Rob McNicholas

IRIS website down for maintenance, May 18, 8-10am

May 18, 2014 by Rob McNicholas

The campus Oracle service will be patched this weekend, and so some EECS Services which depend on Oracle will be unavailable from 8am to 10am on May 18th. These include the IRIS website (including the Network and Roster applications) and ACG’s departmental applications.

Services should resume by 10am at the latest.

Details can be found at [the campus system status website](http://ucbsystems.org/?s=2954)

Resolved as of 2014-05-18 09:15:00

Department Mailing List Server reboot 11pm April 8

April 8, 2014 by Rob McNicholas

The Department’s mailing list server, lists.eecs, will be down briefly tonight for emergency patching. This is to patch the operating system against the [Heartbleed SSL vulnerability](http://heartbleed.com/).

It will be rebooted at 11pm on April 8 and should be back up by 11:30 at the latest. No mailing list messages will be distributed during this time but no messages will be lost.

Resolved as of 2014-04-08 23:30:00

Changes to EECS LDAP Access from off-campus

April 1, 2014 by Rob McNicholas

On Tuesday, April 1, 2014 IRIS will begin restricting access to the EECS LDAP directory server (`ldap.eecs.berkeley.edu`) from off-campus IP addresses. This will primarily affect people who use email programs such as Thunderbird, Outlook or Apple Mail that are configured to auto-complete email addresses from our directory. This will not affect people using the bMail web interface.

At this time, anonymous queries are allowed against the EECS LDAP directory, but searches are restricted to no more than 100 results. Unfortunately this configuration still allows an anonymous query to retrieve some details about a specific person, such as their email address, phone number or advisor. To mitigate this, after April 1 only authenticated queries will be allowed when coming from an off-campus IP address. For the purposes of this change, “off-campus” means an IP not in the any of the following ranges:

128.32.0.0/16
169.229.0.0/16
136.152.0.0/16
172.16.0.0/16
10.16.0.0/16

Those who need continued anonymous access to the directory from off-campus can use the [campus VPN](http://ist.berkeley.edu/node/591), which will give their off-campus machine a campus IP address. Those who need to run queries that return unlimited results can bind to the directory using their EECS credentials, or an “application” account can be created if needed.

We expect this change will affect a small number of people, but if you have any concerns or questions please contact the IRIS helpdesk at help@eecs.berkeley.edu.
[Read more…] about Changes to EECS LDAP Access from off-campus

Jabber server downtime Thursday 3/27 9pm

March 27, 2014 by Rob McNicholas

The department’s jabber server (jabber.eecs.berkeley.edu) will be down for maintenance Thursday March 27th beginning at 9pm. It should be back up no later than 10pm.

During this outage the operating system will be patched and the Openfire XMPP server will be upgraded to [version 3.9.1](http://www.igniterealtime.org/builds/openfire/docs/latest/changelog.html) from the current version of 3.8.2. More disk space will also be added to this virtual machine, and the SSL certificate for jabber.eecs will be modified to try to work around a bug in iChat. These extra tasks will likely stretch out the downtime to close to one hour.
[Read more…] about Jabber server downtime Thursday 3/27 9pm

Retiring SSLv2 on Department Websites

March 14, 2014 by Rob McNicholas

The SSLv2 protocol is considered insecure, and support for it will be removed from the Department’s webservers on Friday morning, March 14, 2014.

All modern web browsers support and prefer the SSLv3 or TLSv1 protocols, which are still supported, so no impact is expected.

Resolved as of 2014-03-14 09:21:00

Department jabber/xmpp server down

March 7, 2014 by Rob McNicholas

After routine maintenance this morning at 8am, the department’s jabber server would not restart. Staff are currently investigating the problem.
[Read more…] about Department jabber/xmpp server down

Department LDAP Upgrade, Thu Jan 16, 7am

January 15, 2014 by Rob McNicholas

On Thursday, January 16th at 7:00 AM, IRIS will be switching the department’s LDAP infrastructure over to our new OpenLDAP servers so that we can retire the old iPlanet servers.

This new system has been designed for high reliability, with two front-end proxy servers that are distributing the queries over a cluster of three back-end servers. The servers are distributed across Soda, Sutardja-Dai and Warren Halls.

For the most part we hope that this transition will be transparent, other than faster queries. However, there is one notable change to mention: We are taking this opportunity to retire the current separate LDAP password and instead passing all authentication through to our Windows Active Directory servers.

**Beginning Thursday, January 16th, 2014 at 7am, wherever you previously used your EECS LDAP password, you will now use your EECS Windows AD password. The current LDAP passwords will be archived and retired. The means you will have one less password to remember!**

Most people will not be affected by this change. But based on recent logs, any people who have been using their LDAP password will receive a second email notification after this with more information.

Here are the answers to some questions we are anticipating:

Q. What is my Windows password?

A. We can’t tell you what your password is, but your Windows password is the same password you use to login to a Windows workstation in EECS, map a network drive from an EECS fileserver, or authenticate to the EECS-Secure or EECS-Open wireless networks.

You can check now to see if you know your current Windows password by making a Remote Desktop Connection to winterm.eecs.berkeley.edu. Login as username@eecs.berkeley.edu to see if you know your password.

Q. I don’t know my Windows password. How do I reset it?

A. Please visit the helpdesk in 395 Cory with a picture ID.

If you are off-campus and cannot come in person, send an email to help@eecs.berkeley.edu and we will send you a special link where you can change your password.

Please direct any other questions to IRIS at help@eecs.berkeley.edu.
[Read more…] about Department LDAP Upgrade, Thu Jan 16, 7am

IT Support During Winter 2013 Energy Curtailment

December 19, 2013 by Rob McNicholas

Due to the Winter Holiday, Energy Curtailment, and New Year’s Holidays, the Berkeley campus is officially closed for the period Tuesday, December 24 to Wednesday, January 1st, reopening on Thursday, January 2, 2014. Additionally, many staff are expected to be out until Monday, January 6th.

All departmental computing servers will remain on and should be available during the break, but there will be no staff on site to provide any computing support or handle any requests. Automatic monitoring systems will alert staff to critical infrastructure problems, and any such problems will be dealt with on a best-effort basis. IRIS staff will be taking advantage of the holiday to do maintenance on some systems which will result in scattered outages, but any such downtime will be separately announced and posted on the IRIS website.

The IRIS Helpdesk will be closed beginning Monday December 23 at noon, and will reopen on Monday January 6. Problem reports can be left on the Helpdesk voice mail (510-642-7777) or emailed to help@eecs, but staff may not receive or reply to these messages until January 6.

Requests for new IRIS accounts that are received after 3pm December 20 will be processed on January 6, 2014.

During the break, Instructional labs will be locked, but the main servers will remain online (imail.eecs, inst.eecs, cory.eecs, c199.eecs and fileservice.eecs). Instructional support staff will occasionally monitor inst@eecs email over the break. If you are unable to contact inst@eecs, you can leave a message at 510-643-6141. Please be aware, though, that staff may not be able to respond or reply to messages until January 2.

We recommend that all desktop computers be shutdown during the Energy Curtailment Period. If your Windows computer needs to stay on during the break, we recommend that you check with your system administrator to ensure that Automatic Updates are enabled with the option “Automatically download the updates and install them on the schedule that I specify” with a daily update schedule.

Computing support staff will be monitoring their email when possible, so please use standard email addresses to report any urgent problems. As a reminder:

* Instructional Computing Environment: inst@eecs
* Research / Staff Computing Environment: help@eecs

Enjoy your holiday break!

SSL Certificate Updates for Department Web Servers Dec 12, 6pm

December 12, 2013 by Rob McNicholas

New SSL certificates will be installed on the Department web server (www.eecs.berkeley.edu & www.cs.berkeley.edu), the Department Mailing List server (lists.eecs.berkeley.edu), and the IRIS web server (iris.eecs.berkeley.edu) on Dec 12 beginning at 6pm. Each server will experience an outage of a few seconds while its certificate is replaced and the server restarted.

These new certificates will be valid until December, 2016.

Resolved as of 2013-12-12 18:30:00

jabber.eecs down for SSL Cert Upgrade, Dec 11 6pm-7pm

December 11, 2013 by Rob McNicholas

The Department’s Jabber/XMPP server, jabber.eecs.berkeley.edu, will have a new SSL certificate installed Dec 11th at 6pm. A service outage of 1 hour is being scheduled for this work, though we hope the actual downtime be be much shorter.
[Read more…] about jabber.eecs down for SSL Cert Upgrade, Dec 11 6pm-7pm