Tuesday, August 2, 2016

Remotely SSH into Data Domain Without Entering A Password - Client Side Scripting

This method uses private/public key pairs to allow remote login without entering a password. The private key is generated on the client and the public key will be stored on the Data Domain. Login from the client to the Data Domain is authenticated using the private key.

Use Case: Client side scripting. I would like to check capacity space by script daily on the Data Domain and write the output to a file.

Client name and version: Linux (CentOS), linuxsrv1
Data Domain name and version: DDOS 5.7, dd3

Create private/public key pair on the client

[root@linuxsrv1 ~]# ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/root/.ssh/id_dsa): press enter
Your public key has been saved in /root/.ssh/id_dsa.pub.
The key fingerprint is:
Enter passphrase (empty for no passphrase): press enter
Enter same passphrase again: press enter
Your identification has been saved in /root/.ssh/id_dsa.

Note. Pressing enter above stores the private key unencrypted on the local filesystem

[root@linuxsrv1 ~]# ls .ssh
id_dsa  id_dsa.pub  id_rsa  id_rsa.pub  known_hosts

Display the public key. Copy the public key and you will paste it into the Data Domain
[root@linuxsrv1 ~]# cat .ssh/id_dsa.pub

Add public key to the Data Domain

From your client, SSH into the Data Domain, enter your password, accept the connecting question. Paste the public key and make sure there are no spaces (starting with ssh-dss)

sysadmin@dd3# adminaccess add ssh-keys
Enter the key and then press Control-D, or press Control-C to cancel.
SSH key accepted.

Once added you can verify by showing the key with this command

sysadmin@dd3# adminaccess show ssh-keys
sysadmin@dd3#  exit

Verify no password login

From Client, verify that the login requires no password

[root@linuxsrv1 ~]# ssh sysadmin@dd3.payneb.com
Data Domain OS
Last login: Tue Jul 26 09:08:19 CDT 2016 from linuxsrv1.payneb.com on pts/1
Welcome to Data Domain OS

From my Linux client I am now able to run DDOS commands and schedule them via cron without a password.

[root@linuxsrv1 ~]# ssh sysadmin@dd3.payneb.com 'filesys show space'
Data Domain OS
Active Tier:
Resource           Size GiB    Used GiB   Avail GiB   Use%  
Cleanable GiB*
----------------   --------   ---------   ---------   ----   --------------
/data: pre-comp           -   1369449.4           -      -                -
/data: post-comp   173224.4     98201.9     75022.5    57%           6753.2
/ddvar                 29.5         5.9        22.1    21%                -
/ddvar/core            31.5         0.2        29.7     1%          
----------------   --------   ---------   ---------   ----   ------
 * Estimated based on last cleaning of 2016/07/22 20:12:45.

Thursday, March 28, 2013

vSphere: Add a vSwitch that has no access to physical network adapters

I have a few test servers that I wanted to be virtualized but have no access to the campus network or Internet. I also wanted to be able to give those servers access to the Internet or campus network easily for whatever reason. Some good use cases are test environments for domain controllers, SCCM upgrades, you name it.

In vSphere, I created a new vSwitch that does not have access to any physical network adapters. When a particular vm needs Internet access, I can simply change the network settings on that vm's network adapter.

Pretty simple stuff.

Tuesday, January 15, 2013

Upgrading SCCM 2012 to SP1

Here are the Microsoft TechNet articles that I used to prep for this install.

What’s New in Configuration Manager SP1
Considerations For Upgrading to Configuration Manager SP1
Upgrading System Center 2012 Configuration Manager to Service Pack 1 (TechNet Video)

Run Prerequisite Checker   /bin/X64/prereqchk.exe  (Run As Administrator)

Install the Windows ADK (do this ahead of time if possible)
  [x] Deployment tools
  [x] Windows preinstallation environment
  [x] User State Migration Tool

Make sure you are on "Microsoft SQL Server 2008 R2 Service Pack 2"

Run SCCM SP1 installer (make sure you run this as the account you installed SCCM with)
(o) Upgrade this Configuration Manager site

MS SQL Server 2012 Express
[x] I accept these License Terms

MS SQL Server 2012 Native Client
[x] I accept these LIcense Terms

MS Silverlight 5
[x] I accept these Licesnse Terms

Download required files (ahead of time if possible)

Preqequisite Checker will run again
  WSUS Warning (I do not use WSUS on SCCM, ignored)

The install took approximately 25 minutes.

To upgrade CM clients to the latest:

Sites node > Hierarchy Settings > Automatic Client Upgrade tab
   [x] Upgrade client automatically when new client updates are available
   2 days (I prefer to have my clients upgraded in a faster schedule than the default 7 days)

Thursday, November 29, 2012

Multiple Users Accessing SCCM 2012 Console

My SCCM 2012 server is running on a Server 2008 R2. That means only 2 users can be actively logged/remoted in at the same time. In my situation I needed to give our helpdesk access to use the SCCM Console and it starts to get messy with who can be logged into the server actively. An easy way to get around this is Microsoft now includes an .exe of the SCCM 2012 Console that can be installed on other machines.

-You can find this on the .iso here: \SMSSETUP\BIN\I386\ConsoleSetup.exe
-Alternatively you can search for ConsoleSetup.exe on your SCCM server and it will reside somewhere in the ConfigMgr directory.

If you have many machines to install the Console on, Microsoft provides the following command line switches for automation:
  •  /q – runs in quiet/silent mode. 
  • /uninstall – removes the console. Example: consolesetup.exe/uninstall /q 
  • LangPackDir – use this switch if installing the console for a different language than the default.
  • TargetDir – where to install the console, otherwise it uses the default. Example: TargetDir=D:\CfgMgr
  • EnableSQM – enables the Customer Experience Improvement Program option for the console, i.e., collects usage data for improving the product/application. 1 = enable, 0 = disable. Example: EnableSQM=0
  • DefaultSiteServerName – FQDN of SCCM server Example: DefaultSiteServerName=SystemCenter.payneb.com
*Don't forget to lock down those users using the Security Roles in the SCCM Administration. Allow only what you want them to be able to do.

Tuesday, July 31, 2012

Installing Software From a DVD on a vSphere VM

This was a little different scenario than usual. I had a dual-layer DVD, 7.5GB's worth of software that I needed to install on a vSphere VM (server). The software wouldn't allow install through a remote desktop connection. The second approach I took was to create a folder on the VM desktop and copy the files over. That didn't work because I was getting "file name too long" error's, so the copy would not fully complete. What I ended up doing was using ImgBurn to create an .iso of the DVD, then I uploaded the .iso to the desired datastore in vSphere, attached the iso to the cd/dvd drive of the VM, then done deal! A little extra work, but it got the job done.

*Edit* - It was brought to my attention of a much easier way to do this Go to the Properties of the VM, CD/DVD Drive, then (o) Client Device

Thursday, June 21, 2012

Install SQL Server Reporting Services and the Reporting Services Role on SCCM 2012

Mostly posting for my own notes. This post lists step-by-step instructions on how to install MS SQL Server Reporting Services and adding the Reporting Services role on SCCM 2012
Keep in mind - Some settings that I list below could be different from your network or situation and may not necessarily apply to best practices.

Install SQL Server Reporting Services and the Reporting Services Role on SCCM

  1. Run SQL Setup from iso
  2. Add Features to an existing instance of SQL Server 2008 R2
    1. Choose MSSQLSERVER
  3. Feature Selection
    1. [x] Reporting Services
    2. For this feature, I could not specify the D: drive to install, this option was greyed out
  4. Service Accounts
    1. Choose SYSTEM (add other accounts later)
  5. (o) Install, but do not configure the report server (other options were greyed out)
  6. Next til finished

Login as payneb\Administrator and Open “Reporting Services Configuration Manager” and connect to database

  1. Verify service has started
    1. Check SQL Server Instance Product Version, should read “10.50.2500.0”
    2. If reads “10.50.1600”, then you need to reinstall SQL 2008 R2 SP1, otherwise the Reporting Services role in SCCM will NOT WORK!!!!
      1. http://www.microsoft.com/download/en/details.aspx?id=26727
      2. An explanation is provided here: http://bit.ly/LFzrHw
  2. Database tab
    1. Change database
    2. Create a new report server database
    3. Database Name: ReportServer  (go w/ defaults)
      1. (o) Native Mode
    4. Finish
  3. Still logged in as payneb\Administrator, go to http://systemcenter/Reports (Use IE)
    1. Click on Site Settings
    2. Security tab > Add New Role Assignment as needed
      1. Add sccm.reporting user and other desired users
  4. Open SQL Management Studio and grant sccm.reporting user rights (and whoever else) to the new ReportServer databases

Add the Reporting Services role in SCCM. At this point, I logged in as myself on the SCCM server

  1. Administration tab > Servers and Site System Roles > Add Site System Role
  2. [x] Reporting Services Point
  3. Verify all information is correct, then click on Verify button
  4. UN: sccm.reporting, enter password
  5. Next, Finish
  6. [OPTIONAL] You can verify that the role installs successfully by using CMTrace and open the SRSRP.LOG and/or SRSRPSetup.log file

Monitoring tab > Reports

  1. Wait a few minutes and SCCM will populate this area w/ about 423 items
  2. At this point you can log back into http://systemcenter/Reports provided you gave yourself permission from the steps above. When using Internet Explorer, choose Run As Administrator. or use a different browser. You should also see reports listed here as well.

From here on, you can view reports, create subscriptions, etc.

Tuesday, June 19, 2012

Two Printers to One Print Server Port

A while back, the idea of duplex printing for our computer labs was thrown around. Once approved we had to come up with an easy way to implement this while still giving the student an option to print simplex. To make things easier, we have a print manager software called Papercut. There is a duplex feature to turn on duplex printing for the specified printer, however, from there on - duplex is strictly enforced, even if a student turned off duplex in their favorite program. This presented a challenge as most of our labs only contain one physical printer. So, to get around that challenge, we setup a "new printer" using an existing port on the print server. Essentially this is like having two virtual printers to one physical printer.

So as you can see, I have printer 1C05-1 with Duplex enforced (on Papercut side). To add a "Simplex" printer, using the same port click on "Add a printer." 

Next, click on "Add a local printer"

Choose the same port, in this case "1C05P1" which is the dns name in which printer 1C05-1 is assigned

Once the printer is added, you now have two virtual printers, using the same port. So essentially, a student can now choose the "1C05-1-Simplex" printer to print 1-sided print jobs, while leaving 1C05-1 as the default, duplex virtual printer. Keep in mind, this is still one - physical printer.

On the server, if you go to Print Server Properties, you can see two (virtual) printers are assigned to the one port.