Viewing Category: Windows  [clear category selection]

JRun failed to start because its side-by-side configuration is incorrect

After a Windows Update to a Windows Server 2008 64-bit R2 machine a couple months ago, a few services stopped working properly. Specifically, the JRun service launcher (%JRUN_HOME%\bin\jrunsvc.exe) and the version of Apache Solr packaged with ColdFusion 9. The specific error follows:

D:\JRun4\bin>jrun -config myjvm.config -start myinstance The application has failed to start because its side-by-side configuration is incorrect. Please see the application event log or use the command-line sxstrace.exe tool for more detail.

I did some experimenting to day and found that uninstalling/reinstalling the Microsoft Visual C++ 2008 Redistributable (download) solved the problem. I'm not sure if this issue exists with the 32-bit versions of Windows, but I suspect not.

Error 0xD0000022

I encountered an issue launching Microsoft Internet Explorer 7 from Multi-Browser Viewer. Specifically, C:\Documents and Settings\All Users\Application Data\Multi-Browser Viewer\MBV_IE7.exe displayed an error message in a Spoon Studio: The app has encountered an error: (0xD0000022). I tried deleting the Spoon package and downloading another copy. No luck.

Curious about the error, I did some searching to see if it was something really common with a simple solution. When searching for 0xD0000022 on Google, an advertisement for a site called wiki-errors.com is included in the search results.

It seems very fishy that a wiki would buy advertising, but let's see what's on the page.

Wow, that is completely useless information. Their solution is to download a file named ErrorRepair_file.exe. Intrigued, I download the file (from Google Chrome on Mac OS X, so as not to infect myself). I opened it in a hex editor to see what sort of content was inside; it's an installer made with Nullsoft Scriptable Install System. Using 7-Zip, I extracted the contents of the installer package. There are just a few files inside:

ErrorEND.exe : 87fa2fa6046246e884949d3237104318 ErrorENDDll.dll : d71cc2c548584101cf0e9076634e2247 ErrorENDUpdater.exe : e15ae3e8bf9b2668822861f58b9bf0ea

I did a search for the main executable's MD5 hash and found a page on VirSCAN.org. So, apparently, somebody else was suspicious of this file. The scanner results indicate that no malware was found. Um, okay. At this point, I'm just going to delete everything and continue attempting to solve the problem launching MSIE 7.

Update:
I opened SysInternals Process Explorer to see what file handles the MBV_IE7.exe executable had open at the moment it displayed the error message. It turns out that the Spoon packages (on Windows XP) are placed in C:\Documents and Settings\All Users\Application Data\Multi-Browser Viewer. However, the sandboxes are stored separately per user in C:\Documents and Settings\%USERNAME%\Local Settings\Application Data\Multi-Browser Viewer\Sandbox. By deleting the sandbox, it will be recreated on startup of the MSIE 7 package, and the error is prevented. Unfortunately, the error returns if changes are made to the internet settings and the browser is restarted. :::sigh:::

Querying IIS Log Files

Of course, I could compose a awk script, or a series of regular expressions, to locate information contained in IIS access logs. However, there's a handy tool that makes querying a batch of logs simple. It's something Microsoft released several years ago called Log Parser. The download is an MSI package that installs a command line executable and supporting files. The program uses an SQL-like syntax for locating data contained in log files of various formats. Even better, there's an application written by James Skemp called Log Parser Plus that provides a clean GUI for constructing the query statement.

For example, say I've copied several log files from the web server to a temp directory, and I want to find all the accesses to /login from the 10.0.0.0/24 network. Plugging the criteria into the user interface creates a query like so:

SELECT date, time, c-ip, cs-method, cs(User-Agent) FROM 'D:\temp\logs\ex100926.log' WHERE c-ip LIKE '10.0.0.%' AND cs-uri-stem = '/login'

Clicking the perform query button shows the results in a datagrid.

In this example, I've selected just one log file, but I could have run the query over all the files in the directory.

Preventing SCCS Data Leaks

Many people, right or wrong, deploy CFML applications to the web server by performing a checkout a source code control system, such as Subversion or Git. This has the effect of placing repository information in directories with the rest of the files; ${APPROOT}/**/.svn and ${APPROOT}/.git, for example. It's possible that this repository information (containing the code in plain-text and configuration files) will be exposed by the web server. That would be bad.

Whether the repository data is visible to an HTTP client depends on several factors: the OS, the web server and configuration, the directory and file permissions and OS- and filesystem-specific attributes. Probably the two most common environments are Windows with IIS and Linux with Apache. In the first case, IIS by default is configured to hide files and directories with the NTFS hidden attribute. Since both Subversion and Git create their repository directories with this flag enabled, the default scenario on Windows/IIS is safe. However, the same is not true for Linux/Apache (or Apache on Windows, for that matter).

Apache has always shipped, to the best of my knowledge, with a server-wide directive to prevent disclosing .htaccess and .htpasswd files:

<FilesMatch "^\.ht"> Order allow,deny Deny from all Satisfy All </FilesMatch>

It's not enough, I'm afraid, to remove the "ht" from the regex. To properly secure the SCCS artifacts, I like to use the trusty mod_rewrite module:

RewriteRule /(\.svn|\.git)/.* - [L,F]

And while I'm on the topic of using mod_rewrite to secure an application, here are some rules I use to prevent any similar shenanigans:

RewriteRule ^/app/(config|filters|listeners|plugins|properties|views)/.* - [L,F] RewriteRule ^/(MachII|MachIIDashboard|coldspring|transfer|cfpayment)/.* - [L,F] RewriteRule ^/(db|gen|model|taglib)/.* - [L,F]

Please feel free to comment. Oh wait, I'm lame and haven't enable comments on this blog. I suppose you could send them to @jlamoree instead.

Windows TCP Stale Sockets

Last week I wrote a Perl script called listening.pl that displays the executable filename of every process listening for, or with active, TCP connections. It turns out that when a process has been terminated, there can be a bit of time before the socket is cleaned up. In this situation, netstat will show that that process number zero created the socket. Doing a lookup on PID 0 returned unexpected data. I just checked in a version of the script that correctly handles stale sockets.

Console Apps for Windows

Many years ago, I used a terminal application on Windows (I believe it was Windows NT 4.0) called SecureCRT. That worked very well to connect to all my FreeBSD/Linux/Sun boxes over SSH. I've used PuTTY before too, and it's a fine application. However, neither of these provide a good command line environment (shell) on the local machine; I still used C:\WINNT\system32\cmd.exe. I had forgotten until just a moment ago (when @stevenerat asked about it, and @carehart replied), but there is a property called "Quick Edit Mode" that will change the behavior of selecting text in the console window. That's good, but there are two way better fixes that can be applied to Windows for people that love the command line.

First, do yourself a favor and install Cygwin if you haven't already.

Console2 - This open source project provides a very clean wrapper for the standard Windows shell, or the Cygwin version of Bash. It support tabbed windows with a mixture of different configuration settings. Its default for selecting and copying text from the console is left-shift and left-mouse click and drag; pressing enter copies to the clipboard. It's very lightweight and only requires dropping a single directory to the system. There is no installer to run. The current version is only a few months old. Download the binary distribution from SourceForge: Console2

Ponderosa - This is also an open source project, however it doesn't seem that any work has been done since 2006. Still, it functions well and has lots of configuration options. The default copy/paste keystrokes are ALT + C/V, which will feel more familiar to Mac users. It's based on .NET 2.0, which may or may not be appealing you. It supports plugins, although I haven't looked to see what is available. The English version of their website is en.ponderosa.org.

Listening Programs in Windows

While trying to get the line debugger in ColdFusion Builder to work with an installation of ColdFusion 9, I wanted to verify which processes were listening for TCP connections on my Windows XP workstation. I started by using the netstat utility in C:\WINDOWS\system32\ to show the IP and port of each connected endpoint, and the local process identifier. This is useful, but somewhat cumbersome to translate into recognizable application names. Here's a sample of its output:

Proto Local Address Foreign Address State PID TCP 0.0.0.0:80 0.0.0.0:0 LISTENING 3772 TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 1988 TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4 TCP 127.0.0.1:1117 127.0.0.1:4331 ESTABLISHED 3980 TCP 127.0.0.1:1130 0.0.0.0:0 LISTENING 1264 TCP 127.0.0.1:1208 127.0.0.1:20345 ESTABLISHED 640 TCP 127.0.0.1:1217 127.0.0.1:20345 ESTABLISHED 3000 TCP 127.0.0.1:4331 0.0.0.0:0 LISTENING 504

Using the process utility from Cygwin, it's possible to list all of the running processes. It has some quirks when showing Windows information, but it works. Here's a sample of that information:

PID TTY STIME COMMAND 4 ? Apr 22 *** unknown *** 1412 ? 09:03:14 \SystemRoot\System32\smss.exe 1528 ? 09:03:17 \??\C:\WINDOWS\system32\csrss.exe 1552 ? 09:03:22 \??\C:\WINDOWS\system32\winlogon.exe 1600 ? 09:03:24 C:\WINDOWS\system32\services.exe 1612 ? 09:03:24 C:\WINDOWS\system32\lsass.exe 1812 ? 09:03:25 C:\WINDOWS\system32\nvsvc32.exe 1152 ? 09:03:28 C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe 1908 ? 09:03:32 C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe 752 ? 09:03:33 C:\WINDOWS\system32\spoolsv.exe 1860 ? 09:03:42 C:\WINDOWS\system32\svchost.exe 1320 ? 09:03:43 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

I needed to merge the two sources of information together. I started in the shell by chaining a few tools together, but it became awkward and inefficient. I switched to Perl, and hacked together a script that produces output like this:

Connections: 25 3772: 0.0.0.0:80 0.0.0.0:0 C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe 1988: 0.0.0.0:135 0.0.0.0:0 C:\WINDOWS\system32\svchost.exe 4: 0.0.0.0:445 0.0.0.0:0 Windows System Process 3748: 10.0.1.169:1402 74.125.19.147:80 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe 3464: 10.0.1.169:1520 204.2.160.49:80 c:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe 3316: 10.0.1.169:1538 10.0.1.2:1025 C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE 652: 10.0.1.169:1828 205.188.1.113:5190 C:\Program Files\Pidgin\pidgin.exe

Don't overlook how beautifully the IP and port are aligned. :) The source is available in my Subversion repository as listening.pl.

Microsoft Update and Windows Update fail

In the virtual machine running Windows XP on my Mac Pro, the update mechanism stopped working after performing the Windows XP SP3 install. I tried all sorts of things to get it working again. Finally, I hit a solution in Microsoft KB #943144. Registering the DLL manually did the trick. Now I can test sites with MSIE 7.x. I doubt my blog will be picked up by search engines to help anybody else, but it's worth a shot.