vSphere 5 – health.xml error 503

Well, it has been awhile since I’ve actually blogged anything. So, here we go!

For a the past few days I’ve combating an issue upon upgrading to VMWare vSphere 5.0 – more specifically the Web Client (Server) install. After various upgrade issues, a ton of problems showed up which led to a fresh install. Post install, everything actually was working fine… except one thing: VMWare vSphere Profile-driven Storage Service, under Administration -> vCenter Server Status would show error cannot reach http://localhost/sps/health.xml with everything else green.

Check the logs on the vCenter server, vws.log shows:

Server returned HTTP response code 503 for URL: http://localhost/sps/health.xml

Restarts of entire server, services, etc were not fixing this. Started looking at config files to make changes… then it dawned on me. 503, it’s busy – meaning that port is in use, which it is and WORKING for the other services. So, rather then restarting ALL the services all at once… I restart JUST the “vSphere Web Client” and the error went away.

This tells me, that the vSphere Web Client service was trying to load at an odd time/before the web server was up.

HTH.

Cheers.

AntiVirus 2010 – MALWARE

So, I’ve been hearing more and more buzz about this malware floating around on the internet like a piece of shit that won’t flush called AntiVirus 2010. I often recommend, even for tech geeks, to run some sort of AV to avoid worm related items, etc though the last few years I think that message is more or less out there. Lately, my latest kick for AV is that of MSE or Microsoft Security Essentials. I am curious to see this evening, or soon, that if this will actually prevent this software from installing as it can be a bit fucking nasty when it comes to the removal of it.

A personal favorite, Malwarebytes, seems to be completely thwarted by this floater. It will remove parts of it, but not the entire thing. I did find this great mark-up of where AV2010 goes and what it touches here.  One big portion of this is the domain list that it uses to connect on(received from the above link):

best-online-antivirus-scanner.info
av2010pro.com
av1-scanner.info
av1-download.info
download-antivirus2010.info
cleanyourpc-now.info

My main point of curiosity on these items is whether a simple entry into the hosts file redirecting these domains to 127.0.0.1 can be used to help thwart troubleshooting this in normal mode.  I will conduct a few tests as soon as I can in the next few days and see where I get with this.  I am betting that it will work just fine, as those domains try to load, it will simply redirect to local host and not load anything.

A simple test of attempting to just browse to these domains will show only the last 2 resolve to anything useful, typical of malware and 1 landing page.  Now this might be because of AdBlock Plus(FireFox plugin) but I did not see anything in its giant list pertaining to those domains above. So the block, if one, may be an element trying to be loaded on the page – we’ll see on later tests.

Bottom line thus far this site seems to be the best path to get this thing removed.

UPDATE:

But wait! There’s more! So, from my initial poll of folks(Thanks Sean!(Give him money, damnit!!!)), it does look like there is a variant on this as well which is Home AntiVirus 2010. Fantastic! This now totals 9 domains used to redirect:

homeantivirus2010.com
homeantivirus-2010.com
home-antivirus-2010.com

Plus the above 6:

best-online-antivirus-scanner.info
av2010pro.com
av1-scanner.info
av1-download.info
download-antivirus2010.info
cleanyourpc-now.info

Simple redirects on firewalls, ‘rogue’ DNS entries, host file redirects etc should do the trick in disallowing this from getting populated onto machines. This is under the very strong impression that those are the only domains used to get this data and these aren’t mirrored somewhere else.

I would say the easiest way to circumvent this on our parents PCs would be a hosts file entry:

Path: %WINDIR%System32driversetchosts

Modification:

homeantivirus2010.com    127.0.0.1
homeantivirus-2010.com    127.0.0.1
home-antivirus-2010.com    127.0.0.1
best-online-antivirus-scanner.info    127.0.0.1
av2010pro.com    127.0.0.1
av1-scanner.info    127.0.0.1
av1-download.info    127.0.0.1
download-antivirus2010.info    127.0.0.1
cleanyourpc-now.info    127.0.0.1

This redirect can be to google.com and does not have to be to the localhost. This entry can also be made in most firewalls as mentioned above. The biggest issue of it all is our major providers of AV and Malware protection are not actually taking care of the problem by denying the software from installing.  Thinking back they haven’t really been protecting machines of this. I am not sure if we can consider these products malware protection.

I will leave rants for anther post oh and more as it comes….

UPDATE 2: Looks like I’ll be getting a copy of this file to do some testing… finally!

Peace.

IIS 7 Logging

This morning I found a nice little command line switch that tells the IIS 7 log buffer to write to the file on disk.  This is especially handy, since getting a log to write for SEO and log processing purposes can be a serious bitch if you don’t have a file written to!

Here is that command:

netsh http flush logbuffer

Other commands associated with the HTTP portion of netsh are all documented on MSDN Technet here, http://tr.im/NDmZ. Comes in pretty damn handy with IIS 7 and Windows Server 2008.

Good luck.

Congratulations Microsoft!

It’s been a bit, why not kick things off again with a rant!

Official Post.

I was wondering what had happened last night, as Bing is my default search on my Dell Inspiron 10v netbook.  In the middle of working on something, non-critical, the usual ‘hey, let me look that part up!’ occurred, to which I received a 500 error. For the non-tech reading this, 500 error is usually what shows up when the server can’t process the request you fired off to it. After a few twitch F5(refresh) taps, I was laughing pretty good and just used Google in the meantime.

The part that isn’t so amusing to me, is that they are missing about 15-30 minutes of outage time in the report given above, as a guess, they probably found out about this at 8:30PM Arizona time, but in all reality, errors started occurring much much sooner.

/sigh

BBC Stated, “Not all aspects of the Bing service were knocked out by the configuration change. Many reported that Bing Maps was still available.”

Wow! That’s so great! Maps was working! …. ….. ….. …..

THE MAIN REASON YOUR SITE EXISTS WAS DOWN, but hey! Bing Maps was working!

@Bing: why?  You were doing so well. From the semi-clever ‘decision engine’ campaign to everyone was making fun of you, I really saw this as a new opportunity for you to reinvent your appeal to the public in software services. Now, now everything everyone was making fun of you about is actually true, again.

… …. ….. …. …. …..

Alright, alright. Truly, most of the above is complete sarcasm. I find it amusing how quickly people love to bash the shit out of Microsoft at any chance they can get. Nevermind it being the main source of  how most get to these places. Oh wait, people bash that too. Doesn’t get old after over 10 years of doing it? I swear, I think people have just gotten used to doing it and reading it. Notice how everyone mentions Google at some point or another in their posts, but how quickly everyone forgot that it too just went down earlier this year.

Back off, give them a fucking break considering it was an hour without your precious Bing and an hour without your precious Google, respectively. Oh wait, no one complained about Google. Tenure you say? Hmmm, pretty sure Microsoft/MSN/Live/Bing has been around a metric-fuckton longer then Google. But Google does do a lot of things very right. It is a pickle.

Peace.

Direct Email To Cell

I don’t know how many times I have gone hunting for this information, but it has definitely been enough to make me want to rip my eyeballs out…

bang-head-on-keyboard

So, I will blog it!  That is what a blog is for, to share information!  So here you go!  This is a break down per provider(taken from http://tr.im/wiFw):

T-Mobile: phonenumber@tmomail.net
Virgin Mobile: phonenumber@vmobl.com
Cingular: phonenumber@cingularme.com
Sprint: phonenumber@messaging.sprintpcs.com
Verizon: phonenumber@vtext.com
Nextel: phonenumber@messaging.nextel.com

Yes, it is invaluable.  Use it.  Enjoy it.  Now, if I only knew what Google’s Voice address was… hmmm…

Peace.