Skip to main content
Sign In |
  Help (new window)
Wazo, LLC Company Logo

Wazo, LLC Network Administrators Blog

Go Search
Home
  

 blog.wazollc.com
Other Blogs
DSLReports.com
Technical challenges, neat tricks, and best practices from the Network Administrator of Wazo, LLC.

3/13/2009

Dell IT Assistant Unable to Update Your Linux Servers?
If like me you manage a lot of Dell servers, IT Assistant can be a godsend (if somewhat clunky). As I installed and started to play with the features, I noticed I was unable to deploy updates to my Linux machines. The tasks would immediately fail with the following error:
 
File deploy command failed to execute with error message: The server's host key is not cached in the registry. The system may not be the same.
 
As I investigated, I noticed that most of the OpenManage processes were running as SYSTEM (or the LOCAL SYSTEM account). Therefore, if I used plink to cache the Linux server SSH keys in the registry of the Administrator, the IT Assistant process can't find them. Ah ha!
 
Luckily, there are two methods to solve this. The first method I'll provide will allow you to cache the SSH keys in the registry of the LOCAL SYSTEM account, the second (and recommended) method will make the OpenManage IT Assistant processes run under the Administrator account.

 
Method 1: (Dangerous)
 
To cache the keys in the registry of the Local System account, you'll need to download and install the PSTools from Microsoft, located here. We're after psexec.exe.
 
After you download and extract the tools, open a cmd prompt, navigate to the pstools extraction folder and run the following command:
 
psexec.exe -s cmd.exe
 
To verify it worked, type whoami and you should see nt authority\system listed.
 
WARNING: You can do SERIOUS, IRREVERSIBLE damage to your system when logged in as this account. Do not delete or create any files.
 
Navigate to the folder where you installed the OpenManage IT Assistant - it's usually in C:\Program Files\Dell\SysMgt\ITAssistant\bin - and use plink.exe to cache each SSH host key in the registry.
 
Example:
 
C:\Program Files\Dell\SysMgt\ITAssistant\bin>plink.exe root@192.168.1.1
 
The server's host key is not cached in the registry. You have no guarantee that the server is the computer you think it is.
 
The server's rsa2 key fingerprint is: ssh-rsa 2048 ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff
 
If you trust this host, enter "y" to add the key to PuTTY's cache and carry on connecting. If you want to carry on connecting just once, without adding the key to the cache, enter "n". If you do not trust this host, press Return to abandon the connection.
 
Store key in cache? (y/n) y

Once you're done adding all your SSH host keys, type exit to leave the LOCAL SYSTEM user's shell.
 
 
Method 2: (Preferred)
 
Using this method, we will simply change the service account that one of the IT Assistant processes runs under. Once we force the service to run as the Administrator account, we can then cache the SSH host keys into the registry of the Administrator rather than the LOCAL SYSTEM account.
 
To do this, start by closing any browser sessions you have open to the IT Assistant interface. Then, open the Administrative Tools - Services MMC and find the DSM IT Assistant Connection Service and double-click on it.
 
Select the This Account radio button and type in Administrator - then verify the password twice. Click apply, ok, and then right-click on the service and restart it.
 
Now, simply follow the plink.exe example above to cache all your Linux server SSH host keys in to the registry and you're done.
 
 
That's it! Good luck and happy updating!
 
 
Posted at 7:54 AM by mevans | Category: Linux / Windows Integration | Permalink | DiggIt! | Email this Post | Comments (0)

12/4/2008

Motorola Q9c and Vista Sync Center Troubles?
I have a Verizon Motorola Q9c and I recently updated it to Windows Mobile 6.1, however, I noticed that it was no longer recognized by the Sync Center in Vista 64-bit nor 32-bit. Odd.
 
How do you fix this? Simple, do the following:
 
On your Q9c choose Start -> Settings -> USB to PC, uncheck Enable advanced network functionality, click Done. Then connect your phone to your computer and let Vista install the Microsoft USB Sync driver.
 
You now need to run Windows Update and let it install the updated Microsoft Corporation - Other hardware - Microsoft USB Sync driver. After this, you should get a few prompts to accept the license agreements for the Sync Center and your device should be recognized.
 
According to the Motorola Q9c manual, page 57, disabling the Advanced Network Functionality forces the device to use a serial USB connection. So no actual functionality is lost, but, I don't want to leave it like this. So, let's get Vista to recognize our device in advanced mode.
 
So, re-enable the advanced network functionality by re-checking the box. Allow Vista to re-detect the device (I heard 3 USB sound notifications) and then run Windows Update and tell it to Check for Updates once again.
 
You should have a new driver ready for download: Microsoft Corporation - Networking - Microsoft Windows Mobile Remote Adapter. Install this driver, wait for Windows to automatically disconnect/re-connect your USB phone and it should not show up in the Sync Center as your Q9c.
 

Motorola Q9c Sync Center

Posted at 12:01 PM by mevans | Category: Neat Tricks | Permalink | DiggIt! | Email this Post | Comments (0)

4/2/2008

pfSense Transparent Bridge
A client I work for needed a new firewall solution, but didn't want to break the bank. A few requirements were the ability to have the firewall bridge transparently to allow public IP addressing behind the device - 1:1 NAT wasn't an option for various reasons - traffic graphing, and preferrably have an intrusion detection system.
 
Luckily, pfSense, a firewall built upon m0n0wall and BSD, fit the bill perfectly. It has the ability to bridge transparently, has an automated package system which can be used to install the Snort IDS, and has a built in RRDTool graphing for network traffic and system load.
 
Unfortunately, I ran into a few gotchas when installing pfSense in transparent bridge mode and thought I'd document them here for internet posterity.
 
  1. Follow the PDF at pfsense.trendchiller.com
  2. Note the following:
    1. Make sure to use a different IP on the LAN side. It doesn't matter what IP, as it's never used.
    2. Create a firewall rule to allow web management. Create a WAN rule with a destination of the WAN Address and a port of 80 HTTP.
    3. Connect the WAN port to your ISP and the LAN port to your LAN. This seems obvious, but routing doesn't start right away, so you may think you have it hooked up incorrectly.
    4. Don't use the pfSense box as your gateway! Use the gateway of your ISP.
    5. Install the Dashboard package. You'll thank me later.

Happy pfSense'ing!

 
Posted at 7:15 PM by mevans | Category: Network Best Practices | Permalink | DiggIt! | Email this Post | Comments (0)

3/21/2008

Dell DRAC5 and Firefox on Linux
I manage a lot of Dell servers and I absolutely love the Dell Remote Access cards, affectionately known as DRAC. The problem is, I have a lot of DRAC5 cards which use an XPI plugin for Firefox, but the plugin won't seem to install automatically on Linux.
 
So, here's how to manually install the plugin for remote video and remote disk mounting capabilities on Ubuntu 7.10. This is likely applicable to other Linux distributions as well.
 
 
  1. Log into your DRAC5 card as normal.
  2. Paste this link into the address bar, overwriting what is currently there: https://YOUR_DRAC_IP/plugins/ (be sure to include the trailing slash!)
  3. Download the .xpi files from both the vkvm and vm directories.
  4. Extract the .xpi files to temporary folders.
  5. Open a Terminal, and navigate to /usr/lib/firefox/plugins
  6. Copy the .so files from each extracted folder into this directory.
  7. Copy the "videoviewer" folder and all subfolders into the plugins directory. (cp -R)
  8. Navigate to the videoviewer folder and make both .sh scripts executable by everyone, along with the "videoviewer" file.
  9. Navigate to /usr/lib/firefox/components
  10. Copy the .xpt files from the extracted directories to this folder.

Now, navigate to your DRAC5 in Firefox and bask in your remote server management capabilities!

Posted at 3:08 PM by mevans | Category: Linux / Windows Integration | Permalink | DiggIt! | Email this Post | Comments (0)

1/2/2008

Automated PDF Icon for SharePoint Services 3.0 64-bit
As of SharePoint Services 3.0, Microsoft still hasn't included an icon for PDF documents. They offer a nice KB Article (837849) on how to add one, but they don't provide the icon itself. So, without further ado, here is an automated batch file to add the icon to SharePoint Services 3.0 64-bit.
 
NOTE: This should work on SharePoint Services 3.0, however, I don't have a 32-bit platform to verify.
 
This batch file was based upon the MS KB Article and the excellent write-up by MS MVP Chad Gross.
Posted at 12:26 PM by mevans | Category: Neat Tricks | Permalink | DiggIt! | Email this Post | Comments (0)

12/10/2007

Arcserve and Broadcom TOE
After upgrading one of our Dell PowerEdge 1950 servers to the latest Broadcom drivers, and installing the Broadcom Advanced Control Suite 2 (BACS), I started having issues with our nightly Arcserve r11.5 backups. Our server would drop offline, CPU usage would spike to 50%, all disk activity would stop, and the server would effectively drop off the face of the earth for 6-7 minutes, then recover like nothing had happened.
 
Our Arcserve Job Log reported the following error:
E3392
Backup server TCP reconnection timeout.
Not a lot to go on, but at least a start. While investigating, I noticed the BACS2 had the TCP Offload Engine (TOE) enabled and it was licensed for 1024 connections. I knew the backup wasn't using more than 1024 simultaneous connections and we had several other PowerEdge 1950 servers that were running backups just fine - but they didn't ship with TOE enabled!
 
Ah ha, now we're on to something. A quick Google search revealed several posts detailing problems with Windows 2003 SP1+ and TOE, especially the PowerEdge 195x series of servers. The recommendation of everyone?
 
Simply disable it.
 
So, without further ado, here is how you disable TOE on a Windows 2003 SP2 server, with the Broadcom Advanced Control Suite 2 installed via software.
 
Note: You can also remove an internal hardware key to disable it, but I hate going to the data center at 11PM at night. Here's a post that has a couple pictures of what the TOE hardware key looks like in case you'd rather take that approach.
 
  1. Open a command prompt and disable the TCP Offload Engine in the Windows 2003 SP2 TCP stack using the following command:
      1. Click the link for the Microsoft KB Article.
  2. Open the BACS2 and disable TOE:
    1. Start -> All Programs -> Broadcom Advanced Control Suite 2
    2. Select the adapter you wish to disable TOE on.
    3. Scroll over until you see the Resource Reservations tab:
      1. Highlight TCP Offload Engine
      2. Click Configure
      3. Check and Deselect the TCP Offload Engine under the NDIS section.
        1. You should see the bar at the top go from 83% to 0%.
    4. Click Apply - this will disconnect all network sessions for a few seconds.
    5. After you've disabled it on each adapter, click OK.
  3. Reboot your server.

You may only need to use the Netsh command to disable it, as upon reboot you can not re-enable TOE through the BACS2 - all the options are greyed out.

Good luck!

Posted at 11:30 PM by mevans | Category: Neat Tricks | Permalink | DiggIt! | Email this Post | Comments (0)

11/26/2007

Share your iTunes Library Across Multiple Computers
I have a fairly extensive iTunes library that I've built up over the years and I listen to it across multiple devices - my laptop, a desktop computer or two, and of course my iPod.
 
I have been frustrated with the "music sharing" experience built into iTunes, so I decided to move everything to my home server as a central repository for my iTunes music that can be shared, accessed, and kept up-to-date by any computer. This will allow me to purchase a song on any of my authorized devices and have it immediately available to any of my other devices with no manual intervention. Slick.
 
This How-To will be based on a central Windows network share. It can be on a server, it can be a Linux Samba share, or you can simply share out the iTunes folder (the folder that contains your .itl file) on your main computer. The process should be pretty much identical, just alter the process below as necessary.
 
 
The first thing to do is create your network share. I created a folder on my home server called Share, and shared it as Media. I don't like simple file sharing, but if you use it, simply share it and make sure to check "Allow network users to change files". If you don't use simple file sharing, make sure to create a username/password combination that matches the machine you'll be using to access the share.
 
For example:
  • My desktop and laptop both have a username of Matt and a password of supersecret.
  • On the machine where the share is located, create a username of Matt and set the password as supersecret.

This isn't 100% necessary, but barring running an Active Directory domain at home, I find this the easiest way to manage my network usernames/passwords.

When you create the share, make sure to give the username you created full control under Sharing, as well as Security.

 

Sharing Properties

Security Properties


As you can see, the user Matt has Full Control under both the Sharing and Security tabs. Windows will default to the lesser of the two permissions, so make sure they are the same. Full Control is required so the user can update the .itl file and add/remove music.

On your desktop computer, rename your iTunes directory. I chose iTunes-bak. We'll remove this folder later, but you'll need it now. The folder is likely in My Documents\iTunes.

Create a drive mapping to the new share. I chose M: for Media. Just right click on My Network Places and choose Map Network Drive. From there, choose M: and in the box below that, type \\server-name\sharename. If your username/password combo is the same, everything should be mapped once you click OK. If not, you may be prompted for a username/password to access the share.

Now, let's point iTunes to the new central music share:

Single click on iTunes, hold the shift-key down and then double-click on iTunes to open it. You should see the following dialog:


 

Choose iTunes Library



Click Choose Library ... and point it to your previously mapped drive.

Once iTunes is open, it will be empty. Don't freak out! Your music is still safe. What we want to do, is open the iTunes folder we renamed earlier, open the iTunes Music subfolder, select all the folders (CTRL+A) and then drag and drop them onto the empty iTunes folder window. This will start a file copy.
 

Note: Make sure you've configured iTunes to copy any new music to your iTunes folder when you add them to your library.

iTunes Options



Once the file copy finishes and iTunes finishes analyzing the files, you should see all your music populated under the iTunes Music tab.

Don't worry, the hard part is over!

Now, on any other devices you wish to connect, simply map the drive exactly as you did above, do the shift+double-click trick and point iTunes to your new library!
 
If you want to access this share across the internet, install Hamachi or your favorite VPN software to connect back to your home network and voila, now you can access your iTunes folder from any WiFi hotspot as well.
 
  • Some parts of this article should be credited to LifeHacker. They provided the final piece of this puzzle for me which was dragging and dropping the old iTunes folder into iTunes to create a new library on the share. Thanks guys!

 

Posted at 12:36 PM by mevans | Category: Neat Tricks | Permalink | DiggIt! | Email this Post | Comments (0)

11/7/2007

Linux and Exchange 2007
In my quest to migrate at least one of my machines to Linux full-time, there were a couple of "must-haves" that I simply, well, must have. The main one being a real email client for managing my work email.
 
The client I work for, Alpha Theory, uses an Exchange 2007 server, so my Linux Email Client options are limited at best. The Evolution-Exchange connector won't work with Exchange 2007, so I'm left with POP3 and IMAP. I decided to go the IMAP route so all my mail will remain on the server, still accessible via Outlook Web Access and my desktop machine's Outllok client.
 
Since I don't want to open IMAP to the Internet via the firewall, I'll connect to it via our corporate VPN connection.
 

First, make sure the IMAP service is running and configured to start Automatically. The second thing we need to do is enable Exchange 2007 IMAP plain-text authentication. To do this, open the Exchange Management Shell and type the following commands:
 
  1. Set-IMAPSettings -LoginType PlainTextLogin
  2. restart-service -service msExchangeIMAP4

Now, simply open Evolution (or your favorite Linux email client with IMAP support) and configure it as you normally would for any other IMAP server.

Keep in mind, you'll likely need to use the INTERNAL FQDN or IP address of your Exchange 2007 server, rather than the external FQDN or IP address if you are connection over a VPN. I used the private internal IP address of our Exchange 2007 server during the configuration of Evolution with no problem whatsosever.

Posted at 2:05 PM by mevans | Category: Linux / Windows Integration | Permalink | DiggIt! | Email this Post | Comments (0)

10/22/2007

Installing Linux over the Internet from Windows
In my post yesterday titled OpenSUSE 10.3 and Microsoft PPTP VPN I noted I installed OpenSUSE 10.3 on my desktop computer in a dual-boot configuration with Windows XP. What I didn't mention is that I tend to do these projects late at night (what geek doesn't?) and I unfortunately found out I was not only out of blank DVDs, but blank CDs as well. After trying unsuccessfully for several hours to make various install images work off my USB key, I decided to heck with it and I'd just configure a PXE server on my laptop and PXE boot my desktop with a Linux install image.
 
It was while searching for the OpenSUSE 10.3 PXE boot image that I cam across this gem, Unetbootin (You Net Boot Install?). You run this program from within Windows and it adds an entry to your Windows boot menu which allows you to perform an Internet installation of Ubuntu, OpenSUSE, Debian, Fedora, Mandriva, or Arch Linux.
 
Check it out, good stuff.
Posted at 6:25 PM by mevans | Category: Linux / Windows Integration | Permalink | DiggIt! | Email this Post | Comments (0)

10/21/2007

OpenSUSE 10.3 and Microsoft PPTP VPN
I recently decided it was time to assemble a desktop computer again as I am starting to reach the limitations of my Thinkpad T60's screen and horsepower and in the process, set up a nice dual-boot WinXP/Linux machine.
 
I definitely wanted a RAID-0 configuration for speed, however I cannot use Linux LVM to create the array because of the dual-boot with WinXP requirement, so I'm stuck using the onboard nVidia RAID (nvraid) implementation. This would severely limit the distributions I am able to use. Fedora Core 7 would install but then not boot, Ubuntu 7.10 wouldn't see the array at all unless I loaded dmraid but then gParted wiped the partition table destroying everything in the process, so I was left with OpenSUSE which I heard had great nvraid support ... and I wasn't disappointed. I chose OpenSUSE 10.3 and I was pleasantly reminded why I always end up back with Suse, everything I need to do seems to work pretty much out of the box.
 
The one issue I ran into was creating a Point-to-Point Tunneling Protocol (Wiki: PPtP) connection to our work Microsoft VPN server. I followed all the HOW-TO guides I could find for vpnc and pptpconfig but nothing seemed to work. I eventually heard about network-manager-pptp for Ubuntu and ran across this entry in the Novell Bugzilla database with a link to a compiled network-manager-pptp rpm for Suse 10.2. I'm running 10.3, but I figured 'Why not?' I can always uninstall the rpm if it doesn't work.
 
So, without further ado, here's how I pulled it all together:
 
  1. Download and install the network-manager-pptp rpm from this link.
  2. Install it as root using rpm -ivh NetworkManager-pptp-0.6.3.cvs20060819-16.1.i586.rpm
  3. Log out and back on to restart network-manager.
  4. Click on the network-manager icon, choose VPN Connections, Configure VPN, + Add
  5. On the "Choose which type ..." screen, hit the drop-down and choose PPTP Tunnel.
  6. Connection Tab:
    1. For Type, make sure to choose "Windows VPN (PPTP)"
    2. For Gateway, put your VPN Endpoint IP Address
  7. Authentication Tab:
    1. Check Refuse EAP
    2. Check Refuse CHAP
  8. Compression & Encryption Tab:
    1. Check Require MPPE encryption
    2. Uncheck Require 128 bit MPPE encryption
  9. Optional Routing Tab:
    1. I only want to send traffic for servers on the VPN across the VPN connection, so check Only use VPN connection for these addresses and input your subnet.
  10. That's it! Just click on the network-manager icon, choose VPN Connections and then the entry you just created.
Posted at 8:58 AM by mevans | Category: Linux / Windows Integration | Permalink | DiggIt! | Email this Post | Comments (0)
1 - 10 Next

 ‭(Hidden)‬ Admin Links