Work – Page 23

Windows Server 2008

February 16, 2008June 21, 2013 Christian Leave a comment

Well, as it is Saturday and I’m having lots of time (whereas I’d usually spend it working), I thought I’d give Windows Server 2008 a try. What interested me most, is the Windows Server 2008 “Server Core Installations“, as it’s supposed to lower the security risk (as there is *no* Internet Explorer, no Explorer nothing running by default, only a simply cmd.exe).

As one of my co-workers requested me to upload the Standard/Enterprise/Datacenter DVD (which he got through our Microsoft Select 6.0(?) agreement) to our ISO’ VMFS, I had the DVD already at hand. As for that, I *really* love the feature set of VMware.

Deploying a new VM (even if you have to reinstall it) is quite fast (took me about 20 minutes, which I used to get some breakfast – it was only 6:30am). That’s about when I figured, how damn greedy Windows Server 2008 is. 16GiB hard disk as default installation and 2GiB RAM for a simple server ? Damn.

Been a while

February 16, 2008August 16, 2014 Christian 2 Comments

Well, it’s been quite a while since most of the people last heard a word from me. The last few months I’ve been extremely busy with work-related tasks (and as a side-effect of that, didn’t want to spend much time in front of the computer after 9 hours of work). I also started spending more and more time in the gym, like nearly two hours every Tuesday and Thursday.

I finally fixed our replication issues, we do now have a working! MySQL Multi-Master (1. Node, 2. Node — bear in mind, this boxes are *only* serving MySQL and nothing else, so don’t use these configurations on mixed setups) Replication Setup as database back end for our TYPO3-vHosts.
all the web nodes are now serving the content from a clustered, shared SAN volume (is that a good thing ? 😛 – don’t know yet …)
our VI environment is getting more and more acceptance (even if you hear some complaints now and then, like “awww, damn that crap my 4GiB RAM, 2×3.0GHz Windows 2008 is running soooo choppy” – simple answer, don’t use Windows Server 2008 and/or Windows Vista!)
I finished prepping our VM templates (at least the Windows ones)
we’re still putting together the plans on whether or not invest into a VDI solution.

The next few weeks are gonna be as frantic as the weeks before, I still have to migrate a lot of TYPO3 installations to our new cluster (which sadly needs time, as we need to wait for DNS changes to propagate). Honestly, I might be ending up extending the SAN volume for the MySQL data storage, as even with only three somewhat busy sites, the binary log of the last 5 days is about 2GiB in size. And we still have ~20 other busy sites on a separate box.

Lucky me, I created the MySQL data storage on a logical volume, so I can easily extend the volume in the san-manager semi-online (the fs needs to be unmounted and thus the MySQL process), then extend the physical volume (LVM2 PV) and the logical volume (LV) afterwards, and at last the underlying EXT3 file system.

As some of you know by now, I am on ~~extended leave for now~~. I don’t have tree access (at my own request), though I’m gonna try to keep up with Chris and 2008.0 … So long!

PacketPro 1.7.0

January 15, 2008August 16, 2014 Christian Leave a comment

After blogging the last time about the PacketPro 450 LoadBalancer appliance, the guys over at teamix seem to have taken that to heart and implemented a rather nifty thing for their new release.

It’s called “Port forwarding“, which is basically what you’d figure from the name. It bounces ports around the load balancer, but saves you from creating a separate virtual server (and adding the physical servers to that one), but also saves you from modifying the syslog-ng configuration on the balanced servers.

Deploying VM templates

January 8, 2008June 21, 2013 Christian Leave a comment

Ok, so after my first day yesterday after a rather long vacation I today wanted to look at the problem that the Administrator password isn’t changed when using VirtulCenter’s clone customization functionality (which relies at least for Windows on sysprep).

After a short googling, I stumbled upon this.

Simple problem short … Don’t specify an Administrator password for the template. Then you should be able to change the Administrator password when cloning the template. It’s “should“, as the VM’s are still updating.

And it really works. After emptying the Administator password, the cloning works just fine. Damn sysprep bug …

Looking back (yet again)

December 31, 2007June 21, 2013 Christian Leave a comment

Well, it’s yet again New Year’s Eve. Yet again a whole year passed by blazing fast, I didn’t manage to get everything done like I wanted.

That includes the following things:

getting a better job (and probably better paid too!)
getting a better life (well, it’s as it sounds like – my current life is rather unhealthy, and thanks to a friend I got the grip onto myself and started changing a few things – like doing a small workout every day, a bit more movement all over the day and so forth)

Which also means I do have some resolutions for the next year …

Become more active (like do a longer workout each day)
Get a better paid job (even if that’s going to hurt some people)
Fix my remaining health problems (like my foot, the back, …)

Now that sounds like I didn’t get anything done in the last 365 days, but that I sure did.

I finally managed to make my way through the slackers list (Fabian accused me I’d be orphaning half the tree – if at all, it was 1/12),
I did some major changes at work (though I still need to do some things – like fixing the MySQL replication with TYPO3).

I do have the feeling that the next year is gonna get interesting real soon. I do have a project for the implementation of a VDI based class-room scheduled early next year (budget still pending – so it’s a maybe); we still do have to review the available possibilities (which includes Dell – who apparently implemented exactly this for some university/technical university in Brandenburg), as well as some other small purchases.

Gentoo wise I can’t tell yet whether or not I still want to be part of it. The last few months have been rather tough for me, I’ve been haunted by guilt for other things, so I couldn’t care much about Gentoo. I’ve put away some of the burdens I had, in order to focus on the fun aspects of our beloved distribution (there isn’t much left sadly).

I’d like to thank those who had extra patience with me, thank those who took the time to talk to me, those who cheered me up when I needed it. It’s been a tough time, but thanks to a lot of amazing people (Norman, Michel, Christina, Alex, Diego, Ned, Chris, Robin, …) I got through it and I’m still here – alive and kicking 😛 !

Oh, and a happy new year !!

Device CAL’s ain’t no Device CAL’s ?

December 4, 2007June 21, 2013 Christian Leave a comment

I stumbled upon a *real* weird problem. Apparently the terminal server licenses called “per Device” ain’t a real per device. From reading on it Microsoft states it like this:

Device-based versus User-based Terminal Server CALs

Two types of Terminal Server Client Access Licenses are available: TS Device CAL or TS User CAL.

A TS Device CAL permits one device (used by any user) to conduct Windows Sessions on any of your servers.

A TS User CAL permits one user (using any device) to conduct Windows Sessions on any of your servers.

You may choose to use a combination of TS Device CALs and TS User CALs simultaneously with the server software.

If I take the above and take a closer look at my terminal server license server I’ll see something like this:

As you can see, I *do* have devices with more than a single license (in fact, several of them do have more then four), which from my understanding ain’t what Microsoft had in mind.

After noticing this, I initially thought my terminal servers had the wrong license mode, but as you can see below, they are using “per Device“.

Which means, I am completely clueless at this point, as they *really* should be using just a single license, and not multiple ones.

Update:

Ok, after experimenting a bit with it, it seems that a license seems to be tied to the SSID. Which would explain, why I see different CAL’s for a single device. We reflashed the thin clients in between (and within that process, the SSID is freshly generated), so that’d be the only explanation I’ve got for what I’m seeing.

Windows terminal services & network printers

October 30, 2007June 21, 2013 Christian 2 Comments

Yes, yes. I do list a lot of crappy products (go on, laugh; I don’t really care). Yesterday I had quite a struggle with Microsoft Windows Server 2003 and Terminal services (or more precisely with their way on how to deal with network printers).

As most of you know, there a two (possibly three) different ways on how to do network printers.

would be, to simply share a local connected printer by simply creating a share for the printer
buy a smart printer with integrated print server
a combination of 1. and 2.

We luckily enough do have printers with integrated print servers, so that wouldn’t be a problem. *But* you get a problem if you’re trying to monitor the printer queue if you simply create a new TCP/IP connection from another target. You simply can’t tell who’s printing what.

So we tried to find a way to reuse the already shared printers. And there actually is. Simply create a new local printer (as you would if you’d use the TCP/IP way), but don’t select TCP/IP, select Local Port instead. That’s the whole catch (I’ve been trying to figure that out half the day yesterday). Then simply supply the location (it’s URI formatted like this.is.my.printer.servarYour shady Printer) and click through the dialog.

The only catch with this is, that you have to install any non-standard printer drivers locally. That’s why I tried reusing the already present network drivers, but Windows treats Printers and Network printers differently. The former is treated as a global object (as in visible to all users on the current machine), the latter is only visible to the current user.

*Babing*

VBscript & Active Directory and printers ? (continued)

October 25, 2007August 16, 2014 Christian 1 Comment

As I posted earlier, I tried working around some limitations in Microsoft’s Active Directory by teaching the script some intelligence.

But, since we recently started using Thin Clients, all the stuff I did with the fancy vbs was just a waste-of-time. Turns out, Windows XP Embedded doesn’t work quite the same as a “normal” Windows XP (that’s where I tested the script on), and it simply dies when running the WMI Query. Bollocks.

So I switched back, utilizing a shortcut in Startup, but pointing to the shortened vbs (see below) instead of the ugly batch file someone wrote.

Set WshNetwork = CreateObject("WScript.Network")

WshNetwork.AddWindowsPrinterConnection "\nas.barfoo.orgKyocera FS-9100DN KX"
' Set the default printer to something useful
WshNetwork.SetDefaultPrinter "\nas.barfoo.orgKyocera FS-9120DN KX"

Set WshNetwork = CreateObject("WScript.Network")

WshNetwork.AddWindowsPrinterConnection "\nas.barfoo.orgKyocera FS-9100DN KX"

' Set the default printer to something useful

WshNetwork.SetDefaultPrinter "\nas.barfoo.orgKyocera FS-9120DN KX"

But even that doesn’t work all the time, I still have to figure out why.

VBscript & Active Directory and printers ?

October 13, 2007June 21, 2013 Christian 1 Comment

Well, since our current solution for mapping printers is an ugly batch file, which needs to be put into Startup, I today poked at doing it in VBscript (I know, but it’s less ugly than the batch script, trust me).

As some of you know, printers are only applicable to users (as in you can’t put a startup script onto an OU, which is going to map the printers). So as we store users and the computes in different OU’s in our Active Directory (we do have about 15.000 students), I can’t apply the printer.vbs to the users OU directly either, unless I implement some intelligence into the script itself.

And that’s basically what I did. Since different pools at the university have different DNS suffixes (like pools.rz.barfoo.org, that our or pools.fmz.barfoo.org) and we only want them students to have our printers when they logon at our pool, I just made the script to get the DNS DomainName of the current active interface and compare it against a given pattern.

&#039; The problem is, if you apply something like this the users get the printers regardless whether they
&#039; are at our location or a different one. So we either need to look up the current AD object (this computer),
&#039; or just compare our current DNS suffix/DomainName against a known pattern.

&#039; Now, lets get the DomainName from the WMI-Interface
strComputer = &quot;.&quot;
Set objWMIService = GetObject(&quot;winmgmts:{impersonationLevel=impersonate}!\.rootcimv2&quot;)
Set colNicConfigs = objWMIService.ExecQuery (&quot;SELECT * FROM Win32_NetworkAdapterConfiguration WHERE IPEnabled = True&quot;)

For Each objNicConfig In colNicConfigs
strDNSDomain = objNicConfig.DNSDomain
Next

&#039; Apply some regexp foo, to see if we&#039;re at the computing center or not!
Dim regexp
Set regexp = New RegExp
regexp.Pattern = &quot;pools.rz.barfoo.org&quot;

if regexp.Test(strDNSDomain) Then
&#039;If so, then lets just connect the printers we need!
Set WshNetwork = CreateObject(&quot;WScript.Network&quot;)

WshNetwork.AddWindowsPrinterConnection &quot;\nas.barfoo.orgKyocera Mita FS-9100DN KX&quot;

&#039; Set the default printer to something useful
WshNetwork.SetDefaultPrinter &quot;\nas.barfoo.orgKyocera Mita FS-9100DN KX&quot;
End If

' The problem is, if you apply something like this the users get the printers regardless whether they

' are at our location or a different one. So we either need to look up the current AD object (this computer),

' or just compare our current DNS suffix/DomainName against a known pattern.

' Now, lets get the DomainName from the WMI-Interface

strComputer = "."

Set objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate}!\.rootcimv2")

Set colNicConfigs = objWMIService.ExecQuery ("SELECT * FROM Win32_NetworkAdapterConfiguration WHERE IPEnabled = True")

For Each objNicConfig In colNicConfigs

strDNSDomain = objNicConfig.DNSDomain

' Apply some regexp foo, to see if we're at the computing center or not!

Dim regexp

Set regexp = New RegExp

regexp.Pattern = "pools.rz.barfoo.org"

if regexp.Test(strDNSDomain) Then

'If so, then lets just connect the printers we need!

Set WshNetwork = CreateObject("WScript.Network")

WshNetwork.AddWindowsPrinterConnection "\nas.barfoo.orgKyocera Mita FS-9100DN KX"

' Set the default printer to something useful

WshNetwork.SetDefaultPrinter "\nas.barfoo.orgKyocera Mita FS-9100DN KX"

End If

Customizing Thin Clients

October 13, 2007June 21, 2013 Christian Leave a comment

As some of you know, the company I’m currently working for, recently acquired some thin clients to replace our old computers for the students to work on. Those PC’s are like P3 800 MHz with 512MB RAM and sadly don’t run Office 2007 anymore, so we replaced them with thin clients and are streaming those applications from a Windows Terminal Server cluster (created by and with 2X Application LoadBalancer).

So far so good, getting them to display the applications ain’t hard, the real hard part starts when you want additional things from this Windows XPe (Embedded), like lets say getting them to display a German language.

First thing is, the management software for those terminals (Wyse Device Manager or WDM) uses it’s own scripting language (with pseudo abbreviations like DF or MR – Delete File and Merge Registry – get it ?), which control the whole distribution of “packages“.

That ain’t necessarily a bad thing, it’s just an additional “language” you need to understand/learn. The initial threshold is rather low (it ain’t no C++ or C#) as it’s just a pseudo language, you just need to make sure you do things in a certain order (like use the auto login registry entry with a new administrator password *after* you changed the administrator password).

We had a lot of work at the beginning of the week (like getting all packages working), and I think we managed finishing all of them (besides some default icon foo, for which is plenty of time when them terminals are already in use).