My new bike!

Redline single speed cross frame with Sturmey Archer 3-speed internal gear hub. Thanks, Joe’s Cycles!

http://www.MicrosoftVirtualAcademy.com

I came across this site while looking for some Microsoft documentation. I’ve actually completed a couple of the modules (for SCCM 2012) this morning and it’s not bad, especially considering it is free!

Here’s the MS summary:

Microsoft Virtual Academy (MVA) is a free program delivering structured learning paths for IT Professionals on various Microsoft products and solutions.

Enroll in courses and take self-assessments. For every module you take and every self-assessment you complete, you will be awarded points. These points build up to levels and the higher the level you achieve, the more opportunities you have to participate in MVA offers.

It’s a boy!

Looking for a Network Engineer position in Indianapolis? Hit me up on twitter! (@bshaw)

I’m going to a new company at the beginning of May and would like to try to help find somebody good to take over for me. The listing just went active on Monster, but you may have better luck if you talk to me…

This position is responsible for installing, configuring and maintaining our infrastructure including physical and virtual servers, server clusters, load balancing equipment, switches, network appliances, storage devices, firewalls, etc.   This position also administers and maintains the company’s website infrastructure and server side applications. The candidate should have experience with MS Exchange 2010, MS SQL, IIS, and VMware vSphere.

Monster listing: http://jobview.monster.com/Network-Engineer-Job-Indianapolis-IN-US-109077755.aspx

I came across a situation the other day where I needed to use Cisco Native VLAN on a Wireless Access Point… not a big issue, except all of my switches are Brocade and don’t have a feature called ‘Native VLAN’.

After a little digging on the Brocade forums I came across a posting by MSchipp that solved my problem:

Cisco Native VLAN = Brocade Dual-mode port

From the Brocade documentation:

Dual-mode VLAN ports

Configuring a tagged port as a dual-mode port allows it to accept and transmit both tagged traffic and untagged traffic at the same time. A dual-mode port accepts and transmits frames belonging to VLANs configured for the port, as well as frames belonging to the default VLAN (that is, untagged traffic).

Configuration example:

FastIron(config)# vlan 20

FastIron(config-vlan-20)# tagged ethernet 2/11

FastIron(config-vlan-20)# tagged ethernet 2/9

FastIron(config-vlan-20)# interface ethernet 2/11

FastIron(config-if-e1000-2/11)# dual-mode

FastIron(config-if-e1000-2/11)# exit

If your default VLAN is the Brocade default of 1, then you can specify an alternate VLAN for untagged traffic when issueing the dual-mode command

FastIron(config-if-e1000-2/11)# dual-mode 10

More information can be found in the form post at http://community.brocade.com/thread/5246 (message #6), or in your Brocade documentation under the Dual-mode VLAN Ports heading.

Upgrading Windows Server editions - i.e. Standard to Enterprise - in the Windows 2003 days required running an upgrade from the installation media. There was nothing difficult about the process, but it was time consuming. Microsoft has made this task much easier in Windows Server 2008 R2 - a couple of commands and a reboot are all that’s necessary.

I’m guessing you already know the edition you’re running, but let’s list it anyway just to be sure:

> dism /online /get-currentedition

Now we want to list the available editions included in your installation:

> dism /online /get-targeteditions

Finally, we want to set the new edition:

> dism /online /set-edition:ServerEnterprise /productkey:XXXXX-XXXXX-XXXXX-XXXXX-XXXXX

After the edition has been changed, type Y to reboot the server into the upgraded edition.

From time to time I need to convert a dmg image to an iso so I can use it on non-mac systems.  There’s a simple command line one-liner to accomplish this:

$ hdiutil makehybrid -iso -joliet -o outputFile inputFile.dmg

To make up for my forgetfulness, I wanted to create something to do this for me when I need it. Paste this code into the AppleScript Editor, compile, and save it as an application. To use, just drag your dmg image and drop it on this script. You can even drag multiple images to have them all converted.

set filecount to 0

on open filelist

   repeat with i in filelist

      set filecount to 1

      set filename to do shell script ¬

         ”perl -e "print quotemeta (‘” & POSIX path of i & “’);"”

      do shell script “hdiutil makehybrid -iso -joliet -o ” & filename & ” ” & filename & “”

   end repeat

end open

if filecount < 1 then

   display dialog “This is a drag and drop application. Please drag the file(s) you wish to convert and drop them on the icon for this app.” buttons {“OK”} default button 1 with icon 2

end if

If you double-click the script (instead of drag/drop), it will pop up a reminder that it’s a drag and drop script.

Credit: This is adapted from a script by an anonymous poster at http://hints.macworld.com/article.php?story=20031027142625782

The best way I could think of to spend such a beautiful day. A very pleasant 23 mile ride. 48 degrees and sunny in Indianapolis in January? I could get used to this!

I’ve been working on implementing some tweaks for my environment in the vCheck (Daily Report) script by Alan Renouf over at http://www.virtu-al.net/featured-scripts/vcheck/.  Specifically, I’ve been modifying the script to send the report as an attachment to an email instead of the body of the email. I wouldn’t be wasting my time with this, but Microsoft decided to use Word as the HTML rendering engine in Outlook 2010 instead of a standards-compliant engine, so the report doesn’t display properly (See http://fixoutlook.org/ for more info on the Outlook issue).

There are a few comments on the vCheck homepage (including one by me back in April) on accomplishing this, but I’ve updated it quite a bit since then and wanted to get everything in one place.

First, set $SendEmail to $true:

# Use the following item to define if an email report should be sent once completed

$SendEmail = $true

Next, we have to modify the Send-SMTPmail function. The original script was configured to send the report as the body of the message, so we need to modify it to handle attachments.

Change the function to look like the following:

function Send-SMTPmail($to, $from, $subject, $smtpserver, $body, $attachment) {

   $mailer = new-object Net.Mail.SMTPclient($smtpserver)

   $msg = new-object Net.Mail.MailMessage($from,$to,$subject,$body)

   $msg.IsBodyHTML = $true $attachment = new-object Net.Mail.Attachment($attachment)

   $msg.attachments.add($attachment) $mailer.send($msg)

   $attachment.dispose()

}

Note: $attachment.dispose() is needed to release the lock on the attachment file after it has been sent. If you don’t include this, the code to remove the temp file will not succeed.

Now, we need to make some changes to the $DisplayToScreen if-block. Since I am changing the way it’s used, I changed the CustomOut text to reflect what it’s doing. I also commented out the check for a temp directory because we will use the PowerShell environment variable $Env:Temp to store the file in the user’s temp directory instead. Finally, I commented out the Invoke-Item line, because I don’t need the report to pop up in my browser. This section should like this:

#Uncomment the following lines to save the htm file in a central location

#If using this feature you should also uncomment the Remove-Item section below

if ($DisplayToScreen) {

   Write-CustomOut “..Saving HTML report temp file”

   # if (-not (test-path c:\tmp\)){

      # MD c:\tmp | Out-Null

   # }

   $Filename = “$Env:Temp" + $VIServer + “vCheck” + “_” + $Date.Day + $Date.Month + $Date.Year + “.htm”

   $MyReport | out-file -encoding ASCII -filepath $Filename

   #Invoke-Item $Filename

}

Now we need to modify the $SendEmail if-block to actually send the report as an attachment instead of the body. Change the block so it looks like the following:

if ($SendEmail) {

   Write-CustomOut “..Sending Email”

   Send-SMTPmail $EmailTo $EmailFrom “$VISRV vCheck Report” $SMTPSRV  “vCheck report for $VISRV is attached” $Filename

}

Finally, we will delete the temp file for the report. Add the following after the $SendEmail if-block:

#Uncomment the following line to delete the htm file created above

Write-CustomOut “..Deleting HTML report temp file”

Remove-Item -path $Filename

That should do the trick! You will now get the report as an email attachment without having to worry about all those pesky htm files from old reports filling your temp directory.

I plan to post a shortened version of this to the vCheck homepage comments when I have a couple minutes.

I recently setup a new reverse proxy for my Exchange 2010 OWA/ActiveSync environment using a Linux / Apache / ModSecurity box as a reverse proxy. I won’t dive into all of those specifics here, as there are plenty of other resources for that topic on web (I would recommend starting on Scott Lowe’s blog at http://blog.scottlowe.org/2005/12/03/protecting-owa-with-apache/).

The problem that I ran into, is that my reverse proxy machine has multiple network interfaces on multiple networks - the box is attached to two separate Internet circuits, and has interfaces in a management network as well as the DMZ. In this configuration, the box doesn’t know how to properly route all of the traffic, so you must configure static routes for each of the interfaces.

I found a good article from Darien Kindlund at http://kindlund.wordpress.com/2007/11/19/configuring-multiple-default-routes-in-linux/ that got me started, but I needed to tweak his configuration a bit to work properly in my environment. I recommend reading his article before you dig-in too far.

Let me start out with laying the foundation of my setup. - There are 2 physical interfaces and a sub interface as shown. I apologize for not using perfect /24 networks for this example, but the networks in my example are real-world examples that represent my setup. I figure that if you’re looking for this info, you may appreciate a real scenario. On a side note, if you need a CIDR calculator, I’ve found this one (http://www.subnet-calculator.com/cidr.php) to work well.

eth0 - IP 10.0.0.2 Mask 255.0.0.0 - Management network

eth1 - IP 172.16.1.2 Mask 255.255.255.248 - DMZ

eth1:1 - IP 172.16.1.10 Mask 255.255.255.248 - DMZ

Next, we use functionality of the iproute2 package to create new routing tables. We will create a new table for each of the interfaces and sub-interfaces - you can name them anything you want, I used the adapter identifier for easy correlation:

rproxy:~$ echo “1 eth0” » /etc/iproute2/rt_tables

rproxy:~$ echo “2 eth1” » /etc/iproute2/rt_tables

rproxy:~$ echo “3 eth1:1” » /etc/iproute2/rt_tables

Once the tables are created, we need to add the appropriate routes and routing rules - this is where my configuration start to vary, because I want my routes to persist through reboots or interface ups/downs. We will use post-up and post-down commands in the /etc/network/interfaces file to pass the appropriate ip route and ip rule commands as the interfaces are brought up or down. We will configure these for each interface:

eth0:

post-up ip route add 10.0.0.0/8 dev eth0 src 10.0.0.2 table eth0

post-up ip route add default via 10.0.0.1 dev eth0 table eth0

post-up ip rule add from 10.0.0.2/32 table eth0

post-up ip rule add to 10.0.0.2/32 table eth0

post-down ip rule delete from 10.0.0.2/32 table eth0

post-down ip rule delete to 10.0.0.2/32 table eth0

eth1:

post-up ip route add 172.16.1.0/29 dev eth1 src 172.16.1.2 table eth1

post-up ip route add default via 172.16.1.1 dev eth1 table eth1

post-up ip rule add from 172.16.1.2/32 table eth1

post-up ip rule add to 172.16.1.2/32 table eth1

post-down ip rule delete from 172.16.1.2/32 table eth1

post-down ip rule delete to 172.16.1.2/32 table eth1

eth1:1:

post-up ip route add 172.16.1.8/29 dev eth1 src 172.16.1.10 table eth1:1

post-up ip route add default via 172.16.1.9 dev eth1 table eth1:1

post-up ip rule add from 172.16.1.10/32 table eth1:1

post-up ip rule add to 172.16.1.10/32 table eth1:1

post-down ip rule delete from 172.16.1.10/32 table eth1:1

post-down ip rule delete to 172.16.1.10/32 table eth1:1

Finally, you can either reboot the machine or restart networking to make the changes take effect. All of the traffic to and from the specified IP addresses will route across the appropriate gateway and your server will work the way you’d hoped it would.

For reference, here is what the relevant portion of my /etc/network/interfaces file looks like under this configuration:

### The primary network interface

auto eth0

iface eth0 inet static

   address 10.0.0.2

   netmask 255.0.0.0

   network 10.0.0.0

   broadcast 10.255.255.255

   gateway 10.0.0.1

   ### Static Routing

   post-up ip route add 10.0.0.0/8 dev eth0 src 10.0.0.2 table eth0

   post-up ip route add default via 10.0.0.1 dev eth0 table eth0

   post-up ip rule add from 10.0.0.2/32 table eth0

   post-up ip rule add to 10.0.0.2/32 table eth0

   post-down ip rule delete from 10.0.0.2/32 table eth0

   post-down ip rule delete to 10.1.0.2/32 table eth0

### DMZ Interface

auto eth1

iface eth1 inet static

   address 172.16.1.2

   netmask 255.255.255.248

   #network 172.16.1.0

   #broadcast 172.16.1.7

   gateway 172.16.1.1

   ### Static Routing

   post-up ip route add 172.16.1.0/29 dev eth1 src 172.16.1.2 table eth1

   post-up ip route add default via 172.16.1.1 dev eth1 table eth1

   post-up ip rule add from 172.16.1.2/32 table eth1

   post-up ip rule add to 172.16.1.2/32 table eth1

   post-down ip rule delete from 172.16.1.2/32 table eth1

   post-down ip rule delete to 172.16.1.2/32 table eth1

### SubInterfaces

auto eth1:1

iface eth1:1 inet static

   address 172.16.1.10

   netmask 255.255.255.248

   #network 172.16.1.8

   #broadcast 172.16.1.15

   gateway 172.16.1.9

   ### Static Routing

   post-up ip route add 172.16.1.8/29 dev eth1 src 172.16.1.10 table eth1:1

   post-up ip route add default via 172.16.1.9 dev eth1 table eth1:1

   post-up ip rule add from 172.16.1.10/32 table eth1:1

   post-up ip rule add to 172.16.1.10/32 table eth1:1

   post-down ip rule delete from 172.16.1.10/32 table eth1:1

   post-down ip rule delete to 172.16.1.10/32 table eth1:1