the Zen of Communication.

There are the usual ways to view history through the app, but I had to try and pull the history off an old partition because I needed a link I found right before a drive crashed.

For IE:

More details are found at this site – http://www.milincorporated.com/a-temporary-internet-files.html#ch2 .  The file locations are:

Win2000/WinXP:

C:\Documents and Settings\<username>\Local Settings\Temporary Internet Files\

Vista/Win7:

C:\Users\<username>\AppData\Local\Microsoft\Windows\Temporary Internet Files\
C:\Users\<username>\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\

You’ll have to enable viewing hidden and system files.  That page has a quick rundown about how to do so as well.

There’s a program called IE History Viewer available at this page:

http://www.nirsoft.net/utils/iehv.html

You point it at your profile directory and it lists everything.  It can then spit it out as a CSV file or HTML report.  Very nicely done, and very helpful.

For Firefox:

(More info was found here: http://kb.mozillazine.org/Profile_folder_-_Firefox#Finding_the_profile_folder)  The profile directories are:

Win95/Win98/WinME:

C:\Windows\Application Data\Mozilla\Firefox\Profiles\<profile folder>

or

C:\Windows\Profiles\<Username>\Application Data\Mozilla\Firefox\Profiles\<profile folder>

Win2000/WinXP:

C:\Users\<Username>\AppData\Roaming\Mozilla\Firefox\Profiles\<profile folder>
Once you find your profile, there are two versions of the history file – the Firefox V2 and earlier (history.dat), and V3 and greater (places.sqlite).

For Firefox 2 and earlier, it’s stored in history.dat .  This file is in the “Mork” format which is apparently very rare and a pain in the arse to read.  A program was written called Dork that’s a Mork viewer.  It was available at ” http://www.sunturbine.com/dork/ “, but that page has since been lost.  A copy was retained on the WebArchive, however, at ” http://web.archive.org/web/20070125084419/http://www.sunturbine.com/dork/ “  The zip file was also available for download from there.  In case it’s no longer available I’ve attached the zip file here (dork_history_reader).  He released it as free and open source so I don’t believe i’m violating any copyrights by republishing.

Disclaimer: Not my app, I didn’t write it, and I can’t help fix it if it’s broken.  I’m just making it available again on the interwebs.

Run Dork and drag-and-drop history.dat onto it.  It should decipher your history file.

For V3, the places.sqlite file is in a format called SQLite (clever file name, eh?).  There’s an app called SQLite Browser available on SourceForge.  http://sqlitebrowser.sourceforge.net/   Grab the latest version.  When I wrote this it was 2.0b1 .  Run the program, then open the places.sqlite  file from the profile directory.  You’ll get a list of tables, and one of them will be Places.  That has your history in it.

Now the interesting part about all this is apparently it can be done remotely on another profile directory on your system, or over a network share (\\workstation\c$\users\…), as long as you have permissions to view the file.

Have an Aironet 1231 i want to configure as a standalone access point, without Enterprise authentication/radius.  There are several ways this should be simple, and it is, but in a certain order.

I found it easier to set up a DHCP reservation on my server to make sure it gets the same IP address if/when I need to zero the config.  That way I can just hook it up to my network and not worry about having to change IPs, or console in and reset the network config.  Second thing is even though the most recent firmware says it became compatible with Firefox, it sucks.  IE was /way/ faster to work with, which is tragic.

- First, zero the config.  Cisco has factory reset instructions if you don’t have the password, otherwise you can telnet in, enable, then write erase.  The usual config wipe.

- Once it’s reset log in through the web UI.  No username, password is Cisco .  The eth interface will be up, both radios will be down.

- Open the Express Security menu on the left.  This takes you to the quick config page for a new SSID.  Enter the name of your soon-to-be network, check Broadcast SSID in Beacon if you want it advertised.

Most simple home networks won’t need a VLan, some corporate networks might.  For my purposes I leave it on No VLAN. Here’s the key part: Check “No Security”. .  Yes, check “No Security”.  We”ll fix it later.  Hit apply, this will create your network.  It still won’t be live because the radios aren’t activated, so no worries about someone “hacking” (ha) in through your unsecured network.

- Open the Security menu on the left, then go to the Encryption Manager.  Set the Cipher to TKIP , then apply (either to one radio or all.)

- Open the SSID Manager under the Security menu.  Your SSID should be listed, select it on the first window.  Pick the interfaces you want activated (I’m just using the b/g radio, not a).  For WPA-PSK mode, these are your settings:

- Client Authentication Settings:

Open Authentication CHECKED, No Addition selected.

Shared Authentication/Network EAP are UNCHECKED.

- Server priorities:  Use defaults on all.

- Client Authenticated Key Management

Key Management: MANDATORY

CCKM: UNCHECKED

WPA: CHECKED ((THIS IS CRITICAL))

WPA Pre-Shared Key: <Enter your Wifi passphrase here> .  Select ASCII.

Leave all other settings to default.  Click the first Apply button you reach (others won’t apply settings from the first few pages.)

This should have set the SSID to use WPA, and you’ve configured your passphrase.  Your network should be rigged and ready, now lets light it up.  (Some of the options here, especially on the last page, are customizable as you need.  I list what I used, and it worked for me right away.)

- Open Network Interfaces from the menu on the left.  Pick the radio you’re activating (G or A, or repeat these steps on both.)

- Click the Settings tab at the top.  Give it a minute to load the options (it seems to take a while on mine), then select the Enable button.  The “Role in Radio Network” should be set to Access Point by default – if you’re doing something a bit more complicated as a repeater, bridge, etc, pick your options.

- Pick your data rates options (I left it on Default to maintain OFDM compliance and allow me to use 802.11b devices).  Under Default Radio Channel, I picked Least Congested Frequency and selected 1, 6, and 11 (they’re the most separated frequencies).

- I’m also using an external antenna, so I enabled that option and set the gain.

Everything else I left on default.  Hit Apply.

This should activate your radio with your newly configured SSID/wifi network set up for WPA-PSK.  This took me most of the day to get straightened out, hope it helps you.  Good luck.

Received this error message from a Dell m600 blade. “The FBD Link To The Following Dimm Failed To Train: DIMM 7″

Quick Answer:  Pull out the dimm pair in question (#7, pull #7 and #8 .. #4, pull out #3 and #4), reboot without the ram, shut down, replace the ram.  That fixed it for us.

Our first troubleshooting went as follows:

Reseated the dimm, rearranged the dimm, ran the memory diagnostics from Dell, nothing.  The BIOS recognized all the memory present, but it was blocking addressing to that bank – dimms 7 and 8, which took our 32gb of ram down to 24.  What was fascinating is within Server 2008 the system properties showed 32gb, but the task manager only showed 24gb total.

Opened a Dell support call – three days, replacement memory, (and ASTOUNDINGLY a replacement motherboard) but NOTHING fixed it.  Found this post – http://en.community.dell.com/forums/t/19257873.aspx – but the answer from the dell guy was typical and completely unhelpful.

I thought what the hell, pulled the memory in that bank, started up, shut down, replaced it, and rebooted, and we haven’t seen the issue since.  I left the dell diags running memory burn in testing for over 24 hours without a single error.  This seems to have fixed it.

It is possibly the most unhelpful, rarest Dell post error I’ve ever seen.  The complete lack of hits on Google did not help.  Hopefully this will help someone down the road.

Running some performance tuning, the app needed to know how many flops (floating point operations) per cycle the system could handle.

I used SiSoftware’s Sandra benchmarking app. It told me that my Intel Pentium D Dual Core 1.8ghz proc was producing 10.86gflops, but not the flops per clock cycle.

From this we know: a) the total gigaflops (10.86), b) the number of cores (2), and c) the number of clock cycles per second (1.8ghz)

Example of the standard formula:
The formula to determine total gigaflops is:
Flops per cycle x # of Cores x Clock speed.

This involves four values:

a = flop per clock cycle
b = clock speed (ghz)
c = cores
n = gflops

For a dual core 3ghz system with 4 flops per cycle, we can deduce 24gflops (a x c x b = n, or 4 x 2 x 3 = 24) . But I only have the total gflops, clock speed, and number of cores.

Reverse algebra:

a = n / b / c

Or in my case:
10.86 gflops / 1.8ghz / 2 cores = 3.01 flops per cycle (per core). So the E2610 chip at 1.8ghz produces 3 flops per cycle per core, or 6 flops total. Ta da.

Note: It’s worth mentioning that in this case, 10.86 gflops and 1.8ghz seem like closely related numbers, and that it would be quick to figure out how many gflops a system can handle by its clock speed (i.e. 1.8ghz equals 10.86gflops).  This is not the case.  In the first example of a dual core 3ghz proc producing 24gflops, you can’t deduce the one from the other.  It was just a coincidence in my case, so don’t do that.

I’ve spent an awful lot of hours trying to track down the SNMP MIBs for a Barracuda spam firewall. Searches on the Barracuda website for “MIB” and “SNMP” returned very few results – but I was looking for the MIB files themselves.

It turns out Barracuda has cunningly hidden the MIBs within their devices. Read http://www.barracudanetworks.com/ns/downloads/Other/OTHER_Barracuda_Spam_&_Virus_Firewall_SNMP.4.pdf

Specifically, under page bloody one:

MIBs
You will need to obtain and import two MIB files to your SNMP monitor:
1. The Barracuda Reference MIB (standard across all Barracuda Networks products)
2. The Barracuda Spam & Virus Firewall MIB
You can use reference objects included in these MIBs for monitoring either from custom scripts or from
your SNMP monitor. The MIB files are located on the appliance and can be obtained by replacing
YOURBARRACUDA in the following links with the IP address of your Barracuda Spam & Virus Firewall:

http://YOURBARRACUDA:8000/Barracuda-SPAM-MIB.txt

http://YOURBARRACUDA:8000/Barracuda-REF-MIB.txt

Isn’t that great? I thought that was great.

Anyway. There it bleedin is.

Windows 7 will install a hidden 100mb partition at the front of your drive when you do a clean install.  It uses this for system recovery if your install goes belly up, and/or bitlocker headers for drive encryption.

I need neither.  And the kicker is some apps (like TrueCrypt) don’t function correctly with the 100mb partition.  In fact, TrueCrypt CAN’T encrypt your system drive because the bootloader is on the other partition.  Not very helpful.

MyDigitalLife shows how to work around this – http://www.mydigitallife.info/2009/08/20/hack-to-remove-100-mb-system-reserved-partition-when-installing-windows-7/ .  See part three, “Method 3: Trick to Remove 100.00 MB System Reserved Partition During Setup” .

In a nutshell, when you’re installing Win7 (note, if you’re reinstalling, this will erase your data, no two ways about it) and you reach the portion allowing you to select your partition, erase your existing 100mb system partition, and your existing OS partition.  Then pick the freshly unallocated space and tell it to install there.  It will say “We’ll create a hidden system partition for your protection” – say OK.  Now delete the new OS volume – not the 100mb partition. Yes, delete the new partition it created for your OS.

You should have a 100mb system partition, unallocated space, and maybe another partition for your data, if that’s how you roll.

Next select the hidden partition, and click Extend.  This will allocate the rest of the unused space (from the system partition you just deleted) to the hidden partition – giving you a single OS volume with no hidden partition.

Ta-da.

Thanks MDL – saved me some headache there.

Note: this trick only works during reinstallation of Windows.  They have a couple other hacks to remove the hidden partition after you’ve installed, but they didn’t suit my purpose.  AGAIN: THIS WILL ERASE YOUR DATA. Don’t cry to me if you didn’t back it up.

So, vLite out of the box (or extracted download, as it were) requires three files to run – wimgapi.dll, wimfltr.inf, and wimfltr.sys (wimfltr.inf is a driver file that requires .sys).

The interesting thing about Win7 and vLite is that Win7 already has wimgapi.dll in c:\windows\system32 (or syswow64, I presume).

“Neat!” thinks I, and copies that to the c:\windows\program files\vlite directory, and pulls wimfltr.inf and wimfltr.sys from another server I have with the WAIK on it. I run Vlite. It runs slow, but runs. I configure my install source, it runs slow, but runs. I get to modifying my install source (removing components), it runs VERY slow, then crashes. Consistently. Changing options, running as admin, running in a compatibility layer, all return crashes after it runs.

Turns out vLite does NOT like the wimgapi.dll that comes with Win7. So, moral of the story folks – use all the same versions from the same source.  In my case, I pulled them from c:\program files\windows aik\Tools\x86.  In your case, unless you’ve downloaded the 2gb WAIK iso, you’ll need to find them from Google or Bing.  Distribution is apparently some form of international terrorism.

From the WAIK I’d installed, these were files modified 11/1/2006 and 11/2/2006 . As soon as I replaced wimgapi.dll in the C:\Program Files\vLite\ directory with the older version  (replacing the one from 7/9/2009, with the one from 11/1/2006) vLite screamed to life and ran as expected and followed all the way through without a single crash.

This was, needless to say, a relief.  Happy trails.

Installed cacti from the “easy” installer – http://forums.cacti.net/about14946-0-asc-0.html – which does simplify a lot, but there are a lot of other hacks i’ve had to implement to make it work.

First and foremost, any time the poller runs i was getting “Cannot find module (IP-MIB): At line 0 in (none)”

Repeat about a dozen times for various mibs, and you obviously have a problem.

Under System Properties, Advanced, Environment Variables, there’s a new variable called MIBDIRS .  It’s pointed to c:\php\extras\mibs which in my case, after running the installer, was empty.

TO FIX: Either update this to point to your actual mib directory (mine was c:\usr\mibs , i’ve also seen d:\usr\mibs) or copy your populated mib directory (with IP-Mib and about a dozen others) to c:\php\extras\mibs .  Presto, the poller now runs as it should.

Loaded MRTG, followed as many how-tos as I could get my hands on, configured a WMI script, and all I get was:

C:\Program Files\mrtg-2.16.0\bin>perl mrtg mrtgwmi.cfg
Daemonizing MRTG …
Do Not close this window. Or MRTG will die
2009-12-17 13:06:38: ERROR: Target[my.monitor][_IN_] ‘cscript //nologo mymonitor.vbs myserver’ (kill): Search pattern not terminated at (eval 18) line 1.
2009-12-17 13:06:38: ERROR: Target[my.monitor][_OUT_] ‘cscript //nologo mymonitor.vbs myserver’ (kill): Search pattern not terminated at (eval 19) line 1.
Terminating on signal SIGINT(2)

Turns out in my config, the line calling the script:
cscript //nologo “c:\program files\mrtg-2.16.0\scripts\mymonitor.vbs” myserver

I wasn’t wrapping it in the right apostrophe. The line should read:

Target[my.monitor]: `cscript //nologo “c:\program files\mrtg-2.16.0\scripts\mymonitor.vbs” myserver`

Using the apostrophe left of the 1 (`) and NOT the apostrophe next to the return key (‘) . I love perl, really.

Setting up a new pool (persistent linked clone, in this instance) for VMWare View 4. Had the template built, took a snapshot, then tried to create the pool. Got all the way through setup to select the template and snapshot, but voila. Snapshot wasn’t there.

VMWare View templates require the snapshot to be taken WITHOUT the VM memory state. If the memory state is taken with the snap, the snapshot isn’t available – except it won’t tell you why.

VMWare also highly recommends/suggests that the VM template be powered off. This makes a lot of sense, and you really should, but I had two snaps taken with the system powered on which I built VDI Persistent Linked Pools from, and 10 desktops worked fine.

Warranty service required on a PowerEdge (m600 specifically, but pick your poison). Replacement motherboard shipped, with no service tag burned in. Requires “asset.com” (DOS .com file).

Note: Some people have reported Asset.com running in a dos box under Windows.  All I know is it doesn’t work under x64.

How to update the service tag:
- Download the Dell Diagnostics CD (R212797 – Extracts to an exe which then makes an ISO or USB stick.  http://support.dell.com/support/downloads/driverslist.aspx?os=LIN45&catid=13&dateid=-1&impid=-1&osl=EN&servicetag=&SystemID=PWE_2900&hidos=NW&hidlang=EN&TabIndex=).
- Create the ISO. Load up your DRAC/iDRAC interface. Mount the ISO as the virtual CD ROM drive.  (Path will be different, wherever it expanded to.  I moved mine.)

- Reboot your server. From the console (iDRAC or physical) hit the boot menu, select Virtual CD. It will boot to the diagnostics.

> ALTERNATIVELY: Burn the ISO to a CD, boot your CD from that instead.

- Once booted, Pick option 4 – quit. Drops you to a D:> dos prompt.

- change to C:, cd to UTIL . dir should reveal asset.com

- Run asset.com to see your service tag number (or if it’s blank).

- Run asset.com /s AB12345 to update the service tag number (AB12345 will be the number you want to burn in).

- Run asset.com to check that the change has taken. If so, reboot your machine, disconnect your Diags ISO, and walk away from a job well done.

Ta da.

In most other versions of XP, the instructions at http://www.jakeludington.com/windows_xp/20060219_change_xp_boot_screen.html for changing the boot screen work fine. For XP Embedded (or Embedded Standard 2009, whatever you want to call it), you have to change number 1, not number 5.

Conversely, on the HP Thin Clis, there are two kernels – ntoskrnl.exe and ntkrnlpa.exe . I’m not sure which one made the change, as I edited both of them.

16 color bitmaps look like crap. When is Win7 Embedded coming?

In lieu of not updating for the next few months (50 – 60 hrs working weeks don’t leave lots of time for creative writing), I’m going to start putting up brief outlines of things I’ve run into, and problems I’ve managed to figure out. Hopefully it will be enough for you, dear reader, to follow my train of thought. If not, leave a comment – I’ll respond as soon as I can.

First – Windows Update error 80070490
or 0×80070490
Vista x86 (same will probably be true of XP and Win7, x86 and x64)

stop windows update service
delete c:\windows\softwaredistribution
reboot
start windows update
download and install updates

This worked for me (for a couple of reboots) but the problem seems to have returned. Anyone have any ideas beyond a reinstall/repair install as Msft unhelpfully recommends?

If you’ve been following along, you may have noticed a distinct lack of progress with the MRTG/IIS thread, and the server mod.  That’s because shortly after I finished up the first round, the RAID array on my server took a dive.  Everything’s intact, but the server is limping right now, and I need to migrate to different hardware.  It, of course, is high priority just like everything else in life, and I need more than an hour or two to do it… easy, right?

So, once that’s been done, I can get back to rolling like we do.  Till then, keep tuned in. 

Last time (here) I introduced an OID tree for the descriptions of Storage.  I hope you copied and pasted your results into a new window, because we’ll need them.

If not, here’s mine:

c:\SNMP>snmputil walk 127.0.0.1 public .1.3.6.1.2.1.25.2.3.1.3
Variable = host.hrStorage.hrStorageTable.hrStorageEntry.hrStorageDescr.1
Value    = String A:\

Variable = host.hrStorage.hrStorageTable.hrStorageEntry.hrStorageDescr.2
Value    = String C:\ Label:  Serial Number 2053422

Variable = host.hrStorage.hrStorageTable.hrStorageEntry.hrStorageDescr.3
Value    = String D:\ Label:Data  Serial Number c9d83a42

Variable = host.hrStorage.hrStorageTable.hrStorageEntry.hrStorageDescr.4
Value    = String E:\

Variable = host.hrStorage.hrStorageTable.hrStorageEntry.hrStorageDescr.5
Value    = String F:\

Variable = host.hrStorage.hrStorageTable.hrStorageEntry.hrStorageDescr.6
Value    = String G:\ Label:FileDump  Serial Number 0dc359f2

Variable = host.hrStorage.hrStorageTable.hrStorageEntry.hrStorageDescr.7
Value    = String Virtual Memory

Variable = host.hrStorage.hrStorageTable.hrStorageEntry.hrStorageDescr.8
Value    = String Physical Memory

End of MIB subtree.

c:\SNMP>

So these are all the OIBs we can pull from the branch .1.3.6.1.2.1.25.2.3.1.3, which is the “Host Resource Storage Description” or hrStorageDescr for short. 

In MRTG’s case, we can’t set up a chart to poll .1.3.6.1.2.1.25.2.3.1.3, because it has subvalues.  So how do we get there?  Well, first – keep track of what number goes to what drive.  .2 is my C: drive, .3 is my D: drive, and .5 is my F: drive.  .4 and .5 have no descriptions because they’re CD-ROM drives.  I want to stress:  Your values may be different!  Your C: drive may be .3, .4, or any other number depending on your system configuration.

Now just for kicks, try entering this (one line):

c:\SNMP>snmputil get 127.0.0.1 public .1.3.6.1.2.1.25.2.3.1.5.2

You’ll notice the subtle change – we’re not ..2.3.1.3.2 anymore, we just switched to ..2.3.1.5.2 .  We stayed with .2 at the end because that’s the value for the C: drive (on my system – yours may be different!).  But the .5 is now a different OID tree.  Want to find out what?  Type (again, one line):

c:\SNMP>snmputil walk 127.0.0.1 public .1.3.6.1.2.1.25.2.3.1.5

You should get a listing of all the total storage sizes for all volumes on your system, including Virtual and Physical memory spaces.  But it’s not going to look sensible, because it’s giving us the number of blocks on each volume – not Kilobytes, Megabytes, or Gigabytes.  [For a complete explanation, read this post from the MRTG Mailing List.]

Remember what the value was for .2, or whatever your C:\ drive was.

So we have the number of blocks, but that doesn’t tell us much.  We want to know in megs or gigs what the total storage space is.  Next we need to find out what the block sizes are.  Lucky for us, there’s an SNMP OID for that.

c:\SNMP>snmputil walk 127.0.0.1 public .1.3.6.1.2.1.25.2.3.1.4

This will ‘walk’ the OID tree of block sizes for each volume on our system.  Lets say we just wanted to find the C: drive block size.  We’d use:

c:\SNMP>snmputil get 127.0.0.1 public .1.3.6.1.2.1.25.2.3.1.4.2

to which my system responded:

Variable = host.hrStorage.hrStorageTable.hrStorageEntry.hrStorageAllocationUnits.2
Value = Integer32 4096

Which tells me that my C: drive, has a block size of 4096 bytes.  So, for our own math here – My C:\ drive has a total number of 8958237 blocks.  We multiply that by 4096 to get 36,692,938,752 bytes.  To reduce that to Gigabytes, we divide by 1024, three times.

36,692,938,752 / 1024 = 35,832,948 Kilobytes.
35,832,948 Kb / 1024 = 34,993 Megabytes
34,993 Mb / 1024 = 34.17 Gigabytes.

Which, if I’ve done my math correctly, is exactly what I should see when you pull up the properties on my C: drive.  And sure enough -

So that’s a very basic introduction-by-example to an OID tree, and it’s uses.  I’ll write another example about calculating the percentage of used space on a drive with MRTG, which will use more OIDs. 

For more information on MRTG, SNMP, and MIBs, see this post.

A client is using a mixed environment, with several VMWare ESXi clusters, and several ESX clusters.  They’ve been running a number of maintenance tasks through SSH on the ESX clusters, but believed one could not get to a console under ESXi 3.5.  I found a quick howto:  http://www.vm-help.com/esx/esx3i/ESXi_enable_SSH.php

The short of it is you have to enter a debug mode in the console.  From the main console window, press ALT+F1 to get to the console terminal.  You’ll start out with:

(names have been changed to protect the innocent).  And after hitting ALT+F1, you’ll get:

Whereupon you’ll type “unsupported” (no quotes) and hit enter, and it will not be visible.  Just trust me, it’s there.  You may need to try it a couple of times if the console has had any keypresses still in the buffer.  Afterwards, you’ll get:

Enter your root console password here.  You’ll get dumped to a linux prompt.  Know this: Yes, it’s “linux”, but it’s stripped.  Many rudimentary functions are not present. 

From here, edit /etc/inetd.conf (using vi).  Scroll down until you find the line with “#ssh” .  Remove the # to enable the line .  (the vm-help.com page has detailed vi instructions.  I won’t go into those here.  But here’s more help) 

Once you’ve uncommented the ssh service, write and quit.  Then run /sbin/services.sh restart. 

Now, every other howto out there would leave you believing you should be all set.  If you’re anything like me, you’ll reboot your host, and then wonder where you went wrong.  In life.  After all, 5 or 10 how-tos have the same instruction set, and everyone else said “hai this rox kthxbye!”.  And yet I followed the instructions and I still had no joy.  I killed the inetd process numerous times, and had no joy.  What was a frustrated sysadmin who enjoyed such problems as this to do?  Get cracking.

I eventually hit the logs and discovered a couple of parameters were missing for their implementation of the ssh server, dropbear.  The path in the /etc/inetd.conf file was simply /sbin/dropbear .  For kicks, I tried to run ./sbin/dropbear.  It, in a world of generosity, spit out a list of symlinks I needed to create.

If I’m remembering this right, I did what it asked but it still didn’t work.  So, the actual path I ended up using in /etc/initd.conf was:

/sbin/dropbearmulti [tab] dropbear ++min=0,swap,group=shell –i

This calls the dropbearmulti app, and instead of using the symlink method it’s asking for, just tells it “here, run the server, and here’s your arguments.” .  It seems to be working, because several weeks and a few reboots later I’m SSH’d into the server to pull up the details for this post. 

Back with the MRTG and SNMP series, I spent a good number of hours trying to get otherwise-working configurations to work on my server with rare success.  Every once in a while, I’d get a completely different value than what I expected, and other times I’d get no value whatsoever because that OID couldn’t be found, even though it worked on another (live!) config!  This will be an overview about how to find the OID value you’re looking for, specifically Hard Drives and Memory.

I’m going to presume you’ve already become vaguely familiar with what SNMP is as a concept, you’ve installed the Windows SNMP server, and you’ve configured a community name and set allowed hosts.  If you haven’t, start here.

Once you have the basics done, get a copy of SNMPUtil.exe .  If you have a Windows NT4 cd laying around, how handy.  If not, go here and get it.  Note: That site also has an app called SNMP-Informant available.  I’ve heard it simplifies things considerably, but I’m not using it at present, I like the pain.  Once you’ve downloaded SNMPUtil, move the .exe to your windowssystem32 directory that way you can use it from a command line without specifying a full path. 

[ For those still wondering, the windowssystem32 directory is already in the “Path” portion of your Environmental Variables, which means we can call a program in the dir from anywhere.  While we could have added whatever directory you placed snmputil.exe in to the Path variable, my way was easier.  Google Environmental Variables for more help. ]

Once you have snmputil placed, open a command prompt and run it with no flags/arguments.  You should get a response like:

c:SNMP>snmputil
Error:  Incorrect number of arguments specified.

usage:  snmputil [get|getnext|walk] agent community oid [oid ...]
        snmputil trap

c:SNMP>

That tells us that there are three options – get, getnext, and walk – when we’re using the app.  The rest of the arguments are agent (which is the device/server you’re trying to poll, in my case localhost or 127.0.0.1), community (uhh… Google.) and oid which is the number found in a MIB. 

Quick explanation: A MIB is a “database” (big text file) with individual OIDs in them.  An OID is a specific resource with a value.  So if I’m looking for an OID that will poll my Windows Server’s Processor utilization, I want the Windows NT Performance MIB (http://www.mibdepot.com/cgi-bin/vendor_index.cgi?r=microsoft&id=144151), and the corresponding OID.

Back to SNMPUtil…

Those arguments (get, getnext, walk) will do three related but different things.  Get will get the value from a specific OID (such as “total hard disk space”).  getnext will get the NEXT OID in line (don’t worry about this yet).  And walk will follow  a an OID tree to show you every value you can get.

Now the configuration sections that I found and used (such as from snmpboy.msft.net) referenced specific OIDs.  What I’ve discovered: NOT ALL OIDS ARE THE SAME FROM SYSTEM TO SYSTEM.  Let me make that perfectly clear, because nowhere did I find this written, and it’s taken me days to suss out.  An OID that polls Virtual Memory for one system will NOT be the same OID on another!  The same holds true for drives.  Where the config demonstrated may find free space on drive C, that same OID for you could be polling drive A, B, D, or anything else.

So how do we find the OIDs for our specific system? 

I’m going to introduce the rather disturbingly simple hierarchy that is in place with SNMP.  The OID we’re going to start with is .1.3.6.1.2.1.25.2.3.1.3 .  This is not a final value (such as “total hard disk space”, but one branch in a tree (such as: “storage resources”).  These examples will assume you’re using an SNMP Server from your local machine, and your community string is public – Substitute Accordingly.  From your console, type (all one line):

c:SNMP>snmputil walk 127.0.0.1 public .1.3.6.1.2.1.25.2.3.1.3

which, if your system is anywhere like mine, will return something similar to:

Variable = host.hrStorage.hrStorageTable.hrStorageEntry.hrStorageDescr.1
Value    = String A:

Variable = host.hrStorage.hrStorageTable.hrStorageEntry.hrStorageDescr.2
Value    = String C: Label:  Serial Number 2053422

Variable = host.hrStorage.hrStorageTable.hrStorageEntry.hrStorageDescr.3
Value    = String D: Label:Data  Serial Number c9d83a42

Variable = host.hrStorage.hrStorageTable.hrStorageEntry.hrStorageDescr.4
Value    = String E:

Variable = host.hrStorage.hrStorageTable.hrStorageEntry.hrStorageDescr.5
Value    = String F:

Variable = host.hrStorage.hrStorageTable.hrStorageEntry.hrStorageDescr.6
Value    = String G: Label:FileDump  Serial Number 0dc359f2

Variable = host.hrStorage.hrStorageTable.hrStorageEntry.hrStorageDescr.7
Value    = String Virtual Memory

Variable = host.hrStorage.hrStorageTable.hrStorageEntry.hrStorageDescr.8
Value    = String Physical Memory

End of MIB subtree.

c:SNMP>

Now at first glance, these results might be somewhat confusing.  They were to me.  Here’s the down and dirty:

That OIB we entered (.1.3.6.1.2.1.25.2.3.1.3) was the “Host Storage Description” tree/branch.  The values underneath it pull the descriptions of storage objects that SNMP is mapping.  In my case, .1 goes to my floppy, .2 to my C: drive, .3 to my D: drive, etc.  This also includes .7 for Virtual Memory, and .8 for Physical Memory.  (Remember that).  Do yourself a favor and copy and paste those results into a text file for easy viewing and reference.

What we’ll do with these will be in the next post.

The following is a compilation of the resources I’ve been taking advantage of in configuring MRTG and SNMP on my system.  Given how long they took me to put together and the number of hours I spent trawling, hopefully it will be of some use and a bit of a timesaver.

The App itself -

- MRTG itself: http://oss.oetiker.ch/mrtg/
(the documentation section is mostly your friend, but can be unhelpful, especially with a WinNT implementation)

- SNMPBoy: http://snmpboy.msft.net/ . A live demonstration of MRTG for capturing both WS-Man information and SNMP information.  View in IE to use the drop-down menus on the left (that took me days).  His MRTG config is at http://snmpboy.msft.net/pub/mrtg.cfg.txt .  He also has all of the Windows MIBs available.

Get MRTG up and running -

- Install and Setup MRTG on Windows and IIS: http://www.amset.info/netadmin/mrtg.asp .  A basic installation guide for monitoring an SNMP enabled device. Not much detail, but it got me started. 

- MRTG for Intrusion Detection w/ IIS 6: http://www.securityfocus.com/infocus/1721 .  A very good article, but he jumped from “Here’s how to configure MRTG” to “Here are the VBScripts I use for pulling WMI data”.  I had a lot of in-between work to do.

- Burnett (the author of the above article) posted his config files at: http://www.securityfocus.com/microsoft/images/burnett_MRTG_files.zip .  I used them as a starting point, but what he fails to mention is that OIDs can be different from system to system.  I also bailed on the WMI scripts. 

- Another MRTG/SNMP/Windows config guide: http://www.syslog.gr/content/view/10/99 .  This one had much more detail, but you have to remember configs are unique to the system.

Other helpful stuff:

- Configure MRTG as a service: http://forums.firedaemon.com/showthread.php?t=45 

- SNMP4tPC: http://www.wtcs.org/snmp4tpc/testing.htm#SNMPUTIL .  An older page, but search results just kept coming back to it.  A lot of the theory is still sound, but be sure you discover the OIDs yourself.  The page also has Microsoft’s legacy SNMPUtil available for download – get it.  (His app turned into SNMP Informant, which I’ve read is very useful.)

- MIBDepot: http://www.mibdepot.com  .  A database of MIBs and OIDs.  Although comprehensive, I have yet to find a way to download a MIB.

- NetSNMP tools compiled for Windows.  http://www.elifulkerson.com/articles/net-snmp-windows-binary-unofficial.php .  The *nix SNMP utils compiled for Windows.  Nice job. 

The more I find the more I will add.  Good hunting.

I’ve undertaken the task of installing MRTG on one of my servers.  I plan on using it for the usual – network load, memory usage, drive space, etc – but at some point I’m going to find a way to poll event logs for things like Failed Login Attempts (to look for a brute force attack), or a high number of disk errors to indicate a dying drive, things like that.

What I’m going to write up in a series of posts will not be a how-to guide to get MRTG up and running under 2003.  Plenty of sites (referenced below) already give you that, some of which I used.  The biggest problems I’ve had are:
A) once I get MRTG installed and running, what then?  and
B) What MIB or OID do I use and for what, and how do I find them?

A number of the scripts, howtos, and other get-started pages include entries that you can copy and paste into your MRTG config.  Some of them work straight off the bat.  Others leave you scratching your head.  And yet others look like they should work, but can produce insane errors.  Such as this one:

(from a config section to poll memory stats)

YLegend[localhost.memoryUsed]: % Memory Used
Options[localhost.memoryUsed]: growright,gauge
Target[localhost.memoryUsed]: .1.3.6.1.2.1.25.2.3.1.6.3&.1.3.6.1.2.1.25.2.3.1.6.4:public@localhost / .1.3.6.1.2.1.25.2.3.1.5.3&.1.3.6.1.2.1.25.2.3.1.5.4:public@localhost * 100
MaxBytes[localhost.memoryUsed]: 523444000
Title[localhost.memoryUsed]: Server: Memory Used
ShortLegend[localhost.memoryUsed]: %
Legend1[localhost.memoryUsed]: Vir in next minute
Legend2[localhost.memoryUsed]: Phy in next minute
Legend3[localhost.memoryUsed]: Maximal 5 Minute Vir
Legend4[localhost.memoryUsed]: Maximal 5 Minute Phy
LegendI[localhost.memoryUsed]: &nbsp;Vir
LegendO[localhost.memoryUsed]: &nbsp;Phy
PageTop[localhost.memoryUsed]: <H1>Memory Utilization</H1>
    <TABLE>
       <TR><TD>System:</TD>     <TD>Server</TD></TR>
        <TR><TD>Vir</TD><TD>.1.3.6.1.2.1.25.2.3.1.6.3</TD></TR>
        <TR><TD>Phy</TD><TD>.1.3.6.1.2.1.25.2.3.1.6.4</TD></TR>
    </TABLE>

Looks relatively straight forward.  And given that I copied and pasted quite blatently from a functioning config (see http://snmpboy.msft.net, but make sure you use Internet Explorer – that “bug” took me days to work out.) you’d think it would work just fine.  But it produced two sets of errors – the first was difficulty with the OIDs.  They didn’t poll my RAM and pagefile.  The second, once I fixed that, was a set of errors:

SNMP Error:
no response received
SNMPv1_Session (remote host: "localhost" [127.0.0.1].161)
                  community: "public"
                 request ID: 780985927
                PDU bufsize: 8000 bytes
                    timeout: 2s
                    retries: 5
                    backoff: 1)

followed by:

Use of uninitialized value in division (/) at (eval 30) line 1.

The fun part was that the second error then seemed to hose up the rest of an already functioning config, apparently by deciding that it would no longer poll localhost for any info.  As localhost is the only server I’m polling, that obviously presents a bit of a problem.

Since I was adding new sections into the config one at a time and testing them, I knew exactly which one had the problem – the memory usage stats.  Something I found interesting was that when I moved the failing section to the very end of the cfg file, it worked.  More intrigued, I did some poking around.  Google turned up some not so helpful results which were mostly mailing lists where people asked “what does this uninitialized value mean?” but received no answer.

Flashback (6 hours): I’d been playing around with SNMPUtil’s get function earlier today when I was figuring out what OIBs mapped to what components (another post will follow on that), and I noticed that some polls were taking quite a while to respond – 4 to 5 seconds sometimes.  That first error tells me that the timeout is 2 seconds.  If the poll was taking longer than that, MRTG would fail it and move onto the next operation – in this case, dividing another poll against the one that just failed.  Essentially, a 0 divided-by error. 

“Ok, so how do you turn up the timeout value?” you may ask.  Good question!

http://oss.oetiker.ch/mrtg/doc/mrtg-reference.en.html (the official MRTG reference guide) has a section on SNMPOptions, one of which includes setting the timeout value.  The exact syntax is:

snmpoptions[cfgname]: timeout => (x)

I used 5 seconds, so I set it to timeout => 5 .  In my implementation, this looks like:

####
#
# Memory Utilization (SNMP)
#
####

YLegend[localhost.memoryUsed]: % Memory Used
Options[localhost.memoryUsed]: growright,gauge
SnmpOptions[localhost.memoryUsed]:timeout => 5
Target[localhost.memoryUsed]: .1.3.6.1.2.1.25.2.3.1.6.7&.1.3.6.1.2.1.25.2.3.1.6.8:public@localhost / .1.3.6.1.2.1.25.2.3.1.5.7&.1.3.6.1.2.1.25.2.3.1.5.8:public@localhost * 100
MaxBytes[localhost.memoryUsed]: 523444000
Title[localhost.memoryUsed]: Stargate: Memory Used
ShortLegend[localhost.memoryUsed]: %
Legend1[localhost.memoryUsed]: Vir in next minute
Legend2[localhost.memoryUsed]: Phy in next minute
Legend3[localhost.memoryUsed]: Maximal 5 Minute Vir
Legend4[localhost.memoryUsed]: Maximal 5 Minute Phy
LegendI[localhost.memoryUsed]: &nbsp;Vir
LegendO[localhost.memoryUsed]: &nbsp;Phy
PageTop[localhost.memoryUsed]: <H1>Memory Utilization</H1>
    <TABLE>
       <TR><TD>System:</TD>     <TD>Server</TD></TR>
        <TR><TD>Vir</TD><TD>.1.3.6.1.2.1.25.2.3.1.6.7</TD></TR>
        <TR><TD>Phy</TD><TD>.1.3.6.1.2.1.25.2.3.1.6.8</TD></TR>
    </TABLE>

(more will come about why the OIBs changed).  Sure enough, though, those errors ceased and a previously hosed configuration now worked fine.  So if you receive an uninitialized value error, or a no response received error, try increasing the timeout. 

Anyone running a modern Windows Mobile 6 phone has probably thought about customizing the shell at one point or another.  Whether it’s adding features to the today screen, or putting in a complete shell revamp, the stock shell leaves much to be desired.  This is even more true when all your colleagues are walking around with Iphones, Blackberry Storms, or HTC Touch Diamonds. 

Well, now there’s something to bring you up to the finger-swiping era.  PointUI .  It’s an open-source Today Screen applet that doesn’t replace anything, just adds to it.  When used properly, the Today screen is still there, but instead of displaying the usual Owner Info, Calendar, Email, WiFi Status, etc, it displays this UI.

The UI gives you a finger-swiping controllable UI to get to all your applications, view email, modify settings, etc.  Most programs are simply linked from each of the menu options (i.e. I open Bubble Breaker, it still opens the WinMo Bubble Breaker – the menu bar and app are stock.), and only a few start out linked but you can add to this at any time.

The home screen has a built in weather app, and – major kudos on this one – the home screen will let you change views by sliding.  Drag the typical display screen (Date, Time, Weather, Agenda) from side to side, and you get a ‘rotating’ display of email with subject previews, a world map with your location, tasks, and a slideshow app.  The Start menu remains at the top left for rapid access.  There are also community-developed themes out there for almost anything you want, and designing your own is apparently not all that difficult (I’m too lazy though).

Prior to PointUI I was using Slide2Unlock, an Iphone shell clone, but found major problems when it interacted with the phone app.  It may have just been me, but it would often lock up when I received a call and told it to answer (whether using the slider or the button), and often it would jam to the point I couldn’t make any calls.  On top of that, it would grind my phone to a halt if I had email, a browser, or other app open, when it tried to load it.  Doesn’t help usability much. 

This is probably the best non-invasive (as in, doesn’t require a ROM reload) UI app I’ve come across.  It hasn’t slowed my phone down (a Toshiba Portege G900), and has added a fair amount of functionality as I don’t have to pull the stylus or use the nav keys to go around the screen, open apps quickly, etc.  Gets my vote.