I was helping a client get VPN connectivity into the network to allow for easy administration and support. Using remote control software like gotomeeting, logmeinpro, or crossloop was ok for a while it requires somebody to initiate a request for the connection. Unattended features are available but it involves sharing owner credentials which might not be ideal. This is why I still like to set up VPN connectivity as a secure alternative.

The first step was to determine if the appliance currently in place was VPN-capable. It was. Next is to conigure it, assumimg passwords were known which they weren’t. Then we had to locate the console cable and determine the correct ios revision in order to download the correct version of the password recovery tool. Once the correct tool version is downloaded, I had to find a tftp server because the PIX model was disk-less. I usually use tftp32.exe which is a free download and easy to use. Once tftp daemon server service was all set up, I was able to run the password recovery tool to erase the passwords and change them to something else.
Now that I was able to login, I changed the current vpngroup user password. I used an unsecured wireless connection in the building and this allowed me to test connecting via the Cisco VPN client. It worked out well on the first attempt and I was connected with no issues. I was lucky the vpn configurations was previously set up and all I neeeded to do was change the passowrds. I was also lucky that there was an unsecured wireless connection I could test from.
The only thing left to do now is to tie the logins to an LDAP server. I wonder if a newer cisco VPN client is needed for that. Where can I download that without requiring an online cisco userid and password? I don’t think this is important right now. I’m sure it will need to be addressed soon as we continue to use VPN in this company for a broader range of audiences with varying needs.

I use the sysinternals tool PSEXEC to remotely run batch software installations. Recently, I was running into an issue performing a silent unattended install from an MSI. After many frustrating attempts, I found this url http://forum.sysinternals.com/printer_friendly_posts.asp?TID=2542. By using the ALLUSERS=2 switch when running the MSI, the software installation succeeded. Apparently, running the MSI install without this switch defaults to installation in the admin account profile. If that admin does not have a profile on that PC, installation fails. Setting ALLUSERS=2 ensures it is installed for all profiles.

I just heard from a coworker that the use of handheld devices while driving will become illegal by January 1, 2010. That’s only a couple of days away. More specifically, he says that the use of hand-held cell phones, Blackberries, other smart phones, and any other electronic devices while behind the wheel will be forbidden and if caught will result in fines. Ouch. We cannot even use text or email while behind the wheel, and forget about portable games like PSP or Nintendo DS or watch DVD movies. I don’t use portable devices anyway but am addicted to using my cell while on the road (stopped and waiting in traffic of course).

This will be a major setback for me and will require some readjustments on my driving habits. Driving is a big part of the services industry so this could mean delays in response. Oh well. it just means we have to plan well in advance and communicate to people of the lack of communication while in transit. It is for the safety of everyone so I’m glad its finally reached British Columbia.

For tips on safe driving from Transport Canada check out the following link: http://www.tc.gc.ca/eng/roadsafety/safedrivers-distractions-index-52.htm.

Have a safe Christmas Holiday season.

I had a lot of problems installing Active Directory onto a second Windows 2003 Server Standard. As part of a two step process of decommissioning Active Directory from the main server and only running AD on the second server, I had to first complete DCPROMO on the second server. The DCPROMO partially completes and errors out at the final SYSVOL share creation. The event logs say that it is unable to complete AD installation until SYSVOL is fully replicated. The issues pointed to DNS so I spent a lot of time fixing that. I made sure DNS Server service was not installed on the second server and that all the CNAME records were correct. I then downloaded the Resource kit and ran DCDIAG /TEST:DNS and NETDIAG. The DCDIAG resulted in frsevent errors. I didn’t know how to fix a partially installed AD on the second server so I had to uninstall AD multiple times, taking stabs at different types of fixes. The reinstall unfortunately takes a long time to run so I had to make sure the fixes I applied produces positive results.

After numerous trips to forums and technical blogs, I searched thru the system log shows event ID 13555 on the main source server and found this link http://www.eventid.net/display.asp?eventid=13555&eventno=572&source=NtFrs&phase=1. I was focusing on the ntfrs errors on the second server thinking the issue was with the destination server. I didn’t think the issue was with the source main server. This links says that a corrupt ntfrs jet database could prevent successful SYSVOL replication. It made sense that if there was an nfrs jet database corruption, this would break DCPROMO. I followed the fixes documented in the link, which includes stopping bot netlogon and ntfrs services; deleting the contents of \windows\ntfrs\jet folder; then recreating the jet databases after netlogon and ntfrs services are restarted. This fixed the errors on the source main server, which fixed the DCDIAG errors, which eventually allowed me to complete the DCPROMO onto the second server.

After AD was installed onto the second domain controller, removing AD from the main server was easy. Hope this helps you out if you ever find yourself in this predicament.

We recently ran into an issue printing to Brother MFC 420 USB printers from a Windows XP computer connected via Remote Desktop to a Vista Ultimate computer. The printer is local to the Windows XP computer and the requirement is that the use should be able to print to this Brother printer from a Remote Desktop session on the Vista computer. Unfortunately, the printer redirection does not work and the reason for it is the printer driver name used by Windows XP for the Brother MFC 420 USB printer is different from the Vista printer driver naming convention. In order for printer redirection to work, the printer drivers (not the printer names) have to match.

To fix this, I followed Microsoft’s documentation on editing the registry and creating a new INF file that contains the one-to-one printer redirection mapping. Here is the url to the documentation http://technet.microsoft.com/en-us/library/cc775141.aspx and I have stripped out the section I used before the url becomes stale:

———snippet———

I just heard on the beat 94.5 radio station that its the hottest day its ever been in BC’s history. A very hot 32.9 degrees. It must be true because I can feel the difference today. It also means that a lot of data centers out there could be in trouble without proper cooling. I just came from a client in burnaby and I worry for them. The servers are in the basement and there no air conditioning units down there. I installed a temperature and humidity environment monitor from APC and will definitely monitor that. In fact, I’ll get alerted if the thresholds are reached. I hope not!

There is some discussion going on internally regarding the ftp services at a client’s site. ftp is currently hosted at an isp as a paid service they have asked us to bring internally in order to save money. Other staff have exclaimed that it should be hosted on a linux server, no doubt because of security and strongly advocated against using windows to host this ftp service. I on the other hand don’t mind windows and using iis to host a public ftp server. I know many of you out there will gasp at this (mostly blackhats) but I think there are other things to worry about first in terms of security and this isn’t one of them. As long as windows patches are religiously applied and passwords regularly changed, that should be good enough. The tool is already there and its part of windows so it doesn’t make sense to provision another server with another OS that will just sit in a corner outside of the domain under everyone’s radar. My take is that we should take all precautions to block out intruders but not at the expense of cost, ease of use, and ease of implementation.

What do you think?

In our never-ending quest to help the environment, AMIN Solutions always show our support for alternatives instituted by others to keep a green earth. We believe we have the most effect because we usually need to drive to get to our clients for our professional on-call services and our monthly maintenance services.
With this commutter challenge, we will try and reduce our carbon footprint by taking public transit to/from client sites.the only real challenge is getting to one of our clients in aldergrove. There must be bus service to that office. Also, we will push for remote control access to systems instead of going onsite. We can definitely do this for all our on-call support issues.
Here is link to the commutter challenge website for more info Http://www.commuterchallenge.org

We at AMIN Solutions HQ are again participating in the earth hour 2009 movement by shutting down all computers, monitors, printers, and our lights for 1 hour this coming Saturday at 8:30pm. More info at www.earthhour.org. How hard can it be without a computer for 1 hour? I’m sure I can manage but what about mobile devices like blackberies. I wonder if they count because I am addicted to it and would probably not last an hour without it.

Everyone is looking to save money these days. If you can avoid paying monthly fees to host your website, then why not? There are a lot of hosting sites out there just like the one I am using here at 110mb.com. Use web redirection and masking if you want to use your own registered domain name. If you want a quick site without installing scripts, use google’s blogger. Check out these two sites, completely setup using blogspot.com - www.lutongpinay.com and www.smartchoicetreatment.com. You can hide the navigation bar at top and include your own favicon so that you don’t see the blogger icon in the URL. Its fairly easy to setup and is free. Let me know if you need more info on this.

— keep looking »

Search

Enter your email address:

Recently Written

• Adventures in setting up a Cisco PIX VPN router
• Running a batch install remotely and unattended
• Just heard about new laws in BC concerning driving with handheld devices
• Resolved issues running DCPROMO onto a second Windows 2003 Server
• Printer Redirection steps for remote desktop users
• Hottest day in BC history
• Hosting FTP server on windows or linux
• Commuter Challenge
• Earth hour is this Saturday March 28 at 8:30pm
• Free web hosting

Services

Express Payment

Computer Support Web Development

• Follow us on Facebook
• Forums - Q & A
• Remote Control - Adobe ConnectNow
• Shop with Us - Online Catalog
• Shop with Us (legacy)

Subscribe in a reader

My Advertisers

Categories

• Administration
• Events
• Services
• Support
• Training

Archives

• February 2010
• January 2010
• December 2009
• September 2009
• July 2009
• June 2009
• March 2009
• January 2009
• December 2008
• October 2008
• August 2008
• April 2008
• March 2008
• January 2008
• December 2007
• November 2007
• September 2007
• August 2007
• June 2007
• May 2007
• April 2007
• March 2007
• February 2007
• January 2007
• December 2006
• November 2006