Help - Search - Members - Calendar
Full Version: Mdac2.81, Jet, Odbc
The CD Forum > Bart's PE Builder > Troubleshooting
ponzandro
i'm currently trying to get GFI Languard Security Scanner 6.0 to run from BartPE.
The application starts fine, also the Scheduler service is running.

Scanning is not possible cause the different scanning profiles ar stored in an access database (scanresults6.mdb) and GFI is not able to connect to the database.
There was a similar problem discussed in the forum with Sisoft Sandra 2005 that needs also access to a database.

To get access to the database i try to incorporate latest releases of MDAC2.81 (XPSP2), JET 4.0SP8, ODBC-Support into BartPE.

Installation tracking is difficult, because uninstalling / reinstalling of MDAC is not possible as latest MDAC2.81 gets updated when installing XP SP2.
MDAC Component Checker helped to get all the the files with target directorys and registry settings.
I also could find the necessary files for JET and ODBC Support reading the msdn documentations but it seems that some registry settings or other windows core files are missing.
(Comparing to Joshuas ado_jet plugin and erwin veermans ado and jet plugin they did not include any registry entries, so i do not know exactly if the registry entries are needed at all?)
But when i start ODBC Manager (odbcad32.exe) in BartPE no available drivers ar listed on the driver tab.

Monitoring GFI with dependency walker does not show missing files.
Monitoring with Sysinternals Regmon MDAC2.8 is detected but when trying to connect
to the database i get some errors about missing COM registrations and that the oledb provider is not available.... - seems to me that this is the crucical point. (there is a detailed regmon debuglog available if someone is interested).
I found, that there is a connection string with user/password needed to connect to the database, but i could not find any references about that connection string on my live installation of GFI.

I'm a little bit glueless what to do to fix the problem, at least to get the neccessary drivers correctly shown in ODBC Manager and how to implement the connection string to the BartPE build. Does someone know where the connection strings are stored?
If someone is interested i have a ready to run inf file for GFI LNSS 6.0 and also all necessary files (hope so) for MDAC2.81, JET 4.0SP8 and ODBC.
Anyone?
Joshua
QUOTE (ponzandro @ Apr 11 2005, 09:30 AM)
If someone is interested i have a ready to run inf file for GFI LNSS 6.0 and also all necessary files (hope so) for MDAC2.81, JET 4.0SP8 and ODBC. 
Anyone?

@ponzandro
i am interested, because i think that is the problem why Sandra is not
working. i have working on this since weeks, but without success. mad.gif
please send me your work for GFI LNSS 6.0, MDAC2.81, JET 4.0SP8 and ODBC.
i try to help you, and i hope it helps for the Sandra problem too. wink.gif
(please send to: dcs@drowaelder.de)
Joshua
ponzandro
i got it !!!!!!-hope so dry.gif (i could replicat exactly the same error on my livesystem - will try later with the BartPE plugin)
The problem seems to be: PRB: "Multiple-step OLE DB operation generated errors" when opening ADO connection

Joshua, i will make more tests this evening and maybe GFI is running fine in the end..
Drück mir die Daumen biggrin.gif
teletom
@ponzandro

Is it not so, that GFI- Scanner has an own System account?

May be we have to activate this account.

Sorry i dont know if you use it yet.

Thats why the best will be, that you will publish the inf here.

Regarding account, set read access to the HKEY_LOCAL_MACHINE\SAM\SAM path and underpath:
check HKEY_LOCAL_MACHINE\SAM\SAM\Domains\Account

For a setup in batch mode is the Setacl.exe tool useful:
http://www.helge.mynetcologne.de/setacl/

unsure.gif Regards,
Teletom
ponzandro
QUOTE
Is it not so, that GFI- Scanner has an own System account?
May be we have to activate this account.

The problem with the service account is fixed.
when installing GFI LNSS setup has to create credentials for the scheduler service (statusmonitor.exe).
If you don't specify a domain account (not possible in bartpe) a service account named
.\LNSS_MONITOR_USR is created (also not possible in BartPE).
Fix is to run the service with LocalSystem credentials in BartPE, this has to be changed in the ObjectName tab of the service or in the registry settings of the service before exporting/building the plugin.
(By the way, the scheduler service is not essential to run GFI LNSS.)

Main problem is to get connection to the database that stores the scanner profiles.
If you don't specify a connection string to connect to the database the OLE DB calls by ADO may fail. There is a registry fix documented in the MS link i posted above.
I hope that i can fix that this evening as i could simulate the same error on my livesystem when renaming the proposed registry fix.
Also i have to check then what components of MDAC2.81, JET, ODBC are really needed to keep it simple and small. GFI LNSS for itself has about 40MB and to keep it simple while testing i always run it completely from ramdrive. But it should work to only move the update & log folders to the ramdrive.
As the inf file is really huge i would prefer to send it by mail later.




wink.gif
ponzandro
@teletom

i did some more research on the GFI Knowledgebase and it seems, that the created useraccount while installing GFI isn't only used to run the scheduler service.

GFI Knowledgebase Statement:
QUOTE
What is the purpose of the local account LNSS_MONITOR_USR?

# The information in this article applies to: GFI LANguard Network Security Scanner 5
# GFI LANguard Network Security Scanner 6
Article ID: KBID002068
Query keywords:

LNSS_MONITOR_USR is the dedicated user account created by the LANguard Network Security Scanner 5. The user account will also be added to the Local Administrators group.

This user is used by the communication processes done between the various GFI LANguard N.S.S. modules. This user account needs administrative rights to access system resources.

The password for this account is not fixed, and contains alphanumeric digits similar to a GUID.


So to do further tests i think it is needed - as you wrote - to try to import this account into BartPE.
I don't know if anyone tried to import an existing user from a livesystem to BartPE,
as everything in BartPE is running with LocalSystem credentials.So in most cases there is no need to create a less powerfull "Administrator" account in BarPE, but in this special case it could be a solution.
I do not know exactly what is needed to create this account, but basically copying the profiles folder with the ntuser.dat containing the SID and importing all the neccessary registry settings from HKEY_LOCAL_MACHINE\SAM could be a start.
Concerning this, there was an interesting statement of JeffO in the thread
Domain Server, Is it possible?
But maybe my idea is completely weird wink.gif and it is not possible to do that ??
I will start another thread later to ask if someone succeded in creating such an account.
cool400
Hi guys,

I'm trying to build a plugin for Agnitum Outpost Pro 2.5 and it seems that I need ODBC-support for this.

Could anyone of you explain how to include ODBC-support in BartPE?

Best regards

cool400 ph34r.gif
ponzandro
QUOTE (cool400 @ Jul 25 2005, 08:09 PM)
Hi guys,

I'm trying to build a plugin for Agnitum Outpost Pro 2.5 and it seems that I need ODBC-support for this.

Could anyone of you explain how to include ODBC-support in BartPE?

Best regards

cool400 ph34r.gif
*


Get Joshuas plugin for MS Data Access Components MDAC2.81SP1 from here: http://www.drowaelder.de/winpe/PEIndex.htm
sanbarrow
QUOTE
I don't know if anyone tried to import an existing user from a livesystem to BartPE,
as everything in BartPE is running with LocalSystem credentials.


Don't know if this is still interesting - but what's the problem?
I do exactly this in my VMware-plugin - I use a group and a user from a normal install and immediatly after boot I import a complete sam.
Make sure that the system you use to export the sam is not overcrowded with accounts or edit the export so that it contains only those users you need.
ponzandro
QUOTE (sanbarrow @ Jul 25 2005, 09:23 PM)
Don't know if this is still  interesting - but what's the problem?
I do exactly this in my VMware-plugin - I use a group and a user from a normal install and immediatly after boot I import a complete sam.
Make sure that the system you use to export the sam is not overcrowded with accounts or edit the export so that it contains only those users you need.
*


sanbarrow, the problem was fixed as it was not necessary to import the SAM to get GFI LNSS 6 running.
Get the plugin here: http://www.911cd.net/forums//index.php?sho...255&hl=languard
But for upcoming plugins i will keep that suggestion in mind. Looking forward the upcoming vacation to dig into your VMware stuff..... smile.gif
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2014 Invision Power Services, Inc.