tag:blogger.com,1999:blog-83473098371896795652024-03-05T00:21:28.151-06:00Patrick Ryan NielsenPatrick Ryan Nielsen's BlogPatrick Nielsenhttp://www.blogger.com/profile/08039025128943074459noreply@blogger.comBlogger77125tag:blogger.com,1999:blog-8347309837189679565.post-31300093764144610742013-05-29T09:35:00.001-05:002013-05-29T09:35:29.212-05:00Powershell - Local user password expiration and other properties with WMII found a lot information about using <i>net user</i> and <i>wmic</i>. I run into a issue with wmic grabbing a domain account with the same name. My guess is there is a quick fix but it wasn't using <i>/node</i> so i decided to go down try something new. Below is a code snippet for creating a user if it doesn't exist and adding to administrators with password that doesn't expire. This code works wonders using Powershell remoting to setup new virtual machines with dynamic users based on requester.<br />
<br />
<b>Changing Password Expires field and updating user:</b><br />
<blockquote class="tr_bq">
$localuser = Get-WmiObject -Class Win32_UserAccount -Namespace "root\cimv2" -Filter "LocalAccount='$True'" | where {$_.Name -eq <i><b>$user</b></i>}</blockquote>
<blockquote class="tr_bq">
$localuser.PasswordExpires = $false</blockquote>
<blockquote class="tr_bq">
$localuser.Put()</blockquote>
<blockquote class="tr_bq">
</blockquote>
<blockquote class="tr_bq">
</blockquote>
Here are a list of the properties that can be read or changed.<br />
<b>Properties:</b><br />
<blockquote class="tr_bq">
<blockquote class="tr_bq">
AccountType Property uint32 AccountType {get;set;} </blockquote>
<blockquote class="tr_bq">
Caption Property string Caption {get;set;} </blockquote>
<blockquote class="tr_bq">
Description Property string Description {get;set;} </blockquote>
<blockquote class="tr_bq">
Disabled Property bool Disabled {get;set;} </blockquote>
<blockquote class="tr_bq">
Domain Property string Domain {get;set;} </blockquote>
<blockquote class="tr_bq">
FullName Property string FullName {get;set;} </blockquote>
<blockquote class="tr_bq">
InstallDate Property string InstallDate {get;set;} </blockquote>
<blockquote class="tr_bq">
LocalAccount Property bool LocalAccount {get;set;} </blockquote>
<blockquote class="tr_bq">
Lockout Property bool Lockout {get;set;} </blockquote>
<blockquote class="tr_bq">
Name Property string Name {get;set;} </blockquote>
<blockquote class="tr_bq">
PasswordChangeable Property bool PasswordChangeable {get;set;} </blockquote>
<blockquote class="tr_bq">
PasswordExpires Property bool PasswordExpires {get;set;} </blockquote>
<blockquote class="tr_bq">
PasswordRequired Property bool PasswordRequired {get;set;} </blockquote>
<blockquote class="tr_bq">
SID Property string SID {get;set;} </blockquote>
<blockquote class="tr_bq">
SIDType Property byte SIDType {get;set;} </blockquote>
<blockquote class="tr_bq">
Status Property string Status {get;set;} </blockquote>
</blockquote>
<br />
<b>Example:</b><br />
<br />
<blockquote class="tr_bq">
<blockquote class="tr_bq">
try</blockquote>
<blockquote class="tr_bq">
{</blockquote>
<blockquote class="tr_bq">
$user = "User"</blockquote>
<blockquote class="tr_bq">
$userpass = "Pass"</blockquote>
<blockquote class="tr_bq">
$localuser = Get-WmiObject -Class Win32_UserAccount -Namespace "root\cimv2" -Filter "LocalAccount='$True'" | where {$_.Name -eq $user}</blockquote>
<blockquote class="tr_bq">
if($localuser)</blockquote>
<blockquote class="tr_bq">
{</blockquote>
<blockquote class="tr_bq">
Write-Host "$user was already created"</blockquote>
<blockquote class="tr_bq">
}else{</blockquote>
<blockquote class="tr_bq">
& net user "$user" "$userpass" /ADD</blockquote>
<blockquote class="tr_bq">
$localuser = Get-WmiObject -Class Win32_UserAccount -Namespace "root\cimv2" -Filter "LocalAccount='$True'" | where {$_.Name -eq $user}</blockquote>
<blockquote class="tr_bq">
if($localuser)</blockquote>
<blockquote class="tr_bq">
{</blockquote>
<blockquote class="tr_bq">
& net localgroup administrators $user /add</blockquote>
<blockquote class="tr_bq">
$localuser.PasswordExpires = $false</blockquote>
<blockquote class="tr_bq">
$localuser.Put()</blockquote>
<blockquote class="tr_bq">
}else{</blockquote>
<blockquote class="tr_bq">
throw "User Creation failed"</blockquote>
<blockquote class="tr_bq">
}</blockquote>
<blockquote class="tr_bq">
}</blockquote>
<blockquote class="tr_bq">
}catch{</blockquote>
<blockquote class="tr_bq">
throw $error[0]</blockquote>
<blockquote class="tr_bq">
exit 1</blockquote>
<blockquote class="tr_bq">
}finally{</blockquote>
<blockquote class="tr_bq">
$userpass = ""</blockquote>
<blockquote class="tr_bq">
}</blockquote>
</blockquote>
Happy Hunting with automatingPatrick Nielsenhttp://www.blogger.com/profile/08039025128943074459noreply@blogger.com0tag:blogger.com,1999:blog-8347309837189679565.post-38077580546500103452012-12-14T15:23:00.001-06:002012-12-14T15:23:10.654-06:00SSIS Catalog Creation - C:\Program Files\Microsoft SQL Server\110\DTS\Binn\SSISDBBackup.bak Missing<p>The error below happens on SQL Server 2012 install without SSIS installed on the same host.</p> <blockquote> <p>The catalog backup file 'C:\Program Files\Microsoft SQL Server\110\DTS\Binn\SSISDBBackup.bak' could not be accessed. Make sure the database file exists, and the SQL Server service account is able to access it.</p> </blockquote> <p><font color="#666666">This will be the case for most installs on clusters since its not recommended.</font></p> <p><a title="http://technet.microsoft.com/en-us/library/hh213127.aspx" href="http://technet.microsoft.com/en-us/library/hh213127.aspx">http://technet.microsoft.com/en-us/library/hh213127.aspx</a></p> <p>To fix this issue copy that file from a SSIS install to the same directory. Rerun your SSIS Catalog create dialog. If this isn’t your issue you may want to check on this connect issue post.</p> <p><a href="https://connect.microsoft.com/SQLServer/feedback/details/620992/create-catalog-integration-services-fails-if-the-default-backup-location-was-changed-during-install">https://connect.microsoft.com/SQLServer/feedback/details/620992/create-catalog-integration-services-fails-if-the-default-backup-location-was-changed-during-install</a></p> <p><font color="#666666"> </font></p> Patrick Nielsenhttp://www.blogger.com/profile/08039025128943074459noreply@blogger.com0tag:blogger.com,1999:blog-8347309837189679565.post-81886162772337662992012-12-14T11:47:00.001-06:002012-12-14T11:47:01.103-06:00Get event action failed. java.security.cert.CertificateException: The required certificate doesn't exist in the key store.<p>This error comes if your event subscription username and password aren’t filled in. You may see this error if right click on the IPS in IME and click status. The connection status should read OK. Update your IPS by right clicking and click edit and fill in both subscription username and passwords fields. Hope this will help ya solve this problem since it doesn’t seem to have anything to do with a certificate.</p> Patrick Nielsenhttp://www.blogger.com/profile/08039025128943074459noreply@blogger.com0tag:blogger.com,1999:blog-8347309837189679565.post-39514273110346501872012-11-19T16:04:00.001-06:002012-11-19T16:05:06.907-06:00Hyper-V – VM’s page file on SCSI VHD<p>Just a heads up if you get an warning windows could not create page file on specified volume. This is because the SCSI disks in Hyper-V are driver based and are loaded after windows loads. This would mean the page file would be loaded first before the disk was mounted. As of Windows 2008 R2 Hyper-V this doesn’t not seem to be supported. If you switch your page file VHD to a IDE drive it will solve this issue.</p> Patrick Nielsenhttp://www.blogger.com/profile/08039025128943074459noreply@blogger.com1tag:blogger.com,1999:blog-8347309837189679565.post-14331522971912185972012-10-23T16:38:00.001-05:002012-10-23T16:38:17.611-05:00Cisco IP Manager Express - IOException when try to get certificate: connect timed out<p><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjBXDJXEcVNAd75ZdcQhOHxH88knbciCVRYUtjyBpyIDwthbV5UQaWn_yZIRWea87ljMJcb4YdXNMCEBWO1Wn8irqv9hA472YPkZKzHXsBKJiFzZfX9ljfleEdv-OCvS07DS37lQkpqle4/s1600-h/image%25255B64%25255D.png"><img style="background-image: none; border-bottom: 0px; border-left: 0px; padding-left: 0px; padding-right: 0px; display: inline; border-top: 0px; border-right: 0px; padding-top: 0px" title="image" border="0" alt="image" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhSbWfmu31y-VfzDpj1w3PoAGNSYU3mhsuVSNlefUXqZiubQdP54mzOiebTkEw7nQAP4eCpIF8gLYxwhxaoSQ2ZkZ54z52zvEEkBV-vi_ypYuh_e_9AdgWST6TbgfMtvnCq6yr-xmMmxy4/?imgmax=800" width="461" height="151" /></a></p> <p>This seems to be one of two problems from a quick glance. The easy one is if the IP Address is no accessible from the IME desktop or server. </p> <p><a href="http://lh6.ggpht.com/-TDY5FDXefR0/UIcOPhLALNI/AAAAAAAABgM/nM_VeAIuHYI/s1600-h/image%25255B67%25255D.png"><img style="background-image: none; border-bottom: 0px; border-left: 0px; padding-left: 0px; padding-right: 0px; display: inline; border-top: 0px; border-right: 0px; padding-top: 0px" title="image" border="0" alt="image" src="http://lh4.ggpht.com/-sg6byDnRlQw/UIcOQJAgZwI/AAAAAAAABgU/wxtyZIIFczk/image_thumb%25255B63%25255D.png?imgmax=800" width="163" height="244" /></a></p> <p>Second one should have been more obvious but when a Host isn’t in the allowed hosts its not allowed to even connect or ping. The result is the IME application giving you the same error as it doesn’t exist. Add your host or Network to the trusted hosts and try again to add this IPS to IME.</p> <p><a href="http://lh4.ggpht.com/-jJF9Z3vhcME/UIcOQ0IhSqI/AAAAAAAABgc/PS50No9likA/s1600-h/image%25255B73%25255D.png"><img style="background-image: none; border-bottom: 0px; border-left: 0px; margin: 0px; padding-left: 0px; padding-right: 0px; display: inline; border-top: 0px; border-right: 0px; padding-top: 0px" title="image" border="0" alt="image" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhQo_E-jAxE5DsQx_lA8x8nRzQYs98X3yBetN_smQtM4y38c4wWumbie3vpXT1HldHJs4nTPz1fokxyp-HxHs9PIrLUWeJHHt92lNvB7VwepalZCSvQ8LwlNscGE364D7pC-XVkT9QikME/?imgmax=800" width="205" height="163" /></a></p> <p><a href="http://lh6.ggpht.com/-9Xw2Rur2XuY/UIcORtAwMuI/AAAAAAAABgs/QCLBPnajqNg/s1600-h/image%25255B70%25255D.png"><img style="background-image: none; border-bottom: 0px; border-left: 0px; margin: 0px; padding-left: 0px; padding-right: 0px; display: inline; border-top: 0px; border-right: 0px; padding-top: 0px" title="image" border="0" alt="image" src="http://lh5.ggpht.com/-5Xb-I8BY8qI/UIcOSI6pnxI/AAAAAAAABg0/oV6HbhHCjuU/image_thumb%25255B64%25255D.png?imgmax=800" width="244" height="138" /></a></p> Patrick Nielsenhttp://www.blogger.com/profile/08039025128943074459noreply@blogger.com0tag:blogger.com,1999:blog-8347309837189679565.post-62904744694725154302012-08-15T14:36:00.001-05:002012-08-15T14:36:33.914-05:00Orchestrator 2012 – Registration of the Integration Pack XXXX with the Orchestrator Management Server Failed<p>I ran across this while creating IPs for SCORCH 2012 and needed to make some updates. When registering this IP with the Management Server that currently had this installed threw the errors below.</p> <p>Product: XXXX-- Configuration failed.</p> <p>Windows Installer reconfigured the product. Product Name: XXXX. Product Version: 1.1. Product Language: 1033. Manufacturer: XXXX. Reconfiguration success or error status: 1638.</p> <p>I haven’t gone through the logs yet but a good enough fix is to uninstall and run the registration again and deploy it again. Until I get a chance to go back through this.</p> Patrick Nielsenhttp://www.blogger.com/profile/08039025128943074459noreply@blogger.com0tag:blogger.com,1999:blog-8347309837189679565.post-73324017610300292972012-03-21T08:48:00.001-05:002012-03-21T08:48:51.023-05:00SCVMM – Cannot Resolve with DNS<p>I observed this issue when creating a cluster in a remote site using Active Directory sites. DNS for this does take about 15 minutes based on the default replication value. Also this configuration had my Virtual Machine Manager in a remote site using site local library to deploy virtual machines. When trying to add another cluster to SCVMM shortly after I created it gave me the error message below.</p> <blockquote> <p><font color="#333333" size="2">SERVER cannot resolve with DNS</font></p> <p><font color="#333333" size="2">Ensure there is network communication with the DNS server. if the problem persists contact your network administrator</font></p> <p><font color="#333333" size="2">ID:404</font></p> <p><font color="#333333" size="2">Details: The request name is a valid but no data of the requested type was found</font></p> </blockquote> <p><a href="http://lh3.ggpht.com/-uNBiwHm8s2c/T2ncPEOhd0I/AAAAAAAABHA/C0D1SibdvOQ/s1600-h/image%25255B3%25255D.png"><img style="background-image: none; border-bottom: 0px; border-left: 0px; padding-left: 0px; padding-right: 0px; display: inline; border-top: 0px; border-right: 0px; padding-top: 0px" title="image" border="0" alt="image" src="http://lh6.ggpht.com/-h-8YWDGqfQU/T2ncPeML3lI/AAAAAAAABHI/LPxgNhcSfZ8/image_thumb%25255B1%25255D.png?imgmax=800" width="460" height="209" /></a></p> <p>After logging in to the SCVMM server to test the DNS name of the cluster. The SCVMM server is the one making the DNS requests and must be able to resolve any cluster or server names which you wish to add. For this issue I had to flush out the previously cached values on the SCVMM server or wait for the cache to expire.</p> <blockquote> <p><font color="#333333" size="2">IPCONFIG /flushdns</font></p> </blockquote> <p>If your experiencing issues I would start on your SCVMM server and check your DNS servers and if it can correctly retrieve the DNS records.</p> Patrick Nielsenhttp://www.blogger.com/profile/08039025128943074459noreply@blogger.com1tag:blogger.com,1999:blog-8347309837189679565.post-23451884011911476562012-03-20T16:14:00.001-05:002012-03-20T16:14:11.731-05:00HP H3C – SNMP<p>Just a quick post to enable read snmp community. The commands will get you on your way.</p> <blockquote> <p>snmp-agent <br /> snmp-agent community <strong>read</strong> <em>public</em> <br /> snmp-agent sys-info version <strong>all</strong></p> </blockquote> <p>You can change the read to write or all to filter which versions of SNMP you want to support. After running the snmp-agent command the device will generate a engineid which will show up in your configuration even if you don’t enable version 3.</p> <blockquote> <p>snmp-agent local-engineid </p></blockquote> Patrick Nielsenhttp://www.blogger.com/profile/08039025128943074459noreply@blogger.com0tag:blogger.com,1999:blog-8347309837189679565.post-56184717187651898232012-03-01T12:31:00.001-06:002012-03-01T12:31:18.513-06:00Cisco ASA – TFTP Copy over a VPN connection<p>While looking into doing some automated backups of configuration files of Cisco ASA and other devices I found some routing issues while doing TFTP copies. Below is the syntax for TFTP copy command.</p> <blockquote> <p><b>tftp://</b>[<em>user</em>[<b>:</b><em>password</em>]<b>@</b>]<em>server</em>[:<em>port</em>]<b>/</b>[<em>path</em>/]<em>filename</em>[<b>;int=</b><em>interface_name</em>]</p> </blockquote> <p>After using the int=INTERFACE allowed the TFTP copy to work over the tunnel. </p> <blockquote> <p> copy /noconfirm running-config tftp://192.168.1.1/config/FW01.cfg;int=DMZ</p> </blockquote> <p>Also good thing to know is you can set this same setting on the default TFTP client settings.</p> <blockquote> <p><font color="#333333" size="2">config t</font></p> <p><font color="#333333" size="2">tftp-server DMZ 192.168.1.1 config/FW01.cfg</font></p> </blockquote> <p><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiPGYBad_Mae0kWB1TNVylCLeeJ4qouZWtqeaqvtr0M1i4UUiAFiHv3uJ8kZnbmNI7OXQI3eR1GUI6LDJv0b8SaV58_9DoHpUTvat0rzJztJk-bQVetQJCf60npmB5cqcTK4sVn1T3MUJI/s1600-h/image%25255B2%25255D.png"><img style="background-image: none; border-bottom: 0px; border-left: 0px; margin: 0px; padding-left: 0px; padding-right: 0px; display: inline; border-top: 0px; border-right: 0px; padding-top: 0px" title="image" border="0" alt="image" src="http://lh4.ggpht.com/-HQLy_1N6ilE/T0_Adj4OfhI/AAAAAAAABGk/5f4eCR7Ev8w/image_thumb.png?imgmax=800" width="244" height="95" /></a></p> <p>After this set you can just do use some commands to take advantage of short hand.</p> <blockquote> <p><font color="#333333" size="2">write net</font></p> </blockquote> <p>or</p> <blockquote> <p><font color="#333333" size="2">copy running tftp</font></p> </blockquote> <p>Good References</p> <p><a href="http://www.cisco.com/en/US/docs/security/asa/asa84/command/reference/c4.html#wp2171368">http://www.cisco.com/en/US/docs/security/asa/asa84/command/reference/c4.html#wp2171368</a></p> <p><a href="http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a008072142a.shtml">http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a008072142a.shtml</a></p> Patrick Nielsenhttp://www.blogger.com/profile/08039025128943074459noreply@blogger.com0tag:blogger.com,1999:blog-8347309837189679565.post-29294462814268564732012-02-29T11:26:00.000-06:002012-03-01T11:38:58.027-06:00Silverlight – Install Failed Error code 1603 & Event ID 11606 Could not Access Network Location<p>This issue has been seen with a network based install that was no longer available. Steps tested were uninstall and install newer versions and lastly backing up registry and deleting key for Silverlight. Bob Pomeroy has posted a clean up utility back in 2008 but fixes issues with newer versions. After running that utility install of Silverlight 5 worked great.</p> <p><a href="http://blogs.msdn.com/b/rpomeroy/archive/2008/06/10/how-to-manually-clean-up-a-bad-silverlight-installation.aspx">http://blogs.msdn.com/b/rpomeroy/archive/2008/06/10/how-to-manually-clean-up-a-bad-silverlight-installation.aspx</a></p> <p> </p> <p>You may also want to look into this post</p> <p><a href="http://forums.silverlight.net/t/249269.aspx/1?How+To+Fix+Silverlight+install+failure+at+99+code+1603+or+generic+Unknown+Error">http://forums.silverlight.net/t/249269.aspx/1?How+To+Fix+Silverlight+install+failure+at+99+code+1603+or+generic+Unknown+Error</a></p> Patrick Nielsenhttp://www.blogger.com/profile/08039025128943074459noreply@blogger.com0tag:blogger.com,1999:blog-8347309837189679565.post-65272534153196593982012-01-30T16:12:00.001-06:002012-01-30T16:12:28.235-06:00Windows 2008 R2 – An error occurred while creating the cluster<p>This message could be a number of different issues upon getting the generic error below.</p> <blockquote> <p>An error occurred while creating the cluster. <br />An error occurred creating cluster 'CLUSTERNAME'. <br />The service has not been started</p> </blockquote> <p><font color="#666666">Looking at the example error report you can see after Server3 checks the Network FT Driver it attempts to cleanup and exit.</font></p> <p><font color="#666666"></font></p> <blockquote> <p>Beginning to configure the cluster 'CLUSTERNAME'.</p> <p>Initializing Cluster 'CLUSTERNAME'.</p> <p>Validating cluster state on node server1.domain.com.</p> <p>Searching the domain for computer object CLUSTERNAME.</p> <p>Creating a new computer object for CLUSTERNAME in the domain.</p> <p>Configuring computer object CLUSTERNAME as cluster name object.</p> <p>Validating installation of the Network FT Driver on node Server1.domain.com.</p> <p>Validating installation of the Cluster Disk Driver on node Server1.domain.com.</p> <p>Configuring Cluster Service on node Server2.domain.com.</p> <p>Validating installation of the Network FT Driver on node Server2.domain.com.</p> <p>Validating installation of the Cluster Disk Driver on node Server2.domain.com.</p> <p>Configuring Cluster Service on node Server3.domain.com.</p> <p><strong><em>Validating installation of the Network FT Driver on node Server3.domain.com.</em></strong></p> <p><strong><em>Unable to successfully cleanup.</em></strong></p> <p>To troubleshoot cluster creation problems, run the Validate a Configuration wizard on the servers you want to cluster.</p> </blockquote> <p><font color="#666666">This issue is stemmed from installing the Failover Cluster in the wrong order normally in a Hyper-V cluster. To fix this all you need to do is remove this feature and install it again. Reinstall Failover Cluster feature to fix your cluster NIC missing during cluster creation.</font></p> <blockquote> <p>ocsetup FailoverCluster-Core /uninstall</p> <p>ocsetup FailoverCluster-Core</p></blockquote> Patrick Nielsenhttp://www.blogger.com/profile/08039025128943074459noreply@blogger.com1tag:blogger.com,1999:blog-8347309837189679565.post-34855838836175787842012-01-29T23:58:00.001-06:002012-01-29T23:58:58.420-06:00Windows 7 Install – Very slow setup on Intel DP43TF Motherboard<p>If your upgrading or just getting a computer with a Intel DP43TF to Windows 7 or Vista x64(64 bit) it might be really slow. Just in case you ran across this post with another motherboard its most likely that bios has the floppy enabled. To fix that just disable the floppy controller from bios. </p> <p>The best from reading the release notes for the Intel DP43TF BIOS updates is below.</p> <blockquote> <p> <br />BIOS Version 0104 <br />About This Release: <br /> January 22, 2010 <br /> NBG4310H.86A.0104.2010.0122.1624 <br /> ME Firmware Revision: 1129 SKU4 <br /> Integrated Graphics Option ROM Revision: 1800 <br /> MEBx Version:5.0.5.0004 <br /> PXE LAN Option ROM Revision: Intel(R) Boot Agent GE v1.3.27 <br />New Fixes/Features: <br /> Fixed issue where updating DMI data causes reset loop. <br /> <strong><em>Fixed issue where 64-bit operating system runs extremely slow <br />with 4 GB memory installed.</em></strong> <br /> Fixed S3 hang issue with POST code 13. <br /> Changed Intel ME firmware binary power package default. <br /> Implemented Security Phase 2 <br /> Changed HECI driver for PCIE base 0xF0000000 to fix low memory <br />issue. <br /> Removed certain graphics card limit which was causing yellow <br />bang</p> </blockquote> <p><font color="#666666">At this current time bios version 0107 is available for download. Apply this bios update via cdrom, bootable usb or the preferred method running self updater from windows. As you could tell after the update the issue was resolved.</font></p> <p><a href="http://downloadcenter.intel.com/Detail_Desc.aspx?ProductID=2980&DwnldID=19740&lang=eng&iid=dc_rss">http://downloadcenter.intel.com/Detail_Desc.aspx?ProductID=2980&DwnldID=19740&lang=eng&iid=dc_rss</a></p> Patrick Nielsenhttp://www.blogger.com/profile/08039025128943074459noreply@blogger.com0tag:blogger.com,1999:blog-8347309837189679565.post-37266491254369274962012-01-20T16:43:00.001-06:002012-01-20T16:43:03.854-06:00PowerShell – Remote System call using invoke-command out of memory<p>Some memory errors might occur using using the invoke-command PowerShell cmdlet to run programs or scripts on remote hosts. By default a remote session is default limited to <strong>150MB</strong>. For example when trying to run java application remote.</p> <blockquote> <p>Invoke-Command -ComputerName MyServer-ScriptBlock {java} <br />Error occurred during initialization of VM <br />Could not reserve enough space for object heap</p> </blockquote> <p>To solve this setting the MaxMemoryPerShellMB option for remote shell connections to a larger amount. This comment <strong>must</strong> be run on the remote system with administrator rights.</p> <p><strong>Powershell</strong></p> <blockquote> <p>set-item wsman:localhost\Shell\MaxMemoryPerShellMB 2048</p> </blockquote> <p><strong>Batch</strong></p> <blockquote> <p>winrm set winrm/config<strong>/</strong>winrs @{MaxMemoryPerShellMB="2048"}</p> </blockquote> <p><font color="#666666">Now trying again to run invoke-command to the remote server yields better results.</font></p> <blockquote> <p>Invoke-Command -ComputerName MyServer -ScriptBlock {java} <br />Usage: java [-options] class [args...] <br />           (to execute a class) <br />   or  java [-options] -jar jarfile [args...] <br />           (to execute a jar file)</p> </blockquote> <p><font color="#666666">This can be affect by using PowerShell ISE Remote PowerShell Tab also.</font></p> Patrick Nielsenhttp://www.blogger.com/profile/08039025128943074459noreply@blogger.com7tag:blogger.com,1999:blog-8347309837189679565.post-28077092255846894822012-01-20T16:18:00.001-06:002012-01-20T16:19:31.480-06:00Debian – SNMPWALK with MIB lookups<p>Just a quick reference to get a Debian server to be able to do MIB lookups. When running snmpwalk out of the box will not use MIB lookups due to licensing issue.</p> <blockquote> <p>snmpwalk -c public -v 1 192.168.1.1</p> <p>iso.3.6.1.2.1.6.1.0 = INTEGER: 1 <br />iso.3.6.1.2.1.6.2.0 = INTEGER: 50000 <br />iso.3.6.1.2.1.6.3.0 = INTEGER: 3200000 <br />iso.3.6.1.2.1.6.4.0 = INTEGER: -1 <br />iso.3.6.1.2.1.6.5.0 = Counter32: 1993 <br />iso.3.6.1.2.1.6.6.0 = Counter32: 13648696 <br />iso.3.6.1.2.1.6.7.0 = Counter32: 0 <br />iso.3.6.1.2.1.6.8.0 = Counter32: 686 <br />iso.3.6.1.2.1.6.9.0 = Gauge32: 1 <br />iso.3.6.1.2.1.6.10.0 = Counter32: 138464739 <br />iso.3.6.1.2.1.6.11.0 = Counter32: 85732550 <br />iso.3.6.1.2.1.6.12.0 = Counter32: 1530 <br /></p> </blockquote> <p>Below we are updating our source list to allow for <em>non-free</em> packages. If you already have security source you can just add <em>non-free</em> to the end.</p> <blockquote> <p>vi /etc/apt/sources.list</p> <pre><font face="Verdana">deb http://security.debian.org/ squeeze/updates main non-free<br />deb-src http://security.debian.org/ squeeze/updates main non-free</font></pre><br /></blockquote><br /><br /><p><font color="#333333" size="2">Install modules for snmp and snmp mibs.</font></p><br /><br /><blockquote><br /> <p><font color="#333333" size="2">apt-get update</font></p><br /><br /> <p><font color="#333333" size="2">apt-get install snmp snmp-mibs-downloader</font></p><br /></blockquote><br /><br /><p>You also need to comment out the one line in <em>snmp.conf</em> file. Just add a # before the <em>mibs:</em></p><br /><br /><blockquote><br /> <p><font color="#333333" size="2">vi /etc/snmp/snmp.conf</font></p><br /><br /> <p><font color="#333333" size="2">#mibs :</font></p><br /></blockquote><br /><br /><p><font color="#333333" size="2">Now when you do a snmpwalk you should get results like below</font></p><br /><br /><blockquote><br /> <p> snmpwalk -c public -v 1 192.168.1.1</p><br /><br /> <p>TCP-MIB::tcpRtoMin.0 = INTEGER: 50000 milliseconds<br /> <br />TCP-MIB::tcpRtoMax.0 = INTEGER: 3200000 milliseconds<br /><br /> <br />TCP-MIB::tcpMaxConn.0 = INTEGER: -1<br /><br /> <br />TCP-MIB::tcpActiveOpens.0 = Counter32: 1993<br /><br /> <br />TCP-MIB::tcpPassiveOpens.0 = Counter32: 13648419<br /><br /> <br />TCP-MIB::tcpAttemptFails.0 = Counter32: 0<br /><br /> <br />TCP-MIB::tcpEstabResets.0 = Counter32: 686<br /><br /> <br />TCP-MIB::tcpCurrEstab.0 = Gauge32: 2<br /><br /> <br />TCP-MIB::tcpInSegs.0 = Counter32: 138461949<br /><br /> <br />TCP-MIB::tcpOutSegs.0 = Counter32: 85730827<br /><br /> <br />TCP-MIB::tcpRetransSegs.0 = Counter32: 1530<br /><br /> </p></blockquote> Patrick Nielsenhttp://www.blogger.com/profile/08039025128943074459noreply@blogger.com1tag:blogger.com,1999:blog-8347309837189679565.post-25237447996062801822012-01-13T15:46:00.001-06:002012-01-13T15:46:01.443-06:00HP H3C S5800 – Enable Switch for SSH Access<p>For this quick example for enabling SSH Server on S5800 (HP 5800) series switches. This might work for other switches in other series too. </p> <p>To start with you need to generate RSA keys for your switch. To do so you need to public-key command with the parameter. This will be used for the encryption key used in the SSH Tunnel.</p> <blockquote> <p><font color="#333333" size="2">public-key local create rsa</font></p> </blockquote> <p>Next is to enable the SSH server.</p> <blockquote> <p><font color="#333333" size="2">ssh server enable</font></p> </blockquote> <p>You will need a VTY interface for access on SSH connections. Below are the commands to enable that protocol for AAA.</p> <blockquote> <p><font color="#333333" size="2">user-interface vty 0 4</font></p> <p><font color="#333333" size="2">authentication-mode scheme</font></p> <p><font color="#333333" size="2">protocol inbound ssh</font></p> </blockquote> <p>By default users are given access level of 0 which allows for basic trouble shooting. For this you can edit the default group system but for this example will be creating a new group. Using authorization attribute level at 3 we will be granting any user in this group full access.</p> <blockquote> <p><font color="#333333" size="2">user-group sshusers</font></p> <p><font color="#333333" size="2"></font>authorization-attribute level 3</p> </blockquote> <p><font color="#666666">Last part is create the user pointing that to our newly created group.</font></p> <blockquote> <p><font size="2">local-user sshuser</font></p> <p><font size="2">password simple mypassword</font></p> <p><font size="2">group sshusers</font></p> <p><font size="2">service-type ssh</font></p> </blockquote> <p><font color="#666666">From there you can test your SSH connection from putty or other such tools.</font></p> Patrick Nielsenhttp://www.blogger.com/profile/08039025128943074459noreply@blogger.com1tag:blogger.com,1999:blog-8347309837189679565.post-3550737385738225222012-01-13T09:59:00.001-06:002012-01-13T09:59:08.262-06:00HP H3C Switches - DHCP Relay<p>This only applies to HP switches running H3C software. Running DHCP Relay allows you to have DHCP server in another network and or VLAN. This also reduces the broadcast packets by intercepting DHCP requests before their broadcast. The example below shows that you can have more then one DHCP server if required. </p> <p> </p> <blockquote> <p><font color="#333333" size="2">DHCP Enable</font></p> <p><font color="#333333" size="2">DHCP Relay Server-Group 1 IP<strong> X.X.X.X</strong></font></p> <p><font color="#333333" size="2">DHCP Relay Server-Group 1 IP <strong>Y.Y.Y.Y</strong></font></p> <p><font color="#333333" size="2">Interface Vlan-Interface 1</font></p> <p><font color="#333333" size="2">DHCP Select Relay</font></p> <p><font color="#333333" size="2">DHCP Relay Server-Select 1</font></p> </blockquote> <p>Replace X.X.X.X with DHCP Server #1 IP and if available Server #2 replace Y.Y.Y.Y with that IP.</p> Patrick Nielsenhttp://www.blogger.com/profile/08039025128943074459noreply@blogger.com0tag:blogger.com,1999:blog-8347309837189679565.post-27220022616466208932012-01-12T16:39:00.001-06:002012-01-12T16:39:50.357-06:00HP H3C 3COM 7500 5800 5820 Series Switches running NLB in Multicast mode issues<p>Just a heads up to anyone who may have run into issues using some of the switches below while enabling NLB in multicast mode. As it turns out from the command guide the switch will deny any multicast mac address. Below for is reference for command arp check.</p> <blockquote> <h3>Syntax</h3> <p><b>arp check enable</b></p> <p><b>undo arp check enable</b></p> <h3>View</h3> <p>System view</p> <h3>Default Level</h3> <p>2: System level</p> <h3>Parameters</h3> <p>None</p> <h3>Description</h3> <p>Use the <b>arp check enable</b> command to enable ARP entry check. With this function enabled, the device cannot learn any ARP entry with a multicast MAC address. Configuring such a static ARP entry is not permitted and will prompt an error message.</p> <p>Use the <b>undo</b> <b>arp check enable</b> command to disable the function. Then, the device can learn the ARP entry with a multicast MAC address, and you can also configure such a static ARP entry on the device.</p> <p>By default, ARP entry check is enabled.</p> <h3>Examples</h3> <p># Enable ARP entry check.</p> <p><Sysname> system-view</p> <p>[Sysname] arp check enable</p> </blockquote> <p><font color="#666666">Switches with this enabled by default:</font></p> <ul> <li>HP/H3C 5800-24G (JC099A,JC100A,JC103A)</li> <li>HP/H3C 5800-48G (JC104A,JC105A,JC101A)</li> <li>HP/H3C 5800AF-48G (JG225A)</li> <li>HP/H3C 582014XG-SFP+ (JC106A)</li> <li>HP/H3C 5829-24XG-SFP+ (JC102A)</li> <li>HP/H3C 5820AF-24XG (JG219A)</li> <li>HP 7510 (JD238B)</li> <li>HP 7506-V (HD241B)</li> <li>HP 7506 (JD239B)</li> <li>HP 7503 (JD240B)</li> <li>HP 7503-S (JD243B)</li> <li>HP 7502 (JD242B)</li> </ul> <p><font color="#666666">This might effect more models then this but these are ones that can be confirmed to have this on by default.</font></p> Patrick Nielsenhttp://www.blogger.com/profile/08039025128943074459noreply@blogger.com0tag:blogger.com,1999:blog-8347309837189679565.post-56620817468956994292012-01-12T10:29:00.001-06:002012-01-12T10:29:25.940-06:00Inbound TCP Connection denied flags SYN on interface<p>I’ve had a few times I noticed some networks could talk to each other and some would be denied. I found messages like the one below in the syslog (or in log viewer). </p> <blockquote> <pre>ASA-2-106001</pre><br /><br /> <pre>Inbound TCP connection denied from<em> X.X.X.X </em>to <br /><em>Y.Y.Y.Y</em> flags SYN on interface interface_name</pre><br /></blockquote><br /><br /><p>It turns out most of the time the interface is created with a incorrect security level on the interfaces. Security levels by default are used to allow implicit rules to communicate with lesser secure networks without having to maintain rules. For example a network with security level of 50 would be able to access a network 40 without any issues. </p><br /><br /><p><a href="http://lh5.ggpht.com/-XA_pFwrOLNU/Tw8KYiM736I/AAAAAAAABFw/53h_3ll52fs/s1600-h/image%25255B8%25255D.png"><img style="background-image: none; border-bottom: 0px; border-left: 0px; margin: 0px; padding-left: 0px; padding-right: 0px; display: inline; border-top: 0px; border-right: 0px; padding-top: 0px" title="image" border="0" alt="image" src="http://lh4.ggpht.com/-7Aespoz9ud8/Tw8KYyftekI/AAAAAAAABF0/RQSzmNlKWDI/image_thumb%25255B4%25255D.png?imgmax=800" width="244" height="127" /></a></p><br /><br /><p>But for most the times I run into this issue its because same security level blocking. This is also on by default and the fix is either to change the security levels of one of the effected interfaces or enable that security policy. To enable the security policy either use the command below or check the Enable traffic between two or more interfaces which are configured with same security levels.</p><br /><br /><blockquote><br /> <p>same-security-traffic permit inter-interface</p><br /></blockquote><br /><br /><p><a href="http://lh6.ggpht.com/-iGTof-YWDgU/Tw8KZG4mATI/AAAAAAAABGA/2Vta8ddhqgQ/s1600-h/image%25255B5%25255D.png"><img style="background-image: none; border-bottom: 0px; border-left: 0px; padding-left: 0px; padding-right: 0px; display: inline; border-top: 0px; border-right: 0px; padding-top: 0px" title="image" border="0" alt="image" src="http://lh3.ggpht.com/-ymhu3_ouwD4/Tw8KZcmOULI/AAAAAAAABGI/e-y3NF4273c/image_thumb%25255B3%25255D.png?imgmax=800" width="244" height="48" /></a></p> Patrick Nielsenhttp://www.blogger.com/profile/08039025128943074459noreply@blogger.com1tag:blogger.com,1999:blog-8347309837189679565.post-24296128582714284812011-10-27T15:04:00.001-05:002011-10-27T15:04:58.113-05:00Beta Releases for System Center Service Manager and App Controller<p>I don’t normally post about software pre-releases but for myself these are long awaited releases. Below are links to download the entire pre-release images or single image downloads.</p> <p><a title="http://technet.microsoft.com/en-us/evalcenter/hh505660.aspx?ocid=otc-f-corp-jtc-DPR&wt.mc_id=TEC_103_1_5" href="http://technet.microsoft.com/en-us/evalcenter/hh505660.aspx?ocid=otc-f-corp-jtc-DPR&wt.mc_id=TEC_103_1_5">http://technet.microsoft.com/en-us/evalcenter/hh505660.aspx?ocid=otc-f-corp-jtc-DPR&wt.mc_id=TEC_103_1_5</a></p> <p><a title="http://www.microsoft.com/en-us/server-cloud/system-center/trial.aspx" href="http://www.microsoft.com/en-us/server-cloud/system-center/trial.aspx">http://www.microsoft.com/en-us/server-cloud/system-center/trial.aspx</a></p> Patrick Nielsenhttp://www.blogger.com/profile/08039025128943074459noreply@blogger.com0tag:blogger.com,1999:blog-8347309837189679565.post-53957636019976895312011-10-06T14:19:00.001-05:002011-10-06T14:19:02.583-05:00DPM 2010–Unable to connect to DPM database instance<p>Using DPM 2012 Administrator Console to connect to DPM 2010 servers is now possible thanks to the DPM team. I noticed right away it requires SQL Server to connect to. The error below reports that its unable to connect to the DPM database instance.</p> <p><a href="http://lh3.ggpht.com/-qNPMFHRRcaw/To3_EuiXenI/AAAAAAAABBM/Wv5jDGd0JjY/s1600-h/image18%25255B2%25255D.png"><img style="background-image: none; border-bottom: 0px; border-left: 0px; padding-left: 0px; padding-right: 0px; display: inline; border-top: 0px; border-right: 0px; padding-top: 0px" title="image" border="0" alt="image" src="http://lh6.ggpht.com/-4idVvJhKr00/To3_E1_9OPI/AAAAAAAABBQ/mouEwWl7TRs/image18_thumb%25255B1%25255D.png?imgmax=800" width="244" height="130" /></a></p> <p>To fix this issue you will want to add the SQL Server Browser and SQL Server port. Below explains which firewall rules to add.</p> <p>Find your SQL Server port by using SQL Server Configuration Manager on the DPM server. You will want to use this Dynamic port for the firewall rule. </p> <p><a href="http://lh5.ggpht.com/-cXF5YXVsIjE/To3_FVEuq3I/AAAAAAAABBU/TbLKk7NfdAQ/s1600-h/image2.png"><img style="background-image: none; border-right-width: 0px; margin: 0px; padding-left: 0px; padding-right: 0px; display: inline; border-top-width: 0px; border-bottom-width: 0px; border-left-width: 0px; padding-top: 0px" title="image" border="0" alt="image" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg0p_-5z_JUMDPZEZO6gkH9FQsxKGCJD4f5KFyozY4aXiJwLiMel3D3SC97VPcjKJHeKtowFmOnRCbM21dfM0_KZ4lTc56xx49J7lgE5WqWZilG8nuJscuU6ioUXk18Notev3jQ8rX0TuU/?imgmax=800" width="222" height="244" /></a></p> <p>As an alternitivate you could just as the SQL Server application to the firewall rule. But I’m going to do port based for this example.</p> <p><a href="http://lh5.ggpht.com/-WTQSlsUrG3Q/To3_F7jwW6I/AAAAAAAABBc/-NCpp2BLYEI/s1600-h/image5.png"><img style="background-image: none; border-right-width: 0px; margin: 0px; padding-left: 0px; padding-right: 0px; display: inline; border-top-width: 0px; border-bottom-width: 0px; border-left-width: 0px; padding-top: 0px" title="image" border="0" alt="image" src="http://lh6.ggpht.com/-Sr20QBRuXm0/To3_G0-5ERI/AAAAAAAABBg/2k1R4Ry5UH8/image_thumb1.png?imgmax=800" width="244" height="196" /></a></p> <p>Here I enter my dynamic SQL Server port to the firewall rule.</p> <p><a href="http://lh6.ggpht.com/-rtri5ydhtJ0/To3_HS3LNEI/AAAAAAAABBk/I-stacTzbf0/s1600-h/image8.png"><img style="background-image: none; border-right-width: 0px; margin: 0px; padding-left: 0px; padding-right: 0px; display: inline; border-top-width: 0px; border-bottom-width: 0px; border-left-width: 0px; padding-top: 0px" title="image" border="0" alt="image" src="http://lh6.ggpht.com/-N0jA4bjvCDc/To3_IFlgAMI/AAAAAAAABBo/FAZMpD6dghQ/image_thumb2.png?imgmax=800" width="244" height="196" /></a></p> <p>Allow the connection for this rule.</p> <p><a href="http://lh5.ggpht.com/-1FNCUN23dE8/To3_IaTeyeI/AAAAAAAABBs/AWIsP8XExwI/s1600-h/image14.png"><img style="background-image: none; border-right-width: 0px; margin: 0px; padding-left: 0px; padding-right: 0px; display: inline; border-top-width: 0px; border-bottom-width: 0px; border-left-width: 0px; padding-top: 0px" title="image" border="0" alt="image" src="http://lh3.ggpht.com/-c5nJyFc7SbU/To3_IsGHstI/AAAAAAAABBw/Xf14UT6i4iA/image_thumb4.png?imgmax=800" width="244" height="196" /></a></p> <p>For profiles I selected all as a default. For a domain environment you could go with domain level.</p> <p><a href="http://lh6.ggpht.com/-wKAtJrpvYnY/To3_JOWoDQI/AAAAAAAABB0/N1JsjgX2gUk/s1600-h/image17.png"><img style="background-image: none; border-right-width: 0px; margin: 0px; padding-left: 0px; padding-right: 0px; display: inline; border-top-width: 0px; border-bottom-width: 0px; border-left-width: 0px; padding-top: 0px" title="image" border="0" alt="image" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhP5ydFMEE7qsalsUjF8sMG01RAsp-wy2EnMrgqRWlbNFWfUGaRE5Ai4aP3BDQMxwAaUECQqGJUdJAHBxz-ssxpbJ-aoLMCKYeVyKbx1DJpg9JQweWF72R99SF_D3JnpeBYETXxwpHkUrw/?imgmax=800" width="244" height="196" /></a></p> <p>Do the same for SQL Server Browser which is port 1434 protocol UDP.</p> Patrick Nielsenhttp://www.blogger.com/profile/08039025128943074459noreply@blogger.com0tag:blogger.com,1999:blog-8347309837189679565.post-32700171419035913922011-10-05T12:37:00.001-05:002011-10-05T12:37:34.080-05:00DPM 2010 – Error Opening installation log file<p>While installing DPM 2010 updates you might encounter Error opening installation log file. This happened with pretty much any update attempted.  For the instance that I worked on was the folder was either deleted or never created on the DPM 2010 Server. Below is the error related to this article.</p> <p><a href="http://lh3.ggpht.com/-HVD7qR92vEE/ToyV0_3r8BI/AAAAAAAABAs/KCOsoaEkgrY/s1600-h/image%25255B2%25255D.png"><img style="background-image: none; border-bottom: 0px; border-left: 0px; padding-left: 0px; padding-right: 0px; display: inline; border-top: 0px; border-right: 0px; padding-top: 0px" title="image" border="0" alt="image" src="http://lh5.ggpht.com/-6Mo6-L2rvOM/ToyV1DxE__I/AAAAAAAABAw/HK4ZsX_2gIs/image_thumb.png?imgmax=800" width="244" height="163" /></a></p> <p>Creating the folder %systemdrive%\DPMLogs which for most servers is c:\DPMLogs as seen below</p> <p><a href="http://lh6.ggpht.com/-1V1e60zarlg/ToyV1QvotnI/AAAAAAAABA0/jHizqjnlfnY/s1600-h/image%25255B11%25255D.png"><img style="background-image: none; border-bottom: 0px; border-left: 0px; margin: 0px; padding-left: 0px; padding-right: 0px; display: inline; border-top: 0px; border-right: 0px; padding-top: 0px" title="image" border="0" alt="image" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjHiExv29qgtGEo_3YQSiprHD6pZTlmxAOBD2XWg5SPzEFsi7moHOLXQ33xZKV2cSc0j6djoEm4BC7nlQAkxhi35mLDUA7e088iPyxkd1g71GcYx29ngLZBdVQnJfY_MeuGtWpuh0eDKvU/?imgmax=800" width="244" height="104" /></a></p> <p>If the user has permissions to this folder you should get the updater to start running. </p> <p><a href="http://lh5.ggpht.com/-K-Manh5_acQ/ToyV2PqEFRI/AAAAAAAABA8/CLbV2hiLk0M/s1600-h/image%25255B8%25255D.png"><img style="background-image: none; border-bottom: 0px; border-left: 0px; margin: 0px; padding-left: 0px; padding-right: 0px; display: inline; border-top: 0px; border-right: 0px; padding-top: 0px" title="image" border="0" alt="image" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj8uGpBt6ayBz2Cq83hB8sxI-RfNkhJcLIhhevLm_Yjg5DAmnNxWyGZS2QSJvGhyphenhyphenRtUnLz-TJSjibLpW8e69WXqihZDmyp6yFO2cb2a2GYUQuzdZ-LHuBkDWezD_q95Vg3Gba5jnzHAiPs/?imgmax=800" width="244" height="163" /></a></p> <p>Log file should be created and if more issues arise you can check this log.</p> <p><a href="http://lh6.ggpht.com/-oWkOgA6WeqY/ToyV3BNhcPI/AAAAAAAABBE/bgOUmsj4Vrg/s1600-h/image%25255B5%25255D.png"><img style="background-image: none; border-bottom: 0px; border-left: 0px; margin: 0px; padding-left: 0px; padding-right: 0px; display: inline; border-top: 0px; border-right: 0px; padding-top: 0px" title="image" border="0" alt="image" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhJIG-oTI_pqLcWnHHKQFgr3rlYRGc_1CDDZUbNDw9PTsMt9m8oNdqYFYNr5C2cs9r2MOJqaeQj3DirY_0NA9meHdLOUA5TSj8npAskK4GmK2w2YnsFxjbwJFRwmdafFMeHSvgRVGsS53g/?imgmax=800" width="244" height="109" /></a></p> Patrick Nielsenhttp://www.blogger.com/profile/08039025128943074459noreply@blogger.com0tag:blogger.com,1999:blog-8347309837189679565.post-53896669987787535312011-09-20T14:24:00.001-05:002011-09-20T14:24:44.385-05:00Windows 8 – Install on VMware Workstation/Player<p>Here is a easy guide to install Windows 8 on VMware workstation or player. The catch right now is you can only currently get VMware player 4 in the workstation 8 installer.</p> <p>VMware Workstation 8+</p> <p>VMware Player 4+</p> <p><a href="http://lh6.ggpht.com/-2HxOgRzlTjU/TnjoXwXSwHI/AAAAAAAAA-Q/g07dkwmoOr4/s1600-h/image%25255B44%25255D.png"><img style="background-image: none; border-bottom: 0px; border-left: 0px; padding-left: 0px; padding-right: 0px; display: inline; border-top: 0px; border-right: 0px; padding-top: 0px" title="image" border="0" alt="image" src="http://lh4.ggpht.com/-OF4KEXCcI8M/TnjoYGQ_8DI/AAAAAAAAA-U/xu_oyR-gd4U/image_thumb%25255B14%25255D.png?imgmax=800" width="239" height="79" /></a></p> <p>Windows 8 ISO Download:</p> <p><a href="http://msdn.microsoft.com/en-us/windows/apps/br229516">http://msdn.microsoft.com/en-us/windows/apps/br229516</a></p> <p>VMWare Workstation Download:</p> <p><a href="http://www.vmware.com/products/workstation/overview.html">http://www.vmware.com/products/workstation/overview.html</a></p> <h3>Installing VM</h3> <p>Install Your Windows 8 VM using the ISO aquired from the URL above and </p> <p><a href="http://lh5.ggpht.com/-83pHg0NYmTk/TnjoYVd33OI/AAAAAAAAA-Y/suuOm7HJcz0/s1600-h/image%25255B23%25255D.png"><img style="background-image: none; border-bottom: 0px; border-left: 0px; margin: 0px; padding-left: 0px; padding-right: 0px; display: inline; border-top: 0px; border-right: 0px; padding-top: 0px" title="image" border="0" alt="image" src="http://lh3.ggpht.com/-B5_XYcSQFXo/TnjoY8v3vQI/AAAAAAAAA-c/moDfF3UHjZ4/image_thumb%25255B7%25255D.png?imgmax=800" width="244" height="222" /></a></p> <p>Select Windows 7 x64</p> <p><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjYqo59PSXJymmmgt659M5srNQ5KJh02s4QvMDoHN27IDI0tGRA5JDx0VRhWnp3dHywcUluGZ320yTgGamEBVZ8VfxyOlrz7T_SKTtujowQkALcZsvuxlRO7H5CBy5fz7WKIAwO3Z88_Po/s1600-h/image%25255B5%25255D.png"><img style="background-image: none; border-bottom: 0px; border-left: 0px; margin: 0px; padding-left: 0px; padding-right: 0px; display: inline; border-top: 0px; border-right: 0px; padding-top: 0px" title="image" border="0" alt="image" src="http://lh5.ggpht.com/-oMcXU2fd3c8/TnjoZdnT2fI/AAAAAAAAA-k/JN6Q77vUggQ/image_thumb%25255B1%25255D.png?imgmax=800" width="244" height="222" /></a></p> <p>Choose a name and path for your VM</p> <p><a href="http://lh3.ggpht.com/-1PasXSC2lRY/TnjoZ49jv7I/AAAAAAAAA-o/7mNPspGFu3o/s1600-h/image%25255B11%25255D.png"><img style="background-image: none; border-bottom: 0px; border-left: 0px; padding-left: 0px; padding-right: 0px; display: inline; border-top: 0px; border-right: 0px; padding-top: 0px" title="image" border="0" alt="image" src="http://lh3.ggpht.com/-Z1TAGv89RQ0/TnjoaMvOyhI/AAAAAAAAA-s/BRQiq7nSGQw/image_thumb%25255B3%25255D.png?imgmax=800" width="244" height="222" /></a></p> <p>Select Disk options for your VHD (Normally select one file for simplified management)</p> <p><a href="http://lh5.ggpht.com/-1I5CDjpLnSI/Tnjoab-vG2I/AAAAAAAAA-w/sEfQxUzIFTc/s1600-h/image%25255B17%25255D.png"><img style="background-image: none; border-bottom: 0px; border-left: 0px; margin: 0px; padding-left: 0px; padding-right: 0px; display: inline; border-top: 0px; border-right: 0px; padding-top: 0px" title="image" border="0" alt="image" src="http://lh3.ggpht.com/-pvOfqDLAzpU/Tnjoax5HYLI/AAAAAAAAA-0/PI3LiQInvP4/image_thumb%25255B5%25255D.png?imgmax=800" width="244" height="222" /></a></p> <p>Edit the Virtual Machine Settings</p> <p>Add ISO to your DVD and Change all system settings to meet Windows 8 Minimum requirements</p> <p>CPU: 1+ GHz</p> <p>RAM: 1+ GB</p> <p>HD: 16+ GB</p> <p><a href="http://lh4.ggpht.com/-3wCVvyyt6LA/TnjobWLyRZI/AAAAAAAAA-4/pd8qKbnVUco/s1600-h/image%25255B29%25255D.png"><img style="background-image: none; border-bottom: 0px; border-left: 0px; margin: 0px; padding-left: 0px; padding-right: 0px; display: inline; border-top: 0px; border-right: 0px; padding-top: 0px" title="image" border="0" alt="image" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEihn11eMOPG8TgFwJy8nUnJ3w3HtgI2ANg5F7GVLEF48GGeJzmAOHtcvugBkpFjJ445hGsD_LZ8zb-X96TztbKI7sRRCiw8bwjMYnnuzW_zDwmDyWfO9ZMgMH9Ya5C4HiHk8kK4sfSjo1w/?imgmax=800" width="244" height="212" /></a></p> <p>You should receive the installer dialog.</p> <p><a href="http://lh6.ggpht.com/-aHzEGzQIRE0/TnjocEDJqLI/AAAAAAAAA_A/N8HyZF2qKW8/s1600-h/image%25255B32%25255D.png"><img style="background-image: none; border-bottom: 0px; border-left: 0px; margin: 0px; padding-left: 0px; padding-right: 0px; display: inline; border-top: 0px; border-right: 0px; padding-top: 0px" title="image" border="0" alt="image" src="http://lh4.ggpht.com/-9hv2DK1rem4/TnjocoYhB2I/AAAAAAAAA_E/ycBxEk9iYzo/image_thumb%25255B10%25255D.png?imgmax=800" width="244" height="199" /></a></p> <p>Select custom since this is a new virtual machine.</p> <p><a href="http://lh3.ggpht.com/-rth3ciIp_bg/TnjodIa-ktI/AAAAAAAAA_I/OVRiIgjZK0M/s1600-h/image%25255B38%25255D.png"><img style="background-image: none; border-bottom: 0px; border-left: 0px; margin: 0px; padding-left: 0px; padding-right: 0px; display: inline; border-top: 0px; border-right: 0px; padding-top: 0px" title="image" border="0" alt="image" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjgC6bm0mq5Fnns-6sEGL9M4KNb1F-BELoKcxzYWP-uUMHDuD6yYk5wRcJUbe71xS1aSOSzMY-EqNhrukHbAJ3ZHuICnvh01MiGrsYGp4YUbqOzFWmPySaZaPRjLOpB1OXCuLKm7Fr7ERM/?imgmax=800" width="244" height="199" /></a></p> <p>Windows 8 should come up with configuration wizard.</p> <p><a href="http://lh4.ggpht.com/-HPGNM5OSBLc/TnjoduL5FeI/AAAAAAAAA_Q/saDzujhZge8/s1600-h/image%25255B50%25255D.png"><img style="background-image: none; border-bottom: 0px; border-left: 0px; margin: 0px; padding-left: 0px; padding-right: 0px; display: inline; border-top: 0px; border-right: 0px; padding-top: 0px" title="image" border="0" alt="image" src="http://lh6.ggpht.com/-u3uq2Tf_qus/TnjoeHsVNJI/AAAAAAAAA_U/X1ePVVEwczY/image_thumb%25255B16%25255D.png?imgmax=800" width="244" height="199" /></a></p> <h3>Troubling Shooting</h3> <p>I noticed if you leave a dialog open during install like the help or about menu in VMware you might get a watchdog timeout error.</p> <p><a href="http://lh3.ggpht.com/-fuuDdsNro0U/TnjoeYtpntI/AAAAAAAAA_Y/CuOhFKLiLZ4/s1600-h/image%25255B47%25255D.png"><img style="background-image: none; border-bottom: 0px; border-left: 0px; margin: 0px; padding-left: 0px; padding-right: 0px; display: inline; border-top: 0px; border-right: 0px; padding-top: 0px" title="image" border="0" alt="image" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgGlfmLG2PN2HeUxsIzBFJahea1qNTztupSqvMtTCkX5d5IcTJ_AqIRrwlgi0iDQYR1h540D-C15XdmWCV14jor4wCxRowKwinzeM7LbvXOMASkGBUMnqllbvKLuU7EwVJFDx3fwtzjM6k/?imgmax=800" width="244" height="199" /></a></p> <p>vcpu-0:NOT_IMPLEMENTED! error comes from running VMware Player 3.x versions and should be updated to version 4.</p> Patrick Nielsenhttp://www.blogger.com/profile/08039025128943074459noreply@blogger.com0tag:blogger.com,1999:blog-8347309837189679565.post-4563237571943243102011-09-13T09:51:00.001-05:002011-09-13T09:51:49.691-05:00SQL Server 2008 – SSIS SQL Job Error Excel Connection Manager 64-bit<p>This Error below happens when running a package that connects to a Excel file in 64bit install. You can still run your package on as a 32bit job to allow for the excel manager to work.</p> <blockquote> <p>Error: 0xC00F9304 at Package, Connection manager "Excel Connection Manager": SSIS Error Code DTS_E_OLEDB_EXCEL_NOT_SUPPORTED: The Excel Connection Manager is not supported in the 64-bit version of SSIS, as no OLE DB provider is available.</p> </blockquote> <p><font color="#666666">To change your SQL Server 2008/R2 SSIS package to run in 32bit mode you will need to goto <em>properties</em> on the SQL job. Open up the <em>steps</em> and choose the step that runs your SSIS package. Then pick the <em>execution options</em> tab to find the <em>use 32bit runtime</em>.</font></p> <p><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhF2OKc-_-WQAwHibzhG7AemPIaO1Megneq67z7kiwM0t-N1j1mtHrsyLl7uR8urE-My8spJlrANERc0SScWL13Aiybx4aOkl5c-yhc_JPmryYz4_grSj5SxZkFwawkrvNdCoFp0NhyMVI/s1600-h/image%25255B2%25255D.png"><img style="background-image: none; border-bottom: 0px; border-left: 0px; margin: 0px; padding-left: 0px; padding-right: 0px; display: inline; border-top: 0px; border-right: 0px; padding-top: 0px" title="image" border="0" alt="image" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjB-eQ1zq-nwnnlzIocs1ksjHj6I9a1PYTMnKLGdG_EVFFgJNUqONPZTvdmmR8Fmlwp6Fg5mQzNOm6WYvOCiQWagxoZZUO1k8bB7M0w-cN7NajFxeURLpJeGlwn9UOCxbuoSpjDbfv3Y0w/?imgmax=800" width="244" height="225" /></a></p> Patrick Nielsenhttp://www.blogger.com/profile/08039025128943074459noreply@blogger.com0tag:blogger.com,1999:blog-8347309837189679565.post-4093923553531882232011-09-12T16:17:00.001-05:002011-09-12T16:17:18.248-05:00Cisco ASA – Deny inbound (Type 0, Code 0)<p>This interesting issue I came about after looking into an ASA connected to pair of switches that did not have ARP snooping turned on. The error message below happened when trying to send ping (echo) to anything server in the same subnet.</p> <blockquote> <p>3    Aug 29 2011    10:41:15    106014    X.X.X.X        X.X.X.Y        Deny inbound icmp src Secure:X.X.X.X dst Secure:X.X.X.Y (type 0, code 0);</p> </blockquote> <p>After getting IP conflicts on servers in that subnet I read more about the <em>Proxy Arp</em> feature which is enabled by default. This feature is to respond on all arp requests to them to go through your ASA device. I could see this being very usable if you wanted to use IPS or force NAT translations on all traffic.</p> <p>Here is the current help document for Proxy as of <em>ASA Version 8.4.2</em> but make sure to check your ASA for up to date documentation.</p> <blockquote> <p><strong>Disabling Proxy ARPs <br /></strong>When a host sends IP traffic to another device on the same Ethernet network, the host needs to know the MAC address of the device. ARP is a Layer 2 protocol that resolves an IP address to a MAC address. A host sends an ARP request asking "Who is this IP address?" The device owning the IP address replies, "I own that IP address; here is my MAC address." </p> <p>Proxy ARP is used when a device responds to an ARP request with its own MAC address, even though the device does not own the IP address. The ASA uses proxy ARP when you configure NAT and specify a mapped address that is on the same network as the ASA interface. The only way traffic can reach the hosts is if the ASA uses proxy ARP to claim that the MAC address is assigned to destination mapped addresses. </p> <p>Under rare circumstances, you might want to disable proxy ARP for NAT addresses. </p> <p>If you have a VPN client address pool that overlaps with an existing network, the ASA by default sends proxy ARPs on all interfaces. If you have another interface that is on the same Layer 2 domain, it will see the ARP requests and will answer with the MAC address of its interface. The result of this is that the return traffic of the VPN clients towards the internal hosts will go to the wrong interface and will get dropped. In this case, you need to disable proxy ARPs for the interface on which you do not want proxy ARPs. </p> <p>To disable proxy ARPs,perform the following steps: </p> <p>1.Choose Configuration > Device Setup > Routing > Proxy ARPs. <br />The Interface field lists the interface names. The Proxy ARP Enabled field shows whether or not proxy ARP is enabled (Yes) or disabled (No) for NAT global addresses. </p> <p>1.To enable proxy ARP for the selected interface, click Enable. By default, proxy ARP is enabled for all interfaces. <br />2.To disable proxy ARP for the selected interface, click Disable. <br />3.Click Apply to save your settings to the running configuration. </p></blockquote> Patrick Nielsenhttp://www.blogger.com/profile/08039025128943074459noreply@blogger.com0tag:blogger.com,1999:blog-8347309837189679565.post-18273415588254795652011-08-26T15:06:00.001-05:002011-08-26T15:09:11.214-05:00Lync – Enable Remote Call Control on all Users<p>This Example is for setting up Remote Call Control (RCC) with Cisco Unified Presence Server (CUPS). This example used IPPhone property in Active Directory (AD) which is mapped to Cisco Unified Communications Manager (CUCM). That could be swapped out with where you store your extensions. After following the instructions in the reference below for CUPS I needed to enable users in Lync for RCC. Below is a script that pulls users from AD based by Organizational Unit (OU) and where ipphone is not null. Last part is piping that into <em>set-CsUser</em> using Account Name to create my Sip Address and Sip URI for line monitoring.</p> <blockquote> <p>Import-Module ActiveDirectory <br />Import-Module Lync</p> <p>Get-ADUser -Filter "*" -Properties ipphone -SearchBase "OU=Employees,dc=ImageTrend,dc=com" ` <br />| where {$_.ipphone -ne $null } ` <br />| foreach{ <br />Set-CsUser -RemoteCallControlTelephonyEnabled $true -Identity $_.SamAccountName -LineServerURI "sip:$($_.SamAccountName)@Cups01.Domain.com" -LineURI "tel:$($_.ipphone)" <br />}</p> </blockquote> <p><font color="#666666"></font></p> <p><font color="#666666">If you get errors with either of modules you are missing the <a href="http://www.microsoft.com/download/en/details.aspx?id=7887">RSAT SP1</a> or Lync PowerShell which is available from the Lync Install.</font></p> <h5>Enabling All Users in OU for Lync</h5> <p><a title="http://blog.patricknielsen.net/2011/06/lync-2010-enabling-all-users-in-ou.html" href="http://blog.patricknielsen.net/2011/06/lync-2010-enabling-all-users-in-ou.html">http://blog.patricknielsen.net/2011/06/lync-2010-enabling-all-users-in-ou.html</a></p> <h5>Reference for setting up the rest of Lync and CUPS.</h5> <p><a href="http://www.cisco.com/en/US/docs/voice_ip_comm/cups/8_5/english/integration_notes/IntegrationNote_CUP852_MicrosoftLyncServer2010_RCC.html">http://www.cisco.com/en/US/docs/voice_ip_comm/cups/8_5/english/integration_notes/IntegrationNote_CUP852_MicrosoftLyncServer2010_RCC.html</a></p> Patrick Nielsenhttp://www.blogger.com/profile/08039025128943074459noreply@blogger.com0