Default Wyse BIOS Password

Issue:
Need to access BIOS on a recent model Wyse terminal

Fact:
BIOS password is set from factory

Details:
The BIOS on most recent Wyse PXE capable thin clients is accessed by holding down the delete or F2 key during boot.

Once in the BIOS password screen enter:

Fireport

When prompted for the password. (F is in capital)

XenServer: Changing management adapter in pool

After going through several rounds of problems to move a management adapter for a xenserver pool, I have found the following working process. However, it is because of this processes that Citrix makes very clear that you should configure it properly in the first place, and if you need to make changes post-installation, to make them BEFORE you join it to a pool… Also you must change the subnet when changing interfaces. Even if you need to move it to a temporary, non-existant IP address space, and then move it back to the correct IP address space after you are on the correct network interface.

However, lets say you have a pool in production and you need to make the change…

1. Perform a metadata backup and back up your virtual machines before performing the rest of this procedure.
2. Disable High Availability from XenCenter, if enabled.
3. Disable external authentication (Active Director)
4. Log on to a pool member from the physical console and change the management interface IP address
5. From the xsconsole, go to Network and Management Interface > Configure Management Interface.
   1. Note: xsconsole freezes when the change is applied. You can use the key sequence CTRL+Z to gain access to the command prompt to run step 4 below. Then, use the command fg %1 to return to xsconsole and exit cleanly.
6. From the CLI: use the following command: xe pif-reconfigure-ip uuid= IP= gateway= netmask= DNS= mode=
7. To locate the correct PIF uuid for pif-reconfigure command, use the following command: xe pif-list params=uuid,host-name-label,device,management
8. From the CLI, run the following command: xe-toolstack-restart
9. The server enters the emergency mode. Verify that the server is using the new IP address. You can ping it from another host. Try a Secure Shell connection to it, or use the ifconfig command. Verify that the server is in emergency mode by running xe host-is-in-emergency-mode from the CLI. You should get True as the output.
10. Repeat steps 3 and 4 on each of the pool members.
11. Change the management interface IP address on the pool master using step 3 above.
12. Run the following command on the pool master: xe-toolstack-restart
13. DO NOT RUN THIS COMMAND ON THE POOL MASTER
    From the CLI, on each of the pool members, run xe pool-emergency-reset-master master-address=IP_OF_THE_MASTER.
    DO NOT RUN THIS COMMAND ON THE POOL MASTER
14. Verify the correct status of the pool. Connect with XenCenter to the new master’s IP address and check everything from there.
15. Re-enable High Availability and external authentication, if required

If during this process, any of your pool-slave hosts reboot and show missing management interface, and no network cards, please see our post over at: http://reddingitpro.wordpress.com/2012/04/07/xenserver-missing-network-cards-pool-member/

You can also view a video walk through of this process at: http://www.citrix.com/tv/#videos/4330

Adapted from CTX123477

XenServer: Missing network interface – pool member

I have encountered several times that after a shutdown and restart on a XenServer host when it is configured as a pool, sometimes the pool members come up with no management interface because there are no network cards shown. The main reason I have seen this is because the pool-master server changes its IP address – this could be something as simple as changing the IP address, a DHCP address change, or a change of the PIF (physical interface) used for management. In these cases, if the pool slave cannot find the master, it will go into emergency mode to protect the VMs. However, the problem this presents is that there are no network cards available on the slave, no management interface, and the VM’s which were running on that server (even if you’re using shared storage) are unavailable.

The resolution is very quick and simple…

First, verify that you are in emergency mode by running the following from the command line interface on the pool slave host “xe host-is-in-emergency-mode” – - if it returns TRUE then read on, if it returns FALSE then this will not resolve your problem.

Next, verify what the IP address is of your running POOL MASTER (this assumes your POOL MASTER is still running, otherwise you will need to perform an emergency transition)….

On the pool slave, run the following “xe pool-emergency-reset-master master-address=xxx.xxx.xxx.xxx” — where xxx.xxx.xxx.xxx is the IP address of your working pool master…

Upon success it will notify you it will make the change within 10 seconds….

After 10 seconds, run “xe host-is-in-emergency-mode” — if it returns false you should be all set. You may need to refresh (disconnect/reconnect) to the pool in XenCenter.

If your pool-master is unavailable, or all of your hosts are showing no network adapter, then you will need to transfer the master role to one of the servers, from the command line, run: “xe pool-emergency-transition-to-master”

That will make this host the new pool master. Return to the menu system “xsconsole” and document that IP address as the pool master, and then continue the documentation above.

Enjoy.

XenServer: Hung VM

I’ve experieneced several instances where a VM appears to hang and is non-repsonsive, not only at the console level, but also to the XenServer Hypervisor and XenCenter. Attempts to force shutdown the server using xe vm-reboot or xe vm-shutdown fail with the error “Another operation involving the object is currently in progress class: VM”.

This has worked consistently to recover this VM.

1 – “xe vm-list” to get the uuid of the VM that is hung
2 – “list_domains” to list the domain uuid’s so you can determine the domain # of the VM above by matching the uuids from this output with the uuid for your VM from the previous command.
3 – “/opt/xensource/debug/destroy_domain -domid XX” where XX is the domain number from the previous command
4 – “xe vm-reboot uuid=XXXX –force” where XXXX is the uuid from the first vm-list command for your VM.

Having “Good Time”

No, that’s not bad grammar… It is just a reminder that it is important for all windows systems to have “good time” and all be pulling from an accurate time source. In Active Directory based networks it is critical that all of your systems be no greater than 5 minutes apart from each other. Without this, it can lead to sporadic issues with users being unable to connect to resources on the network.

The best way to configure this for our clients is for the domain controllers to be pulling time from a reliable time source (such as pool.ntp.org) and then for domain servers and workstations to pull from the domain controllers.

BREAKING NEWS: Charter Internet Down for Redding and Red Bluff

Monday, March 5, shortly after 12pm Charter Internet went down in the Redding and Red Bluff Area. No service restoration time has been provided. This outage is affecting both business and home internet subscribers to the digital cable internet service.

 

UPDATE: 2:30pm – it appears that Charter internet service has been restored.

XenServer 6.0 – Import/Export OVF

We had received several OVF from a vendor who exported their VM’s from VMWare and we needed to import them into our XenServer 6.0 environment. After learning that this functionality is now built into Citrix XenServer and no longer needing XenConverter we were excited. However our initial test to import failed. After re-reading the documentation and searching several forums, nothing appeared to resolve the problem – the import would start and several seconds later it would fail.

So we imported the images into our VMWare environment to ensure the OVF’s were good, and even exported them again just to make sure the OVF files themselves were not the issue.

We then tried to export a XenServer VM via OVF and it failed as well. However we could import and export VXA files without issues. Okay, so we have it narrowed down. A bit more research brought us to this Citrix Blog about TransferVM

http://blogs.citrix.com/2010/12/09/diagnosing-xenserver-appliance-wizard-failures/

We attempted this but it said that the package as already installed.

We then contact Citrix who said to try: Nagivating to /opt/xensource/packages/files/transfer-vm and then running the uninstall-transfer-vm.sh

However that didn’t work, it prompted for a UUID but it didn’t document anything about the UUID

We brought this back to our test environment and it worked fine, we uninstalled and then installed and our OVF imports work properly. The difference between the test environment and production is that production is in a pool, whereas the test is standalone.

I have tried to find documentation on which UUID it is looking for but at this point I’ve tried it with the pool, host, and sr UUIDs to no avail. I might have to resort to cycling hosts out of the pool into standalone mode and reinstalling the transfer-vm component and then rejoining the pool.

The tools I use…

Here are some of my favorite applications I have installed on my computer, and often install right away, in no particular order:

1. Microsoft Office Professional Plus – This is the obvious must have software for anyone interacting with other businesses. I really enjoy the seamless operation between products and how it makes interacting with the business world so much easier. I have tried Open Office, and it is a faster, less bloated office productivity suite and significantly less expensive. However, it is still only 90% real-world compatible with Microsoft Office, and thus can be a real pain. This is especially true when it comes to situations where page formatting is critical. When you factor that in, in many cases, the time I would spend working around the compatibility issues, Microsoft Office is actually less-expensive — something I think people need to consider a bit more often when looking at free tools… But alas, this list is filled with free tools!
2. Microsoft Acrobat Professional – Yes, I have used (and continue to use) a number of low cost PDF creation tools such as pdf995 – which I really enjoy – and often recommend for users looking for simple print-to-pdf features; but I really appreciate all of the features which come in the full fledged product such as the ability to optimize scanned documents, perform OCR to make a scanned document searchable, and the ability to create interactive forms.
3. Notepad++ is probably the best text editor I have used in a long time. It is a great improvement over the built in Notepad. The color coding when viewing code such as HTML, PHP or Java is very helpful, and there are additional plug-ins available.
4. CuteHTML is a no longer a developed application but I have used it for so long I am simply used it’s interface and appreciate the built-in FTP application. I use it frequently to edit HTML and PHP code. I know there are better applications out there, but this is simply used out of familiarity and habit.
5. CuteFTP is my preferred paid for FTP application for ages, but I have honestly stopped installing it on new systems and simply use Filezilla which features match close enough to meet 99% of my needs. This program permits multiple FTP downloads from mutliple FTP server at the same time and supports FTP, sFTP and FTPS. It is mature and actively developed.
6. Virtual Drive Clone - my favorite application for mounting ISO images as optical media.
7. Microsoft One Note – while technically part of the Microsoft Office Suite above, I call this one out for two tools that a lot of people don’t know about. First is that there is a screen clipping tool built into it. There are a lot of screen clipping tools available, both free and paid for, but this one is already built into a Microsoft Office application, so there is no extra software to download, install, patch or even take up system resources. A simple press of windows-S enables you to clip any part of the visible windows. I use this frequently for creating documentation or power point presentations. The second part is that it is slowly replacing my trusty physical paper notepad. And using One Note 2010 with Microsoft Skydrive, it keeps my laptop, desktop and work computers all sync’ed. Love it!
8. Drop Box – along the lines of syncing data, I am starting to use Drop Box for non sensitive data. They can help keep your data synced between multiple devices including mobile devices. Due to a recent security flaw, there was the potential for your data to be accessed by other users. As with any technology like this, I discourage the use for anything sensitive.
9. Keepass safe – A password manager which helps you to manage your passwords in a secure way. You can put all your passwords in one database, which is locked with one master key or a key-disk.
10. VLC – A highly portable multimedia player for various audio and video formats (MPEG-1, MPEG-2, MPEG-4, DivX, mp3, ogg, …) as well as DVDs, VCDs, and various streaming protocols.
11. Log me in – Each of my systems has this installed, and I really appreciate that even after you logon to the website, to access your system, it still requires you to enter whatever password you use on your computer to access it.
12. Trillian – While I rarely use instant messenger anymore, Trillian is a fantasic,  fully featured, stand-alone, skinnable chat client that supports AIM, ICQ, MSN, Yahoo Messenger, and IRC – all in one application and interface.
13. CCleaner – A system optimization and privacy tool that removes unused files from your system and allowing Windows to run faster and freeing up valuable hard disk space.
14. Google Picasa – A free software that helps you locate and organize all the photos on your computer, edit and add effects to your photos with a few simple clicks and share your photos with others through email, prints and on the web.
15. Remote Desktop Manager – If you are freqently connecting to remote resources such as via RDP or VNC, this is the tool for you. It offers built-in support for Microsoft Remote Desktop, Terminal Services, VNC, LogMeIn, Team Viewer, Ftp, SSH, Telnet, Dameware, X Window, VMware, Virtual PC, PC Anywhere, Hyper-V, Citrix, Radmin, Microsoft Remote Assistance, Oracle Virtual Box and more.
16. PuTTY – is probably the most common, versatile multi-protocol client application which is our longtime favorite choice for all our SSH needs. To many PC power-users an SSH client is absolutely vital to their everyday operations, and PuTTY’s the most popular windows client for a reason.

First 10 things I do to a new computer

If you’re like me, anytime you get your hands on a new computer there are a handful of things you do to it. That could be if the computer is for your use or for someone else. Here is my top 10 things I do:

1. If there is trialware software, I remove it – especially if it is anti-virus software! Clean up all of the unneeded software
2. Run Microsoft Updates to ensure the operating system is fully patched. Even newly shipped computers can need 10′s to over 100 updates!
3. Visit the hardware manufacture’s website such as the Dell Support Website and check for updates to the BIOS and other hardware. As with #2 above, the vast majority of computer shipped directly from the manufacture is running old software such as BIOS and firmware.
4. Install a web browser of choice – for me I install both Chrome and Firefox.
5. Install a handful of standard apps every user needs:
   1. Adobe Acrobat Reader
   2. Java for Desktop Computers
   3. Adobe Flash Player (but you’ll need to do this for each browser you use)
   4. Adobe Shockwave Player (old, but some sites still require it)
   5. Adobe AIR Player (used on some sites)
   6. VLC (plays just about any media)
   7. Open Office (if you don’t own a copy of Microsoft Office)
   8. Virtual Drive Clone (lets you mount ISO as if they were CDs)
6. Install any purchased or commercial software
7. Download and CCleaner, and run the registry cleanup utility – during the install, I uncheck virtually all of the install options. I like this tool hidden, not actively running, and not even viewable on the start menu. I will execute it from the “Program Files” directory manually. I prefer an un-cluttered Start menu, so many utilities, especially for other people, I keep un-linked in the start menu.
8. Install Anti-virus software:
   1. I prefer commercial Anti-virus software, and never recommend a consumer grade AV software for anyone
   2. If you don’t have access to a commercial/business AV software, choose Microsoft Security Essentials – a lightweight, free, non-ad driven Anti-virus software
9. Run a disk defragmentation software, either Microsoft’s built in utility, or Diskkeeper (highly recommend)
10. Setup a non-administrative user account. If this is a domain based workstation, then this is likely already taken care of but for small work groups, friends or family personal computers, I always setup two accounts. Their “user” account and their “adminsitator account”. Both have passwords, typically the same password to make it easy for them. I have them always use the “user account”. And if appropraite setup the computer to auto login to that account.

In the next article I will discuss some of the software tools I install on my own workstations as an administrator and power user.

Enjoy!

Any user can unlock now with this custom GINA

From the folks over at Paralint, there is now a utility to help you with shared computered access. Often you will have a shared computer in an office space, and the problem is that you want each user to have their own username and password, however, that doesn’t always workout so well. Once you add a password locked screen saver, and that user forgets to logoff, that computer is now unusable to any other normal user.

What are your options…. Typically we have be forced into one of the following options:
1) Users know eachothers passwords;
2) Reduce the security by removing the password requirement or granting other users administrator permissions;
3) Users simply power off/on the machine to work around the issue;
4) Or they can use the windows based “winexit.scr” which will effectively forcefully logoff the user when the screen saver kicks on.

However, now with this custom GINA, you can now enable any user to logoff that offending user without requiring administrative permissions or changing your security routine. Aucun is a replacement GINA that wraps Microsoft’s own MSGINA.DLL to allow any given group of users to unlock or force logoff a locked session on a Windows machine, unless the currently loggon on user is a member of a group you specify.

I created this for a friend that needed an unlock feature. By popular demand, I added force logoff and warning display. Here is a more detailed feature list:

 

• GUI provided by original MSGINA.DLL (no training of end user required)
• Allows any member of a given group to force logoff a locked session
• Allows any member of a given group to unlock a locked session
• Support a exclusion group (to prevent unlocking administrators by regular users)
• Allows to display a custom message when the workstation is locked
• Supports 64 bits versions of Windows
• Supports international versions of Windows
• Allows chaining multiple Gina’s together

You can learn more about this and download here: http://www.paralint.com/projects/aucun/