Operations

I needed a VPN and I wanted to run it inside of Kubernetes. Here is how I did it.

Install Debian by only supplying a static IP address during install and install Docker configured for Kubernetes

Now that I have IPv6 with Comcast working I wanted to make things automatic. I'm going to use radvd for that.

Here's a general overview of my setup, Comcast Business for my internet, a Raspberry PI running Debian 10 (Buster) as my firewall/router.

Our high CPU utilization of LSASS and slow response times was caused by a poor implementation of user impersonation.

I'm changing out my old Ubuntu firewall server with a Debian 9 system. Step one was getting everything I need installed on it. The only issue so far, certbot.

Now that Server 2019 has been released I wanted to upgrade my lab's domain controllers from Server 2016 to Server 2019 Core

This post is about getting the DNS servers to work correctly on Mac OSx when doing split tunnel (not sending all traffic across the VPN). I use StrongSwan as my VPN server and only want my local network traffic to go across the VPN and all other traffic to go out over the client's regular internet connection. The problem was that on the Mac (didn't test with Android/iPhone) it would not resolve the internal dns requests. Windows clients worked as expected. I spent a few hours figuring this out a

Ok, so this is kind of a little thing I did. I wanted a page that would generate a password without anything done on the server side. I wanted it all to be done on the client. I also wanted the ability to exclude certain characters, but yet allow others of a category. For example, one of our old legacy systems doesn't handle quote's very well, so I want to exclude quotes from the generated passwords. So, I set out to create one. It's done entirely in javascript with no server post back (for the

I wanted to switch my WSUS implementation over to https. Because I like https and there is rarely ever a reason not to use it. So, I set up my bindings in IIS and setup my group policy to point to the correct URL. After I got all of my clients updated with the new policy, they all started failing on checking for updates. They were getting a less than helpful "Not found error". The code is 0x80244019. While I was enabling the bindings for https, I was wondering what kind of services they were, be

Hey all, so today I wanted to use the new (finally) feature of pushing nuget packages to nuget feeds inside of Visual Studio Online's build environment. Which is turning out to be really awesome by the way. Anyways, I'm doing a vNext project and it creates 2 nuget packages *.nupkg. I create a new Nuget Publish task and it set the default. First, it won't work correctly, it'll try and upload some downloaded nuget packages. Lame. So we need to change the default of **\*.nupkg to **\artifacts\**\*

Well, we started running into an issue with Nuget.Server and it was time to migrate to NugetGallery. Mainly, it wouldn't clean itself up (after a few days, there were 10's of gigs of temp files in c:\windows\temp\nuget), and now that we have a couple thousand packages it started really slowing down. It was just time. So here goes what I did to make this work. Initial Steps: 1. Clone NugetGallery from github 2. Configure NugetGallery settings (database, etc) 3. Modify the web.config in the N

Well, I've had a very annoying issue that I've been fighting. I enabled wake-on-lan on my desktop and had it start going to sleep. This was great. Saves power and I can still remote into it. I installed the wake on lan tools on a linux box so I can wake it up remotely. However, I noticed that after it would wake up, it went to sleep really quick. Within a couple of minutes. Sometimes as quick as 2 but usually around 4 or 5. After hunting around the interwebs for a while I ran across a post on mi

Well, after having wake-on-lan running and working great (other than the stupid sleeping after a couple minutes issue) I decided I would do a quick post on how I got it working and my setup, it was actually very easy once I found the right package. First, my overall setup. Linux/Ubuntu firewall, running iptables. 2 VLans, one for everything else. My desktop is on the client VLAN and the linux firewall acts as the gateway between both VLans and the internet. My solution, SSH into the firewall,

Ok, so here's the overall situation 1. Fresh Windows 10 Install 2. Installed IIS attempting to include .net 3.5 in this install - it failed pulling the package from Windows Update due to my WSUS server. 1_ Skipped the .net 3.5 and installed everything. IIS, .net 4.5, Hyper-V etc. 3. After fixing my Group Policy to pull from Windows Update I attempted to install .net 3.5 at which point I started getting a 0x800F081F during the install(among others). The fix. Uninstall IIS

Ok, more on Team City and build/deploy stuff. In my previous blog post, I showed how to run team city as a domain user account. One of the reasons was for web deploy to not store the username/password in the configuration. There's another gotcha with web deploy I'll help you fix as well, when deploying to the root of a site, there is a cool folder that the updates to .net framework insists on creating. And it doesn't inherit the permissions either. It's aspnet_client. It's a pain. Because it bre

Run Team City under a service account and force https

So, this was annoying. My Cisco ASDM is version 1.5(68). It works on my desktop, but not my brand new vm. I would continuously get the Unable to Launch Device Manager from <ip address or hostname> error. Very annoying. Both Java version 1.7.0. But! The desktop was update 45, the vm was update 51. So, my next quest, try and hunt down version 45. What a pain. Finally got though it. Here is the URL to the cab file http://java.sun.com/update/1.7.0/jinstall-7u51-windows-i586.cab. A cab file can eas

OK, this was really dumb, but I wanted to install DOS, and only had access to the upgrade disks. Lame. I got the MS-DOS 6.22 floppies from my MSDN (yes it's still there). But, MSDN only has the upgrade disks. No install disks. The 6.0 version of DOS is just the files, no disk images. So that's pretty close to useless for installing fresh as well. But, there is a workaround. Boot off of the 6.22 upgrade disk #1. Then on the first screen press F3. Then answer the prompts to exit the setup. It wi

Not sure if this applies to 32 bit versions of windows or not, as I only use 64-bit. I have tons of ram and 32-bit doesn't handle it (max of 4 gig and you will only be able to use 3 gig due to memory addressing issues). Anyways. I was running into an issue where I needed to scan some documents with an older scanner that didn't have drivers for Windows 8. So, I tried the Windows 7 64-bit drivers, after all you can get most Win7 drivers to work under Win 8 without any issues. Just an FYI, this sc

Hey everyone, here's the plan, migrate all of my VM's to a data store on my NFS server, I've been wanting to do this for a while, to get off of the dedicated local storage, and move to shared. Big benefits of doing so, one of which is multiple hosts can access the same VM's for redundancy. But, I initially set up using ZFS. I went with ZFS for compression and data deduping. Turns out, deduping is a huge memory hog. Compression is a huge CPU hog (not a shocker). So, when I first created them, doi

OK, this is really, really annoying. You should NOT have to do any config to support the 2 most widely used protocols on the internet, HTTP and HTTPS. Here's the simple, really simple, web.config to support both HTTP and HTTPS. You don't need all the attributes to do it, if you don't specify them, it will use the defaults. So, for simplicity sake, I didn't put them in. This is an example that I couldn't find on google....so here you all go. <system.serviceModel> <bindings> <basicHtt

Hey everyone, so, I had a need to set some attributes and remove 2 of them in my web.config transform file. On my development system, I have my WCF services all pointing to my local fiddler, for debugging? Anyways, I needed to remove the proxyAddress attribute and also set the useDefaultWebProxy, and securityMode. You can't put in 2 different transforms in the same element doing something like xdt:Transform="SetAttributes(useDefaultWebProxy),RemoveAttributes(proxyAddress)" . The msbuild app

I had a weird issue today where we could drag drop stuff from places like Outlook, Explorer, Internet Explorer, to other Explorer windows. But you could not drag them to the desktop. It would give you a circle with a line saying no, you can't do that. You couldn't even move the icons around on the desktop. The fix. 1. Start a command prompt 2. Start up regedit 3. Start up task manager 4. Kill all explorer.exe processes 5. In regedit, goto hkey_current_user\software\microsoft\internet e

Good day all, we upgraded our vCenter server from 2008 to 2008r2. Yay. (2008 bad, r2 good). Once we did this, we ran into a problem where the vCenter services weren't starting. Searching the net revealed nothing. Our guess was that the sql server was not all the way started when the services were started. Changing the services to automatic (delayed) still did not fix it. Adding the MSSQLSERVER service as a dependency did not work either. One way we found to get around it is really cheesy. Create

Here's a little PowerShell script that will update the username and password on a com+ component. Useful when domain accounts are used as identities on com+ objects on a bunch of systems and you need to change the username and password. write-host Starting $catalog = New-Object -comobject COMAdmin.COMAdminCatalog $applications = $catalog.GetCollection("Applications") $applications.Populate() write-host "Collection populated" foreach ($application in $applications) { if ($application.Name -

Well, this was an annoying issue. I pushed out TCP/IP printers using group policy and pointed them to printers on a print server to pull the drivers and settings. This worked awesome, except for the 45 seconds per printer overhead. I narrowed it down to the universal print driver, by changing the drivers to Generic Text Only. I was going to use the print drivers that came with windows, except for the wonderful problem of the issues between 32bit, 64bit, Windows 7 and XP driver names. If you look