Just came across this post on one of the forums about new features coming to vSphere 5.5. It is not an official release but more of a highlights by someone participating in beta testing. I’ve just formated this info:
I just came across the following question on Linkedin in group called “IT Core Infrastructure”:
Active Directory Restored from Virtual Machine Clone not authenticating
We are running Active Directory and DNS Server on the Same Windows Server 2008 R2 as Virtual Machine on vSphere 5 Platform. Since it is for College environment every
month we have to delete or create 1000 users. Recently iSCSI based Storage which is used to store the Virtual Machines (Includes Active Directory VM also) is
corrupted. Then we have restored the Active Directory Server from the Clone image (of Active Directory) which was taken in Dec 2012. But now all the client machines
are unable to authenticate through Active Directory. If we rejoin the client machines to Active Directory, then the authentication successful. But in this way we have
to rejoin the 5000 Client machines which will take more than 10 days to complete.
1) Is there any alternative solutions to make Client machines authenticated through Active Directory without rejoining to domain?
2) Why there is a change in a client machines behavior even after restoring the Clone of the existing Active Directory VM?
One DC with all FSMO roles? Latest backup is over 1 year old? I am honestly lost for words. If you would like to find out answer to his second question read on…
The following script will demonstrate how to create configuration file for an application via VB script. We are currently running it as a login script. It’s very simple but does the job 100%. It grabs environmental variables and then generates individual config file for each computer. In my example we care about hostname and system architecture.
There are a lot of great articles which demonstrate how to use Local Update Publisher (LUP), yest there is a huge confusion on how to push software and updates. In my post I will be using Adobe Reader XI as an example. Adobe distributes it major version upgrades, for example Adobe Reader X 10.0.0 as an msi Windows installer package. Next versions 10.0.1 can be downloaded as msi again or as a Windows installer patch file .mst.
We can always push full .msi files for each subversion upgrade, but this wouldn’t be efficient. You clients will be forced to download more data, use more processing power… efficiency is a key.
First, we want to create our base product in LUP: msi file for Adobe Reader XI. I am not going to describe it as there are plenty of examples available on how to deploy msi package using LUP. Do not forget to use Adobe Customization wizard to tailor msi for your needs.
This script will help automating some help desk tasks. For example in my current environment we put user’s name in the “Description” field. When user calls in helpdesk for a support, we need to connect to their machine. In a huge network with dynamic IPs it’s hard to maintain the list of what computer this user is using. This when you can query AD to pull required information. This script will help with the following tasks:
– query AD to pull description field for given computer account
– query all computer accounts to get list of computer, which contain requested user name
– query domain controllers and pull last connection date to AD. It uses LastLogon date, which is not replicated across all Domein Controllers. You would have to query all DCs and get the most resent once. In my example I query only two, as those are the only one used.
Script Continue reading
Here’s a sample script which shows how to work with XML files in Powershell and much more.
Logic of this script:
Check if folder has more than 2 files
If it finds more than 2 files send email via function SendMail()
Next read first XML file
if it finds multiple fields under Envelope.Body.repairorders, use array for each object. Next it replaces characters in this XML object using regex and save it.
if it finds single field under Envelope.Body.repairorders, do not use array as Powershell fails to recognize XML array object 0 in such cases, thus i had to make this extra step. It does the same magic.
Script Continue reading
Have you ever wondered how big is the routing table of core internet routers? Well I was! So upon my research I found one of the best connected APNIC’s routers at DIX-IE in Tokyo, Japan.
You can view BGP routing table of this router here:
BGP Routing Table Analysis
I find it funny where people believe Macs are “safe” because they don’t get infected. Last night, owner of the sauna where I go every Wednesday was a proof of that. She had a strong opinion against Windows and was telling me how she thinks everyone should use Apple computers with Mac OS.
Firstly, Mac is not designed for a corporate world and without tools like Active Directory alone is next to unimaginable to be found in any serious IT infrastructure, but that’s a different story.
Few days ago all over the news you could see how Russian security firm discovered botnet with over 500,000 infected computers. Lets take a look at the simple proportion:
Statcounter.com reports the following stats for the last 12 month (March 2011 to March 2012):
Mac OS (any version): 6.76%
Windows (any version): 90.65%
As you can see there is a significant gap in popularity.
Lets look at the largest botnets in history:
Windows: Google search reports Mega-D botnet to have 500,000 but this is small because I know there were attacks that delivered 100Gbps, there were several servers with fat pipes. 100Gbps is something that brings huge websites like facebook, fbi, nasa you name it, well upstream carries will be feeling the “heat”. Anyway, I know some botnets had 800,000 zombies.
Mac: Trojan-Downloader.OSX.Flashfake.ab – 600,000 unique infected hosts.
Lets skip the math as difference is visible by itself and you should be the judge.
Lets look at another side of the stick: “bad” guys infecting computers. Nowadays every virus attack has financial motive. Making a virus requires extensive knowledge, time and resources and all these things cost money. Any business model tries to achieve only maximum return on the investment.
Thus it is obvious that there will be more viruses for Windows platforms.
Finally some pills for Mac people:
Kaspersky lab created a “honeypot” for infected Macs so now you can check if your computer is a zombie. Go to the flashbackcheck.com and just follow instructions.
Also you can download free utility here that will check for infection and remove it after.
Great document from Cisco that shows relationship between SNMP and show command counters on Cisco IOS devices.
One of our clients required to connect all of its client via VPN tunnel. Obviously, to have the highest comparability with customer’s end devices I chose IPSec. To improve security as well as have the lowest impact to the clients in case we had to make some changes we had the following requirement. All traffic originating from us inside IPSec tunnel had to be NATed as well as clients had to NAT all of their traffic. We used Vyatta as our VPN concentrator. I had little experience with Vyatta and found there is a luck of documentation. This document assumes you have basic knowledge of NAT and IPSec configuration of Vyatta.