Archive for the ‘Management’ Category

How to: Install APF (advanced policy firewall) for Linux

Wednesday, March 9th, 2011

 

This article explains how to quickly install and configure APF (Advanced Policy Firewall) for Linux.

(more…)

Samsung Instinct for the System Administrator

Friday, June 20th, 2008

I’m fairly hard on my tools and lets face it for a system administrator a  Cell Phone is one of the most important tools in the bag. Recently I took the dive and replaced my Palm Centro with a Samsung Instinct here are all the juicy details.

instinct

The Samsung Instinct is obviously Sprint’s answer to the iPhone, everything about it screams style and flair and at for the price it seems unbeatable for the average consumer, but what about for system administrators and network engineers who need a good stable phone, a compatible browser, and the ability to get corporate e-mail?

Email

First, you can connect to Exchange with the Samsung Instinct (sort of). Unlike the Blackberry and Palm (and pretty much any other SmartPhone brand) you can connect using the e-mail client directly, the Instinct requires trickery of some sort to function. You have two (well three, but one is redundant) options for utilizing exchange. One option is using the e-mail client to connect to Outlook Web Access (OWA) I will be honest while I have been able to connect to OWA using the Instinct’s own browser, I have not yet been able to connect to OWA using the e-mail client. The e-mail client continually prompts me to authenticate and then locks me out for thirty minutes (this is tremendously annoying considering how long it will likely take some folks to get used to the virtual keyboard).

The second option is to install a ‘Desktop Connector’ which simply sinks its teeth into your domain account and copies mail content from Exchange to your ‘Sprint service account’ all the way to your phone. There are a few issues with the Desktop Connector method – A) It must be running on your PC constantly in order for you to receive e-mail at your device B) there seems to be many possible points of failure along the path. i.e. the Desktop Connector could fail, the sprint service could fail, etc etc… C) What are the security implications of this software?

So far I have been using the "Desktop Connector" method for a couple of days and it has been delivering me annoying Nagios alerts like a champ.

There is no public folder support whatsoever, from what I can tell there is no way to get your personal contacts or calendar. I would strongly plead with Samsung or a 3rd party application developer to release a mail client which has support for VPN and native Exchange connectivity/functionality.

Keyboard

I was able to fire off an angry e-mail in about half the time with the virtual keyboard than I was with the tiny Centro keyboard so the keyboard apparently works fine.

Browser

The browser is fast, has support for javascript (as I mentioned previously it works fine with OWA), the HTML engine appears to be compatible with many more sites than Palm’s dated Blazer engine (ahem, wikipedia..)

Other notes

Call quality is fine, bluetooth synced up to the 2008 Honda hands free just fine. Navigation is pretty cool.

Verdict

With all of the bells and whistles of a digital camera, a PMP, Sprint’s TV, the nerd ‘wow factor’ its incredible styling and the price tag of $129 (or $459 depending on who you are) it is difficult to go wrong as a consumer but If perfect Exchange support is important to you look elsewhere or wait and see. If IMAP or OWA is all you need than this may be the perfect phone for you.

-Drew

Review: Adder IPEPS KVM/IP

Thursday, February 28th, 2008

Remote management technologies are not exactly the sexiest part of being in I.T, unfortunately it is a very critical part of any system administrator’s toolkit. We take a brief look at the IPEPS KVM/IP by the United Kingdom’s Adder.

Product: Adder IPEPS single-port KVM $399

IP kVM (keyboard, video, mouse accessible remotely via IP) is not aAL-IPEPS_P   new technology. For years companies such as Avocent, Adder, Rose, and Lantronix have been creating these handy tools for years. Many of the older solutions are multi-port, multi-user units which usually offer 16 ports (16 hosts) but only up to 4 could be used at a time. This limitation made the multi-host switches slightly annoying.

Recently, more and more single host, single user KVM-IP products have been released upon the world. Today we are looking at the Adder IPEPS. The Adder IPEPS is a single host KVM-IP unit which comes in two flavors. The first is a single port KVM/IP with no local access, the second is a single host KVM/IP unit with remote and local access. (Meaning you can connect remotely and directly with a keyboard, monitor, and mouse.

The benefit of using a single-KVM unit vs. a multi-port KVM unit may not be immediately apparent until you think about cabling, also having 16 ports and only 4 users seems like a pretty poor technical decision on part of the KVM manufacturer. Apparently for every simultaneous remote user the vendor has to include an additional card/chip. The fact that buying 16 IPEPS is only slightly more expensive than a competing brand’s 16 port KVM gives single KVM-IP units a leg up in a competitive market.

I tested the single-user, remote only version of the product.

The setup process is fairly straightforward, for some reason the unit I purchased wasn’t actually "put together" entirely, you actually have to put the face on the unit yourself. this could be incase you need to rack mount the device, I found it very odd however. After you attach the faceplate you simply connect the unit to your PC with a crossover-cable or an Ethernet switch. After changing your PC’s IP address so that it matches the same subnet of the IPEPS (The IPEPS by default is 192.168.1.42/24) you can either connect to the IPEPS with any VNC viewer. If you do not have a VNC viewer, Adder has integrated a Java/web version of RealVNC which will get you going in no time.

After connecting to the unit, the configuration is very straightforward. You simply set the IP Address, change the password/create users. The setup literally takes 10 minutes on a new unit.

Using the Adder IPEPS is quick and easy, you simply connect either the USB keyboard/mouse or PS2 keyboard/mouse to the target host. The nice thing is the IPEPS doesn’t require an external power supply. Once you connect it to a host you simply access the unit via the IP Address you assigned during the initial configuration and viola you have the console on the remote host (You can now go on vacation for a change).

The fact that you can use VNC to connect to the remote session is a great benefit. Some of the older KVM-IP units have ridiculously awkward requirements. An older one that I used requires IE 6 or lower and ActiveX to be enabled in order for you to be able to use it. VNC viewers are readily available for BSD, Linux, MacOS, and Windows

We noticed a few problems and quirks with the IPEPS which were slightly annoying. Occasionally when connecting to the unit remotely when it is connected to a Linux (Redhat 5) results in very awkward keyboard behavior. You press a key a single time and you get anywhere from 2-15 copies of that keystroke remotely, as you can imagine this gets annoying. Aside from the key repeating problem using the remote viewer when attached to a Windows server occasionally results in mouse synchronization problems, although for the most part it works fine.

Another note is that it would have been incredibly useful had Adder included a second NIC which could be used as a pass-through for the remote host. As it stands you must have an Ethernet cable connected to both the Host NIC and the IPEPS NIC. It would have been incredible if you only needed a single Ethernet cable for both.

Overall the Adder IPEPS KVM-IP unit offers convenience, functionality, and value priced at around $375 (USD) With only a few minor problems.

Installation: Quick and easy, takes less than 5 minutes, cabling could be made easier if Adder included a second NIC on the IPEPS for network pass-through.

Ease of Use: Very easy to use, the inclusion of VNC and VNC/Java makes it very unlikely that you will find a PC that cannot connect to it.

Reliability: Fairly reliable however there are some quirks (repeated keystrokes and mouse synchronization issues)

Score: 7/10

-Drew

0x0000007B Windows and VMWare

Tuesday, February 19th, 2008

You’ve just converted a physical 64 bit Windows server or workstation to a VM using VMWare converter. You’re excited because you’re rebooting for the first time when, OH SNAP blue screen! If you’re one of the (probably two, maybe 3) people like me who have been struck by this issue you are not alone, I am here to help!

First it is important to make sure that we are referring to the same issue.

-You have converted a physical 64 bit Windows machine to a VM using VMWare.
-You have started the Virtual Machine in VMWare Server
-The Virtual Machine is continually giving you the blue screen of death with “0x0000007B”

If you answered yes to the previous questions than we’re going to turn the blue screen of death, into the blue screen of life my friends.

Its your lucky day!

The only reason I wrote this article is because I had this exact same issue in this exact same scenario, and it literally took me a week to get it resolved.

So now you benefit from my malaise.

Before we begin, I would like to stress how not responsible I am if you lose data, or if something goes a little awry and something doesn’t work out for you because of this guide, and besides I did my best and its not nice to pick on people who are really trying.

Anyhow, we will need a few things to get this show on the road.

–A recent BartPE CD (See my Article on creating a BartPE CD here)
–A backup of your Virtual Machine
    –Simply copy the directory that your Virtual Machine is stored in to another location. (That way if something gets totally blown up you can try again!)
–A decent soundtrack (optional, but helpful)

So now that we have assembled all of our parts and you are jamming away to Dragonforce or Neil Diamond (or a mash-up your brother-in-law made of both), we can begin!

Introduction —

– If you still have the .ISO file for your BartPE disc, create a new CD-ROM drive entry in your “Broken Virtual Machine” pointing to that ISO file.
    OR
– if you do not still have the .ISO file for your BartPE disc, put the CD in your physical CD-ROM drive on the VMWare host machine.
– Ensure that your “Broken Virtual Machine” is set to use the physical CD-ROM drive on the VMWare host machine.

– Start “Broken Virtual Machine”

– After starting “Broken Virtual Machine” You should be presented with the VMWare BIOS, hit ESC to bring up the BOOT menu.
– SELECT the CD-ROM option and press ENTER
– If everything goes correctly you should be presented with a BartPE splash screen.
    –If you are not presented with a BartPE splash screen, try check the settings for “Broken Virtual Machine” to ensure that the CD-ROM drive is set to be connected.
– After BartPE loads, you should see its wicked cool splash screen (Warp speeeeeed!) at this point we are ready to dig in to this guide.

Anything which is lost can be found —

– The problem, which has been very vaguely described and documented (no less) is that for whatever reason 64 Bit versions of Windows do not by default have the symmpi driver.
– The way we fix this is in three steps.
   –First, we find out how broken “Broken Virtual Machine” is.
   –Second, we fix “Broken Virtual Machine”
   –Third, we apologize to it for calling it “Broken Virtual Machine” upwards of 30 times in this guide and buy it a beer.

Broken to a degree you say?

Well, um. Yes.

Sometimes, the registry keys are there but the actual driver files are not. Other times. both the registry keys. and the driver files are there but the service is not set to start on boot.

So we just need to figure out how broken “Broken Virtual Machine” is.

First I will make a list of what should be there, and then we will work backwards to add anything which is missing, sound good? here we go!

In order for VMWare to work on a Windows System it needs a driver called SYMMPI to be present, for some reason by default the 64 Bit versions of Windows this driver is not present.

–The file must be present in:

C:\WINDOWS\SYSTEM32\DRIVERS\SYMMPI.SYS

–A Registry Key:

“pci#ven_1000&dev_0030″ must exist in HKEY_LOCAL_MACHINE -> SYSTEM -> ControlSet001 -> Control -> CriticalDeviceDatabase and be configured properly.

–A Registry Key:

“symmpi” must exist in HKEY_LOCAL_MACHINE -> SYSTEM -> ControlSet001 -> Services must exist and be configured properly.

First we check to see if C:\WINDOWS\SYSTEM32\DRIVERS\SYMMPI.SYS exists on your boot drive. I am assuming your boot drive is C: and your Windows installation directory is C:\WINDOWS.

C:\WINDOWS\SYSTEM32\DRIVERS\SYMMPI.SYS

In BartPE click on GO, and then open a command prompt.

–type C: and press ENTER

–type cd\ and press ENTER

–type dir and press ENTER

–Make sure that this looks like the C:\ drive on “Broken Virtual Machine”
–if you see a C:\Windows or C:\WINNT folder than most likely this is your boot drive if not, try and figure out your boot drive by trying different things.
–Try and remember where you installed Windows, usually it is C:\WINDOWS or C:\WINNT we will assume your installation path is C:\WINDOWS

–type dir c:\windows\system32\drivers\SYMMPI.SYS
    — Good Output –
        C:\>dir c:\windows\system32\drivers\SYMMPI.SYS
         Volume in drive C has no label.
         Volume Serial Number is 94C7-D124
         Directory of c:\windows\system32\drivers
        02/18/2005  03:40 AM            84,992 symmpi.sys
                1 File(s)         84,992 bytes
                0 Dir(s)   1,961,406,464 bytes free
        — Bad Output —

C:\>dir c:\windows\system32\drivers\symmpi.sys
         Volume in drive C has no label.
         Volume Serial Number is 042C-5F95

         Directory of c:\windows\system32\drivers

        File Not Found
    — end example output–

        if the file is there, you’re in luck! if not, we will have to find you a copy but don’t worry just yet, it is not too difficult to find usually.

    — If you have symmpi.sys move on to the next step.
    OR
        — if you do not have symmpi.sys stick around for a moment.
        — Many times OEM vendors or folks who build their own PCs know to copy the contents of the Windows installation CD to some obscure location on the hard disk, we’re hoping this is the case!
        — Lets see if we can get lucky.

– type dir /s symmpi.sy_

(What we’re doing is searching C:\ (or your boot drive) for a file called symmpi.sy_) Note: .sy_ is the compressed sys driver file.
        — Good Output —
            C:\>dir /s symmpi.sy_
             Volume in drive C has no label.
             Volume Serial Number is 94C7-D124

             Directory of C:\AMD64

            03/22/2006  07:00 AM            37,033 SYMMPI.SY_
                       1 File(s)         37,033 bytes
        — Bad Output —
            C:\>dir /s symmpi.sy_
            Volume in drive C has no label.
             Volume Serial Number is 94C7-D124
            File Not Found
        — end example output —

– If it turns out that you have a copy of SYMMPI.SY_ on your computer, note the location, in the case above its C:\AMD64

–type H: and press ENTER
All we have to do now is extract the file.
–type extract C:\AMD64\SYMMPI.SY_ C:\WINDOWS\SYSTEM32\DRIVERS\SYMMPI.SYS
Note: If you get an error about extract not being a valid 32 bit application you’re not in the right path. It is trying to use the 64 binary. type H: and press enter and try again.
extract should complete.
–type dir c:\windows\system32\drivers\SYMMPI.SYS
        OR
– If it turns out that you do not have a copy of SYMMPI.SY_ you will need to copy it off of your 64Bit Windows installation media.
Put the CD-ROM in your drive
Figure out which drive letter BartPE has assigned to your CD-ROM Drive (I will assume it is D:)
– type D: and press ENTER
– type dir /s SYMMPI.SY_
— Good Output —
C:\>dir /s SYMMPI.SY_
Volume in drive D has no label.
Volume Serial Number is 94C7-D124
Directory of D:\AMD64
03/22/2006  07:00 AM            37,033 SYMMPI.SY_
                                    1 File(s)         37,033 bytes
— Bad Output —

C:\>dir /s SYMMPI.SY_
Volume in drive D has no label.
Volume Serial Number is 94C7-D124
File Not Found
— end example output —
– type H: and press ENTER
All we have to do now is extract the file.
– type extract D:\AMD64\SYMMPI.SY_ C:\WINDOWS\SYSTEM32\DRIVERS\SYMMPI.SYS
Note: If you get an error about extract not being a valid 32 bit application you’re not in the right path. It is trying to use the 64 binary. type H: and press enter and try again.
extract should complete.
– type dir c:\windows\system32\drivers\SYMMPI.SYS

I will assume that the SYMMPI.SYS file is now in c:\windows\system32\drivers\SYMMPI.SYS
——–

Now we are ready to muck around in the registry
Now is about the time where I really hope you took my advice and made a backup of “Broken Virtual Machine”.

–pci#ven_1000&dev_0030
–type H: and press ENTER
–type regedit and press ENTER
–You should be presented with regedit (hope you backed up your VM… da da da..)
As you are currently viewing the Windows registry for your Live CD environment and that is just next to useless, we’re going to load a different hive.
–Click on HKEY_LOCAL_MACHINE, then click on FILE -> Load Hive
–Navigate to your boot drive (C:) and then to C:\WINDOWS\SYSTEM32\CONFIG
–Double-click on system, it will present you with a dialog box asking what to name the new hive call it something such as SYSTEM2 (it doesn’t really matter)
–SYSTEM2 is the actual system hive for “Broken Virtual Machine”, neat huh?
A word about regedit in BartPE for whatever reason I would say 60% of the time I tried to load this hive regedit would close, if you try it enough times it will actually work.
–expand SYSTEM2 -> ControlSet001 -> Control -> CriticalDeviceDatabase
–Look for a key called pci#ven_1000&dev_0030
–if you have a key called pci#ven_1000&dev_0030
–click on pci#ven_1000&dev_0030
–There should be two strings in pci#ven_1000&dev_0030
–ClassGUID which has a value of {4D36E97B-E325-11CE-BFC1-08002BE10318}
–Service which has a value of symmpi
–if those two strings are either not present in pci#ven_1000&dev_0030 or contain different information, change them.       
        OR
–if you do not have a key called pci#ven_1000&dev_0030
–RIGHT-CLICK on the LEFT PANE and click new -> key
–key name is pci#ven_1000&dev_0030
–RIGHT-CLICK in the RIGHT PANE and click new -> string value the name of this value is ClassGUID the value is {4D36E97B-E325-11CE-BFC1-08002BE10318}
–RIGHT-CLICK in the RIGHT-PANE and click new -> string value the name of this value is Service the value is symmpi

You should now have the first of two required registry keys properly setup.
———

–symmpi

–While still in regedit click all of the – symbols to close all of the open keys until you are back at the main hives.
–expand SYSTEM2 -> ControlSet001 -> Services
–if you have a service called symmpi left-click on it.
    OR
–if you do not have a service called symmpi RIGHT-CLICK on the LEFT-PANE and click new -> key
– key name is symmpi
–If the symmpi key is setup properly you should have 7 keys in the right pane.
–(Default) (value not set) STRING
–ErrorControl (DECIMAL) 1 DWORD
–Group  SCSI miniport STRING
–ImagePath system32\DRIVERS\symmpi.sys STRING
–Start 0 (DECIMAL) DWORD
–Tag 33 (DECIMAL) DWORD
–Type 1 (DECIMAL) DWORD
–If you have all of the keys in the right pane, most likely you will notice that the ImagePath key is missing and Start is set to 4 instead of 0.
–RIGHT-CLICK on the RIGHT PANE and select new -> String Value name = ImagePath value = system32\DRIVERS\symmpi.sys
–Double-Click on Start in the RIGHT-PANE, make sure DECIMAL is selected and change it to 0 if it is not 0 already.
–if you do not have all of the keys listed above create them using the method listed below.
–RIGHT-CLICK on the RIGHT PANE and select new -> type is either String Value or DWORD (see table above for types, names a values)
–Note: when entering DWORD values it helps to ensure that you have DECMIAL selected.

–After you have added, adjusted or just verified the configuration of the symmpi service configuration contract the registry hive until you are back to SYSTEM2 and then unload it.
—————————

Final thoughts.

How annoying was that?

I’m going to say very, hopefully it helps someone out.

Five Minute Guide: BartPE CD

Tuesday, February 19th, 2008

In this 5 minute guide we show you how to create a BartPE CD.

BartPE is a live CD for Windows environments similar to Knoppix for Linux. It allows you to recover from all sorts of nasty situations such as disk mis-configuration, driver tragedy. I must admit that until recently I hadn’t used BartPE because I’ve never had an issue that needed a LiveCD for a Windows machine.

I decided I would whip up this 5 minute guide to creating a BartPE CD to go along with an article on fixing an issue with 64 Bit Windows 2003 Virtual Machines in VMWare.

You will need:

–A retail Windows CD either XP or Windows 2003 (Note: BartPE does not appear to work with R2, X64, or any Enterprise/Datacenter edition of Windows 2003, it does not find the files on the CD) I used an original Windows 2003 Web Edition CD I had laying around.
–A CD Burner (If you want to create an actual CD)
–A Blank CD (See above)
–The latest version of BartPE
–5 minutes

–Insert your Windows 2003 or Windows XP CD-ROM into your CD-ROM drive.
–Download BartPE from the link above or from the author’s web-site at http://www.nu2.nu/pebuilder/#download
–Install the application and launch ‘PE Builder’
–You should be presented with the screen listed below

bartpescrn 
–For source select the CD-ROM drive where you inserted the CD or any other folder which contains the contents of a Windows CD.
–**optional and probably not needed** For custom specify a folder which you want to include in your Pre-installed Environment. (this could include tools, etc…)
–For output I created a new temporary folder for so I would remember to delete the files later. Decide where you want BartPE’s output to go, and then select that path here.
–Plugins
If you have a specific need in mind, i.e. virus scanning or adware removal, you may want to checkout the ‘Plugins‘ button at the bottom of the screen, there appear to be many useful utilities available in that collection.       

Media Output
Here is where you have to make a choice.

-None means that it will not create an ISO or a CD and that it will simply output its files to the “output folder”.
-Create ISO Image means that it will create a ISO image bootable ISO image of the output which you can either choose to burn later using your favorite CD authoring software OR boot a virtual machine with.
-Burn to CD/DVD means that PE Builder will go ahead and create a bootable CD-ROM with the output on the disc.

There is no right or wrong answer, but ask yourself what are your needs? Are you going to be using this to fix a virtual machine? If so, than you most likely will not need physical media (CD-ROM) and you can just use the .ISO file. Besides, even if you have PE Builder create the .ISO file and you find out later that you need a CD, you can always burn the CD later using Nero or whichever authoring tool is your favorite. My suggestion would be to create the .ISO file and keep it around incase you lose the CD or need to boot a virtual machine which is being stubborn about booting from the physical CD-ROM drive.

Once you’ve solved that moral dilemma, simply click ‘Build’ and your requested action, whether it is None, Create ISO Image, or Burn to CD/DVD should be completed in a jiffy.

Note: It took me a lot longer than 5 minutes to make my BartPE disc, mainly because it took me about 4 hours to find a Windows 2003 CD it would ‘accept’. Where’s the love for the R2 X64 Data Center SP-2 nLite custom CDs Bart? :-) (Just kidding) Although it would be nice if it accepted other types and slightly newer media such as Volume Licensing, R2, X64, etc.

Enjoy!
-Drew

Nagion 1.0 Released

Monday, October 29th, 2007

     Nagion 1.0 has been released and offers the following features:

  • auto installation of Nagios and Plugins on CentOS, RedHat, and Fedora
  • auto creation of hosts, services, hostgroups, contacts read from comma delimited files
  • very easy to use
  • completely free!

       Download the archive here.

       As always, use the contact form to send comments, suggestions, hatred.

       -Drew