Ohjeah!

I’ve been a bit occupied over the Summer and have fallen behind on my posts.  Now that it’s getting a bit cooler outside, I should be around more.  On a side note, here are a few things I’ve been playing with over the past few months and will probably make my initial return posts about:

• Windows 7 - I’ve been using it since beta, RC and RTM.. I like it
• 10Ggb Networking – Starting using 10Gb iSCSI with our homemade SAN.
• Cisco ASA – Replaced all PIX at various locations with spankin new ASAs..
• Barracuda Web Filter – Replaced Websense with Barracuda Web Filter for big savings.
• Barracudaware – Barracuda purchased Yostemite Backup and lowered the retail price even more.  It is now my recommended backup software for any network.
• AT&T Opt-E-man vs. XO T3 – Should have performance results comparing our 50mb Opt-E-man vs. our XO T3 soon, which is the better deal?
• RSTP Redundancy – Completed our fully redundant Layer2 network with some additional procurve switches and RSTP.  In the process of pushing a new vlan scheme with MSTP for load balancing and redundancy.

Simple shell script to help me with my habit of always trying to use mstsc to launch remote desktop connections even on my Linux workstation..  You can add other misc rdesktop flags as you feel necessary. Put it in /usr/bin etc

#!/bin/bash
# Usage: mstsc /v:host (or mstsc host)
 
iuser="username"
ihost=$1
ohost=${ihost/\/v:/}
 
rdesktop -g 1280x1024 -u $iuser -z $ohost > /dev/null 2>&1 &

We’ve been using Websense as our content filtering solution for about a year now, primarily utilizing the Remote Desktop Client in conjunction with the Remote Filtering service to handle our remote users and offices. While Websense is probably the most featured packed content filtering solution, it comes at a cost due to a per user licensing model and heavy hardware requirements.

Barracuda recently entered the content filtering market with their appliance, and after a 30-day demo of their 610 model we decided it was the way to go. While it lacks some of the features of Websense, it will free up 2 servers and $8,000/yr in software renewals which is well worth the initial appliance cost.

The primary downside to the Barracuda was the lack of a Remote Filtering agent, which means our remote users and offices will have to proxy through our central office. With our new 50mb Opteman on the way, and utilizing Frontmotion Firefox ADM to force proxy settings, this won’t be a problem.

However..

Attempting to remove the Websense Desktop Client turned out to be more of a hassle then expected. When attempting to use the same .msi for the uninstall as used for the initial install, I would get “This action is only valid for products that are installed” as seen here:

After ensuring the .msi I was using was identical to what was used for the installation, I reinstalled the WDC then proceeded to remove it immediately which worked without issue. With a little GPO help, I was able to push this out to all workstations:

@echo off
REM WDC_Uninstall.bat
REM Copyright (c) 2009 Jared Orzechowski <jaredo at ameritech dot net>
 
if exist "C:\Program Files\Websense\WDC" GOTO :Uninstall
GOTO :End
 
:Uninstall
echo Removing Remote Client Filter
net use Y: \\domain.com\DFS\Client_installs\CPMClient /Y
start /wait msiexec /i Y:\CPMClient.msi REINSTALL=ALL REINSTALLMODE=veums PASSPHRASE=somepass REBOOT=NO /qn
"C:\Program Files\Websense\WDC\wdc.exe" -ds somepass
sc stop WebsenseDesktopClient
start /wait msiexec /x{14D74337-01C2-4F8F-B44B-67FC613E5B1F} /qn /norestart
net use Y: /DELETE /Y
rmdir /S /Q "C:\Program Files\Websense\WDC"
GOTO :End
 
:End
echo Operation Complete..

This should work on most newer versions of wine, just run regedit (registry editor) and add/modify the following.

[HKEY_CURRENT_USER\Control Panel\Desktop]
"FontSmoothing"="2"
"FontSmoothingType"=dword:00000002
"FontSmoothingGamma"=dword:00000578
"FontSmoothingOrientation"=dword:00000001

In my last post I showed a good example for using expect in a script.  Here is another good example I use for updating local user passwords across a group of servers without using ssh keys.  This assumes the user you are resetting can ssh to the host and the old password is the same on all hosts. Read the rest of this entry »

One of my recent projects was to initiate a server-wide shutdown should our UPS ever run low.  I currently have Zenoss monitoring the health status of the UPS, including the remaining charge on the battery.  Using Zenoss thresholds, I can make a script execute if the battery ever runs low.

Our Zenoss deployment currently runs on CentOS, so I put down a method to shut down each type of host from a linux platform.  After much researching and testing, this is what I came up with (and am currently using in my shutdown script).

For Windows:

net rpc SHUTDOWN -C "Automated shutdown" -f -I "$server" -W $domain -U $username%$password

I replaced my arguments with some that would be more readable.  User and password are separated with %.

For Linux:

CMD="ssh -l $username $server shutdown -h now"
              expect -c "
              match_max 100000
              spawn $CMD
 
              expect {
                \"Are you sure you want to continue connecting (yes/no)?\" {
                send \"yes\r\"
                exp_continue
                }
                \"password:\" {
                send \"$password\r\"
                expect -re \"$username*\"
                }
              }
              "

I wanted to shutdown linux servers without using keys but had to overcome the “do you want to connect” prompt.  In order to do that I had to use exact which can be installed with “yum install exact”

By turning these into functions and passing arguments, you can make a shutdown script in a couple of minutes.

Integrated Twitter into my blog, feel free to follow it at here .

Since we have ESX, I usually don’t get to spend much time playing around with VMware-Server. Interested to see the new interface in VMware-Server 2, I installed it on one of my CentOS servers.

The installation was a breeze with the rpm package and running the configuration script was pretty flawless. So I logged in through the Remote Management Console (https/port 8333), and created a fresh host. After copying over a Win2k3 iso, mounted the image and began the installation.

(On a side note I was doing this remotely, and found out that in order to use the Remote Console Client, I needed to allow ports 8333 and 902 through the firewall)

The initial Windows installation zipped right through, however, when I went to configure the network adapter none was listed. So I took a look at the Device Manager and BAM!

This device cannot start. (Code 10)

Having never come across this on VMware/Windows installation, I decided to reinstall my Windows host. Same thing.. So let’s install the driver.. that we need to download.. with no network card..

Lucky for us we have VMware! Downloaded the latest PCNet Family drivers for Windows 2003, tossed them in an .iso image, and mounted it to the Virtual CD-Rom for the host. Once I extracted/updated the driver, everything was running smooth again.

Download the .iso image here: AMD Driver v4
MD5: 78159679b644e64c0ca5618bc4de1995

Sometimes I need to remind myself where this is located.  This is primarily useful when you have shared domain workstations that need to logon automatically.  Be sure to lock this workstation down!

KB #315231

This article describes how to configure Microsoft Windows XP to automate the logon process by storing your password and other pertinent information in the registry database. This feature permits other users to start your computer and to use the account that you establish to automatically log on.

Important If you turn on autologon, using Windows XP becomes more convenient. However, using this feature can pose a security risk.

Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base: Read the rest of this entry »

[jaredo@zim ~]$ cat /proc/meminfo
MemTotal:     32962112 kB
MemFree:        237376 kB
Buffers:        235768 kB
Cached:       20340388 kB

Monitoring after a recent reboot: