADGroup -Filter * | Set-ADObject -ProtectedFromAccidentalDeletion:$true

Get-ADOrganizationalUnit -Filter * | Set-ADObject -ProtectedFromAccidentalDeletion:$true

This step is not required, but it also helps prevent accidents. Depending on your environment you might not want to enable Accidental Deletion Protection for all objects, but in my experience, Groups and Organizational Units are a must.

Recover user

Let’s say you’ve deleted a user, and for some reason you need it back.
Well, now that you’ve enable AD Recycle Bin, you don’t need to go get that weekly backup anymore and use AD Restore Mode.
Just run the below commands in powershell:
 
1. List deleted : Get-ADObject -filter ‘isdeleted -eq $true -and name -ne “Deleted Objects”‘ -includeDeletedObjects -property *
2. Restore-ADObject -identity “GUID”

 

And there you go. You have your user back. With any luck, no one will notice.

Posted on

Duplicate folder tree in Linux

Quick tip.

This can be very handy when you need to frequently create a folder structure without files (Ex. Project folders or multiple versions of a development area)


Just run:

find <directory> -type d -maxdepth n -exec mkdir /where/you/want/{} ;


This is a quick way of doing it and can even be automated.


Posted on

Linux Performance – Swap partition vs Swap files (The Swap Files How To)

And I’m back, paging myself in, so we wrap up this topic.

So with the process pages all in in their frames, let’s add some more swap. File format this time.

1- Creating a Swap file

So Linux being Linux, you can be anything, as long as you’re a file!

So let’s get started and create a file using dd. After that, the process is very similar to what we’ve already seen. Have a look below:

swap7

The only difference is the use of the -f parameter to state that swap will be in a file and not in a partition.

In this example I created a 128MB file, but we can have multiple of these or even different sizes like the example below.

swap8

2- Making swap file available on boot

After the swap files created, they can be added to fstab to be available on boot, just like a partition, and all the same rules apply.

swap9

And there you have it. Swap files instead of swap partitions. These can be a quick(er) way of adding some swap space and have the same functionality.

Se let’s swap out and make space for a new process!

 

Note: As seen in my screenshots, the swap files should be made available only to the root user. I didn’t, since this was done in a lab environment, but don’t forget to do chmod 0600 on each file.

Posted on

Linux Performance – Swap partition vs Swap files (The Swap Partition How To)

As promised, during the previous post, let’s get nerdy and show how to make changes to your swap settings.

Let’s start from the beginning.

1- How much swap do I have and how much am I using?

First one is really simple and I bet most of you know this already.

Use the free command to identify your memory usage and in there you will have the swap.

Ex. free -m will show you the used and free memory in Megabytes.

swap1

If you don’t have the free command, you can use /proc/meminfo to gather that information.

Ex. cat /proc/meminfo | grep Swap*

 

swap2

2- Am I using a Swap disk or Swap files?

Couldn’t be easier.

Ex. cat /proc/swaps

swap3

Does it need an explanation?

3- I need a bigger swap space!

Great, let’s increase it.

Is it a virtual machine? Even better.

Let’s start by turnoff the swap disk.

In the case above would be just running swapoff /dev/sdc1.

Next, increase the space in your virtual disk, delete the old partition and make a new one.

After just format the new partition as swap. Ex. mkswap /dev/sdc1 and swapon /dev/sdc1

Don’t forget to update fstab.

swap4

4- How about having multiple swap disks?

Well, almost the same as before, but instead of resize, just add a new disk and create new swap partition.

After that the fun starts.

Create the swap file system like mkswap /dev/sdf1 and swapon /dev/sdf1.

swap5

Now you have 2 swap areas. When the first one is full, the second will be used.

Don’t forget to add to fstab for mounting on boot.

5- How to make multiple swap partitions be used simultaneously?

Swap partitions can be used simultaneously, acting like a “RAID” group. This will improve performance significantly, especially when using separate disks.

For that, the disks should be mounted using the same priority, as seen below:

swap6

In this case I defined the priority as 3, but it could be any value. If you have more, keep in mind that the higher the number, the higher the priority up to 32767.

So, after beating up swap files in this post. I’ll let it sink in, before I do another post on Swap files.

For now i’ll page out myself!

Posted on

Linux Performance – Swap partition vs Swap files

Yup. This is a tough one.
When you start getting questions about server virtual memory, you know it’s not good.

But let’s start by the basics. Swapping vs. Paging.

Swapping

Swapping is a technique where the whole memory allocated to a process gets moved from main memory (RAM) to a secondary memory type (usually hard disk).

Paging

Paging is a different memory management technique where physical memory is divided into frames and logical memory of each process is divided into pages. Pages and Frames are usually 4KB, but can be otherwise defined, although always the same size. Pages then are moved in and out of main memory depending on current needs and frame availability, rather than moving the whole address space of a process.

With the fundamental concepts out of the way, let’s get to the more juicy stuff.

Swap partition

Linux is a modern operating system and used paging for it’s memory management. This confuses people since Linux still uses the Swap partition and you’ve probably been told that you need to get it just right. No second changes. Bullsh… Well get to that soon.

I just said Linux is a MODERN operating system and there are many ways around it.
Regardless, as a rule of thumb, you should always assign double the physical memory to a swap partition. This will allow processes to use the extra “memory” if needed. You should also evaluate how your application will use memory to understand if it is worth while having a bigger or smaller swap size.
In a virtualization world, like today’s, I actually prefer to create a separate disk altogether. This will allow me to place that disk in a fast SSD LUN if I need the extra performance for the server virtual memory. That said, this is, and should be, a corner case.

Especially in virtual environments you can change the size of this partition and even add multiple partitions. This is also true for physical environments, although more laborious. (Who wants to replace physical disks these days!)

Swap files

Now, how about those swap files?
Swap files are, just like swap partitions, with the advantage of not having to create a separate partition. In fact, you can not have a swap partition altogether. Their functionality is the same as a swap partition, but they will be files in your file system. Like a swap partition, you can keep them in a separate disk for the same purpose.

And by the way, could you possibly use swap files and a swap partition simultaneously?
Of course you can, it’s Linux, you can do whatever you want … or close enough!
You could possibly use swap files to replace your swap partition entirely while you re-dimension it.
Did I mention you can have multiple swap partitions?

Tips

When creating a new Linux machine, although not necessary, it’s always preferable to reserve some space for Swap/Virtual memory, Regardless of being in the form of a partition or swap file.
Reserve at least the same amount as physical memory.
If you are running software that allocates large chunks of memory, swap is a must
If your applications are using swap and you can’t add physical memory, try adding more partitions and setting them with the same priority, this will make swap act “like a RAID 0”, as long as they are running on similar performance disks.

This is a long post, but one I think necessary.
I will be adding another blog post with the howto’s to use all techniques mentioned here.

Let’s get swapping!