Seminar on Server, Network and Security for WebSAMS.
-
Upload
loreen-goodman -
Category
Documents
-
view
251 -
download
6
Transcript of Seminar on Server, Network and Security for WebSAMS.
Seminar on Server, Network and Security for WebSAMSSeminar on Server, Network and Security for WebSAMS
Sep 2015 Seminar on Server, Network and Security for WebSAMS B - 3
WebSAMS Requirements
WebSAMS server can access Internet without passing through proxy
WebSAMS server can access HTTPS web site, e.g.: E.g. www.hsbc.com.hk logon
HTTP server can access Internet without passing through proxy
Support NAT port mapping, e.g.: 202.123.219.100 10.128.15.150 TCP 80,443,7010
Allow traffic from DMZ HTTP to WebSAMS server TCP 8009 TCP 7009 TCP 8109 (1 Server 2 WebSAMS)
Sep 2015 Seminar on Server, Network and Security for WebSAMS B - 6
Network Architecture ( cont’d )
3 types of WebSAMS users WebSAMS user ITED user Internet user
HTTP server is simply a relay server which forwards all the requests to the WebSAMS server
The HTTP server itself does not store any data
Sep 2015 Seminar on Server, Network and Security for WebSAMS B - 7
Network Architecture ( cont’d )
Accessing WebSAMS by URL
Determined by Domain Name Server (DNS) Accessing the WebSAMS server from different subnets or
networks will use different IP addresses
Examples: WebSAMS users:
websams.schabc.edu.hk => 10.128.30.150 ITED users:
websams.schabc.edu.hk => 10.128.15.150 / 192.168.0.3 Internet users:
websams.schabc.edu.hk => 202.123.219.100
Sep 2015 Seminar on Server, Network and Security for WebSAMS B - 8
Network Architecture ( cont’d )
Router ( between WebSAMS and ITED ) HTTP Server connect to WebSAMS server
Using TCP 8009 for production Using TCP 7009 for training Using TCP 8109 for 1 server 2 SAMS
WebSAMS server can access Internet without passing through proxy
TCP 80 ( HTTP ) TCP 443 ( HTTPS ) TCP/UDP 53 ( DNS ) TCP 25 ( SMTP ) TCP 110 ( POP3 )
Sep 2015 Seminar on Server, Network and Security for WebSAMS B - 9
Network Architecture ( cont’d )
Internet Gateway Support NAT ( Network Address Translation )
Port mapping TCP 80 TCP 443 TCP 7010
Sep 2015 Seminar on Server, Network and Security for WebSAMS B - 10
Internet Gateway
Separate Internet and ITED 2 interfaces - one for real IP and another for internal IP
It could be: Hardware firewall ( e.g. SonicWALL , Cisco PIX, Netscreen,
CheckPoint, and so on … ) Proxy server with NAT function Router with NAT function Linux server ( 2 interface cards , using iptables or ipchains
+ ipmasqadm ) Windows server ( 2 interface cards , routing and remote
access )
Sep 2015 Seminar on Server, Network and Security for WebSAMS B - 11
DMZ
It is called “Demilitarized Zone” A separated area between Internet and Local
Area Network Internet gateway should has at least 3
interfaces to support DMZ, such as Internet, ITED LAN segment & DMZ
Provide services opened to public Aggregate servers, such as FTP server, Web
server, and so on, in a restricted area Help to minimize impact to LAN in case of
school network being hacked
Sep 2015 Seminar on Server, Network and Security for WebSAMS B - 12
Backup
WebSAMS Backup Schedule Pre-backup Backup Post-backup From about 00:00 am to 06:00 am
Flow of Scheduled Backup: Stop WebSAMS engine Backup Housekeep WebSAMS application log files Start WebSAMS engine
Sep 2015 Seminar on Server, Network and Security for WebSAMS B - 14
Pre-backup
D:\WebSAMS3.0\batch\pre_backup.bat
15 mins
Stop JBoss, database, Apache
Make copy of WebSAMS data to E:\data\<SUID>\database\sched
Sep 2015 Seminar on Server, Network and Security for WebSAMS B - 15
Backup approach
Back up the disk image of the whole WebSAMS server
including C, D and E drives
Sep 2015 Seminar on Server, Network and Security for WebSAMS B - 16
Post-backup
D:\WebSAMS3.0\batch\post_backup.bat Housekeep Apache log files
D:\WebSAMS3.0\Apache\logs\
Housekeep WebSAMS server log files ( older than 30 days )
D:\WebSAMS3.0\JBoss-as-7.1.1.Final\standalone\log
Housekeep CDS log ( More than 30 days ) E:\data\CDS\<dest_id>\system\log\
Housekeep Report temp log files E:\data\<SUID>\rpt\temp
Start database, JBoss, Apache
Sep 2015 Seminar on Server, Network and Security for WebSAMS B - 18
What is NAT ?
Network Address Translation ( NAT )
Translate the IP address from one network to other network
Typically one is inside and one is outside
Port mapping function
Reference: RFC 1631 http://www.faqs.org/rfcs/rfc1631.html
Sep 2015 Seminar on Server, Network and Security for WebSAMS B - 19
WebSAMS LAN segment accesses Internet
Access Internet directly not through the Proxy server
Involved equipment WebSAMS router Internet Gateway ISP
Sep 2015 Seminar on Server, Network and Security for WebSAMS B - 20
Network Settings on WebSAMS server
Under WebSAMS server
DHCP server setup
DNS server setup
Sep 2015 Seminar on Server, Network and Security for WebSAMS B - 21
DHCP server setup
Start > Administrative Tools > DHCP
1
2
Sep 2015 Seminar on Server, Network and Security for WebSAMS B - 25
Start > Administrative Tools > DNS
1
2
Internet DNS setup
Sep 2015 Seminar on Server, Network and Security for WebSAMS B - 30
Router Config
Modified default route Example:
ip route 0.0.0.0 0.0.0.0 10.128.15.253
ACL modification Example:
access-list 101 permit tcp any 10.128.30.0 0.0.0.255 gt 1023 established access-list 101 permit udp any 10.128.30.0 0.0.0.255 gt 1023 access-list 101 permit icmp any 10.128.30.0 0.0.0.255 echo-reply access-list 101 permit icmp any host 10.128.30.150 packet-too-big access-list 101 permit tcp host 172.16.0.150 host 10.128.30.150 eq 8009 access-list 101 permit tcp host 172.16.0.150 host 10.128.30.150 eq 7009 access-list 101 deny ip any any log
Sep 2015 Seminar on Server, Network and Security for WebSAMS B - 32
Routine tasks performed
Daily Tasks Check apache log
D:\WebSAMS3.0\Apache\logs\
Check Virus scanning log
Check JBoss log D:\WebSAMS3.0\JBoss-as-7.1.1.Final\standalone\log\
Check version Upgrade Log E:\temp\wsup1\yyyyMMdd.HHmm\
Check NAS backup log
Backup rotation
Check firewall log
Sep 2015 Seminar on Server, Network and Security for WebSAMS B - 33
Routine tasks performed ( cont’d )
Weekly Tasks Backup rotation Check free space of NAS and WebSAMS Server Check Windows Event Viewer
Monthly Tasks Reboot WebSAMS Server Reboot HTTP Server
Sep 2015 Seminar on Server, Network and Security for WebSAMS B - 34
Log checking
Windows Event Viewer log Apache log
D:\WebSAMS3.0\Apache\logs\ access.log-<dd-MM-yyyy> ( http request log ) errors.log-<dd-MM-yyyy> ( error log )
Virus Scanning log Backup Log
To check whether the pre-backup tasks have been run successfully (E:\data\<SUID>\Log\DB)
Sep 2015 Seminar on Server, Network and Security for WebSAMS B - 35
HTTP log checking
/var/log/messages /var/log/
Sep 2015 Seminar on Server, Network and Security for WebSAMS B - 36
HTTP log checking ( cont’d )
All logs in anti-virus: https://websams.school.edu.hk:14943 Virus Logs, Spyware Logs, Scan Logs & System Logs /var/log/TrendMicro/SProtectLinux/
Sep 2015 Seminar on Server, Network and Security for WebSAMS B - 38
WebSAMS program log ( server.log )
D:\WebSAMS3.0\JBoss-as-7.1.1.Final\standalone\log\server.log
Time Stamp
Severity
Message
Sep 2015 Seminar on Server, Network and Security for WebSAMS B - 39
WebSAMS upgrade log
E:\temp\wsup1\yyyyMMdd.HHmm\websams_upgrade.log
Sep 2015 Seminar on Server, Network and Security for WebSAMS B - 40
Upgrade log ( cont’d )
Upgrade Success sample :
Upgrade Fail sample :
Sep 2015 Seminar on Server, Network and Security for WebSAMS B - 41
Firewall Log Screen
Hardware Firewall Log Screen
Sep 2015 Seminar on Server, Network and Security for WebSAMS B - 42
Housekeeping
Housekeep the WebSAMS server files
Housekeep the HTTP server files
Housekeep the WebSAMS upgrade backup files
Clear the Java Web Start cache
Sep 2015 Seminar on Server, Network and Security for WebSAMS B - 43
Housekeep WebSAMS files
WebSAMS Server
Windows Event logControl Panel > Administrative Tools > Event Viewer
WebSAMS Apache logs D:\WebSAMS3.0\Apache\logs\access.log
D:\WebSAMS3.0\Apache\logs\error.log
WebSAMS JBoss Cache
D:\WebSAMS3.0\JBoss-as-7.1.1.Final\standalone\tmp\vfs\*
D:\WebSAMS3.0\JBoss-as-7.1.1.Final\standalone\tmp\work\*
Backup software log
Sep 2015 Seminar on Server, Network and Security for WebSAMS B - 44
Housekeep WebSAMS files
Linux HTTP server
Apache log (/var/log/apache2/access_log_80, 443, 7010)
Error log (/var/log/apache2/error_log_80, 443, 7010)
System log (/var/log/messages)
Virus scan log (/var/log/TrendMicro/SProtectLinux/Virus.yyyyMMdd.#### )
Sep 2015 Seminar on Server, Network and Security for WebSAMS B - 45
Housekeep WebSAMS upgrade backup files
E:\temp\wsup1\<yyyyMMdd.HHmm>\*
E:\temp\wsup2\<yyyyMMdd.HHmm>\* (For 2nd instance of 1 Server 2 WebSAMS)
E:\temp\training\<yyyyMMdd.HHmm>\*
Files and directories are saved under <yyyyMMdd.HHmm> folder, and the latest folder should be kept for tracking purpose.
Sep 2015 Seminar on Server, Network and Security for WebSAMS B - 46
Clear Java Web Start cache
Go to Windows Control Panel Java General tab [Setting…] [Delete Files…]
1.
2.
Sep 2015 Seminar on Server, Network and Security for WebSAMS B - 47
Clear Java Web Start cache (cont’d)
3. 4.
Sep 2015 Seminar on Server, Network and Security for WebSAMS B - 49
Backup Rotation Configuration (cont’d)
Sep 2015 Seminar on Server, Network and Security for WebSAMS B - 50
Backup Rotation Configuration (cont’d)
Sep 2015 Seminar on Server, Network and Security for WebSAMS B - 51
Backup Rotation Configuration (cont’d)
Sep 2015 Seminar on Server, Network and Security for WebSAMS B - 52
Backup Rotation Configuration (cont’d)
Sep 2015 Seminar on Server, Network and Security for WebSAMS B - 53
Backup Rotation Configuration (cont’d)
Sep 2015 Seminar on Server, Network and Security for WebSAMS B - 54
Backup Rotation Configuration (cont’d)
Sep 2015 Seminar on Server, Network and Security for WebSAMS B - 55
Backup Rotation Configuration (cont’d)
Sep 2015 Seminar on Server, Network and Security for WebSAMS B - 56
Backup Rotation Configuration (cont’d)
Sep 2015 Seminar on Server, Network and Security for WebSAMS B - 57
Backup Rotation Configuration (cont’d)
After the time of scheduled job – Pre_backup.bat
Sep 2015 Seminar on Server, Network and Security for WebSAMS B - 58
Backup Rotation Configuration (cont’d)
Sep 2015 Seminar on Server, Network and Security for WebSAMS B - 59
Ad-hoc tasks
Ad-hoc database backup Ad-hoc training database backup Back up in HTTP server Manually back up WebSAMS server D: and E: to other
computer Change Password
OS System administrator WebSAMS login account “sysadmin” and “asysadmin” HTTP root
Sep 2015 Seminar on Server, Network and Security for WebSAMS B - 60
Ad-hoc task ( cont’d )
WebSAMS
(Windows Desktop\WebSAMS)
Sep 2015 Seminar on Server, Network and Security for WebSAMS B - 61
Ad-hoc database backup
Ad-hoc database backup It will stop database and JBoss automatically It also will start up after finish It will back up:
CDS files User upload files Database files User upload report template files
E:\data\<SUID>\database\adhoc\ Check the “Backup Log” to see whether success or
not
Sep 2015 Seminar on Server, Network and Security for WebSAMS B - 62
Ad-hoc task ( cont’d )
WebSAMS Training
(Windows Desktop\WebSAMS_T)
Sep 2015 Seminar on Server, Network and Security for WebSAMS B - 63
Ad-hoc task ( cont’d )
Ad-hoc Production Database backup path E:\data\<suid>\database\adhoc\
Ad-hoc Training Database backup path E:\Data\9999\database\backup_snapshot\
Sep 2015 Seminar on Server, Network and Security for WebSAMS B - 64
Backup in HTTP Server
Back up the New (SUSE Linux Enterprise 11) HTTP server setting to a floppy or a USB drive
Use command “fdisk -l” to check USB device namee.g.: sda1, sda2 or sdb1…,etc.
Use command “grepconfig” / “grepconfig /dev/{USB device name}”.(For 1 Server 2 WebSAMS environment, use “grepconfig_1s2s”)
Run the command when HTTP server is running in good condition
Those files can be copied to any Windows storage for backup purpose
Sep 2015 Seminar on Server, Network and Security for WebSAMS B - 65
Backup in HTTP Server ( cont’d )
Step 1 : Log in HTTP server as root
Step 2 : Type command “grepconfig /dev/sda1”.
Step 3 : Press “Y” in the following screen
Sep 2015 Seminar on Server, Network and Security for WebSAMS B - 66
Backup in HTTP Server ( cont’d )
Sep 2015 Seminar on Server, Network and Security for WebSAMS B - 67
Backup in HTTP Server ( cont’d )
Step 4: Press “0” if all information is correct Step 5: Press “Y” to confirm in the following screen
Sep 2015 Seminar on Server, Network and Security for WebSAMS B - 68
Internet Security Only open WebSAMS to Internet access for a
specific period when necessary:
1. Restrict the time for accessing WebSAMS from clients outside SAMS LAN segment at “Security > Configuration > System Configuration”
Sep 2015 Seminar on Server, Network and Security for WebSAMS B - 69
Internet Security ( cont’d )
2. Set up specific “Internet Access Time Profile” to further control the access time for particular user clients outside SAMS LAN segment at “Security > Access Control > Internet Access Time Profile”
Sep 2015 Seminar on Server, Network and Security for WebSAMS B - 71
Internet Security ( cont’d )
3. For more security, you may deny the access to port TCP 443 in the Internet gateway
In the firewall, deny the network accessing to port TCP 443, except the IP addresses of the Primary & Secondary CDS Servers to allow packets passing through this port.
This action requires efforts from vendors or support staff in school who possess special knowledge and experience on security and firewall.
Sep 2015 Seminar on Server, Network and Security for WebSAMS B - 72
WebSAMS Server Security Windows server policies and security best
practices:1. Local Security Policy Start Control Panel ->
Administrative Tools -> Local Security Policy
In Account Policies -> Account Lockout Policy, set Account lockout threshold to “3” invalid logon attempts
Set Account logout Duration and also Reset account lockout counter after to “30 minutes”.
1. 2.
3.
Sep 2015 Seminar on Server, Network and Security for WebSAMS B - 73
WebSAMS Server Security
In Local Policies -> Audit Policy
Set Audit object access security setting to “Failure” and also set Audit system events security setting to “Success”
More policy settings in Appendix 8 of Installation Guidelines for WebSAMS 3.0 1.
2.
3.
Sep 2015 Seminar on Server, Network and Security for WebSAMS B - 74
WebSAMS Server Security
2. User account management
Start -> Control Panel -> Administrative Tools -> Computer Management -> System Tools -> Local Users and Groups -> Users -> Administrator
On the General tab of ALL user accounts properties, uncheck the Password never expires checkbox.
Sep 2015 Seminar on Server, Network and Security for WebSAMS B - 75
WebSAMS Server Security
3. Enable Screen Saver Timeout Start -> Control Panel -> Display > Change screen saver
1.
2.
Sep 2015 Seminar on Server, Network and Security for WebSAMS B - 76
WebSAMS Server Security
4. Enable Windows Firewall Start -> Control Panel -> Windows Firewall > Advanced settings
Sep 2015 Seminar on Server, Network and Security for WebSAMS B - 77
WebSAMS Server Security
4. Enable Windows Firewall Inbound Rules > new Rule…
1.2.
Sep 2015 Seminar on Server, Network and Security for WebSAMS B - 78
WebSAMS Server Security
4. Enable Windows Firewall Rule Type > Port
1.
2.
Sep 2015 Seminar on Server, Network and Security for WebSAMS B - 79
WebSAMS Server Security
4. Enable Windows Firewall Protocol and Ports > TCP > Specific local ports:
80, 443, 8009, 7009, 3268, 7010, 7268 (Add 8109 & 9268 for 1 Server 2 WebSAMS only)
1. 2.
3.
Sep 2015 Seminar on Server, Network and Security for WebSAMS B - 80
WebSAMS Server Security
4. Enable Windows Firewall Action > Allow the connection
1. 2.
Sep 2015 Seminar on Server, Network and Security for WebSAMS B - 81
WebSAMS Server Security
4. Enable Windows Firewall Profile > Domain, Private & Public
1.2.
Sep 2015 Seminar on Server, Network and Security for WebSAMS B - 82
WebSAMS Server Security
4. Enable Windows Firewall Name > WebSAMS > Finish
1. 2.
3.
4.
Sep 2015 Seminar on Server, Network and Security for WebSAMS B - 83
IT System Security
All WebSAMS users are required to have their own identities (i.e. user accounts)
Passwords should not be shared or divulged unless necessary
For safeguarding WebSAMS security, please remind to follow the guidelines of “IT Security in Schools” (ITSS):http://www.edb.gov.hk/FileManager/EN/Content_1619/it%20security%20in%20schools.pdf
Regularly visit the Information Security website of HKSAR ( http://www.infosec.gov.hk ) for updated information of IT security
Sep 2015 Seminar on Server, Network and Security for WebSAMS B - 85
General trouble-shoot ( Helpdesk issues )
10 general issues frequently received by WebSAMS Helpdesk:1. ITED / Internet cannot access WebSAMS
2. Unable to connect CDS
3. Unable to back up
4. How to setup WebSAMS client PC?
5. ITED-access becomes Internet-access
6. WebSAMS-access becomes ITED-access
7. Unable to find Apache Window
8. Generate report problem
9. Fonts problem
10. Version upgrade problem
Sep 2015 Seminar on Server, Network and Security for WebSAMS B - 86
1. ITED / Internet cannot access WebSAMS
Double check whether WebSAMS has been started ?
Test if WebSAMS segment works or not
Check whether ITED client PC has resolved the IP problem ? DNS problem / DHCP problem Proxy client
Check using “Internet Explorer” on the ITED client PC
Check whether the ITED client PC uses proxy in IE ? Confirm whether HTTP server has been started up & the
‘Pass Phrase’ has been entered? Idle 25 seconds > rcapache2 restart
In HTTP server, do the test by typing: telnet <WebSAMS_server_IP> 8009
Sep 2015 Seminar on Server, Network and Security for WebSAMS B - 87
1. ITED / Internet cannot access WebSAMS ( cont’d )
Success Sample
Failure Sample
Sep 2015 Seminar on Server, Network and Security for WebSAMS B - 88
1. ITED / Internet cannot access WebSAMS
( cont’d )
If succeed, it must be ITED segment problem If fail, it could be:
HTTP server crash HTTP server wrong setting WebSAMS’s router wrong setting ( or reset ) School firewall setting if HTTP server in DMZ
If it can load SSL prompt, that means HTTP running smoothly.
Otherwise, it may be HTTP setting or router setting problem
Sep 2015 Seminar on Server, Network and Security for WebSAMS B - 89
1. ITED / Internet cannot access WebSAMS
( cont’d )
ITED can access WebSAMS successfully but Internet cannot. The problem is due to:
Hosting registration of WebSAMS domain name in Internet
Internet Gateway problem ( port mapping )
HTTP server’s Default Gateway setting is wrong
It should be set to the Internet Gateway which performs port mapping
Type “route” in Linux command line to show default gateway setting
Sep 2015 Seminar on Server, Network and Security for WebSAMS B - 90
2. Unable to connect CDS
It may be caused by: Network connection of WebSAMS server has ever broken a short
period Wrong URL of the Primary and Secondary CDS Extensions in
WebSAMS at “CDS > Transmission > Schedule Transmission” Wrong Internet Gateway setting Wrong WebSAMS router setting
In WebSAMS server, try to connect Internet without passing through proxy
Go to (www.hsbc.com.hk) then click “logon” to test whether https URL works or not;
Try to ping: cdsx1.websams.edb.gov.hk and cdsx2.websams.edb.gov.hk
If fail, it may be DNS problem
Sep 2015 Seminar on Server, Network and Security for WebSAMS B - 91
2. Unable to connect CDS ( cont’d )
Nearly 95% of network problem with the message of “Unable to connect CDS” could not pass the following testing.
e.g. Internet Gateway did not allow WebSAMS server access Internet
e.g. WebSAMS router setting had a wrong ACL or wrong default route
A very special case may happen that CDS can send but cannot receive messages.
Under our investigation , it may be caused by the ISP and network setting
Solution : Implement “packet-too-big” into router setting
Sep 2015 Seminar on Server, Network and Security for WebSAMS B - 92
3. Unable to back up
Hardware failure or no free space of hard disk in NAS
Besides, over 95% of cases are due to the following 3 reasons :
Backup task is configured wrongly Backup task spends too much time that causes post_backup
starting early than estimation The administrator password in system does not synchronize
with one from backup batch jobs
For case 3 above, we need to : Change the password in pre_backup , post_backup Change the password in Backup software All password settings must be same as system administrator
password
Sep 2015 Seminar on Server, Network and Security for WebSAMS B - 93
4. How to setup WebSAMS client PC?
OS requires Windows Vista or above
Adobe Reader 10.0 or above supports Windows Vista/7/8/10
Enable Hong Kong Supplementary Character Set (HKSCS) in Windows Vista/7/8/10, refer to the 9th question
WebSAMS supports IE versions after IE’s Roadmap, beginning of 12th Jan., 2016:
Windows Vista SP2 + IE 9
Windows 7 SP1 + IE11
Windows 8.1 Update + IE11
Windows 10 + IE11(Microsoft Edge is not compatiable with WebSAMS)
Sep 2015 Seminar on Server, Network and Security for WebSAMS B - 94
4. How to setup WebSAMS client PC?
How to find IE11 on Windows 10?
Start menu > Windows Accessories > Internet Explorer
Search “IE” > Internet Explorer
Sep 2015 Seminar on Server, Network and Security for WebSAMS B - 95
4. How to setup WebSAMS client PC? ( cont’d )
SAP Crystal Reports 2013 ( full installation )
SAP Sybase SQL Anywhere 16 ODBC Driver (32-bit)
How to get ODBC Driver ?
Available in the installation CD of SAP Sybase SQL Anywhere 16
Driver Installation: Databases > SQL Anywhere (32-bit) > SQL Anywhere client
Sep 2015 Seminar on Server, Network and Security for WebSAMS B - 96
4. How to setup WebSAMS client PC? ( cont’d )
Driver Installation: Databases > SQL Anywhere (32-bit) > SQL Anywhere Client
Sep 2015 Seminar on Server, Network and Security for WebSAMS B - 97
4. How to setup WebSAMS client PC? ( cont’d )
Configure ODBC Setting:For 32-bit Windows : Control Panel > Administrative Tools > Data Sources (ODBC)
Sep 2015 Seminar on Server, Network and Security for WebSAMS B - 98
4. How to setup WebSAMS client PC? ( cont’d )
Configure ODBC Accounts:For 64-bit Windows : Type “ODBC” in the search field of Windows Start menu > ODBC Data Sources Administrator (32-
bit)
Sep 2015 Seminar on Server, Network and Security for WebSAMS B - 99
4. How to setup WebSAMS client PC? ( cont’d )
Sep 2015 Seminar on Server, Network and Security for WebSAMS B - 100
4. How to setup WebSAMS client PC? ( cont’d )
Sep 2015 Seminar on Server, Network and Security for WebSAMS B - 101
4. How to setup WebSAMS client PC? ( cont’d )
Sep 2015 Seminar on Server, Network and Security for WebSAMS B - 102
4. How to setup WebSAMS client PC? ( cont’d )
Sep 2015 Seminar on Server, Network and Security for WebSAMS B - 103
Install WebSAMS Root Certificate on Windows Vista/7/8/10
4. How to setup WebSAMS client PC? ( cont’d )
Sep 2015 Seminar on Server, Network and Security for WebSAMS B - 104
4. How to setup WebSAMS client PC? ( cont’d )
Install WebSAMS Root Certificate on Windows Vista/7/8/10
Sep 2015 Seminar on Server, Network and Security for WebSAMS B - 105
4. How to setup WebSAMS client PC? ( cont’d )
Install WebSAMS Root Certificate on Windows Vista/7/8/10 Certificate Manager
Sep 2015 Seminar on Server, Network and Security for WebSAMS B - 106
4. How to setup WebSAMS client PC? ( cont’d )
Install WebSAMS Root Certificate on Windows Vista/7/8/10 Certificate Manager
Sep 2015 Seminar on Server, Network and Security for WebSAMS B - 107
4. How to setup WebSAMS client PC? ( cont’d )
Install WebSAMS Root Certificate on Windows Vista/7/8/10 Certificate Manager
1.3.
2.
4.
Sep 2015 Seminar on Server, Network and Security for WebSAMS B - 108
4. How to setup WebSAMS client PC? ( cont’d )
Install WebSAMS Root Certificate on Windows Vista/7/8/10 Certificate Manager
Sep 2015 Seminar on Server, Network and Security for WebSAMS B - 109
4. How to setup WebSAMS client PC? ( cont’d )
Install WebSAMS Root Certificate on Windows Vista/7/8/10 Certificate Manager
Sep 2015 Seminar on Server, Network and Security for WebSAMS B - 110
4. How to setup WebSAMS client PC? ( cont’d )
Install WebSAMS Root Certificate on Windows Vista/7/8/10 Certificate Manager
Sep 2015 Seminar on Server, Network and Security for WebSAMS B - 111
4. How to setup WebSAMS client PC? ( cont’d )
Install WebSAMS Root Certificate on Windows Vista/7/8/10
Sep 2015 Seminar on Server, Network and Security for WebSAMS B - 112
5. ITED-access becomes Internet-access
Internal DNS setting
Proxy client ?
Client PC using proxy in IE ?
Trouble-shoot Ping URL in command prompt, check what IP is resolved It should be HTTP internal IP
In one very extreme case The school places HTTP in DMZ The school Internet gateway changes the source IP
i.e. SNAT in Linux
Sep 2015 Seminar on Server, Network and Security for WebSAMS B - 113
6. WebSAMS-access becomes ITED-access
Make sure the WebSAMS version to be on 3.0.0.28082015 or above
Internal DNS setting
Proxy client ?
Client PC / WebSAMS server using proxy in IE ?
Trouble-shoot Ping URL in Command Prompt, check what IP is resolved It should be WebSAMS server IP 2 ethernet ports in WebSAMS server:
In Command Prompt, enter ‘ipconfig /all’. The first IP address should be the private IP of WebSAMS server. If the first IP address is to connect the NAS, swap the ethernet cables and setting of Internet Protocol (TCP/IP) in between the WebSAMS interface and NAS interface.
4 ethernet ports in WebSAMS server: Make sure the primary ethernet port which connects to WebSAMS segment and it
does not connect to NAS Make sure the primary ethernet port that matches in the BIOS setup (Motherboard
setup)
Sep 2015 Seminar on Server, Network and Security for WebSAMS B - 114
7. Unable to find Apache Window
Open Task Scheduler at “Control Panel > Administrative Tools”
Sep 2015 Seminar on Server, Network and Security for WebSAMS B - 115
7. Unable to find Apache Window ( cont’d )
Right-click the scheduled task “WebSAMS post-backup” in Task Scheduler Library and select “Properties”
Sep 2015 Seminar on Server, Network and Security for WebSAMS B - 116
7. Unable to find Apache Window ( cont’d )
Click the Actions tab > highlight the Action “Start a program”> click the Edit button
Sep 2015 Seminar on Server, Network and Security for WebSAMS B - 117
7. Unable to find Apache Window ( cont’d )
Highlight the Program/script “D:\WebSAMS3.0\batch\” > Cut and Paste it into the field of “Start in”
Adjust the same path in the another scheduled task “WebSAMS Pre-backup”
Sep 2015 Seminar on Server, Network and Security for WebSAMS B - 118
8. Generate report problem
Checking Crystal Reports Server
SAP BusinessObjects Central Configuration Manager Apache Tomcat for BI 4 Server Intelligence Agent
Sep 2015 Seminar on Server, Network and Security for WebSAMS B - 119
8. Generate report problem
SAP BusinessObjects Central Management Console (CMC)
http://localhost:8080/BOE/CMC/Or
http://127.0.0.1:8080/BOE/CMC/
Sep 2015 Seminar on Server, Network and Security for WebSAMS B - 120
8. Generate report problem ( cont’d )
Sep 2015 Seminar on Server, Network and Security for WebSAMS B - 121
8. Generate report problem ( cont’d )
Sep 2015 Seminar on Server, Network and Security for WebSAMS B - 122
8. Generate report problem ( cont’d )
Add parameters “ -ipport 1566 -reportdirectory E:\Data”
Sep 2015 Seminar on Server, Network and Security for WebSAMS B - 123
8. Generate report problem ( cont’d )
Other cases: Check WebSAMS server computer name
Is that equal to the sub-domain name in URL ? If the sub-domain name is websams-am.schabc.edu.hk then WebSAMS server
computer name should be “websams-am”
The report is generated from customized template Restart JBoss Try to generate built-in template first
If succeed, Customized template problem
If fail, Download “Points to Note for Upgrading of WebSAMS 3.0 (Sybase
and Crystal Reports) ” from “http://cdr.websams.edb.gov.hk > 主頁 > 2014 提升「網上學校行政及管理系統」參考資料”
Contact help desk for further investigation
Sep 2015 Seminar on Server, Network and Security for WebSAMS B - 124
8. Generate report problem ( cont’d )
Update any user-customized report in WebSAMS 3.0
Open Data Sources (ODBC) For 32bit Windows: Control Panel > Administrative Tools For 64-bit Windows: Type “ODBC” in the search field of
Windows Start menu > ODBC Data Sources Administrator (32-bit)
Sep 2015 Seminar on Server, Network and Security for WebSAMS B - 125
8. Generate report problem ( cont’d )
Input an ODBC login account on the WebSAMS workstation for connecting to WebSAMS database, such as “genuser”, “fmpuser” or “stfuser”
Verify database in Crystal Reports on WebSAMS workstation
Sep 2015 Seminar on Server, Network and Security for WebSAMS B - 126
8. Generate report problem ( cont’d )
Sep 2015 Seminar on Server, Network and Security for WebSAMS B - 127
8. Generate report problem ( cont’d )
Remove the User ID and leave it blank
Sep 2015 Seminar on Server, Network and Security for WebSAMS B - 128
8. Generate report problem ( cont’d )
Click “OK” several times
Sep 2015 Seminar on Server, Network and Security for WebSAMS B - 129
Unable to open cumtomized report template by Crystal Reports 2013.
Open it by Crystal Reports 9 Delete any duplicate parameter
field(s) in Field Explorer
8. Generate report problem ( cont’d )
Delete any duplicate parameter field(s)
Sep 2015 Seminar on Server, Network and Security for WebSAMS B - 130
8. Generate report problem ( cont’d )
Verify the SQL syntax of the user-customized report templates
For details, please refer to http://cdr.websams.edb.gov.hk > 主頁 > 2014 年提升「網上學校行政及管理系統」參考資料 >
Points to Note for Upgrading of WebSAMS 3.0 (Sybase and Crystal Reports)
Sep 2015 Seminar on Server, Network and Security for WebSAMS B - 131
9. Fonts problem
WebSAMS Server font is corrupted Cannot display HKSCS fonts on generated report
(.PDF) If the size of “MingLiU.TTC” font file NOT = 26M
Copy the font file in Windows Safe Mode (F8):from D:\WebSAMS3.0\batch\utilitiesTo C:\Windows\Fonts
Reboot the Server Don’t install any Government HKSCS on WebSAMS
Server
Sep 2015 Seminar on Server, Network and Security for WebSAMS B - 132
9. Fonts problem ( cont’d )
Windows Vista, 7, 8 & 10 have built-in support for HKSCS-2004 with ISO 10646/Unicode code allocation scheme.
Sep 2015 Seminar on Server, Network and Security for WebSAMS B - 133
10. Version Upgrade Problem
WebSAMS version <> DB version
Caused by unsuccessful WebSAMS upgrade Solution
WebSAMS Java version cannot be upgraded Recover files from E:\temp\wsup1\<the latest folder>\backup\ Contact Helpdesk to get the instruction
Sep 2015 Seminar on Server, Network and Security for WebSAMS B - 134
10. Version Upgrade Problem ( cont’d )
If database is running, execute the < 2. Start Database > again…
The following error will be prompted:
Sep 2015 Seminar on Server, Network and Security for WebSAMS B - 135
WebSAMS Helpdesk Scope
WebSAMS Application enquiry Modules maintenance General usage enquiries
WebSAMS Technical enquiry Focus on WebSAMS Application
Sep 2015 Seminar on Server, Network and Security for WebSAMS B - 136
Resources
WebSAMS Central Document Repository: http://cdr.websams.edb.gov.hk
WebSAMS System Manual: E:\Data\Doc\AOM E:\Data\Doc\COPM E:\Data\Doc\UM
WebSAMS Forum: WebSAMS Central Document Repository -> 主頁 > 網頁連結 > 香港教育城校管
系統討論區 or ; http://forum.hkedcity.net/forumdisplay.php?fid=71
WebSAMS Helpdesk: Hotline: 3125-8510 Fax: 3125-8999 E-mail: [email protected] Leave your School ID, contact person and contact number
Sep 2015 Seminar on Server, Network and Security for WebSAMS B - 139
Other FAQ sharing
1. Unable to access WebSAMS after WebSAMS server rebooted.
Ans: Suggest accessing the WebSAMS Training System.
If it works normally, user may wrongly start WebSAMS in “WebSAMS_T” folder. For production service, it should start WebSAMS in “WebSAMS” folder.
If it is still unable to access, suggest user to ensure there is no interruption on the command mode process on the server (Apache and JBoss). E.g. The process will be stopped if the mouse cursor has been dragged in the command window. In this case, the service can be resumed by right-clicking the mouse in the command window.
2. How to update the license of Trend Micro ServerProtect?
Ans: Suggest clicking “Update Information” button at left menu "Administration > Product Registration" after logged on Trend Micro ServerProtect web page.