Thursday, November 22, 2012

Group Policy Error Events 1085 & 8194

In my case few client XP machines were having problems with applying group policy settings. Following events were logged in Application event log from Source Userenv and Event ID 1085:

The Group Policy client-side extension Group Policy Local Users and Groups failed to execute. Please look for any errors reported earlier by that extension.
 
Earlier events related with applying group policy client side extension from Source Group Policy Local Users and Groups and Event ID 8194 were:

The client-side extension could not remove computer policy settings for 'GPO name and ID' because it failed with error code '0x8007000d The data is invalid.' See trace file for more details.
Easiest way to fix this behavior is to delete client's group policy cache. Because the client is XP, delete all folders from %ALLUSERSPROFILE%\Application Data\Microsoft\Group Policy\History and run gpupdate /force to refresh policy settings. Error events from Application log regarding event ids 1085 & 8194 should be solved.

Thursday, November 8, 2012

Extracting .key and .crt from .pfx

In order to create .crt and .key from .pfx you can use OpenSSL, which can be downloaded from http://www.openssl.org/related/binaries.html .

Syntax for extracting the private key part is :
openssl.exe pkcs12 -in "Pathtofile\file.pfx" -nocerts -nodes -out "Pathtofile\server.key"
Syntax for extracting the certificate part is :
openssl.exe pkcs12 -in "Pathtofile\file.pfx" -clcerts -nokeys -out "Pathtofile\server.crt"
 
This procedure can be usefully when creating two part certificate files from .pfx for assigning SSL certificate for Lotus Protector for Mail Security (previously known as Proventia Mail Filter) .

Tuesday, November 6, 2012

AD RMS client problems

In this article I will present (from my experience) the most common errors for ad rms client and xp for operating system with SP3.
First one that user can experience is when Microsoft Office will return the following error message:
One or more of your system components has been tampered with or is unsigned and Information Rights Management is unable to function. Contact a system administrator for more information.
 
IRMCheck.exe will report the following error:


Reinstalling the adrms client resolved the error message successfully, because there was a problem with RMS client dll.

Second type of error message with adrms client is:

Microsoft Office has detected problem with your Information Rights Management configuration. Contact your administrator for more information.
 
IRMCheck.exe will report the following error:


I tried to copy the dll from another location (where the rms client is working), but without success the user was receiving same error message. I ran sfc.exe (system file check), also without success (same error message). After repairing the OS, the problem has been solved successfully.

Monday, November 5, 2012

Install SSL certificate on Lotus Protector for Mail Security

Installing SSL certificate on Lotus Protector for Mail Security (previously known as Proventia Mail Filter) is based on copying the obtained certificate files server.crt and server.key in two new folders, for example: /etc/apache2/ssl.crt.new/server.crt and /etc/apache2/ssl.key.new/server.key.
Edit the file /etc/apache2/vhosts.d/mailsec_vhosts.conf, and find and replace the old location of the certificate files with new one.

More detailed steps are published on http://www-01.ibm.com/support/docview.wss?uid=swg21437206 .

More details on how to create .crt and .key files from .pfx check my article http://vstepic.blogspot.com/2012/11/extracting-key-and-crt-from-pfx.html .

Lotus Protector for Mail Security not responding

You may experience problems with Lotus Protector for Mail Security (previously known as Proventia Mail Filter), if you're updating the product automatically. There was corrupted update file that was preventing the Lotus Protector Mail Security from working properly.
According to IBM, the update file has been removed from circulation. There is publicly available article how to delete this update file, if Lotus Protector for Mail Security is not working as should on http://www-01.ibm.com/support/docview.wss?uid=swg21615980 .