03-10-2010 05:05 PM
03-11-2010 07:34 AM
If the "By Character" field is empty, put in Mordac.
04-23-2010 07:02 AM
Okay, just an update on this one. Still not solved, but made some headway. I was able to trace the timing of one remote office user's changes not being sent to the host to 30 minutes after they installed a malware removal/protection tool called MWBytes. Further investigation revealed that the user had some malware issues, so our Helpdesk installed MWBytes, and ran a program called ComboFix to correct things.
So, I infected a spare PC with some malware called "XP Security Center" (has various names). After infected, the computer had no problems sending files to the host. The malware was not the problem. Then I ran ComboFix. As soon as ComboFix was run, the PC stopped sending the queue files. I retested on another spare machine and again, running ComboFix caused the issue. Since both ComboFix and SLXSystem are black boxes, I can't really find what ComboFix changed that would cause the issue. Looking at what it quarantined, nothing is there that should affect SLXSystem.
There are no other known networking issues caused when after I ran ComboFix. Regardless, I ran some utilities to fix Reg entries, fix TCP/IP issues, re-installed windows system files, and still the files are not moving. When I get a resolution, I will post it, but in the mean time, if you have run ComboFix on a network user's PC, you might want to check the QUEUEFiles folder to ensure you don't have the same issue.
Yes, we are going to re-image anyway, but curiousity moves me on.
04-23-2010 09:14 AM
This is interesting... I know that older versions of SLX LAN Network client will error and refuse to run if they don't have write access to the logging folder. Is that not also true with 7.2+ ?
I could see SLX logging activity raising a red flag for anti-malware monitoring software - this is the sort of thing spyware might do. But I would think that preventing SLX from writing log files would cause SLX Client to stop working (unless the anti-malware ap just deletes the files after they are written).
Can ComboFix be configured to ignore suspicious activity from selected applications?
04-23-2010 09:19 AM
04-23-2010 09:35 AM
I did get a little kick out of this.. our helpdesk ran the ComboFix utility, and then once SLX had problems declared it a SalesLogix issue and refused to provide any assistance whatsoever on the resolution even though it was something in regards to the PC that had changed and not directly a SalesLogix application issue.
So, I did some research into ComboFix. It is a freeware utility that runs in a cmd window and comes with lots of dire warnings about not to use it unless you understand everything about it. Beyond that, I can't find any information on exacty what it does. It comes compiled with no help files, etc. There is nothing to configure. You just launch it. It runs through ..... maybe 80 or so steps, but doesn't tell you anything about what each step is.
It creates some logs, but they are not very verbose and don't log what is actually changed. Even the log files are cryptic, and there seems to be nothing on the internet that explains what each section means. Yet, there are a couple user groups that seem to recommend it a lot (MajorGeeks, BleepingComputer..). Yet posting there, I didn't get anything except a "Not really sure how to help.".
The weird thing is that I can ping the server from the affected machine, and can even get a telnet connection to the server and port 1706 from the affected machine, so it doesn't seem to be a problem with communications. Also, Sage Support tells me that SLXSystem looks for exclusive access to the file before it will process them, but I can move, rename, and delete any of the files without any issue so can't see that any other process has a hold on them.
Hmmm.... just noticed something I need to check though....
04-23-2010 09:52 AM
04-23-2010 10:04 AM
I noticed that Sage sent me the following as part of an explanation of how the entire proces works...
Qts file transport logic Client:
1) SlxSystem starts a thread to monitor the queuefiles folder. By default the queuefiles folder is located at \Documents and Settings\All Users\Application Data\SalesLogix\Sync\QUEUEFiles. This location can be modified in the registry setting: KEY_LOCAL_MACHINE\SOFTWARE\SalesLogix\PathManager => SyncQueueFilesPath.
The key didn't exist, so I added it, and made C:\temp\QUEUEFiles\ the default folder, and restarted the SLXSystem service. The Queue files did make it to the new folder, but still don't move.
Thanks for the response Tom. I will see about using the tools you mention.