Maintenance Period - Zimbra Outage

06/20/2017 5:00 pm
06/20/2017 10:00 pm
America/New York

During this maintenance period, there will be a Zimbra email and calendar outage.  The anticipated down time is from 5:00PM to 7:00PM, however, the official maintenance period can go as long as 10:00PM.  The Zimbra email and calendar service will be unavailable from all clients; including desktops, laptops, and mobile devices.

This maintenance period will also include replacement of legacy PKI certs, Windows and Linux patches, and the replacement of sm1 and sm2 with Postfix.  Please contact the IT Division Help Desk with any questions or concerns regarding this planned maintenance period.

UPDATE: Scratch Area Crashed

UPDATE:  As of 4:30PM today, the replacement area for /scratch is online.  If there are any issues accessing this area, please contact the IT Division Help Desk.  As referenced below, data from the /scratch area that crashed will not be migrated over to the replacement /scratch area.  If you have critical data that you need, please email helpdesk@jlab.org.

The /scratch area (\\jlabscr\scratch, smb://jlabscr/scratch) crashed this morning.  The IT Division is currently configuring a replacement area and working to determine why /scratch crashed.  As discussed on the JLab-CUE Directory Structure webpage, the /scratch area is not backed up.  Therefore, data from the /scratch area that crashed will not be migrated over to the replacement /scratch area.  If you have critical data that you need, please email helpdesk@jlab.org.  We will work to retrieve this data for you, but there is no guarantee.

WannaCry Ransomware

A twist on the cyber criminal's tool of choice to extort money from people has recently been detected. It is known as "Wannacry" and it is a particularly nasty form of ransomware. More details can be found in this news article, at:

Proofpoint Email Filtering System

JLAB's email filtering will be provided by ProofPoint starting May 1, 2017.  ProofPoint replaces WatchGuard.

JLab Server Certificate Renewals -- possible connection problems for browsers, subversion clients, etc.

A few months ago, TLS/SSL certificates for JLab internal web servers were renewed due to their imminent expiration. They are now (January/February 2017) being renewed again to upgrade them to use SHA2 Signatures, issued by our upgraded PKI. The use of SHA2 signatures for all end entity and intermediate certificates is required for all browsers and eventually other clients because the previous SHA1 signature algorithm has been effectively "broken" and is deprecated.

Automatic processes have already installed the new JLabCA root certificate on managed systems at JLab. This includes Windows domain members, Level I and II as well as "CUEified" Macs. The automated process installs the root certificate into the default locations on each platform (Windows, Linux and OS X) which makes it available to most applications on each platform, including Firefox/Thunderbird and the default Java JVM. For other applications which maintain their own key/certificate stores, users will need to install the new certificate manually.

Note that this change affects all JLab servers that use SSL/TLS, including those hosting subversion and other services. As a result, users may see warnings or failures to connect (depending on the configuration of the client application being used). To avoid these warnings, users must install the JLab PKI "root" certificate. Additional information regarding this issue and the root certificate and instructions for installing it are available at http://pki.jlab.org. As we transition all services to use these new certificates, client systems should install BOTH the new JLabCA root certificate as well as the legacy JLabWinCA root certificate.

Subversion Client Warnings

Several users have raised questions regarding the server certificates used on subversion servers recently. If the root Certificate is not installed in your subversion configuration, the subversion client generates a warning upon attempting to connect, and asks you if you wish to accept the certificate being used, either temporarily or permanently. To help you confirm that you are

Syndicate content