Wednesday, May 27, 2009

How to disable AutoRun in Microsoft Windows

To effectively disable AutoRun in Microsoft Windows, import the following registry value:

REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf]
@="@SYS:DoesNotExist"

To import this value, perform the following steps:

Copy the text
Paste the text into Windows Notepad
Save the file as "autorun.reg"
Note: In certain circumstances, Notepad may automatically add a .txt extension to saved files. To ensure that the file is saved with the proper extension, select All Files in the "Save as type:" section of the "Save As" dialog.
Navigate to the file location

Double-click the file to import it into the Windows registry

Microsoft Windows can also cache the AutoRun information from mounted devices in the MountPoints2 registry key. It is recommended to restart Windows after making the registry change so that any cached mount points are reinitialized in a way that ignores the Autorun.inf file.
Alternatively, the following registry key may be deleted:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2

Cisco Catalyst switch passoword recover

This document describes the password recovery procedure for the Cisco Catalyst Layer 2 fixed configuration switches 2900XL/3500XL, 2940, 2950/2955, 2960, and 2970 Series, as well as the Cisco Catalyst Layer 3 fixed configuration switches 3550, 3560, and 3750 Series.

http://www.cisco.com/en/US/products/hw/switches/ps628/products_password_recovery09186a0080094184.shtml

Friday, May 22, 2009

Howto schedule a complete PC backup in Vista

In http://www.myptsmail.com/blog/?p=412 we read:

The wbadmin Command

The wbadmin command is a command line tool for Windows Vista’s Complete PC Backup. Since Complete PC Backup isn’t schedulable from the control panel I’m going to use wbadmin with the help of the Task Scheduler to automatically create a Complete PC Backup on a schedule.

How-to Use wbadmin

Here’s an example wbadmin command:

WBADMIN START BACKUP -backupTarget:f: -include:c: -allCritical -vssFull -quiet

Note: This command needs to run in an elevated command prompt to work properly.

Here are the parts of the command broken down and explained:

* wbadmin The wbadmin command.
* start backup Tells wbadmin it’s going to perform a backup.
* -allCritical Makes sure all system files are included in the backup.
* -backupTarget:B: Where the backup will be saved. The wbadmin command can save a Complete PC Backup in a drive (D:), folder (D:\backups\MyPC), or a network share (\\FileServer\JoesPC).
* -include:C: What drive to backup. Multiple drives can be backed up by separating them with commas (-include:C:,E:,F:\folder).
* -vssFull Performs a full backup using Volume Shadow Copy (VSS). Each file’s history will be updated to reflect it was backed up. Warning: Do not use this if you’re using another backup programs.
* -quiet This tells the wbadmin command to not ask you any questions and just do what it’s told.

Thursday, May 21, 2009

How to find the servers holding the FSMO roles

From command line enter:
NETDOM QUERY FSMO

Windows Server 2008 DNS Block Feature

From http://blogs.technet.com/isablog/archive/2008/02/19/windows-server-2008-dns-block-feature.aspx we can read:

Windows Server 2008 introduces a DNS block feature that may affect the ISA Server automatic discovery mechanism when implementing WPAD using a Windows Server 2008 DNS Server.

The block feature provides a global query block list to reduce vulnerability associated with dynamic DNS updates. Dynamic update makes it possible for DNS client computers to register and dynamically update their resource records with a DNS server whenever a client changes its network address or host name. This reduces the need for manual administration of zone records, especially for clients that frequently move or change locations and use DHCP to obtain an IP address. This convenience comes at a cost, however, because an authorized client can register any unused host name, even a host name that might have special significance for certain applications. This can allow a malicious user to "hijack" a special name and divert certain types of network traffic to that user's computer. WPAD is a commonly deployed protocol vulnerable to this type of hijacking, and by default WPAD look up is disabled by the blocking mechanism.

If you want to use WPAD with a Windows Server 2008 DNS, note the following behavior:

  • If WPAD entries are configured in DNS before the DNS server is upgraded to Windows Server 2008, no action is required.
  • If you configure or remove WPAD after you deploy the DNS server role on a server running Windows Server 2008, you must update the block list on all DNS servers that host the zones affected by the change. The affected zones are those where you registered the WPAD servers.

To update the block list, use the dnscmd command-line tool. Open a command line prompt, and do the following:

  • To check whether the global query block is enabled, type:
    • dnscmd /info /enableglobalqueryblocklist. A value of 1 is returned if the block list is enabled.
  • To display the host names in the current block list, type:
    • dnscmd /info /globalqueryblocklist
  • To disable the block list and ensure that the DNS Server service does not ignore queries for names in the block list, type:
    • dnscmd /config /enableglobalqueryblocklist 0
  • To remove all names from the block list, type:
    • dnscmd /config /globalqueryblocklist

For more information about the DNS block list feature and dnscmd commands, download the article "DNS Server Global Query Block List" from TechNet at http://technet.microsoft.com/en-us/network/bb629410.aspx.

Slow execution in Excel VBA code

Enter these lines in the start of your code:
Application.enableEvents=False
Application.screenupdating=False

Enter these lines at the end of your code:
Application.enableEvents=True
Application.screenupdating=True

Friday, May 15, 2009

REG Command in Windows XP

http://www.petri.co.il/reg_command_in_windows_xp.htm

How to find installed hotfixes in a system

From powershell enter

Get-WmiObject -Class Win32_QuickFixEngineering | format-table HotFixID, Description, 'Install Date'

or

Get-WmiObject -Class Win32_QuickFixEngineering | format-list

Thursday, May 14, 2009

Cisco Embedded Event Manager (EEM) Scripting Community

http://forums.cisco.com/eforum/servlet/EEM?page=search_results&fn=topdownloads&catId=0&count=20

Cisco mail multiple printouts from EEM applet

http://wiki.nil.com/Time-based_wireless_interface_activity
ip host mail-gw.mydomain.info 10.0.0.1
event manager environment _mail_smtp mail-gw.mydomain.info
event manager environment _mail_domain mydomain.info
event manager environment _mail_rcpt operator@mydomain.info
!
event manager applet RouterReload
event syslog occurs 1 pattern "%SYS-5-RESTART"
action 1.0 cli command "delete /force flash:output.txt"
action 1.1 cli command "show version | append flash:output.txt"
action 1.2 cli command "show logging | append flash:output.txt"
action 1.3 cli command "more flash:output.txt"
action 2.0 info type routername
action 2.1 mail server "$_mail_smtp" to "$_mail_rcpt" from "$_info_routername@$_mail_domain" →
subject "Reload: $_info_routername" body "$_cli_result"

Cisco time-based interface activity

http://wiki.nil.com/Time-based_wireless_interface_activity
event manager environment _disable_ifname dot11radio0
!
event manager applet DisableInterface
event timer cron name DisableInterface cron-entry "0 22 * * *"
action 1.0 cli command "enable"
action 1.1 cli command "configure terminal"
action 1.5 cli command "interface $_disable_ifname"
action 1.6 cli command "shutdown"
!
event manager applet EnableInterface
event timer cron name EnableInterface cron-entry "0 7 * * *"
action 1.0 cli command "enable"
action 1.1 cli command "configure terminal"
action 1.5 cli command "interface $_disable_ifname"
action 1.6 cli command "no shutdown"
!
event manager applet EnableAfterReload
event timer countdown name EnableAfterReload time 10
action 1.0 cli command "enable"
action 1.1 cli command "configure terminal"
action 1.5 cli command "interface $_disable_ifname"

action 1.6 cli command "no shutdown"

How to move a DHCP database from a Windows Server 2003 or 2008 to another Windows Server 2008 machine

The DHCP database can be moved or migrated from a Windows Server 2003 server to a Windows Server 2008 server, or from one Windows Server 2008 server to another. The information below details the necessary steps.

Export the DHCP database from a server that is running Microsoft Windows Server 2003 or Windows Server 2008
To move a DHCP database and configuration from a server that is running Windows Server 2003 or Windows Server 2008 to another server that is running Windows Server 2008:
1. Log on to the source DHCP server by using an account that is a member of the local Administrators group.
2. Click Start, click Run, type cmd in the Open box, and then click OK.
3. Type netsh dhcp server export C:\dhcp.txt all , and then press ENTER.
Note: You must have local administrator permissions to export the data.
Configure the DHCP server service on the server that is running Windows Server 2008
1. Click Start, click Administrative Tools, click Server Manager. If needed acknowledge User Account Control.
2. In Roles Summary click Add Roles, click Next, check DHCP server, and then click Next.

Import the DHCP database
1. Log on as a user who is an explicit member of the local Administrators group. A user account in a group that is a member of the local Administrators group will not work. If a local Administrators account does not exist for the domain controller, restart the computer in Directory Services Restore Mode, and use the administrator account to import the database as described later in this section.
2. Copy the exported DHCP database file to the local hard disk of the Windows Server 2008-based computer.
3. Verify that the DHCP service is started on the Windows Server 2008-based computer.
4. Click Start, click Run, type cmd in the Open box, and then click OK.
5. At the command prompt, type netsh dhcp server import c:\dhcpdatabase.txt all , and then press ENTER, where c:\dhcpdatabase.txt is the full path and file name of the database file that you copied to the server.
Note When you try to export a DHCP database from a Windows 2000/2003 domain controller to a Windows Server 2008 member server of the domain, you may receive the following error message:
Error initializing and reading the service configuration - Access Denied
Note You must have local administrator permissions to import the data.
6. To resolve this issue, add the Windows Server 2008 DHCP server computer to the DHCP Admins group at the Enterprise level and redo steps 4 & 5.
7. If the "access is denied" error message occurs after you add the Windows Server 2008 DCHP server computer to the DHCP Admins group at the Enterprise level that is mentioned in step 6, verify that the user account that is currently used to import belongs to the local Administrators group. If the account does not belong to this group, add the account to that group, or log on as a local administrator to complete the import and redo steps 4 & 5.

Authorize the DHCP server
1. Click Start, point to All Programs, point to Administrative Tools, and then click DHCP.
Note You must be logged on to the server by using an account that is a member of the Administrators group. In an Active Directory domain, you must be logged on to the server by using an account that is a member of the Enterprise Administrators group.
2. In the console tree of the DHCP snap-in, expand the new DHCP server. If there is a red arrow in the lower-right corner of the server object, the server has not yet been authorized.
3. Right-click the server object, and then click Authorize.
4. After several moments, right-click the server again, and then click Refresh. A green arrow indicates that the DHCP server is authorized.

Unattended Server 2008 Installation

http://www.shudnow.net/2008/05/05/unattended-server-2008-base-image-creation-using-wsimsysprep/
http://blogs.msdn.com/mikekol/archive/2008/03/25/hyper-v-installation-tricks-part-2-unattended-installation-of-windows-and-hyper-v-rc0.aspx

SNMPv3 Configuration for ProCurve Switches

http://evilrouters.net/2008/12/22/snmpv3-configuration-for-procurve-5400s/

Wednesday, May 13, 2009

How to prevent users from using USB removable disks by using Group Policy

http://www.petri.co.il/disable_usb_disks_with_gpo.htm

Installing Windows Vista Print Drivers on Windows Server 2003

http://blogs.technet.com/askperf/archive/2008/09/19/installing-windows-vista-print-drivers-on-windows-server-2003.aspx

How to move a certificate authority to a new server running on a domain controller

http://support.microsoft.com/kb/555012

How to detect and recover from a USN rollback in Windows Server 2003

http://support.microsoft.com/kb/875495

Troubleshooting the Microsoft Computer Browser Service

http://support.microsoft.com/default.aspx?scid=kb;EN-US;188305

How To Shadow a Remote Desktop Session in Windows XP Professional

http://support.microsoft.com/default.aspx?scid=kb;en-us;279656&sd=tech

Remotely enable Remote Desktop using WMIC

For Windows Server 2003 or 2008, run the following command in Command Prompt window:
wmic /node:"[ComputerName (in FQDN format)]" RDTOGGLE WHERE ServerName="ComputerName" CALL SetAllowTSConnections 1
For Windows XP SP2 or SP3:
wmic /node:"HostName" path win32_terminalservicesetting where servername="HostName" call SetAllowTSConnections 1
Replace [ComputerName (in FQDN format)], ComputerName or HostName with actual computer name or host name.
Note that for remotely enable Remote Desktop feature to work, user must log on to the local computer with an admin account or user account of local admin group that has administrative privileges on the remote computer.
Example from a Vista PC named vxp-n01.mydomain.org
wmic /node:"vxp-n01.mydomain.org" path win32_terminalservicesetting where servername="vxp-n01" call SetAllowTSConnections 1

How to alias a UNC Host Name in Windows Server 2003

Locate and then click the following registry subkey:

HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters
On the Edit menu, point to New, and then click Multi-String Value.
Type OptionalNames, and then press ENTER.
On the Edit menu, click Modify.
In the Value data box, type the NetBIOS names of the old servers (oldserver1, oldserver2 and oldserver3) each on their own line, and then click OK.
This action registers the names in Windows Internet Name Service (WINS)

Locate and click the following key in the registry:
HKLM\System\CurrentControlSet\Services\LanmanServer\Parameters
On the Edit menu, click Add Value, and then add the following registry value:
Value name: DisableStrictNameChecking
Data type: REG_DWORD
Radix: Decimal
Value: 1

Also check these articles from MS
http://support.microsoft.com/kb/829885
http://support.microsoft.com/kb/281308
http://support.microsoft.com/kb/896861

Slow File Transfer with Service Pack 2 on Windows Server 2003

http://blogs.technet.com/networking/archive/2009/03/12/slow-file-transfer-with-service-pack-2-on-windows-server-2003.aspx

How To Configure PassivePortRange In IIS

http://support.microsoft.com/kb/555022/en-us
http://support.microsoft.com/kb/283679

Step By Step Email Server Setup in Windows Server 2003

http://www.windowsreference.com/windows-server-2003/step-by-step-email-server-setup-in-windows-server-2003/

How to change the Windows Logon screen saver in Windows

http://support.microsoft.com/kb/314493

How to delete failed DCs from Active Directory

http://www.petri.co.il/delete_failed_dcs_from_ad.htm

Windows Stop Messages

http://aumha.org/a/stop.htm

Command line guide for Server Core

Set Interface ID
netsh interface set interface name=”Old Name” newname=”New Name”
Set IP
netsh interface ipv4 set address name=”” source=static address= mask= gateway=
Set DNS
netsh interface ipv4 add dnsserver name=”” address= index=1
netsh interface ipv4 add dnsserver name=”ExtraNet” address=1.1.1.1 index=1

Set Proxy
netsh winhttp set proxy proxy-server=”http=myproxy;https=sproxy:88″ bypass-list=”*.contoso.com”
Set Computer Name
# Use hostname from the command prompt to get current name
netdom renamecomputer %COMPUTERNAME% /NewName:CompName /force /reboot
Change the name of a domain-joined computer
Netdom renamecomputer %OMPUTERNAME% /NewName:CompName /userd:domain\user /passwordd:*
Join Domain
netdom join %COMPUTERNAME% /domain: /userd: /passwordd:*
Set the Default scripting engine to cscript
cscript //H:Cscript
To Activate via KMS server
slmgr -ipk YQGMW-MPWTJ-34KDK-48M3W-X4Q6V
slmgr -skms :1688
slmgr -ato
slmgr -ato # Yes twice

Running Windows Update
http://msdn.microsoft.com/en-us/library/aa387102(VS.85).aspx
Disable Firewall
netsh advfirewall set allprofiles state off
Allow Remote Desktop
netsh advfirewall firewall set rule group=”remote desktop” new enable=yes
Allow Remote Administration
netsh advfirewall firewall set rule group=”Remote Administration” new enable=yes
Allow Remote Firewall Administration
netsh advfirewall firewall set rule group=”Windows Firewall Remote Management” new enable=yes
Allow Ping
netsh firewall set icmpsetting 8
Connect to remote Server Core w/ out domain (this is done on management box)
cmdkey /add: /user: /pass:
Export Security Policy
secedit /export /db secedit.sbd /cfg
Import Security Policy
secedit /configure /db secedit.sdb /cfg sctest.inf /overwrite
Allow Remote Disk Management
THIS HAS to be done on BOTH SIDES!!!
netsh advfirewall firewall set rule group=”Remote Volume Management” new enable=yes
Allow Remote Device Mgr
1. On a Windows Vista or full Server installation, start the Group Policy Object MMC snap-in
2. Connect to the Server Core installation
3. Navigate to Computer Configuration\Administrative Templates\Device Installation
4. Enable “Allow remote access to the PnP interface”
5. Restart the Server Core installation
or
Via GPO
Things to Note:
- Firewall rules will have to be re-adjusted after Domain Join
Good Links for more info
Server Core Installation Option of Windows Server 2008 Step-By-Step Guide:
http://technet.microsoft.com/en-us/library/cc753802.aspx#bkmk_managingservercore
Windows Server 2008 Network Shell (Netsh) Technical Reference:
http://www.microsoft.com/downloads/details.aspx?FamilyID=f41878de-2ee7-4718-8499-2ef336db3df5
-Volume Activation 2.0 Deployment Guide
http://technet.microsoft.com/en-us/library/cc303280.aspx#
NOTE: I am not crazy… these Product keys are public record. They simply tell the host to require a KMS server to activate.

Product SKUs for Volume Licensing
==================================
Operating System Edition || Product Key
Windows Vista Business || YFKBB-PQJJV-G996G-VWGXY-2V3X8
Windows Vista Business N || HMBQG-8H2RH-C77VX-27R82-VMQBT
Windows Vista Enterprise || VKK3X-68KWM-X2YGT-QR4M6-4BWMV
Windows Vista Enterprise N || VTC42-BM838-43QHV-84HX6-XJXKV
Windows Server 2008 Datacenter || 7M67G-PC374-GR742-YH8V4-TCBY3
Windows Server 2008 Datacenter without Hyper-V || 22XQ2-VRXRG-P8D42-K34TD-G3QQC
Windows Server 2008 for Itanium-Based Systems || 4DWFP-JF3DJ-B7DTH-78FJB-PDRHK
Windows Server 2008 Enterprise || YQGMW-MPWTJ-34KDK-48M3W-X4Q6V
Windows Server 2008 Enterprise without Hyper-V || 39BXF-X8Q23-P2WWT-38T2F-G3FPG
Windows Server 2008 Standard || TM24T-X9RMF-VWXK6-X8JC9-BFGM2
Windows Server 2008 Standard without Hyper-V || W7VD6-7JFBR-RX26B-YKQ3Y-6FFFJ
Windows Web Server 2008 || WYR28-R7TFJ-3X2YQ-YCY4H-M249D
More from Mr Jay Closky


More DNS settings via Registry
NOTE: use regedit.exe or reg.exe to configure
The primary DNS suffix is stored in the registry in the following location:
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
You might want to change the values for the following registry keys:
Domain (REG_SZ)
This value contains the DNS Suffix for the Network Connection on your Server Core box. Changing it will immediately change your DNS Suffix.
SearchList (REG_SZ)
This value contains the DNS Suffix search order list. You can add DNS Suffixes here to use when searching other servers.
NetBIOS over TCP/IP:
====================
In Server Core installations of Windows Server 2008 NetBIOS? over TCP/IP (NetBT? is enabled by default when you configure IPv4 manually. You can disable it by editing the registry. The NetBIOS over TCP/IP setting is stored in the following location:
HKLM\SYSTEM\CurrentControlSet\Services\NetBT\Parameters\Interfaces
Underneath this location you’ll find a registry key (depicted as a folder) starting with tcpip_ followed by a GUID for every network connection. Find the network connection for which you want to disable NetBIOS over TCP/IP. (NetBT) In the value you’d find a REG_DWORD value named NetBiosOptions?. This value would have a value of 2. (enabled)
To disable NetBIOS over TCP/IP change the value to 0. (disabled)
DNS REGISTRATION OPTIONS:
========================
On a full installation of Windows Server 2008 there are a few options for DNS registration on the DNS tab of the advanced properties of the IP version4 configuration of a Network Connection.
In Server Core you can achieve these settings as well, but only when you set the DNS Server. (fortunately you can set it as many times as you like) Also, you have to specify DNS Suffixes first. When you set the DNS Server you can optionally use the register= switch at the end of the command. The three switch options are none, primary and both.
None
Specifying Register=None would result in your Server Core box not registering its DNS name with any of its DNS suffixes. This effectively disables Dynamic DNS Registration.
Primary
With Register=Primary your Server Core installation will register its hostname together with its primary DNS suffix with the DNS Server you set.
Both
When you tell your Server Core box to Register=Both it will register its hostname with its primary DNS suffix and the connection specific DNS suffix with the DNS Server you set.
Also take a look at

http://blogs.technet.com/askds/archive/tags/Core/default.aspx

Monday, May 11, 2009

How to configure mysql server to use utf8 character set

Go to the [mysqld] section in my.cnf and add two strings:

collation_server=utf8_unicode_ci
character_set_server=utf8

You can also add

skip-character-set-client-handshake

to enforce using of utf8 encoding in db.

Saturday, May 9, 2009

Update Firmware via SFTP/SCP

Configure the switch to allow file transfer via SSH:

ip ssh
ip ssh filetransfer

Then conenct via SFTP to the switch and upload the firmware:

scp /path/to/image user@switch.fqdn.com:/os/primary

Then simply reboot the switch:

boot system flash primary

Thursday, May 7, 2009

Using the Windows System stand-alone Optional Component Manager (sysocmgr)

http://myitforum.com/articles/15/view.asp?id=8792

Creating Subject Alternative Name Certificates with Microsoft Certificate Server

http://blogs.technet.com/industry_insiders/pages/creating-subject-alternative-name-certificates-with-microsoft-certificate-server.aspx

Mobile Messaging with Exchange Server 2007

http://www.msexchange.org/articles_tutorials/exchange-server-2007/mobility-client-access/mobility-client-access/mobile-messaging-exchange-server-2007-part2.html

SSL Enabling OWA 2003

SSL Enabling OWA 2003 using your own Certificate Authority
SSL Enabling OWA 2003 Using a Free 3rd Party Certificate
Problems with Forms-Based Authentication and SSL in ActiveSync

How to remove Exchange Server transaction log files

http://support.microsoft.com/kb/240145

How to resize embedded flash image in PFSense

http://doc.pfsense.org/index.php/Resize_Embedded_Flash_Image
http://forum.pfsense.org/index.php/topic,1672.0.html

Zypper Tips and Tricks

http://opensuse-tutorials.com/category/zypper/

Setting up Squid, NTLM and DansGuardian in Linux

http://en.opensuse.org/Setting_up_Squid_NTLM_DansGuardian_Sarg

How to set up a mail server on a GNU / Linux system

http://flurdy.com/docs/postfix/
http://www.linuxmail.info/
http://knol.google.com/k/johnny-chadda/how-to-set-up-an-email-server-using/3fn8hfdoyus04/2
http://www.gentoo.org/doc/en/virt-mail-howto.xml

SQL Server 2005 Express Edition Service Pack 3 fails to install

http://blogs.technet.com/isablog/archive/2009/03/16/sql-server-2005-express-edition-service-pack-3-fails-to-install-on-a-tmg-machine.aspx

VLAN and IP Phones

http://marketingtools.avaya.com/knowledgebase/ipoffice41en/mergedProjects/ipphoneinst/index.htm?vlanandipphones.htm

Tunneling over ssh

Generic:
$ ssh -N -f -L :: user@ssh_intermediary_server

NOTE: if using auth. w/keys and no passwd, the last part (user@…) is not needed

Example:
$ ssh -f -N -L 8025:smtp.comcast.net:25 my_home_machine -L 8110:mail.comcast.net:110 my_home_machine

allows me to use the email client on a laptop, pointing to localhost:8025 for SMTP services, and localhost:8110 for POP3 services associated with my Comcast account, w/out traversing “foreign” networks with clear text credentials.

If moving between places, I would need tostop and restart the process. This could be as simple as:

$ ps aux |grep ssh |grep -v grep |awk ‘{print $2}’ |xargs kill -9

How to manually install VMware ESXi patches

Go to link http://support.vmware.com/selfsupport/download/ and download the appropriate patches. Use the VMware infrastructe update to do the update.

How to freely backup VMware ESXi

http://communities.vmware.com/docs/DOC-8760
http://communities.vmware.com/docs/DOC-9843

How to patch VMware ESXi Installable

http://www.vm-help.com/esx/esx3i/Patch_3i_without_VC.php

Building the Ultimate Virtual Lab for Free

http://www.informit.com/articles/article.aspx?p=1321169

How to configure OpenFiler v2.3 iSCSI Storage for use with VMware ESX

http://www.techhead.co.uk/how-to-configure-openfiler-v23-iscsi-storage-for-use-with-vmware-esx

How to create a bootable VMware ESXi USB pen drive

Read these links:
http://www.techhead.co.uk/how-to-create-a-bootable-vmware-esxi-usb-pen-drive
http://www.vm-help.com/esx40i/Boot_ESXi_from_USB_flash_drive.php

How to install ESXi from USB flash

http://www.vm-help.com/esx/esx3i/ESXi_USB_install.php

Installing ESX 3i 3.5 on an HP Proliant ML110 G5

http://www.techhead.co.uk/vmware-esx-lab-installing-esxi-35-on-an-hp-proliant-ml110-g5

How to add ipkg to Synology DS-408

You have to install this version of ipkg for the DS-408:
http://ipkg.nslu2-linux.org/feeds/optware/syno-e500/cross/unstable/syno-e500-bootstrap_1.2-5_powerpc.xsh

Periodic router reload

Sometimes when using not-so-very stable IOS versions, periodic reload of a router during a non-peak (or idle) period is a good idea that can significantly increase the overall stability of your network. Until release 12.4, you had to write an external script that would log into the router and execute the reload command.

With the Embedded Event Manager, the task is surprisingly simple - just enter the following configuration commands to reload the box every midnight (of course it helps if your router is NTP-synchronized to a reliable clock source and has correctly configured time zone).

event manager  applet Reload
event timer cron name Reload cron-entry "@midnight"
action 1.0 reload
The @midnight is a predefined symbolic value for "0 0 * * *". Of course you can use any other value that the UNIX cron utility would recognize as valid first five fields (time specification; username and command line are obviously not used).

Recovering IOS from ROMMON via TFTP

These are the minimum fields to get this going through TFTP rather than XModem.

rommon 1 > IP_ADDRESS=192.168.1.100
rommon 2 > IP_SUBNET_MASK=255.255.255.0
rommon 3 > DEFAULT_GATEWAY=192.168.1.1
rommon 4 > TFTP_SERVER=192.168.1.50
rommon 5 > TFTP_FILE=c2600-adventerprisek9-mz.124-5a.bin
rommon 6 > tftpdnld (this command kicks off the tftp download)

How to enable ssh on cisco routers and procurve switches

Cisco Switch with CatOS
set crypto key rsa 1024
set ip permit 10.0.0.0 255.255.255.0
set ip permit enable ssh
show ip permit
write memory

Cisco Router or Switch with IOS
hostname myrouter
ip domain-name vandeplas.lab
!--- generate the rsa keygen
cry key generate rsa
!--- allow authentication using local aaa username chri password myVerySecurePassword
!--- Use SSH v2 as v1 is insecure
ip ssh version 2
ip ssh time-out 60
ip ssh authentication-retries 2
!--- Prevent non-SSH connections
transport input ssh
write memory

Cisco PIX/ASA
hostname mypix
domain-name vandeplas.lab
!--- generate the rsa key
ca generate rsa key 1024
!--- or on newer versions
crypto key generate rsa modulus 1024
!--- don't forget to save the crypto key into the memory ca save all
!--- allow ssh from the network 10.0.0.0/24 on the inside interface ssh 10.0.0.0 255.255.255.0 inside
!--- allow authentication using local aaa username chri password myVerySecurePassword aaa authentication ssh console LOCAL
!--- save the running-config
write memory

HP Procurve Switch
crypto key generate
ip ssh version 2
ip ssh
write memory

How to enable snmp traps on Cisco routers

http://blog.ioshints.info/2009/04/quick-tip-enable-snmp-traps.html

How to Recreate the Database Control Repository in Oracle10g R2

Create Database Console

To create the configuration files and repository for Database Console, run:

$ emca -config dbcontrol db -repos create

STARTED EMCA at Jul 24, 2006 9:59:39 PM
EM Configuration Assistant, Version 10.2.0.1.0 Production
Copyright (c) 2003, 2005, Oracle. All rights reserved.

Enter the following information:
Database SID: TESTDB
Listener port number: 1521
Password for SYS user: change_on_install
Password for DBSNMP user: manager
Password for SYSMAN user: manager
Email address for notifications (optional):
Outgoing Mail (SMTP) server for notifications (optional):
-----------------------------------------------------------------

You have specified the following settings

Database ORACLE_HOME ................ /u01/app/oracle/product/10.2.0/db_1

Database hostname ................ linux3
Listener port number ................ 1521
Database SID ................ TESTDB
Email address for notifications ...............
Outgoing Mail (SMTP) server for notifications ...............

-----------------------------------------------------------------
Do you wish to continue? [yes(Y)/no(N)]: Y
Jul 24, 2006 10:00:12 PM oracle.sysman.emcp.EMConfig perform
INFO: This operation is being logged at /u01/app/oracle/product/10.2.0/db_1/cfgtoollogs/emca/TESTDB/emca_2006-07-24_09-59-39-PM.log.
Jul 24, 2006 10:00:15 PM oracle.sysman.emcp.EMReposConfig createRepository
INFO: Creating the EM repository (this may take a while) ...
Jul 24, 2006 10:05:51 PM oracle.sysman.emcp.EMReposConfig invoke
INFO: Repository successfully created
Jul 24, 2006 10:06:01 PM oracle.sysman.emcp.util.DBControlUtil startOMS
INFO: Starting Database Control (this may take a while) ...
Jul 24, 2006 10:07:49 PM oracle.sysman.emcp.EMDBPostConfig performConfiguration
INFO: Database Control started successfully
Jul 24, 2006 10:07:49 PM oracle.sysman.emcp.EMDBPostConfig performConfiguration
INFO: >>>>>>>>>>> The Database Control URL is http://linux3:1158/em <<<<<<<<<<<
Enterprise Manager configuration completed successfully
FINISHED EMCA at Jul 24, 2006 10:07:49 PM

Drop Database Console

To drop (remove) the configuration files and repository for Database Console, run:

$ emca -deconfig dbcontrol db -repos drop

STARTED EMCA at Jul 24, 2006 9:53:55 PM
EM Configuration Assistant, Version 10.2.0.1.0 Production
Copyright (c) 2003, 2005, Oracle. All rights reserved.

Enter the following information:
Database SID: TESTDB
Listener port number: 1521
Password for SYS user: change_on_install
Password for SYSMAN user: manager

Do you wish to continue? [yes(Y)/no(N)]: Y
Jul 24, 2006 9:54:15 PM oracle.sysman.emcp.EMConfig perform
INFO: This operation is being logged at /u01/app/oracle/product/10.2.0/db_1/cfgtoollogs/emca/TESTDB/emca_2006-07-24_09-53-55-PM.log.
Jul 24, 2006 9:54:16 PM oracle.sysman.emcp.util.DBControlUtil stopOMS
INFO: Stopping Database Control (this may take a while) ...
Jul 24, 2006 9:54:35 PM oracle.sysman.emcp.EMReposConfig dropRepository
INFO: Dropping the EM repository (this may take a while) ...
Jul 24, 2006 9:56:48 PM oracle.sysman.emcp.EMReposConfig invoke
INFO: Repository successfully dropped
Enterprise Manager configuration completed successfully
FINISHED EMCA at Jul 24, 2006 9:56:48 PM

Recreate Database Console

To recreate the configuration files and repository for Database Console, run:

$ emca -config dbcontrol db -repos recreate

STARTED EMCA at Jul 24, 2006 10:08:20 PM
EM Configuration Assistant, Version 10.2.0.1.0 Production
Copyright (c) 2003, 2005, Oracle. All rights reserved.

Enter the following information:
Database SID: TESTDB
Database Control is already configured for the database TESTDB
You have chosen to configure Database Control for managing the database TESTDB
This will remove the existing configuration and the default settings and perform a fresh configuration
Do you wish to continue? [yes(Y)/no(N)]: Y
Listener port number: 1521
Password for SYS user: change_on_install
Password for DBSNMP user: manager
Password for SYSMAN user: manager
Email address for notifications (optional):
Outgoing Mail (SMTP) server for notifications (optional):
-----------------------------------------------------------------

You have specified the following settings

Database ORACLE_HOME ................ /u01/app/oracle/product/10.2.0/db_1

Database hostname ................ linux3
Listener port number ................ 1521
Database SID ................ TESTDB
Email address for notifications ...............
Outgoing Mail (SMTP) server for notifications ...............

-----------------------------------------------------------------
Do you wish to continue? [yes(Y)/no(N)]: Y
Jul 24, 2006 10:08:50 PM oracle.sysman.emcp.EMConfig perform
INFO: This operation is being logged at /u01/app/oracle/product/10.2.0/db_1/cfgtoollogs/emca/TESTDB/emca_2006-07-24_10-08-20-PM.log.
Jul 24, 2006 10:08:53 PM oracle.sysman.emcp.util.DBControlUtil stopOMS
INFO: Stopping Database Control (this may take a while) ...
Jul 24, 2006 10:09:29 PM oracle.sysman.emcp.EMReposConfig dropRepository
INFO: Dropping the EM repository (this may take a while) ...
Jul 24, 2006 10:11:23 PM oracle.sysman.emcp.EMReposConfig invoke
INFO: Repository successfully dropped
Jul 24, 2006 10:11:23 PM oracle.sysman.emcp.EMReposConfig createRepository
INFO: Creating the EM repository (this may take a while) ...
Jul 24, 2006 10:15:09 PM oracle.sysman.emcp.EMReposConfig invoke
INFO: Repository successfully created
Jul 24, 2006 10:15:18 PM oracle.sysman.emcp.util.DBControlUtil startOMS
INFO: Starting Database Control (this may take a while) ...
Jul 24, 2006 10:17:21 PM oracle.sysman.emcp.EMDBPostConfig performConfiguration
INFO: Database Control started successfully
Jul 24, 2006 10:17:22 PM oracle.sysman.emcp.EMDBPostConfig performConfiguration
INFO: >>>>>>>>>>> The Database Control URL is http://linux3:1158/em <<<<<<<<<<<
Enterprise Manager configuration completed successfully
FINISHED EMCA at Jul 24, 2006 10:17:22 PM

Using EMCA with Real Application Clusters

In this section, I will be using two Database Control consoles running; one on linux1 and the other on linux2. From either of these consoles, you can manage and monitor all targets in the cluster.

* For information on the current cluster configuration, you can run:

$ emca -displayConfig dbcontrol -cluster

STARTED EMCA at Jul 24, 2006 10:30:52 PM
EM Configuration Assistant, Version 10.2.0.1.0 Production
Copyright (c) 2003, 2005, Oracle. All rights reserved.

Enter the following information:
Database unique name: orcl

Do you wish to continue? [yes(Y)/no(N)]: Y
Jul 24, 2006 10:31:32 PM oracle.sysman.emcp.EMConfig perform
INFO: This operation is being logged at /u01/app/oracle/product/10.2.0/db_1/cfgtoollogs/emca/orcl/emca_2006-07-24_10-30-51-PM.log.
Jul 24, 2006 10:31:52 PM oracle.sysman.emcp.EMDBPostConfig showClusterDBCAgentMessage
INFO:
**************** Current Configuration ****************
INSTANCE NODE DBCONTROL_UPLOAD_HOST
---------- ---------- ---------------------

orcl1 linux1 linux1
orcl2 linux2 linux1


Enterprise Manager configuration completed successfully
FINISHED EMCA at Jul 24, 2006 10:31:52 PM

The above command prompts for the database unique name for the cluster database. This will print the current configuration onto the screen, indicating the nodes that have consoles running on them and the consoles where each agent is uploading.

* Create Database Console

$ emca -config dbcontrol db -repos create -cluster

STARTED EMCA at Jun 12, 2007 11:07:56 AM
EM Configuration Assistant, Version 10.2.0.1.0 Production
Copyright (c) 2003, 2005, Oracle. All rights reserved.

Enter the following information:
Database unique name: orcl
Listener port number: 1521
Cluster name: crs
Password for SYS user: change_on_install
Password for DBSNMP user: manager
Password for SYSMAN user: manager
Email address for notifications (optional):
Outgoing Mail (SMTP) server for notifications (optional):
ASM ORACLE_HOME [ /u01/app/oracle/product/10.2.0/db_1 ]: /u01/app/oracle/product/10.2.0/db_1
ASM port [ 1521 ]: 1521
ASM user role [ SYSDBA ]: SYSDBA
ASM username [ SYS ]: SYS
ASM user password:
-----------------------------------------------------------------

You have specified the following settings

Database ORACLE_HOME ................ /u01/app/oracle/product/10.2.0/db_1

Database instance hostname ................ linux1
Listener port number ................ 1521
Cluster name ................ crs
Database unique name ................ orcl
Email address for notifications ...............
Outgoing Mail (SMTP) server for notifications ...............
ASM ORACLE_HOME ................ /u01/app/oracle/product/10.2.0/db_1
ASM port ................ 1521
ASM user role ................ SYSDBA
ASM username ................ SYS

-----------------------------------------------------------------
Do you wish to continue? [yes(Y)/no(N)]: y
Jun 12, 2007 11:08:54 AM oracle.sysman.emcp.EMConfig perform
INFO: This operation is being logged at /u01/app/oracle/product/10.2.0/db_1/cfgtoollogs/emca/orcl/emca_2007-06-12_11-07-56-AM.log.
Jun 12, 2007 11:08:57 AM oracle.sysman.emcp.EMReposConfig createRepository
INFO: Creating the EM repository (this may take a while) ...
Jun 12, 2007 11:17:58 AM oracle.sysman.emcp.EMReposConfig invoke
INFO: Repository successfully created
Jun 12, 2007 11:18:07 AM oracle.sysman.emcp.EMDBCConfig instantiateOC4JConfigFiles
INFO: Propagating /u01/app/oracle/product/10.2.0/db_1/oc4j/j2ee/OC4J_DBConsole_linux1_orcl1 to remote nodes ...
Jun 12, 2007 11:18:08 AM oracle.sysman.emcp.EMDBCConfig instantiateOC4JConfigFiles
INFO: Propagating /u01/app/oracle/product/10.2.0/db_1/oc4j/j2ee/OC4J_DBConsole_linux2_orcl2 to remote nodes ...
Jun 12, 2007 11:18:12 AM oracle.sysman.emcp.EMAgentConfig deployStateDirs
INFO: Propagating /u01/app/oracle/product/10.2.0/db_1/linux1_orcl1 to remote nodes ...
Jun 12, 2007 11:18:14 AM oracle.sysman.emcp.EMAgentConfig deployStateDirs
INFO: Propagating /u01/app/oracle/product/10.2.0/db_1/linux2_orcl2 to remote nodes ...
Jun 12, 2007 11:18:15 AM oracle.sysman.emcp.util.DBControlUtil startOMS
INFO: Starting Database Control (this may take a while) ...
Jun 12, 2007 11:20:25 AM oracle.sysman.emcp.EMDBPostConfig performConfiguration
INFO: Database Control started successfully
Jun 12, 2007 11:20:25 AM oracle.sysman.emcp.EMDBPostConfig performConfiguration
INFO: >>>>>>>>>>> The Database Control URL is http://linux1:1158/em <<<<<<<<<<<
Jun 12, 2007 11:20:25 AM oracle.sysman.emcp.EMDBPostConfig showClusterDBCAgentMessage
INFO:
**************** Current Configuration ****************
INSTANCE NODE DBCONTROL_UPLOAD_HOST
---------- ---------- ---------------------

orcl1 linux1 linux1
orcl2 linux2 linux1


Enterprise Manager configuration completed successfully

FINISHED EMCA at Jun 12, 2007 11:20:26 AM

* Drop Database Console

$ emca -deconfig dbcontrol db -repos drop -cluster

STARTED EMCA at Jun 12, 2007 10:53:57 AM
EM Configuration Assistant, Version 10.2.0.1.0 Production
Copyright (c) 2003, 2005, Oracle. All rights reserved.

Enter the following information:
Database unique name: orcl
Listener port number: 1521
Password for SYS user: change_on_install
Password for SYSMAN user: manager
Do you wish to continue? [yes(Y)/no(N)]: y
Jun 12, 2007 10:54:16 AM oracle.sysman.emcp.EMConfig perform
INFO: This operation is being logged at /u01/app/oracle/product/10.2.0/db_1/cfgtoollogs/emca/orcl/emca_2007-06-12_10-53-57-AM.log.
Jun 12, 2007 10:54:19 AM oracle.sysman.emcp.util.DBControlUtil stopOMS
INFO: Stopping Database Control (this may take a while) ...
Jun 12, 2007 10:54:34 AM oracle.sysman.emcp.EMReposConfig dropRepository
INFO: Dropping the EM repository (this may take a while) ...
Jun 12, 2007 11:02:10 AM oracle.sysman.emcp.EMReposConfig invoke
INFO: Repository successfully dropped
Enterprise Manager configuration completed successfully
FINISHED EMCA at Jun 12, 2007 11:02:11 AM

Troubleshooting EMCA

If you have any problems when running emca, check the log file under:

ORACLE_HOME/cfgtoollogs/emca//

How to Create and Copy Roaming User Profiles in Windows XP

To create a roaming profile, follow these steps:

1. Click Start, right-click My Computer, and then click Properties on the shortcut menu that appears.

2. Click the Advanced tab, and then click Settings under User Profiles.

3. In the Profiles stored on this computer list, click the profile that you want.

4. To change the type of profile, click Change Type, click Roaming profile, and then click OK.

Copy a User Profile
To copy an existing user profile to another user's account, follow these steps:

1. Click Start, right-click My Computer, and then click Properties on the shortcut menu that appears.

2. Click the Advanced tab, and then click Settings under User Profiles.

3. In the Profiles stored on this computer list, click the profile that you want to copy.

4. Click Copy To.

5. In the Copy To dialog box, do one of the following:

• In the Copy profile to box, type the Universal Naming Convention (UNC) path to the target user's profile folder. For example type the following:
\\ServerName\ShareName\UsersProfileDirectory

-or- Click Browse, and then navigate to the user profile folder that you want to copy the profile to. Click OK.

6. Under Permitted to use, click Change. Type the name of the user that will be permitted to use this profile, and then click OK.

NOTE: Verify that you are not choosing users or groups from a Microsoft Windows NT-based domain, because Windows XP is designed to use Active Directory to select domains.

7. In the Copy To dialog box, click OK. If you receive a "Confirm Copy" message, click Yes.

8. Click OK twice.

Update the User Profile Path
Update the user profile path to point to the new profile. To do this, follow these steps:

1. On a domain controller, start the Active Directory Users and Computers snap-in. Expand the domain, and then expand the organizational unit that contains the user account that you want.

2. Right-click the user account that you want, and then click Properties on the shortcut menu that appears.

3. Click the Profile tab, and then type the UNC path to the new profile folder in the Profile path box.

4. Click Apply, and then click OK.
After the user has successfully logged on, the profile is saved on the server as a roaming profile, and any profile changes are saved to the server.

How to Create a VPN site-to-site IPsec Tunnel Mode Connection Between an ISA 2006 Firewall and a Cisco Router

How to create a bootable WinPE 2.0 USB key

Windows Preinstallation Environment (PE) 2.0 is a slimed down version of Windows (hence all the MiniNT references) that used to be the exclusive domain of OEM's providers. Microsoft has wisely chosen to offer this to the masses as part of the Windows AIK. USB keys can be found just about anywhere these days for next to nothing. Combine the capabilities of WinPE with the portability of a USB key and you just made a very powerful troubleshooting, imaging, and data recovery tool. Here is a quick step by step on how to do just that:

Step 1. ) Get USB Key
You probably already have a few and if not you can purchase these just about anywhere, so I won't tell you where to get one. You should get a USB 2.0 device of at least 512mb in size, but if you plan on putting a lot into a custom PE install or plan on using it to transfer data too then you are better served getting a larger size (2.0-4.0GB)

Step 2.) Download and Install the Windows Automated Installation Kit (Windows AIK). Here is the download link from Microsoft.
This deployment oriented tool set contains Windows PE 2.0.

Step 3.) Format the USB key
Note: This must be done from Windows Vista
Start a command prompt and run the following. This set of commands assumes your USB key is detected as disk 1, you should double check that by doing a list of the disks before cleaning it. If you have multiple hard drives you could end up wiping your second drive using this command. You have been warned.

* Diskpart
* select disk 1
* clean
* create partition primary
* select partition 1
* active
* format fs=fat32
* assign
* exit

Step 4.) Setup Windows PE
* In this step you will create and customize WinPE for your disk. From the machine that you installed the Windows AIK go to the start menu and select "Windows PE Tools Command Prompt" from under the Windows AIK program folder.
* Run Copype.cmd x86 c:\winpe_x86
o you can create an 64-bit version by changing the architecture from x86 to amd64
* Add customizations to WinPE
o copy any tools you want available to the C:\winpe_x86\iso folder such as imaging tools if you want to use this for capturing images (imagex, wimscript.ini)

Step 5 .) Copy Windows PE to USB Key
Insert the USB key into the machine that you have WinPE on and run the following command to copy the contents to the USB Key
xcopy c:\winpe_x86\iso\*.* /s /e /f e:\
change c: to reflect the drive your files on and e: to be your USB key.

There you have it...a quick way to make a handy USB version of WinPE that you can take with you anywhere. These can be used in almost any modern computer that supports USB booting. More information on this and other great things you can do with Windows PE are located in the Windows AIK.

How to configure VLANs in HP Procurve

Here are the command to configure VLANs in HP Procurve

Its pretty easy to create vlan in HP procure Switches Follow the following steps

Cofig t

vlan 10

name "VLAN10"

untagged 1-12

ip address 192.168.10.1 255.255.255.0

tagged 25-26

exit

vlan 11

name "VLAN11"

192.168.11.1 255.255.255.0

untagged 13-24

tagged 25-26

exit

ip routing

tagged 25-26 is equivalent to trunking for Cisco Switches

untagged command make the required ports to be the part of vlan you want.

From the above example ports 1 - 12 are part of vlan 10 & port from 13-24 part of vlan 11 and ports 25 & 26 are trunk ports can carry vlan information for vlan 10 & 11 make sure you configure ip routing to en bale intervlan routing

Also check this post

http://www.experts-exchange.com/Networking/Networking_Hardware/Switches/Q_23529300.html

How to change the Windows Vista Power Buttons to Shut Down

The default action for the Power button on the start menu in Windows Vista is Sleep, which isn't necessarily useful for everybody. You can configure this setting easily by using the advanced power settings panel, which is a little tricky to get to normally, but we'll take the shortcut.

Open a command prompt (type cmd into the start menu search bar), and then type in the following:

powercfg.cpl,1

You could also take the long route (Control Panel \ Power Options \ Change Plan Settings \ Change Advanced Power Settings)

Once you get to this dialog, browse down as shown to "Power buttons and lid"

From here, you can change the options:

  • Power button action - Changes the hardware power button action
  • Start menu power button - Changes the power button on the Start Menu

You can change the power button to either Sleep, Hibernate or Shut Down, or even nothing for the hardware power button.

How to change the name of an SQL Server machine

You may experience problem with replication and linked servers and none of SQL Agent jobs are going to work properly after rename of the server.

Here is the script that we can run on the SQL server 2000 after server get renamed in XP/2000/NT level:


sp_helpserver --to see the list of servers

-- probably only yours and probably the old name?

exec sp_dropserver 'OLD SERVER NAME'

go

exec sp_addserver 'NEW SERVER NAME', local Go

-- In SQL Server 2000 do the following!!!

USE msdb

go

Update msdb..sysjobs

set originating_server = 'NEW SERVER NAME'

where originating_server = 'OLD SERVER NAME'

go

-- Then restart SQL server services. You're done for 2000

DHCP Snooping on HP Procurve

The documentation for HP’s DCHP-snooping is limited, but there is a rather good description to be found in the firmware documentation (beginning from page 80).

There are several ways in which DHCP-snooping can work, in this example I’ll use a simple, port-based configuration.

SomeCoolSwitch# config

SomeCoolSwitch(config)# dhcp-snooping

SomeCoolSwitch(config)# dhcp-snooping vlan 1

SomeCoolSwitch(config)# interface 26

SomeCoolSwitch(eth-49)# dhcp-snooping trust

SomeCoolSwitch(eth-49)# exit

SomeCoolSwitch(config)# write mem

The command “dhcp-snooping” will globally enable DHCP-snooping. You will have to enable DHCP-snooping on certain VLANs to make it work. When enabled on a VLAN, all ports of the switch will be (by default) untrusted, in this example I set “interface 26 to be the trusted switchport. When implementing into a larger network, uplink ports or trunks will have to be trusted.

How does cross subnet browsing work

This information derived from the samba (NT for un*x) documentation

Consider a network set up as follows :


(DMB)
N1_A N1_B N1_C N1_D N1_E
| | | | |
-------------------------------------------------------
| subnet 1 |
+---+ +---+
|R1 | Router 1 Router 2 |R2 |
+---+ +---+
| |
| subnet 2 subnet 3 |
-------------------------- ------------------------------------
| | | | | | | |
N2_A N2_B N2_C N2_D N3_A N3_B N3_C N3_D
(WINS)

Consisting of 3 subnets (1, 2, 3) conneted by two routers (R1, R2) - these do not pass broadcasts. Subnet 1 has 5 machines on it, subnet 2 has 4 machines, subnet 3 has 4 machines. Assume for the moment that all these machines are configured to be in the same workgroup (for simplicities sake). Machine N1_C on subnet 1 is configured as Domain Master Browser (ie. it will collate the browse lists for the workgroup). Machine N2_D is configured as WINS server and all the other machines are configured to register their NetBIOS names with it.

As all these machines are booted up, elections for master browsers will take place on each of the three subnets. Assume that machine N1_C wins on subnet 1, N2_B wins on subnet 2, and N3_D wins on subnet 3 - these machines are known as local master browsers for their particular subnet. N1_C has an advantage in winning as the local master browser on subnet 1 as it is set up as Domain Master Browser.

On each of the three networks, machines that are configured to offer sharing services will broadcast that they are offering these services. The local master browser on each subnet will receive these broadcasts and keep a record of the fact that the machine is offering a service. This list of records is the basis of the browse list. For this case, assume that all the machines are configured to offer services so all machines will be on the browse list.

For each network, the local master browser on that network is considered 'authoritative' for all the names it receives via local broadcast. This is because a machine seen by the local master browser via a local broadcast must be on the same network as the local master browser and thus is a 'trusted' and 'verifiable' resource. Machines on other networks that the local master browsers learn about when collating their browse lists have not been directly seen - these records are called 'non-authoritative'.

At this point the browse lists look as follows (these are the machines you would see in your network neighborhood if you looked in it on a particular network right now).

Subnet Browse Master List
Subnet1 N1_C N1_A, N1_B, N1_C, N1_D, N1_E
Subnet2 N2_B N2_A, N2_B, N2_C, N2_D
Subnet3 N3_D N3_A, N3_B, N3_C, N3_D

Note that at this point all the subnets are separate, no machine is seen across any of the subnets.

Now examine subnet 2. As soon as N2_B has become the local master browser it looks for a Domain master browser to synchronize its browse list with. It does this by querying the WINS server (N2_D) for the IP address associated with the NetBIOS name WORKGROUP<1b>. This name was registerd by the Domain master browser (N1_C) with the WINS server as soon as it was booted.

Once N2_B knows the address of the Domain master browser it tells it that is the local master browser for subnet 2 by sending a MasterAnnouncement packet as a UDP port 138 packet. It then synchronizes with it by doing a NetServerEnum2 call. This tells the Domain Master Browser to send it all the server names it knows about. Once the domain master browser receives the MasterAnnouncement packet it schedules a synchronization request to the sender of that packet. After both synchronizations are done the browse lists look like :

Subnet Browse Master List
Subnet1 N1_C N1_A, N1_B, N1_C, N1_D, N1_E,
N2_A(*), N2_B(*), N2_C(*), N2_D(*)
Subnet2 N2_B N2_A, N2_B, N2_C, N2_D
N1_A(*), N1_B(*), N1_C(*), N1_D(*), N1_E(*)
Subnet3 N3_D N3_A, N3_B, N3_C, N3_D
Servers with a (*) after them are non-authoritative names.

At this point users looking in their network neighborhood on subnets 1 or 2 will see all the servers on both, users on subnet 3 will still only see the servers on their own subnet.

The same sequence of events that occured for N2_B now occurs for the local master browser on subnet 3 (N3_D). When it synchronizes browse lists with the domain master browser (N1_A) it gets both the server entries on subnet 1, and those on subnet 2. After N3_D has synchronized with N1_C and vica-versa the browse lists look like.

Subnet Browse Master List
Subnet1 N1_C N1_A, N1_B, N1_C, N1_D, N1_E,
N2_A(*), N2_B(*), N2_C(*), N2_D(*),
N3_A(*), N3_B(*), N3_C(*), N3_D(*)
Subnet2 N2_B N2_A, N2_B, N2_C, N2_D
N1_A(*), N1_B(*), N1_C(*), N1_D(*), N1_E(*)
Subnet3 N3_D N3_A, N3_B, N3_C, N3_D
N1_A(*), N1_B(*), N1_C(*), N1_D(*), N1_E(*),
N2_A(*), N2_B(*), N2_C(*), N2_D(*)

Servers with a (*) after them are non-authoritative names.

At this point users looking in their network neighborhood on subnets 1 or 3 will see all the servers on all sunbets, users on subnet 2 will still only see the servers on subnets 1 and 2, but not 3.

Finally, the local master browser for subnet 2 (N2_B) will sync again with the domain master browser (N1_C) and will recieve the missing server entries. Finally - and as a steady state (if no machines are removed or shut off) the browse lists will look like :

Subnet Browse Master List
Subnet1 N1_C N1_A, N1_B, N1_C, N1_D, N1_E,
N2_A(*), N2_B(*), N2_C(*), N2_D(*),
N3_A(*), N3_B(*), N3_C(*), N3_D(*)
Subnet2 N2_B N2_A, N2_B, N2_C, N2_D
N1_A(*), N1_B(*), N1_C(*), N1_D(*), N1_E(*)
N3_A(*), N3_B(*), N3_C(*), N3_D(*)
Subnet3 N3_D N3_A, N3_B, N3_C, N3_D
N1_A(*), N1_B(*), N1_C(*), N1_D(*), N1_E(*),
N2_A(*), N2_B(*), N2_C(*), N2_D(*)

Servers with a (*) after them are non-authoritative names.

Synchronizations between the domain master browser and local master browsers will continue to occur, but this should be a steady state situation.

If either router R1 or R2 fails the following will occur:

  1. Names of computers on each side of the inaccessible network fragments will be maintained for as long as 36 minutes, in the network neighbourhood lists.
  2. Attempts to connect to these inaccessible computers will fail, but the names will not be removed from the network neighbourhood lists.
  3. If one of the fragments is cut off from the WINS server, it will only be able to access servers on its local subnet, by using subnet-isolated broadcast NetBIOS name resolution. The effects are similar to that of losing access to a DNS server.

Error message when you try to access a mapped drive that is mapped to a Windows XP-based computer from Windows Vista

Consider the following scenario. You map a drive to a Windows XP-based computer from a Windows Vista-based computer. When you try to access the mapped drive from the Windows XP-based computer, you receive the following error message:

System error 5 has occurred.
Access is denied.

This problem occurs if the following conditions are true:
* Both computers are members of a workgroup.
* You do not give the Full Control shared permission to the Everyone group.
* You give the Full Control shared permission to the Administrators group.

Note This access failure occurs regardless of the NTFS file system permissions that are assigned to the mapped drive.

To work around this problem, change the value of the LocalAccountTokenFilterPolicy registry entry on the Windows Vista-based computer so that full credentials can be passed between Windows Vista and Windows XP.

1. Click Start, type regedit in the Start Search box, and then click regedit.exe in the Programs list. If you are prompted for an administrator password, type your password. Or, if you are prompted for confirmation, click Continue.

2. Locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System

3. If the LocalAccountTokenFilterPolicy registry entry does not exist, follow these steps:
* On the Edit menu, point to New, and then click DWORD Value.
* Type LocalAccountTokenFilterPolicy, and then press ENTER.

4. Right-click LocalAccountTokenFilterPolicy, and then click Modify.

5. In the Value data box, type 1, and then click OK.

6. Exit Registry Editor.

The LocalAccountTokenFilterPolicy registry entry in the registry can have a value of 0 or of 1. These values change the behavior of the registry entry as follows.
Collapse this tableExpand this table

Value Description
0 This value builds a filtered token. This is the default value. The administrator credentials are removed.
1 This value builds an elevated token.

dcpromo error in Windows Server 2003 R2

When you try to run the Active Directory Installation Wizard on a Microsoft Windows Server 2003 R2 server, the wizard does not finish, and you may receive the following error message:

The Active Directory Installation Wizard cannot continue because the forest is not prepared for installing Windows Server 2003. Use the Adprep command-line tool to prepare both the forest and the domain. For more information about using the Adprep, see Active Directory Help.
The version of the Active Directory schema of the source forest is not compatible with the version of Active Directory on this computer.

This issue may occur when Active Directory has not been updated with the Windows Server 2003 R2 schema extensions..

To resolve this issue, run the adprep.exe /forestprep command from the Windows Server 2003 R2 installation disk 2 on the schema master. To do this, insert the Windows Server 2003 R2 installation disk 2, and then type the following command:

Drive:\CMPNENTS\R2\ADPREP\adprep.exe /forestprep

The correct version of the ADPrep.exe tool for Windows Server 2003 R2 is 5.2.3790.2075.

You can verify the operating system support level of the schema by looking at the value of the Schema Version registry subkey on a domain controller. You can find this subkey in the following location:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NTDS\Parameters

You can also verify the operating system support level of the schema by using the Adsiedit.exe utility or the Ldp.exe utility to view the objectVersion attribute in the properties of the cn=schema,cn=configuration,dc= partition. The value of the Schema Version registry subkey and the objectVersion attribute are in decimal.

Schema Version ObjectVersion values and corresponding operating system support level
  • 13=Microsoft Windows 2000
  • 30=Original release version of Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1 (SP1)
  • 31=Microsoft Windows Server 2003 R2

Hyper-V Update List

http://technet.microsoft.com/en-us/library/dd430893.aspx

An easy way to bulk copy sharepoint document libraries

To accomplish this, you first need to setup a Network Place to the SharePoint server. This steps to do this vary slightly based on the operating system you are using. Under Windows XP Professional, follow the steps below:
1. Open My Network Places.
2. From the Network Tasks pane, select 'Add a Network Place'.
3. The Add a Network Place Wizard will appear. On the opening screen, click Next.
4. Select 'Choose another network location' and click Next.
5. In the Internet or Network Address, type the URL to the SharePoint implementation you want to connect to. This should be in the format of https://mysps.mysite.gr
6. Give the new Network Place a high-level name like 'My Portal Site'.
7. Click Finish, and if you accept the defaults on this screen, the Network Place for your portal will open in a browser window.
8. Now, navigate to the location of your document library. Open another explorer windows to the source of your documents and simply drag-n-drop files and folders directly into the document library.

How do I configure SNMP on ZyXEL router

You can use the commands below to configure SNMP on your CPE:

>sys snmp get
>sys snmp set
>sys snmp trusthost
>sys snmp trap

Fox example:

ras> sys snmp
display get set trusthost
trap discard save clear
ras> sys snmp get
Usage: get
ras> sys snmp get 1234
ras> sys snmp set 1234
ras> sys snmp trusthost 192.168.1.33
ras> sys snmp trap
community destination
ras> sys snmp trap community 1234
ras> sys snmp trap destination 192.168.1.33
ras> sys snmp save

In this example, my snmp manager's ip is 192.168.1.33, and the get community and set commnunity at my manager side is also 1234, when this two commnunity(snmp manager and CPE) match, then you can success to get and set variables of you CPE from snmp manager side.
Also the CPE can send trap messages to your snmp manager.

Retrieving ios running-config via scp

First, you need to ensure that ssh and scp have been enabled. I strongly recommend that you run ssh version 2.

ip ssh version 2
ip scp server enable

Then, on your PC:
You should then have a file called “running-config” in that directory. Pretty simple…

If you want to grab the startup-config instead of the running-config, try:

By using RSA keys to eliminate the password prompt at login, this method could be expanded to form the basis of an automated config backup. I know that various apps already exist, but a lot of them retrieve the config via “expect” scripts, basically executing a “show run” and capturing the output.

Another method of retrieving the config is via SNMP, however unless you’re using SNMP v3 with encryption, this method is potentially insecure.

Windows Vista fails to obtain IP Address from DHCP Server

Sometimes your Windows Vista will fail to obtain an IP Address from a DHCP server like your Broadband or Wireless router. This is due to a design change in Windows Vista. Unlike in Windows XP (and in the later Windows 7 Beta), Windows Vista DHCP Discovery packets have Broadcast flag enabed by default. This means some of the routers or devices acting as a DHCP server which doesn’t support Broadcast flag set in incoming DHCP discovery packetsmay fail to serve the Windows Vista machine with an IP Address.

To resolve the problem, you can either get Windows Vista to toggle with Broadcast flag set and unset in the DHCP discovery packet to obtain an IP Address or if you know for sure that your DHCP server doesn’t support Broadcast flag can then you can unset the Broadcast flag permanently. Both these can be achieved from modifiying Windows Registry keys.

Toggle Broadcast Flag in DHCP Discovery

NOTE: This should work for Windows 7 Beta as well if you need to enable toggle.

To make Windows Vista try to obtain IP Address from a DHCP server with a DHCP discovery packet set with the broadcast flag and on its failure unset the broadcast flag and try again to obtain an IP Address, try the following:

1. From Start - Search, type regedit and press Enter.

2. Navigate to the following Registry key in the leftpane:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\]

HKEY_LOCAL_MACHINE\SYSTEM

\CurrentControlSet

\Services

\Tcpip

\Parameters

\Interfaces

From the many GUIDs, choose the one that is for your Network Card and in the rightpane add a new DWORD as “DhcpConnEnableBcastFlagToggle” and set its value to “1″. This will enable the toggle. If you choose to revert to defaults then you can simply delete key.

Unset Broadcast Flag in DHCP Discover Packets

If you for sure know that your DHCP server doesn’t support broadcast flag set in incoming DHCP Discovery packets then you can simply unset it permanently by the adding a new “DhcpConnForceBroadcastFlag” DWORD and its value to “0″ [default in Windows 7 beta and Windows XP]. If you choose to revert to defaults at a later time then simply delete the key.

How to Rename Windows Server 2008 Domain Controller

If you want to rename your win server 2008 domain controller after server migration you can do this using netdom.exe utility.
You need to make sure you have an additional domain controller before proceeding with this procedure.This utility is builtin in to the win server 2008.
Note:- Domain Controllers running Microsoft’s Certificate Authority services (CA) can never be renamed.

Procedure to Follow

Open Command Prompt fro Start>Run>cmd type the following command

netdom computername CurrentComputerName/add:NewComputerName

This command will update the service principal name (SPN) attributes in Active Directory for this computer account and register DNS resource records for the new computer name. The SPN value of the computer account must be replicated to all domain controllers for the domain and the DNS resource records for the new computer name must be distributed to all the authoritative DNS servers for the domain name. If the updates and registrations have not occurred prior to removing the old computer name, then some clients may be unable to locate this computer using the new or old name.

Ensure the computer account updates and DNS registrations are completed and now type

netdom computername CurrentComputerName/makeprimary:NewComputerName

Restart your windows server 2008

Open Command Prompt fro Start>Run>cmd type the following command

netdom computername NewComputerName/remove:OldComputerName

Options in Detail

CurrentComputerName :- The current, or primary, computer name or IP address of the computer you are renaming.

NewComputerName :- The new name for the computer. The NewComputerName must be a fully qualified domain name (FQDN).

OldComputerName :- The old name of renamed computer.

Enable or Disable some or all of IPv6 capabilities in Windows Vista and Windows Server 2008

By default all the supported features for IPv6 are enabled in Windows Vista and Windows Server 2008. However, if you are not using IPv6 yet then you don’t need to be enabled at all or if you do use and want some of the components be disabled because you don’t use it then this can be done Windows Registry.


The features/components that you can control in IPv6 from the Windows Registry include

Intra-Site Automatic Tunnel Addressing Protocol (ISATAP)

6to4 based interfaces

Teredo-based interfaces

IPv6 over all non-tunnel interfaces, including LAN interfaces and Point-to-Point Protocol (PPP)-based interfaces

Default prefix policy table to prefer IPv4 to IPv6 when attempting connections

The following procedure to edit the Windows Registry should help you control IPv6 capabilities in Windows Server 2008 & Windows Vista.

1. Click Start - Search and type “regedit”. This launches the WIndows Registry.

2. In the registry, navigate to the following registry key

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters]

HKEY_LOCAL_MACHINE
\SYSTEM
\CurrentControlSet
\Services
\Tcpip6
\Parameters

3. In the right pane, right-click and select New - DWORD (32-bit value) and set its name as “DisabledComponents” and set its value as one of the following based on the requirement

“0″ - Enable All IPv6 Interfaces (Default)

“FF” (equivalent binary value is 11111111) - Disable All IPv6 interfaces

“2″ (equivalent binary value is 00000001)- Disable All 6to4 Interfaces

“4″ (equivalent binary value is 00000010) - Disable all ISATAP interfaces

“8″ (equivalent binary value is 00000100)- Disable all Teredo based interfaces

“10″ (equivalent binary value is 00001000)- Disable IPv6 over all non-tunnel based interfaces including LAN & PPP

“20″ (equivalent binary value is 00010000) - Default prefix policy table to prefer IPv4 over IPv6

Configuring ISA Server on a Computer with a Single Network Adapter

http://technet.microsoft.com/en-us/library/cc302586.aspx

Configuring Roaming User Profiles

http://technet.microsoft.com/en-us/library/cc738596.aspx

Commands and Tools for Managing Windows Server 2008 Server Core

Full server and server core installations are different when it comes to local console administration. With a full server installation, you have a UI that includes a full desktop environment for local console management of the server. With a core server installation, you have a minimal UI that includes a limited desktop environment for local console management of the server. This minimal interface includes:

  • Windows Logon screen for logging on and logging off
  • Notepad for editing files
  • Regedit for managing the registry
  • Task Manager for managing tasks and starting new tasks
  • Command Prompt for administration via the command line
After you log on to a core-server installation, you have a limited desktop environment with an Administrator command prompt. You can use this command prompt for administration of the server. If you accidentally close the command prompt, you can start a new command prompt by following these steps:

1. Press Ctrl+Shift+Esc to display Task Manager.

2. On the Applications tab, click New Task.

3. In the Create New Task dialog box, type cmd in the Open field and then click OK.

You can start Notepad and Regedit directly from a command prompt by entering notepad.exe or regedit.exe as appropriate. To open Control Panel, type intl.cpl.

At the command prompt, you’ll find that you have all the standard commands and command-line utilities available for managing the server. However, keep in mind that commands, utilities, and programs will only run if all of their dependencies are available in the core-server installation.

While core-server installations support a limited set of roles and role services, you can install most features. The key exceptions are those that depend on the .NET Framework. Because the Microsoft .NET Framework is not supported in the original implementation, you cannot add features such as Windows PowerShell. And you can use Terminal Services to manage a core-server installation remotely.

Here is an overview of key commands and utilities you’ll use for managing server core installations while logged on locally:

Control desk.cpl - View or set display settings.

Control intl.cpl - View or set regional and language options, including formats and the keyboard layout.

Control sysdm.cpl - View or set system properties.

Control timedate.cpl - View or set the date, time, and time zone.

Cscript slmgr.vbs –ato - Activate the operating system.

DiskRaid.exe - Configure software RAID.

ipconfig /all - List information about the computer’s IP address configuration.

NetDom RenameComputer - Set the server’s name and domain membership.

OCList.exe - List roles, role services, and features.

OCSetup.exe - Add or remove roles, role services, and features.

PNPUtil.exe - Install or update hardware device drivers.

Sc query type=driver - List installed device drivers.

Scregedit.wsf - Configure the operating system. Use the /cli parameter to list available
configuration areas.

ServerWerOptin.exe - Configure Windows Error Reporting.

SystemInfo - List the system configuration details.

WEVUtil.exe - View and search event logs.

Wmic datafile where name=“FullFilePath” get version - List a file’s version.

Wmic nicconfig index=9 call enabledhcp - Set the computer to use dynamic IP addressing rather than static IP addressing.

Wmic nicconfig index=9 call enablestatic(“IPAddress”), (“SubnetMask”) - Set a computer’s static IP address and network mask.

Wmic nicconfig index=9 call setgateways(“GatewayIPAddress”) - Set or change the default gateway.

Wmic product get name /value “ - List installed MSI applications by name.

Wmic product where name=“Name” call uninstall - Uninstall an MSI application.

Wmic qfe list - List installed updates and hotfixes.

Wusa.exe PatchName.msu /quiet - Apply an update or hotfix to the operating system.

Error message assigning IP to a NIC

When you enter the IP Address on a NIC, you receive:

   The IP address  you have entered for this network
adapter is already assigned to another adapter .
is hidden from the network and Dial-up Connections
folder because it is not physically in the computer or is a legacy adapter
that is not working. If the same address is assigned to both adapters and
they become active, only one of them will use this address. This may result
in incorrect system configuration. Do you want to enter a different IP
address for this adapter in the list of IP addresses in the advanced dialog box?
Where is the IP address that you are trying to set and is the name of the network adapter that is present in the registry but hidden in Device Manager.

If you press Yes, you can change the IP Address. If you press No, your NIC and the ghosted NIC have the same address. This is not normally a problem as the driver for the ghosted NIC is disabled.

This problem is genrally caused by moving the NIC to a different PCI slot.

To fix the problem:

1. Open a CMD prompt.

2. Type:

set devmgr_show_nonpresent_devices=1

3. Type:

Start DEVMGMT.MSC

4. Press View and Show Hidden Devices.

5. Expand the Network Adapters tree.

6. Right-click the ghosted NIC and press Uninstall.

Use VSSAdmin to manage System Restore size

In order to manage the Volume Shadow Copy Service and ultimately System Restore, you’ll use the VSSAdmin command-line tool — there is no GUI tool in Vista for configuring System Restore. In order to run VSSAdmin, you must launch an elevated Command Prompt window.

To begin, right-click on the Command Prompt shortcut and select the Run as Administrator command. When you encounter the UAC, you will need to respond appropriately.

You can now use the VSSAdmin command-line tool to investigate and configure System Restore and the Shadow Copy Service. For example, you can obtain a list of all the restore points currently saved on the system by using the command:
vssadmin list shadows

You can see how much disk space is allocated to and used by System Restore and the Shadow Copy Service system by using the command:
vssadmin list shadowstorage

You can reset the value of the Maximum Shadow Copy Storage space setting using the command:
vssadmin resize shadowstorage /for= /on= [/maxsize=

On my problem system, I reset the Maximum Shadow Copy Storage space setting to 15GB using the command:
vssadmin resize shadowstorage /for=c: /on=c: /maxsize=15GB

Once the operation was complete, restart the system.