Monthly Archives: September 2012

Microsoft

Trust Relationship Failed

Leave a comment

If you’ve ever worked in IT, you’ll probably receive at least one “The trust relationship between this workstation and the primary domain failed” error. Basically this means the security hash between Active Directory and your workstation has been corrupted/lost/something and it needs to be re-created. The usual way to do this was to disjoin or unjoin from the domain, and then join the domain once again. For remote users this posed another problem as the remote user must have local admin privileges AND a connection to the business network (usually a VPN). With the advent of SSL VPNs that do not have a client that can load before Windows/Linux/Mac OS starts, the user MUST login prior to connecting and therefore will not receive many of the GPO installation benefits associated with being on a domain. Needless to say, it was a PITA.

So I found an article by Dan Peterson (thanks Dan) that lays out a “better fix” than the rejoin to a domain. And I agree; it is a better fix.

Install Netdom.exe on your computer. I use Windows 7, so here’s how I did it:

Install Remote Server Administration Tools (RSAT) http://www.microsoft.com/downloads/details.aspx?FamilyID=7D2F6AD7-656B-4313-A005-4E344E43997D&displaylang=en
Programs and Features
Turn Windows Features On or Off
Remote Server Administration Tools > Role Administration Tools > AD DS and AD LDS Tools
Check AD DS Tools and click OK

Then run Netdom to reset the key:
netdom.exe resetpwd /s:DOMAINSERVER /ud:DOMAINADMINACCOUNT /pd:*

So in my case it was:
netdom.exe resetpwd /s:dc1.domain.tld /ud:domain.tld\administrator /pd:*

It then asks for the password for your domain admin account. Enter it in. When finished, reboot the machine and away you go.

Linux

Nagios Monitor Confluence Jira

1 Comment

Recently had to start monitoring a confluence installation on a virtual server using Nagios. Nagios’s built-in check_http looked like it could solve my woes. Unfortunately this was a slight pain due to the fact that confluence uses a non-standard port. So I had to relearn the commands.

I edited the service check first
nano /usr/local/nagios/etc/objects/commands.cfg
I copied the check_http command into a new one:

define command {
command_name check_http_port
command_line $USER1$/check_http -I $ARG1$ -u $ARG2$ -p $ARG3$ -s $ARG4$
}

So the command would be ./check_http -I (IP/Hostname) -u (URL Full Address) -p (Port) -s (String to look for). Technically this will already warn if there is a 400 or 500 error, but I also wanted to verify that the string could be found.

Now we edit the configuration of the system itself
nano /usr/local/nagios/etc/objects/confluence.cfg

define host{
use linux-server
host_name confluence
alias confluence
address 10.555.555.555
parents parent1, switch1, mfer1
hostgroups linux-production-servers, datacenter2
}

define service{
use generic-service
host_name confluence
service_description HTTP
check_command check_http_port!confluence!http://confluence:8090/login.action?os_destination=%2Fhomepage.action!8090!”Remember me”
}

Using the above check_command, you’re able to connect to the server and port listed above and check for the familiar login “remember me” string.

Microsoft

.Net 4.0 Server 2008 R2

Leave a comment

I was having an issue installing .net 4.0 on my WSUS server. I was receiving an 8024800c error. Reboot solved nothing.

I ended up stopping the automatic updates, deleting the SoftwareDistribution folder, restarting the updates service, and then I was able to install.

Open a command prompt
net stop "Windows Update"
del C:\Windows\softwareDistribution
y
net start "windows update"
Re-run your installation

Microsoft

Systeminfo Error Provider Failure

Leave a comment

I’m a huge fan of remotely diagnosing computer issues. If I tell a remote VPN user to bring in their equipment that means there is something terribly wrong with their system.

I was attempting to use systeminfo /s IPOFCOMPUTER to check the hotfixes that had been applied and verify the network wasn’t causing issues.

Loading Network Card Information …ERROR: Provider failure

Awesome.
Another site told me to delete the wbem/repository files as they were probably corrupt. WMI requires these files.
In order to delete them, you must turn off the WMI Service (Windows Management Instrumentation), but I was having difficulty stopping the service remotely via my services.msc connected to their system.

So I fired up psexec and ran the command lines:
psexec -s \\computerIP cmd.exe
net stop "windows management instrumentation"

I then deleted the files located in:
C:\windows\system32\wbem\Repository

Then start up the WMI:
net start "windows management instrumentation"

Now I could re-run the systeminfo /s systemnameorip and it worked like magic.

Linux

SFTP Email When New File Uploaded

1 Comment

I had setup vsftp for SSL (FTPES), but needed a way to send an alert to customer support whenever a file had been uploaded. Otherwise the support staff would need to manually check each customer’s folders to see if anything new had arrived.

Install Dnotify
apt-get install dnotify

Create your startup script
nano /dnotify.sh

dnotify -b -p 1 -r -C /home/ -e /email.sh {}

This will run dnotify in the -b background, no more than one -p process, -r recursive folder (subfolders), -C for file creations only, -e execute the following script.

Create your email script
nano /email.sh

#!/bin/bash
DIR=”$1″
rm /upload.txt
echo “Dear User,”>>/upload.txt
echo “A new file has been uploaded to the $DIR directory”>>/upload.txt
cat /upload.txt | mailx -s “New FTP File Upload” customersupport@domain.tld

Make both scripts run-able
chmod +x email.sh
chmod +x dnotify.sh

Run the script and test
./dnotify.sh
Upload a file using FTP/WinSCP/WGET or another method to any of the folders you’re searching (my script searches all of /home and subfolders).

I added this as a startup script.

I got most of my help from nixcraft

Linux

Upgrade NAS4Free Firmware

Leave a comment

I had NAS4Free server version x64_9.0.0.1.188 installed on a server and wanted to upgrade it to the latest version before moving into production.

I’m assuming you already have a ZFS (or other filesystem) share mounted on the server. And that SSH is enabled.

Copy the file to your share – I used WinSCP as it 1.) works and 2.) is free and 3.) I’m used to it.
SSH to the NAS and run the following:
/etc/rc.firmware enable
/etc/rc.firmware upgrade /path/to/img/file.img

The server will then reboot and you’ll be running the newest version.

ZFS tuning on freenas nas4free – I’ll split this out eventually.
http://forums.nas4free.org/viewtopic.php?f=55&t=26
# mkdir /mnt/data/zfskerntune
# cd /mnt/data/zfskerntune
# fetch http://www.kav91.com/nas4free/zfskerntune-20111022-nas4freeKav91.tar.gz
# tar xvf zfskerntune-20111022-nas4freeKav91.tar.gz
# cd zfskerntune
# ./zfskerntune-install.php