We installed a remote backup server running Debian Linux in a client’s home. The backup server is also a firewall to protect the home’s Personal Computers. The home network also had a Twonky MediaServer to manage the components of a home theater.

Due to the way the home is wired (and other reasons) the Denon receiver sits outside the firewall in a DMZ behind the internet modem on a separate LAN. This caused the Twonky MediaServer to not be able to connect to the Denon receiver without opening some ports on the firewall. We typically run a closed outbound policy and open ports as needed.

We spent some time trying to research what ports the Denon was using. Unfortunately documentation was lacking so we had to resort to the old fashioned method. Here was the steps we took and the results.

The DMZ network where the Denon resides is on the 192.168.0.0/24 network.

First step was to port scan the network with nmap to find any responding IP’s. The Denon as you can see was kind enough to identify itself.

firewall:/$ nmap -sP 192.168.0.0/24
Results:
Host 192.168.0.102 appears to be up.
MAC Address: 00:00:00:00:00:00 (Denon)

We found the Denon so let’s see what ports are open.

firewall:/$ nmap 192.168.0.102
Starting Nmap ( http://www.insecure.org/nmap/ ) at 2009-01-19 16:19 PST
Interesting ports on 192.168.0.102:
Not shown: 1673 closed ports

PORT     STATE SERVICE
23/tcp   open  telnet
80/tcp   open  http
443/tcp  open  https
5000/tcp open  UPnP
5001/tcp open  commplex-link
6666/tcp open  irc-serv
8080/tcp open  http-proxy
MAC Address: 00:00:00:00:00:00 (Denon)

Ahh, looks like UPnP, so open it up and test connectivity.

firewall:/# telnet 192.168.0.102 5000
Trying 192.168.0.102…
Connected to 192.168.0.102.
Escape character is ‘^]’.
HDMODE ANALOG

We had a machine come in recently that had a virus.  One of the files we deleted was in the Documents And Settings\<user>\Local Settings\temp\ dir called mousehook.dll. We’ve seen this file associated with Trojan.Dropper/Multi-CN.Process. We used KillBox to delete on reboot. Well upon reboot we logged in, the wallpaper flashed briefly and instantly logged back out to the log in screen. Hmmm…. same story in safe mode. Long story short here’s the fix to the log in and log out immediately problem that worked for us.

1. Boot into your XP cd

2. Select “R” to enter Recovery Console

3. cd to c:\windows\system32

4. Look for userinit.exe

5. If it’s there type the folowing: copy userinit.exe wsaupdater.exe

6. If not type the following: copy dllcache\userinit.exe .

7. Reboot

In our case c:\system32\userinit.exe was gone. In googling the issue we found reference to removing Search Assistant causing this problem. If you did step 5 and NOT 6 then you’ll need to do the following.

8. in Start -> Run type regedit and then hit enter

9. Now find the Userinit key in:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\

10. change the entry: C:\WINDOWS\System32\wsaupdater.exe to read C:\WINDOWS\System32\userinit.exe

11. Reboot

In our case the virus removed the userinit.exe file. Your mileage may vary. The standard disclaimer applies when editing the registry. Always back it up before making any modifications.

**UPDATE 04/03/2009**

We had a laptop come in and userinit.exe was NOT in the dllcache directory. In that case you’ll need to do the following while in the recovery console.

1. change your directory to the CDROM/DVDROM drive.

2. cd i386

3. expand userinit.ex_ c:\windows\system32

After entering the expand command you should see the text “1 file(s) copied”.

Restart your computer and you should be able to log on.

**Update 5/12/2009**

We had a XP Home system come in that immediately rebooted at the Windows splash screen while starting up before it gave us a login prompt. We went into the recovery console and started by doing a check disk.

C:> chkdsk c: /r

We exited and it rebooted to the login prompt. Obviously not the same issue as above but we wanted to throw that out there since it was a simple fix.

We install a lot of outdoor cams for various reasons. Security cameras for construction sites, Several ski resort outdoor camera solutions, and in store security camera systems to name a few.  One of the fun things we’ve done here was a job to play a multi-media loop in a ski lodge. The resort wanted pictures, videos, and live shots from the camera on the hill.

We found an easy solution to playing the live video in mplayer. We used an Ubuntu 8.10 Hardy install on a laptop to drive the presentation that was programmed in python.

mplayer -fps 25 -demuxer lavf -user <cam username> -passwd <cam password> http://<cam ip or dns name>/axis-cgi/mjpg/video.cgi?0.mjpg

This will connect to web based video cams; axis and stardot netcams have been tested.

If you have any questions regarding outdoor cameras for your business or location please call us at 509-465-1234 or visit our main site at http://www.interlinkadvantage.com/all_weather_security_cameras.php

Backing up data is critical to the success of your business. Whether you are an Ubuntu Linux shop or a windows shop. You must implement a sound backup strategy to ensure your business doesn’t suffer serious hardship if not outright failure. Consider the following scenario.

You open your office in the morning, grab a cup of joe, and sit down to get the day started. You open up your vertical market app to discover you have no client data. “What the heck??” your sales and billing data is gone as well. You search through the filesystem, in every app you can think of, and your data is gone. No problem I’ll retrieve it from the tape backup. You pop in the first tape only to discover the tape is unreadable. “No problem” you think and slap in the previous days tape. Same story different tape. As you work through your 14 day rotation of tapes you discover that your backups have been corrupted for months.

Can you survive the above scenario? Is it a little extreme or fear mongering? It is extreme but it’s real. A disgruntled employee erased a local businesses data AND the backups were unrecoverable. The odd thing of the story is that this business owner had a backup strategy. A lot don’t. Can your business survive the loss of the server or workstation housing the data your busines depends on to survive? How much is your business worth? $100,000, $400,000, millions? Can you afford NOT to have a backup strategy?

Whew, that was harsh but the fact is a proper backup strategy will potentially save your business some day. “So what do you recommend?” Glad you asked! Let’s look at two methods of backing up.

Tape Drive backup:

Historically tape backups have been the preferred method. Unfortunately it’s also proven to be error prone and without properly testing your backup strategy you won’t know until it’s too late that your data is unrecoverable. Ok, let’s look at the cost of tape drives and tapes.

EXABYTE 119.00500 Black 1.6TB Internal Ultra2 SCSI LVD Interface VXA-2 Tape Drive - 1100.00.
A 80/160GB tape is $60.00 x 7 - 420.00. Really you need 10 - 14 but we’ll just go with a minimum.
SCSI Card- $150.00. (Chances are good your server did not come with one.)

$1670.00

That’s average for the hardware. Depending on how much your time is worth you now have to design and implement your backup strategy. Full back up one day and incremental the other six? Full backup every day? We recommend at least one full a week. Ok, so now you’ve designed your strategy it’s time to implement it. Who rotates the tapes manually everyday? Who takes the others offsite? Who tracks what tape is tonights backup? etc… There is considerable planning and effort necessary to implement a proper tape backup strategy. You must factor in the human element as well. Someone must rotate the tape everyday. Someone must take tapes offsite. Invariably a step in the process gets missed with dire ramifications.

Let’s look at our other option.

Remote Data Backup:

Remotely backing up your data to disc is becoming more popular as bandwidth increases for business Internet connections. In our typical set up we backup data from a windows server via rsync or a network share to a Linux server acting as a firewall/fileserver. Then upload the data to a backup server. After the first initial full backup the backed up data is only files that have changed. This all happens at night, automatically without human intervention. You have a daily, weekly, and monthly snapshot of your data. The beauty of this solution is it’s simplicity and the fact it just works. No tapes to rotate, no tapes to test and ensure they aren’t at the end of their life cycle, no tape drives to fail. Once a remote backup to disc solution is set up it just works. Plain and simple. Your employees or your time is free to conduct your business. No need to worry “will the tapes contain data?”.

So how do you get your data. In our set up we provide you an account to access the data. Quite simple. You can access your data with an Internet connection if you need to 24 hours a day from anywhere in the world. Coupled with our server maintenance program we’ll monitor the backup daily and inform you of any problems. Additionally it can be setup to email you notifications of the status of the nightly backup. Great! So how much you ask. Please visit our remote backup solutions page for pricing.

You save that initial outlay of $2000 for hardware, the cost for proper backup software, the cost to have someone install and configure everything, and the employee costs associated with the strategy. That’s a big factor to consider when implementing a backup solution. Is it worth the $2-3000 to get it running and will it pay for itself. Remember that hardware doesn’t last forever so you’ll want to factor in replacement costs as well over the lifetime of your solution. Tapes only have so many hours available so plan on replacing them every other year or so.

We do not believe that the tape back up is the best way to go for most business at present. We have seen too many tapes brought into the shop with unrecoverable data. Granted it’s not “normal” for tapes to fail but it does happen. Many times it is a drive failure, a software failure or a configuration issue. Tape drives are not as transparent (easy to verify) that things are going according to plan and many do-it-yourselfers wind up with backups that were not as complete as they thought they were.

Backups matter if it’s your business data that’s unrecoverable which is why we prefer the remote backup, also known as a disk-to-disk solution. Your data is far safer and easier to access with that method. We’ve never had to tell a remote backup customer “sorry, no data….”

So you’ve installed ICVerify. Your here because you’ve run into some installation issues. We’ve documented a couple solutions to problems that gave us hours of headaches. Simple solutions when you read them but if you’ve never used the software and tried getting help via their support well…. your here. Having said that ICVerify is a decent product once it’s setup and you get the necessary steps down to manage it.

We’re assuming you’ve installed the software on the C:\ drive in a Master\Substation setup. In this setup  z:\ is the mapped drive on the Master station and t:\ is the drive on the subs mapped to the master. This particular installation was in a simple five workstation workgroup not a domain.

The standard disclaimer applies. This was our experience your mileage may vary.

A good one to know.
Connection to MSSQL:
<master workstation name>\icv

Installing the Sub-Station

Install ICVerify for Windows only.

Copy icverify.SET from <master workstation name>(Master)
Map T: to \\<master workstation name>\ICVerify\ICVer403
Multiple Set up change to t: and connect.

In ICVerify options set workstation #, Drive = t, ReqDir = t:\<path to reqdir>

ICVerify Troubleshooting

Problem: Substations cannot connect to master.
Resolution: Verify the icvlm32.exe process is running in the task manager on the master station.

1. Right click on your taskbar and select “Task Manager”
2. If it’s not running run the ICVerify Multi-User program
3. If it IS running click it and hit the “End Process” button at the bottom.
4. Run the ICVerify Multi-User program
1.In the Multi-User program verify the Request Directory is pointed at z:\ICWin403\reqdir NOT c:\ICWin403\reqdir. Note the z:\ and the c:\, c:\ is wrong and the program likes to change it on you. ICVerify at the time of this writing did not know why it does that….
5. Once you’ve verified the path then click the “Initialize” button. Leave minimized on the Master
6. Go to the sub station, log out and close the program if it’s open, and log in again.

Problem: User is already logged in or the program ended unexpectedly. The program thinks the user is “logged in” but they really aren’t.
Resolution: On the master log into the ICVerify User Manager. Select the login tab. You should see that user as logged in. Click on the user and log them off.

Misc. Notes

Master:
All paths in the Master ICVerify programs need to be pointed at the z:\ drive. Z:\ is the mapped drive on the master pointing at the c:\ICVerify directory. Disregard ICVerify support telling you to use c:\. We were told both ways depending on what day we called. Use your mapped drive letter. Trust us.

Sub-Stations:
Once logged into the sub-stations you verify the paths under Edit -> Options -> Substation tab. The “Master Station Drive” should be T. The “Request File Path” should be t:\icwin403\reqdir.