Pages

12/20/2013

12/16/2013

Searching Active Directory user objects for a values in an attribute

Searching Active Directory user objects for value in an attribute:
The following will look for user objects with any value in "audio" attribute
$strFilter = "(&(objectCategory=User)(audio=*))"

$objDomain = New-Object System.DirectoryServices.DirectoryEntry

$objSearcher = New-Object System.DirectoryServices.DirectorySearcher

$objSearcher.SearchRoot = $objDomain

$objSearcher.PageSize = 4000

$objSearcher.Filter = $strFilter

$objSearcher.SearchScope = "Subtree"

$colProplist = "name"

foreach ($i in $colPropList){$objSearcher.PropertiesToLoad.Add($i)}

$colResults = $objSearcher.FindAll()

foreach ($objResult in $colResults)

    {$objItem = $objResult.Properties; $objItem.name}

12/13/2013

ASA SSL VPN

SSL VPN Clients not getting DNS

PROBLEM

- Clients are getting IP assigned from address pool on ASA (not DHCP.)
- Connect successfully but do not get name resolution.  DNS servers are not being assigned
- NOT doing split tunnel

CHECK

DNS settings are defined all over the place.  Confirm the correct DNS server IP numbers are defined in the following locations:

Configuration > Remote Access VPN > DNS

Configuration > Remote Access VPN > Network (Client) Access > Group Policies
          Select Policy > Edit > Servers > DNS Servers field
                    This field will only allow 2 server IP#'s

11/21/2013

Website/URL/Link Scanner Safety Check for Phishing, Malware, Viruses [results: DOMAIN.com] - ScanURL.net

Website/URL/Link Scanner Safety Check for Phishing, Malware, Viruses [results: domain.com] - ScanURL.net: Enter a URL/link (web address) or website/domain below, and we'll see if it's been reported for phishing, hosting malware/viruses, or poor reputation.

ALSO - it includes a long list of links to other resources at the bottom of a search.

urlquery.net - Free URL scanner

urlquery.net - Free URL scanner: urlQuery.net is a service for detecting and analyzing web-based malware. It

11/07/2013

UCSM login problems with the Java 7 Update 45

UCSM login problems with the Java 7 Update 45

Cisco UCS Manager can't logon
Yep....

HL Tools - Part 1 - Clone a VM without vCenter | LucD notesLucD notes

HL Tools - Part 1 - Clone a VM without vCenter | LucD notesLucD notes: Clone a VM without vCenter

HL Tools - Part 2 - Create a Nested Hypervisor | LucD notesLucD notes

HL Tools - Part 2 - Create a Nested Hypervisor | LucD notesLucD notes: Create a Nested Hypervisor

Simple Host Time Information

Simple Host Time Information

Get-VMHost | Sort Name | Select Name, `
  @{N="NTPServer";E={$_ |Get-VMHostNtpServer}}, `Timezone, `
  @{N="CurrentTime";E={(Get-View $_.ExtensionData.ConfigManager.DateTimeSystem) | Foreach {$_.QueryDateTime().ToLocalTime()}}}, `
  @{N="ServiceRunning";E={(Get-VmHostService -VMHost $_ |Where-Object {$_.key-eq "ntpd"}).Running}} `
 | Format-Table -AutoSize

Exporting all that useful VM information with PowerCLI » WoodITWork.com

Exporting all that useful VM information with PowerCLI » WoodITWork.com: Exporting all that useful VM information with PowerCLI

dvSwitch scripting - Part 13 - Export/Restore Config | LucD notesLucD notes

dvSwitch scripting - Part 13 - Export/Restore Config | LucD notesLucD notes: One of the exciting new dvSwitch features in vSphere 5.1 is the ability to export and restore a dvSwitch configuration.

This article explains how to do that in Powershell

Cheap disaster recovery using PowerShell

Cheap disaster recovery using PowerShell: Cheap disaster recovery

Poor mans SRM

InventorySnapshot – VMware Labs

InventorySnapshot – VMware Labs: InventorySnapshot allows a user to “snapshot” a given vCenter inventory configuration and then reproduce it.

11/06/2013

Exchange 2007 Performance Troubleshooting

Exchange 2007 Performance Troubleshooting

the RPC Counters – these counters will show you if the clients are “feeling” a resource issue
  • MsExchangeIS\RPCAveraged Latency – should be under  50 (100 if in cached)
    • RPC Operations/Sec – Relative (Baseline\Trending
    • RPC Requests – Rec  under 70
  • If you see RPC ops go at around time of latency may be adding too much load

10/15/2013

BGP

Great article:
http://www.netcraftsmen.net/resources/archived-articles/382.html
UPDATE:  It appears netcraftsmen.net is no longer there!  http://web.archive.org/web/20121219075610/http://www.netcraftsmen.net/resources/archived-articles/382.html



This entire site looks very good.

9/25/2013

SPANning ports on Cisco Nexus 5K Switch "brings down network"

DO NOT SPAN PORTS ON NEXUS 5K

Cisco Nexus 5000 Series NX-OS System Management Configuration Guide, Release 5.1(3)N1(1) - Configuring SPAN  [Cisco Nexus 5000 Series Switches] - Cisco Systems: If a destination port is oversubscribed, it can become congested. This congestion can affect traffic forwarding on one or more of the source ports.

I'm told this is not an issue on 7K's.

9/17/2013

Cisco Identity Services Engine (ISE) - Cisco Systems

Cisco Identity Services Engine (ISE) - Cisco Systems: Cisco Identity Services Engine

Cisco ACS - Accounting

Configure a device to log every command to the ACS server:

aaa accounting commands 15 default start-stop group tacacs+

aaa accounting connection default start-stop group tacacs+

aaa accounting system default start-stop group tacacs+

9/10/2013

STP loops strike again

STP loops strike again
this is a very interesting post about a L2 loop experience.  The "best practice" I've always been told, isn't enough.
And an interesting solution:
use switchport port-security and limit the number of MAC addresses accepted on the switch port.

8/16/2013

Powershell - prompt for option



$title = "Install Time"
$message = "Select Time For WSUS Install on SATURDAY"

$One = New-Object System.Management.Automation.Host.ChoiceDescription "&1 = 8pm", `
    "8 PM"

$two = New-Object System.Management.Automation.Host.ChoiceDescription "&2 = 9pm", `
    "9 PM"

$three = New-Object System.Management.Automation.Host.ChoiceDescription "&3 = 10pm", `
    "10 PM"

$four = New-Object System.Management.Automation.Host.ChoiceDescription "&4 = 11pm", `
    "11 PM"

$options = [System.Management.Automation.Host.ChoiceDescription[]]($one, $two, $three, $four)

$result = $host.ui.PromptForChoice($title, $message, $options, 0) 

switch ($result)
    {
        0 {$tod=20}
        1 {$tod=21}
 2 {$tod=22}
 3 {$tod=23}
    }
#"Time of Day for Install = $tod"

Cisco FAQ: How do I reverse telnet out my aux port?

Cisco FAQ: How do I reverse telnet out my aux port?: How do I reverse telnet out my aux port?

8/12/2013

Lock Windows Workstation

Sometimes I'd like to lock a VDI machine but "Windows+L" key combo executes locally -- not on the VDI session. Create the following shortcut:
rundll32.exe user32.dll, LockWorkStation

8/07/2013

Powershell: Remotely run a script

Run Powershell Script Remotely...


#############################################################################################################
#
#   report.ps1
#
#   run a powershell script on a remote computer and copy a result file for viewing locally
#

$computer = "GPM"
"Run GPO Report"
"Executing remotely from $computer"
$username = read-host "Username"
$pw = read-host -AsSecureString "Password"
$pass = [Runtime.InteropServices.Marshal]::PtrToStringAuto(
            [Runtime.InteropServices.Marshal]::SecureStringToBSTR($pw))
$cmd = "c:\util\psexec.exe /acceptEula \\$computer -u $username -p $pass -w c:\dev c:\dev\run-report.bat"

invoke-expression $cmd

$file = "\\" + $computer + "\c$\dev\gpostatus.html"
copy $file c:\util
c:\util\gpostatus.html

8/02/2013

Powershell - Report on Group Policy Objects


#########################################################################################################################
#
#   GPO-REPORT.PS1
#
#   Create a report of the status of all WSUS GPO's
#

import-module grouppolicy

$today = get-date
$outfile = "gpostatus.html"
$key = "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\au"

$days = @{"0" = "Every Day"; "1" = "Every Sunday"; "2" = "Every Monday"; "3" = "Every Tuesday"; "4" = "Every Wednesday"; "5" = "Every Thursday"; "6" = "Every Friday"; "7" = "Every Saturday"}

$gpobjs = get-gpo -all -domain usa.DOMAIN.com | where {$_.DisplayName -like "Software Update*"}

"<HTML>" | out-file $outfile
"<HEAD>" | out-file $outfile -append
"<TITLE></TITLE>" | out-file $outfile -append
"</HEAD>" | out-file $outfile -append
'<BODY BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#FF0000" VLINK="#800000" ALINK="#FF00FF" BACKGROUND="?">' | out-file $outfile -append
'<H2>WSUS Group Policy Status</H2>' | out-file $outfile -append
'<H4>' + $today + '</H4><table bordercolor=#000000;  border=2px; cellspacing=0;>' | out-file $outfile -append
'<tr><td ><b><font face="monospace" size="3"> Policy </font></td>' | out-file $outfile -append
'<td ><b><font face="monospace" size="3"> Modified </font></td>' | out-file $outfile -append
'<td ><b><font face="monospace" size="3"> Enabled/Disabled </font></td>' | out-file $outfile -append
'<td ><b><font face="monospace" size="3"> Configuration </font></td>' | out-file $outfile -append
'<td ><b><font face="monospace" size="3"> Install Day </font></td>' | out-file $outfile -append
'<td ><b><font face="monospace" size="3"> Install Hour </font></td>' | out-file $outfile -append
'</tr>' | out-file $outfile -append

$gpobjs | foreach-object {
    $name = $_.DisplayName
 
write-host $name
 
    $modified = $_.ModificationTime
    $enabledvalue = get-gpregistryvalue -name $name -key $key -valuename noautoupdate
    if ($enabledvalue.value -eq "0") {
        $enabled = "enabled"
        }
    else {
        $enabled = "disabled"
        }
    $optionvalue = get-gpregistryvalue -name $name -key $key -valuename auoptions

    if ($optionvalue.value -eq "2") {
        $option = "2-Notify Only"
        }
    elseif ($optionvalue.value -eq "3") {
        $option = "3-Download & Notify"
        }
    elseif ($optionvalue.value -eq "4") {
        $option = "4-Download & Install"
        }
    else {
        $option = $optionvalue.value
        }

    $dayvalue = (get-gpregistryvalue -name $name -key $key -valuename scheduledinstallday).value | out-string
    $dayvalue = $dayvalue -replace "\s+", ""
    $day = $days[$dayvalue]
    $hour = (get-gpregistryvalue -name $name -key $key -valuename scheduledinstalltime).value
    
    if ($enabled -eq "disabled") {
    $option = " "
    $day = " "
    $hour = " "
    }
    '<tr><td ><font face="monospace" size="2">' + $name + '</font></td>' | out-file $outfile -append
    '<td ><font face="monospace" size="2">' + $modified + '</font></td>'  | out-file $outfile -append
    '<td ><font face="monospace" size="2">' + $enabled + '</font></td>'  | out-file $outfile -append
    '<td ><font face="monospace" size="2">' + $option + '</font></td>'  | out-file $outfile -append
    '<td ><font face="monospace" size="2">' + $day + '</font></td>'  | out-file $outfile -append
    '<td ><font face="monospace" size="2">' + $hour + '</font></td></tr>'  | out-file $outfile -append

}#foreach object

"</TABLE></BODY></HTML>" | out-file $outfile -append

Auditing Group Policy changes - Canberra Premier Field Engineering: Team Blog - Site Home - MSDN Blogs

Auditing Group Policy changes - Canberra Premier Field Engineering: Team Blog - Site Home - MSDN Blogs: Auditing Group Policy changes

Powershell Group Policy Management

Powershell Group Policy Management

WSUS Policies


#requires Windows 2008 R2 with Group Policy Management Console installed
#install GPM on a Windows 2008 R2
    import-module -name servermanager
    add-windowsfeature -name GPMC

import-module grouppolicy

#list interesting gpo's
get-gpo -all -domain usa.DOMAIN.com | where {$_.DisplayName -like "Software Update*"} | select displayname

$gpname = "Software Update Services WSUS Asia"

#retrieve an individual object
$gpobj = get-gpo -name $gpo

#When was an object modified?
$modified = $gpobj.ModificationTime

$key = "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate"

#get specific value assigned by GPO
get-gpregistryvalue -name $gpname -key $key\au -valuename noautoupdate

#get all values beneath a key
get-gpregistryvalue -name $gpname -key $key

####################################################################################################################################
#    
#    NOTES for WSUS
#
#    - Is WSUS enabled?
#      Key:  HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\au
#      Value:  noautoupdate = 0 (enabled) or 1 (disabled)
#
#    - IF ENABLED, what update option is selected?
#      Key:  HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\au
#      Value:  auoptions = 2 (notify before download), 3 (Download & notify), 4 (autodownload and install on scheduled day)
#
#    - IF ENABLED, IF OPTION 4, what scheduled day?
#      Key:  HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\au
#      Value:  ScheduledInstallDay = 0 (every day), 1 (Sundays), 2 (Mondays), 3 (Tuesdays), 4 (Wednesdays), etc
#
#    - IF ENABLED, IF OPTION 4, what schedule time?
#      Key:  HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\au
#      Value:  ScheduledInstallTime = number specifying the hour in a 24 hour day = 14 (2pm)

#
#Set a value
#  For example - set day of week for scheduled install to Saturday:
#    set-gpregistryvalue -name $gpname -key $key\au -valuename scheduledinstallday -type DWORD -value 7

Managing Windows Servers with Powershell

Powershell:  install a windows feature

This is so much simpler than clicking around and waiting for screens to refresh:

import-module -name servermanager
add-windowsfeature -name GPMC

VMware KB: Repointing and reregistering VMware vCenter Server 5.1.x and components

VMware KB: Repointing and reregistering VMware vCenter Server 5.1.x and components: Repointing and reregistering VMware vCenter Server 5.1.x

VMware KB: vCenter Inventory Service fails to start and cannot back up the Inventory Service database

VMware KB: vCenter Inventory Service fails to start and cannot back up the Inventory Service database: vCenter Inventory Service fails to start

8/01/2013

Cisco - more VRF stuff

Making stuff work with VRF's.... More

Get to my NTP Server, Get Telnet access working

line vty 0 4
 access-class 50 in vrf-also
 exec-timeout 60 0
 privilege level 15
 transport input telnet ssh
!
ntp server vrf [vrf-name] 10.10.10.10

Cisco TACACS+ with VRF

Cisco TACACS+ with VRF

aaa group server tacacs+ [grp-name]
 server-private 10.10.10.10 key 7 [key]
 ip vrf forwarding [vrf-name]
 ip tacacs source-interface [interface-name]
!
aaa authentication login default local group [grp-name]tacacs+
aaa authorization exec default local group [grp-name]tacacs+

Cisco Virtual Routing and Forwarding (VRF) - Misc

Copy to TFTP using VRF

Trying to get into practice of using a separate vrf for management on network stuff.
A lot of stuff needs cleaned up.  Today's discovery - to make backup scripts work:
ip tftp source-interface vlan109
 Where VLAN109 is the vrf interface

7/30/2013

Powershell - Change Service Startup Type

Powershell: Change Windows Service Startup Type of Remote Server

Works with Powershell 1.0 & 2.0

 #Check Startup Type
 ($svc = Get-WmiObject Win32_Service -ComputerName $server -Filter "name='wuauserv'") | out-null
 if ($svc.StartMode -eq "Disabled") {
     "$server WSUS service changed to Automatic"
     $result=$svc.changestartmode("Automatic")
 }#end if

 #Backup Service Registry
 $result=([WmiClass]"\\$server\ROOT\CIMV2:Win32_Process").create("c:\windows\regedit /e c:\WSUS.REG HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv")
 write $server "Backup Service Registry RESULT=" $result.returnvalue
 
 #Set Service as Delayed Start
 write $server "configure service"
 $key = "SYSTEM\CurrentControlSet\Services\wuauserv"
 $reg = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey('LocalMachine', $server)
 $regKey = $reg.OpenSubKey($key, $true)
 $result = $regKey.setvalue("DelayedAutoStart", "1", "DWORD")

7/26/2013

Powershell: Status of Windows Hotfix

Powershell: Check Status of Windows Hotfix


##################################################################################
#
#   check-hotfix.ps1
#
#       Confirm hotfix has been installed on all Windows2008 servers
#
#       Requires admin permission on every server
#
##################################################################################

$hotfix = "KB2520155"

$ServerList = ".\SUCCESS.TXT" #servers where hotfix is installed
$ErrorList = ".\ERRORS.TXT" #servers where hotfix is not installed
$ListFile = ".\SERVERS.TXT" #all the servers I checked
New-Item $ListFile -Type file -Force >$nul
New-Item $ServerList -Type file -Force >$nul
New-Item $ErrorList -Type file -Force >$nul

$today = get-date
$day = $today.Day
$mth = $today.Month
$year = $today.Year
$hour = $today.Hour
$min = $today.Minute
$sec = $today.Second
$date = "$year-$mth-$day-$hour$min$sec"

@"
$date
Servers Responding to PING
--------------------------------------------------------------------------
"@  | out-file -encoding ASCII -filepath $ListFile

@"
$date
Servers with hotfix $hotfix
--------------------------------------------------------------------------
"@ | out-file -encoding ASCII -filepath $ServerList

@"
$date
Servers without hotfix $hotfix
--------------------------------------------------------------------------
"@ | out-file -encoding ASCII -filepath $ErrorList


$List = ""

"Execution in progress..."

# Create $list of AD machine accounts for Windows Servers
$strCategory = "computer"
$strOS = "Windows*Server*2008*"
$objDomain = New-Object System.DirectoryServices.DirectoryEntry
$objSearcher = New-Object System.DirectoryServices.DirectorySearcher
$objSearcher.SearchRoot = $objDomain
$objSearcher.Filter = ("OperatingSystem=$strOS")
$colProplist = "dnshostname", "operatingsystem"
foreach ($i in $colPropList){$objSearcher.PropertiesToLoad.Add($i)}
$colResults = $objSearcher.FindAll()
foreach ($objResult in $colResults) {
    $objComputer = $objResult.Properties;
    $Server = $objComputer.dnshostname
    $OS = $objComputer.operatingsystem
    $Server = $Server -replace "\.usa\.DOMAIN\.com", ""
    $Server = $Server -replace "\s{2,}", ""
    $OS = $OS -replace "$([char]0x00AE)" , "" #remove "registered trademark" symbol
    if ($Server) {#skip null
        "$Server , $OS"
        if (Test-Connection -ComputerName $Server -quiet -count 1) {#PING OK
            "    Responds to PING"
            "$Server , $OS" | out-file -encoding ASCII -filepath $ListFile -append

            #Get Hotfix info
            $installed = get-wmiobject -class "Win32_QuickFixEngineering" -namespace "root\CIMV2" -computername $strComputer `
               -Filter "HotFixID='$hotfix'" 

            if ($installed) {
                "        $hotfix INSTALLED!"
                write-output "$Server , $OS" | out-file -encoding ASCII -filepath $ServerList -append
            }
            else {
                "        $hotfix NOT installed"
                write-output "$Server , $OS" | out-file -encoding ASCII -filepath $ErrorList -append    
            }

        }#end if PING OK, do nothing if PING fails
    }#if not null, do nothing if null
}#foreach

Untiny API Extract Service

Untiny Extract Service

I am annoyed by "tinyURL" translated links just on principle. But I think they also can present a greater security risk if they are used in a drive-by attack to make a site look less suspicious. Untiny! To extract original URLs from tiny ones -- http://www.untiny.com -- will translate these back to the original. Get text formatted translation: http://untiny.me/api/1.0/extract?url={URL TO TRANSLATE}&format=text. For example: http://untiny.me/api/1.0/extract?url=http://tiny.pl/htk&format=text

7/25/2013

Calculating IOPS Requirements

IOPS = input output operations per second
A measure of demand and a measure of capability.

IOPS Demand
Servers - perform monitoring, refer to os & app vendor information on requirements
Users (virtual desktop) - about 25 iops for a typical user running multiple apps at once, 2GB RAM, single CPU.

IOPS Capability
IOPS per disk = Rotational latency + Seek Latency / 1000

Disk Speed     Est IOPS
7200 rpm            75
10000 rpm          125
15000 rpm          175
SSD                    6000 (?)

Read vs Write
Typical average:
40% Read, 60% Write

RAID "Penalty"
Write operations to RAID disk arrays require additional io operations to write parity data.
see more at theithollow.com

RAID Level          Write i/o Penalty
     0                              1
     1                              2
     5                              4
     6                              6

Calculation of required capability to meet demand:
IOPS Required =
(IOPS Demand * Read i/o%) + (Target IOPS * Write i/o% * RAID Penalty)

Unfortunately, I don't find such a scientific way to factor in the affect of caching/etc.

For example
Demand = 25 iops
read% = 40, write% = 60
RAID 5

(25 * 0.40 + 25 * 0.60 / 4) = 70
** Nearly triple!

So for 1000 users generating 25000 iops, we need 70000 iops on the "back end."

70000/175 = 400 15K disks would be required - holy moly also see yellowbricks.com

7/19/2013

Powershell - Copy Files to all servers

Using Powershell to copy files to every server


##################################################################################
#
# Copy files to all servers with AD accounts that respond to PING
#
#   Requires admin permission on every server
#
##################################################################################

$file1="Windows6.1-KB2520155-x64.msu"
$file2="Windows6.1-KB2520155-x86.msu"
$ServerList = ".\SUCCESS.TXT"
$ErrorList = ".\ERRORS.TXT"
$ListFile = ".\SERVERS.TXT"
New-Item $ListFile -Type file -Force >$nul
New-Item $ServerList -Type file -Force >$nul
New-Item $ErrorList -Type file -Force >$nul
$List = ""

"Execution in progress..."

# Create $list of AD machine accounts for Windows Servers
$strCategory = "computer"
$strOS = "Windows*Server*"
$objDomain = New-Object System.DirectoryServices.DirectoryEntry
$objSearcher = New-Object System.DirectoryServices.DirectorySearcher
$objSearcher.SearchRoot = $objDomain
$objSearcher.Filter = ("OperatingSystem=$strOS")
$colProplist = "dnshostname"
foreach ($i in $colPropList){$objSearcher.PropertiesToLoad.Add($i)}
$colResults = $objSearcher.FindAll()
foreach ($objResult in $colResults) {
    $objComputer = $objResult.Properties;
    $Server = $objComputer.dnshostname
    $Server = $Server -replace "\.usa\.domain\.com", ""
    $Server = $Server -replace "\s{2,}", ""
    if ($Server) {#skip null
        $Server
        if (Test-Connection -ComputerName $Server -quiet -count 1) {#PING OK
            "    Responds to PING"
            $Server | out-file -encoding ASCII -filepath $ListFile -append
            #Copy Files
            copy-item c:\dns-msu -destination ("\\\\"+$Server+"\\C$") -recurse

            #Check File1
            if (-not(Test-path ("\\\\"+$Server+"\\C$\\dns-msu\\$file1"))) {
                "        FAIL: $file1"
                write-output "$Server - MISSING $file1" | out-file -encoding ASCII -filepath $ErrorList -append
            }
            else {
                "        SUCCESS:  $file1"
                write-output "$Server - OK $file1" | out-file -encoding ASCII -filepath $ServerList -append    
            }

            #Check File2
            if (-not(Test-path ("\\\\"+$Server+"\\C$\\dns-msu\\$file2"))) {
                "        FAIL: $file2"
                write-output "$Server - MISSING $file2" | out-file -encoding ASCII -filepath $ErrorList -append
            }
            else {
                "        SUCCESS:  $file2"
                write-output "$Server - OK $file2" | out-file -encoding ASCII -filepath $ServerList -append    
            }
        }#end if PING OK
        else {#PING FAIL
            "    Does not respond to PING"
            write-output "$Server - PING Failure" | out-file -encoding ASCII -filepath $ErrorList -append
        }#end else PING FAIL
    }#if null
}#foreach

How to use BGP to achieve Internet redundancy - TechRepublic

How to use BGP to achieve Internet redundancy - TechRepublic: How to use BGP to achieve Internet redundancy

The general steps for implementing BPG multihoming are:
  1. Obtain your ASN from ARIN.
  2. Identify your network block of IP addresses. If you own these, then you have the right to advertise them on the Internet through BGP. If you are borrowing these from your provider, then you must ask your provider for permission before advertising them through another provider.
  3. If you have a single provider, you are typically using a static route to connect to that provider. That provider is not sending you any BGP routes. Assuming that is true, you will have to request that your provider send you BGP routes. (Your provider will need to know your ASN and your remote router’s neighbor address. The neighbor is the IP address that your BGP process uses to communicate with.) Once you have the provider's BGP routes in your routing table and you are advertising your network to your provider through BGP, you can remove your static route and have your provider remove their static route.
  4. Next, assuming that you are multihoming on a single router, bring up your secondary provider. They can set it up so that they send you BGP routes. Again, they will need to know your ASN and your neighbor address.
  5. Within the BGP table (database) on your router, you will see the routes from each of your providers. The best route in BGP is the route with the shortest AS path. (If the AS paths are identical, there is a tiebreaking procedure, but this is normally not the case.) The route that has the shortest AS path will be placed in your router’s routing table.

BGP Route Convergence on the Internet

BGP Internet Route Convergence

If your network is multihomed -- How long does it take routes TO you to converge? These slides are very informative.  Wish I was in the classroom during this talk....

http://www.cs.northwestern.edu/~ychen/classes/cs450-05/lectures/BGP_Convergence.ppt

Powershell - DNS Check

Check DNS Resolution using Powershell


##########################################################################################
#
#    DNS-CHECK.PS1
#
##########################################################################################


$outfile = ".\results.txt"
$list = ".\LIST.TXT"
$names = Get-Content $list 

$today = get-date
clear-host
write "==========================================================================="
write "  $today"
write "  Checking DNS Resolution"

write "$today" | out-file -encoding ASCII $outfile 
foreach($name in $names) {
    write "---------------------------------------------------------------------------"
    write-host "  $name"
  try {[Net.DNS]::GetHostEntry($name) }
  catch {
   Write-host $server "    ERROR:  $name - NOT FOUND IN DNS"
  "ERROR:  $name - not resolved in DNS" | out-file -encoding ASCII $outfile -append 
    }
}#foreach server
write "==========================================================================="

#end

7/16/2013

VMWare Powershell NTP Service Setup

VMware Powershell NTP Service Setup


#####################################################################
#
#   Setup NTP on a new host
#

$vcs = Read-Host "vCenter"
$user = Read-Host "userid"
$pw = Read-Host "Password for $user" -AsSecureString
#convert $pw to plain text
    $pass = [Runtime.InteropServices.Marshal]::PtrToStringAuto(
        [Runtime.InteropServices.Marshal]::SecureStringToBSTR($pw))

connect-viserver -Server $vcs -User $user -Password $pass

$pass = " "
clear-host

foreach ($VMHost in (Get-VMHost -Name privh*)) {
"    $VMHost"
    $ntp=get-vmhostservice -vmhost $VMHost | Where {$_.Key -eq 'ntpd'}
"        $ntp"
   set-vmhostservice -hostservice $ntp -policy "automatic"
   restart-vmhostservice $ntp -confirm:$false
}

disconnect-viserver -confirm:$false

7/12/2013

Redundant Datacenter Connectivity

Datacenter Connectivity

Goals
  • Create redundant datacenters. For now, 2 of them.
  • Redundant, diverse, physical circuits/paths
  • Allow simple movement of services between datacenters => support the same IP address ranges in either location
An example:  http://connect.iltanet.org/ILTANET/Go.aspx?c=BlogViewer&BlogKey=d671b21d-b20a-4b07-84d5-3d4357723f0a

Issues/Discussion Items
Layer 2
to allow the same IP address ranges
  • Circuits are different vendors taking very different paths with unknown infrastructure in between the datacenters. A failure could occur within the service provider, but all my ports show "up." 
  • So, Spanning Tree and Port Channels will not work for "in between" failures
  • UDLD, Unidirectional Link Detection, doesn't seem work on a "virtual circuit" over a provider network like Metro Ethernet.
  • Cisco's OTV is supposed to accomplish a big part of this, but it seems that a much less overblown solution could at least provide the Layer 2 redundancy.

Routing Redundancy
  • For routing to work, the (outbound)default route must be configured to go out through the same datacenter where the inbound traffic will be arriving. 
  • So any kind of automatic redundancy that fails the inbound route to the secondary datacenter needs to also initiate a change to the default route of all machines in the "shared" networks.
  • A compromise would be a "one button push" method to switch inbound and outbound routing to change between datacenters.
  • Does OTV address this?
Nuts & Bolts

  • A traditional solution would possibly involve 2 circuits each with a router at each end.  L3 redundancy between the 2 links using HSRP/GLBP, some kind of IP tracking to expose a service provider outage, and somehow create L2 tunnels over each one and use them via a port aggregation at the core switch.  The question remains whether this solution can be designed to show a link as down even if the failure is in between.
  • There seems to be little in the way of configuration help or reference material for GRE/MGRE tunnels.  Even less for L2 tunneling.  I suppose the motivation for helping users do that is even less now that there is a nebulous thing called OTV that involves a big spend on monster Nexus 7K core switches.
  • I haven't been able to get into the guts of this and do any testing.  Thinking it through on paper I always get bogged down with the L2 tunnel.  A possible example L2TP configuration is:

Router A:

pseudowire-class test
encapsulation l2tpv3
protocol none
ip local interface Loopback0
!
interface Loopback0
ip address 1.1.1.1 255.255.255.255
!
interface FastEthernet0/1
description LAN
no ip address
speed 100
full-duplex
xconnect 2.2.2.2 1 encapsulation l2tpv3 manual pw-class test
l2tp id 1 2


Router B:

pseudowire-class test
encapsulation l2tpv3
protocol none
ip local interface Loopback0
!
interface Loopback0
ip address 2.2.2.2 255.255.255.255
!interface FastEthernet0/1
no ip address
duplex auto
speed auto
xconnect 1.1.1.1 1 encapsulation l2tpv3 manual pw-class test
l2tp id 2 1

Windows 8 Help

Thanks to: *the* Mark Minasi, http://www.minasi.com/newsletters/nws1307.htm

shortcut keys

  • Start Screen: to get there, press the key on your keyboard with the "Windows" flag. I'll type that as "[w]" from now on.
  • Desktop: [w]+d
  • Charms: [w]+c
  • Settings, the Metro-ish Control Panel: [w]+I
  • Lock Orientation so it doesn't jump between portrait and landscape with [w]+O
  • Explorer is a pain to get more than one window open at a time but [w]+E always brings up a new Explorer window
  • Many administrative tools can be accessed more quickly with [w]+x
  • The new Metro modern apps have a wonky menu structure so to see every option all at once, [w]+z

7/10/2013

Powershell: Count datastores on VMWare Hosts

Powershell: Count datastores on VMware Hosts

All the LUN mappings & datastore names need to match on all hosts in a cluster. I hope to someday script a more comprehensive comparison of datastores & names. However, a quick and dirty confirmation is to count the datastores that are connected on every host in each cluster. If they match, it at least gives me a warm feeling.

#####################################################################
#
#   
#        Gather count of LUNs/Datastores connected to all hosts
#

$vcs = Read-Host "vCenter"
$user = Read-Host "userid"
$pw = Read-Host "Password for $user" -AsSecureString
#convert $pw to plain text
    $pass = [Runtime.InteropServices.Marshal]::PtrToStringAuto(
        [Runtime.InteropServices.Marshal]::SecureStringToBSTR($pw))

connect-viserver -Server $vcs -User $user -Password $pass

$pass = " "

$today = get-date
$day = $today.Day
$mth = $today.Month
$year = $today.Year
$hour = $today.Hour
$min = $today.Minute
$sec = $today.Second
$date = "$year-$mth-$day-$hour$min$sec"
$outfile = ".\datastores-"+$vcs+"-"+$date+".csv"

clear-host

"Host-Name,Datastore-Count" | out-file $outfile -encoding ascii
foreach ($VMHost in (Get-VMHost -Location $Cluster)) {
"    $VMHost"
    $dstores = $VMHost | Get-Datastore
    $ds = $dstores.count
"        $ds"
    "$VMHost,$ds" | out-file $outfile -encoding ascii -append
}

disconnect-viserver -confirm:$false

Powershell: VMware guest inventory

Powershell: VMware Guest Inventory

Gather information from vCenter server about VM's. In this case I was looking for machines that were connected to more than one network or datastore.

$vcs = Read-Host "vCenter"
$user = Read-Host "userid"
$pw = Read-Host "Password for $user" -AsSecureString
#convert $pw to plain text
    $pass = [Runtime.InteropServices.Marshal]::PtrToStringAuto(
        [Runtime.InteropServices.Marshal]::SecureStringToBSTR($pw))

#$vcon = Disconnect-VIServer * -Confirm:$False
$vcon = connect-viserver -Server $vcs -User $user -Password $pass

$pass = " "
$outfile = ".\"+$vcs+"-info.csv"

$reportedvms=New-Object System.Collections.ArrayList
$vms=get-view -viewtype virtualmachine | Sort-Object -Property {$_.Config.Hardware.Device | where {$_ -is [VMware.Vim.VirtualEthernetCard]} | Measure-Object | select -ExpandProperty Count} -Descending
 
foreach($vm in $vms){
$status = $vm.name
"    $status"
    $reportedvm = New-Object PSObject
    $ipnum = ($vm.guest.net | select IPaddress).IPaddress| out-string
    $path = $vm.name
    $current = get-view $vm.parent
      do {
        $parent = $current
         if($parent.Name -ne "Datastore*"){$path =  $parent.Name + "\" + $path}
         $current = Get-View $current.Parent
      } while ($current.Parent -ne $null)
    
    Add-Member -Inputobject $reportedvm -MemberType noteProperty -name Path -value $path
#    Add-Member -Inputobject $reportedvm -MemberType noteProperty -name Guest -value $vm.Name
    Add-Member -Inputobject $reportedvm -MemberType noteProperty -name Networks -value $($vm.network.count)
    Add-Member -Inputobject $reportedvm -MemberType noteProperty -name Network -value $((get-view $vm.network).name)
    Add-Member -Inputobject $reportedvm -MemberType noteProperty -name IP -value $ipnum
    Add-Member -Inputobject $reportedvm -MemberType noteProperty -name Datastores -value $($vm.datastore.count)
    Add-Member -Inputobject $reportedvm -MemberType noteProperty -name Datastore -value $((get-view $vm.datastore).name)
    $networkcards =$vm.guest.net
    Add-Member -Inputobject $reportedvm -MemberType noteProperty -name Nics -value $($networkcards.count)
    Add-Member -Inputobject $reportedvm -MemberType noteProperty -name Disks -value $($vm.guest.disk.count)    
    
  $reportedvms.add($reportedvm) |Out-Null
}
 
$reportedvms|Export-Csv $outfile

Disconnect-VIServer * -Confirm:$False

7/05/2013

vmware customization: sysprep issues

sysprep /generalize /reboot /oobe c:\windows\system32\sysprep\panther\setuperr.log "SYSPRP WinMain:Hit failure while processing sysprep cleanup external providers; hr = 0x8007001f" "SYSPRP RunExternalDlls:An error occurred while running registry sysprep DLLs, halting sysprep execution. dwRet = -1073425657" slmgr /dlv regedit: set the value of GeneralizationState under HKEY_LOCAL_MACHINE\SYSTEM\Setup\Status\SysprepStatus to 7 start > run: msdtc -uninstall start > run: msdtc –install delete any extra folders under c:\windows\system32\sysprep On SOURCE machine: Set the following to 1: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\SoftwareProtectionPlatform\SkipRearm **be sure the administrator user does NOT have "user cannot changed password" checked.

7/03/2013

Powershell: Compellent SAN configuration

Add Servers, Create boot volumes, map volumes to servers. Requires the right version of Compellent Storage Center and the Compellent plugin for Powershell

$user = Read-Host "userid"
$pw = Read-Host "Enter Password for $user" -AsSecureString
$san1 = get-scconnection -HostName san1 -User $user -Password $pw
$san2 = get-scconnection -HostName san2 -User $user -Password $pw
#$pass ='' #erase plain txt pw
#remove-scserver -connection $san1 $server

$inputfile = ".\test.csv"
$profiles = get-content $inputfile

foreach ($line in $profiles) {
$line
 $line = ($line -split',')
 $profile = $line[0]
 $wwn1 = $line[1]
 $wwn2 = $line[2]
 
 #Create Server
 $s1server = new-scserver -connection $san1 -name $profile
 $s2server = new-scserver -connection $san2 -name $profile

 #Set WWNs
 add-scserverport -connection $san1 -scserver $s1server -worldwidenames $wwn1
 add-scserverport -connection $san1 -scserver $s1server -worldwidenames $wwn2
 add-scserverport -connection $san2 -scserver $s2server -worldwidenames $wwn1
 add-scserverport -connection $san2 -scserver $s2server -worldwidenames $wwn2
 #Set Server OS Type 
 $s1ostype = get-SCOSType -index 35 -connection $san1
 $s1server = get-SCServer -connection $san1 -name $profile
 $s2ostype = get-SCOSType -index 35 -connection $san2
 $s2server = get-SCServer -connection $san2 -name $profile
 set-scserver $s1server -connection $san1 -SCOSType $s1ostype
 set-scserver $s2server -connection $san2 -SCOSType $s2ostype

 #Create Boot LUN
 #use "Boot LUNs" storage profile
 $storageprofile = get-scstorageprofile -connection $san2 -name "Boot LUNs"
 $volname = $profile+"_boot"
 $folder = get-scvolumefolder -connection $san2 -name "BOOT LUNS"
 $volume = new-scvolume -connection $san2 -name $volname -parentfolder $folder -scstorageprofile $storageprofile -size 10g
 #map volume
 $map = new-scvolumemap -scvolume $volume -scserver $s2server -connection $san2
}#end foreach profile
Remove-SCConnection $san1
Remove-SCConnection $san2

List HBA WWPNs and LUNs using Powershell | Arnim van Lieshout

List HBA WWPNs and LUNs using Powershell | Arnim van Lieshout: List HBA WWPNs and LUNs using Powershell

Powershell: VMWare Automation

Kick-Start Your VMware Automation with PowerCLI
https://www.simple-talk.com/sysadmin/virtualization/10-steps-to-kick-start-your-vmware-automation-with-powercli/

vCheck (Daily Report) | Virtu-Al.Net

vCheck (Daily Report) | Virtu-Al.Net: vCheck (Daily Report)
VMware powershell resources

7/02/2013

Powershell: Cisco MDS Fibre Channel Switch Zone Configuration Builder

Create Commands to configure zones on Cisco MDS 91xx switch


####################################################################################################
#
#  fc-cfg-bldr.ps1
#
#  Create cmd file for Cisco MDS fibre channel switch to create zones for new servers
#  INPUT:  CSV file containing list of server names and WWN's.
#  OUTPUT:  2 TXT files containing commands to create zones in Fabric A and Fabric B.
#

$inputfile = ".\test.csv"
#$inputfile = ".\servers.csv"
$outfile = ".\fc-cmds.txt"
$tempA = ".\\configA.txt"
$tempB = ".\\configB.txt"

$profiles = get-content $inputfile

$today = get-date
$day = $today.Day
$mth = $today.Month
$year = $today.Year
$hour = $today.Hour
$min = $today.Minute
$sec = $today.Second
$date = "$year-$mth-$day-$hour$min$sec"

clear-host

"------------------------------------------------------------------------------"
write "! $date Fabric A Configuration" | out-file $tempA -encoding ascii
write "! $date Fabric B Configuration" | out-file $tempB -encoding ascii

$zonesetA = @"
    zoneset name SAN1-SAN2-FAB-A vsan 2
"@
$zonesetB = @"
    zoneset name SAN1-SAN2-FAB-B vsan 3
"@

foreach ($profile in $profiles) {
    "!------------------------------------------------------------------------------" | out-file $tempA -encoding ascii -append
    "!------------------------------------------------------------------------------" | out-file $tempB -encoding ascii -append
    $profile
    $server = ($profile -split',')
    $name = $server[0]
    "    $name"    
    $wwn1 = $server[1]
    "    $wwn1"
    $wwn2 = $server[2]
    "    $wwn2"
    
    $zoneA1 = $name+"_hba_A_to_cmp1"
    $zoneA2 = $name+"_hba_A_to_cmp2"
    $zoneB1 = $name+"_hba_B_to_cmp1"
    $zoneB2 = $name+"_hba_B_to_cmp2"
      
    #create commands
    "    Generate Commands"


    #Create Zones in Fabric A
    "        Fab A Zones"
    $configA = @"
    zone name $zoneA1 vsan 2
        member pwwn 50:00:d3:10:00:0c:80:03
        member pwwn 50:00:d3:10:00:0c:80:09
        member pwwn 50:00:d3:10:00:0c:80:11
        member pwwn 50:00:d3:10:00:0c:80:17
        member pwwn $wwn1
    
    zone name $zoneA2 vsan 2
        member pwwn 50:00:d3:10:00:0c:82:03
        member pwwn 50:00:d3:10:00:0c:82:0b
        member pwwn 50:00:d3:10:00:0c:82:13
        member pwwn 50:00:d3:10:00:0c:82:1b
        member pwwn $wwn1
"@
    write $configA | out-file $tempA -encoding ascii -append
    
    #Add to zonesetA
    "        Add to ZonesetA"
    $configA = @"
    
        member $zoneA1    
        member $zoneA2
"@
    $zonesetA = $zonesetA + $configA
    
    #Create Zones in Fabric B
    "        Fab B Zones"
    $configB = @"
    zone name $zoneB1 vsan 3
        member pwwn 50:00:d3:10:00:0c:80:0d
        member pwwn 50:00:d3:10:00:0c:80:05
        member pwwn 50:00:d3:10:00:0c:80:1b
        member pwwn 50:00:d3:10:00:0c:80:13
        member pwwn $wwn2
    
    zone name $zoneB2 vsan 3
        member pwwn 50:00:d3:10:00:0c:82:0f
        member pwwn 50:00:d3:10:00:0c:82:05
        member pwwn 50:00:d3:10:00:0c:82:1f
        member pwwn 50:00:d3:10:00:0c:82:15
        member pwwn $wwn2    
"@
    write $configB | out-file $tempB -encoding ascii -append
    
    #Add to zonesetB
    "        Add to ZonesetB"
    $configB = @"
    
        member $zoneB1    
        member $zoneB2
"@
    $zonesetB = $zonesetB + $configB
    "-------------------------------------------------------------------------------"
}#end foreach
    "!------------------------------------------------------------------------------" | out-file $tempA -encoding ascii -append
    "!------------------------------------------------------------------------------" | out-file $tempB -encoding ascii -append


#Config zonesets
    write $zonesetA | out-file $tempA -encoding ascii -append
    write $zonesetB | out-file $tempB -encoding ascii -append

#Activate & Save
"        Complete Configs"
    $configA = @"

        zoneset activate name SAN1-SAN2-FAB-A vsan 2
    
        zone commit vsan 2
    
        copy run start
"@
    write $configA | out-file $tempA -encoding ascii -append
    
    $configB = @"

    zoneset activate name SAN1-SAN2-FAB-B vsan 3
    
    zone commit vsan 3
    
    copy run start
"@
    write $configB | out-file $tempB -encoding ascii -append    

"-------------------------------------------------------------------------------"
"    COMPLETE - Configuration commands saved to $tempA, $tempB"
"-------------------------------------------------------------------------------"

SYSPREP on cloned Windows Server 2008 R2 Fails

Trouble with sysprep not running when vmware runs customization after deploying a Win2K8R2 template. -> SID for all the clones is the same. Supposedly this matters much less these days but some odd stuff happened that we couldn't explain when we attempted to join to AD domain (NEWSID doesn't work past Win2003) SYSPREP logs are located at: c:\windows\system32\sysprep\panther log files: setupact.log, setuperr.log Apparently sysprep will not run when it thinks Windows has been upgraded in place. This particular template they were copying had several applications installed on it for which we don't know the owner so rebuilding fresh was not an option. The following worked to allow sysprep to run: - Remove the machine from the domain - Registry export: HKLM\SYSTEM\Setup (as backup) - Delete from the registry: HKLM\SYSTEM\Setup\Upgrade - Run: c:\windows\system32\Sysprep\Sysprep.exe /oobe /generalize

7/01/2013

Cloning Windows Server 2008 R2: Use Sysprep (no more NewSID) - Ray Heffer

Cloning Windows Server 2008 R2: Use Sysprep (no more NewSID) - Ray Heffer: Cloning Windows Server 2008 R2: Use Sysprep (no more NewSID)

VMware KB: Cannot run Sysprep on a Windows virtual machine that was upgraded to a later version

VMware KB: Cannot run Sysprep on a Windows virtual machine that was upgraded to a later version: Cannot run Sysprep on a Windows virtual machine that was upgraded

Howto: Build a Windows Server 2008 R2 VMware Template | Mike's Realm

Howto: Build a Windows Server 2008 R2 VMware Template | Mike's Realm: Windows Server 2008 R2 VM Template

Powershell: Bulk Creation of HP-BL Virtual Connect Profiles

Powershell: Bulk Creation of HP-BL Virtual Connect Profiles


####################################################################################################
#
#  clone-profile.ps1
#
#  Copy a template and associate with physical server
#  INPUT:  CSV file containing list of profile names, IP# of enclosure, and Bay
#

$vcuser = "admin"
$inputfile = ".\servers.csv"


$pw = Read-Host "Enter Password for $vcuser" -AsSecureString
$profiles = get-content $inputfile
$tempfile = ".\\cmdfile.txt"

$today = get-date
$day = $today.Day
$mth = $today.Month
$year = $today.Year
$hour = $today.Hour
$min = $today.Minute
$sec = $today.Second
$date = "$year-$mth-$day-$hour$min$sec"
$logfile = ".\create-profile-$date.log"

write "$date Create HP BL Profiles" | out-file $logfile -encoding ascii
clear-host
foreach ($profile in $profiles) {
	"--------------------------------------------------------------------------------" | out-file $logfile -encoding ascii -append
	$profile
	$profile | out-file $logfile -encoding ascii -append
	$server = ($profile -split',')
	$name = $server[0]
	$vcip = $server[1]
	$bay = $server[2]
	if ($vcip -eq "10.2.9.147") { $template = "Template01" }
	if ($vcip -eq "10.2.9.177") { $template = "Template_2" }

	#create command file
	write "copy profile $template $name" | out-file $tempfile -encoding ascii
        write "poweroff server $bay -force" | out-file $tempfile -encoding ascii -append
        write "assign profile $name $bay" | out-file $tempfile -encoding ascii -append	

	#convert $pw to plain text
		$pass = [Runtime.InteropServices.Marshal]::PtrToStringAuto(
			[Runtime.InteropServices.Marshal]::SecureStringToBSTR($pw))
	$result = (./plink.exe -batch -ssh -l $vcuser -pw $pass $vcip -m $tempfile) | out-string
	$pass ='' #erase plain txt pw
	$result
	$result | out-file $logfile -encoding ascii -append
}#end foreach
"--------------------------------------------------------------------------------" | out-file $logfile -encoding ascii -append

6/30/2013

Gathering List of HP Blade Server WWN's

Powershell - Gather list of HP Blade Server WWN's

####################################################################################################
#
#  server-list.ps1
#
#  Gather inventory of profiles, bay assigned, and WWN's
#

$vcips = ("10.2.1.10","10.2.1.11")
$vcuser = "admin"
$outfile = ".\hpbl-wwns.csv"

$pw = Read-Host "Enter Password for $vcuser" -AsSecureString
$alldevicebays=@{}
$allprofiles=@()
$wwn1=@{}
$wwn2=@{}

clear-host

foreach ($vcip in $vcips) {

$profiles=@() #the profiles on this enclosure
$devicebays=@{}

$vcip

#convert $pw to plain text
	$pass = [Runtime.InteropServices.Marshal]::PtrToStringAuto(
		[Runtime.InteropServices.Marshal]::SecureStringToBSTR($pw))

$go = "show profile" # Command Line

$result = (./plink.exe -batch -ssh -l $vcuser -pw $pass $vcip $go) | out-string
$pass ='' #erase plain txt pw
$list = ($result -split'[\n]')
if ($list.Length -lt 2) { break }

write-host "    Getting Profile List"

foreach ($item in $list) {
if ($item.Length -gt 0) {
    if (!$item.Contains("===============================================================")) {
        if (!$item.Contains("---------------------------------------------------------------")) {
            if (($item.Substring(0,1) -ne " ")) {
            $name = $item.Substring(0,12)
            $name = $name.Trim()
            $bay = $item.Substring(12,14)
            $bay = $bay.Trim()
                if ($name -ne "Name") { 
                    $profiles = $profiles + $name 
                    $allprofiles = $allprofiles + $name
                    $devicebays[$name] = $bay
                    $alldevicebays[$name] = $bay
                }
            }#end if
        } #end if
    }#end if
}#end if

}#end foreach

write-host "    Finding WWN's"

foreach ($profile in $profiles) {

write-host "        "$profile

    if ($devicebays[$profile] -ne "") {
#Port 1
$port = 1
write-host "            port "$port

		$go = "show fcoe-connection "+$profile+":"+$port
		$pass = [Runtime.InteropServices.Marshal]::PtrToStringAuto(
		[Runtime.InteropServices.Marshal]::SecureStringToBSTR($pw))

		$result = (./plink.exe -ssh -l $vcuser -pw $pass $vcip $go) | out-string
		$pass=""
			$list = ($result -split'[\n]')
			foreach ($item in $list) {
				if ($item.Length -gt 0) {
					$items = ($item -split': ')
					$field = $items[0]
					$field = $field.Trim()          
					$data = $items[1]
					$data = $data.Trim()
					if ($field -eq "Port WWN") {
						$wwn1[$profile] = $data
					}#end if
				}#end if null
			}#end foreach item
#port 2
$port = 2
write-host "            port "$port

		$go = "show fcoe-connection "+$profile+":"+$port
		$pass = [Runtime.InteropServices.Marshal]::PtrToStringAuto(
		[Runtime.InteropServices.Marshal]::SecureStringToBSTR($pw))

		$result = (./plink.exe -ssh -l $vcuser -pw $pass $vcip $go) | out-string
		$pass=""
			$list = ($result -split'[\n]')
			foreach ($item in $list) {
				if ($item.Length -gt 0) {
					$items = ($item -split': ')
					$field = $items[0]
					$field = $field.Trim()          
					$data = $items[1]
					$data = $data.Trim()
					if ($field -eq "Port WWN") {
						$wwn2[$profile] = $data
					}#end if
				}#end if null
			}#end foreach item
#end port 2

    }#end if UNASSIGNED
}#end foreach profile
}#end foreach enclosure

$profiles = $profiles | sort-object


#create report

write-host "generating output file: " $outfile

#delete output file if it exists
if ( test-path $outfile ) { remove-item $outfile }

get-date -format g | out-file $outfile -encoding ascii

"Profile, Bay, hbaA, hbaB" | out-file $outfile -encoding ascii -append
write-host "Profile, Bay, hbaA, hbaB"
foreach ($profile in $allprofiles) {
	$bay = ($alldevicebays[$profile])
	$wwnA = ($wwn1[$profile])
	$wwnB = ($wwn2[$profile])
	write-host $profile "," $bay "," $wwnA "," $wwnB
	write "$profile,$bay,$wwnA,$wwnB" | out-file $outfile -encoding ascii -append
}#end foreach

6/28/2013

Using PLINK through Powershell

Using PLINK through Powershell
$User = 
$Pswd = 
$Computer = 
$plink = \plink.exe"
$plinkoptions = " -v -batch -pw $Pswd"

$cmd1 = '/usr/sbin/vdf -h'
$remoteCommand = '"' + $cmd1 + '"'
$command = $plink + " " + $plinkoptions + " " + $User + "@" + $computer + " " + $remoteCommand

$msg = Invoke-Expression -command $command 
$msg

5/24/2013

HP Virtual Connect Boot From SAN

HP Virtual Connect Boot From SAN Configuration

Only allows entry of 2 target WWPN's:



4/26/2013

copy ntfs permissions from one folder to another folder

I just wanted to copy the permissions from one folder to another. This powershell worked:
get-acl \\SOURCE/FOLDER | set-acl \\TARGET\FOLDER

Outlook Indexing

windows coding trek: How to enable "Disable Backoff" for t...

Cisco MDS switch cmdline

Saved 30 minutes of click, click, drag, click, commit, drag, commit, activate, blah blah in Fabric Manager:

zone name privh08_hba_B_to_vnx vsan 3
member pwwn 50:06:01:64:3e:e0:04:7d
member pwwn 50:06:01:6c:3e:e0:04:7d
member pwwn 20:00:00:25:b5:11:bf:0f

zone name privh09_hba_B_to_vnx vsan 3
member pwwn 50:06:01:64:3e:e0:04:7d
member pwwn 50:06:01:6c:3e:e0:04:7d
member pwwn 20:00:00:25:b5:11:bf:1f

zone name privh10_hba_B_to_vnx vsan 3
member pwwn 50:06:01:64:3e:e0:04:7d
member pwwn 50:06:01:6c:3e:e0:04:7d
member pwwn 20:00:00:25:b5:11:bf:df

zone name privh11_hba_B_to_vnx vsan 3
member pwwn 50:06:01:64:3e:e0:04:7d
member pwwn 50:06:01:6c:3e:e0:04:7d
member pwwn 20:00:00:25:b5:11:bf:ef

zone name privh12_hba_B_to_vnx vsan 3
member pwwn 50:06:01:64:3e:e0:04:7d
member pwwn 50:06:01:6c:3e:e0:04:7d
member pwwn 20:00:00:25:b5:11:bf:bf

zoneset name SAN1-SAN2-FAB-B vsan 3
member privh08_hba_B_to_vnx 
member privh09_hba_B_to_vnx
member privh10_hba_B_to_vnx
member privh11_hba_B_to_vnx
member privh12_hba_B_to_vnx

zoneset activate name SAN1-SAN2-FAB-B vsan 3

zone commit vsan 3

copy run start

4/24/2013

CIFS Explained

CIFS Explained: CIFS Explained

Very good reference including packet sequence explainations.

4/01/2013

Newsletter #106:Solving the "How Do I Change My Firewall Profile in Windows 8?" Puzzle

Newsletter #106:Solving the "How Do I Change My Firewall Profile in Windows 8?" Puzzle: Changing a NIC's Firewall Profile Between "Private" and "Public"

Problems with file shares on VM's

Symptoms

==========
When you try to access files located on a share, hosted on a disk that is a non-system operating disk, you receive Access Denied.
This issue occurs when you are using Machines hosted on a VMware virtualized environment.
This issue occurs when you remotely access shares located on a USB disk

Causes
==========
Auditing for file and system objects is Enabled and the disk is a Hot Plug-able disk

Resolution
==============
Disable Auditing for file and system objects or do not use Hot Plug-able disks.

Here is the workaround from VMWare:
http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1012225

3/21/2013

Isi Blogging?: Job Engine

Isi Blogging?: Job Engine:

There is a single Isilon node that is the job coordinator.
Find out which node is is with:

isi job status -r
example-output:
coordinator.connected=True
coordinator.devid=1
coordinator.down_or_read_only=False

Isilon Performance Stats

Summary
isi statistics drive --nodes=all --orderby=busy --type=sas,sata --top
or
isi statistics drive --nodes=all --orderby=busy --type=sas,sata | head -n 30

Drive Queue
isi statistics drive --nodes=all --orderby=queued --type=sas,sata --top

Cluster Performance Snapshot
isi statistics pstat

List files in use
isi statistics heat --nodes=all --orderby=ops --top

List of client connections
isi statistics client --nodes=all --orderby=ops --top

Get rid of "pseudo nics"

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters for a REG_DWORD entry called DisabledComponents.
If it's not there, create it in Parameters. Set its value to 1

3/15/2013

Isi Blogging?: Job Engine

Isi Blogging?: Job Engine: Job Engine
Isilon Blog

Re: How do you calculate usable capacity for Isilon?

Clear as mud:
Re: How do you calculate usable capacity for Isilon?
Here is the general accepted formula used when sizing:
1) Find total raw TB in base 10
2) Multiply that result by (1000^4/1024^4) to get base 2 TB
3) Subtract 1 GB per drive for the OS partitions
4) Subtract 0.0083% of that result to account for the filesystem format
5) Subtract the protection overhead from that result
As for the protection overhead that you are planning to use, look to the "OneFS User Guide" on support.emc.com. Skip to the section: "OneFS data protection" where it will talk about N+M data protection, protection schemes such as N+1, N+2:1 (default), 2x, etc and the associated cost/parity overhead. Also, you will see a very good matrix listing the percent overhead which begins by reminding us: "The parity overhead for each protection level depends on the file size and the number of nodes in the cluster."

3/08/2013

ESXi Remote Administration

Remotely managing ESXi servers has turned into such a pain in the butt. From VCS: - Software > Security Profile - Check firewall and check box for SSH client & server if needed. - Open Services and start the SSH service. - SSH to server - you can type DCUI to get the same user interface as if you are on the console of the physical server. - or you can do the following to restart all the services: - cd /sbin - services.sh restart

2/25/2013

Configure NAT in the VRF lite scenario

Configure NAT in the VRF lite scenario
But, why would you do a VRF and then decide you wanted to route from that VRF to your global routing instance?  And why on earth would you want to NAT between two interfaces in different VRF's. 
Well, I did end up needing to and this article was very helpful.

ip vrf MyVRF
 exit

interface 
 (no switchport)           ! make routed port
 ip vrf forwarding MyVRF   ! associate interface with MyVRF
 ip address A.B.C.D M.M.M.M

interface 
 switchport
 switchport trunk encapsulation dot1q
 (switchport nonegotiate)
 switchport mode trunk

vlan 10
 name WAN-VLAN

interface Vlan10
 ip vrf forwarding MyVRF
 ip addr E.F.G.H M.M.M.M
 ip nat enable

! now the VRF-aware NAT config:
interface 
 ip nat enable

interface Vlan10
 ip nat enable

ip access-list standard LAN-to-NAT
 permit 

ip nat source list LAN-to-NAT interface Vlan10 vrf MyVRF overload

! finally the def. route
ip route vrf MyVRF 0.0.0.0 0.0.0.0 



2/12/2013

Openfiles

Openfiles: From the cmdline, query what files are open and disconnect them.
http://technet.microsoft.com/en-us/library/cc732490(v=ws.10).aspx

Windows 2008 Stuff

- Disable Hybernate on servers:  powercfg -h off
- RDP Sessions from CMD line if you register query.dll like this:  regsvr32 query.dll
query session /server:servername [enter]
reset session # /server:servername [enter]
-What files are open?  (anything more than query may require settings change & reboot.)
openfiles /query

Misc - Windows 7

Windows Key + [arrow keys] will manipulate the current window:   maximize, minimize, and snap it to the left or right

Active Directory Stuff


- list all the groups and the members in those groups
dsquery group -limit 0 | dsget group -members –expand
- list fsmo role holders
netdom query fsmo
- Show domain account policy
net accounts
- Start AD synchronization
repadmin /syncall
- Group policy troubleshooting
gpupdate /force => reapply group policy now
gpresult => show what policies apply

Microsoft Network Stuff

- built in sniffer...
netsh trace start capture=yes tracefile=c:\capture.etl
netsh trace stop
http://blogs.msdn.com/b/canberrapfe/archive/2012/03/31/capture-a-network-trace-without-installing-anything-works-for-shutdown-and-restart-too.aspx

- What groups am I a member of?
whoaim /groups

- reset interface IP configuration
netsh int ip reset all

- show all connections and refresh every 10 seconds
netstat –ano 1

VMware KB: Troubleshooting transaction logs on a Microsoft SQL database server

VMware KB: Troubleshooting transaction logs on a Microsoft SQL database server: Troubleshooting transaction logs on a Microsoft SQL database server
Prevent logs from filling up the server:
  1. Log in to the Microsoft SQL 2005/2008 Server as an administrator.
  2. Open up SQL Management Studio.
  3. Right-click the database that VirtualCenter is using.
  4. Click Properties.
  5. Click the Options link.
  6. Set the Recovery Model to Simple
  7. Click OK.
  8. Once this is complete, right click on the database again.
  9. Click Tasks>Shrink>Files.
  10. On the Shrink Database window select the file type as 'Log' . The file name appears in the filename drop down as databasename_log
  11. The space used versus the space allocated displays. After you set the recovery model to Simple, the majority of the space in the transaction log released.
  12. Ensure that the Release unused space radio button is selected.
  13. Click OK on this window to shrink the transaction log.

1/30/2013

How do I secure a Cisco router from the Internet? Cisco Forum FAQ | DSLReports.com, ISP Information

How do I secure a Cisco router from the Internet? Cisco Forum FAQ | DSLReports.com, ISP Information: secure a Cisco router from the Internet?

Recommended Global and Interface Configurations



•Disable all non-essential services and features



no service pad

no ip finger

no ip bootp server

IOS versions 12.x and higher auto disable certain features like no tcp-small-servers; no udp-small-servers; and ip http-server

no ip source-route





Enable global security features



service password-encryption (automatically encrypts configured passwords)

service timestamps debug datetime msec localtime show-timezone

service timestamps log datetime msec localtime show-timezone

service tcp-keepalives-in

logging buffered <50000> debugging

logging console warnings (if you don't log, you can't trace problems)

enable secret (enables the strongest password encryption on the enable password)

no cdp run (if you don't need cdp at all)





Disable the following features per interface



no ip redirects

no ip unreachables

no ip directed-broadcast

no ip proxy-arp

no cdp enable (for exterior facing interfaces)

make sure all other interfaces not being used are administratively shutdown





Enabling additional features



ip subnet-zero (enables networks on the 0 boundary)

ip classless (allows for CIDR netmasks)

enable access-lists per interface as necessary to restrict the traffic to only required communication (see the links above for info regarding access-list configuration)

interface fastethernet 1/0ip access-group 101 outip access-group 102 in

clock timezone (an accurate clock makes security logs more useful with timestamps)

clock summer-time recurring

NTP is the key to a synchronized clock which is highly recommended for accurate timestamping of log entries

ntp masterntp update-calendarntp server 

snmp-server community RO 10 (secures snmp control by access list 10)

Add ip addresses of only the hosts that need snmp access to the router to access-list 10

Use the banner command to state the obvious precuations upon login as a legal disclaimer

banner motd ^CC                        You Access Restricted Equipment                   All Activities are Monitored and Logged                            Unauthorized Use Prohibited     By Accessing, You Are Agree Your Activities to be Monitored and Logged                                 ^C

Console configuration - use exec-timeout to logout idle users after 5 minutes

line con 0 exec-timeout 5 0 password 7 <######> login authentication no_tacacs transport input noneline aux 0 exec-timeout 5 0 password 7 <#######> login authentication test modem InOut transport input all stopbits 1 speed 19200 flowcontrol hardwareline vty 0 4 exec-timeout 5 0 password 7 <########> login authentication test transport input telnet





IOS version



Make sure you are running a version of IOS that is stable and is patched 
for all of the most latest network bugs, especially the recent SSH and SNMP vulnerabilities.




Cisco Internet Inbound Access List




The following is a commented example of an Access List configuration
for a router that acts as a "choke" device on the inside or outside of 
a true firewall device. The 
! signifies a commented line in Cisco's 
notation. Non-commented lines are the actual configuration syntax as it
would be entered on the Cisco router.





The information supplied in this configuration is in no way guaranteed
or supported by the author to "secure" your network. This is meant to provide
an example of generally accepted configuration practices when securing
routers that provide access to untrusted networks.





This access-list should be applied inbound on your choke router to what 
is considered your external or outside interface. In most cases, for routers 
outside your firewall this will be some sort of WAN interface like a serial port, 
BRI interface, frame relay sub-interface, or ATM PVC. This filters traffic that 
is coming from the Internet or untrusted network "inbound" on the external 
interface connecting to the Internet.




--------------------------------------------------------------------------------







! Deny all standard external spoofing attacks and log all attempts
! from illegal addresses, your external block, and reserved space
! For obvious reasons, non-routable Internet addresses should not be allowed to
! come inbound. A favorite of hackers is to spoof private source addresses or
! even masquerade as public addresses on your own external networks.
!deny ip 192.168.0.0 0.0.255.255 any log-inputdeny ip 172.16.0.0 0.15.255.255 any log-inputdeny ip 10.0.0.0 0.255.255.255 any log-inputdeny ip 127.0.0.0 0.255.255.255 any log-inputdeny ip 255.0.0.0 0.255.255.255 any log-inputdeny ip 224.0.0.0 31.255.255.255 any log-inputdeny ip host 0.0.0.0 any log-inputdeny ip   any log-inputdeny ip host  any log-input
!Deny any abusive networks here...
!deny ip xxx.xxx.xxx.xxx 0.0.0.255 any log-input
! The commands below are all for routers being used as a firewall device.
! If you plan on using another device for a firewall, then do not add any other 
! configuration lines except for the following:
! permit ip any any
! If you plan on using your router as your only firewall device you can permit
! or deny particular services as outlined below. The following are only examples. 
! There are hundreds of services and non-standard configurations you may need to 
! allow based on your indivdual requirements. If you do not have the budget
! for a true firewall such as a PIX, Checkpoint or Netscreen, you should still use
! a router that is sized properly to do the job you need. A Cisco 2620 or 2640 
! should have plenty of CPU for Reflexive Access lists and Content Based Access 
! Control for a full T-1 worth of traffic. The other key component is RAM. Allow for 
! a minimum of 32MB or 64MB if possible. If your budget is still an issue, you are 
! probably better off building a firewall using a PC server (under $1000) with 2 
! network cards using Linux or NetBSD and IPChains firewall software. You can get a 
! lot more mileage out of a machine like that than a low-end Cisco router which 
! really wasn't designed for that purpose anyway.
!
! Include the inbound Reflexive Access-Lists if you are using this function
!
! *WARNING* Reflexive Access Lists are CPU and memory intensive on your router. 
! Make sure that your hardware is properly sized to support your volume of traffic.
!
! For further explanation of these services and port numbers please refer to 
! documentation for the specific protocols.
!evaluate alliptraffic
! If you need to host any inbound services behind your router then the following 
! config may help you out with some example setups.
! Allow outside ftp sessions inbound
!permit tcp any host  eq 21
! Allow ftp to work from inside your network (requires port 20 to be open
! for incoming data session)
!permit tcp any eq 20 host  gt 1024
! Allow auth/identd traffic for smtp mail and for other client apps
!permit tcp any host  eq 113permit tcp any host  eq 113
! Allow smtp traffic inbound to mail servers
!permit tcp any host  eq smtp
! Allow http traffic inbound to all web servers
!permit tcp any host  eq www
! Allow SSL traffic inbound to all SSL servers
!permit tcp any host  eq 443
! Allow Microsoft PPTP/VPN sessions to connect inbound and log control channel 
! permit tcp any host  eq 1723 log-input permit tcp any host  eq 1731 permit gre any host 
! Allow only certain remote addresses to perform tcp DNS transfers from 
! specific DNS servers for secondary DNS service and log each connection
!permit tcp host  host  eq domain log-input
! Allow inbound client DNS requests to all DNS servers
!permit udp any host  eq domain
! Allow DNS resolution from the router's serial port for testing purposes
!permit udp any eq 53 host 
! Allow time synchronization to occur on router from ISP
!permit udp any eq ntp host  eq ntp
! Allow only particular types of icmp packets inbound to 
! maintain integrity of data flow and sanity and for troubleshooting etc.
!permit icmp any   net-unreachablepermit icmp any   host-unreachablepermit icmp any   port-unreachablepermit icmp any   packet-too-bigpermit icmp any   administratively-prohibitedpermit icmp any   source-quenchpermit icmp any   ttl-exceededpermit icmp any   echo-reply
! Deny all other ICMP explicitly so it isn't logged
!deny icmp any any
! Deny all other ip traffic explicitly and log it.
!deny ip any any log-input


Cisco Internet Outbound Access List




The following is a commented example of an Access List configuration
for a router that acts as a "choke" device on the inside or outside of 
a true firewall device. The 
! signifies a commented line in Cisco's 
notation. Non-commented lines are the actual configuration syntax as it
would be entered on the Cisco router.





The information supplied in this configuration is in no way guaranteed
or supported by the author to "secure" your network. This is meant to provide
an example of generally accepted configuration practices when securing
routers that provide access to untrusted networks.





This access-list should be applied inbound on your choke router to what 
is considered your internal or inside interface. In most cases, this will be some 
sort of ethernet interface. This filters traffic that is going towards the Internet 
or untrusted network "inbound on that interface.





--------------------------------------------------------------------------------







! Deny RFC 1918 private source addresses from going outbound. It is not wise 
! to let packets leak outside your network with your internal address information. 
! This is the primary way that hackers learn about the configuration of private 
! networks. These packets can not be responded to anyway, since these networks are 
! not routable on the Internet. they would only be reachable if you are using NAT on a 
! device beyond this point in the network to translate to a publicly routable address.
!deny ip 192.168.0.0 0.0.255.255 any log-inputdeny ip 172.16.0.0 0.15.255.255 any log-inputdeny ip 10.0.0.0 0.255.255.255 any log-input 
! Keep any errant request for private addresses inside your network
! Just in case your internal routing table for some reason does not contain a route 
! that should be internal, and clients follow your default route toward the Internet 
! for requests that should stay inside your network. This is another way that hackers 
! can find out about your internal network is watching for internal requests that 
! accidentally get routed out to a public device that they can capture traffic from.
!deny ip any 192.168.0.0 0.0.255.255 log-inputdeny ip any 172.16.0.0 0.15.255.255 log-inputdeny ip any 10.0.0.0 0.255.255.255 log-input 
! Deny all netbios traffic going outbound since this is one of the top 3 most hacked
! or attacked protocols on the Internet. Users should not access netbios services on 
! the Internet since it can very easily compromise NT Domain security and architecture.
!deny   udp any any eq netbios-nsdeny   udp any any eq netbios-dgmdeny   udp any any eq netbios-ss 
! Permit everything else from the "external network" and build the 
! reflexive access list alliptraffic with a timeout of 120 seconds
!
! This command allows all other traffic to pass through the interface and
! uses an IOS feature set called Reflexive Access Lists to build a dynamic
! access list for return traffic coming inbound from the Internet. That way a 
! command can be appended to an inbound access list to evaluate inbound packets against 
! "allowed" return traffic to sessions started from inside your network.
!
! *WARNING* This command is CPU and memory intensive on your router depending on the 
! volume of traffic flowing through the interface. I recommend at least a 2610 series 
! router with 32MB RAM minimum to support a full T-1 with this configuration.
!permit ip   any reflect alliptraffic timeout 120deny ip any any log 
! If this router is not being used as a firewall but more for just a choke device
! to enhance the security in front of or behind a firewall the following commands should
! replace the above commands... You should specifically define your networks that should 
! be allowed to go outbound and then deny everything else explicitly.
!permit ip   anydeny ip any any log


Cisco Guide to Harden Cisco IOS Devices - Cisco Systems

Cisco Guide to Harden Cisco IOS Devices - Cisco Systems: Cisco Guide to Harden Cisco IOS Devices

1/23/2013

Cisco UCS Networking Best Practices (in HD)

Cisco UCS Networking Best Practices (in HD): Cisco UCS Networking Best Practices

RDP connection to Remote Desktop server running Windows Server 2008 R2 may fail with message 'The Local Security Authority cannot be contacted'.

RDP connection to Remote Desktop server running Windows Server 2008 R2 may fail with message 'The Local Security Authority cannot be contacted'.: the remote computer that was reached is not the one you specified

To resolve the issue, change the remote desktop security on the RD server to RDP Security Layer to allow a secure connection using Remote Desktop Protocol encryption. Below are the steps:

1. Navigate to Start > Administrative Tools > Remote Desktop Services > Remote Desktop Session Host Configuration.
2. With RD Session Host Configuration selected view under Connections.
3. Right click RDP Listener with connection type Microsoft RDP 6.1 and choose Properties.
4. In general tab of properties dialog box under Security, select RDP Security Layer as the Security Layer.
5. Click OK.

1/09/2013

Some code playing around with sending mail with an attachment from a powershell script. Also launching a packet capture from another process so I can asynchronously repeat a test while doing a capture. -> Although I was able to execute an external command that included variables (to build the command line with a custom value for delay and output file) I was not able to start a job to do that same thing. I resorted to creating a custom batch file for this script and defining tshark duration and output file in that BAT file. -- not as flexible as I was trying to be.

#INSTANCE 1 
#  - Capture command:  C:\WORK\CAP1.BAT
#  - Output file:  CAP1OUT.CAP

$temp = "c:\work"
$test = "\\fs05\users\admin\test"
$threshold = 10
$SmtpServer = "mail.usa.domain.com"
$emailfrom = "no-reply-monitor@domain.com)"
$emailto = "administrator@domain.com"
$emailsubject = "folder count monitor output"
$emailbody = "Folder:  $test contains less than $threshold items"
$emailattachment="c:\temp\file.txt"
$emailfrom = ""
$emailto = ""
$emailsubject = "Monitoring Output"  

function send_email {
 $mailmessage = New-Object system.net.mail.mailmessage 
 $mailmessage.from = ($emailfrom) 
 $mailmessage.To.add($emailto)
 $mailmessage.Subject = $emailsubject
 $mailmessage.Body = $emailbody
 $attachment = New-Object System.Net.Mail.Attachment($emailattachment, 'text/plain')
 $mailmessage.Attachments.Add($attachment)
 #$mailmessage.IsBodyHTML = $true
 $SMTPClient = New-Object Net.Mail.SmtpClient($SmtpServer, 25)  
 #$SMTPClient.Credentials = New-Object System.Net.NetworkCredential("$SMTPAuthUsername", "$SMTPAuthPassword")
 $SMTPClient.Send($mailmessage)
}#end-function

if ((Get-ChildItem $test).Count -lt $threshold){
 "capturing for 30 s"
 ####################################################
 #     CAPTURE COMMAND
   $job = start-job {&cmd "/c","C:\WORK\CAP1.BAT"}
 ####################################################
 start-sleep 10
 "Testing Folder $test"
  Get-ChildItem $test | out-null
 "waiting 30 s"
  Start-Sleep 30
 wait-job $job
 remove-job $job
 "sending CAP file to $emailto"
 ####################################################
 #     OUTPUT FILE
  $emailattachment = "c:\work\cap1out.cap"
 ####################################################
  send_email 
}

1/08/2013

8 Wireshark Filters Every Wiretapper Uses to Spy on Web Conversations and Surfing Habits « Null Byte

8 Wireshark Filters
http://null-byte.wonderhowto.com/inspiration/8-wireshark-filters-every-wiretapper-uses-spy-web-conversations-and-surfing-habits-0134508/
ip.addr ==x.x.x.x
     Find packets with IP address as either source or destination
ip.addr ==x.x.x.x && ip.addr ==x.x.x.x
     conversation filter between the two IP addresses
http or dns
     filter based on protocol
tcp.port==xxx
     filters based on TCP port numbers
tcp.flags.reset==1
     filters to show all TCP resets.  A TCP reset basically kills a TCP connection instantly.
http.request
     Sets a filter for all HTTP GET and POST requests. This will show webpages being accessed for the most part.
tcp contains xxx
     Find TCP packets containing string.
(arp or icmp or dns)
     filter out protocols. The example hides ARP, ICMP, and DNS packets.

Classical Data

Classical Data
Good blog doing what I am trying to do here.
Useful and various topics.