Computers and servers seemed to update okay. I’m still tracking down a few boxes as I realized kerb isn’t working on them, but for the most part everything took it’s updates and everything else required the normal flip of the dst hour by hand (such as pbx’s).

OTOH, there’s this little tool we sometimes use in companies called exchange. This tool contains calendars, with appointments, which have times. These times, are affected by DST. So be it.

Fortunately for us, microsoft has PILES of documentation. DST Home base, KB 931836, 926666, 930879, 931667. They also revealed late in the already late process (many tools didn’t come out until Feb 2007) after some people had already prepared for this that it totally screws up resource mailboxes, which require another process.

Fine. The server patch and exchange patch when okay, but the calendar update tool? Take a close look at this kb article. How long does it take you to figure out the order of steps you should follow? The TOC is pretty useless and misleading.

I eventually figured out that “How to manually configure and run Msextmz.exe” is the “how to be an exchange hacker because we didn’t see this issue ever coming up”, also known as: “How to use some scripts to make tab delimited text files of all your DNs, matching up a load of timezones in a crapshoot fashion and hoping it all works out in the end.”

I instead used “How to run Msextmzcfg.exe” which is this little vb looking app that does some of the above work for you, dumping out a bunch of text files everywhere (mostly in a hostname folder, btw, use netbios names). I checked the “extract recurring meeting information” box even though it warns of the increased overhead. We have < 100 users. Be aware of the serious list of “things this shit does not do right” in this article:

“A time zone may be ambiguous”

Our tool often doesn’t do shit in PST

“There is a limit on the number of mailboxes that can be processed per server”

This can only do 65,535, obviously that’s because of a variable, but we’re parsing tens of thousands of DNs from a text file at this point, you’re already screwed.

“There may be conflicts with conference room assignments”

this shit totally screws up resource rooms, use a bunch of other utilities to fix this. i really only have one room that matters, so I just opened it up in outlook myself.

Unclear caveats:

1) you can’t install these tools on an exchange server, or even a machine that has the exchange management tools installed, which it considers and exchange server.
2) the tools tie into outlook, have outlook installed.
3) tzmove.exe which is needed, isn’t really referenced. I believe this is what actually ties into outlook and you download this separately. If when you run the batch script, which you’ve pointed to tzmove, you get an error 0x80004005, it’s because tzmove is an installer, not the real tzmove. Run the installer, cancel the program when it’s ready to do something, and then point the config file back at: “C:\Program Files\Microsoft Office\Office12\Office Outlook Time Zone Data Update Tool”.
4) the grant permissions script at the end of the file wasn’t interested in working for me. it just kept spewing out syntax until I realized it wanted an input file. check this out instead.
5) in case you didn’t notice, this doesn’t scale at all. Microsoft’s idea of scaling this small utility appears to be splitting up the work on a bunch of VMs on whatever hardware you have kicking around. VMs provided here. Note I thought this was a great laugh, and didn’t download it. Maybe you’re supposed to download it, and it isn’t just a joke.

Hopefully you’ve already lived through this, but if not, good luck. I’m still waiting for emails this morning asking what the hell I did to everyone’s calendars over the weekend.

I got edgy installed on my work desktop recently. I got beryl working on the regular x server with the nvidia binary drivers. I hear that feisty fawn is going to have the binary drivers in the default install to better support this sort of thing, but it was pretty easy. I used directions here that look like they also appear here but more cleaned up. I’m unsure of the performance impact of this route, but so far the only slowdown has been when running glxgears on the edge of a cube while keeping the cube rotated. I’m also running with twinview support, which I configured using the -twinview option for nvidia-xconfig, but I had to manually change the modes to get the resolution I wanted.

I wanted seamless rdp support and rdesktop 1.5 is in the feisty repository, but has not been backported to edgy.

I added the following to /etc/apt/sources.list:

deb-src http://us.archive.ubuntu.com/ubuntu/ feisty main restricted multiverse universe

Then:

sudo apt-get update
sudo apt-get source rdesktop
cd rdesktop-1.5.0
dpkg-buildpackage -rfakeroot

If you get an error about fakeroot, then you need to install that (sudo apt-get install fakeroot). There’s possibly a number of build dependencies that you’ll get an error for, mostly development stuff. I simply installed the packages recommended using apt-get.

There’ll be a .deb file now one level up the tree.

sudo dpkg -i ../rdesktop_1.5.0-1_i386.deb

fr recommended using prevu to modify the package version so that my install wouldn’t conflict with a future install. I skipped this step, as I’m generally a reckless individual.

i built a standard 2k3 install on a vm, turned on remote desktop, installed office, then unzipped the seamless rdp package from cendio. back on my workstation I ran:

rdesktop -A -s “c:\seamlessrdp\seamlessrdpshell.exe C:\Program Files\Microsoft Office\OFFICE11\outlook.exe” servername &

Outlook popped up and happily allowed me to setup my account. It doesn’t wobble well at all in beryl, but I just put it full screen on one desktop and never move it anyways and it’s moving okay. There’s some more notes available here on the process. I do worry that every application takes a ts session. This seems like some overhead. There’s a similar project here for windows that looks like it might handle this better, maybe something will show up in the future.

screen shot available here.

edit:
to make the beryl+rdesktop collaboration a little less annoying. I’ve wrapped rdesktop in Xnest based on the ideas here. I can now move the window around without the weird half-wobble and without every rollover causing a popup and subsequent burn of said popup.

#!/bin/bash
Xnest -ac -terminate -geometry 1280×1024+0+0 :4 &
DISPLAY=:4 rdesktop -u user -d domain -A -s “c:\seamlessrdp\seamlessrdpshell.exe C:\Program Files\Microsoft Office\OFFICE11\outlook.exe” host &

Note that -ac on Xnest may have security implications. I haven’t researched it as of this writing. I also pulled it IE and Outlook icons out of their .exe’s and dropped them into a pixmap folder, creating shortcuts on the gnome applet bar that connect to the wrapper scripts. This is pretty satisfying at this point. The Xnest window is the same size as my desktop, so the beryl seams make it a little larger. I moved it to the desktop it’s going to live on and maximize, which clears the excess seams.

hacknight was off to a slow start this week due to an excursion to thai go on broadway. once we got going there was a wide range of discussions, such as:

the trusty old horse thinkpad
MitM attacks against video surveillance systems with wrt’s
opening convenience stores
minipci options for soekri’ such as vga video
more eye-fi demonstrations
that we can use galan’s laptop camera to spy on eric
building cameras out of scanners

the meeting was adjourned with a discussion about creating a new front page on the swn website. there’s some chatter that perhaps the website is less than inviting. I realized after we left that we’re probably just scary looking, and nobody dares to disturb us. except maybe saucer dude.

I’m in the process of purchasing a data center UPS at work. Looking at an APC SmartUPS VT currently. I was looking at something larger from Liebert, but the vendor wanted $18k for the install, more than the cost of the hardware itself, and I have a hard time justifying $18k for what should be a couple days worth of work. In the process of all this, has been a lot of attention to power. I’m at a junction right now, I basically don’t have enough power for the UPS I’m looking at, but the UPS is larger than I need, as we plan on building a new data center in the not too distant future. This has lead me to an electrical code question. In the end, I’m probably going to have our electrical contractor do the work over a vendor, because despite not having the confidence of the vendors experience with their own equipment, electrical contractors generally have names, like John, or Bob, and I can chat with them for five minutes respect their work from the conversation. That and they do a good job without charging $4k/hr or whatever the vendor’s project costs come out to be. But yeah. I like small shops. If I can’t find someone with a first name to talk to who can spend ten minutes explaining the engineering of the situation to me, I’m not going to trust their judgement and I’m going to find someone else. Of course, I’m certainly not going to try to do it myself. I’ll worry about vendor inter-operable LACP, they can worry about harmonics. It’s what we both get paid for.

But still, I’ve been communicating with our electrical contractor and a couple vendors all along, but I’m not really satisfied until I understand the mechanics, or perhaps the electrics, of the situation. Tonight I posted my question on an electricians forum. It’s currently up for debate as to if I’m allowed to ask questions there, as they have a policy against answering “how-to” questions to avoid laymen killing themselves, doing illegal electrical work, etc. Hopefully they side with me. As I got thinking about their choice though, I realized how much I think about electricity. Sure, I’ve got all these outlets in the ceiling of my data center, all I really have to do is plug my PDU’s from my racks in and not worry about it, right? I’m IT, that’s facilities. Well, there’s no such thing as facilities in my company, and I previously come from even smaller companies where the concept of departments didn’t even exist, so I might be a semi-rare case here. But I think about electricity a lot. I wonder what the current and peak current of my racks and PDUs are, ensuring I’m not only not overloading a breaker, but evenly balanced across phases. Then when the UPS comes into the picture, I further get to worry about the load on the UPS, run times, etc. All this leads to spending a lot of time figuring out how 120V single phase power relates to 208V three phase power, the difference between KVA and KW for UPS sizing, and why the hell my datacenter was built with NEMA 5-20 plugs instead of something rugged and locking like an L5-30.

Maybe that’s why there are specialized vendors out there getting $18k for an install. But people I work for seem to want me to know whats going on, and more importantly, I don’t sleep at night if I don’t get it anyways. So, other admin folk, how does power affect your daily life (besides windpocalypse 2k6 and the fact that casey lives in the sticks)?

I went to move a db from a sql 2000 to a sql 2005 developer edition database yesterday. I detached the database from enterprise manager then attached it using the new do it all app whose name I forget right now. Next time I opened the configuration app I got an XML related error with the message “Object reference not set to an instance of an object”. Some searching on the net only found solutions related to visual studio. I noticed some recommendations to run “aspnet_regiis.exe -i” in the %windir%\Microsoft.NET\Framework\v2.0.50727 folder, but that didn’t do much. There were a ton of .NET results though. I checked windows update and saw that automatic updates hadn’t been installing because windows installer 3.1 wasn’t installed (this is a bad, bad thing), ran through updates which included a .net update, a reboot, and everything was fine again.

Hack night was hardcore last night as all feared the THE BLIZARD OF 2K6 (Or aught-six, as we’re planning on calling it when we’re old and crotchety.) The snow was actually pretty nice though and we shot the shit about a number of projects while enjoying the new line of beverages available with the move to online coffee.

I’ll be going to Primus tonight at the paramount and I’ve got an extra ticket if anyone’s interested. It was sold out but it looks like there’s a fresh batch of GA tickets released on ticketmaster today.

Blood Squad, an improv/sketch group that performs horror movies while you wait, are playing friday and saturday at 11pm at the odd duck studio at 1214 10th Ave (In the Madison / Pike / Broadway triangle). It’s 21+ show (grand illusion was byob) and when I saw them at the Grand Illusion they were awesome. It’s $7 with the password “Santa’s Balls”.

As my drama with Crystal Reports Server draws to a close, a couple notes. I installed and uninstalled this beast over TS a half dozen times this week. My problems centered around using SQL Server 2k5 Developer edition as the database for the CMS. During install there’s a check box to install MSDE or use an existing SQL Server. I’d leave this checked, and then specify the SQL Domain account, which had the sysadmin role on the SQL server. The install would complete without problem until I got an error about being able to log in to the CMS.

Upon reviewing events, the first thing of obvious note is failed logins to the SQL server from my domain account (Login failed for user ‘DOMAIN\user’. [CLIENT: x.x.x.x]). It makes sense that it would use my windows credentials to install the database during setup, as I’m already logged in, but it would be nice if it would install a service set to run with the provided credentials and startup, at least to let me know if it had problems with using the credentials. Anyways, the database WOULD get created (Starting up database ‘BOE11’.) and the CMS would start up (Central Management Server started) only to follow with two errors: “Cannot write key (DatabaseDriver) to registry.” and “The root server reported an error Initialization Failure.” The newly created database would be empty and the other CR services would fail with: “Failed to register with the CMS sylvanus. Please make sure the CMS is up and running. Attempting an automatic retry…”.

Forcing the CMS to start would usually appear successful but other services would not follow suit. The following error could be found in the event viewer: “Cannot connect to name server hostname(Transport error: unable to retrieve the CMS factory.) “

It appeared that the CMS was trying to read it’s config out of the database, but nothing was there. I tried mucking around with the access configuration a lot, failed to get any support out of Business Objects, and eventually just decided to install using SQL server authentication instead, which worked fine.

I did notice that Crystal Reports Server XI Release 2 was required for Visual Studio 2005 support, and I downloaded that as the “supported platforms” only listed SQL 2005 for this version and not for the initial release, but found no mention of this new support in the release notes so they may have just got around to updating the list. I did not try installing from this source and I’ve put this project behind me as it’s taken far too much time already.

Thanksgiving week looks like it might be dedicated to continuing the project from the last hack night. Ken’s SWN Node south of me on 26th looks like the closest node to my place. Alas, there’s trees and such in between, but we’ve been playing a little bit with some old 900mhz tech, The Arlan (of doom). The product line that lead up to the Cisco Aironet’s that still kick around today was a popular platform for barcode scanners and such inventory tracking devices.

Some ol’ chap named xam ended up with a bunch of the 900mhz models and hacked around with the firmware for a bit. His pages aren’t around anymore but you can hit them up via the archive. Ken and Matt picked up a pile of these and since the last hack night we own all of them in the world (We’ll sell them back to you at $250ea btw). Anyways, we bricked a 630-900 following xam’s instructions for downgrading (most of ours started at 4.2c although they had ‘shipped firmware 2.39 stickers’). Not trusting the downloaded firmware from the archive, a few connections were hit up and we found a couple other places from filename searches. We have since reamassed a collection of arlan firmware on the swn website.

After bricking a second (the downgraded firmware installs, but then reboots, prints “Decompressing the code”, and reboots again (GOTO 10)) we tried upgrading and successfully brought it up to the latest firmware. We weren’t really sure about all of the menu settings so we tried getting a fourth working and managed to swap some parts around from the bricked radios. The product is three boards: the motherboard, a radio board and an network interface board. There are Ethernet and Token ring network interfaces which appear to be swappable. Some of the radio boards are swappable, but there are two different connectors. The odd part is that the motherboards all seem to have traces for both connections. Some of the older 900mhz radios were large and used the larger connector but we had other 900mhz radios that had the smaller radio. We successfully swapped the 900mhz off a bricked arlan into a 630-2400 (2.4ghz) model that we had that was having complaints about it’s radio anyways. (this was the one model we had working at the time).

Another model had a write password (it all seems snmp based) and last I knew we had some brute force scripts running against it.

Power supplies are scarce but we have plans to build a few now that we know the pinouts and power levels. Hopefully next hacknight we can make a bridge and start plans to actually deploy these through some trees.

Ugh. So sharepoint is microsoft’s document revision control system. Basically a pretty web interface for a file share, with some really annoying management stuff thrown in where you can’t ever find it again.

A new user came to me today saying that he was having files dissappearing from sharepoint. I figured it was one of the foolish views that seem to like to filter things away. I had known you could hit the files via either a web browser or but using my network places as sort of a file share, which uses WebDAV (likely a proprietary extension, I’m not sure.) All this gets stored in a SQL database. So I go and poke around the SQL database and find a table called ‘Docs’ which contains a couple columns for the filename (leafnode) and the path (dirname I think). I search for the ‘hidden’ files and they aren’t there anymore.

I go and poke around on his laptop again and he’s mapped a network share (ie \\server\site) instead of the webdav address (http://server/site) to a drive letter to try to pull a list of the directory tree out. He’s putting links to all of the files in excel using the unc path and not the webdav path, but here’s the clincher. Whenever he opens documents using the unc path, when he closes them, the files get deleted from the server. DELETED. Can I emphasize that more?

I left him, with the understanding that unc paths with sharepoint are bad. He sent me this thread later. Basically, yeah, there’s a bug (kb 884050), where word deletes the real copy of the file thinking it’s the temporary file. Nice. But I hit the registry key (HKLM \ SOFTWARE \ Microsoft \ Office \ 11.0 \ Common \ ProductVersion) for his box (11.0.7969.0) and check it against a list. Office 2003 SP2. It’s supposed to be fixed. Maybe they forgot to fix it in Office SBE or something? I don’t know. Man… I’m not looking forward to restoring the sharepoint database and manually merging back the missing files.

(edit) I can’t reproduce it on my machine, mapping network drives using unc paths with and without drive letters and using word. I have the same version number in my registry, but word reports 11.8106.8107 . I haven’t checked his word version yet though. also that version number doesn’t appear in my registry.

While installing java on my ubuntu (edgyeftish) install I kept getting this error: “j2re1.4 failed to preconfigure, with exit status 10”. Eventually I found the solution had to do with the license.

The following fix worked: “echo set j2re1.4/license true | debconf-communicate” after which I ran “apt-get install -f” to fix it.

OCS Inventory is an open-source system inventory package that comes with agents for both linux machines and windows. I don’t have a significant inventory at my new job, and certainly didn’t want to go around with a pad of paper collecting information, so I’ve installed this on a debian VM (my first install of debian ever, btw).

There wasn’t a deb for it as far as I could find, so I compiled the source by hand. To meet dependencies I had tagged the box as a web server during the initial network install. You can find a list of packages to install here and here. I used the later list, a few of the packages were already installed but apt played nice.

Once installed, I put the windows agent on my workstation, but nothing really happened. I ran “Ocsinventory.exe /NP /server:servername /DEBUG” from the command prompt (/NP means don’t use the IE proxy) which creates a couple .log files. in my hostname.log I was getting a “ERROR: Http error: 500”. I checked the Apache2 error.log and found “… Column ‘NAME’ cannot be null at …” A little searching revealed a db design problem which required running the sql statement “ALTER TABLE softwares CHANGE NAME NAME VARCHAR(255) default NULL; ” to resolve. I could tell from the error how to fix it, but I didn’t realize it wasn’t a problem with my configuration. I guess it’s a common problem. As soon as I did this, things started working and my workstation showed up in the web interface, windows xp key and all.

This is certainly going to help inventory. Why create a table of computers and IP addresses manually when it can all be pushed into here? The software license benefits aside, this is going to save a lot of time.

After I deploy the agent on a few more workstations and test out the linux agent, I’ll start taking a look at installing GLPI and see what exact benefits I can get from teaming these two pieces of software.

I installed FF 2.0 last night when I rebuilt my box and I’ve been struggling with the new tab bar. First, the close tab button is not to the right of the bar where I keep expecting it. I’ve grown pretty accustomed to quickly managing my tabs the way it was setup and I keep finding my self searching for the tab close button which now exists on each individual tab.

Rather than trying to learn the new layout, I set out in search of the fix. The first big hit was a thread that deteriorated into a UI design war. Then I found this slashdot comment that gave me the basic idea:

open firefox
type ‘about:config’ into the address bar
scroll down to ‘browser.tabs.closeButtons’ and set this value to 3.

Supposedly,

0: active tab close button
1: all tabs close buttons
2: no tab close buttons
3: tab close on right (old firefox style)

But I couldn’t see a difference in 0 and 1, specifically, all my tabs didn’t get close buttons. Maybe I have too many open, this page about the browser.tabs.tabClipWidth setting would indicate as much is true.

You can tune some of these things from the options gui if you install the tabbed preferences addon. But I still haven’t found an option to disable the tab sliders. Maybe it’s time to look for a multi-row tab addon.

I’m rebuilding my windows box finally. It really hasn’t seen the light of day in a couple years, although I did some work on it back after someone spilled whiskey soda down the blow holes. The fans have been gone from the blow holes for a while and the video card had been a total loss. Otherwise it was the same. It’s been slow and swappy for a long time, and more recently would only stay running for a couple days before everything would start shitting the bed.

Well, with NWN2 out, I figured it was time to lose myself in an RPG. Especially one with sidequests. I went out to Computer Stop and bought a Seagate 250G 16MB Cache SATA2 drive so I didn’t have to reinstall on the 80G IDE I put in when I built the box to save some cash. I got an external usb adapter for the drive (i’ve got piles of these now) and a 1G Kingston ram pack. I had 512MB of Corsair XMS, and it was tough pulling it for some medium grade Kingston stuff, but I need the RAM and it’s not like this is the beast it once was. Nothings overclocked anymore either. Alas though, after driving to Circuit City and seeing Kenny from Strategy and then over to Best Buy, no NWN2. It’s all pre-sales copies. How stupid is the gaming industry? I’m sitting here looking at the list of games on Steam, recalling how as a delivery platform it’s such a great technology and hating atari for their box set release. On the other hand though, I found this Direct2Drive place and NWN2 is downloading on another machine while I rebuild the software installation here. It should be done when I get up tomorrow as long as I don’t tell Steam to start installing packages.

Today went along pretty slow at work. I wandered around Bellevue getting some hardware and spent the time up until Battlestar Galactica came on cleaning out the dust in my shuttle and coming up with a quick solution for the bad heatsink fan on my video card. I did end up turning the fan on the “ICE” unit (shuttles cute little radiator setup) to blow out the back of the cast instead of in. Without the blow hole fans I don’t think the benefit was worth it. I have the case off anyways though as I’ve got a 90mm fan sitting next to the cast acting as the fan for the video card. I’ll take a picture as soon as I figure out where I left the batteries.

We have a Mitel VoIP telephone system. It’s a 3310 ICP and uses proprietary everything. I guess some parts support SIP, but I haven’t really tried to screw it up yet. The phones boot up the boot code, DHCP,get the server from the dhcp options, then TFTP an image if needed and boot then boot the main code. The protocol is called MiNET and it’s supposedly encrypted. I have to assume they do the standard pki encrypted exchange of a session key, as there’s nothing in the happy web front ends about all of this.

However, the phones don’t work out of the box if you start taking them outside the network. The ICP has an internal IP address for starts. I don’t know anything about MiNET so I don’t know if it’s got the fatal SIP header flaw with NATs or the whatnot. but the magic key is this Mitel 6000 “MAS” box that runs the “teleworker solution”. If I put the phone in teleworker mode and give it the IP of this box, the phones work almost anywhere. The box runs linux, and I have a heard time telling from the outside what it really does. I thought about emailing the developer, but figured he wouldn’t appreciate a support request.

So I emailed our vendor. I got a couple of “well, it makes the phones work outside the network responses” and then finally talked to someone today, but they weren’t very impressed that they had to call me when I didn’t really have a problem. So I asked why I needed the teleworker solution and the first explanation was that the ICP had a private address and had no provision for another address.

“So the teleworker solution just does NAT?”
“Yeah.”
“Really? That’s kind of a big box.” (it’s a mid-tower case)
“Physically or performance wise.”
“Well, both, but I meant performance.”
“Well it has specific requirements, it does compression.”

I get into a conversation about transcoding and imply that now it’s not a NAT box, it’s a proxy. The conversation stars going down hill. I explained I just wanted to know because I had a couple wierd problems that I couldn’t troubleshoot, having to assume that the phone, teleworker, and voip pbx were simply magic. He then “let me know” how to configure the phone to use the teleworker. I explained I got that and he stops and says, “So what can I help you with?”. “Well then. I guess we’re all set.”

I hate technology people that aren’t geeks. I’m sure imaging the box, clearing the root pw and playing around is “reverse engineering” and I lose my warranty or ‘support’ at best, or get sent to a prision in russia somewhere that doesn’t exist at worst.

My only question left. It’s not just using MAC Authentication, right? I mean, I know it’s closed source and all that, but… That developer guy looks smarter than that. I’ll ponder that possibly giant security gap for a while.

Unfortunately it’s going to rain tomorrow. I love the national weather service, particularly the forecast discussions. While normal weather sites normally say that it’s going to rain every day of the week in Seattle, the NWS is willing to take a good eduguesstimate at when it will actually rain. And they’ve got a nice way of putting things that doesn’t feel like it came out of a Made for TV can; i.e. “TRYING TO TIME INDIVIDUAL FEATURES FRIDAY AND SATURDAY LOOKS FUTILE. THE BOTTOM LINE IS IT WILL BE WET.”

In the end, its too bad it’s going to rain. The city put a giant sticker on my windshield that says, basically, I don’t drive my truck enough and using my motorcycle to save the environment is bad. Well, I knew they thought that, based on the lack of motorcycle parking in the city. But seriously for a moment, I have this half irremovable sticker that says I haven’t driven my truck enough and it’s in violation of the 72-hour rule. It’s dated yesterday at 11am. I seem to recall that I drove my truck all over the town sunday night. I guess they missed that part. Anyways, I printed out some big signs to put on the dash in case they can’t count again, but it also looks like it’s going to rain for the next few days. Lacking a rainproof motorcycle suit, looks like I’ll be trucking it for a few days.