Netflix and opendns are not friends – netflix support sucks.

For some reason I had not opted to let the Netflix app on my Android TV and one day with an Android update it decided it was going to be using 4.0.4 build 1716 instead.

Then Netflix would not be able to load any video with somewhat getting stuck at 25% with the lovely error of tvq-pm-100 3.1-52.

Life after work ended. The evening entertainment was ruined for ever and I was not the same again. The downwards spirals was inevitable.

I chatted with Netflix, spends hours on the phone going through the meaningless scripted troubleshoot – had I restart my TV box? Log off and back on? clear the cache? reset the appliance? nothing I was on the verge of video deprivation.

The most intriguing aspect was the competent Netflix staff would say: well as it is not us, it must your network provider. Yet not able to say what getting stuck at 25% could mean. Where are the good old logs telling what is going on when you need them?

I then read on a forum that the Netflix Android TV app would rely on Google DNS to geo-triangulate you and spy on you.

In order to protect my household I had opted long ago for opendns to block the doubleclick and other webspam of the universe without issues in the previous versions of Netflix.

In the end, changing the DNS setting on that Android TV to use Google’s infamous DNS 8.8.8.8 and 8.8.4.4 to see Netflix videos loading at lightning speed and that very same Android TV box could again spy on me at will.

Thanks to Google’s sneakiness the end of the world was avoided.

Copy windows features from a server to another

Sometimes you want to create the (almost) same server where you do not yet Chef or CF or some sort of DSC. The best resort is to use what you have: get-windowsfeature

Imagine you want to configure Server B from Server A and obviously those are microsoft windows servers…

#On server A
#export features
> Get-WindowsFeature | ? { $_.Installed -AND $_.SubFeatures.Count -eq 0 } | Export-Clixml .\serverA.xml
#copy the feature file over
> cp .\serverA.xml ‘\\serverB\c$\Files’

#On server B
PS C:\Files> ls
Directory: C:\Files
Mode LastWriteTime Length Name
—- ————- —— —-
-a—- 6/8/2017 4:15 PM 510824 ServerA.xml
PS C:\Files> Import-Module Servermanager
PS C:\Files> Import-Clixml .\ServerA.xml | Add-WindowsFeature
Success Restart Needed Exit Code Feature Result
——- ————– ——— ————–
True Yes SuccessRest… {Application Server, .NET Framework 4.5, W…
WARNING: You must restart this server to finish the installation process.

Voila, another posh timesaver.

Nutanix AOS 5.1 & Companions are now GA

For the second time this year, Nutanix has released a major feature upgrade to AOS and companion software. Now available, is AOS 5.1! Top of the list of new features is vSphere 6.5 support for NX platforms (Nutanix branded gear). vSphere 6.5 support for OEM platforms is coming soon. But that’s not the only new feature. Here’s a rundown of some (not all) of the new features:

  • 1-click controller VM (CVM) memory upgrade
  • XenServer support on NX-1065-G5, NX-3060-G5, NX-3175-G5 (optionally with NVIDIA M60)
  • All-flash clusters now support adding hybrid nodes (e.g. cold storage only nodes). Minimum 2 AF nodes.
  • Automatic “admin” account password sync across all CVMs, Prism Web console, and SSH interfaces.
  • Docker container management through self-service portal.
  • Prism 1-click feature to install Docker host VM
  • Post-process compression is enabled by default on all new containers with Pro and Ultimate licenses
  • 1-click centralized upgrades from Prism Central
  • 1-click Prism central cluster registration and Prism Central Deployment
  • Pulse (telemetry) enabled for Prism Central
  • Auto-resolved alerts
  • User defined alerts
  • Graphics and compute mode for NVIDIA M60 GPU
  • CHAP authentication for Acropolis Block Services
  • Hot-plug CPU and memory on AHV VMs
  • Metro availability and synchronous replication supported across hardware vendors (NX, Dell, Lenovo). Async support continues.
  • VirtIO drivers updated to v1.1
  • Dynamically increase EC-X strip size as cluster is expanded
  • Much improved storage efficiency reporting in Prism (compression, dedupe, EC-X, etc.)
  • Disk rebuild time estimation
  • AFS supports Mac OS v10.10, v10.11, v10.12
  • Acropolis Block Service enhanced OS support (Solaris 11, RHEL 6, 7, 6.8)

Tech Preview Features include:

  • Software only support for UCS B-series blades
  • GPU pass-through for AHV guest VMs
  • Support 3rd-party network function VMs (e.g. load balancer, firewall, etc.) routed through Open vSwitch (OVS).

Companion Software Updates

  • Prism Central 5.1
  • Acropolis File Services (AFS) 2.1
  • Acropolis Container Services (ACS) 1.0
  • Foundation 3.7.2

Helpful Links

As of 5/1/2017, AOS 5.1 has not been enabled for automatic download and 1-click upgrades. As always, if you don’t want to wait for the automatic download switch to be flipped (in the near future), you can grab the AOS binary from the support portal and use our 1-click upgrade process. As always, thoroughly read the full release notes on the support portal before attempting an upgrade.

Adding permissions for ADFS 3.0 and DRS service to read private keys

Daniel Loughlin's Blog

We had to replace our ADFS Service Communications SSL certificate this week and I ran into a problem assigning read permissions on the new certificate’s primary key.

Both the ADFS and Domain Registration Service (DRS) services need read access to the SSL certificates private key, however the certificates snap-in would not let me add accounts drs or adfssrv

You can use the following powershell to add permissions to private keys:

$PrivateKey=(((Get-ChildItem Cert:LocalMachineMy | Where-Object {$_.Thumbprint -like "thumbprint"}).PrivateKey).CspKeyContainerInfo).UniqueKeyContainerName
$KeyPath = "C:ProgramDataMicrosoftCryptoRSAMachineKeys"
$FullPath=$KeyPath+$PrivateKey
$acl=Get-Acl -Path $FullPath
$Permission="NT SERVICEadfssrv","Read","Allow"
$AccessRule=new-object System.Security.AccessControl.FileSystemAccessRule $Permission
$acl.AddAccessRule($AccessRule)
Set-Acl $fullPath $acl

You can also, as I then remembered, just type NT SERVICEdrs or NT SERVICEadfssrv into the certificates snap in! It’s been a long week.

View original post

SAN v7000: How to fix broken HTTP web-GUI

I see the Dude.

knowledgedirectory

I thought i would never write about storage on this blog, but it turns out strange things happen to SAN”s as well. I do normally not work with SAN that much, the ones im familiar to is IBM DS3400 and Storeweize v7000. Today the v7000 stoped answer to https, so we could not manage it with the web gui.

Luckily one of the nodes still got HTTP service up. So here is what i did:

  1. Connect to the Node.
  2. Chose the Node you would like to restart the tomcat on (webserver).
  3. Go to “Restart Service”

4.  And chose to restart the Web server (Tomcat)

If you don’t have the same amount of luck as i had. You will have to restart the web server using CLI. You can only run satask commands if you connected to the CLI using the SSH private key which is associated with the user called superuser. No other SSH key will allow you to run satask commands:

View original post 180 more words

Exchange Message Tracking Statistics for Zabbix

I surely missing something but somehow I could not find a way to easily retrieve statistics of Sent and Received messages from Exchange 2013 (SP1 with DAG). I first looked into the performance counters but I could not make sense of all of the MSExchangeTransport – or too lazy to research them up.

typeperf -qx | findstr /ic:MSExchangeTransport

And usually if I am tracking some email flooding or prior to investigating the queues, I go use the get-messagetrackinglog. And so I create a short script to gather the list of the last X minutes of messages, count them, make them available and them to zabbix using zabbix_sender.

So it goes like this:


#import snapin
Add-PSSnapin Microsoft.Exchange.Management.PowerShell.E2010

#list of transport servers
$hts = "EchangeTransport1","EchangeTransport2"
#start one Hour ago from now
$start = (get-date).AddMinutes(-30)
$end = (get-date)
#get all logs
$logs = $hts |% {get-messagetrackinglog -start $start -end $end -server $_ -resultsize unlimited}
#clear stats
$stats = ""| select sent,received
#count Deliver and Send
$logs |% {
if ($_.eventid -eq "Deliver"){[int]$stats.received += 1}
if ($_.eventid -eq "Send"){[int]$stats.sent+= 1}
}
#Display results for debug and info, comment or remove if not needed
$stats | ft -auto > LastCount.log
get-date >> LastCount.log

#cannot run the above using zabbix/system account on exchange
#use zabbix_sender
C:\zabbix\bin\win64\zabbix_sender.exe -z zabbixIP  -s $hts -k Stats.RxMessageCount -o $stats.received
C:\zabbix\bin\win64\zabbix_sender.exe -z zabbixIP -s $hts -k Stats.TxMessageCount -o $stats.sent

It is short and easy but that there some things to do in Zabbix and it can store the sent values, as per above Stats.RxMessageCount and Stats.TxMessageCount.

I went into Zabbix>Configuration>Templates to edit the template I had created to keep all of the Exchange things I monitor. Select the item screen and clicked that “Create Item” button.

msg1

Then the most important is the Type which must be Zabbix Trapper, the rest is up to you.I also chosen a “Unit” and created a new application “Exchange 2013 Statistics”.

msg2

Once the item is create, do the same for the other value. Altogether you’ll end up with 2 new items under the template.

Provided this template is assigned to your exchange host you are running the above script from, the values will be fed to Zabbix accordingly.

I actually set up a scheduled task that matches the timing and now I have some trending of the Sent and Received messages as per the Message Tracking Logs – Yeah it includes the HealthMonitor traffic, I know.

Additionally and once you have a baseline, you can also create a trigger based on the value received.

Deploy the SourceFire Cisco FireSight Management Virtual Appliance

As you know, Cisco entered the game of NGFW purchasing SourceFire. Still now, SourceFire is still a not integrated with ASA, which imo represents 2 different products to manage.

Here we will just deploy the FireSight Management Virtual Appliance which is the new name for the Defense Center. This is the configuration/control center for all of our FirePower devices. But first, let’s get it started.

Download the firesight ovf from the cisco web site. (log in required)
The current package is called:  Cisco_Firepower_Management_Center_VMware-6.0.1-1213 – use the DuckDuckGo Power instead of the browsing the Cisco site.

Somehow there are 2 OVFs:
Cisco_Firepower_Management_Center_Virtual_VMware-VI-6.0.1-1213.ovf
Cisco_Firepower_Management_Center_Virtual_VMware-ESXi-6.0.1-1213.ovf

They offer different style of setup. I am just going to pick the VI one as it includes a wizard to configure the network of the VM.

fire1

I find funny that this is a ovf that doesn’t support much vmware stuff. Not to say, it is officially not supported under ESX6!
The guide makes it look like nothing virtual is supported…
Guidelines and Limitations
The following limitations exist when deploying Firepower NGIPSv for VMware:

  • vMotion is not supported.
  • Cloning a virtual machine is not supported.
  • Restoring a virtual machine with snapshot is not supported.
  • Restoring a backup is not supported.

Something else puzzle me, while the memory and cpu are configurable, the disk size is not!
I wonder how we can increase the size for additional logging/retention.

fire2
Nonetheless, install the ovf as usual using the ovf wizard.
The wizard also include so configuration item for name, dns, and network settings…

It boots, and then says it is going to take forever to initialize. The Ui says up to 30 minutes, the manual says up to 40 minutes!

fire3

25 minutes later
WebUI seems started however

fire4

fire5
Once ready, onto some basic configuration:
Verifying network settings, ntp, smtp
Enabling VMware tools

fire6
Rules and Geolocation updates
Do the recurring update imports as well

fire7
Enable auto-backup
And of course register.

fire8
I usually would do the integrations with your ASA/Firepower device so that you can objects to create rules on and so on. Let me know what you want to see.

 

SCCM2012 (R2) new application creation fails

I had recently migrated my DBs from one volume to another volume due to space concerns, all was successful and life was good 🙂

However the other day, I wanted to create a new application and got the following “unknown” error.

The SMS Provider reported an error connecting to the ConfigMgr site database server. Verify that the SQL Server is online and that ConfigMgr site server computer account is an administrator on the ConfigMgr site database server.

SmsAdminUI.log would something unknown as well.

Description = “CSspConfigurationItem: SQL_ERROR”;
File = “e:\\qfe\\nts\\sms\\siteserver\\sdk_provider\\smsprov\\sspconfigurationitem.cpp”;
SQLMessage = “*** Unknown SQL Error!”;

Scratched my head a few times and started DDGing as the error was pretty self explanatory and found the following KB/Blog entry.

Basically, after such a DB files location move the SQL TRUSTWORTHY setting gets reset and the dbowner may change.

I hope on the MSSQL and executed the following queries to save the day – well only the creation of new packages.

ALTER DATABASE CM_CIE SET TRUSTWORTHY ON;
EXEC sp_changedbowner ‘sa’;

Then tried to create a new application and voilà…

Uninstall GP2010 and installation of GP2015

This document describes how to uninstall GP2010 and installation of GP2015.

Prerequisite: local admin rights to uninstall and install software on the machine

  1. Uninstall GP2010 following components
    1. GP2010, Mekorma MICR 2010, Integration Manager for Microsoft Dynamics GP 2010, Dexterity Shared Components 11.0 (64-bit)
    2. Remove the following folders
      1. C:\Program Files (x86)\Microsoft Dynamics\GP2010
      2. C:\Program Files (x86)\Common Files\microsoft shared\Dexterity
  2. Restart the computer
  3. Install GP2015 (includes dexterity 14) as usual.

Uninstall using WMIC

note that Mekorma not playing nice with wmic or msiexec – must uninstall manually.

wmic call Msiexec GUID
product where name=”Microsoft Dynamics GP 2010″ call uninstall /nointeractive {DC90A0A6-2D90-493E-8D13-D54AD123B9FD}
product where name=”Integration Manager for Microsoft Dynamics GP 2010″ call uninstall /nointeractive {FAFD8B80-E75F-4557-85F3-67B8D7A14E8F}
product where name=”Dexterity Shared Components 11.0 (64-bit)” call uninstall /nointeractive {F5459EB2-A662-4EB3-AD94-E771DC2F542A}
product where name=”Mekorma MICR 2010″ call uninstall /nointeractive {A45282DB-59DC-4A5D-9E1F-08A225D81A44}
To run on several nodes at the same time:
wmic:root\cli>/failfast:on /node:@”c:\temp\trainingwks.txt” product where name=”Microsoft Dynamics GP 2010″ call uninstall /nointeractive