Category Archives: Life in Computers

RealVNC

I have used RealVNC in our organization for many years and the other day I was kind of bored and decided to make an app that would tell me which PC’s had it installed and was it listening for the viewer.

My situation is this: User calls or sends in support request, I open up a log file looking for the users IP or machine name, enter it in the vnc viewer and try to connect. I wanted a faster, easier way to do this with less steps.

For this I would read in the log files for the user logons, then test each PC the user was last logged onto to see if it had vnc listening on port 5900. Easy enough.

For those interested first you will need to setup a logon script, here is mine:

I have this script along with the logoff script in the DC NETLOGON share.

In Group Policy I use the User Configuration\Policies\Windows Settings\Scripts\Logon and logoff settings to specify my script location. Now each time the user logs off and on it makes an entry in their corresponding log.

Here is the logoff script, its the same except “logon” is replaced with “logoff”:

So that gives me the file I need for the next step which is loading the list with the following:

This function calls GetUsers to load the list of users that we currently have log files for and then if we are checking for a vnc connection call TestSelectedPort and set the image for the list view item appropriately.

Here is the project zipped for you with all the code.

Remote Project

Once the application is run you are first presented with a static list of the users PC’s. Depending on what view you choose it will either be a picture of a pc with machine name of if you choose details then you will see a list showing the user, pc name, last logon and the ip.

I blocked out the username for security reasons, but you get the idea.

If we click the Check VNC button this is what you end with showing which PC’s are up and running VNC.

Go ahead and download the file and give it a try.

Those pesky passwords

“The security expert who wrote widely accepted advice in 2003 about online passwords—use special characters and change the passwords regularly—now acknowledges that he misfired. “Much of what I did I now regret,” Bill Burr, who is 72 and retired from the National Institute of Standards and Technology, tells the Wall Street Journal.”

To those not in the know, this isn’t really anything new to us in the technology world. What makes this news is that the man who created our current “standard” is now admitting he got it wrong.

For years many security experts suggested using pass “phrases” instead of some weird conglomeration of upper case, lower case, number and special characters.

Take this for example, let’s say your password was soemthing like DMichael96, according to https://howsecureismypassword.net/ it would only take 8 months to crack that one wide open. But if we used “themanonthemooniswalkingoncheese” it would take 2 octillion years. That’s right, a 2 with 27 zeros after it or 10 to the 27th power.
Besides remembering a phrase like that is much easier to remember than some convoluted password like “5J4kRZqPYT5x”

Now we just have to wait for developers to change the way we log in. As it stands many websites limit the number of characters you may enter for a password. I even have one system where the OS allows you to set the password length to what you want but the field where you enter your password only allows for 8 characters. Weird.

In the meantime I recommend you don’t use your kids initials and their birth date or your dogs name, instead use strong passwords and a password manager to help you manage all of these passwords. I personally use LastPass. I have hundreds of passwords, there is no way I could remember them all.

Using a password manager helps you with using a different password with each site you log on to. This makes your online life much more secure. Most people don’t think much about it but if you use the same password and a hacker hacks that book of the month club you belong to, they now can, quite quickly attempt to log into every bank and credit card company in the world and get into your account.

Visit https://howsecureismypassword.net/ to test your password. You will be surprised by the results.

Sharing printers with Group Policy




I recently had the need to move all of my managed printers from one server to another. I did the normal export printers from the old server and import on the new. Nothing to note except I had one printer that wouldn’t come over. Not sure why, but I figured no big deal I would just recreate it on the new box.

After some testing I changed everyone over to the new printer GP’s. No complaints except from the Org Unit whose printer would not come over. Even though I reinstalled, created and applied the GP it would not work for nothing. I ran the usual tools, RSOP, GPRESULT nothing showed any errors. Ran the modeling wizard in GP management on the Org and got a cryptic error on the Computer and User Component Status about the deployed printers connection. Basically just said there were many errors and to look at the Application Event Log on the domains I ran the model on. Checked both DC’s and there were NO errors. Thanks MS what a big help.

It wasn’t until I ran across an article while troubleshooting about GP Preferences. I stated playing with this and got to the Printer preferences. I went to add the offending printer but discovered it wasn’t listed in Active Directory. Ah Ha!

When back to my Print Server right clicked the printer to “List in Directory” but the option wasn’t there. Say whaaaat? Huh?

I uninstalled and re-installed the printer, but I never got the option to “List in Directory”. Did not make sense as there were many other printers, same model, make, etc and they had the option.

Then it dawned on me… What a dumb ass.

Uninstalled printer, re-installed but this time did NOT uncheck “Share”. The rest… well is history.

Resetting User Passwords in Active Directory

So after 20 years of resetting users Windows passwords I decided I would code a small application that would be easier to use to handle this task. Yes I know there are a myriad of programs out there that will let users reset their own passwords. The problem is they cost money, usually on a per user basis. Why buy the cow when the milk is free? Thus ResetPWD was born. The application shows you a few different techniques that you may find interesting. The first is cryptography. I use this to safely store passwords on the hard drive. The other technique is for saving window positions when dealing with multiple screens. Lastly deals with Active Directory, resetting user passwords and making it so they have to change their password at the next log in. Most of the code is cobbled together from bits and pieces I found online. As always use it at your own risk, there are no warranties for fit or particular purpose and if you screw something up, it’s your fault, not mine.
When you first run the program, it will present you with a settings dialog box.
Capture-Settings

LDAP: This is the LDAP connection string you need to connect to AD and reset their password
Example: LDAP://EarthWindFire:389/DC=SomeDomain, DC=com
Domain: The fully qualified domain name of… your domain.
Username: The account you will use that has the privileges to change user passwords
Password: The password for the aforementioned account.
At the suggestion of someone online I actually just created an account for this purpose.
Once you have all that set, click the okay button and you are ready to change passwords.
The main window has two areas, the first is the text area where you will type in a username for which you want to change the password.
The second textbox is the password it will be set to. Now here I always reset a password to the same password. The users know it and its simple for them to remember. You can set it to whatever you want.

Capture-Main
Using this app is easy. Once its setup all you have to do is start the app up, enter the username you want to change passwords for and hit the enter key. If it’s successful, it will tell you and in 3 seconds close automatically.
I also made it so if you press the escape key the app closes. I did this so if accidentally open the app I can easily close it without having to mouse over to it.
Source code is zipped up here. You will need Visual Studio 2015 and .NET 4.6

Monitoring Files with OpsView

I have to say that I am somewhat addicted to OpsView at this point. With that said, I decided to move to the next phase. I wanted to start monitoring my backup files. Not the ones from BackupExec but backup SQL, Switch Configurations, Phone Configurations, etc. Each month I burn all of these files to DVD for safekeeping. However everyday these files are automatically generated in one way or another and it would be nice to know each day that its actually working. This is where OpsView comes in… again.

So I started looking for a plug in and found a few but none really fit the bill. One even required you to store user name and password in a plain text file. Not too secure.

Wondering what it would take to write my own plugin I decided to simply create a Win Console App in Visual Studio. I wasn’t too sure it would be that simple but viola it was. I will attach the code file below.

The application is pretty simple. It takes a few parameters on the command line, checking the monitored files age and size, returns a OK, WARNING, CRITICAL or UNKNOWN for Opsview to react on.

Let’s take a look at the code: This part is simply the main where the argument list is processed then everything is passed to the worker function.


Imports System.IO
Module Module1

'Declare some needed constants
Public Const OK = 0
Public Const WARNING = 1
Public Const CRITICAL = 2
Public Const UNKNOWN = 3

'Main function to application
Sub Main(args() As String)

'Get the list of arguments passed to the application
Dim arguments As String() = Environment.GetCommandLineArgs()

'Declare some variables
Dim sArg As String = ""
Dim szPath As String = ""

'Set these to default values
'Process all files
Dim szFileName As String = "*.*"

'Set the default age to one minute
Dim iFileAge As Integer = 1

'Set the default size to one byte
Dim iFileSize As Integer = 1

'Construct the Help string, so if user runs form the command line they can get the proer use of the application
Dim sUsuage As String = "" & vbCrLf & vbCrLf & "FileAge -p [-f ] [-a ] [-w ]" & vbCrLf & vbCrLf
sUsuage = sUsuage & " -p Valid Path to Files you want to check" & vbCrLf
sUsuage = sUsuage & " -f Name of File or FileSpec (*.*, *.TMP,etc.) Optional, defaults to *.*" & vbCrLf
sUsuage = sUsuage & " -a Maximum Age of File in Minutes, optional, defaults to 1 minute" & vbCrLf
sUsuage = sUsuage & " -p Size of File in bytes, optional, defaults to 1 byte" & vbCrLf & vbCrLf

'now for each of the arguments
'As this process the string array one at a time, the first step is to find what option is coming, then process it accordingly
For Each iArg As String In arguments

'This is done after a proper option is found
Select Case sArg
Case "F" 'Filename or file pattern
szFileName = iArg

Case "P" 'Path to the files
szPath = iArg
If Not Directory.Exists(szPath) Then
Environment.ExitCode = CRITICAL
Console.WriteLine("Specified Path does not exist: " & szPath)
Exit Sub
End If

Case "S" ' Size of file in bytes
iFileSize = iArg
If iFileSize < 1 Then Environment.ExitCode = CRITICAL Console.WriteLine("File Size must be at least one byte: " & iFileSize) Exit Sub End If Case "A" ' Age of file in minutes iFileAge = iArg If iFileAge < 1 Then Environment.ExitCode = CRITICAL Console.WriteLine("File Age must be at least one minute" & iFileAge) Exit Sub End If Case "H" 'Display help szPath = iArg If Not Directory.Exists(szPath) Then Environment.ExitCode = OK Console.WriteLine(sUsuage) Exit Sub End If End Select 'Blank out the argument sArg = "" 'Filename or patern If iArg = "-f" Or iArg = "-F" Then sArg = "F" End If 'Path to files If iArg = "-p" Or iArg = "-P" Then sArg = "P" End If 'Age of file in minutes If iArg = "-a" Or iArg = "-A" Then sArg = "A" End If 'Size of file in bytes If iArg = "-s" Or iArg = "-S" Then sArg = "S" End If 'Display help If iArg = "?" Or iArg = "-h" Or iArg = "-H" Then sArg = "H" End If Next 'Once we have completed the argument processing we are ready to check the files 'upon returning we will have a proper status and message for OpsView Console.WriteLine(CheckFileTime(szPath, szFileName, iFileAge, iFileSize)) End Sub

Now let's look at the worker function:


'''

''' Determines if the file falls within the specified size and age
'''

''' Age of File
'''
Function CheckFileTime(szPath As String, szFileName As String, iFileAge As Integer, iFileSize As Integer) As String

'Set up some defaults
Dim fSize As Integer = 1
Dim iMinutes As Integer = 0

'get the directory
Dim di As New IO.DirectoryInfo(szPath)

'get the filenames in the directory
Dim diar1 As IO.FileInfo() = di.GetFiles(szFileName)

'declare a fileinfo variable
Dim dra As IO.FileInfo

'If there are no files then there is nothing to do
'return with the appropriate message
If diar1.Count < 1 Then Environment.ExitCode = CRITICAL Console.WriteLine(vbCrLf & "CRITICAL - No files found" & vbCrLf) Return "" End If 'list the names of all files in the specified directory For Each dra In diar1 'if the file is less than the size specified set the variable to that size for later processing If dra.Length < iFileSize Then fSize = dra.Length 'Get the age of the file in minutes iMinutes = DateDiff("n", dra.LastAccessTime, Now) 'and if the age is greater than what was specified we go ahead and quit the function 'returning with the appropriate message If iMinutes > iFileAge Then
Dim i As Integer = ((iMinutes / 60) / 24)
Dim j As Integer = ((iFileAge / 60) / 24)
Environment.ExitCode = CRITICAL
Console.WriteLine(vbCrLf & "File " & i & " days old. Specified file age: " & j)
Return ""
End If

Next

'If we got this far then the age is not a problem, but lets see if size is... size matters...
If fSize < iFileSize Then Environment.ExitCode = CRITICAL Console.WriteLine(vbCrLf & "File size: " & fSize & " Specified file size: " & iFileSize) Return "" End If 'Well it looks like we got us some valid files Return "File(s) OK" End Function End Module

The code above is attached as Module1.vb. Just copy and paste it into a newly create win32 console app in Visual Studio. I am also attaching the compile EXE so you can start using it right away if you don't have VS or any programming knowledge...

To use the application copy the EXE file to the folder on the server you want to use to monitor the files. In my case the files are located on a server called EARTH and the folder the OpsView Agent is installed in is: C:\Program Files\Opsview Agent

Next modify the NSC.ini file and place an entry in the [NRPE Handlers] section for each folder and/or file you want to monitor. For example here are some of mine:

FileAge1=FileAge.exe -p "c:\DataFiles\MIS_FILES\Backup\Cisco" -f "*.*" -a 1500

FileAge2=FileAge.exe -p "c:\DataFiles\MIS_FILES\Backup\Beast" -f "*.*" -a 2880

FileAge3=FileAge.exe -p "c:\DataFiles\MIS_FILES\Backup\Fire House" -f "*.*" -a 46080

FileAge4=FileAge.exe -p "c:\DataFiles\MIS_FILES\Backup\Mobile Asset" -f "*.bkp" -a 2880

FileAge5=FileAge.exe -p "c:\DataFiles\MIS_FILES\Backup\Phone\CUPS" -f "*.tar" -a 4320

FileAge6=FileAge.exe -p "c:\DataFiles\MIS_FILES\Backup\Phone\UCCX" -f "*.tar" -a 4320

FileAge7=FileAge.exe -p "c:\DataFiles\MIS_FILES\Backup\Phone\UCM" -f "*.tar" -a 4320

FileAge8=FileAge.exe -p "c:\DataFiles\MIS_FILES\Backup\Cisco\ASA" -f "*.*" -a 1500

FileAge9=FileAge.exe -p "c:\DataFiles\MIS_FILES\Backup\SQLSafe" -f "*.safe" -a 1500

The usage is as follows:

FileAge.exe -p [-f ] [-a ] [-w ]

-p Valid Path to Files you want to check

-f Name of File or FileSpec (*.*, *.TMP,etc.) Optional, defaults to *.*

-a Maximum Age of File in Minutes, optional, defaults to 1 minute

-p Size of File in bytes, optional, defaults to 1 byte

After adding your entries, save the file and restart the OpsView Agent Service. If you don't restart it you won't get any results.

Now in OpsView select Settings > Service Checks

Click the Green Plus Sign to add a new service check. Fill in the name, description, service group. Set your check period and interval.

Plug in type is check_nrpe

Finally add the arguments. For example: -H $HOSTADDRESS$ -c FileAge1

Click the Submit button.

Now add/edit the Host you want to attach this service to. On the Monitors tab locate your newly added service. Click Submit, then Apply Settings form the Settings Menu. Don't forget to hit the Reload button on the page.

That's it... A simple secure way to check your files age and size in OpsView...

This is the first take on the code so there really isn't any error catching going on or optimization. As I toy with OpsView I will tweak this into a final product. I wanted anyone who was looking to do what I did to have a chance at the code. If anyone has suggestions I would love to hear from you.

File Attachment: FileAge

BackupExec for OpsView

Again not everything is as it seems. My experience thus far with the Linux community is that a great deal of them assume you know everything about Linux, therefore clear and concise instructions are not necessary. This was the case as I was trying to setup OpsView to monitor my BackupExec 2012 Job Logs.

From the Nagios Plugin area I settled on a plugin/program from Toussaint OTTAVI (t.ottavi@medi.fr). The name of the plugin is, “Nagios plugin for Symantec BackupExec for Windows”

I read the comments about the plugin and all looked golden. Reviewing the instructions, it looked straightforward. Uh not so fast…

The instructions first said I needed to modify the nsc.ini file on the monitored server. I know, from experience that configuration file has to do with the Nagios/OpsView agent installed on the server. This agent is used by OpsView to get information from the device. So while I already know what he was talking about you may not so I will tell you:

Step 1:

If the agent is not already installed on the Server with your BackupExec Job Logs go ahead and install it. You may download it from here: http://www.opsview.com/technology/downloads/extras/opsview-agents

Step 2:

Download the plugin from here: http://exchange.nagios.org/directory/Plugins/Backup-and-Recovery/BackupExec/Symantec-BackupExec-job-check/details

Step 3:

On the server that has the job logs AND the previously installed agent copy the check_be.exe file to the folder you installed the agent on. By default on a win32 machine this is “C:\Program Files\Opsview Agent”

Step 4:

Open the “nsc.ini” file on the server with the log files in notepad. Locate the section [NRPEHandlers]

Here is where you will tell the agent what to do for each backup job. I have several but I will list two of mine for review.

They are:

[NRPE Handlers]

check_be1=check_be.exe “C:\Program Files\Symantec\Backup Exec\Data” “NEWAGE – Full Data Backup-Full” -w1 -c3

check_be2=check_be.exe “C:\Program Files\Symantec\Backup Exec\Data” “NEWAGE – Full Data Backup-Differential” -w1 -c3

The syntax of the command is: check_be <“path of XML files”> <“Name of the backup job”>

On my server the job logs are stored in “C:\Program Files\Symantec\Backup Exec\Data” and the name of my backup job for the first one is “NEWAGE – Full Data Backup”. Note and this is important, I didn’t realize that BackupExec appends either “FULL or DIFFERENTIAL” to the job name. When I originally set this up I would get a “Job name not found” error. So while you can go into the BackupExec GUI and see your job names, make sure you append the full or differential delineation. For example:

In the GUI “NEWAGE – Full Data Backup” becomes “NEWAGE – Full Data Backup-Full”

Also note that the line begins with check_be1, check_be2 and so on… This is important later when you create the services so increment it by one each time you add a new job to monitor.

Step 5:

After you have entered all the jobs you want to monitor, save the nsc.ini file and close it.

Step 6:

On the same server open the Services applet and restart the NSClientpp(Nagios) Service. Fail to restart the service and you will find nothing is working as expected.

Step 7:

Next log into your OpsView server and go to Settings > Service Checks and click the Green Plus Sign to add a new Service.

Here is a screen shot of the settings for the first Service:

  backup3

What’s important?

Set the Name, Description, Service Group, Check Period, Check Interval, Plugin and Arguments. For arguments you notice the check_be1? Remember earlier I said when modifying your nsc.ini file to number the commands sequentially? So for each of the jobs you want to monitor you will increment by one.

Once you have filled this dialog out, click the Submit button.

At this point you can Clone this service and create the rest of the services you need to monitor the number of jobs you have.

Step 8:

Click the Settings > Apply Configuration link > Reload Configuration

Step 9:

(almost there)

Click Settings > Hosts and then click the Host associated with these services (backup server where job logs are). If you do not have a host set up yet now is the time to do so.

Step 10:

Click the Monitors tab from the edit host dialog. Navigate to the BackupExec monitor, click it and then click each of the services you want to monitor.

Step 11:

Click the Submit Changes button.

Step 12:

Click the Settings > Apply Configuration link > Reload Configuration

Step 13:

Click the Monitoring > Hosts menu then click the Host that you just added the services to.

Here is a screen shot of mine:

 backup2

As you can see I have some issues to correct. If you want to test it, click the arrow icon pointing to the upper right in the service you want to test. Click Test Service Check, then click the Submit button. Hopefully if you got everything right you will get a status back on your job log.

AvTech Room Monitor on OpsView

1
…and so it began.

One day perusing the SpiceWorks (http://www.spiceworks.com) forum I came across a post by Jamin289 titled, “Create an LCD Network Monitor using Opsview, Nagios and Nagvis“. (http://community.spiceworks.com/how_to/show/2832-create-an-lcd-network-monitor-using-opsview-nagios-and-nagvis)

That discovery was a month ago.

In his post he gives you what appears to be 12 simple steps to creating your own Network Monitoring System utilizing an LCD Monitor, Server and Workstation along with the appropriate software.

First let me say that I mean no disrespect for him or his effort. If it were not for those 12 steps outlined in his post I would have never been able to get the project off the ground. With that said what you need to know is that there are about 100 steps not mentioned in his post.

Now I don’t mean to discourage you. If you are in IT you may already possess the tenacity and perseverance you will need to complete this project. If you know Linux and I did not, you are miles ahead of me and everyone else.

I did persevere and I finally after many trials and tribulations, had a working network monitoring system. As of this writing it is not complete, but it is monitoring and monitoring has become an obsession. I am learning that there is virtually no piece of equipment I cannot monitor. Awesome.

This post has two points; the first is if you want to build a network monitoring system, then Jamin289’s post is a great place to start. The second point of my post is to outline my frustration and finally my successful attempt to utilize AvTech’s (www.avetech.com) Room Monitor with the Network Monitoring System. This one piece of equipment caused me to lose about a solid week of my life. Not that there was anything wrong with the equipment, it had to do more with my inexperience with SNMP and Linux than anything else. What I can say is that I finally got the Room Monitor working and wanted to post the instructions so that others may benefit.

What I have:

Opsview Monitoring Server running Ubuntu Server 12.04 LTS. Configuration is as outlined with the previously mentioned post. I did add the GUI desktop to the server. Yes I know it is not a good idea, but I found it easier to get around and I really didn’t need the frustration of trying to learn all the CLI commands… I will say though I did learn a great deal about Linux in this process.

Your server should already be setup with the map and display as in Jamin289’s post. You should already be monitoring servers or other devices. This way you know it is working.

Room Alert 12ER from AvTech (http://avtech.com/Products/Environment_Monitors/Room_Alert_12ER.htm)

Configured, setup and working with their software and web interface. I should mention I did contact their tech support and while their response was fast and helpful, it was not complete. They did not have a specific set of instructions for me to get their monitor working with OpsView. I like the product and like the quick response.

Download the Complete Set of Instructions and Sample Files below.

OPSVIEW – Setting up the Room Alert

Sample Configuration Files

WSUS – Client PC’s Not Showing Up

Having recently upgraded our domain with a couple of Windows 2012 servers I began my quest to migrate existing roles and services from our older 2008 servers. Windows Server Update Services was a logical and what I thought easy service to migrate. After reading through different instructions on actually migrating what I had to the new server I opted to simply install from scratch and start over. I based my decision on the number of steps and requirements to make this transition and weighed it against simply “starting from scratch”. I wasn’t wrong in my decision, I will say that but there was one key piece of information I was missing and searching Google for help with my dilemma never did yield the solution to my problem, at least not directly. I imagine if I read the step by step instructions I may have happened across an answer, but I did that and the articles I read didn’t mention it, so here is the problem and the solution:

Problem:

Although WSUS was set up correctly the client PC’s were not checking in.

Background:

We use a Group Policy Object (GPO) to configure the client PC’s. I used my existing GPO I had setup for the old WSUS Server. during the reconfiguration I changed the GPO to point to the new server. My existing setting was: http://newage:80. Logically I simply changed it to http://earth:80. After a day or two when I went back I saw that updates were synced with Microsoft but I still had no client PC’s. After searching I started to use this set of instructions from Microsoft: Link

I finally settled to the set of instructions for setting the GPO to point to the server, see below:

To point the client computer to your WSUS server

  1. In Group Policy Object Editor, expand Computer Configuration, expand Administrative Templates, expand Windows Components, and then click Windows Update.
  2. In the details pane, double-click Specify intranet Microsoft update service location.
  3. Click Enabled, and type the HTTP URL of the same WSUS server in the Set the intranet update service for detecting updates box and in the Set the intranet statistics server box. For example, type http://servername in both boxes.
  4. Click OK.

I thought well maybe I need to drop the port 80 from the URL… I did, did a GPUPDATE /force on the test PC and rebooted. Still no luck. I tried adding the domain (http://earth.domainnamehere.local), again no luck.

Solution:

On my server WSUS installed on port 8530 (http) and 8531 (https). I changed my GPO to point to http://earth.domainnamehere.local:8530 and in just a few minutes I started seeing clients appear in the WSUS Admin Console. Problem solved.
From what I have read you should probably open up IIS and look to see what port was assigned if you don’t know.

Analysis:

Occams Razor, basically just because you find a horse hair on the couch don’t assume its a zebra, it may just be a horse hair… or sometimes the solution to the problem is not as complicated as one may think. Hope this helps someone else….