Windows 8 – Restore, Reset, Recover

Microsoft changed many features with Windows 8, one of those many features is how a Restore, Reset and Recovery are done. I personally am very happy with the new feature in Windows 8. To use any of the methods; Restore, Reset, Recover you must first ensure you’ve created a backup DVD or USB image.

When Resetting your PC Microsoft now provides you with the option to reset the Windows Drive (AKA the OS Drive) or All Drives.

Multi-Drive

This is an extremely useful option because many intermediate to advanced users may run their Windows on one drive and store data on secondary drives (other physical drives). By storing data on separate drives a user can Reset or Recover Windows without losing data.

Moving along, another great feature when Resetting your Windows 8 PC is that Microsoft now provides the option to “Fully clean the drive” (erases all data) or “Just remove my files” (erases your data however in some cases can still be recovered).

File Removal Options

I like this feature because it comes in handy when someone may be selling or giving away a computer. “Fully clean the drive” means that Microsoft will apply a more thorough hard drive wipe (format), some call it a low level format. This makes it more difficult for people to recover data from a hard drive. Ultimately protecting the end-user should someone attempt to recovery data.

The full clean option also helps in situations where your computer may be experiencing problems. In rare occasions I have had to format (Fully clean the drive) the hard drive to re-install Windows, again this is very rare as sometimes a quick format doesn’t put the drive into a state in which Windows will install.

Fixing Windows Error code 13EC (Windows Update KB2901983)

The other day I built a Virtual Machine to test errors I experienced in Outlook 2010. I applied the latest Windows Updates to the Virtual Machine however when I was prompted to update .NET 4.5.2 (KB2901983) I received the error code 13EC.

To resolve the Windows Update error code 13EC for KB2901983 I had to expand the virtual drive. My Virtual Machine had roughly 2 GB free prior to applying the update so I expanded the virtual disk by 5 GB and the update applied successfully.

If you have a physical machine then the issue is likely your C drive (operating system drive) is either full or to small.

Microsoft answers.microsoft.com has a related post: click here.

Parallels Plesk Postfix Mail Queue Spam Issue

Over the weekend I noticed that SMTP traffic on one of the domains I host was sending an abnormal amount of SMTP traffic. In Parallels Plesk the Postfix Mail Queue showed upwards of 65,000 emails stuck in the queue. This was especially alarming because the domain does not have any email accounts. Based on the domain traffic activity report within Plesk it was clear that the emails were coming from domain.com.

I spent some time searching the internet and found a few very valuable pieces of information:

I should also mention that Plesk 12 has a new feature which allows you to set limits on outgoing mail flow. The first step I took was to restrict mail flow for domain.com. You can control mail flow at the following levels from within the Plesk Control Panel; Default per Mailbox, Default per Domain, Default per Subscription.

Here are the steps I took to resolve the Postfix Spam problem:

Step 1) I set the outgoing mail flow to 0 for the domain in question. I then ran some of the built in Plesk tools such as Watchdog security scan. Watchdog threw a couple of warnings but there weren’t any issues other than normal alerts (SSH enabled, root access, etc.).

Step 2) In PHP 5.3.0. developers created a brilliant way to track emails sent via PHP scripts. In order to use this new feature you have to create a log file for PHP to write to:

  • Create log file
    touch /var/log/php-mail.log
    
  • Change permissions of log file
    chmod 777 /var/log/php-mail.log
    

Step 3) Once you create the log file and change the permissions for PHP you need to log into Parallels Plesk and modify the PHP settings: (specific to the domain in question)

  • Modify PHP settings for suspect domain
    • Added the following entries
      add_x_header = On
      mail.log = /var/log/phpmail.log
      

Parallels Plesk PHP parameters (domain specific)

Step 4) After a short period of time (less that a minute) the log file began to fill with data:

mail() on [/var/www/vhosts/domain.com/httpdocs/drupal_dev/modules/taxonomy/ini.php:1]: To: [email protected] -- Headers: From: "Molly Weiss" <[email protected]>  Reply-To:"Molly Weiss" <[email protected]>  X-Priority: 3 (Normal)  MIME-Version: 1.0  Content-Type: text/html; charset="iso-8859-1"  Content-Transfer-Encoding: 8bit
mail() on [/var/www/vhosts/domain.com/httpdocs/drupal_dev/modules/taxonomy/ini.php:1]: To: [email protected] -- Headers: From: "Molly Weiss" <[email protected]>  Reply-To:"Molly Weiss" <[email protected]>  X-Priority: 3 (Normal)  MIME-Version: 1.0  Content-Type: text/html; charset="iso-8859-1"  Content-Transfer-Encoding: 8bit
mail() on [/var/www/vhosts/domain.com/httpdocs/drupal_dev/modules/taxonomy/ini.php:1]: To: [email protected] -- Headers: From: "Molly Weiss" <[email protected]>  Reply-To:"Molly Weiss" <[email protected]>  X-Priority: 3 (Normal)  MIME-Version: 1.0  Content-Type: text/html; charset="iso-8859-1"  Content-Transfer-Encoding: 8bit
mail() on [/var/www/vhosts/domain.com/httpdocs/drupal_dev/modules/taxonomy/ini.php:1]: To: [email protected] -- Headers: From: "Molly Weiss" <[email protected]>  Reply-To:"Molly Weiss" <[email protected]>  X-Priority: 3 (Normal)  MIME-Version: 1.0  Content-Type: text/html; charset="iso-8859-1"  Content-Transfer-Encoding: 8bit
mail() on [/var/www/vhosts/domain.com/httpdocs/drupal_dev/modules/taxonomy/ini.php:1]: To: [email protected] -- Headers: From: "Molly Weiss" <[email protected]>  Reply-To:"Molly Weiss" <[email protected]>  X-Priority: 3 (Normal)  MIME-Version: 1.0  Content-Type: text/html; charset="iso-8859-1"  Content-Transfer-Encoding: 8bit
mail() on [/var/www/vhosts/domain.com/httpdocs/drupal_dev/modules/taxonomy/ini.php:1]: To: [email protected] -- Headers: From: "Molly Weiss" <[email protected]>  Reply-To:"Molly Weiss" <[email protected]>  X-Priority: 3 (Normal)  MIME-Version: 1.0  Content-Type: text/html; charset="iso-8859-1"  Content-Transfer-Encoding: 8bit
mail() on [/var/www/vhosts/domain.com/httpdocs/drupal_dev/modules/taxonomy/ini.php:1]: To: [email protected] -- Headers: From: "Molly Weiss" <[email protected]>  Reply-To:"Molly Weiss" <[email protected]>  X-Priority: 3 (Normal)  MIME-Version: 1.0  Content-Type: text/html; charset="iso-8859-1"  Content-Transfer-Encoding: 8bit
mail() on [/var/www/vhosts/domain.com/httpdocs/drupal_dev/modules/taxonomy/ini.php:1]: To: [email protected] -- Headers: From: "Molly Weiss" <[email protected]>  Reply-To:"Molly Weiss" <[email protected]>  X-Priority: 3 (Normal)  MIME-Version: 1.0  Content-Type: text/html; charset="iso-8859-1"  Content-Transfer-Encoding: 8bit
mail() on [/var/www/vhosts/domain.com/httpdocs/drupal_dev/modules/taxonomy/ini.php:1]: To: [email protected] -- Headers: From: "Molly Weiss" <[email protected]>  Reply-To:"Molly Weiss" <[email protected]>  X-Priority: 3 (Normal)  MIME-Version: 1.0  Content-Type: text/html; charset="iso-8859-1"  Content-Transfer-Encoding: 8bit
mail() on [/var/www/vhosts/domain.com/httpdocs/drupal_dev/modules/taxonomy/ini.php:1]: To: [email protected] -- Headers: From: "Molly Weiss" <[email protected]>  Reply-To:"Molly Weiss" <[email protected]>  X-Priority: 3 (Normal)  MIME-Version: 1.0  Content-Type: text/html; charset="iso-8859-1"  Content-Transfer-Encoding: 8bit

Based on the data I was able to identify the following file: /var/www/vhosts/domain.com/httpdocs/drupal_dev/modules/taxonomy/ini.php. This file was embedded within the suspect domains website directory. I am not totally sure how it got there but my guess is through an exploit in Drupal or an incorrect permission as I was developing a new website in Drupal.

I moved the file to a different directory, changed its permissions and downloaded it from the server for further investigation. Since the removal of this file there have been no further issues with the domain sending spam.

Due to this issue I have changed all passwords. Depending on what I find I may even look at an entire rebuild however I don’t believe it is required.

If you have had any similar issues please share or if you think missed something please let me know.

Fedora Core 21 Server running in Hyper-V Windows 8.1

Over the weekend I decided to install Fedora Core 21 Server on my Windows 8.1 home server running Hyper-V. I was able to install Fedora Core 21 Server without having to run Linux Integration Services which is very nice as network, mouse/keyboard, hard drive functions work “out-of-the-box.”

On initial installation I disabled “Secure Boot.” In most cases I find that UEFI “Secure Boot” for Linux Virtual Machines in Hyper-V does not work.

Fedora Core 21 must have built in kernel support for Hyper-V however I have not been able to find any official documentation regarding “native kernel support for Hyper-V.” Fedora Core is similar to Red Hat and Cent OS so I am assuming the development team has included  native kernel support for Hyper-V, as they do with the newer releases of Red Hat and Cent OS.

It is worth noting that Hyper-V does not report Integration Services status or an IP address via the Hyper-V management console. Based on my experience with Hyper-V only Window’s Virtual Machines are reliable when reporting status such as Integration Services, Network IP, Heartbeat, etc.

Microsoft Tech Net highlights Linux Virtual Machine Guest Operating System Support here. Note that Fedora Core is not amongst the supported guest operating systems.

I also tried installing Fedora Core 21 Workstation which did not work. The Cloud version of Fedora Core 21Cloud requires a different environment in order to be deployed (openstack).

AMD RAIDXpert Utility for Windows 8 – Rebuild RAID1

Yesterday I discovered an issue on my Dad’s RAID1 array. In order to rebuild the array I had to download the AMD RAIDXpert Utility. The AMD RAIDXpert Utility was not easy to find at least not initially. Making matters worse the bios RAID controller GUI does not currently provide a rebuild option.

My fathers desktop is a custom built workstation and uses the motherboards onboard RAID controller. The factory disk which contains the motherboard drivers did contain the AMD RAIDXpert Utility however it didn’t contain the latest and greatest version which I needed for Windows 8. Making matters worse the motherboard vendor also did not provide the latest AMD RAIDXpert Utility for Window’s 8.

Fortunately after some good old Google searches I found the following forum post How to fix missing RAID1 drive. Within the post was a link to the AMD website which provided the download for the latest and greatest AMD RAIDXpert Utility. To download the AMD RAIDXpert Utility click here.

After finally fixing the issue and reviewing the AMD Drivers Download page I see how I initially missed the AMD RAIDXpert Utility…

Step 1) Navigate to the AMD Download Drivers webpage

Step 2) Use the link for your OS on the right hand side of the “Manually Select Your Driver.”

Step 3) Now select the optional downloads tab and scroll to the bottom. Download the AMD RAIDXpert Utility

If you are unable to find the download I would highly recommend reaching out to AMD support.