Tuesday, April 5, 2016

Fedora 23 Broken Grub - Boot to Grub Prompt

So today I swapped laptops from a Lenovo W510 with an HP Elitebook 8570p as a test with a Fedora  23 install.

Now for safeties sake I did image the drive with Clonezilla first to a local USB drive for safe keeping.  Then I swapped the drives and booted up.  Boot came directly to the grub prompt.

After multiple Googling's I decided to try the SuperGrubDisk2 iso..  So I booted it up and it found all the entries in my grub.cfg file.  Being relatively new to this level of troubleshooting Linux I decided to have it boot me into my correct kernel.  Once logged in I verified it was indeed the correct kernel (which it was) so then from a terminal I ran the following:


sudo grub2-install /dev/sda

Which completed without error.  Then,

sudo grub2-mkconfig -o /boot/grub2/grub.cfg

Then rebooted.  VIOLA! It works correctly now. And I must say a helluva lot easier and less painful than switching boot drives in Windows.

Monday, April 4, 2016

Virtualizing Multi-WAN pFSense on ESXi 5.5

So in an effort to both over-complicate my hose network setup and introduce a platform to test alternative Firewall distros over this past week end I stood up an ESXi 5.5. box.  It's running on a Dell Optiplex 790:

Core I5-2400 3.1ghz - 8gb ram - 128gb generic SSD - 3 x Intel nics, 1 x Broadcom nic.


I have 3 x 3mb ATT 'Uverse' circuits, I had to opt for ATT Business in order to get those.  Which is not a bad thing.  I signed no contract so I can leave whenever I want.  And I pay no more than a residential customer.

Anyway  here's a cool diagram of my new found setup.






















The nics I wound up using were all pcie.. the single Broadcom, a single Intel then a dual headed Intel.

I gave the pF vm 2gb of ram, and a 9gb virtual hard disk.. it's load is light and even those resources are at least twice what any pF appliance will have.  Now the ESXi install is actually running of a 4gb class 10 micro SD card in a micro SD to USB adapter.  The generic 128gb SSD is only used for the Datastore.

Tuesday, March 29, 2016

Linux: A new career goal.

So here lately I've been anxious about the future, for whatever reason.  Windows admins are a dime a dozen and have been for years now.  The only other way to go IMO is Linux.

I'm not a complete nooblet, I've stood up random linux servers in the past.. toyed with various distros when I got bored with Windows. But never aimed for a full on Linux Systems Administrator until now.


So in googling for linux training you get inundated right off the bat.  So I went for the tried and true.. Red Hat.  RHEL training is expensive to be sure, but it's recognized and carries weight.  Then I stumbled across Linux Academy.  LA has decent reviews on Reddit and other various places.  On the other hand die hards don't seem to care for it.  But at $24 per month with access to all of their wares which include Linux Foundation, Red Hat, Amazon AWS, etc it's too cheap to be ignored.

So I decided to go for that initially, at least test the waters for a month.  I started in the Linux Foundation Certified Systems Administrator (LFCSA v2.16) track.  I seems to be almost entirely video based, with a few exercises tossed in. Honestly I don;t know how I feel about that right now.. but I'll keep going.


Also recently I've been spending a lot of time in #systemadmins.  The guys in there are what really spurned me onto linux training.  A dude in that channel wrote up this in response to a question on Reddit:

https://www.reddit.com/r/linuxadmin/comments/2s924h/how_did_you_get_your_start/cnnw1ma


So while also running through this LFCSA course I'm also building the environment he outlines.


eDX is offering the Linux Foundation Intro to Linux course for free too:

https://www.edx.org/course?search_query=linux

https://linuxacademy.com/

Friday, March 18, 2016

Deploying Office 2016 (Not Click to Run) via GPO and Batch

So recently I was tasked with upgrading an entire department, and soon to be later the rest of the company from 2013 to 2016 Office Pro.  Following the old time SysAdmins mantra: Least amount of administrative overhead as possible I'm gonna push deploy it.

At first I was going to try MDT 2012, which was a no go.  I created a package but spent a day watching LiteTouch.vbs say it ran but nothing ever happening.  Since Im on a time crunch I dropped MDT like a hot potato.

Second was a product we used to deploy Java called PDQDeploy by Admin Arsenal. This app was the total bomb on pushing out Java to our entire org last month.  Worked like a champ!  However much like MDT I spent too much time troubleshooting why it was not working.  I created a package and a task sequence but it'd sit there until the timeout saying Step 1 was running but nothing ever happened.  Running the batch file manually worked though.

Next was GPO.  An old time favorite.  Although since there's no main MSI to cover the entire application you cannot Assign or Publish it via GPO but I discovered a batch file that was designed by MSFT for Office 2010 that with a few modifications, worked nicely for 2016.

setlocal

REM *********************************************************************
REM Environment customization begins here. Modify variables below.
REM *********************************************************************

REM Get ProductName from the Office product's core Setup.xml file, and then add "office16." as a prefix. 
set ProductName=Office16.PROPLUS

REM Set DeployServer to a network-accessible location containing the Office source files.
set DeployServer=\\netapp\mis\software\microsoft\office_2016\32

REM Set ConfigFile to the configuration file to be used for deployment (required)
set ConfigFile=\\netapp\mis\software\microsoft\office_2016\32\ProPlus.WW\config.xml

REM Set LogLocation to a central directory to collect log files.
set LogLocation=\\netapp\mis\software\microsoft\office_2016\LogFiles

REM *********************************************************************
REM Deployment code begins here. Do not modify anything below this line.
REM *********************************************************************

IF NOT "%ProgramFiles(x86)%"=="" (goto ARP64) else (goto ARP86)

REM Operating system is X64. Check for 32 bit Office in emulated Wow6432 uninstall key
:ARP64
reg query HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\Microsoft\Windows\CurrentVersion\Uninstall\%ProductName%
if NOT %errorlevel%==1 (goto End)

REM Check for 32 and 64 bit versions of Office 2010 in regular uninstall key.(Office 64bit would also appear here on a 64bit OS) 
:ARP86
reg query HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\%ProductName%
if %errorlevel%==1 (goto DeployOffice) else (goto End)

REM If 1 returned, the product was not found. Run setup here.
:DeployOffice
start /wait %DeployServer%\setup.exe /config %ConfigFile%
echo %date% %time% Setup ended with error code %errorlevel%. >> %LogLocation%\%computername%.txt

REM If 0 or other was returned, the product was found or another error occurred. Do nothing.
:End

Endlocal

Calling this batch as a logon script worked VERY well.  However how do I get it to use my custom MSP?

Resolution: Place teh .MSP file in the Updates folder. BOOM!

Installer runs, and due to my MSP the user cannot cancel or change the installation options at all.  Now since this is a Logon script it is called again later when they logon.. however since it writes that ProductName=OFFICE16.ProPlus to the registry.. then upon rerun checks for that entries existence and when found, does not call the installer.

Awesome.

Wednesday, February 24, 2016

DHCP Leases Being Eaten - Cont...

So for the past week and a half I've had a very weird issue occurring where randomly all teh available DHCP leases in certain scopes would be eaten by *BAD_ADDRESS* followed by an invalid, 9 character MAC.

I explained how I thought I determined one of the culprits here: http://chronicgeekage.blogspot.com/2016/02/dhcp-leases-determine-what-device-is.html However it turns out this phone was not the issue.. it was actually a Lexmark printer.  I have no viewed the config yet but yesterday I discovered it after putting that unit back online.

sh cdp nei on my core switch revealed that the printer had somehow formed a routing loop.


sh cdp nei
sw4506
                 Gig 6/38          123             R S I  WS-C4506  Gig 2/26
sw4506
                 Gig 2/26          132             R S I  WS-C4506  Gig 6/38

Interface 6/38 was that printer.. forcing a shutdown then refreshing the DHCP leases page revealed my suspicions to be correct.