$cmd = 'C:\Program Files\HP\Virtual Connect Enterprise Manager\Virtual Connect Enterprise Manager CLI\vcemcli.exe'
$arg1 = '-export'
$arg2= 'profiles'
$arg3 = '-exportfile'
$arg4 = 'profiles.csv'
&$CMD $arg1 $arg2 $arg3 $arg4
$raw = ".\profiles.csv" | import-csv -header ''
$list = $raw | format-list -property "Profile Name", "*Network Name" | out-string
$list = $list.split("`n")
foreach ($item in $list) {
$item = $item.replace("`n","")
$descr = $item.split(":")[0]
$value = $item.split(":")[1]
if ( $descr -like "Profile Name*") {
write-output "-----------------------------"
write-output $value
}
else {
if ( $value -notlike "*N/A*") {
write-output " $value"
}
}
}
12/18/2014
Powershell Report HP Virtual Connect VLANs
12/11/2014
Linux - persistent sessions
create/open a new screen:
screen
Leave a screen open:
CTRL+A, CTRL+D
list open screens:
screen -ls
switch to a screen:
screen -r
close the screen:
exit
11/04/2014
Let’s talk Security … DMZs, VLANs, and L2 Attacks | VMware vSphere Blog - VMware Blogs
The idea of consolidating a DMZ to a single host (one of the scenarios described in the paper) has stirred some opinions in the VMware Communities. The subject of security always does.
I thought one of the replies to the ongoing discussion was worth reposting. This post is from our own Serge Maskalik (aka vSerge on communities). You can read the rest of the thread here to get the context of the discussion, but the points about L2 attacks I think stand on their own (and hence why I reposted them here)…
These are really good questions, and there are a number of considerations with regards to using VLANs and how to properly secure L2 environments to reduce your attack surface area. To say that VLANs aren’t secure and can’t be used for DMZ usage isn’t fair – the reality is that there lots of very secure VLAN implementation in production networks since the early part of this decade, especially seen in service provider networks. When you go to a Savvis, Global Crossing, AT&T, etc – you get a VLAN + CIDR block and datacenters’ tenants are split up this way across the access layer. I recall building out the GlobalCenter datacenters in the late 90s/early part of this decade (these are now Savvis through Exodus acquisition), and the flat edge network which was Catalyst 5500s with shared broadcast domains became Catalyst 6500s or 7600s or comparable solutions by other vendors with VLAN segregation by customer with VLAN counts in 1k+ range per datacenter. That was almost 10 years ago and we now see lots of large and small enterprise networks heavily leverage VLANs to reduce numbers of physical NICs, simplify physical topology, reduce port density requirements on the switching edge, provide more configuration flexibility, reach large consolidation ratios by having more VMs run on smaller number of ESX servers in collapsed DMZ+Internal environments, etc.
The following is a little bit of information about L2 attacks that folks often talk about and how to put some controls in place to prevent them.
1. CAM flooding or MAC flooding. Switches use content-addressable memory which contain VLAN/PORT/MAC-ADDRESS tables for looking up egress ports as frames are forwarded. These are the forwarding tables for the switches and they have limits in size. The CAM tables are populated by looking at the source MAC on a frame and creating a CAM entry that records which port maps to what source MAC. This attack type tries to overrun the table by generating large numbers of frames with different MACs, to the point that there is no more room in the CAM to store the MAC entries. When the CAM can no longer be populated, the switch will act like a hub and flood frames to all ports except the one the frame came in on (to prevent loops). To avoid this, there are features like setting the max number of MAC entries per port – in most cases you only need one per NIC. By setting this configuration, you get rid of this risk. Secondly, you have to evaluate the risk of such attack. The attacker has to penetrate into the DMZ, own a host within the DMZ or be already on a segment close to the DMZ to run this attack. This attack could not occur if there are intermediate routers in the path, since a mac rewrite occurs on those nodes. It’s a good idea to limit your L2 broadcast domains and the diameter of the switched network to avoid propagation of these type of issues.
2. VLAN Cross-talk Attacks (or VLAN Hopping) – on Cisco switches, the dot1q trunks pass all tags be default. When you configure the ESX host to uplink via a dot1q trunk, and guest tagging is allowed, it’s conceivable that a rogue guest can generate frames for VLANs it should not be a part off. Avoid enabled guest tagging and monitor your vSwitch configuration activity for such things. Another way to hop VLANs is to spoof dynamic trunk configuration frames from a host; protocols like these are used by vendors to automatically configure 802.1q trunks to set up and allow VLANs. To avoid this, configure switch ports passing tagged frames explicitly to be trunks and to explicitly forward specific tags. Also, don’t allow for unplugged ports on the switches to remain in a VLAN used by important assets – put them into an unused VLAN to avoid the possibility of someone plugging in to a port and getting access to the VLAN. Avoid using default VLANs (like VLAN1 on Ciscos).
3. ARP spoofing – this is where a host on the same segment as other hosts modify the ARP table on the edge router/gateway to point to the attacker’s MAC and are able to redirect traffic to themselves. This can be done using ARP request or Gratuitous ARP mechanisms. This is a bit tougher to defend against, but can happen regardless of whether you are using VLANs or not.
4. Spanning-Tree attacks – this is where attackers could cause a DoS and bring down the L2 network section by generated malicious STP BDPUs and become root bridges or confuse the protocol to block specific ports. This can happen regardless of usage of VLANs, plus features like bpdu-guard and root-guard help prevent this type of stuff.
5. VRRP or HRSP tampering – break the failover protocol for the default gateway, take over the gateway MAC yourself, etc.
6. Starve out the DHCP address range – not as big of deal of DMZ, unless you are using DHCP for servers.
We on the vShield Zones teams recognize these issues and try to provide visibility to VMs and flows destined/sourced to and from VMs from a network perspective. Using Zones, you can see an ARP spoofing attack from a VM or a physical host on a segment and remediate the issue. Security best practices claim that you need visibility into L2 to deal with these type of issues, so in addition to providing firewalling functionality, we spent a lot of time on providing microflow visibility.
Also, we are seeing lots of customers using vShield Zones to isolate and segment clusters to provide dual-purpose for DMZ and internal server VMs usage using VLANs + vShield Zones isolation. We will be posting papers on this front and there will be examples at VMworld on how this can work. We are seeing three major use cases in the context of this:
1. Isolated/Segment DMZ in a dedicated set of ESX hosts or cluster with multiple trust zones provided by the vShield Zones.
2. Fully collapsed DMZ where the cluster or set of ESX hosts are shared by internal VMs and Internet-facing VMs.
3. Branch office environments where there may be some VMs hosted with Internet access, some for internal server usage and VDI as well.
10/29/2014
10/18/2014
Windows Server 2008R2 Disk Cleanup Utility
You can run it without installing Desktop Experience feature by doing the following:
Copy C:\Windows\winsxs\amd64_microsoft-windows-cleanmgr_31bf3856ad364e35_6.1.7600.16385_none_c9392808773cd7da\cleanmgr.exe C:\Windows\System32\
copy C:\Windows\winsxs\amd64_microsoft-windows-cleanmgr.resources_31bf3856ad364e35_6.1.7600.16385_en-us_b9cb6194b257cc63\cleanmgr.exe.mui C:\Windows\System32\en-US\
cleanmgr.exe /verylowdisk
You can put the above in a BAT file and it will copy the files and run without user intervention.
Or just copy the files and run it to select options.
run using cleanmgr.exe /? to see interesting switches for saving your selected options.
Calculating the past growth rate
Mathematically
the total $lastyear would be $now / (1 + $growthrate)
so the total $pastyear $num years ago would be $now / (1 + $growthrate)^$num .
but I am not sure if that would work all the way back to the first year when the total was 0 (if I use 1 GB to approximate zero, especially if the number of years is short, for example 2-3)
Solving for $growthrate:
$pastyear = $now / ((1 + $growthrate)^$num)
$pastyear * ((1 + $growthrate)^$num) = $now
((1 + $growthrate)^$num) = $now / $pastyear
1 + $growthrate = ($now / $pastyear)^(1/$num)
$growthrate = (($now / $pastyear)^(1/$num)) - 1
looking at the above if the $pastyear is very small to approximate zero and $num is pretty small this looks like it will be much bigger than is reasonable.
Subtly
For this specific purpose I could attempt to take a file listing of all the files in the directory structure. Using Excel for instance:
- import the file listing above, use text to columns to split into fields, hide or delete all but date & file size
- create a 3rd column in between with formula calculating just the year of the date
- sort them by year newest to oldest
- group by year & subtotal the file size
this will tell me how much was there the first year
**when I ignore "growth" during the first year and use the amount at the end of the first year in the above formula it seems to be much more reasonable.
10/09/2014
Don't pad number strings, use modular arithmetic to calculate each digit
// = integer division
% = remainder
# given t in tenths of seconds,
# return a string of format string A:BC.D
# A = minutes, BC = seconds, with leading zero if needed, D = tenths of seconds
def format(t):
tenths = t % 10
t = t // 10
sec = t % 60
min = t // 60
sec_ones = sec % 10
sec_tens = sec // 10
display = str(min) + ":" + str(sec_tens) + str(sec_ones) + "." + str(tenths)
return display
9/30/2014
Test time to open Word documents of various sizes
function sleep(milliseconds) {
var start = new Date().getTime();
for (var i = 0; i < 1e7; i++) {
if ((new Date().getTime() - start) > milliseconds){
break;
}
}
}
var myApp = new ActiveXObject("Word.Application");
myApp.Visible = true;
// Open 200K
var smopenstart = new Date().getTime();
myApp.Documents.Open("Z:\\200K.doc");
var smopenend = new Date().getTime();
//wait 10 s
sleep(10000);
// Save 200K
var smsavestart = new Date().getTime();
myApp.ActiveDocument.SaveAs("Z:\\NEW\\200K.doc");
var smsaveend = new Date().getTime();
// Close 200K
myApp.Documents.Close();
//quit Word
myApp.Application.Quit();
//wait 10 s
sleep(10000);
var myApp = new ActiveXObject("Word.Application");
myApp.Visible = true;
// Open 1MB
var medopenstart = new Date().getTime();
myApp.Documents.Open("Z:\\1M.doc");
var medopenend = new Date().getTime();
//wait 10 s
sleep(10000);
// Save 1MB
var medsavestart = new Date().getTime();
myApp.ActiveDocument.SaveAs("Z:\\NEW\\1M.doc");
var medsaveend = new Date().getTime();
// Close 1MB
myApp.Documents.Close();
//quit Word
myApp.Application.Quit();
//wait 10 s
sleep(10000);
var myApp = new ActiveXObject("Word.Application");
myApp.Visible = true;
// Open 5MB
var lrgopenstart = new Date().getTime();
myApp.Documents.Open("Z:\\5M.doc");
var lrgopenend = new Date().getTime();
//wait 10 s
sleep(10000);
// Save 5MB
var lrgsavestart = new Date().getTime();
myApp.ActiveDocument.SaveAs("Z:\\NEW\\5M.doc");
var lrgsaveend = new Date().getTime();
// Close 5MB
myApp.Documents.Close();
//quit Word
myApp.Application.Quit();
//define date string
var mo = new Date().getMonth()+1;
if (mo < 10) { mo = "0" + mo };
var day = new Date().getDate();
if (day < 10) {day = "0" + day};
var year = new Date().getFullYear();
var hrs = new Date().getHours();
if (hrs < 10) {hrs = "0" + hrs};
var m = new Date().getMinutes();
if (m < 10) {m = "0" + m};
var s = new Date().getSeconds();
if (s < 10) {s = "0" + s};
var dt = mo + "/" + day + "/" + year + " " + hrs + ":" + m + ":" + s
//Calculate times
var smopentime = (smopenend - smopenstart)/1000
var smsavetime = (smsaveend - smsavestart)/1000
var medopentime = (medopenend - medopenstart)/1000
var medsavetime = (medsaveend - medsavestart)/1000
var lrgopentime = (lrgopenend - lrgopenstart)/1000
var lrgsavetime = (lrgsaveend - lrgsavestart)/1000
//output results
WScript.Echo(dt, ",", smopentime, ",", smsavetime, ",", medopentime, ",", medsavetime, ",", lrgopentime, ",", lrgsavetime);
Save above as "openword.js" and call with the following BAT file
net use Z: \\SHARE\TEST\ATL
c:
cd\temp
cscript //NoLogo c:\temp\openword.js >> CHI.log
echo y | del z:\new\*.*
net use z: /delete
9/29/2014
Script: Time To Open Word Document
var myApp = new ActiveXObject("Word.Application");
myApp.Visible = true;
// Remember when we started
var start = new Date().getTime();
myApp.Documents.Open("Z:\\openword\\1M.doc");
//myApp.ActiveDocument.SaveAs("Z:\\openword\\1M.doc");
myApp.Documents.Close();
// Remember when we finished
myApp.Application.Quit();
var end = new Date().getTime();
// Now calculate and output the difference
var time = end - start;
var mo = new Date().getMonth()+1;
if (mo < 10) { mo = "0" + mo };
var day = new Date().getDate();
if (day < 10) {day = "0" + day};
var year = new Date().getFullYear();
var hrs = new Date().getHours();
if (hrs < 10) {hrs = "0" + hrs};
var m = new Date().getMinutes();
if (m < 10) {m = "0" + m};
var s = new Date().getSeconds();
if (s < 10) {s = "0" + s};
var dt = mo + "/" + day + "/" + year + " " + hrs + ":" + m + ":" + s
WScript.Echo(dt, time / 1000);
save as c:\temp\testword.js
run from CMD.EXE: cscript c:\temp\testword.js
Will output something like: 9/29/2014 22:43:25 , 3.252
9/26/2014
Test Word Open & Save Repeatedly
var i;
var myApp = new ActiveXObject("Word.Application");
myApp.Visible = true;
for (i = 0; i < 1234; i++)
{
myApp.Documents.Open("C:\\TEMP\\testword.doc");
//myApp.ActiveDocument.SaveAs("C:\\TEST\\testword.doc");
myApp.Documents.Close();
}
myApp.Application.Quit();
paste in editor and save as "test.js" for example.
to run: cscript test.js
9/19/2014
Powershell: Get list of files in folder
$workdir = "c:\parse"
$inputdir = $workdir + "\input"
# Get file listing
if (-not (test-path $inputdir)) {
"Folder: $inputdir"
"Does not exist!"
exit
}
$files = get-childitem $inputdir -name
if (-not ($files)) {
"Folder: $inputdir"
"Contains no files!"
exit
}
Powershell - Date String for File Name
$now = get-date -format yyyyMMddHHmmss
$outfile = $now + ".csv"
9/08/2014
8/21/2014
Powershell: Get SharePoint List
$credential = get-credential $uri = "http://tskm/apps/systemscatalog/_vti_bin/lists.asmx?WSDL" $listName = "Server Catalog" # Create xml query to retrieve list. $xmlDoc = new-object System.Xml.XmlDocument $query = $xmlDoc.CreateElement("Query") $viewFields = $xmlDoc.CreateElement("ViewFields") $queryOptions = $xmlDoc.CreateElement("QueryOptions") $query.set_InnerXml("FieldRef Name='Full Name'") $rowLimit = "1000" $list = $null $service = $null try{ $service = New-WebServiceProxy -Uri $uri -Namespace SpWs -credential $credential # -UseDefaultCredential } catch{ Write-Error $_ -ErrorAction:'SilentlyContinue' } if($service -ne $null){ try{ $list = $service.GetListItems($listName, "", $query, $viewFields, $rowLimit, $queryOptions, $null) } catch{ Write-Error $_ -ErrorAction:'SilentlyContinue' } } $output = $list.data.row foreach ($item in $output) { if ($item.ows_DeploymentStatus = "Production") { [string]$server=$item.ows_Title [string]$status=$item.ows_DeploymentStatus "$server - $status" } }
NETMON CMD LINE
Run Windows Network Monitor from CMD
I had a confusing problem with Network Monitor 3.4. When I opened it, I got a warning about parsers not loading. Then the capture would not start saying the capture filter was invalid. Eventually I tried it from the command prompt and it worked.NMCap /network * /capture /file output.cap:50M
8/18/2014
Managing ADMX files… Windows Server 2008 R2 Domain Controller & Windows Server 2012 / Windows 8 Member Machines
Managing ADMX files… Windows Server 2008 R2 Domain Controller & Windows Server 2012 / Windows 8 Member Machines
From: KiloRoot From one of the 2008R2 DC's, visit the following links to update the ADMX files: Server 2012/8 Server 2012R2/8.1Windows 2012 R2 DC Setup Walkthrough
Walkthrough: Windows 2012R2 Domain Controller Setup
http://blogs.catapultsystems.com/drowe/archive/2014/03/24/installing-windows-2012-r2-domain-controller.aspxCisco ASA - peak concurrent vpn connections
Cisco ASA - Peak Concurrent VPN Connections
How many concurrent VPN connections have I ever had? From CLI:show vpn-sessiondb detail
7/21/2014
6/25/2014
6/24/2014
Isilon CLI - list serial numbers
Isilon: CLI - list serial numbers
isi_for_array -s isi_hw_status -i | grep SerNo:
5/31/2014
Useful Isilon Commands for Troubleshooting
Thanks to NerdSector.com
Here are some some useful Isilon commands to assist you in troubleshooting Isilon storage array issues.
Grep the log for stalled drives on the isilon cluster
cat /var/log/messages |grep -o 'stalled: [0-9,*:]*'|sort |uniq -c
(Stalled drives are bad, and can cause cluster problems. you could also run this command on the individual nodes /var/log/restripe.log )
Grep the log for stalled drives on the isilon cluster for month of Sept
grep 'Nov ' /var/log/messages |grep -o 'stalled: [0-9,*:]*'|sort |uniq -c
Use this on the restripe.log
grep 'Nov ' /var/log/restripe.log |grep -o 'Stalled drives are \[[0-9,*:]*\]'|sort |uniq -c
When reviewing the results of the stalled drives it is important to note that the drive numbers listed is the logical drive number and not the bay number. You need to run the command “isi devices” on the node with the suspect drive to determine what bay the drive is actually in.
Display the SMART error log of all the drives on a given isilon node:
isi_radish -a|less
Display the current isilon Flexprotect Policy
isi get /ifs
Display the current isilon node hardware status:
isi_hw_status
Display the status of the isilon node network config
isi config
then while in the config utility
status
Display this list of alerts in wide format
isi alerts -w
Start/Stop/Resume/Pause Restriper jobs
isi restripe pause
isi restripe start
isi restripe stop
isi restripe resume -i
Display the drive status of a given isilon node
#for node 3
isi devices -d 3
Display the SAS drives Physical Monitoring stats for errors
less /var/log/isi_sasphymon.acc
Test Active Directory connections from all isilon nodes
isi_for_array wbinfo -t
To find an open file on Isilon Windows share
isi_for_array -q -s smbstatus | grep
isi_for_array -q -s smbstatus -u| grep to get the user
Note: The isi_for_array command runs the command on all of the nodes. This command will ask for the user’s password so that it can login to the other nodes and complete the command. When passing the results of a “isi_for_array” command to another command such as grep (like the example above) will require the user password so that it can be passed to the other nodes. There is no prompt for the password so you must enter it on the next line and press enter to get the results of the command.
5/15/2014
Redistribute selected static routes into OSPF
Cisco: Redistribute Selected Static Routes into OSPF
ip access-list standard 10
10 permit 10.15.1.0 0.0.0.255
20 permit 10.15.10.0 0.0.0.255
30 permit 10.15.101.0 0.0.0.255
40 permit 10.15.201.0 0.0.0.255
route-map CLT-Routes permit 10
match ip address 10
router ospf 1
redistribute static subnets route-map CLT-Routes
4/25/2014
4/23/2014
ESXTOP & Performance Management
VMware Performance Management, ESXTOP
Get-EsxTop Part 1Get-EsxTop Part 2
Interpreting Results
More on Performance Counters
vmware vCPU best practices
VMware vCPU best practices
Great discussion: corespersocket affect on performanceInteresting Idea: E-Mail notice to users of pending password expiry
Interesting Idea: E-Mail notice to users of pending password expiry
Powershell on TechNetArchive Copy of Script
4/14/2014
Link: DMVPN Explained
Link: DMVPN Explained
The following is a great blog post about how mGRE tunnels work and DMVPN: DMVPN ExplainedAs a PDF: DMVPN-Explained.PDF
3/20/2014
Cisco Nexus SNMP Hang
SNMP Process hangs on Cisco Nexus Switch
The SNMP process will stop responding on Nexus 5010 NXOS version 5.0(3)N2(1)It appears upgrading to latest version is supposed to fix it.
Or a workaround is to unload the BRIDGE-MIB with the following command from config mode:
no snmp-server load-mib dot1dbridgesnmp
(this will not persist after a reload.)
3/04/2014
Cisco ASA - Java Issues
Cisco ASA - Java Issues
Windows: Start > Control Panel > Java Control Panel
Mac: click on Java icon in System Preferences
- In the Exception Site List section at the bottom, click Edit Site List and add the ASA you want to manage with ASDM: https://x.x.x.x, where x.x.x.x is the IP address of the ASA
3/03/2014
Windows Domain Time Sync
Windows Domain Time Sync
Do the following on servers/workstations to point them to the domain as time reference and sync time:2/21/2014
EXCEL: SUM of only visible cells
EXCEL: SUM of only visible cells
From: http://stackoverflow.com/questions/759656/how-does-one-sum-only-those-rows-in-excel-not-filtered-outIf you are 'filtering' by hiding rows, the function number should be updated to 109.
The function number 109 is for the SUM function as well, but hidden rows are ignored.
VMware KB: Microsoft NLB not working properly in Unicast Mode
VMs Setup to Use Windows NLB in Unicast Mode Lose Network Connectivity When HP Virtual Connect Module is Replaced - VirtuallyHyper
VMware KB: Microsoft Network Load Balancing Multicast and Unicast operation modes
2/18/2014
MICROSOFT Performing a Software True-up in Under 5 Minutes
Windows 2008 R2 multiprocessor HAL
Windows 2008 R2 - Switch to multiprocessor HAL
1. See the current HAL version: Open Device Manager and Expand COMPUTER Right-click the HAL and go to drivers tab and Update Driver to install a new one. 2. msconfig -> boot options -> advanced -> Confirm that the # processors is not defined there - uncheck the box. Also from here, there is option to "rescan for HAL"2/07/2014
2/06/2014
Wireshark Troubleshooting
Wireshark Troubleshooting Videos
There is a lot of great stuff on YouTube. By the way I find it is even more excellent to watch YouTube with my Roku. But I digress. There are a lot of Laura Chappell videos about network troubleshooting with Wireshark. Much of it is in the Laura's Lab Kit distribution at: http://llk11-2014.s3.amazonaws.com/lauraslabkit11b.zip Here is one example of a great video that demonstrates Wireshark features for troubleshooting: https://www.youtube.com/watch?v=70dRbN4Y2no&feature=player_embedded&list=UUfdeux1c9erKgFAwSpTlICA Links to others and my notes from each are available in this document: Wireshark NotesCisco Daisy Chained Consoles
Cisco Daisy Chain Console
Daisy Chaining from one device to another can be a great backup method to access network devices without having to have a modem (or more than one.) So, if I want to be able to get to the console on a core switch at a site after having a local contact boot it up, I could enable this by connecting a cisco rollover cable from my router to the switch. This would allow me to connect to the router over the WAN side interface and then connect to the switch from the router.Cable to buy
Need a “rollover cable.” This is the product:Rollover Cable
http://www.cdw.com/shop/products/StarTech.com-Cisco-Console-Rollover-Cable-RJ45-Ethernet-network-cable/2437620.aspx
Setup
- connect rollover cable from router
AUX
port to Core SwitchCONSOLE
port - Config on Router:
line aux 0
transport input telnet ssh
How to use
- Connect to router and logon
telnet [ROUTER IP] 2001
- Logon
- To exit and return to router session, type
CTRL+SHIFT+6
and then hitX
2/04/2014
Catalyst Switches for Microsoft Network Load Balancing Configuration Example - Cisco Systems
1/30/2014
Run a command on every server in domain. (Powershell v2 compatible)
############################################################################################################# # # run-remote.ps1 # # run a command on each server in the domain # log results to file and e-mail report of failures # $rcmd = "ping cmsweb" $success = "Reply from" $logfile = ".\run-remote.log" $outfile = ".\cmsweb-test.html" $rptname = "cmsweb reachability" $recipient = "user@domain.com" ############################################################################################ # Create $list of server names for all Windows servers in Active Directory # $strCategory = "computer" $strOS = "Windows*Server*" $objDomain = New-Object System.DirectoryServices.DirectoryEntry $objSearcher = New-Object System.DirectoryServices.DirectorySearcher $objSearcher.SearchRoot = $objDomain $objSearcher.Filter = ("OperatingSystem=$strOS") $colProplist = "dnshostname" foreach ($i in $colPropList){$objSearcher.PropertiesToLoad.Add($i)} $colResults = $objSearcher.FindAll() foreach ($objResult in $colResults) { $objComputer = $objResult.Properties; $Server = $objComputer.dnshostname $Server = $Server -replace "\s{2,}", "" $Server = $Server -replace "\.usa\.domain\.com", "" if ($Server) { $list = $list + $Server } #skip a null value } $list = $list | sort-object ### clear-host $today = get-date $today | out-file $logfile "Run: $rcmd" $username = read-host "Logon" $pw = read-host -AsSecureString "Password" $pass = [Runtime.InteropServices.Marshal]::PtrToStringAuto( [Runtime.InteropServices.Marshal]::SecureStringToBSTR($pw)) ############################################################################################ # Report Heading $report=@' Server Time Issues
'@ $report+=$today $report+="Command: $rcmd" $report+="
Server | IP Number | Result | " ############################################################################################ # Run for every server in list foreach ($computer in $list) { If (Test-Connection -computername $computer -Quiet -count 1){ #respond to ping? #get IP address $conn = test-connection -computername $computer -count 1 $ip = $conn.IPV4Address.IPAddressToString "Executing remotely from $computer - $ip" $cmd = "c:\util\psexec.exe /acceptEula \\$computer -u $username -p $pass -w c:\ $rcmd" $result = invoke-expression $cmd if ($result -like "$success*") { #success "$computer - $ip" + ": <$rcmd> -> Success" | out-file $logfile -append # $report+=('
---|---|---|
' + $computer + ' | ') # $report+=('$ip | ') # $report+=('Success | ') # $report+=('
' + $computer + ' | ') $report+=('$ip | ') $report+=('Fail | ') $report+=('
1/29/2014
NMCap: the easy way to Automate Capturing - Network Monitor - Site Home - TechNet Blogs
newsoft's tech blog: Pentester trick #8: command-line sniffing made easy
- Download and install Microsoft Network Monitor on a standalone computer.
- Upload nmconfig.exe and nmcap.exe on the target computer.
- Enable the Microsoft Network Monitor Driver: nmconfig /install
- Test: nmcap /displaynetworks
- Sniff all TCP traffic on every local interface: nmcap /network * /capture tcp /File tcp.cap
- Disable the Microsoft Network Monitor Driver: nmconfig /uninstall
Technical thoughts: Dependence between ARP max age time and MAC-address aging on Cisco switches
1/24/2014
Operations: How to Measure :: Chapter 11. IP SLA :: Part II: Implementations on the Cisco Devices :: Network Management :: Networking :: eTutorials.org
Cisco SLA Packet Samples – generate traffic « Pete's Packet
GNS3 IP SLA Traffic Generator | Blog
1/16/2014
How to integrate Exchange Server 2013 with Lync Server 2013, Lync Online, or a Lync Server 2013 hybrid deployment
1/15/2014
Check Time on VMWare Hosts
##########################################################################################
# esx-time.ps1
#
# Gather local time and time zone for all servers in AD.
# Report servers with time different from machine on which script is run
# E-Mail report to designated recipient.
#
# Requires vmware power cli
# "set-powercliconfiguration -InvalidCertificateAction Ignore" to ignore cert errors
#
#
##########################################################################################
Add-PSSnapin VMware.VimAutomation.Core -ErrorAction SilentlyContinue
#VCS
$vcs="privcs01" # PRIVDIVC1, PRIDEVVC1, PRIVCSVDI01, SECVCS01
# E-Mail Recipient
$recipient="administrator@DOMAIN.com"
# Greatest acceptable time difference
$maxdiff=59
$outfile = "c:\dev\esx-time.html"
$user = "usa\svc_vmware"
$pw = Read-Host "Password for $user" -AsSecureString
$rootpw = Read-Host "Password for root" -AsSecureString
#convert $pw to plain text
$pass = [Runtime.InteropServices.Marshal]::PtrToStringAuto(
[Runtime.InteropServices.Marshal]::SecureStringToBSTR($pw))
#convert $rootpw to plain text
$rootpass = [Runtime.InteropServices.Marshal]::PtrToStringAuto(
[Runtime.InteropServices.Marshal]::SecureStringToBSTR($rootpw))
############################################################################################
# Get List of Host Names from VCS server
#
write-host "Getting Server List from VCS"
connect-viserver -Server $vcs -User $user -Password $pass -ErrorAction SilentlyContinue > $null
$hosts = get-vmhost
disconnect-viserver -confirm:$false -ErrorAction SilentlyContinue > $null
$list = @()
foreach ($Server in $hosts) {
$Server = $Server -replace "\s{2,}", ""
$Server = $Server -replace "\.usa\.DOMAIN\.com", ""
if ($Server) { $list = $list + $Server } #skip a null value
}
$list = $list | sort-object
write-host "COMPLETE"
###
#clear-host
$today = get-date
############################################################################################
# Report Heading
$report=@'
VMWare Host Time Issues
'@
$report+=$today
$report+="
Server Date Time Off(s) "
############################################################################################
# Query every server in list
write-host "Checking each server:"
foreach ($item in $list) {
$flag=" "
$dt=""
$srvtime=""
$hour = ""
$min = ""
$sec = ""
$month = ""
$day = ""
$year = ""
$comp = ""
$d = ""
$t = ""
$computer = $item
$comp = "{0,-16}" -f $computer
$comp = $comp.padright(16," ")
write-host ">$computer<"
If (Test-Connection -computername $computer -Quiet -count 1){ #respond to ping?
write-host " PING - SUCCESS"
write-host " Time Query"
$output=""
$block = @'
$machine = $args[0]
$pass = $args[1]
Add-PSSnapin VMware.VimAutomation.Core -ErrorAction SilentlyContinue
connect-viserver -server $machine -user "root" -password $pass -WarningAction SilentlyContinue -ErrorAction SilentlyContinue > $null
# $time = (get-view serviceinstance).CurrentTime()
# $time
((get-view serviceinstance).CurrentTime())
'@
$sb = [scriptblock]::create($block)
$args=@()
$args = ($computer, $rootpass)
start-job -name $computer -scriptblock $sb -argumentlist $args > $null
Wait-Job -name $computer -Timeout 60 > $null
$output = Receive-Job $computer
#$output
#disconnect-viserver -server $computer -confirm:$false #-ErrorAction SilentlyContinue > $null
if ($output) {
$dt = $output
write-host "DT=$dt"
}
else {
write-host "$computer`tERROR: No time Query Output"
$report+='' + $comp + ' '
$report+='' + "ERROR - No response to date/time query" + ' '
$report+=' '
continue
} # end if output
}#end if ping
else { # No PING response
write-host "$computer`tERROR: No PING Response"
$report+='' + $comp + ' '
$report+='' + "CONNECTION ERROR: No response to PING" + ' '
$report+=' '
continue
}
[string] $month = [System.Convert]::ToString($dt.Month)
$month = $month.padleft(2,"0")
[string] $day = [System.Convert]::ToString($dt.Day)
$day = $day.padleft(2,"0")
[string] $year = [System.Convert]::ToString($dt.Year)
$year = $year.padleft(4,"0")
$d = $month + "/" + $day + "/" + $year
write-host " Date=$d"
[string] $hour = [System.Convert]::ToString($dt.Hour)
$hour = $hour.padleft(2,"0")
[string] $min = [System.Convert]::ToString($dt.Minute)
$min = $min.padleft(2,"0")
[string] $sec = [System.Convert]::ToString($dt.Second)
$sec = $sec.padleft(2,"0")
$t = $hour + ":" + $min + ":" + $sec
write-host " Time=$t"
if ($dt) { #$dt not null
$srvtime=($dt.Minute)*60+($dt.Second)
$refmin = ""
$refsec = ""
$now = get-date
$cmptime = ($now.Minute)*60+($now.Second)
[string] $min = [System.Convert]::ToString($now.Minute)
$refmin = $min.padleft(2,"0")
[string] $sec = [System.Convert]::ToString($now.Second)
$refsec = $sec.padleft(2,"0")
$reftime=$refmin+":"+$refsec
#Compare server time to script machine time.
$diff=$cmptime-$srvtime
write-host " Time Diff=$diff"
if (($diff -gt $maxdiff) -or ($diff -lt (-1*$maxdiff))) { $flag="*" }
write-host "$flag$comp`t$d`t$t`t$flag$diff$flag`t" $timezone.Description
if ($flag -eq "*") { #time difference is too great
$report+=('' + $comp + ' ')
$report+=('' + $d + ' ')
$report+=('' + $t + ' ')
$report+=('' + $diff + ' ')
$report+=(' ')
}
}# end if null
}#end foreach computer
###
$report+="
"
$report | out-file $outfile
############################################################################################
#e-mail the report
$messageSubject = "VMWare Host Time Report"
$smtpServer = "smtp.DOMAIN.com"
$smtpFrom = "noreply@DOMAIN.com"
$smtpTo = $recipient
$message = $report
send-mailmessage -to $smtpTo -from $smtpFrom -subject $messageSubject -body $message -smtpserver $smtpServer -BodyAsHtml
###
remove-job * -force
1/03/2014
Powershell Format Operator
Powershell Format Operator "-f"
Operator | Example | Results | Description |
---|---|---|---|
{0} | Display a particular element | "{0} {1}" -f "a", "b" | a b |
{0:x} | Display a number in Hexadecimal | "0x{0:x}" -f 181342 | 0x2c45e |
{0:X} | Display a number in Hexadecimal uppercase | "0x{0:X}" -f 181342 | 0x2C45E |
{0:dn} | Display a decimal number left justified, padded with zeros | "{0:d8}" -f 3 | 00000003 |
{0:p} | Display a number as a percentage | "{0:p}" -f .123 | 12.30 % |
{0:c} | Display a number as currency | "{0:c}" -f 12.34 | $12.34 |
{0,n} | Display with field width n, left aligned | "|{0,5}|" -f "hi" | | hi| |
{0,-n} | Display with field width n, right aligned | "|{0,-5}| -f "hi" | |hi | |
{0:hh} {0:mm} | Display the hours and minutes from a date time value | "{0:hh}:{0:mm}" -f (Get-Date) | 01:34 |
{0:C} | Display using the currency symbol for the current culture | "|{0,10:C}|" -f 12.3 | | $12.40| |
1/02/2014
There are a few folks with suggestions out there. One is to use a job to run the query. Unfortunately this leaves those jobs stuck out there so if a lot of my servers have WMI screwed up I suppose doing this could crash my management machine.
This example is to get the current time and time zone from every server machine in my AD domain.
########################################################################################## # CHECK-TIME.PS1 # # Gather local time and time zone for all servers in AD. Convert times to GMT & compare # Report servers with time different from machine on which script is run # E-Mail report to designated recipient. # ########################################################################################## # E-Mail Recipient $recipient="user@domain.com" # Greatest acceptable time difference $maxdiff=59 $outfile = "c:\dev\check-time.html" If (Test-Path $outfile){ Remove-Item $outfile } $logfile = "c:\dev\check-time.log" If (Test-Path $logfile){ Remove-Item $logfile } $mytimezone = get-wmiobject Win32_Computersystem -property CurrentTimeZone, daylightineffect $myoffset = $mytimezone.CurrentTimeZone #GMT offset in minutes $mydst = $mytimezone.daylightineffect if ($mydst) { $myoffset+=60 } ########################################################################################## # FUNCTION: Check for TCP response on $port function Test-Port { Param( [string] $srv, $port=135, $timeout=1500, [switch]$verbose ) # TCP connect $port $ErrorActionPreference = "SilentlyContinue" $tcpclient = new-Object system.Net.Sockets.TcpClient $iar = $tcpclient.BeginConnect($srv,$port,$null,$null) $wait = $iar.AsyncWaitHandle.WaitOne($timeout,$false) # Check to see if the connection is done if(!$wait) { # Close connection, report timeout $tcpclient.Close() if($verbose){write-host "Connection Timeout" } Return $false } else { # Close connection, report any error $error.Clear() $tcpclient.EndConnect($iar) | out-Null if(!$?){if($verbose){write-host $error[0]};$failed = $true} $tcpclient.Close() } # Return $true if connection established if($failed){ return $false } else { return $true } } # http://technet.microsoft.com/en-us/library/ff730959.aspx # # End of functions ########################################################################################## ############################################################################################ # Create $list of server names for all Windows servers in Active Directory # $strCategory = "computer" $strOS = "Windows*Server*" $objDomain = New-Object System.DirectoryServices.DirectoryEntry $objSearcher = New-Object System.DirectoryServices.DirectorySearcher $objSearcher.SearchRoot = $objDomain $objSearcher.Filter = ("OperatingSystem=$strOS") $colProplist = "dnshostname" foreach ($i in $colPropList){$objSearcher.PropertiesToLoad.Add($i)} $colResults = $objSearcher.FindAll() foreach ($objResult in $colResults) { $objComputer = $objResult.Properties; $Server = $objComputer.dnshostname $Server = $Server -replace "\s{2,}", "" $Server = $Server -replace "\.usa\.domain\.com", "" if ($Server) { $list = $list + $Server } #skip a null value } $list = $list | sort-object ### clear-host $today = get-date ############################################################################################ # Report Heading $report=@' Server Time Issues
'@ $report+=$today $report+="
Server | Date | Time | Off(s) | Time Zone | " ############################################################################################ # Query every server in list foreach ($result in $list) { $flag=" " $timezone="" $dt="" $srvtime="" $hour = "" $min = "" $sec = "" $comp = "" $d = "" $t = "" $computer = $result $comp = "{0,-16}" -f $computer $comp = $comp.padright(16," ") #write-host ("$Computer"+":") #("$Computer"+":")|out-file $logfile -append If (Test-Connection -computername $computer -Quiet -count 1){ #respond to ping? $a = Test-Port $computer $dst="" $timezone="" $output="" $offset="" if ($a) { # resonds on RPC? #timezone $block = "get-wmiobject Win32_Computersystem -computer $computer -property CurrentTimeZone, daylightineffect" $sb = [scriptblock]::create($block) start-job -name $computer $sb > $null Wait-Job -name $computer -Timeout 10 > $null $output = Receive-Job $computer $block = "Get-WmiObject -class Win32_TimeZone -ComputerName $computer" $sb = [scriptblock]::create($block) start-job -name $computer $sb > $null Wait-Job -name $computer -Timeout 10 > $null $timezonedesc = Receive-Job $computer $tz = $timezonedesc.description if ($output -ne $null) { $timezone = $output $offset = $timezone.CurrentTimeZone #GMT offset in minutes $dst = $timezone.daylightineffect if ($dst) { $offset+=60 } } else { write-host "$computer`tERROR: No WMI Query Output" "$computer`tERROR: No WMI Query Output" | out-file $logfile -append $report+='
---|---|---|---|---|
' + $comp + ' | ' $report+='' + "WMI ERROR - No response to timezone query" + ' | ' $report+='|||
' + $comp + ' | ' $report+='' + "WMI ERROR - No response to date/time query" + ' | ' $report+='|||
' + $comp + ' | ' $report+='' + "RPC ERROR - No response on port " + $port + ' | ' $report+='|||
' + $comp + ' | ' $report+='' + "CONNECTION ERROR: No response to PING" + ' | ' $report+='|||
' + $comp + ' | ') $report+=('' + $d + ' | ') $report+=('' + $t + ' | ') $report+=('' + $diff + ' | ') $report+=('' + $zone + ' | ') $report+=('
Dealing with WMI Timeouts — Steven Murawski
Get-WmiCustom (aka: Get-WMIObject with timeout!) - musc@> $daniele.work.ToString() - Site Home - MSDN Blogs
Function Get-WmiCustom([string]$computername,[string]$namespace,[string]$class,[int]$timeout=15)
{
$ConnectionOptions = new-object System.Management.ConnectionOptions
$EnumerationOptions = new-object System.Management.EnumerationOptions
$timeoutseconds = new-timespan -seconds $timeout
$EnumerationOptions.set_timeout($timeoutseconds)
$assembledpath = "\\" + $computername + "\" + $namespace
#write-host $assembledpath -foregroundcolor yellow
$Scope = new-object System.Management.ManagementScope $assembledpath, $ConnectionOptions
$Scope.Connect()
$querystring = "SELECT * FROM " + $class
#write-host $querystring
$query = new-object System.Management.ObjectQuery $querystring
$searcher = new-object System.Management.ManagementObjectSearcher
$searcher.set_options($EnumerationOptions)
$searcher.Query = $querystring
$searcher.Scope = $Scope
trap { $_ } $result = $searcher.get()
return $result
}