Friday, November 7, 2014

Concerning DLLs in the root of C drive; spyware infection? No

At work, I upgraded my laptop by replacing the hard drive with an SSD.  Boy, did it make a nice improvement in performance.  I took the purist approach and did a fresh install of Windows 7 and reinstalled all my applications.

Imagine my chagrin after a careful rebuild, only to find a number of DLL files in the root of my C drive.  I deleted them, only to find them returning regularly.

Doing some Googling on one of the DLL names (such as tsgetxu6ag55.dll) wasn't turning up good results.  I'd find lots of results to web sites that 'identify files' and would give me a lot of nonsense answers not clearly telling me if it was spyware, a legitimate file, or any useful info.

I stumbled onto what was going on once I started Googling what the file was.  The properties of the DLL made mention of Tom Sawyer.  Once I Googled that, lo and behold the answer came to light.

https://thwack.solarwinds.com/thread/55808

One piece of software I had reinstalled was SolarWinds IP Address Tracker.  The newer version apparently isn't well-written, and it dumps many files in the root of your C drive.  Well, that's helpful (NOT).

At that point, I searched and found an older version of the install and downloaded that.  No more pesky DLLs appearing in the root of my C drive.

Wednesday, April 16, 2014

Unable to Sign In on Google Chrome to Office 365

My organization has been moving from hosting our own Exchange and Lync/Office Communications on premise to Microsoft hosted via Office 365.

I had implemented Active Directory Federation Services (ADFS) and Lync Online about 18 months ago.  ADFS had some challenges, but once I implemented it, it has been reliable.  During implementation, I got on-premise pass through Windows Authentication working and off-premise sign in working.  I had tested on versions of Internet Explorer, Mozilla Firefox, and Google Chrome successfully.

We're now readying to migrate to Exchange Online and away from our on-premise mail server.  During testing, several of us in IT began realizing that sign-ins from Google Chrome was not working.

On premise, you would be prompted with a Google Chrome pop up dialog.  You'd put in your credentials (email address and Active Directory password), and it'd take you right back to the logon prompt without error, and you'd never get in.

Off premise, you would be directed to our sign in page on our Federated Server Proxy server.  Same behavior, enter credentials, return right back to sign in page without error.

Googling this error tipped me off to the problem being that Google Chrome not supporting Extended Protection.  But I didn't know much about this, so I didn't know how to resolve the issue.

A case opened with Microsoft support got me directed to the fix, as documented here:
http://social.technet.microsoft.com/wiki/contents/articles/1426.ad-fs-2-0-continuously-prompted-for-credentials-while-using-fiddler-web-debugger.aspx
The article mentions problems when using Fiddler Web Debugger, but it's the fix for a Google Chrome issue as well.

It's a setting within IIS.  The above link documents where the setting is within IIS to change it manually on each affected server (typically you have multiple ADFS servers for fault tolerance), or PowerShell commands to set this universally across the farm.

Once I made this change, my users can leverage Office 365 from any of the major browsers.