twice in the last week i have needed to send a quick email from the command line. here’s how:
telnet 1.2.3.4 25 HELO domain.name MAIL FROM: test@domain.name RCPT TO: recepient@domain.name DATA Subject:subject line here this is the body of your email. . QUIT
note: there has to be a blank line under the subject line.
source: http://www.yuki-onna.co.uk/email/smtp.html
recently i spoke at a conference about a network upgrade i did at a previous job.
the upgrade was a very difficult, but rewarding process, and has become one of my favorite topics to speak about.
topics i covered included the basics/easy stuff:
all the way to the not so common or more complex:
here is the prezi from the talk:
every once in a while i run into an issue where i have some log file on a microsoft sql server that has not been properly configured and is taking up a hundred gigs.
and inevitably, i end up spending the next 20 minutes to find a proper example of how to truncate the logs. so, instead of searching again, i am posting it on my site ;)
WARNING: don’t do this unless you have backups or you really, really don’t want to roll your database back. your deleting transaction logs, so while it won’t hurt your working database, it will prevent you from rolling back to yesterday. ye be warned.
in this case, i am running these commands on a microsoft sql server 2005 install, but i would presume it to work on sql 2008 or 2012, although i haven’t tested it.
here is the code:
-- specify database and show database & log statistics USE dbname EXEC sp_helpfile -- truncate the log USE dbname GO BACKUP LOG dbname WITH TRUNCATE_ONLY GO DBCC SHRINKFILE (dbname_log, 1) GO DBCC SHRINKFILE (dbname_log, 1) GO --show statistics after truncating EXEC sp_helpfile
reference/disclaimer: this code is from http://www.sqlcleanup.com/2008/sql-2005-truncating-log-files-and-recovering-space/ and is not my work, i just can’t always find it in a pinch.
recently i was asked to implement a solution to mirror a massive amount of traffic (2-8Gbps of sustained traffic) to several different locations for further analysis.
after comparing gigamon, netoptics, and network critical, i opted for netoptics to fill the roll (because of time i could not do a proof of concept, so the evaluation through reading specs, talking to a few techs, and some googling).
i have spent time over the last few weeks configuring the netoptics and thought it would be worth sharing my experience for someone else’s benefit.
this is a quick and dirty how to for installing silverlight 4 (specifically 4.0.50917.0) in an enterprise environment.
we have run into a few situations where users are asking for silverlight (rather, they are trying to go to sites written with silverlight). we finally reached the tipping point and agreed that it was a business need to install it on our terminal server farm.
i said that i would take care of it, but much to my surprise microsoft doesn’t provide a MSI for GPO deployment (at least not in the way i was expecting it). it took me a few hours, but i found a good way to get this accomplished pretty quickly and thought i would share.
Continue reading »
recently, i was helping set up a sharepoint intranet site that would house several sites, things like a help desk ticket system, a knowledge base, and some org based group pages for collaboration.
for my part, i didn’t have to do much of the setup, but i did enable and force SSL for any connections made to the site. this brought up an interesting discussion question.
is there any point to force SSL on an intranet site that, by definition, is only used by people internal to the company?
before i get to the reasons for running or not running SSL on an intranet site, let me give a little more background of this specific install. Continue reading »
i am in the process of changing a server from using a self signed certificate to a wildcard certificate we got from godaddy.
like most things, once you do it once its a snap and takes no time at all, but the first time you have to figure it out, which can take a while (i blew an hour on this today).
simply put, i needed to create a certificate signing request (a CSR), private key, and then have godaddy give me back a public certificate and a CA certificate. the last step, and the one that took me a bit to figure out, was that windows (its a windows server i need the cert for) is expecting a certificate that has both the private key and public cert in one pretty package.
heres what i did:
to create the private key and cert via openssl:
1 | openssl req -new -newkey rsa:2048 -keyout private.key -out cert_request.csr |
note: you will be asked to provide a PEM pass phrase and a challenge password
i then uploaded my certificate request to godaddy, who then provided me with two things: a public certificate and intermediate certificate authority.
next, i combined the private key and the new certificate godaddy gave me into one file (order is important) and named it certificate.pem
lastly, i ran the following command to generate the p12 file windows wanted that included both the private key and certificate:
1 | openssl pkcs12 -export -in certificate.pem -out certificate.p12 |
thats it. you should now have a private key, certificate signing request, a intermediate CA certificate, a public certificate, and a windows certificate that has both the public and private key in it
reference: http://www.tfproject.org/tfp/tilted-technology/140412-how-export-ssl-certificate-linux-windows-iis.html
i am working on a script to reboot computers in the middle of the day (sounds crazy, i know). the criteria is that the machines have to not been rebooted in the past 72 hours. why? i have some laptop users that never reboot their machines, just dock and undock their machines (heck, they never even log out), so they are not getting some patches and/or software updates.
while i was working on the script (i plan on posting it when i get done), i ran into some weird results. after digging around a bit, i found out that the problem was that the script was using dns to query the computer with wmi, but was getting multiple results on the dns query. for example, it would look for “computer_01″, and our dns server would give back an ip for the machine. the problem was if you queried “computer_01″ again, you would get a second, different ip address.
so when i went to our dns server, sure enough, there was duplicate entries for the same computer. and a lot of them. obviously this was going to be something i would have to fix before my script would work. after googling a bit, i found out about dns scavenging.
more or less, dns scavenging looks at the age of the dns record and purges it if it hasn’t been used in over x days. i found a great guide and explanation located here:
http://blogs.technet.com/networking/archive/2008/03/19/don-t-be-afraid-of-dns-scavenging-just-be-patient.aspx
more or less, i did three things:
three questions came to my mind as i was reading about scavenging:
at this point, i have had it enabled a few weeks (again, be patient once you have enabled it) and things have been working great ad the scavenging has definately cleaned things up. for the record, i am running this on a ms windows server 2003 r2 dns server.
now, back to working on that reboot script ;)
one thing we noticed in our install of microsoft office 2007 on our terminal servers was initially the user names and company name were not set correctly.
this didn’t seem like that big of a deal to me at first, but then i saw the value of this user name. if multiple users have access to the same shared folder and two people are trying to access the same file, the second user trying to modify the file with be told that they can only have read-only access because its being used by “user name”. so, in our case, initially everyone’s user name was set to our administrators name.
obviously the user can call us and ask “who is editing the file?” and we can find out, but fixing this keeps us from getting one more call and easier on the user, so i wrote a script that would set it at login.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 | ' office_2007_set_username.vbs ' ' This script sets the username and company name correctly for Office products. ' Written because all users using Terminal Services version of office were showing ' the same user name, which made it hard to track down locks on files. ' Option Explicit Dim objShell, objNetwork Dim strUserName, strCompanyName Dim strNameRegKey, strCompanyRegKey Set objShell = CreateObject( "WScript.Shell" ) Set objNetwork = CreateObject("Wscript.Network") ' Set your user string and company name strUserName = objNetwork.UserName strCompanyName = "Your Company Name" ' Registry key locations for user name and company name strNameRegKey = "HKCU\Software\Microsoft\Office\Common\UserInfo\UserName" strCompanyRegKey = "HKCU\Software\Microsoft\Office\Common\UserInfo\CompanyName" On Error Resume Next ' If company name doesn't match the strCompanyName, change it If objShell.RegRead(strCompanyRegKey) <> strCompanyName Then objShell.RegWrite strCompanyRegKey, strCompanyName, "REG_SZ" End If ' If the user's name in office doesn't match their AD user name, change it If objShell.RegRead(strNameRegKey) <> strUserName Then objShell.RegWrite strNameRegKey, strUserName, "REG_SZ" End If |
since we did a network overhaul (defined in detail shortly) 2 years ago, we have had zero incidents of malware/virus’/badware on any machines that we know of (i know i will probably walk into bedlam tomorrow morning after saying that ;). after a recent mailing list conversation, i thought i would share some stuff we have done in detail to help anyone else going about the same process. here we go.
the 30 thousand foot view is this:
working motto’s: