Category Archives: Tech Support

Posts related to IT troubles and computer tech support

Creating a Hyper-V Failover Cluster on Domain where you have Limited Rights (NetID)

 

We are using Windows Server 2012.

Question: “Datacenter or Standard?”

It’s a licensing question.  To my knowledge (I’m sure this can change at any time) Standard and Datacenter editions of Windows Server 2012 are the same software, with the same features.  The difference is that Datacenter (which costs more) will let you install an unlimited number of virtual machines, all running Windows Server, without requiring you to purchase windows licenses for any of those Virtual Machines.  Standard Edition allows you to create two Windows Server virtual machines without any additional cost. Virtualizing server you already have the license for, or linux computers, doesn’t count against your two.

My understanding is that there also a free version of Windows Server, which contains neither any kind of graphical user interface, nor any Windows licenses for Virtual Machines.  This could be well suited for Linux Virtualization, if you don’t need the GUI.

Prerequisites:

– To create a Hyper-V Failover Cluster, all hosts are running Windows Server 2012.

– They need to be joined to a domain.  I used netid.washington.edu, where I have a designated OU which I can join computers to already.

– They need proper, resolvable DNS names.

– Special Admin Access:

By my IT Department, and possibly in your own limited/restricted access domain setup, I am instructed to use a special Domain Admin user to run the Active Directory Users and Computers program (by using right-click, Run as a Different User) and pre-creating the computer in the domain, in my down designated OU.  Running the Create Cluster Wizard actually adds a Failover Cluster “computer” to the domain—you can’t pre-create this “computer” in the domain like I’m instructed to do normally.  The solution is to right-click, Run as a Different User the Create Cluster Wizard, but that Domain Admin user also needs to be Administrator on the machine for this to work.  We’ll go over how to do this in the instructions.

Join the Servers to the Domain

Follow the instructions in this post to join your computers to the NetID Domain:

Add a Computer to the Netid Domain using a Designated OU from UW-IT

Add SADM_ netid to the administrators group.

Right-click Start, click Computer Management

Click Local Users and Groups

Click Groups

Right-click Administrators

Click Properties

Click Add…

Put your special domain joiner user here.  For style points, I chose to use a special UW Group that UW-IT created called netid\u_windowsinfrastructure_fmdata_ouadmins (fmdata is my designed OU)

Click Check Names to make sure you spelled it right, then Click OK, OK

Install the Hyper-V and Failover Software/Roles

In the Server Manager, click Manage->Add Roles and Features

Click Next

Select Role-based or feature-based installation and click Next

Make sure the server is highlighted and click next.

Check Hyper-V if this cluster is going to run Virtual Machines.  If we’re just creating a clustered storage device, leave this unchecked.

Click Next

Check Failover Clustering

Click Add Features

Click Next

Click Install

Create the Failover Cluster

Remember, we can’t just click Server Manager -> Tools -> Failover Cluster Manager because we need to run as our special user that can edit the Domain/Designated OU which we got from UW-IT (sadm_yournetid).  SO:

Click Start

Start Typing “Failover Cluster Manager” when you see that windows finds it, right-click and click Run As a Different User (if this doesn’t appear, try holding left-shift while you right right).

Username: netid\sadm_yournetid

Password: your special sadm password

Click OK

In the Failover Cluster Manager click Validate Configuration…

Click Next

Enter the name of the first computer and press enter.  For example: fmdata-vmnas1.  Windows populates the box below with the complete dns name.  Run an nslookup on this name, if it doesn’t work, you may as well abort the cluster creation now and get that sorted out, because the cluster manager WILL fail.

Enter the name of the second computer you want in the Cluster and press enter (do another nslookup, add more hosts, etc,etc)

Click Next

Select Run all tests (Recommended) and click Next

Click Next, be prepared to wait a while – coffee run is advised.

Click View Report and review this.

Make sure that Create the cluster now using the validated nodes… is checked k4cjqhe.

Click Finish (Create Cluster Wizard Opens)

Create Cluster Wizard

Click Next

The INTERESTING PART!  You might be tempted to simply enter a computer name here and hit next.  Nope!  Enter something like this:

CN=fmdata-testclus,OU=fmdata,OU=Delegated,DC=netid,DC=washington,DC=edu

CN= is the computer name that will be added to the domain.  All of ours start with our designed OU name- (eg fmdata-)

OU= is here twice, notice.  The first is the name of our designated OU, the second one… just says Delegated and should be there for some reason.

DC= is here three times!  Our Domain Controller is netid.washington.edu, for some reason instead of periods you need to separate each URL part with another ,DC= if your domain controller was simple mydc.com, I think you would simply have two DC=’s, as in: DC=mydc, DC=com.  Exciting stuff, right?

Click Next, click Next

Click Finish

Click the Arrow to expand the item which is the dns name of your new cluster.

Click Nodes

Whoa, there are your two computers, each having the status “Up” …Great job!

 

Remap Caps Lock key to Ctrl in Windows 7

I love having Control on the home row. To turn your (frankly useless and annoying) caps lock key into the ctrl key, browse to this key in regedit:

HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlKeyboard Layout

Set it to this Hex code:

00,00,00,00,00,00,00,00,02,00,00,00,1d,00,3a,00,00,00,00,00

OR use the registry modification files they made here:
http://www.howtogeek.com/howto/windows-vista/disable-caps-lock-key-in-windows-vista/
(look for the Download Keyboard Mappings Registry Tweaks link)

Getting Ubuntu 12.04 and wireless working on a PowerBook G4

I managed to snag an old PowerBook G4 from the scrap heap. Problem is, 10.5 is the latest version of OSX to run on it, and the latest version of Microsoft Word doesn’t run on it either.

What’s a guy to do? Install Linux on it, of course.

I installed Ubuntu 12.04 LTS (long-term release).

First, download the ISO on this page:
http://cdimage.ubuntu.com/releases/12.04/release/

You are looking for the link that says:

Mac (PowerPC) and IBM-PPC (POWER5) desktop CD
For Apple Macintosh G3, G4, and G5 computers, including iBooks and PowerBooks as well as IBM OpenPower machines.

This is a live CD which is painfully slow, but should boot into a working desktop. The only caveat is that the wireless won’t work.

I used the button to install the live cd to the hard drive, then plugged a physical, wired network connection and ran:

sudo apt-get update
sudo apt-get install linux-firmware-nonfree


Then I rebooted the computer, because it makes me feel warm and fuzzy (it's probably not necessary).

After you reboot you can use the gui in the upper right corner to connect to a wireless network.

 

How do I update the system software?

Get to the command line, then run:

sudo apt-get update
sudo apt-get upgrade


To update all the packages.

 

How do I right-click on this thing?

Middle-click is mapped on F11

Right-click on F12.  You can also right-click by making a "two-finger tap" on the touchpad.

 

How do I get the sound to work?

You don't?  This site lists it as a known issue, and has a help link, but it was no help to me.

https://wiki.edubuntu.org/PowerPCKnownIssues

 

How do I remap Caps Lock to Control?
This isn't a standard thing, but I have no idea why.  HOW OFTEN DO YOU NEED TO TYPE IN ALL CAPS?  Basically never, but I use control all the time, especially as a programmer.

Add the lines below to a file called “.profile” under your home directory (create the file, if necessary):

if [ $DISPLAY ]
then
# Add the 3 lines below to Convert caps-lock into Control
xmodmap -e 'remove Lock = Caps_Lock'
xmodmap -e 'keysym Caps_Lock = Control_L'
xmodmap -e 'add Control = Control_L'
fi

 

How do I install Chrome?

You don't, there is no Chrome support for G4 (powerpc) processors.

 

How do I install Open Office?

You don't!  Apparently since Sun bought Oracle in 2010, Open Office is not under active development.  Instead, click on the shopping bag in the menu bar to open the Ubuntu Software Center, and search for LibreOffice (a fork of Open Office, which is under active development).

RT My Tickets links use localhost: no url

I inherited an old Request Tracker (RT) install, and I’ve been tasked with becoming the RT expert. The request-tracker package is a great little piece of software, but somewhere along the line the “10 highest priority tickets I own” widget in the dashboard stopped having functional links. The links appear, but the a href=” tag just didn’t have anything after the a. It looked like:
‘<a>__id__</a>/TITLE:#’, etc.

My Ticket URL’s are wrong! So, here’s the fix. I had to update the search whose results show in that Link Tickets box thingy.

  1. On the “RT at a glance” dashboard, click “edit” in the upper right corner of the “10 highest priority tickets I own” box.
  2. At the top of the page it says: “You can also edit the predefined search itself: Search – My Tickets” Search – My Tickets is a link, click on that link.
  3. Click “Advanced” at the top of the page.
  4. In the format box, make sure you have the following:
    ‘<a href=”/Ticket/Display.html?id=__id__”>__id__</a>/TITLE:#’,
    ‘<a href=”/Ticket/Display.html?id=__id__”>__Subject__<</a>/TITLE:Subject',
    ‘__Priority__’,
    ‘__QueueName__’,
    ‘__ExtendedStatus__’
    You probably just need to add the href… stuff in the link tag.
  5. Click “Apply” in the lower right corner.
  6. YOU’RE NOT DONE! Find the “Saved Searches” box on the right. Click the “Update” button.
  7. Now if you click on “Home” in the upper left, the tickets in your top ten should be click-able.

NAT and Port Forwarding on the Cisco ASA 5505

What is NAT? It stands for Network Address Translation. It means that we can have a public IP outside the Cisco Firewall, and it will route traffic inside to the internal address we select. Of course, because it’s a firewall, we need to tell the ASA5055 what traffic to allow through the firewall to the inside address. The decision on what to allow through is based on what port the traffic is coming in on.

This is all very easy to do on consumer grade hardware, but it’s difficult to do on the ASA5505 using the Cisco ASDM. I’m going to go through the steps I went through to set up NAT and port forwarding using the ASDM software.

First, setting up NAT

  1. Use the ASDM software to log into your device.
  2. Click “Configuration” at the top, then “NAT” on the left.
  3. Click “Add,” then select “Add Static NAT Rule…”
  4. Under “Real Address” type the destination, or internal address. For example: “192.168.10.111”
  5. Change Netmask to: “255.255.255.255”
  6. Under “Static Translation,” change the Interface to: “outside.”
  7. Enter the outside, routable IP which you want to use to access the device from outside the firewall.
  8. Click “OK.”
  9. Click “Apply.”

Allowing traffic through the firewall, or Port Forwarding

Now all packets which are allowed through the firewall and are addressed to the outside IP address we just named will be delivered to the internal IP address. So, to use our internal IP address as a server, we need to open the firewall to allow traffic to come to this device.

  1. Click “Security Policy” on the left.
  2. First, we are going to define the services we want to let through. Click the “Services” tab in the right pane.
  3. You’ll see a list of pre-defined services. This is helpful (especially http and https), but there are probably services you’ll use that aren’t listed here.
    • Fileshares:
      Click “Add,” then TCP-UDP Service Group
      Type in a “Group Name” such as “fileshare.”
      Check the “Port #” radio button.
      Type in “137” to “139” and click the “Add >>” button.
      Next type in “445” to “445” and click the “Add >>” button.
    • Remote Desktop:
      Click “Add,” then TCP-UDP Service Group
      Type in a “Group Name” such as “remotedesktop.”
      Check the “Port #” radio button.
      Type in “3389” to “3389” and click the “Add >>” button.
    • SQL Connections
      Click “Add,” then TCP Service Group
      Type in a “Group Name” such as “sql.”
      Check the “Port #” radio button.
      Type in “3306” to “3306” and click the “Add >>” button.
  4. Next, we want to define groups of IP addresses that are allowed to access different services. For our setup, we have a few subnets that are all allowed access to all services, but you might want to restrict more. You should create a group for each security level.
    • Click the “Addresses Tab.”
    • Click “Add” and select “Network Object Group…”
    • Choose a group name, for example: “office.”
    • Add the subnets you wish to allow. You probably want outside-network/24, which is the subnet of the units external interface. Click that and click “Add >>”
    • Enter new subnets by typing in the IP address as: “xxx.xxx.xxx.0” for example: “172.25.204.0”, and setting the Netmask to: “255.255.255.0” This will allow 172.25.204.1 through 172.25.204.254. click “Add >>”
      When you are done, Click “OK.”
  5. Now to define which networks are allowed on which services.
    • Click “Security Policy” on the left and then in the center pane, click “Add.”
    • Change the Interface dropdown to “Outside” and make sure Direction says: “incoming.”
    • Under Source, change Type to “Network Object Group,” then select the group name we set previously.
    • Under Destination, click the “…” button by IP address, and select the outside, world-routable IP address of the device you wish to allow access to.
    • Change the Protocol dropdown to “tcp.”
    • Leave Source Port as “any.”
    • Under Destination Port, select the “Group” radio button.
    • In the dropdown, select the service group we previously defined.
    • Click OK.
    • Click “Apply.”
    • Now to save and reload the box, click ‘Tools/System reload’
    • Select ‘Save the running configuration at time of reload’
    • Click ‘Schedule Reload’

Update your server’s software firewall

Lastly, don’t forget to update the exceptions in the server’s software firewall!
If you were managing which subnets have access on the server’s software firewall, instead of doubling up your efforts you may choose to change the option to “Any computer” and let the Cisco ASA 5505 restrict by subnet. If not, you may still want to add the new internal subnet so that other servers behind the firewall can have access too.

***If your NAT isn’t working***

I used these directions to set up my NAT, but found that my NAT’ed addresses were not able to access network resources outside of the firewall. Luckily, if you are having that trouble, I posted my solution here!

NAT Routing Problem on Cisco ASA 5505

If you haven’t done this yet or lack faith in your NAT setup, I have also posted instructions on how to set up a NAT on the Cisco ASA 5505.

After setting up my Cisco ASA5505 to perform NAT (Network Address Translation) I wasn’t able to access the server from outside the firewall. I also noticed that the Server behind the firewall was not able to access network resources outside the firewall. Using a packet sniffer, I determined that the Cisco device was sending the request packets out, and recieving responses from devices but not allowing those packets through the firewall.

Removing the server from the NAT rule by simply changing the NAT rules internal address IP and hitting apply allowed the server to instantly send traffic out. Using a whatismyip service showed that I was being identified by the firewall’s IP address.

There seems to be a bug in the Cisco firewall, because the “solution” is silly; change a setting and change it back.

  1. Log into the ASA5505 using the Cisco ASDM software
  2. Click “Configuration” at the top, then “Interfaces” on the left.
  3. Select the “outside” interface and click “Edit.”
  4. Select “Use static IP” and set the interfaces IP to the same as the outside IP address you’ve specified in your NAT Rule.
  5. Click “OK,” then “Apply.” The device will take a few moments to change this setting.
  6. Try to access a network service outside the firewall using your NAT’ed server. It should work!
  7. Now, Click “Edit” again, and change the setting back to whatever you had there before.
  8. Unbelievably, the NAT’ed server will still work AND your Cisco device will have the separate IP address you require. You haven’t changed any settings, but now it works!

Restoring Factory Defaults to the Cisco ASA 5505 Firewall via the ASDM

If you have been mucking around in your Cisco ASA5505 and want to return to factory defaults using the ASDM management software, it’s pretty easy.

If you can’t use the ASDM, I have also have a write up for Resetting the Cisco asa 5505 Using the Console.

  1. Click the “Wizards” drop down menu and select “Startup Wizard…”
  2. Change the radio button to “Reset configuration to factory defaults.”
  3. I suggest changing the management IP. This will change the subnet of devices behind the firewall. This is useful if you ever have to put another firewall device behind this device as some consumer grade devices make it a pain to change the internal subnet. You can use any non-routable IP, such as 192.168.x.1 where x is 1-254.
  4. Click “Yes.”
  5. After a few minutes, I got a status message with an ERROR. This is because the ASDM is trying to manage the device using the old IP.
  6. Close the ASDM without saving, renew you DHCP lease and log in using the ASDM to the new address.
  7. This doesn’t seem to reset the Enable password, so you’ll have to use that to login.

Using the Cisco ASA 5505 as a VPN server with the Cisco VPN Client software

This walkthrough will describe how to use your Cisco ASA5505 as a VPN server for a remote client. The remote client doe not need to have an 5505 as a VPN endpoint, it only needs to have the Cisco VPN Client software installed.

To configure the ASA5505, first log into it using the Cisco ASDM.

  1. Click the “Wizards” drop down, select “VPN Wizard.”
  2. Select “Remote Access,” click Next.
  3. Select “Cisco VPN Client,” click Next
  4. Select “Pre-shared key,” then fill in what I’m going to call your “VPN Connection Password.” This will be saved in the client and should be as long and secure as possible.
  5. Tunnel Group Name: Enter what I’m going to call your “VPN Connection Username,” and Click Next.
  6. Select “Authenticate using the local user database,” click Next.
  7. Create a username and password for each VPN user, click Next.
  8. Click “New…” to create a new VPN IP pool. You can do whatever you want here, but here is my suggestion:
    • Name: VPNUsers
    • Starting IP Address: 192.168.15.194
    • Ending IP Address: 192.168.15.220
    • Subnet Mask: 255.255.255.224
    • Click “OK.”
  9. Click Next.
  10. Fill in DNS and WINS for your outside network and Click Next.
  11. IKE Policy defaults are fine, click Next.
  12. IPSec defaults are fine, click Next.
  13. Leave NAT Settings blank, but check “Enable Split tunneling” at the bottom and click Next.
  14. Click Finish.

One more step, without this you won’t be able to connect to anything besides the internal network when you are connected to the VPN.

  1. Click “Configuration” at the top of the screen.
  2. Click “VPN” on the left side of the screen.
  3. Under “General,” click “Group Policy.”
  4. Click the Group Policy that corresponds to the one you defined during the Wizard, and click the Edit button.
  5. Click the Client Configuration Tab.
  6. Click the “Manage” button next to Split Tunnel Network List.
  7. Double click the Entry under the Standard ACL tab.
  8. Change the IP address and Netmask to match that of your internal network, the subnet where your servers are located.
  9. Click OK, OK, OK and finally: Apply.

Now that we’ve done all that, we should save it from working memory into the flash. I like to do a reboot while I do this, and we can do it using the Cisco ASDM!

  1. Click Tools and select System Reload.
  2. Be sure to change the radio button at the top to Save the running configuration at the time of reload.
  3. Click “Schedule Reload,” Yes, and Exit ASDM.

To connect your new VPN, you’ll need the Cisco VPN Client. I’m using version 4.6.

  1. Install the Cisco VPN Client.
  2. Click “New.”
    • Connection Entry: Name of the VPN connection. I used the same thing I put in for the Tunnel Group Name (VPN Connection Username), but you can use whatever you want.
    • Host: The IP address or DNS name of the VPN Server.
    • On the Authentication Tab, make sure “Group Authentication” is selected.
    • Name: Put whatever you put for Tunnel Group Name (VPN Connection Username).
    • Password: put in your “Pre-shared Key” VPN (Connection password).
      That’s it! Hit Save.

To connect, double-click the connection entry you just created.
Enter your username and password, which we defined users on the Cisco ASA5505 device during the VPN Wizard.

Done and Done!

How to add digital camera video (AVI) to a webpage using Adobe Dreamweaver

First we need to convert our .avi file from the digital camera into a .flv (flash video) file, so it can be viewed on the internet.

  1. Open Adobe Media Encoder CS4 (located in the Adobe Design Premium CS4 folder in the start menu)
  2. Click the “Add” button.
  3. Double-click the .avi file you wish to convert.
  4. Click the “Settings” button.
  5. Change the “Preset” drop-down to be “FLV – Web Medium”
  6. Click “OK”
  7. Click “Start Queue”

Now we can insert the FLV file into a webpage using Adobe Dreamweaver

  1. Put the cursor where you want to insert the video.
  2. Click “Insert” drop down.
  3. Click “Media” then “FLV…”
  4. Click the “Browse” button.
  5. Double-click the FLV file you just created.
  6. Make sure to copy the file to the appropriate place in your website, if you haven’t already.
  7. Click “Detect Size”
  8. Check “Auto play” and “Auto rewind” if you want those functions.
  9. Click “OK”
  10. Save the page and check it in. Be sure to check in the whole folder, so your FLV file is uploaded as well.

Quick Print Icon, prints to any printer in Word 2007

The default quick print icon behavior in Word 2007 is to print to your default printer. Here is how to make an icon in the Word 2007’s Quick Access Toolbar (QAT) which prints directly to any printer you want. This is handy if you want an icon that prints to a different printer than the default, or you just want a quick print icon for each of your pinters.

To do this, we need to input a macro. To do that, we need the “Developer Tab”. Follow these steps to make the Developer Tab appear:

  1. Click the Microsoft Office Button in the upper left, and then click Word Options.
  2. Click Popular.
  3. Under Top options for working with Word, select the Show Developer tab in the Ribbon check box.

The following creates the print macro.

  1. Click the Developer Tab.
  2. Click on the large Macros button on the left.
  3. Type anything in the Macro Name box, for ex: “PrintFromFavoritePrinter”
  4. Click the Create button.
  5. Cut and paste the commands below, so that your window looks like this:
  6. 
    Sub PrintFromFavoritePrinter()
    '
    ' PrintFromFavoritePrinter Macro
    '
    '
    Dim sCurrentPrinter As String
    
    sCurrentPrinter = ActivePrinter
    ActivePrinter = "HP LaserJet 1020"
    Application.PrintOut FileName:=""
    ActivePrinter = sCurrentPrinter
    
    End Sub
    
  7. Replace the text: “HP LaserJet 1020” with the exact name of your printer, from the Printers and Faxes section of your control panel.
  8. Press ctrl+s to save, then close the window.

The macro has been created, you can run it out of the macros list, but what a pain! Create an icon on the Quick Access Toolbar.

  1. Right-click anywhere on the QAT and click: “Customize Quick Access Toolbar…”
  2. Select “Macros” from the “Choose commands from:” drop-down.
  3. Click the “PrintFromFav…” macro on the left, then click the “Add>>” button.
  4. Click the Modify button at the bottom, choose an icon and change the name to something short, then click OK.

The QAT now has the icon you selected. When you click on it, it should immediately print to your favorite printer!