[Complete] Next Maintenance Window 6/28/09

Posted on by

This month’s outage was completed 1:30PM.  All services other than Cascade Web and Banner were available by noon as expected.

The next production maintenance window is Sunday, June 28th, from 8:00 AM to 4:00 PM.

From 8:00 AM to Noon, all services may be intermittently or entirely unavailable, including:

  • E-mail
  • Personal and departmental file shares (on Alexandria and Merlin2)
  • Database Applications:  Cascade, FAMIS, Millennium, and Banner

Please note that Cascade Web and Banner will continue to be unavailable until 4:00 PM.

OID Test groups and group members recreated today

Posted on by

The Groups container was accidentally deleted in the OID test database today and had to be re-created based on priv data in the Summit database.
Here are the steps we had to do to recover everything:
1. Recreate the Groups container.
Export the Groups container definition (as an LDIF command) from the OID production instance, and import it into OID test. You’ll need an LDAP browser tool to do this, like JXplorer.
2. Recreate all the AD groups.
Set the status of all the pugetsound domain groups in the privilege table to PA and run
privcmd.resolve_pending_privdef on each one.
3. Recreate the members in the AD groups.
Set the status of all AD person_privilege records to PA and run privcmd.resolve_pending_privs.
4. Recreate the portal group container.
Export the portal.070109.134036.113589000 container definition (as an LDIF command) from the OID production instance, and import it into OID test. You’ll need an LDAP browser tool to do this, like JXplorer.
5. Recreate all the portal groups.
Set the status of all the portal groups in the privilege table to PA and run
privcmd.resolve_pending_privdef on each one.
6. Recreate the members in the portal groups.
Set the status of all portal person_privilege records to PA and run privcmd.resolve_pending_privs.
7. Address any unusual configuration issues.
ViewsFlash groups have a special setup, the administrator group is a member of the creator group, so that has to be done manually.

Office 2007 Compatibility Files Installed on Campus Computers

Posted on by

In preparation for the Office 2007 deployment in late July, Microsoft Office Compatibility files will be installed on campus computers this evening. In addition, we will be performing system scans over the next few days to ensure PCs meet the minimum requirements for Office 2007.

No action is needed from the campus community and the files will be automatically applied upon rebooting after June 23, 2009. The reboot may take a minute or two as files are applied.

To install the Microsoft Office Compatibility Pack on your home computer, follow the links on our download page.

Visit our Web site for information on today’s preparation phase or the coming Office 2007 project.

[Complete] Pre-Production Patch Window 6/18/09 7am-9am

Posted on by

Only the following servers were patched due to limited staff availability:

  • EXDEV
  • FIDALGO
  • GALAXY
  • KETRON
  • PORTAL
  • VS0

During this month’s pre-production patch window the following servers will be patched from 7am-9am on Thursday 6/18/09:

  • lummi
  • pilchuck
  • kickstart
  • moodle2
  • EXDEV
  • FIDALGO
  • GALAXY
  • KETRON
  • PORTAL
  • VS0

\merlin2oiscommonnssgdocumentationpatchprocessjune2009june2009.docx

[Resolved] Spam Sent From The E-mail System 6/4/09

Posted on by

A spammer gained control of a user account today when the account owner responded to a phishing message. The spammer sent a large volume of spam. This was noted at 9:30 PM and the user account was locked. TS staff will be checking with several recipient sites such as HotMail and Yahoo to make sure that the college has not been placed on blacklists, but you may experience E-mail delivery problems because of this incident.

[resolved] Web forms was down this morning

Posted on by

Web forms was down this morning which included Cascade, Famis and Banner (a separate announcement has been posted to the Help Desk site for public viewing).
Patches were applied on the sanjuan server yesterday, and it wasn’t working after that. Paul fixed something in the configuration and bounced the server and now it’s working again.

5/31/09 Maintenance Details

Posted on by

See the post in the “Maintenance Windows” catagory for the public communication.  This post is to expand on what servers were patched, and basic changes.  All of the following patches were applied by noon.

The following windows servers were patched (Windows updates):

ALEXANDRIA

BE1

BE2

BE3

CLTACC1

CLTACC2

CMS

DHCP-1

DM-1 to DM-8

EPO

FE1

FE2

ILLIAD

INTCHK

KEEPER

MAURY2

MBS1

MBS2

MBS3

MEDIA

MERLIN2

PROJECTS

SANJUAN

VASHON

VERONICA

VIAWARP

VMMON

WEBSERVER1 (SP2 applied)

WEBSERVER2 (SP2 applied)

VMWare:

vmhost1

Linux (all available OS and Dell RAID FW/Drives as applicable):

orcas

tahoma

purgatory

styx

hades

gehenna

Additional changes on Sophos PMX servers:

Purgatory:

Turned Perc write cache on (write back), and changed linux readahead:

sudo blockdev –setra 8388608 /dev/sda
Rest:
policy on
adaptive read ahead

[Complete] Maintenance Window 5/31/09

Posted on by

[Update 5/31/2009 1:00 PM] All service has been restored, and this maintenance window is complete.

[Update 5/31/2009 12:15 PM] Many services have been restored, with the exception of Database Applications:  Cascade, FAMIS, Millennium, and Banner. They are expected to be available by 4:00 PM as planned.

The next production maintenance window is Sunday, May 31, from 8:00 AM to 4:00 PM.

From 8:00 AM to Noon, all services may be intermittently or entirely unavailable, including:

  • E-mail
  • Personal and departmental file shares (on Alexandria and Merlin2)
  • Database Applications:  Cascade, FAMIS, Millennium, and Banner

Please note that Database Applications will continue to be unavailable until 4:00 PM.

Directory Server (OID-AD sync) debug logging set on

Posted on by

We set the debug level back to 63 to troubleshoot the password sync errors due to AD password policy problem. Here are the commands, executed as oracle on whidbey:

oidctl connect=AS1012P server=odisrv instance=1 configset=1 flags=”port=3636 sslauth=2″ stop
oidctl connect=AS1012P server=odisrv instance=1 configset=1 flags=”port=3636 sslauth=2 debug=63″ start

Active Directory password policy was temporarily too restrictive

Posted on by

The Active Directory password policy was inadvertently set to reject passwords that did not contain any special (non-alphanumeric) character, such as *#$% etc.

The problem began about 3/21/2009 and was corrected at 3:15pm on 3/26/2009. During this period, anyone changing a password using Windows was instructed to include a special character.

Passwords changed using Cascade Web during this period were not synchronized to Active Directory, so the new password did not work for Webmail, Windows, etc. This can now be corrected by changing either the AD or OID password.

The problem was corrected by deselecting the special character requirement in the AD password policy.

Here is an example of the error in the ActiveExportUsers_Groups.trc log:

Error in executing mapping DIP_LDAPWRITER_ERROR_MODIFY
javax.naming.OperationNotSupportedException: [LDAP: error code 53 - 0000052D: SvcErr: DSID-031A0FC0, problem 5003 (WILL_NOT_PERFORM), data 0
]