Cisco 2960s, HULC LED process and Fast Flashing LEDs

If you are reading this hoping for a solution, I don't have one at this time. Just documenting the things we've tried in case someone has some suggestions or is running into the same issues we are.

We are currently in the process of trying to resolve this issue with Cisco. They appear to have a Cisco TAC case (CSCtg86211) on the high CPU usage, but it doesn't mention the activity lights on the switches fast flashing on all connected ports.  We also tried upgrading the IOS with no success. 

Problem (listed together because I think they are related): 

High CPU usage on the switch by "Hulc LED Process"

Fast blinking lights on the ports, in unison, as though there are constant broadcasts

We have two stacks of four Cisco 2960S switches. One stack is running 12.2(58)SE2, the other 12.2(55)SE3. Both stacks sit at around 20% HULC LED CPU usage and exhibit the odd uniform LED flashing as though there is a constant stream of broadcasts. Packet captures don't show nearly the amount of broadcast activity that the lights make it appear to have.

Here is the short version of the tests we did further down in the post:

We booted up the stack with all switches disconnected from each other (each switch is independent), all servers are plugged in and all workstations are plugged in. The traffic looks normal until you either introduce the firewall connection (which starts the issue on the switch you connect it to) or if you uplink the switches then the issue presents itself. 

Unplugging uplinks (stacking cables, uplink ports, firewalls) does not affect the blink speed of the ports still connected. The issue remains until you reboot the switch. After reboot, it starts right after you re-introduce some sort of uplink to the switch.

I'm by no means a Cisco expert, but the fact that the lights behave normally until you introduce some form of uplink makes me think the issue is related to a spanning tree type function that goes into some sort of loop or is just buggy. It would makes sense that the reason the flashing light activity doesn't go back to normal when you remove the uplink is because once the issue gets triggered by the uplink, it just goes into a loop. 

Here is some testing we did on the odd flashing lights/LED issue (not looking at CPU usage):

Change: Updated one of the stacks from 12.2(55) to 12.2(58). (rebooted)

Result: We can't tell for sure, but we think the lights are blinking faster than the stack running the older IOS. Flashing is still uniform.

Change: Removed all stacking cables from switch stack while it was exhibiting behavior, no reboot.

Result: All connected port lights still flashing at the exact same speed/frequency/uniformity, even though now there was nothing linking the switches together. 

Change: Unplugged almost all devices from a single switch while it was exhibiting behavior, no reboot.

Result: All connected port lights still flashing at the same exact speed/frequency/uniformity.

Change 1a: Rebooted single switch, nothing plugged in but one computer.

Result: Normal LED/light behavior

Change 1b: Rebooted single switch, two computers plugged in.

Result: Normal LED/light behavior

Change 1c: Plugged in a firewall to the above switch with only two other computers connected

Result: Fast flashing LED/light behavior

Change 1d: Unplugged firewall from switch (so it's only the original two computers plugged in.

Result: Still fast flashing LED/light behavior

Change: Connected another 2960S switch through regular RJ45 uplink to a freshly booted 2960S switch with two computers plugged (and LEDs behaving normally).

Result: Fast flashing LED/light behavior. Like the above scenario, the problem doesn't go away when you unplug the connection that triggered the fast flashing.

Windows 7.5 Mango and Gmail, "Attention Required" error

I just ran into this while trying to add my dads Gmail account to his new Nokia 900 Windows 7.5 phone. Spent ten minutes thinking I was using the wrong password. It turns out that Gmail implements some sort of Captcha on their authentication (probably only happens when you add your Gmail account to new device/phone). You won't see this when logging in through a browser, and nothing really tells you why authentication failed. Either way you must disabled it when adding the Gmail account to your new phone.

To do this go to this link (in a browser) and sign in with your account :
https://www.google.com/accounts/DisplayUnlockCaptcha

I'm not 100% on this, but I believe it temporarily disabled the Captcha requirement and let's the device/phone authenticate. I'm assuming once the account is added to the device/phone the Captcha is no longer required.

I still haven't figured out why one of my dads Gmail accounts actually had this authentication protection, but the other didn't.

To give credit, I found this information on this guys blog:
http://jonathanmumm.com/tech-it/fix-windows-7-phone-gmail-attention-required-error/

Thanks Jonathan Mumm, you saved me a few gray hairs.

Experian FreeCreditReport.com/ConsumerInfo.com Fraudulent Credit Card Charge for unknown purpose

I posted this on RipOffReport.com until I realized I actually have a blog :)

Noticed a charge on my American Express (AMEX) for $19.95 on a Sunday (4/29/12). Looked at the info:

EXPERIAN *CREDITR 877-297-7790

Charge: $19.95

Doing Business As:
CONSUMERINFOCOM

Merchant Address:
535 ANTON BLVD #100
COSTA MESA, CA 92626

I thought that was odd, since I've never been to the website and don't do any business with Experian. Also, I'm one of those people that is fairly aware when there is a sneaky checkbox that will sign you up to an offer, or those "free" gifts that automatically roll over into a monthly charge later.

Reason I'm creating this report is because I've noticed a lot of people complaining about the same thing online, and a large uptick in complaints in the last few months (especially as of may 1st):

http://danbeahm.blogspot.com/2012/02/fraud-alert-experian-charging-peoples.html
http://complaintwire.org/complaint/EpUBAAAAAAA/mni-credit-report-monitoring
http://complaintwire.org/complaint/oCWHgTlFZAU/experian-credit-report

Not sure if my card was compromised, or Experian was compromised and already had my card from some other transaction. Regardless, something really screwed up is at hand, and I'm surprised it's still happening.

Update: Just got home and received a letter from American Express stating that my account was one of many account compromised due to a data breach from a payment service provider. I'm assuming this is related to the Global Payments data breach from last month and that's how they got my credit card number. From the information I've been reading, scammers are using these stolen credit card numbers to run credit reports on other people (to get more information for future identity theft).

Link to one of the articles about this

One thing that's kind of bugging me though is that it shows only 1.5 million cards compromised, and the letter from American Express only came today. Maybe there was another data breach since then that I haven't read about?

Windows Backup, fixing error code 0x81000037

Had this problem, figured I might as well make a quick post about it.

It appears the Microsoft Security Essentials (and probably any other realtime AV program) causes the backup to fail because it sees the backup access a file it considers a virus. The end result is that interruption causes the backup to fail with that error message (which isn't really that much information).

The simple fix is to do have MSE do full scan on your hard drives, which will pick up the file(s) that causes the interruption problem. Remove it and your backup should work fine.

The error code 0x81000037 is probably a generic access failure error, and if it's not antivirus it's probably something else interfering with the backup programs access to a file. If your problem isn't with anti virus programs getting in the way, and you still get the error, look for any other programs you have running that are always on and actively scanning your file system ( such as dropbox, other backup programs, sync tools).

Giving credit where it's due, this guys page explains it better and gives you screenshots:

http://www.pagestart.com/win7br0x8100003701.html

SCVMM 2008 R2, P2V conversion of Windows 2000 sp4 server fails, Error 3148

I created this post on microsoft.com as a question. Just noticed that someone actually found it helpful so I figured I would add it to the blog:

---

Details:
I'm attempting to convert a Windows 2000 sp4 server to a virtual machine. The machine is a Dell 2650 with a Perc3/DC raid card and Broadcom NIC.

Error:
Error (3148)
The volume \\?\Volume{4e9c7c6e-8941-11d8-be90-806d6172696f}\ selected for physical-to-virtual imaging is not accessible from Windows PE. This is usually caused by missing or incorrect storage drivers. server.domain.local may now need to be manually restarted into the original operating system using the boot menu. 
Recommended Action
Exclude this volume from conversion. Or, if you are performing offline physical-to-virtual conversions, create a new folder under C:\Program Files\Microsoft System Center Virtual Machine Manager 2008 R2\Driver Import on the VMM computer and then copy all of the storage or networks drivers to the new folder.

Description of problem:
Going through SCVMM 2008 R2 console, I click 'Convert Physical Server' under 'Actions' and go through the wizard. I have googled around and figured out that this error is the result of the RAID storage drivers missing in the Windows PE environment, so the conversion agent is unable to read the hard disk and do the conversion. According to (http://technet.microsoft.com/en-us/library/bb963740.aspx) Technet article, I'm supposed to see a checkbox in the 'Convert Physical Server' wizard that gives me the option to "Use storage and network drivers from the following location." Unfortunately, the wizard appears to think that it doesn't need anything additional to do the conversion and never gives me that option. I also tried to copy the drivers to the "Driver Import" folder with no success

Questions:
- Why doesn't it ask me to "Use storage and network drivers from the following location"?

- Is there a way to force the conversion wizard to ask me to supply drivers?

- How does copying drivers to C:\Program Files\Microsoft System Center Virtual Machine Manager 2008 R2\Driver Import on the SCVMM machine translate into them appearing in the WinPE environment on the conversion target machine? Does it take everything in that folder and copy it to the WinPE image it loads and is there any way to confirm this action is happening?

- Using the -DriverPath parameter in New-P2V: Is it possible to put in a network drive? Since the local drives are RAID based, without the storage drivers it won't be able to read the path if I just put it on the local drive of the conversion machine. (If I was onsite, I could probably use a USB stick)
I'm hoping there is an easy way to get the conversion wizard to just ask me for the drivers, but if worst comes to worst, I will try to go about it manually

Solution:
The error was misleading a bit: it wasn't having trouble reading my RAID hard disk volumes, and the drivers were loading correctly. I checked the scvmm_winpe_setupapi.log file on the target machines boot drive and it showed that SCVMM agent already located and copied my NIC/RAID drivers.


I solved the problem by unchecking the dell boot volume (that has the dell test/repair tools that you can execute through the bios boot) in the p2v conversion wizard when setting up the job. I updated my RAID drivers on the Target machine as the same time to the latest windows 2000 drivers, which are still old, but I don't think that did anything.  Probably no one was as dumb as me to leave the dell boot volume checked, but just incase, maybe this post will help someone.

Android Apps: Sky Warrior type scam?

For the first time in a while I decided to download a new free game to kill some time.

I'm aware of recent issues with malware masking itself as free games but figured I would be safe going to the "Top Free Games" section of the Android Marketplace. There it was, #31, a top down shooter named "Sky Warrior", 1 million + downloads, and 4.5 stars from 50,000+ users.

If you look over what it wants access to when installing, you can already see warning signs. The app wants access to directly call numbers, Read/Write your browser history/bookmarks, and..well, basically everything.

The app, after installation, forces you to rate it five stars to play it, installs icons on the desktop that link to partner websites,  and spams notifications for random crap.

My question is: how the hell is this app able to get to #31 on the Android Marketplace without being reported enough for these malware type practices?

I can see how they figured out how the manipulated the rating system by forcing users to rate it 5 stars before letting the game be played. What I'm having a hard time understanding though, is why Google hasn't figured out some way to cut down on this type of practice.

Unless the top free games are full of these type of apps, I wonder what the chances are that the first game I download off that list in six months is this bad. 


Full disclosure: I never rated it five stars, so I have no idea if the game even exists beyond the malware, or if it's any good. Also, as stated above, it's the first thing I've done on the games marketplace in six months, and I have done very little research beyond this experience. Feel free to set me straight!

Microsoft BPOS Technical support is awful

If you call BPOS technical support for anything but a password reset, be prepared. With a few exceptions, the person you are talking to has had less technical experience than India call centers that are following a script and telling you to reset your computer.

After at least 100+ phone calls over the past six months, I've learned a few things that will hopefully be helpful to others:

1. If you get a hold of someone that has helpful quickly and effectivly, get their names. Next time you call in for another issue, ask if they are available or can call you back. The call center reps have a chat client (probably communicator) that they can lookup and chat with other employees.

2. The older your ticket gets, surprisingly, the less attention it appears to receive. You would figure that the ticket would show up as a higher priority on their system, but it doesn't appear to be the case.

3. If a ticket you create ends up getting pushed to "operations", don't relax. Usually the ticket will get kicked back with little or no information. You will end up getting a call from a different representative than you originally worked with, and he/she will know little to nothing about your issue. If the issue isn't resolved, make sure to ask to be put back in touch with the original representative that you opened the ticket with (see #1). Otherwise you are more than likely going to waste an hour repeating everything that has happened with the ticket, and the new representative will probably repeat any mistakes already made that the original rep would have at least skipped past.