Friday, May 31, 2013

Accessing RSA SecurID's Security Console

Since we migrates the existing appliances to RSA SecurID Appliances 3.0, we have been accessing the Security Console via https://<ipaddress>:7004/console-ims. After logging on to the Security Console, we will be shown with the error message:

The server encountered an unexpected condition which prevented it from fulfilling the request.


The error will disappear after clicking on other tabs. The URL link will be redirected to FQDN after that (i.e. https://<FQDN>:7004/console-ims) and everything is back to normal.

This was escalated to RSA Support. We were informed that:

1. Neither IP address nor short-name is supported for Security Console’s access.

2. IP address is supported for Operations Console’s access though.

We tried accessing the Security Console via https://<FQDN>:7004/console-ims and the error message does not appear anymore.


No comments:
Labels:

Wednesday, May 22, 2013

Disable Administration Shares & Auto-Generation of 8.3 Filenames for Servers

When hardening a server, both the Administrative Shares and Auto Generation of 8.3 Filenames are usually disabled.

To disable Administrative Shares for Windows servers:

1.     Open Registry Editor (Start > Run > regedit).

2.     Navigate to
               HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\AutoShareServer.
              
               AutoShareServer must be set as type REG_DWORD

3.     On the Edit menu, click Modify.  In the Value data box, type 0 and then click OK.

4.     Exit Registry Editor.

5.     Stop and then start the Server service by issuing the below commands at the command prompt:
               Net stop server
               Net start server

The abovementioned steps will remove the administrative shares and prevent them from being automatically created in Windows.

To disable Auto Generation of 8.3 Filenames for Windows servers:

1.     Open Registry Editor (Start > Run > regedit).

2.     Navigate to
               HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem\NTFSDisable8dot3NameCreation.

3.     On the Edit menu, click DWORD.  In the Value data box, type 1 and then click OK.
              
               0 - Enable 8dot3 name creation on all volumes on the system
               1 - Disable 8dot3 name creation on all volumes on the system
               2 - Set 8dot3 name creation on a per volume basis
               3 - Disable 8dot3 name creation on all volumes except the system volume

4.     Exit Registry Editor.

5.     Reboot the server.
No comments:
Labels: ,

Monday, May 20, 2013

Creating, Updating And Listing of Operations Console Administrator Accounts

By default, RSA SecurID has only 1 Operations Console Administrator account (i.e. rsaadmin) created. At times, there may be a need to have an additional Operations Console Administrator if there is a secondary RSA SecurID administrator or even third one.

In order to create the additional Operations Console Administrators, we will have to carry out the following steps via Putty (An open source telnet and SSH Client for the Windows and Unix platforms):

1. Login using the account emcsrv and key in the password when prompted.

2. Change to root and key in the password when prompted:

-bash-3.00$ sudo su

3. Change to rsaadmin:

[root@Primary/ ]# su rsaadmin

4. Navigate to the directory where the superadmin restoration utility resides to create the temporary superadmin account:

bash-3.00$ cd /usr/local/RSASecurity/RSAAuthenticationManager/utils

bash-3.00$ ./rsautil manage-oc-administrator –a create

[create] – create Operations Console Administrator account

Super Administrator’s name: rsaadmin

Enter Super Administrator’s Password: **********

Enter User Name: OCAdmin1

Enter User Password: **********

Confirm User Password: **********

User ‘OCAdmin1’ created successfully.

5. To change the password for the Operations Console Administrator created.

bash-3.00$ ./rsautil manage-oc-administrator –a update

[update] – change Operations Console Administrator account password

Enter User Name: OCAdmin1

Enter User Password: **********

Confirm User Password: **********

User ‘OCAdmin1’ updated successfully.

6. To list out all Operations Console Administrators.

bash-3.00$ ./rsautil manage-oc-administrator –a list

[list] – provide the list of items to be selling

Super Administrator’s name: rsaadmin

Enter Super Administrator’s Password: **********

Userlisting (./etc/systemfields.properties)

..

3) OcAdmin1                           Groups: Operations Console - Administrator

4) OcAdmin2                           Groups: Operations Console – Administrator    

..

8) rsaadmin                            Groups: Operations Console – Administrator

 
No comments:
Labels:

Sunday, May 19, 2013

SMSMSE Cluster Resource Failed

I have 3 Exchange Servers 2003 running on 2 Active and 1 Passive configurations. When I failed over all the cluster resources from an Active node to the Passive node, the SMSMSE cluster resource fails. All the cluster resources will failed over back to the original Active node.

A check on the Exchange Server and found the following events entries in the Windows System Event log:

Event ID 1069 - Cluster resource 'SMSMSE ' in Resource Group 'EVS2' failed.

Event ID 10016 - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {3AE2B8E5-7555-4E0E-B56C-A804C743D1CB} to the user KANDTI\ClusterAdmin SID (S-1-5-21-3050210616-160733423-812606249-1103). This security permission can be modified using the Component Services administrative tool.

The following events entries also appear in the Windows Application Event log:

Event ID 371 - Failed to save settings to the shared storage location (G:\SMSMSE\SHARED).

Event ID 370 - Failed to retrieve settings from the shared storage location (G:\SMSMSE\SHARED).

The following steps were carried out to resolve the problem:

1. On the Domain Controller, click Start > Programs > Administrative Tools > Active Directory Users and Computers.

2. Open Users.

3. Right-click SMSMSE Admins.

4. Click Properties.

5. On the Members tab, add the Cluster Service account ClusterAdmin.

6. On the Windows taskbar, click Start > Programs > Administrative Tools > Cluster Administrator.

7. Right-click one of the nodes and click Stop Cluster Service.

8. When the cluster service stops, start it on the same node.

9. Repeat steps 6 - 8 for each cluster node.

It was later found out that my colleague who is the secondary Exchange Servers administrator removed the ClusterAdmin account from the SMSMSE Admins group as he was questioned by the auditor.
No comments:
Labels: ,
Subscribe to: Posts (Atom)