All posts by bsdman

Currently working as an IT Manager. Worked for an OIT company as a Network Engineer in 2011. Worked for a Medical IT company as the Network Administrator 2009-2011. Worked as the Senior Systems Administrator at a computer reseller from 2005-2009. Worked as a Computer Consultant for several small companies from 2007-2009. Worked as a Computer Technician at a computer reseller from 2002-2004.
Microsoft

Remove McAfee Agent

2 Comments

I had a system with McAfee installed – originally it was pulling updates and rules from an EPO server on site, but the EPO server had been retired and most other systems were migrated to other antivirus suites (Nod32). Unfortunately a laptop was having issues and McAfee had not been removed.

The enterprise antivirus suite had been removed successfully using add remove programs, but the Agent was giving the following error:

McAfee Agent cannot be removed while it is in managed mode.

Since the EPO server was long gone, I attempted to remove the agent manually:
Start > Run > CMD (as administrator)
c:\program files (x86)\mcafee\common framework\frminst.exe /remove=agent
Success!

Networking

Cisco NTP Timezone

Leave a comment

I needed to set the NTP, change the time, and verify everything was all set on a few of the switches around the office. I also changed the timezone.

#show clock
18:36:39.993 UTC Mon Dec 10 2012

conf t
clock timezone CST -6
exit
clock set 18:36:39 CST 10 Dec 2012
#show clock
18:36:39.993 CST Mon Dec 10 2012

conf t
ntp server 0.north-america.pool.ntp.org
ntp server 1.north-america.pool.ntp.org
exit
show ntp associations
show ntp status

Networking

Enable SSH Cisco IOS

Leave a comment

So I wanted to disable telnet and enable SSH only on the switches – take my 2950 and 3560 switches and change the following:
Change the hostname and generate the crypto keys
conf t
hostname HOSTNAMEHERE
ip domain-name HOSTDOMAINHERE
crypto key generate rsa
If this command does not work then you need to update to a K9 or crytographic IOS!
end
show ip ssh
wr mem

Enable the AAA authentication
conf t
service password-encryption
aaa new-model
aaa authentication login default local
aaa authorization exec default local
aaa authorization network default local
exit

Create the User
conf t
username CISCO password PASSWORD
end

Create passwords
conf t
enable secret PASSWORD
line con 0
password PASSWORD
line vty 0 4
no password
transport input ssh
line vty 5 15
no password
transport input ssh
exit

Set SSH arguments
conf t
ip ssh version 2
ip ssh time-out 60
ip ssh authentication-retries 2

Networking

Upgrade Cisco IOS TFTP

Leave a comment

I have a C3560G-24-TS that I needed to upgrade to the newest version with K9 instead of MZ (so I could enable crypto SSH).

Verify your version
show version

System image file is “flash:c3560-ipbase-mz.122-50.SE5/c3560-ipbase-mz.122-50.SE5.bin”

View the files on your flash drive
dir flash:
In my case I had a folder called “c3560-ipbase-mz.122-50.SE5” with “c3560-ipbase-mz.122-50.SE5.bin” located inside
Also, the newest IOS required 15,072,310 bytes available and my switch had over 20MB free. If I had less than 15MB available I would have to delete the old configuration first.

Copy the old file from your switch to your TFTP
copy flash: tftp:

Source filename: c3560-ipbase-mz.122-50.SE5/c3560-ipbase-mz.122-50.SE5.bin
Address or name of remote host: 192.168.1.222 (your TFTP server)
Destination filename: I just hit enter with the defaults

Copy the new file from your TFTP to your Switch
copy tftp: flash:

Address or name of remote host: 192.168.1.222 (your TFTP server)
Source filename: c3560-ipbasek9-mz.122-58.SE2.bin
Destination filename: I just hit enter with the defaults

Verify the file has been uploaded
dir flash:
Technically you should be able to run verify flash:filenamehere, but I was receiving errors

Change the boot image to the new file
show boot
– notice the BOOT path-list is flash:c3560-ipbase-mz.122-50.SE5/c3560-ipbase-mz.122-50.SE5.bin
conf t
boot system flash:c3560-ipbasek9-mz.122-58.SE2.bin
exit
show boot

– notice the new BOOT path-list is flash:c3560-ipbasek9-mz.122-58.SE2.bin

wr mem
show version

Reload/Reboot the switch
reload
show ver

Microsoft

Open Excel In New Window

2 Comments

I remember back when I could just double click on an excel file and it would open in a new window. Now, in order to save time/resources/etc, everything opens in the same window.

Employee was having problems with opening excel files from outlook with the “Excel cannot complete this task with available resources” error. Microsoft didn’t help much. Google neither.

Last time I had an error that was similar was back with 2003 office and the user had opened the same named file a hundred times (not all at once) and that hundredth time it refused to open. Temporary files were created each time the file was opened named something like “tempfile01.xls” and then “tempfile02.xls” etc but after the tempfile99 it wouldn’t overwrite the first one. Deleting temp files fixed that issue. It did not, however, fix it with office 2010.

Workaround I got was to edit the registry to make each excel file open in a new application window.

MAKE SURE EXCEL IS FULLY CLOSED!!!
regedit
HKCR\Excel.Sheet.12\shell\open\command
Edit the default and add “%1” at the end – there should be spaces between all arguments
Rename the “command” key to “command2”
Rename the “ddeexec” container to “ddeexec2”

HKCR\Excel.Sheet.8\shell\open\command
Edit the default and add “%1” at the end – there should be spaces between all arguments
Rename the “command” key to “command2”
Rename the “ddeexec” container to “ddeexec2”

Close regedit
Open Excel
Open Excel again. Profit.

Linux, Miscellaneous

Fog, Windows 7, Sysprep

Leave a comment

Back in the day (I’m starting to feel old now) I setup a Ghost server with PXE booting. It was a pretty nice setup; a Dell PE2550 with 4x144GB SCSI (~385GB usable), 24port gigabit switch, and enough desk space – and power – to handle 16 laptops or 22 desktops at a time. It took 2 of us about 3 weeks to get the workspace setup, and another 3 weeks to get the Ghost server and PXE working. And then there was always the issue of updating the drivers on the PXE image without breaking anything else. Basically crossing your fingers and hoping for the best.

That was five years ago.

Looking back on my previous experiences I can definitely say I’ve grown and become more knowledgeable. Back then, when I had researched a solution, I just googled for “imaging software server” or something similar. Working for a computer reseller meant that I had access to NFR copies of quite a bit of software, so management decided that we should go with Ghost. I hadn’t even begun to research into FOG yet.

Fast forward the five (almost 6 now) years, and I know to look into server software that supports all operating systems, supports multicast, and is fairly intuitive to setup. Enter FOG.

I like to install the latest and greatest, but in this case I had some issues that I didn’t feel like resolving when I tried to use FOG with 12.04LTS. Instead I opted to use 10.04LTS. It’s an internal server, so the patching levels are not generally as critical. I also installed this on a production network – there are 7 VLANS, active directory and windows DNS/DHCP, cisco switches. IP helper has already been set on the switches for DHCP. The active directory environment is 2008R2.

Install Ubuntu 10.04LTS x32 – I gave it a single 2.4GHz Xeon core, 512MB RAM, and 120GB partition. Installed with LAMP (no mysql password), SSH, and Mail.
Change the Root Password
sudo passwd root
Login As Root
su
Update the system
apt-get update && dist-upgrade
Reboot
reboot

Install FOG – version 0.32 at the time of this writing
mkdir -p /opt/fog-setup
cd /opt/fog-setup
wget http://sourceforge.net/projects/freeghost/files/FOG/fog_0.32/fog_0.32.tar.gz
tar -xvzf fog*
cd fog*
cd bin
./installfog.sh
The wizard now starts. http://www.fogproject.org/wiki/index.php/Integrating_FOG_into_an_Existing_Network
I chose the following:
“N” normal installation
10.10.10.10 IP Address of FOG
“Y” to setup a router/DHCP address
10.0.10.1 IP address of DHCP server
“Y” to DNS
10.0.10.1 IP address of DNS
“N” eth0 is fine by me
“N” I already have DHCP
“N” I’m not international
“Y” looks good; set it up
Make sure you read! If you have a password setup on mysql you must adjust the configuration files accordingly (opt/fog/service/etc/config.php)
I ended up rebooting the server just in case.

Edit the Windows DHCP Options
I have 7 different DHCP scopes (one for each of the VLANs I had), so your settings may be different. Instead of making the options change per scope, I performed the task in the Server Options area.
Right-click and select “Configure Options”
Select 066 and set the value to your FOG server IP address
Select 067 and set the value to pxelinux.0

At this point you should be able to connect to your PXE FOG server – set a test workstation/laptop to boot PXE (Dell’s have F12 for this), and connect via your network interface.

SYSPREP coming soon
CONFIGURATION OF FOG coming soon

Linux

Disable SSL for Webmin

Leave a comment

Generally when I give a debian/ubuntu server to developers or other end users, I install webmin and teach them how to use it. Webmin is a great tool for those who either don’t like command line or are just not up to speed with the latest commands to use. Unfortunately a developer installed jira confluence and it broke the SSL settings on apache. Instead of “fixing” the problem, I just went and did it the lazy and easy way: disable ssl for webmin.

SSH to the server as root (or use sudo in front)
nano /etc/webmin/miniserv.conf
Change ssl=1 to ssl=0, save and quit nano
/etc/init.d/webmin restart
Profit!