Operations

DevOps

strongSwan inside of Kubernetes

I needed a VPN and I wanted to run it inside of Kubernetes. Here is how I did it.

DevOps

Debian Preseed and Docker

Install Debian by only supplying a static IP address during install and install Docker configured for Kubernetes

DevOps

RADVD on Debian 10

Now that I have IPv6 with Comcast working I wanted to make things automatic. I'm going to use radvd for that.

DevOps

IPv6, Linux Firewall and Comcast

Here's a general overview of my setup, Comcast Business for my internet, a Raspberry PI running Debian 10 (Buster) as my firewall/router.

DevOps

LSASS and High CPU Usage

Our high CPU utilization of LSASS and slow response times was caused by a poor implementation of user impersonation.

DevOps

Moving Certbot to Debian 9

I'm changing out my old Ubuntu firewall server with a Debian 9 system. Step one was getting everything I need installed on it. The only issue so far, certbot.

Operations

Upgrade Server 2016 Domain Controller to 2019 Server Core

Now that Server 2019 has been released I wanted to upgrade my lab's domain controllers from Server 2016 to Server 2019 Core

Operations

StrongSwan, IKEv2, Split DNS and iOS

This post is about getting the DNS servers to work correctly on Mac OSx when doing split tunnel (not sending all traffic across the VPN). I use StrongSwan as my VPN server and only want my local network traffic to go across the VPN and all other traffic to go out over the client's regular internet connection. The problem was that on the Mac (didn't test with Android/iPhone) it would not resolve the internal dns requests. Windows clients worked as expected. I spent a few hours figuring this out a

Operations

Web Based Password Generator

Ok, so this is kind of a little thing I did. I wanted a page that would generate a password without anything done on the server side. I wanted it all to be done on the client. I also wanted the ability to exclude certain characters, but yet allow others of a category. For example, one of our old legacy systems doesn't handle quote's very well, so I want to exclude quotes from the generated passwords. So, I set out to create one. It's done entirely in javascript with no server post back (for the

Operations

WSUS/Server 2012R2 and HTTPS

I wanted to switch my WSUS implementation over to https. Because I like https and there is rarely ever a reason not to use it. So, I set up my bindings in IIS and setup my group policy to point to the correct URL. After I got all of my clients updated with the new policy, they all started failing on checking for updates. They were getting a less than helpful "Not found error". The code is 0x80244019. While I was enabling the bindings for https, I was wondering what kind of services they were, be

C-Sharp

VSO Build and File Select/Exclude

Hey all, so today I wanted to use the new (finally) feature of pushing nuget packages to nuget feeds inside of Visual Studio Online's build environment. Which is turning out to be really awesome by the way. Anyways, I'm doing a vNext project and it creates 2 nuget packages *.nupkg. I create a new Nuget Publish task and it set the default. First, it won't work correctly, it'll try and upload some downloaded nuget packages. Lame. So we need to change the default of **\*.nupkg to **\artifacts\**\

ASP.Net

From Nuget.Server to NugetGallery

Well, we started running into an issue with Nuget.Server and it was time to migrate to NugetGallery. Mainly, it wouldn't clean itself up (after a few days, there were 10's of gigs of temp files in c:\windows\temp\nuget), and now that we have a couple thousand packages it started really slowing down. It was just time. So here goes what I did to make this work. Initial Steps: 1. Clone NugetGallery from github 2. Configure NugetGallery settings (database, etc) 3. Modify the web.config in the

Operations

Windows 10 going to sleep to quickly

Well, I've had a very annoying issue that I've been fighting. I enabled wake-on-lan on my desktop and had it start going to sleep. This was great. Saves power and I can still remote into it. I installed the wake on lan tools on a linux box so I can wake it up remotely. However, I noticed that after it would wake up, it went to sleep really quick. Within a couple of minutes. Sometimes as quick as 2 but usually around 4 or 5. After hunting around the interwebs for a while I ran across a post on mi

Operations

Wake-on-lan, windows 10 and Linux

Well, after having wake-on-lan running and working great (other than the stupid sleeping after a couple minutes issue) I decided I would do a quick post on how I got it working and my setup, it was actually very easy once I found the right package. First, my overall setup. Linux/Ubuntu firewall, running iptables. 2 VLans, one for everything else. My desktop is on the client VLAN and the linux firewall acts as the gateway between both VLans and the internet. My solution, SSH into the firewall

Windows 10

Windows 10 - .NET 3.5

Ok, so here's the overall situation 1. Fresh Windows 10 Install 2. Installed IIS attempting to include .net 3.5 in this install - it failed pulling the package from Windows Update due to my WSUS server. 1_ Skipped the .net 3.5 and installed everything. IIS, .net 4.5, Hyper-V etc. 3. After fixing my Group Policy to pull from Windows Update I attempted to install .net 3.5 at which point I started getting a 0x800F081F during the install(among others). The fix. Uninstall IIS. Restart

Programming

Team City, MSBuild, MSDeploy, Web Deploy, NTLM and aspnet_client

Ok, more on Team City and build/deploy stuff. In my previous blog post, I showed how to run team city as a domain user account. One of the reasons was for web deploy to not store the username/password in the configuration. There's another gotcha with web deploy I'll help you fix as well, when deploying to the root of a site, there is a cool folder that the updates to .net framework insists on creating. And it doesn't inherit the permissions either. It's aspnet_client. It's a pain. Because it bre

Operations

Teamcity HTTPS running under a service account

Run Team City under a service account and force https

Java

Java bites again - Cisco ASDM

So, this was annoying. My Cisco ASDM is version 1.5(68). It works on my desktop, but not my brand new vm. I would continuously get the Unable to Launch Device Manager from <ip address or hostname> error. Very annoying. Both Java version 1.7.0. But! The desktop was update 45, the vm was update 51. So, my next quest, try and hunt down version 45. What a pain. Finally got though it. Here is the URL to the cab file http://java.sun.com/update/1.7.0/jinstall-7u51-windows-i586.cab. A cab file can easil

Operations

Install MS-DOS 6.22 from upgrade disks

OK, this was really dumb, but I wanted to install DOS, and only had access to the upgrade disks. Lame. I got the MS-DOS 6.22 floppies from my MSDN (yes it's still there). But, MSDN only has the upgrade disks. No install disks. The 6.0 version of DOS is just the files, no disk images. So that's pretty close to useless for installing fresh as well. But, there is a workaround. Boot off of the 6.22 upgrade disk #1. Then on the first screen press F3. Then answer the prompts to exit the setup. It wi

Windows 8

Twain drivers and Windows 7/8 64-bit

Not sure if this applies to 32 bit versions of windows or not, as I only use 64-bit. I have tons of ram and 32-bit doesn't handle it (max of 4 gig and you will only be able to use 3 gig due to memory addressing issues). Anyways. I was running into an issue where I needed to scan some documents with an older scanner that didn't have drivers for Windows 8. So, I tried the Windows 7 64-bit drivers, after all you can get most Win7 drivers to work under Win 8 without any issues. Just an FYI, this sc

Linux

ZFS, 3ware 9650 and performance

Hey everyone, here's the plan, migrate all of my VM's to a data store on my NFS server, I've been wanting to do this for a while, to get off of the dedicated local storage, and move to shared. Big benefits of doing so, one of which is multiple hosts can access the same VM's for redundancy. But, I initially set up using ZFS. I went with ZFS for compression and data deduping. Turns out, deduping is a huge memory hog. Compression is a huge CPU hog (not a shocker). So, when I first created them, doi

Operations

WCF with HTTP and HTTPS

OK, this is really, really annoying. You should NOT have to do any config to support the 2 most widely used protocols on the internet, HTTP and HTTPS. Here's the simple, really simple, web.config to support both HTTP and HTTPS. You don't need all the attributes to do it, if you don't specify them, it will use the defaults. So, for simplicity sake, I didn't put them in. This is an example that I couldn't find on google....so here you all go. <system.serviceModel> <bindings> <basicHtt

Operations

Multiple Config Transforms on Single Element

Hey everyone, so, I had a need to set some attributes and remove 2 of them in my web.config transform file. On my development system, I have my WCF services all pointing to my local fiddler, for debugging? Anyways, I needed to remove the proxyAddress attribute and also set the useDefaultWebProxy, and securityMode. You can't put in 2 different transforms in the same element doing something like xdt:Transform="SetAttributes(useDefaultWebProxy),RemoveAttributes(proxyAddress)". The msbuild app puk

Windows XP

Unable to move/drag icons on desktop in Windows XP

I had a weird issue today where we could drag drop stuff from places like Outlook, Explorer, Internet Explorer, to other Explorer windows. But you could not drag them to the desktop. It would give you a circle with a line saying no, you can't do that. You couldn't even move the icons around on the desktop. The fix. 1. Start a command prompt 2. Start up regedit 3. Start up task manager 4. Kill all explorer.exe processes 5. In regedit, goto hkey_current_user\software\microsoft\internet explo

ESX

vSphere 4.1 / vpxd service not starting

Good day all, we upgraded our vCenter server from 2008 to 2008r2. Yay. (2008 bad, r2 good). Once we did this, we ran into a problem where the vCenter services weren't starting. Searching the net revealed nothing. Our guess was that the sql server was not all the way started when the services were started. Changing the services to automatic (delayed) still did not fix it. Adding the MSSQLSERVER service as a dependency did not work either. One way we found to get around it is really cheesy. Create

PowerShell

Updating com+ component username/password in PowerShell

Here's a little PowerShell script that will update the username and password on a com+ component. Useful when domain accounts are used as identities on com+ objects on a bunch of systems and you need to change the username and password. write-host Starting $catalog = New-Object -comobject COMAdmin.COMAdminCatalog $applications = $catalog.GetCollection("Applications") $applications.Populate() write-host "Collection populated" foreach ($application in $applications) { if ($application.Name -

Operations

HP Universal Print Driver Alternative

Well, this was an annoying issue. I pushed out TCP/IP printers using group policy and pointed them to printers on a print server to pull the drivers and settings. This worked awesome, except for the 45 seconds per printer overhead. I narrowed it down to the universal print driver, by changing the drivers to Generic Text Only. I was going to use the print drivers that came with windows, except for the wonderful problem of the issues between 32bit, 64bit, Windows 7 and XP driver names. If you look