[SATLUG] APC UPS and monitoring software

Don Wright wmail at wricomp.com
Tue Aug 16 19:40:21 CDT 2005 

This just in on the NT BugTraq list. Seems APC is getting a lot
of publicity about this. Glad I'm on Tripp-Lite.  --Don

-----Original Message-----
From: Windows NTBugtraq Mailing List
[mailto:NTBUGTRAQ at LISTSERV.NTBUGTRAQ.COM] On Behalf Of Michael
Banjac
Sent: Friday, August 12, 2005 2:02 AM
To: NTBUGTRAQ at LISTSERV.NTBUGTRAQ.COM
Subject: APC Powerchute software - expired Java Runtime
certificate has
detrimental effect on Win2k / Win2k3 and SBS Servers


This week, we were baffled by a significant number of our managed
client servers falling like dominos, each one exhibiting the same
symptoms. Essentially, the consoles were dead or dead
slow....couldn't open control panel or network properties,
explorer was crashing (no desktop), IE was non responsive.
Restart the server and the exact same symptoms reappear.
Accessing the admin console across the network via RDP made
no difference.  At first sight, we were reasonably confident that
the Server had been hijacked or hit by a virus.
 
Antivirus/antispam applications on each affected server were
completely up to date and had detected nothing. We wasted hours
scanning drives and searching for the problem through virus and
adware forums. It was only by chance that one of our engineers
noticed that there was a service that was still "starting".  Once
we eventually managed to change the service to manual startup and
reboot the server, it was as happy as a lamb again.
 
Researching this further, we discovered that the services in
question belonged to APC PowerChute Business Edition, in
particular version 6.x. We now know that this version contains a
Time Bomb (of sorts) that manages to cripple the server it's
installed on.  The problem is apparently related to a Sun Java
Runtime Environment certificate contained within the software
which was set to expire on the 27th July 2005.  Even though this
date had passed with no effect for many, once their servers were
next restarted, the problem appeared.  We could see that the
processes themselves were loaded into memory but the services
were still showing as "starting".

Once convinced that disabling the services would resolve the
issue, we approached our remaining clients and performed the fix
as a precautionary measure.
 
There is a posting on the APC site which describes this problem
in some detail although they fall short of admitting that it
affects servers as badly as actually does.  They mention that the
software must be upgraded to version 7 to avoid future problems.
 
http://nam-en.apc.com/cgi-bin/nam_e...hp?p_faqid=7202
<http://nam-en.apc.com/cgi-bin/nam_e...hp?p_faqid=7202> 

After the hours we wasted, I was livid that APC knew of this and
didn't report it to their Distribution chain in the form of an
alert so that it could be addressed prior to becoming a major
issue.  In the end, all that was required is a simple software
upgrade to avoid this fracas.
 
Hopefully, this post will help some of you intercept and avoid
this mind numbing, time wasting exercise.
 
Regards,
 
Mike Banjac
Genesis Business Machines
Adelaide, South Australia

More information about the SATLUG mailing list