Category Archives: tools

WSUS Service Crashing

We had an odd thing happen the other day at work. The WSUS console kept crashing for not apparent reason.  It worked fine up until just now.  Digging into the error message, it seemed that the WSUS console was unable to reason the WSUS service and said to check and make sure IIS & SQL we’re running.  They both were.

As it turns out, in the IIS logs,  there was an error about about IIS exceeding its Private Memory limit and crashing.  Eventually I found this blog post:

That indicated that there was a problem with WSUS application pool.  As it turned out, that app pool was in fact stopped on our server!  Starting it enabled WSUS to function for a while until it crashed again, at which point the app pool was stopped again.

Per the above article, I changed the following entry to “0”:

IIS Manager->Server->Application Pools->WSUS Pool->Advanced Actions->Recycling

And changed Private Memory Limit to 0.  A reboot later, and the application pool was able to access much more than the 1.8 GB it is allowed by default.  However…..It was still crashing.  A second option in that same blog mentioned changing the application pools to default to being 64 bit instead of the default of 32 bit.

All that was required was going IIS->Manager->WSUS Website->ISAPI Filters-> right click – edit->and change the loading order of the 32 bit vs 64 bit entries so the 64 bit option loads first.

Another reboot, and ever since then WSUS has been 100% stable.  I don’t know for certain what caused this, other than we recently added some new servers to the domain for WSUS to manage as well as a new OS for it to manage patches for.  Those two things combined to be enough to push it over the line and crash out of memory crashes.

Desktop Central Forwarding Agent

Desktop Central has the ability to manage smartphones via the standard MDM APIs. It can do much of the same things any MDM solution can offer, and if you already have it in place for employee computers you might be interested in using it for your MDM solution as well.

One of the optional components is simply called the Desktop Central Forwarding Server. You install this on a server in your DMZ, open a few ports between it and the internal Desktop Central server, a few ports between it and the Internet, and your mobile devices can be managed when not on the internal network. All without exposing your Desktop Central server to the Internet. However, there is one key step that isn’t clearly explained in the documentation.

There is a step when you install the Fowarding Server that you need to to copy over a couple encrpytion keys from Desktop Central for the installer to import. You also need to generate Apple MDM certificates from apple.com and import those into Desktop Central. The first step is so the traffic between the Forwarding Server and Desktop Central is encrypted and you don’t run into any issues with the Forwarding Server complaining about not trusting the Self Signed Certs on Desktop Central. The certs from Apple that get imported into Desktop Central are to allow Desktop Central to be able to manage iOS devices (send push notifications, remotely lock and wipe the device, etc). However, if you import the files from Desktop Central to the Forwarding Server and then import the Apple certs you will break the connection between Desktop Central and the Forwarding Server. It is critical that you import the Apple certs to Desktop Central first, and then copy Desktop Central’s keys over to the Forwarding Server. Otherwise you end up stuck on an extremely unhelpful error message when trying to enroll an iOS device remotely. The exact error you get is:

** PROFILE INSTALLATION FAILED**

Profile Failed To Install

With no explanation as to why that is happening.

Make sure you do the certs in the order specificed above. Your day will go a lot smoother if you do.

EXIFTOOL

We’re having a fun snow day today in my part of the world. We’re expected to get somewhere between 12″ and 24″ of snow. As I type this, we’re at around 8″ of snow and it hasn’t stopped pouring the snow since around 9 AM this morning.

Now you might be wondering, just what does this have to do with the blog? Well I wanted a way to post some snow pictures to a forum, and didn’t want to use Imgur or Droplr. So I created a directory within /var/www/html on the server, set proper permissions, and started uploading photos from the camera roll on my iPhone. However I didn’t want to post photos with GPS data embedded in them. A quick trip to Google revealed a command line tool that’s perfect for the job. I had no idea exiftool existed, but it does and it does its job well. A quick run of the tool and my photos were metadata free.

Exiftool can be downloaded from your disto’s package system, and the quick example I used on how to use it can be found at Linux Magazine