340 likes | 508 Views
Business 1. New members ??Exec BoardSpeakersVista Launch. Business 2. Skip July
E N D
1. 2/21/2007
2. Officers Reports VP-
Treasurer
Secretary
Librarian
Web Master
3. Business 1 New members ??
Exec Board
Speakers
Vista Launch
4. Business 2 Skip July & Aug ??
Icon?
Guests
5. DST 2007 Energy Bill passed in 2005
New start and stop for DST
Start 2nd Sunday of March (Mar 11, 2007)
End 1st Sunday of November (Nov 4, 2007)
Most computers utilize UTC and a Time Zone offset.
EST = UTC -5
EDT = UTC -4
6. DST 2007 OS patches are required.
Many applications that utilize calendaring functions also require patches.
MS (http://support.microsoft.com/gp/cp_dst)
Patches issued for WinXP SP2, Win2K3, and Vista.
Patches issued or in the works for Exchange 2003, Sharepoint Services.
Many reported issues with some of these.
Including unable to mount message stores after appllication.
7. DST 2007 Exchange Integration products:
BlackBerry
Many issues reported, after running MS Patches.
Others
Issues reported for Active Sync after application of patches.
Some people taking a wait and see approach, rather than risk losing Email.
8. DST 2007 Novell
Download dstshift_1.zip, good from 4.x to 6.5.
Java patches needed for JVM
Unix
Every vendor different, some major patch, others . . .
Java
Rumors of a patch coming out for Java.
http://java.sun.com/developer/technicalArticles/Intl/USDST/
Cisco (http://www.cisco.com/en/US/customer/tech/tk648/tk362/technologies_tech_note09186a00807ca437.shtml)
Many already fixed, requires configuration change.
9. DST 2007 Will this effect Citrix? NO
Will this effect Wyse? YES
Will this effect Check Point? YES
Will this effect Juniper? YES
Will this effect Fortinet? YES
10. DST 2007 Citrix
These changes should not affect Citrix products. Citrix recommends that you follow the guidelines set forth by the operating systems you intend to use with Citrix products as you prepare for these changes.
11. DST 2007 Wyse
Thin clients are different from traditional PCs because they rely on the server to deliver applications to the users. Impact of the daylight savings change to Wyse customers is significantly lower for thin clients as opposed to PCs. The thin client users access the server to use their applications.The change in DST 2007 will have an impact on some legacy application as well as automated and technology reliant products, for example:• Calendar / scheduling applications• Date / time calculations (current and historical)• Transaction logging (UTC vs. Local Time)• Tariff billing applications.
12. In many cases, making the necessary changes to accommodate the new DST legislation will be a relatively minor task. Users may need to manually adjust the time on their devices when the change occurs.
Wyse products affected by the 2007 DST Changes: Several Wyse products are affected by 2007 DST legislation. Updates to these products are being developed and tested. Some of them are currently available, with the remainder scheduled to be released from January 2006 through early March 2007. Please visit http://support.wyse.com to obtain available downloads. Please visit the WYSE Knowledge Base for more information regarding which thin clients will need updates
13. DST 2007 Check Point
The possibility of time sensitive components of the Security gateway and SmartCenter environment experiencing problems exists and must be prevented. SecurePlatform fix for North America Daylight Saving Time (DST) for the 2007 year needs to be installed on the Security gateway. Operating systems take their time from the real-time system clock in the system hardware.
Solution
Note: The list of compatible versions is not exhaustive and must be verified off-line before installation in a production environment. Older hardware platforms may not be able to support operating system versions that are compliant with the change in DST and may require replacement. Solaris patches should always be tested in a lab environment for compatibility with the specific build of your Check Point application before deployment in a production system. Incompatibility between Solaris patches and the Check Point kernel module can cause memory trap errors and kernel panics.
14. The following versions of IPSO are certified by Nokia to be compliant with the new DST:
3.8 build 058
3.8.1 build 044
3.9 build 052
4.0 build 040
4.1 - all builds
4.2 - all builds
The following versions of SecurePlatform are certified b
Check Point to be compliant with the new DST:
VPN-1/FireWall-1 NG with AI R55 HFA_19
VPN-1 Pro NGX R60 HFA_04
VPN-1 Pro NGX NGX R61 take 56 (dated Aug 2006)
VPN-1 Pro NGX R62
The following versions of Crossbeam XOS are certified by
Crossbeam Systems to be compliant with the new DST:
XOS 7.2 and later.
15. DST 2007 Check Point (cont)
The following vers of Sun Solaris are certified by Sun
Solaris 8 with patch 109809-02 and 108993-52 or later
Solaris 9 with patch 113225-03 and 112874-33 or later
Solaris 10 with patch 113032-01 and 119689-07 or later
The following versions of Windows operating systems are certified by Microsoft to be compliant with the new DST:
Only Windows XP SP2, Windows 2003 Server and Vista versions will be fixed.
Windows Update will begin pushing out fixes 1/02/2007
http://www.microsoft.com/windows/timezone/dst2007.mspx The following versions of Red Hat Enterprise Linux are certified by Red Hat to be compliant Red Hat Enterprise versions 2.1 and later are fixed.
up2date began pushing out fixes in 2006. For systems not subscribing to Red Hat Network, the following fixes must be installed manually:
16. 1. Red Hat Enterprise Linux 2.1 users must update glibc.
2. Red Hat Enterprise Linux 3 and 4 users must update the tzdata package.
See http://kbase.redhat.com/faq/FAQ_80_7909.shtm for more information.
There are several options to resolve the new Daylight Savings Time (DST) issues:
1. Use Coordinated Universal Time (UTC). UTC has no Daylight Savings Time and systems on it are immune to this issue.
2. Upgrade all systems to compliant platforms.
3. Leave systems unchanged and accept log time-stamp
errors in SmartView Tracker. Security gateways, SmartCenter servers and VPNs will
continue to run uninterrupted even if nothing is done to make the environment compliant.
17. VPNs may be forced to obtain and install new Certificates from the CA server, depending on the expiration time of the existing Certificates, causing brief delays (~4 seconds) in traffic inspection through VPNs. Time stamps on logs in SmartView Tracker may appear to be as much as 23 hours off, but log services use UTC and actual log time stamps are not corrupted by not Correcting this problem. Application times can easily be corrected by restarting Check Point daemons on affected systems. On Security gateways and SmartCenter servers, run the cprestart command for VPN-1/FireWall-1 NG AI and VPN-1 Pro NGX. For VPN-1/FireWall-1 NG and earlier, run the cpstop and cpstart commands. Provider-1 servers can be corrected by running the mdsstop and mdsstart commands on the MDS.
Note: VPN-1 Edge is not affected by this issue since the logs are already sent in UTC time to SmartCenter and SMP.
18. DST 2007 Juniper
Solution: Universal Time-
A general purpose workaround which may be feasible for some customers is to use a time reference that is not subject to Daylight Saving Time schedules, such as UTC. This is the preferred option for organizations that have devices deployed outside of the United States, as it provides time stamps that are unambiguous in all cases.
Product Bulletins
Juniper's JTAC has issued several Technical Bulletins regarding the 2007 Daylight Savings changes and how to make sure your products are prepared. You must be logged in to the Juniper website to read these Bulletins.For JUNOS software:http://www.juniper.net/alerts/viewalert.jsp?txtAlertNumber=PSN-2006-12-027
The time-zone rules supplied with the JUNOS operating system have been updated to reflect this most recent change. With the exception of JUNOS 7.3R3, all versions of JUNOS software built on or after January 18th, 2006 include the updated time-zone rules. This includes JUNOS releases 7.2R4, 7.3R4, 7.4R3, 7.5R2, 7.6R1, 8.0R1, and all subsequent releases.
19. For JUNOSe software:JTAC Technical Bulletin PSN-2006-12-029
The time-zone rules supplied with the JUNOSe operating system have been updated to reflect this most recent change. The following upcoming versions of JUNOSe software will include the updated time-zone rules: 7-0-5, 7-1-5, 7-2-3, 7-3-3, 8-0-1, 8-1-0For WXOS software:JTAC Technical Bulletin PSN-2006-12-021For ScreenOS software:JTAC Technical Bulletin PSN-2006-12-011
For IDP software:JTAC Technical Bulletin PSN-2007-02-008
For DXOS software:JTAC Technical Bulletin PSN-2007-01-001
For SSL software:JTAC Technical Bulletin PSN-2006-12-022
For NSM software:JTAC Technical Bulletin PSN-2007-01-024
For Steel Belted Radius software:http://www.juniper.net/customers/support/products/sbr_series.jsp
For Odyssey Access Client software:http://www.juniper.net/customers/support/products/oac.jsp
20. DST 2007 Fortinet
Although the current code on Fortinet appliances can handle regular DST changes, an adjustment was needed to accommodate for the recently introduced DST extensions. Fortinet appliances which do not have the DST extensions patches will not automatically change the system time on March 11, 2007. The time will be off by one hour, but firewall operations will continue as normal. Human intervention will be required to set the proper time. The will not prevent the use of NTP. NTP uses UTC time for synchronization. The conversion from UTC to local time is done internally by the Fortinet appliance, and therefore will still require the adjustment.
21. The main risk will be time-related inconsistencies which may affect business practices, and logging reports. For example:
• Firewall policies relying on schedules (time sensitive) will be applied on a different time. They will be off by an hour.
• Time-stamps on logs will be different (off by an hour). This may affect users who do log analysis based on time stamps.
Fortinet is aware of this change, and the respective OS have been corrected. See the list below for details.
FortiGate: FortiOS 3.0 MR3 - To be supported. A special MR3 patch is in development.
FortiOS 3.0 MR4
FortiOS 2.80 - To be supported. A special MR12 patch is in development.
FortiAnalyzer: FortiAnalyzer 3.0 MR4
FortiManager: FortiManager 3.0 MR3 supported when released
FortiMail: FortiMail 2.8 MR1
22. But wait, there’s more
http://msexchangeteam.com/archive/2007/02/14/435267.aspx
23. I’m trying to run the Exchange server DST tool and I have a problem running the “Grant Mailbox Permission Script”
When I try to run ‘CSCRIPT GrantMailboxPermission.vbs –ADD’ it comes back and gives this error message “Failed to get user's LDAP path from /O=FIRST ORGANIZATION/OU=FIRST ADMINISTRATIVE GROUP/CN=RECIPIENTS/CN=USERNAME”
I had to use 'cscript GrantMailboxUserPermission.vbs -ADD domain\user output.txt'
The output.txt contained a line by line listing of user mailbox locations as in
'/O=OUREMAIL/OU=FIRST ADMINISTRATIVE GROUP/CN=RECIPIENTS/CN=USERNAME'
24. Updated Exchange guidance:
*NEW!* Step-by-Step run of the Exchange Calendar Update Configuration Tool (MSExTMZCFG.EXE) is available at http://msexchangeteam.com/archive/2007/02/14/435267.aspx
*NEW!* DST and resource mailboxes – Auto Accept Agent and Direct Booking workarounds http://msexchangeteam.com/archive/2007/02/16/435404.aspx
*NEW!* How to find public folder calendars and their owners http://msexchangeteam.com/archive/2007/02/16/435378.aspx
*NEW!* Microsoft IT has released some communications documents that you can use with your customers and users. Ensure These are attached. They are Office 2007 documents and, if you need it, you can go to the Microsoft Website at http://www.microsoft.com/downloads/details.aspx?FamilyId=941B3470-3AE9-4AEE-8F43-C6BB74CD1466&displaylang=en and download the Office Compatibility Pack (make sure you install all high-priority updates from Microsoft Update first)
*NEW!* Office 2003 CDO has been released and should be available tomorrow at: http://suppport.microsoft.com/kb/932962
25. In addition, there will be an update to the Data Update Tools for Outlook and Exchange coming soon. The update is based on customer feedback requesting additional functionality. If you are able to accomplish your tasks with the current tools, no changes are necessary. Here are some of the changes coming in the updated tool:
Ensuring that single instance items created after the date on which the operating system time zone updates were applied are not rebased
Rebasing calendar items and suppressing calendar updates
Rebasing resource mailboxes
Rebasing calendars items stored in public folders
Reporting the changes made by the Outlook Time Zone Data Update tool
26. MSIT Guidance:
The following documentation was published recently after Microsoft’s IT department presented their DST solution during an internal webcast. There will be a presentation made available on Friday. It may be a few days before that webcast is made available on-demand but in the meantime, below are the main documents.
Microsoft IT GuidanceMSIT DST Assessment Checklist
MSIT DST Enterprise Response Plan
MSIT DST Patching Overview
MSIT DST Exchange TZ Update Tool Guidance
MSIT DST Outlook TZ Update Package Guidance
27. the DST update for exchange KB926666 denied you the appropriate permissions through these protected groups under adminSDholder object. Might want to check out Method #2 in the URL below…
http://support.microsoft.com/kb/817433
For domain admins – or any other protected group - the easiest way is assigning the rights through the “adminsdholder” as listed in this article (method #2).
http://support.microsoft.com/kb/817433
28. You also cannot install on a system with Exchange System Manager installed. Also, you need an account with Full Access and Send As permissions to all mailboxes. THere is a script on that page you would use, and that DOES need to to be run from the Exchange server.
After you have made your input file containing users and time zones to update I used the tool to update Exchange. Also, when using the tool, you need to point to the tzmove.exe under the 'c:\program Files\Microsoft Office\Office12\Office Outlook Time Zone Data Update Tool\tzmove.exe'. After all of that I still have some recurring appointments during the Time Zone change that are not correct.
29. Make sure you have the Outlook tool installed on the machine you are running the exchange tool on. Also, I had to move the MSExTmz folder off the root of the C: drive
Karen, I was having a challenging time with the Exchange tool, so I ran the msextmzcfg.exe file instead and it worked here.
The Exchange tool cannot be run WITH Exchange. You must install it with Outlook and run it on a server or workstation without Exchange installed on it. (no ESM)
30. To run either exchange tool, you need to install the Outlook admin tool, and you also need Outlook on the machine you run it from.
'Exchange tool' from the Exchange server to reset all future appointments affected by DST to the correct future time.
http://support.microsoft.com/kb/930879/en-us
31. Addendum on 2/23
Checkout http://support.microsoft.com/kb/930879/en-us
There is a note that the 926666 update should not be applied before rebasing, or OWA created recurring appointments may be incorrect.
There are other key items to note in the article (some new). The tool now runs about twice as fast.
32. Mar 21 Paul from Pauldotcom.com security expert FireWall Hacking
April 18 Steve Carbone Microsoft software virtualization
May 16 Susan Young on Wireshark packet sniffing networks
June 20 Lee Benjamin Exchange 2007
33. Members asking Members Mutual Support
34. Dirk Smith
www.alexanderlan.com
System Management / Recovery / Diagnostics