1 / 34

Officers Reports

Business 1. New members ??Exec BoardSpeakersVista Launch. Business 2. Skip July

wirt
Download Presentation

Officers Reports

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

    1. 2/21/2007

    2. Officers Reports VP- Treasurer Secretary Librarian Web Master

    3. Business 1 New members ?? Exec Board Speakers Vista Launch

    4. Business 2 Skip July & Aug ?? Icon? Guests

    5. DST 2007 Energy Bill passed in 2005 New start and stop for DST Start 2nd Sunday of March (Mar 11, 2007) End 1st Sunday of November (Nov 4, 2007) Most computers utilize UTC and a Time Zone offset. EST = UTC -5 EDT = UTC -4

    6. DST 2007 OS patches are required. Many applications that utilize calendaring functions also require patches. MS (http://support.microsoft.com/gp/cp_dst) Patches issued for WinXP SP2, Win2K3, and Vista. Patches issued or in the works for Exchange 2003, Sharepoint Services. Many reported issues with some of these. Including unable to mount message stores after appllication.

    7. DST 2007 Exchange Integration products: BlackBerry Many issues reported, after running MS Patches. Others Issues reported for Active Sync after application of patches. Some people taking a wait and see approach, rather than risk losing Email.

    8. DST 2007 Novell Download dstshift_1.zip, good from 4.x to 6.5. Java patches needed for JVM Unix Every vendor different, some major patch, others . . . Java Rumors of a patch coming out for Java. http://java.sun.com/developer/technicalArticles/Intl/USDST/ Cisco (http://www.cisco.com/en/US/customer/tech/tk648/tk362/technologies_tech_note09186a00807ca437.shtml) Many already fixed, requires configuration change.

    9. DST 2007 Will this effect Citrix?  NO Will this effect Wyse? YES Will this effect Check Point? YES Will this effect Juniper? YES Will this effect Fortinet? YES

    10. DST 2007 Citrix These changes should not affect Citrix products. Citrix recommends that you follow the guidelines set forth by the operating systems you intend to use with Citrix products as you prepare for these changes.

    11. DST 2007 Wyse Thin clients are different from traditional PCs because they rely on the server to deliver applications to the users. Impact of the daylight savings change to Wyse customers is significantly lower for thin clients as opposed to PCs. The thin client users access the server to use their applications. The change in DST 2007 will have an impact on some legacy application as well as automated and technology reliant products, for example: •  Calendar / scheduling applications •  Date / time calculations (current and historical) •  Transaction logging (UTC vs. Local Time) •  Tariff billing applications .

    12. In many cases, making the necessary changes  to accommodate the new DST legislation will be  a relatively minor task.  Users may need to manually adjust the time on their devices when the change occurs. Wyse products affected by the 2007 DST Changes: Several Wyse products are affected by 2007 DST legislation. Updates to these products are being developed and tested. Some of them are currently available, with the remainder scheduled to be released from January 2006 through early March 2007. Please visit http://support.wyse.com to obtain available downloads. Please visit the WYSE Knowledge Base for more information regarding which thin clients will need updates

    13. DST 2007 Check Point The possibility of time sensitive components of the Security gateway and SmartCenter environment experiencing problems exists and must be prevented.  SecurePlatform fix for North America Daylight Saving Time (DST) for the 2007 year needs to be installed on the Security gateway. Operating systems take their time from the real-time system clock in the system hardware. Solution Note: The list of compatible versions is not exhaustive and must be verified off-line before installation in a production environment. Older hardware platforms may not be able to support operating system versions that are compliant with the change in DST and may require replacement. Solaris patches should always be tested in a lab environment for compatibility with the specific build of your Check Point application before deployment in a production system. Incompatibility between Solaris patches and the Check Point kernel module can cause memory trap errors and kernel panics.

    14. The following versions of IPSO are certified by Nokia to be compliant with the new DST: 3.8 build 058 3.8.1 build 044 3.9 build 052 4.0 build 040 4.1 - all builds 4.2 - all builds The following versions of SecurePlatform are certified b Check Point to be compliant with the new DST: VPN-1/FireWall-1 NG with AI R55 HFA_19 VPN-1 Pro NGX R60 HFA_04 VPN-1 Pro NGX NGX R61 take 56 (dated Aug 2006) VPN-1 Pro NGX R62 The following versions of Crossbeam XOS are certified by Crossbeam Systems to be compliant with the new DST: XOS 7.2 and later.

    15. DST 2007 Check Point (cont) The following vers of Sun Solaris are certified by Sun Solaris 8 with patch 109809-02 and 108993-52 or later Solaris 9 with patch 113225-03 and 112874-33 or later Solaris 10 with patch 113032-01 and 119689-07 or later The following versions of Windows operating systems are certified by Microsoft to be compliant with the new DST: Only Windows XP SP2, Windows 2003 Server and Vista versions will be fixed. Windows Update will begin pushing out fixes 1/02/2007 http://www.microsoft.com/windows/timezone/dst2007.mspx The following versions of Red Hat Enterprise Linux are certified by Red Hat to be compliant Red Hat Enterprise versions 2.1 and later are fixed. up2date began pushing out fixes in 2006. For systems not subscribing to Red Hat Network, the following fixes must be installed manually:

    16. 1. Red Hat Enterprise Linux 2.1 users must update glibc. 2. Red Hat Enterprise Linux 3 and 4 users must update the tzdata package. See http://kbase.redhat.com/faq/FAQ_80_7909.shtm for more information. There are several options to resolve the new Daylight Savings Time (DST) issues: 1. Use Coordinated Universal Time (UTC). UTC has no Daylight Savings Time and systems on it are immune to this issue. 2. Upgrade all systems to compliant platforms. 3. Leave systems unchanged and accept log time-stamp errors in SmartView Tracker. Security gateways, SmartCenter servers and VPNs will continue to run uninterrupted even if nothing is done to make the environment compliant.

    17. VPNs may be forced to obtain and install new Certificates from the CA server, depending on the expiration time of the existing Certificates, causing brief delays (~4 seconds) in traffic inspection through VPNs. Time stamps on logs in SmartView Tracker may appear to be as much as 23 hours off, but log services use UTC and actual log time stamps are not corrupted by not Correcting this problem. Application times can easily be corrected by restarting Check Point daemons on affected systems. On Security gateways and SmartCenter servers, run the cprestart command for VPN-1/FireWall-1 NG AI and VPN-1 Pro NGX. For VPN-1/FireWall-1 NG and earlier, run the cpstop and cpstart commands. Provider-1 servers can be corrected by running the mdsstop and mdsstart commands on the MDS. Note:  VPN-1 Edge is not affected by this issue since the logs are already sent in UTC time to SmartCenter and SMP.

    18. DST 2007 Juniper Solution: Universal Time- A general purpose workaround which may be feasible for some customers is to use a time reference that is not subject to Daylight Saving Time schedules, such as UTC. This is the preferred option for organizations that have devices deployed outside of the United States, as it provides time stamps that are unambiguous in all cases. Product Bulletins Juniper's JTAC has issued several Technical Bulletins regarding the 2007 Daylight Savings changes and how to make sure your products are prepared.  You must be logged in to the Juniper website to read these Bulletins. For JUNOS software: http://www.juniper.net/alerts/viewalert.jsp?txtAlertNumber=PSN-2006-12-027 The time-zone rules supplied with the JUNOS operating system have been updated to reflect this most recent change. With the exception of JUNOS 7.3R3, all versions of JUNOS software built on or after January 18th, 2006 include the updated time-zone rules. This includes JUNOS releases 7.2R4, 7.3R4, 7.4R3, 7.5R2, 7.6R1, 8.0R1, and all subsequent releases.

    19. For JUNOSe software: JTAC Technical Bulletin PSN-2006-12-029 The time-zone rules supplied with the JUNOSe operating system have been updated to reflect this most recent change.  The following upcoming versions of JUNOSe software will include the updated time-zone rules: 7-0-5, 7-1-5, 7-2-3, 7-3-3, 8-0-1, 8-1-0 For WXOS software: JTAC Technical Bulletin PSN-2006-12-021 For ScreenOS software: JTAC Technical Bulletin PSN-2006-12-011 For IDP software: JTAC Technical Bulletin PSN-2007-02-008 For DXOS software: JTAC Technical Bulletin PSN-2007-01-001 For SSL software: JTAC Technical Bulletin PSN-2006-12-022 For NSM software: JTAC Technical Bulletin PSN-2007-01-024 For Steel Belted Radius software: http://www.juniper.net/customers/support/products/sbr_series.jsp For Odyssey Access Client software: http://www.juniper.net/customers/support/products/oac.jsp

    20. DST 2007 Fortinet Although the current code on Fortinet appliances can handle regular DST changes, an adjustment was needed to accommodate for the recently introduced DST extensions. Fortinet appliances which do not have the DST extensions patches will not automatically change the system time on March 11, 2007. The time will be off by one hour, but firewall operations will continue as normal. Human intervention will be required to set the proper time. The will not prevent the use of NTP. NTP uses UTC time for synchronization. The conversion from UTC to local time is done internally by the Fortinet appliance, and therefore will still require the adjustment.

    21. The main risk will be time-related inconsistencies which may affect business practices, and logging reports. For example: •     Firewall policies relying on schedules (time sensitive) will be applied on a different time. They will be off by an hour. •     Time-stamps on logs will be different (off by an hour). This may affect users who do log analysis based on time stamps. Fortinet is aware of this change, and the respective OS have been corrected. See the list below for details. FortiGate:        FortiOS 3.0 MR3 - To be supported. A special MR3 patch is in development. FortiOS 3.0 MR4 FortiOS 2.80 - To be supported. A special MR12 patch is in development. FortiAnalyzer:  FortiAnalyzer 3.0 MR4 FortiManager:  FortiManager 3.0 MR3 supported when released FortiMail:         FortiMail 2.8 MR1

    22. But wait, there’s more http://msexchangeteam.com/archive/2007/02/14/435267.aspx

    23. I’m trying to run the Exchange server DST tool and I have a problem running the “Grant Mailbox Permission Script”  When I try to run ‘CSCRIPT GrantMailboxPermission.vbs –ADD’ it comes back and gives this error message “Failed to get user's LDAP path from /O=FIRST ORGANIZATION/OU=FIRST ADMINISTRATIVE GROUP/CN=RECIPIENTS/CN=USERNAME” I had to use 'cscript GrantMailboxUserPermission.vbs -ADD domain\user output.txt' The output.txt contained a line by line listing of user mailbox locations as in '/O=OUREMAIL/OU=FIRST ADMINISTRATIVE GROUP/CN=RECIPIENTS/CN=USERNAME'

    24. Updated Exchange guidance: *NEW!* Step-by-Step run of the Exchange Calendar Update Configuration Tool (MSExTMZCFG.EXE) is available at http://msexchangeteam.com/archive/2007/02/14/435267.aspx *NEW!* DST and resource mailboxes – Auto Accept Agent and Direct Booking workarounds http://msexchangeteam.com/archive/2007/02/16/435404.aspx *NEW!* How to find public folder calendars and their owners http://msexchangeteam.com/archive/2007/02/16/435378.aspx *NEW!* Microsoft IT has released some communications documents that you can use with your customers and users.  Ensure  These are attached.  They are Office 2007 documents and, if you need it, you can go to the Microsoft Website at http://www.microsoft.com/downloads/details.aspx?FamilyId=941B3470-3AE9-4AEE-8F43-C6BB74CD1466&displaylang=en and download the Office Compatibility Pack (make sure you install all high-priority updates from Microsoft Update first) *NEW!* Office 2003 CDO has been released and should be available tomorrow at: http://suppport.microsoft.com/kb/932962

    25. In addition, there will be an update to the Data Update Tools for Outlook and Exchange coming soon. The update is based on customer feedback requesting additional functionality. If you are able to accomplish your tasks with the current tools, no changes are necessary. Here are some of the changes coming in the updated tool: Ensuring that single instance items created after the date on which the operating system time zone updates were applied are not rebased Rebasing calendar items and suppressing calendar updates Rebasing resource mailboxes Rebasing calendars items stored in public folders Reporting the changes made by the Outlook Time Zone Data Update tool

    26. MSIT Guidance: The following documentation was published recently after Microsoft’s IT department presented their DST solution during an internal webcast.   There will be a presentation made available on Friday.   It may be a few days before that webcast is made available on-demand but in the meantime, below are the main documents. Microsoft IT Guidance MSIT DST Assessment Checklist MSIT DST Enterprise Response Plan MSIT DST Patching Overview MSIT DST Exchange TZ Update Tool Guidance MSIT DST Outlook TZ Update Package Guidance

    27. the DST update for exchange KB926666 denied you the appropriate permissions through these protected groups under adminSDholder object. Might want to check out Method #2 in the URL below… http://support.microsoft.com/kb/817433 For domain admins – or any other protected group - the easiest way is assigning the rights through the “adminsdholder” as listed in this article (method #2). http://support.microsoft.com/kb/817433

    28. You also cannot install on a system with Exchange System Manager installed. Also, you need an account with Full Access and Send As permissions to all mailboxes. THere is a script on that page you would use, and that DOES need to to be run from the Exchange server. After you have made your input file containing users and time zones to update I used the tool to update Exchange. Also, when using the tool, you need to point to the tzmove.exe under the 'c:\program Files\Microsoft Office\Office12\Office Outlook Time Zone Data Update Tool\tzmove.exe'. After all of that I still have some recurring appointments during the Time Zone change that are not correct.

    29. Make sure you have the Outlook tool installed on the machine you are running the exchange tool on. Also, I had to move the MSExTmz folder off the root of the C: drive Karen, I was having a challenging time with the Exchange tool, so I ran the msextmzcfg.exe file instead and it worked here. The Exchange tool cannot be run WITH Exchange. You must install it with Outlook and run it on a server or workstation without Exchange installed on it. (no ESM)

    30. To run either exchange tool, you need to install the Outlook admin tool, and you also need Outlook on the machine you run it from. 'Exchange tool' from the Exchange server to reset all future appointments affected by DST to the correct future time. http://support.microsoft.com/kb/930879/en-us

    31. Addendum on 2/23 Checkout http://support.microsoft.com/kb/930879/en-us There is a note that the 926666 update should not be applied before rebasing, or OWA created recurring appointments may be incorrect. There are other key items to note in the article (some new).  The tool now runs about twice as fast.

    32. Mar 21 Paul from Pauldotcom.com security expert FireWall Hacking April 18 Steve Carbone Microsoft software virtualization May 16 Susan Young on Wireshark packet sniffing networks June 20 Lee Benjamin Exchange 2007

    33. Members asking Members Mutual Support

    34. Dirk Smith www.alexanderlan.com System Management / Recovery / Diagnostics

More Related