Archive for November, 2013


Internet Explorer 8 and the iertutil.dll processor loop

So I was banging my head on a client’s machine the other day with a unique error.  IE8 was in a processor loop with iertutil.dll , which I observed using Process Monitor.  I tried the normal repairs of addons being disabled, reinstall IE8, Flash, Java, etc.  Finally, I found what the problem was.  See, the issue only occurred on a page or two and not most pages, that should have been a clue.  The user accidentally turned on “Compatibility Mode” for and whatever code Yahoo through at it through Compatibility Mode caused the loop, just disable it and save yourself the 1hr plus I put into it 🙂


Acronis issues with backups

So with a client, I was hit with an error in Acronis Backup & Recovery 11 that caused these errors:

ProtectCommand: Failed to execute the command.
Additional info:
Error code: 41
Module: 307
LineInfo: e6792a5ee190dd9e
Fields: $module : agent_protection_addon_glx_pic
Message: ProtectCommand: Failed to execute the command.
Error code: 53
Module: 309
LineInfo: 2e7e9e174f1fb746
Fields: $module : agent_protection_addon_glx_pic
Message: TOL cumulative completion result.

The issue with Acronis is that, well, it’s just a bad product now… I used to be a big Acronis fan, but when products break on their own, literally 7 times, on 3 clients without any changes to the server nor backup routine, it’s a bad product.  What happens is the XML files and lock files become corrupt, it won’t talk to that folder anymore because IT BROKE ITSELF!!!!  The best solution is to abandon the backup folder and create a new one, then it doesn’t have to work with the old XML and lock files, then it fires right up and works.

I have never been able to fix Acronis backup jobs that roll over and die, nor has the tech support from Acronis that has logged over 10 man hours in these client machines, they really have no answer why and they just rebuild the backup job from scratch and put it in a new folder, that’s the support for their software… It’s like the PC repair guys at the local town shop that believe in this formula

Customer + computer that has an error that isn’t related to a simple setting = reformat and charge for a system setup

I fully believe that Acronis has a similar banner hanging in the tech support office… /rant

Updating ports through SVN (subversion) instead of csup

So working on a customer’s FreeBSD server this month and being a good admin, I made sure I checked the /usr/ports/UPDATING message for anything of interest.  Lo and behold, the following message:

<snippit start>

AUTHOR: [email protected]

The FreeBSD ports tree switched from CVS to Subversion. A Subversion
to CVS exporter is in place to continue the support of CVSup.


Sure enough, I started researching the change and found that there wasn’t a great guide out there (yet), so I have this for all of you:

Changing over to SVN for updating your ports:

1. You’ll want to get SVN installed as root….

cd /usr/ports/devel/subversion && make install clean && rehash

(you can run with the defaults in the config screen)

2. Now I find that deleting the old ports tree that I built over time using csup cleans up any garbage that can be in there (old distfiles you forgot to clean, INDEX-*, and more).  Then I do the following….

rm -rf /usr/ports/ && mkdir /usr/ports && rehash

Keep in mind with root permissions already with you, that the ports directory will automatically be built with the correct permissions.  I through in a rehash because the system hated me twice, on two different servers, for killing the /usr/ports directory and recreating it… the rehash wakes up the system to the change.

3. From here, and this is where I found the instructions distracting… If you are reading this, you probably aren’t a developer, in fact, you just want a fresh copy of the ports tree so you can run portupgrade or whatever method you like to use.  The directions that I found out there require logins and more, but that’s because “you are a developer” from the perspective of the authors…. Our lives our easier than those instructions by using….

svn co svn:// /usr/ports

The co is just “copy”  and from there, I would do a portupgrade -ar , which will rebuild that INDEX-* file in /usr/ports and correctly continue from where it should as if you did a csup.

4.  So how do you update for new ports????  Simple…

svn update

that’s it…


Now, what about updating the /usr/src… I normally don’t do that, I leave that to freebsd-update fetch and freebsd-update install , but if you HAD To rebuild it, it would be:

rm -rf /usr/src/ && mkdir /usr/ports

svn co svn:// /usr/src   (or whatever release you wanted)

freebsd-update fetch

freebsd-update install


Though there isn’t a huge reason for us end users to change, IMO, it is way easier for the developers to make changes and slip in updates, plus, on our end we do enjoy a faster process than csup does for updates.


Windows Server random reboots when Event Log is full due to GPO setting

So while working on a server at one of my clients, I noticed that the server was randomly shutting down with no good explanation.  Here’s a snippit of infomation that I found in the event viewer:


Log Name: Security

Source: Microsoft-Windows-Security-Auditing

Date: 12/2/2011 4:44:13 PM

Event ID: 4625

Task Category: Logon

Level: Information

Keywords: Audit Failure

User: N/A

Computer: servername.domain.local


An account failed to log on.



Security ID: NULL SID

Account Name: –

Account Domain: –

Logon ID: 0×0


Logon Type: 3


Account For Which Logon Failed:

Security ID: NULL SID

Account Name: username

Account Domain: DOMAIN.LOCAL


Failure Information:

Failure Reason: Unknown user name or bad password.

Status: 0xc000006e

Sub Status: 0×0


Process Information:

Caller Process ID: 0×0

Caller Process Name: –


Network Information:

Workstation Name: –

Source Network Address:

Source Port: 61923


Detailed Authentication Information:

Logon Process: Kerberos

Authentication Package: Kerberos

Transited Services: –

Package Name (NTLM only): –

Key Length: 0


This event is generated when a logon request fails. It is generated on the computer where access was attempted.


The Subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.


The Logon Type field indicates the kind of logon that was requested. The most common types are 2 (interactive) and 3 (network).


The Process Information fields indicate which account and process on the system requested the logon.


The Network Information fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.


The authentication information fields provide detailed information about this specific logon request.

– Transited services indicate which intermediate services have participated in this logon request.

– Package name indicates which sub-protocol was used among the NTLM protocols.

– Key length indicates the length of the generated session key. This will be 0 if no session key was requested.

Event Xml:

<Event xmlns=””>


<Provider Name=”Microsoft-Windows-Security-Auditing” Guid=”{54849625-5478-4994-A5BA-3E3B0328C30D}” />







<TimeCreated SystemTime=”2011-12-02T22:44:13.352802000Z” />


<Correlation />

<Execution ProcessID=”556″ ThreadID=”660″ />



<Security />



<Data Name=”SubjectUserSid”>S-1-0-0</Data>

<Data Name=”SubjectUserName”>-</Data>

<Data Name=”SubjectDomainName”>-</Data>

<Data Name=”SubjectLogonId”>0×0</Data>

<Data Name=”TargetUserSid”>S-1-0-0</Data>

<Data Name=”TargetUserName”>username</Data>

<Data Name=”TargetDomainName”>DOMAIN.LOCAL</Data>

<Data Name=”Status”>0xc000006e</Data>

<Data Name=”FailureReason”>%%2313</Data>

<Data Name=”SubStatus”>0×0</Data>

<Data Name=”LogonType”>3</Data>

<Data Name=”LogonProcessName”>Kerberos</Data>

<Data Name=”AuthenticationPackageName”>Kerberos</Data>

<Data Name=”WorkstationName”>-</Data>

<Data Name=”TransmittedServices”>-</Data>

<Data Name=”LmPackageName”>-</Data>

<Data Name=”KeyLength”>0</Data>

<Data Name=”ProcessId”>0×0</Data>

<Data Name=”ProcessName”>-</Data>

<Data Name=”IpAddress”></Data>

<Data Name=”IpPort”>61923</Data>




Maybe you googled part of that event log and found this… Good news….  Sure enough, I found that the server was shutting down because the event log  was set to shutdown the server once full.  This was due to group policy being enforced and verifying that the event log for system, security, or application (can be a combination of any) was set “Do not overwrite events” in the properties of each log.  Get into your group policy and disable this policy, which is found in Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options


Minecraft Backup

This script is a simple script that will backup by the date, that way, you can put a cron job together that will backup your Minecraft server on a nightly basis.  As my scripting skills are basic, it works, but I’m always open to hearing better methods


—-Start Script—-



mkdir -p /usr/backups/minecraft/$(date +%d_%m_%Y)

cd /usr/backups/minecraft

cp -R /usr/local/www/minecraft_server /usr/backups/minecraft/$(date +%d_%m_%Y)

tar czf $(date +%d_%m_%Y).tar.gz $(date +%d_%m_%Y)

rm -R $(date +%d_%m_%Y)


—-End Script—–


Now that backup will run as root, but you can always demote the script from root (I have a  noshell user called minecraft24, then chown the folder in step 1) as there is no reason anything Minecraft should run as root.  That backup script will create subfolders that will be named by the date, backup, tar, and clean itself up so you have a nice backup.  Now, you’ll need a crontab…


—Start Crontab—-





30 23 * * * /usr/backups/


—-End Crontab—-


So my crontab runs everyday at 11:30pm Local time… There’s nothing special going on here, but for someone that is new to crontabs and making simple backups, this should be helpful.