SysAdmin – Page 2 – snydersoft.com

VPN issues when Local network matches Corporate network

I have been experiencing this problem more and more, as the proliferation of non-routable ip networks increases. Basically, I am at an airport, hotel, customer site, or other location and they happen to be using the same ip address range as we do at the corporate offices.

For example:

Corporate uses 10.1.x.x network range (mail server is at 10.1.1.5 as an example)

The location that I am getting network from uses either 10.x.x.x or maybe just 10.1.1.x… but either way, the problem is the same.

The VPN connects successfully however after that all traffic for the mail server (as an example) is not routed thru the VPN since it matches the local network and doesn’t forward it thru the tunnel.

Possible solutions:

1) Setup a secondary VPN server on a different ip network and over-lay for example a 192.168.x.x range over the 10.1.x.x range (but all servers would need an address on both networks, hard to maintain)… and the user would need to change the “mail server” in their client to use the other VPN connection.

2) Attempt to get a “routable” ip address from the location you are at… this may be viable if you are using a cable-modem or DSL from a provider and will be doing this all the time. However, the typical hotspot isn’t going to be willing to accomodate you and may not even have a clue when you ask.

3) Try another VPN solution…. PPTP or IPSEC or OpenVPN… but they all are routed and expect that you will not have matching networks.

4) Final solution, and one that I have working as a “demo” but am not really happy with the administration overhead of the solution…. is to use SSH tunneling to get to specific servers. This is fast and works pretty well… but then mail clients/etc need to be configured to use localhost:port with special ports for each service…. and they need to have a putty ssh window open to the ssh-server (minor I know). But if you configure the mail client to use this as their mail server… then even when they are in the building they would need to download all their emails thru this ssh tunnel (not ideal).

I am still searching for the best practice for this issue… and I have to imagine that we are not the only company running into this issue. However, this isn’t something that google has turned up any great ideas for. Please post a comment with your suggestions or send me an email with your solution to this problem.

Profile Error Currently Fighting

I have been researching and trying to resolve this error for the past couple of weeks (off and on). It only happens on Windows 2000 machines, and seems to have started sometime in Aug-2007. Other items, it only happens if the machine is left on over night, and rebooting will fix the problem.

The “Details: The system cannot find the file specified” would be helpful if it listed a file it was having problems with.

TIDBIT: This post was the first using the Adobe Air Application “Bee” and it’s ability to work with my Flickr Photos and this blog at the same time.

Make the most of your Google Calendar

I was passed along this posting…

http://webworkerdaily.com/2007/03/22/rock-your-google-calendar-in-18-ways/

and since I learned a number of things that Google Calendar could do, I figured I would pass along this link in case others are looking to improve their Google Calendar “skills”.

Support for MacBook Pro

Called Apple Care today, regarding a MacBook Pro that appears to have a
“moldy” spot on the LCD just to the left of center. They indicated that I
would need to take the unit to an Authorized Service Center or the local
Apple Store and have the techs review it and determine what needs to be
done.

They provided me with two Authorized Service Centers that were supposedly
local to me. When I called to make sure that I could just stop by they
indicated that I would need to go to their “Depot” center both more than
30mins away. So I called back and asked for a “reservation” at the Apple
Store for the review/repair. If I am going to drive 30mins, I might as well
do it at the Apple Store instead of an authorized service center. I was
able to acquire a timeslot just after lunch at 1pm.

I am frustrated with the Apple Care program, and the requirements and lack
of service that I have received so far. If I am purchasing a premium
product, and the associated “Apple Care” Support for it, I would expect
immediate service. “Take it to a service center or apple store” so that
they can “review” your complaint…. When none of them are within a short
drive (less than 30mins one way).

More details to follow, after I trek over to the Legacy Village Apple Store
and find out what they are willing to do about this problem.

*UPDATE*

Well, I was able to convince the Genius at the Genius Bar that the problem warrants a replacement (or at least an attempt at a replacement). He did make me aware that they a certain amount of “pixel” problems are considered “normal” and not covered under the warranty. However, he couldn’t make that determination and was willing to send it in and see if what “they” think. What made the experience frustrating is that I had to drive 35mins to then stand and wait for 30mins (beyond my appointment time) to get someone to look at it… and then another 30mins for him to agree and get all the paperwork filled out. I guess if two hours of my day warrants a new screen *maybe* it is worth it…. but it definitely is more work than it needs to be.

*UPDATE* Oct-5th, Received the laptop back from Apple with a new screen. No charge. It took a fair amount of hassle to get this outcome, but at least it was fixed.

Restore Missing “Show Desktop” Icon

I recently had to help someone restore the “Show Desktop” icon, after they
accidentally deleted it from their Quick Launch bar in Windows XP. I found
this handy little utility, and wanted to pass it along to those that may
need it.

http://www.dougknox.com/xp/utils/xp_showdesktop.htm

Large Outlook PST files

If you are using Outlook 2003, or possibly Outlook 2007, and are
getting a message about your Personal Folder (.pst file) being full,
you can fix it using the details below:

If you have upgraded from a version Office before 2003, the PST files
that are being created are in a Office97-2002 format, and those pst
files have a limit of 2GB in maximum size. However, you can create a
new “Personal Folder” in the new “Personal Folder File” format that
allows you to grow the file to 20GB. You can then import the
messages from the older PST file into this new file. And then you
can setup Outlook to use that new file as the primary storage file
for email and you can store 20GB of email in a single PST. To change
the primary storage, just go to Tools->Email Accounts-> View/Change
Email Account Settings and in the pull down at the bottom pick your
new Personal Storage file. Once you have done that you can close the
old PST file and not show it in Outlook (just right-click on the top
level of it and choose “close ‘old pst name'”.

Factory PreInstall Flag causing problems

This weekend, I was asked to look at a system that wouldn’t allow the owner to use a USB External Harddrive (Maxtor Personal Storage 3200, 160GB). It was correctly seen by the machine and available in device manager, and the disk management utilities. However, it wasn’t assigned a drive letter by default, and attempts to assign it one failed. Windows would indicate that it had a drive letter but it never showed up in Explorer and reboot or refresh the disk management list and the drive-letter would be removed.

In the Event Viewer, I found the following error:

Event ID:270

Event Type: Warning
Event Source: PlugPlayManager
Event Category: None
Event ID: 270
Date: 7/10/2007
Time: 7:54:53 AM
User: N/A
Computer: computer
Description:
Plug and Play user-interface dialogs have been suppressed in Factory Mode.

After searching the internet, I found a reference to this message, and a “FactoryPreInstallInProgress” registry key that appears to have fixed the problem:
http://forums.techguy.org/…

Details:

Under the Startup key, deleted the
“FactoryPreInstallInProgress”=dword:00000001

Deleted the entire
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Factory key.

Reboot, and it detected the hardware and displayed the balloon help indicating that it was successfully connected to the system. The USB hard drive was given a drive letter and everything worked as expected.

According to Microsoft, we as consumers shouldn’t see a system in this state. However, this particular user had a replacement e-Machine sent to him when his original failed, under warranty. I am guessing that some e-Machine technician didn’t complete some final step (removing this key/etc) before boxing and shipping the system out.

Nagios 2.9 is available

I was updating some Nagios configuration by hand editing various
configuration files. This “pain” reminded me to check and see if there were
any updates to Nagios, and of course there was a few updates (2.4 -> 2.9)
since the last time I updated it. I grabbed the latest Nagios and the latest
plugins to go with it… and updated my Nagios box.

I am now on the quest to see if I can find a Nagios configuration file
editor that works from PHP web pages. I have attempted to make NagEdit
work, but spending the better part of the morning getting the configuration
files/etc setup and read/written…. hasn’t produced a single page yet of
editable configuration for Nagios. So I will keep looking for this elusive
“tool” to make better use of Nagios.

If you don’t have a solid network monitoring program on your network, you
should give Nagios a try. It is rock-solid and has excellent
reporting/alerting features.

Microsoft Virtual Server 2005 R2 issues with TCP Offloading

If you install Microsoft Virtual Server on a “server” machine and after
starting a virtual host on the machine you lose all network connectivity to
the “host” machine you should read the following:

http://support.microsoft.com/kb/888750

It indicates that VS2005R2 has an issue with TCP segmentation offloading or
other “offloading” to the NIC … so you have to disable those features of
your network card to maintain connections with the “host” machine.

Dameware Mini-Remote Control v5

After putting off the upgrade as long as possible, I finally broke down and purchased the upgrade from v3.x. I was immediately impressed with the dual-monitor support, x64 OS support, and the transparent windows abilities. This product is great example of remote-administration/support software that allows an admin to install the daemon and start it remotely and then connect to it… all with just domain-rights and the ip/name of the machine.

For those of us that need to manage hundreds of desktops across multiple buildings or locations, this is a great way to “extend” your reach and still be able to show the user how to do something (all from the comfort of your office).