HP wasn’t ready to split

August 4th, 2015 No comments

Yesterday I was trying to download HP Service Pack for ProLiant (SPP) from HP.COM website. It didn’t work at all – still some HTTP errors. Finally I found out that HP moved all its stuff to new domain hpe.com (HP Enterprise). That’s fine, but they forgot to rewrite all urls on websites to new hpe.com. :-) Finally I tried couple google hacks and I found HP FTP server where I could browse and find what I was looking for ftp://ftp.hp.com/pub/softlib2/software1/cd-generic/p67859018/.

Maybe this help someone faster than looking on slow HP’s websites.

 

Categories: Unassigned Tags:

Upgrade na Windows 10

July 31st, 2015 No comments

Prisiel ten cas ked je Windows 10 vonku a vela ludi sa chysta na migraciu. Danu aktualizaciu z Windows 8.1 na Windows 10 som absolvoval aj ja. Ak sa vam nechce cakat na to, aby vas vas operacny system vyzval k danej aktualizacii, tak si mozete danu aktualizaciu vynutit. Vynutit sa da stiahnutim cca 20 MB suboru z tejto stranky.

Spusti sa vam sprievodca, ktory vam ponukne stiahnut data pre vytvorenie DVD/USB media alebo spustenie aktualizacie. Ja som sa rozhodol spustit aktualizaciu. Stahovalo to cely windows na C: disk:

Windows 10 downloading

A nasledne sa spustila aktualizacia. Lenze mna zarazilo nasledovne okno:

Windows 10 selection

Mozno cislo jedna bola vysedena a nebolo mozne ju vybrat. Microsoft, bohuzial, dovoli pouzit prvu moznost len pre Windowsy, ktore su v jazykoch: Anglicky, Brazilsky, Portugalsky a jednoducha Cinstina. Je to smutne ale je to tak. Skusal som zeditovat aj instalacku a jej nastavenia ale nic nepomohlo. Taktiez som skusal zmenit nastavenia Windowsu na inu ako Slovensku lokaciu a taktiez nepomohlo. Vyzera, ze pri stahovani aktualizacie si dana aplikacia stiahla slovensku verziu aktualizacie a aj instalacky:

Windows 10 Slovak

Takze neostavalo nic ine ako ist na tuto stranku a stiahnut anglicku verziu instalacky. Ked sa po stiahnuti dana instalacka pustila, tak vsetko slo ako po masle:

Windows 10 Eng

Vsetky nastavenia mi ostali. Par aplikacii bolo potrebne preinstalovat (VPN klienti) ale inak vsetko funguje ako ma a uz fungujem na Windows 10:

Windows 10 ver

Nemam odskusane ci pri instalacii anglickej verzie Windows 10 sa zanecha slovenske prostredie alebo treba este doinstalovat slovencinu.

Dufam, ze dany navod pomoze niekomu dalsiemu :-)

Set account to expire on midnight

April 20th, 2015 No comments

Customer requested to force active directory accounts to expire on midnight or in the night and not during the day. So I’ve created following script to do so:

$UserList = Get-ADUser -Filter * -SearchBase "OU=USERS,DC=domain,DC=local" -Properties "DisplayName", "PasswordLastSet"
$Today = (Get-Date)
$MaxPasswdAge = (Get-ADDefaultDomainPasswordPolicy).MaxPasswordAge

ForEach ($User in $UserList)
   {
   $ExpireDate = ($User.PasswordLastSet) + $MaxPasswdAge
   $DaysToExpire = (New-TimeSpan -Start $Today -End $ExpireDate).Days
   If ($DaysToExpire -eq 1)
      {
      Set-ADUser -Identity $User -ChangePasswordAtLogon $true
      }
   }

#EOF

This script runs everyday at 23:55.

I found couple examples how to change pwdLastSet attribute on AD user’s object, but I don’t like that. I think this is cleared way to do so.

Have a nice day,

Problem with MTU

April 15th, 2015 2 comments

Problem

One of our customer has two branches. There is Site-2-Site VPN (based on Cisco ASA devices) between those two branches. There was weird problem when traffic went through that Site-2-Site VPN tunnel. Some communications were fine, but most of them didn’t work. Problems that we noticed:

  • OutlookAnywhere didn’t work
  • Domain controllers from both sides couldn’t replicate
  • HTTPS connections didn’t work
  • ESX client didn’t connect to ESXi server via tunnel (Call “ServiceInstance.RetrieveContent” for object “ServiceInstance” on Server…)

Solution

Change MTU on computer to something lower than 1500 MTU. You can use following commands:

netsh int ip show int

netsh interface ipv4 set subinterface “Local Area Connection” mtu=1300 store=persistent

If everything works, you need to adjust MTU on Cisco ASA devices. There is great article about it HERE. We used Method 2.

This change made local administrators very very very happy :-)

Categories: Computer network Tags:

Exchange 2010 move request failure

April 15th, 2015 No comments

I migrated from Exchange 2003 to Exchange 2010 and since then I was receiving following event:

 rep02

Event says:”The Microsoft Exchange Mailbox Replication service was unable to process a request due to an unexpected error”. Which means server cannot finish some request. In order to solve a problem I was looking for some replication settings. I found none. Then I looked into domain using ADSIEdit. I looked into:

CN=MailboxExportRequests, CN=MailboxReplication, CN=TeamSK, CN=Microsoft Exchange, CN=Services, CN=Configuration, DC=domain, DC=local

and I found there some old orphan move requests:

List of orphaned requests

When I used Get-MoveRequest cmdlet there was none move request displayed. So I’ve deleted those old move requests using ADSIEdit and there was no more bothering event on Exchange server.

Have a nice day,

 

Acer notebooks and IP 192.168.0.10

March 13th, 2015 4 comments

Our customer bought Acer notebooks and he started to have problem with management server :-) Management server has IP address 192.168.0.10. When I checked ARP responses other server using WireShark I found out that there are 10 ARP records for IP address 192.168.0.10. So there were IP conflicts.

WireShark ARP conflict

Customer has IP range 192.168.0.0/23 and management server has IP 192.168.0.10. Problem is that this stupid Acer Notebooks have same IP address 192.168.0.10 for their ASF and it’s enabled by default.

You can disable/configure ASF using BIOS:

  1. Go to BIOS -> Advanced -> Integrated Peripherals
  2. Set “ASF” to Disabled
  3. Save BIOS settings and restart PC

Have a nice day and don’t buy Acer 😀

 

VMWare Web Client pop-up windows

March 13th, 2015 No comments

Now new version (6) of VMware vShere is released. When you open website for vShere Web Client you get following warning (vmware-csd):

VMWare Web Client

The solution is to install VMware Client Integration Plugin. You can download it from here.

Or you can go all the way down on vShere Web Client website to “black space” and there is installation link for VMware Client Integration Plugin.

Let’s see some more newies from VMWare.

Have a nice day,

Categories: VMWare Tags: , ,

VMWare vExpert 2015

February 13th, 2015 No comments

I was selected as vExpert 2015 in VMWARE for my support on their community.

Thank you :-)

Categories: VMWare Tags:

Quickie: Problem accessing FTP using PHP

February 9th, 2015 No comments

One of our customer asked me to install and setup software to manage FTP storage via web page. We decided to insall ftp2net free version. I tested it at my testing server and there was no problem at all. At customer server I had problems. Installation went well. But when I tried to log to ftp2net website I received error that connection was refused. I decided to check if Safe mode is on. It was off. Then I checked if PHP restriction allow_url_fopen is on. It was on, so I turned it off. But website still didn’t work. I came to time when I started tcpdump and looked on network interfaces if there is any FTP traffic. There was none. When I tried FTP connection from shell on server, I could connect and I also saw FTP traffic via tcpdump. It was weird. Something blocked initialization of FTP connection for Apache processes.

I found solution after the lunch time :-) It was SELinux. It’s security feature for linux kernels. I had to run command:

setsebool -P httpd_can_network_connect 1

This command disables SELinux protection which protected network connection made by httpd/apache processes.

I wanted to spend 10 minutes on this product, but I spent almost half of the day debugging this issue :-)

Have a nice day,

Quickie: Use pfx certificate in linux

January 27th, 2015 No comments

When you export certificate in Windows with private key, you export it to .pfx file with password. When you want to use this certificate in linux you need to convert pfx file into .crt and .key files. You can use following commands to convert it:

[root@nagios]# openssl pkcs12 -in nagios.pfx -clcerts -nokeys -out nagios.crt
Enter Import Password:
MAC verified OK
[root@nagios]# openssl pkcs12 -in nagios.pfx -nocerts -nodes -out nagios.key
Enter Import Password:
MAC verified OK

Now you have two files .crt and .key which can be used in linux.

That’s all folks,

Categories: Linux, Microsoft, Quickie, Security Tags: