http://www.windowsitpro.com/article/tips/jsi-tip-9233-safemsi-exe-freeware-starts-windows-installer-in-safe-mode-
It does what it says: allows you to run msi files in safe mode.
Saturday 15 October 2011
Thursday 28 July 2011
Sending emails from scripts inside zimbra
If you're using zimbra on a linux system with package dependancy management (so pretty much any linux system nowadays) You find it a bit "quirky" to use the "mail" command or mutt (if you need to use attachments).
First you should install this:
http://ubuntu.lnix.net/misc/mta-dummy/mta-dummy_1.0_all.deb
then run this command:
update-alternatives --install /usr/sbin/sendmail mta /opt/zimbra/postfix/sbin/sendmail 90
Which should convince your system that, no, you don't need to install postfix to run mutt.
After that, it's as easy as installing mutt or mailx.
First you should install this:
http://ubuntu.lnix.net/misc/mta-dummy/mta-dummy_1.0_all.deb
then run this command:
update-alternatives --install /usr/sbin/sendmail mta /opt/zimbra/postfix/sbin/sendmail 90
Which should convince your system that, no, you don't need to install postfix to run mutt.
After that, it's as easy as installing mutt or mailx.
Tuesday 12 July 2011
I like Windows 7
I really do, and was quite quick in doing the switch from XP on my home machine (albeit I do keep a fondness for Mac OS X)
One of its most annoying quirks tho, is that most people keep developing applications with two misconceptions in mind:
- The user is still using windows XP
- The user is a local administrator and UAC has been disabled.
Two different programs, two different problems, one unique reason: Poor design.
An application wouldn't run without admin privileges. The reason was it needed to punch a hole in the firewall, on a unprivileged port, on an already disabled firewall. Good job. Using tools like the Application Compatibility Toolkit is a good start, by forcing the program to run anyway.
A better idea would have been to check whether the port was already open, and if not request permission to open it indefinitely.
Second application was even trickier. This plugin for 3DS max would display no warnings, no pop ups, just plain nothing. The whole issue boiled down to the developer trying to edit a log file in the plugin sub folder. Since windows 7, said folder is actually protected in write access, unless you specifically run a program as administrator. Once again, poor design at its best, when it would have been much easier to call the local variable %TEMP% and write the file there...
One of its most annoying quirks tho, is that most people keep developing applications with two misconceptions in mind:
- The user is still using windows XP
- The user is a local administrator and UAC has been disabled.
Two different programs, two different problems, one unique reason: Poor design.
An application wouldn't run without admin privileges. The reason was it needed to punch a hole in the firewall, on a unprivileged port, on an already disabled firewall. Good job. Using tools like the Application Compatibility Toolkit is a good start, by forcing the program to run anyway.
A better idea would have been to check whether the port was already open, and if not request permission to open it indefinitely.
Second application was even trickier. This plugin for 3DS max would display no warnings, no pop ups, just plain nothing. The whole issue boiled down to the developer trying to edit a log file in the plugin sub folder. Since windows 7, said folder is actually protected in write access, unless you specifically run a program as administrator. Once again, poor design at its best, when it would have been much easier to call the local variable %TEMP% and write the file there...
Sunday 5 June 2011
Finder crashing on Mac OS X 10.6
Sometimes you will notice that opening a folder (either locally or on the network) will take a loooooooooooooooooooooooooooooooong time, if not just crash and burn after displaying the rainbow wheel for 15 minutes.
It could either be a corrupted PDF file, or a particularly heavy image file, or just the fact your folder contains 25 000 pictures.
To alleviate this problem, try to go, from the finder, to "View", then, at the bottom "show view options".
Uncheck the option at the bottom "Show icon preview" and click on "use as defaults"
A snappy finder coming right up!
It could either be a corrupted PDF file, or a particularly heavy image file, or just the fact your folder contains 25 000 pictures.
To alleviate this problem, try to go, from the finder, to "View", then, at the bottom "show view options".
Uncheck the option at the bottom "Show icon preview" and click on "use as defaults"
A snappy finder coming right up!
Friday 3 June 2011
Enabling Telnet on vsphere
For some reason you might need to enable telnet on vsphere (and yes I know it's not secure).
To do so, you first need to open the port 23 in the security profile in configuration in the vsphere client.
Then you need to log on with ssh and do the following:
esxcfg-firewall -o 23,tcp,in,"Telnet server"
chkconfig krb5-telnet on
Try to telnet in with a non-root account and you should be in.
I had to enable telnet because of our problems with a wan link,
and we couldn't ssh from the other end's router, hence telnet.
I STRONGLY insist on the fact that telnet is NOT secure and will send passwords in clear and should be left for very specific needs. In doubt, always use ssh over telnet.
To do so, you first need to open the port 23 in the security profile in configuration in the vsphere client.
Then you need to log on with ssh and do the following:
esxcfg-firewall -o 23,tcp,in,"Telnet server"
chkconfig krb5-telnet on
Try to telnet in with a non-root account and you should be in.
I had to enable telnet because of our problems with a wan link,
and we couldn't ssh from the other end's router, hence telnet.
I STRONGLY insist on the fact that telnet is NOT secure and will send passwords in clear and should be left for very specific needs. In doubt, always use ssh over telnet.
Wednesday 1 June 2011
Reflections on routers
There are two matters of importance that will shape the way Australia in particular, and the rest of the world in general, work with networking tools.
First thing is the uptake of fiber, high speed wireless network and cable connections. Not only it is not a luxury anymore, it is becoming indispensable in a ever more mobile civilisation.
If 10 years ago, working from home was being seen as a good way of watching Oprah in your PJs and quickly slap something together in 2 hours before going back to work the day after, now it is not uncommon for someone to stay home and yet still turn in a solid 8 to 10 hours of work using remote facilities (remote desktop, corporate VPN, etc)
The other is that we've officially ran out of IP addresses. The existing pools have all been attributed, and while it may take some more time for people to be "left out", we have to get started on IPv6. While an average home user won't feel the need for it, yet should appreciate what it can do (imagine being able to play networked games from your PS3, XBox or PC without having to configure obscure settings on your router or check the recording of your favorite show on your tv from your phone at the office. IPv6 Truely would allow us to get back to the roots of "Plug N Play"), business users should get prepared to it.
There will soon be a time when we'll need to configure IPv6 ranges. Exchange 2010/Windows 2008 ships with IPv6 natively (which will be the point of another post). Port forwards are getting increasingly complex to configure when you have several servers that needs to be accessed from the outside. Imagine a network where 10 or more servers are directly accessible from the outside with no need for port forwarding? (Nota: Directly accessible does NOT mean "wide open". Proper firewall rules still apply)
Those two are somehow linked because of one central point:
Most routers (moreso home routers) do not support gigabit WAN nor IPv6 natively.
How do we want to help the uptake of new technologies if we do not provide the tools to do so? Would 3G be so popular now without the new generation of smartphones?
I do not think I'm wrong to think home users should actually be the target market. If your CEO can witness the benefits of such technologies in his home, he will be more inclined to give you the time and means to implement those benefits at work.
In conclusion, next time you need to shop around for a new router, be it at home or work, ponder 5 minutes on this:
Is it better to save 100 dollars now, or to get a headstart on future proofing your network?
First thing is the uptake of fiber, high speed wireless network and cable connections. Not only it is not a luxury anymore, it is becoming indispensable in a ever more mobile civilisation.
If 10 years ago, working from home was being seen as a good way of watching Oprah in your PJs and quickly slap something together in 2 hours before going back to work the day after, now it is not uncommon for someone to stay home and yet still turn in a solid 8 to 10 hours of work using remote facilities (remote desktop, corporate VPN, etc)
The other is that we've officially ran out of IP addresses. The existing pools have all been attributed, and while it may take some more time for people to be "left out", we have to get started on IPv6. While an average home user won't feel the need for it, yet should appreciate what it can do (imagine being able to play networked games from your PS3, XBox or PC without having to configure obscure settings on your router or check the recording of your favorite show on your tv from your phone at the office. IPv6 Truely would allow us to get back to the roots of "Plug N Play"), business users should get prepared to it.
There will soon be a time when we'll need to configure IPv6 ranges. Exchange 2010/Windows 2008 ships with IPv6 natively (which will be the point of another post). Port forwards are getting increasingly complex to configure when you have several servers that needs to be accessed from the outside. Imagine a network where 10 or more servers are directly accessible from the outside with no need for port forwarding? (Nota: Directly accessible does NOT mean "wide open". Proper firewall rules still apply)
Those two are somehow linked because of one central point:
Most routers (moreso home routers) do not support gigabit WAN nor IPv6 natively.
How do we want to help the uptake of new technologies if we do not provide the tools to do so? Would 3G be so popular now without the new generation of smartphones?
I do not think I'm wrong to think home users should actually be the target market. If your CEO can witness the benefits of such technologies in his home, he will be more inclined to give you the time and means to implement those benefits at work.
In conclusion, next time you need to shop around for a new router, be it at home or work, ponder 5 minutes on this:
Is it better to save 100 dollars now, or to get a headstart on future proofing your network?
Slow network performance on windows 7
If you're having a windows 7 workstation trying to access shares on a windows 2003 server AND you introduce a 2008 DC to the mix, you may encounter slow network performances.
Try disabling IPv6 on the workstation and it should solve your problem.
Try disabling IPv6 on the workstation and it should solve your problem.
Thursday 26 May 2011
USB and upgrading ESX/ESXi
If you are using USB devices on your virtual machines with ESX/ESXi (for instance using a USB over network hub with vSphere), you know that you need to install a USB concentrator device for your USB device to be recognised in your VM.
Now if you upgrade to 4.1 (for instance, to get USB passthrough connectivity), you need to reinstall said concentrator.
Now if you upgrade to 4.1 (for instance, to get USB passthrough connectivity), you need to reinstall said concentrator.
To do so:
Delete all USB devices in the VM settings.
Then delete the concentrator.
Close the settings, wait for it to finish, then reopen settings, add your concentrator. Repeat the process with your USB device.
Tada, USB is now fully functional.
If you don't do so, your USB device will show up in your VM, but won't be fully usable.
ClarkConnect blocking https websites
Sometimes, for no reason at all, the ClarkConnect proxy will block a website. Hard. Timeout. white pages and the kind.
I tried everything: Disabling ECN, disabling caching/filtering, etc. Nothing would work.
I went back to basics: Installed screen (for the comfort of use) and ran a tcpdump on the adsl interface to monitor the traffic. And it didn't miss: the ClarkConnect box was sending tcp packets but not getting ACKs in return.
A quick look through iptables showed something amusing: the first two rules were an unconditional DROP on every packet coming from the website.
Back to the ClarkConnect web interface, namely intrusion detection, revealed the website IP was blacklisted for another 22h. Regardless of what could have caused it (whether a badly configured apache or firewall on their end, or a user a bit too eager on ours). Adding the server to the exception list and applying the settings did miracles.
Morality:
tcpdump is ugly, flood your screen with information that may not be deemed relevant, but trust me: learn to use it and it will save your skin more than once.
I tried everything: Disabling ECN, disabling caching/filtering, etc. Nothing would work.
I went back to basics: Installed screen (for the comfort of use) and ran a tcpdump on the adsl interface to monitor the traffic. And it didn't miss: the ClarkConnect box was sending tcp packets but not getting ACKs in return.
A quick look through iptables showed something amusing: the first two rules were an unconditional DROP on every packet coming from the website.
Back to the ClarkConnect web interface, namely intrusion detection, revealed the website IP was blacklisted for another 22h. Regardless of what could have caused it (whether a badly configured apache or firewall on their end, or a user a bit too eager on ours). Adding the server to the exception list and applying the settings did miracles.
Morality:
tcpdump is ugly, flood your screen with information that may not be deemed relevant, but trust me: learn to use it and it will save your skin more than once.
Wednesday 25 May 2011
How to upgrade ESXi to 4.1
http://blog.vmpros.nl/2010/07/15/vmware-failed-to-read-the-upgrade-package-metadata-xml-upgrading-to-esxi-4-1/#more-2953
The host update utility does not work to upgrade ESXi to 4.1, but it's possible to enable SSH to perform the upgrade using the CLI.
The host update utility does not work to upgrade ESXi to 4.1, but it's possible to enable SSH to perform the upgrade using the CLI.
Running batch files from a GPO logon script
As you may or may not know if you're using GPOs, you can configure various scripts. Namely Logon, Logoff, Start and Shutdown.
For flexibility sake, you're often referring to other scripts inside this "master script" and often end up having to rewrite it a lot, because sometimes this not so important line you removed two months ago was actually making all the difference in the world.
One thing I noticed today (after quite some old school debugging, people using the __LINE__ in their favorite programming language know what I mean) , is that if you refer to a .bat file from your logon script, it will execute said script and stop processing the rest.
To remedy to this, call your script with:
start /B <path>\script.bat
Start will execute your called script as a new instance, and the /B flag will prevent any opportunistic window from showing up.
For flexibility sake, you're often referring to other scripts inside this "master script" and often end up having to rewrite it a lot, because sometimes this not so important line you removed two months ago was actually making all the difference in the world.
One thing I noticed today (after quite some old school debugging, people using the __LINE__ in their favorite programming language know what I mean) , is that if you refer to a .bat file from your logon script, it will execute said script and stop processing the rest.
To remedy to this, call your script with:
start /B <path>\script.bat
Start will execute your called script as a new instance, and the /B flag will prevent any opportunistic window from showing up.
Sunday 1 May 2011
Large LDF files in windows SBS 2008
By default the MSSQL database is set to full backup (which doesn't help if your backup software doesn't "play nice" with sql). Problem comes in when after some months, Exchange stop working altogether because the drive has been files by SharePoint's database (namely the replay logs, or .LDF files)
To rectify this, you need to:
- Connect to the sharepoint database in SBS 2008 with the following link: \\.\pipe\MSSQL$MICROSOFT##SSEE\sql\query
- Regain control of the database. As you may or may not know, SharePoint is first installed using the local administrator, which kind of goes in limbo once you enable active directory. You end up with a pretty useless login. Re-enable the 'sa' login by running the following query on your database: ALTER AUTHORIZATION ON DATABASE::[Database_Name] to sa;
- Right click on the database, properties> options. Set backup mode to simple.
- Right click on the database, task, shrink, shrink files. Select log file, leave the rest as default and press ok. Tada! 20G recovered in 5 minutes (plus one hour to figure the !@#$%^& mess SBS 2008 created in the first place)
Subscribe to:
Posts (Atom)