the Zen of Communication.

There are the usual ways to view history through the app, but I had to try and pull the history off an old partition because I needed a link I found right before a drive crashed.

For IE:

More details are found at this site – http://www.milincorporated.com/a-temporary-internet-files.html#ch2 .  The file locations are:

Win2000/WinXP:

C:\Documents and Settings\<username>\Local Settings\Temporary Internet Files\

Vista/Win7:

C:\Users\<username>\AppData\Local\Microsoft\Windows\Temporary Internet Files\
C:\Users\<username>\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\

You’ll have to enable viewing hidden and system files.  That page has a quick rundown about how to do so as well.

There’s a program called IE History Viewer available at this page:

http://www.nirsoft.net/utils/iehv.html

You point it at your profile directory and it lists everything.  It can then spit it out as a CSV file or HTML report.  Very nicely done, and very helpful.

For Firefox:

(More info was found here: http://kb.mozillazine.org/Profile_folder_-_Firefox#Finding_the_profile_folder)  The profile directories are:

Win95/Win98/WinME:

C:\Windows\Application Data\Mozilla\Firefox\Profiles\<profile folder>

or

C:\Windows\Profiles\<Username>\Application Data\Mozilla\Firefox\Profiles\<profile folder>

Win2000/WinXP:

C:\Users\<Username>\AppData\Roaming\Mozilla\Firefox\Profiles\<profile folder>
Once you find your profile, there are two versions of the history file – the Firefox V2 and earlier (history.dat), and V3 and greater (places.sqlite).

For Firefox 2 and earlier, it’s stored in history.dat .  This file is in the “Mork” format which is apparently very rare and a pain in the arse to read.  A program was written called Dork that’s a Mork viewer.  It was available at ” http://www.sunturbine.com/dork/ “, but that page has since been lost.  A copy was retained on the WebArchive, however, at ” http://web.archive.org/web/20070125084419/http://www.sunturbine.com/dork/ “  The zip file was also available for download from there.  In case it’s no longer available I’ve attached the zip file here (dork_history_reader).  He released it as free and open source so I don’t believe i’m violating any copyrights by republishing.

Disclaimer: Not my app, I didn’t write it, and I can’t help fix it if it’s broken.  I’m just making it available again on the interwebs.

Run Dork and drag-and-drop history.dat onto it.  It should decipher your history file.

For V3, the places.sqlite file is in a format called SQLite (clever file name, eh?).  There’s an app called SQLite Browser available on SourceForge.  http://sqlitebrowser.sourceforge.net/   Grab the latest version.  When I wrote this it was 2.0b1 .  Run the program, then open the places.sqlite  file from the profile directory.  You’ll get a list of tables, and one of them will be Places.  That has your history in it.

Now the interesting part about all this is apparently it can be done remotely on another profile directory on your system, or over a network share (\\workstation\c$\users\…), as long as you have permissions to view the file.

Installed cacti from the “easy” installer – http://forums.cacti.net/about14946-0-asc-0.html – which does simplify a lot, but there are a lot of other hacks i’ve had to implement to make it work.

First and foremost, any time the poller runs i was getting “Cannot find module (IP-MIB): At line 0 in (none)”

Repeat about a dozen times for various mibs, and you obviously have a problem.

Under System Properties, Advanced, Environment Variables, there’s a new variable called MIBDIRS .  It’s pointed to c:\php\extras\mibs which in my case, after running the installer, was empty.

TO FIX: Either update this to point to your actual mib directory (mine was c:\usr\mibs , i’ve also seen d:\usr\mibs) or copy your populated mib directory (with IP-Mib and about a dozen others) to c:\php\extras\mibs .  Presto, the poller now runs as it should.

The following is a compilation of the resources I’ve been taking advantage of in configuring MRTG and SNMP on my system.  Given how long they took me to put together and the number of hours I spent trawling, hopefully it will be of some use and a bit of a timesaver.

The App itself -

 

- MRTG itself: http://oss.oetiker.ch/mrtg/
(the documentation section is mostly your friend, but can be unhelpful, especially with a WinNT implementation)

- SNMPBoy: http://snmpboy.msft.net/ . A live demonstration of MRTG for capturing both WS-Man information and SNMP information.  View in IE to use the drop-down menus on the left (that took me days).  His MRTG config is at http://snmpboy.msft.net/pub/mrtg.cfg.txt .  He also has all of the Windows MIBs available.

 

Get MRTG up and running -

 

- Install and Setup MRTG on Windows and IIS: http://www.amset.info/netadmin/mrtg.asp .  A basic installation guide for monitoring an SNMP enabled device. Not much detail, but it got me started. 

- MRTG for Intrusion Detection w/ IIS 6: http://www.securityfocus.com/infocus/1721 .  A very good article, but he jumped from “Here’s how to configure MRTG” to “Here are the VBScripts I use for pulling WMI data”.  I had a lot of in-between work to do.

- Burnett (the author of the above article) posted his config files at: http://www.securityfocus.com/microsoft/images/burnett_MRTG_files.zip .  I used them as a starting point, but what he fails to mention is that OIDs can be different from system to system.  I also bailed on the WMI scripts. 

- Another MRTG/SNMP/Windows config guide: http://www.syslog.gr/content/view/10/99 .  This one had much more detail, but you have to remember configs are unique to the system.

 

Other helpful stuff:

 

- Configure MRTG as a service: http://forums.firedaemon.com/showthread.php?t=45 

- SNMP4tPC: http://www.wtcs.org/snmp4tpc/testing.htm#SNMPUTIL .  An older page, but search results just kept coming back to it.  A lot of the theory is still sound, but be sure you discover the OIDs yourself.  The page also has Microsoft’s legacy SNMPUtil available for download – get it.  (His app turned into SNMP Informant, which I’ve read is very useful.)

- MIBDepot: http://www.mibdepot.com  .  A database of MIBs and OIDs.  Although comprehensive, I have yet to find a way to download a MIB.

- NetSNMP tools compiled for Windows.  http://www.elifulkerson.com/articles/net-snmp-windows-binary-unofficial.php .  The *nix SNMP utils compiled for Windows.  Nice job. 

 

The more I find the more I will add.  Good hunting.

Just bought a series of HP DL360s from a firesale.  AOL was refreshing a datacenter, these things were dirt cheap.  I’ve outfitted one with a pair of UW320 hotswap 72gb drives, but I’m figuring out a mod to put SATA drives in – cheaper, readily available, and don’t require ubercash and ebay to pick up if one dies.  It looks straight forward enough.  From my initial pokings, the SCSI backplane just lifts out.  The power connector is a single molex to the backplane that distributes it to the two drives, so I need a y-cable.

Empty drive trays are $10 a pop, so I’ll use those to lock the drives in place.  I have one outfitted with 4gb ram already which should be enough for most ops.  They’re dual-proc Xeons (single core, no VT) at 2.8ghz, and should make nice dogfood boxes for labs w/ VMWare GSX server.  Once I load test them, know they’re stable and won’t crap out on me, I may replace my dual p3-800 server which hosts my critical stuff.  At the very least, with a cheap SATA raid array, great media and file server.

www.nautilusnet.com was the company.  The chassis were $20 a pop, came with the procs and 1gb ram, no drives.  They had a 3.04ghz model for $30, same outfit (240 mhz doesn’t make that much diff. to me).  The company has everything else needed to outfit them – drives (36 or 72gb), memory kits, and redundant power supplies.  I’ve put in three orders with them now, and they’re awesome to work with.

Disclaimer: I’m not paid nor do I benefit in any way from this plug.  I don’t get kickbacks, gift cards, taken out for free drinks by the sales staff, free gear, logo’d jackets, tote bags, bumper stickers, or any special sale price on equipment.  They’re good people that do a good job and are worth a mention.

I also just bought a Linksys WMP300N PCI Wifi N card, and a WRT600N “Ultra RangePlus Dual-Band Wireless-N Gigabit Router” .  I installed them last night in hopes of getting better “reception” with my home-theater box (which I use for Netflix On Demand, and MS Flight Simulator – rest in peace – on my TV), but ran into a few hurdles configuring the 5ghz N signal.  A post will be forthcoming about that and some mild insanity once I stop foaming at the mouth about the Linksys wifi manager software.

Here’s the scenario:

We’re attempting to set up a trust between two domains – Source.com, and Domain-Baker.com.  But there’s a catch.  We’ll exclude the how’s and why’s, but creating the trust is more complicated than usual because of the routing on the network.  Source.com and Domain-Baker.com can’t ping each other directly, however a domain controller (BridgeDC.Domain-Baker.com) has been placed on a subnet segment that can reach both.  The picture below draws this out a bit – (green = ping, black = network route, red = can not ping)

So the DCs in Source.com can’t reach the DCs at the main site across the map, but they can reach the Bridge DC in the middle.  The BridgeDC can, in turn, reach both sites.

Typically, when you’re creating a trust, you’d create a secondary DNS zone in Domain A (in this case the zone Domain-Baker.com hosted on the DNS server for Source.com, with a master of DNS.Domain-Baker.com), and vice versa (zone Source.com hosted on the DNS server of Domain-Baker.com).  (Diagram:)

This way both domains see the domain controllers available on either side of the networks, the trust gets established using one of the DCs located through DNS, and the trust comes up happily.

Except it fails.  It says it can’t find the domain.  In fact, the error itself was:

The New Trust Wizard cannot continue because the specified domain cannot be contacted.  Either the domain does not exist, or network or other problems are preventing the connection.

But DNS is in place, both zones are replicated, why did it fail?

Only one DC of Domain-Baker.com is reachable by Source.com -  BridgeDC.Domain-Baker.com (see the first diagram).  When Source.com queries “domain-baker.com” from the records that it’s just copied down, it gets a whole slew of resource records and DNS servers that simply aren’t available to it.  It looks something like -

But we know we have the BridgeDC for Domain-Baker.com sitting right there, why won’t it talk to it?  The answer is, it might – it’s a shot in the dark.  One out of 20 or 30 times it might work, because that would be the DC that gets resolved for Domain-Baker.com .  But the timing would have to be just right, and you’d never know when it was lined up.  Obviously a trust that only works one in 30 (or more) doesn’t help anyone.

So how do we force Source.com to only use BridgeDC.domain-baker.com to create the trust?  DNS.

Editing DNS Records to Specify Domain Controller

The goal will be to edit the DNS records hosted in Source.com so that it only knows about BridgeDC.domain-baker.com .  Now before you go jumping into the DNS console and start deleting records, hold on!  Things can get pretty ugly if they’re not handled right.

First you have to make sure you’re editing the right records.  Deleting all the other servers for the zone Domain-Baker.com in your production Active Directory (of Domain-Baker.com) would obviously wipe out half your network.  Yes, Source.com would transfer the updated zone with only the records for BridgeDC, but the ends don’t justify the means in that case.

So we have to make Domain-Baker.com editable within Source.com .  The easiest thing to do:

[I use my demonstration domain names here, obviously you'll have to substitute your domains in their place]

1) From the DNS console of a DNS server in Source.com, create a new secondary zone (yes, secondary) called Domain-Baker.com .

2) When it asks for the IP address to copy the zone from, put in the IP address of BridgeDC (or any other DNS server that has a copy of the target zone).

3) Confirm the zone, and watch it populate.

Now, this is going to be a complete copy of the zone, full of records for servers we can’t use.  So, lets get rid of them.

1) Open the properties of the zone.  Change the type of zone from Secondary to Primary (making the zone AD Integrated is your choice).

2) Under the Zone Transfers tab, turn OFF zone transfers.

3) Under the Name Servers tab, pull out the DNS servers listed for Domain-Baker.com.  We don’t want our other servers making queries on the complete copy of the zone!

Now, we’ve just made the zone Domain-Baker.com editable within Source.com, we’ve made sure our changes will NOT replicate to Domain-Baker.com (and thus screw up the network quite royally), and we’ve made sure that this will be the only server to host this record.  So lets get to wiping the other servers.

Expand the zone, and you’ll probably see a great number of records and servers.  Because of the way Active Directory works, there’s a lot of information in there about all of the AD Sites, servers at each site, workstations, etc etc.  DNS, you may not know, is one of the most crucial parts of Active Directory.  Because of this unique issue, we need to sort through those records and servers, and pull out the ones we don’t want. 

Go through each folder from the top down, and delete any Name Server (NS), Service Location (SRV) record, or a No Name A record (“Same as parent folder”), that is NOT the domain controller we want to use (in this case we want BridgeDC.domain-baker.com / IP 172.16.56.4, and don’t want the others).  You’ll have to go through each and every folder inside the Domain-Baker.com zone to delete the extraneous records.  The end result should look like:

Multiple DNS Servers in Source.com

Now, if you have multiple DNS servers within Source.com, you’ll need to set them to only query your DNS server which has the Domain-Baker.com zone, any time they run a lookup (unless your zone is AD Integrated, in which case skip this step).  On each other DNS server:

1) Open the server properties (DNS console, right click the Server, click Properties),

2) Open the Forwarders tab,

3) Create a new forwarder for Domain-Baker.com,

4) Put the IP address of the DNS server which we just edited the records on.

This ensures that only your edited copy of Domain-Baker.com is queried from your source domain.  After making changes to DNS servers, especially when they’re across the board, its good practice to restart each DNS service, and on each DC run

ipconfig /flushdns
and
ipconfig /registerdns

Creating the Trust

DNS should now be configured so that from any server in Source.com, you can ping Domain-Baker.com and only reach BridgeDC.domain-baker.com (again, substitute your hostnames/domains here).  You should also be able to nslookup domain-baker.com and only receive BridgeDC.domain-baker.com or its IP address.

Once that’s confirmed, create the trust.  I suggest you do this from the Source.com side – I tried to run it from Domain-Baker.com and discovered that it was asking one of the back-end DCs that couldn’t reach Source.com to establish the trust.  Once I ran it from Source, everything worked great.

You may receive an error indicating the trust could not be validated, because there isn’t a workstation or computer account created.  (Or words to that effect).

Open Microsoft Support Article 246264 (http://support.microsoft.com/kb/246264).  It says that the Trust may validate itself, even though it throws this error.  Sure enough, once I told it to validate, then got the error, had it reset the password, then told it to validate again (only reset the trust password once), it returned successful.

Presto, trust completed, using one DC as the “gateway”.

Recap

I don’t normally do this, but in this case it’s easy to get confused.  So here’s the bullet points.

• Attempting to set a trust between Source.com and Domain-Baker.com using BridgeDC.domain-baker.com as a “gateway” or “bridge”
• First created a secondary DNS zone in Source.com of Domain-Baker.com, replicated a complete copy of the zone from BridgeDC.
• Changed Secondary Zone to Primary zone.  Disabled Zone transfers and updates.
• Deleted any other SRV, NS, or NoName-A records that weren’t BridgeDC.domain-baker.com
• This makes Source.com think that the only server in Domain-Baker.com is BridgeDC.
• Set up the trust, Source.com now uses Domain-Baker.com for the trust (because it doesn’t know any better).

And that oughta do it.

I run VMWare on my laptop.  I use it for older Windows distros (’95 and 2000 – ’95 is the only thing that will sync with my Newton!), and I have a couple of Linux distros which I run when I have time to work on them, or when I need special networking services.  The problem is, I don’t run VMware all day every day.  In fact, there are some weeks I don’t run it at all.

VMware (and Microsoft VirtualPC) runs services in the background to give it networking support – allowing both your VM guest and your host to share a network card, to set up the "virtual" network lab (where your guests are isolated from your actual network, but they can all talk to each other and the host), etc.  There are four main services that start automatically in total:

VMware Authorization Service
VMware DHCP Service
VMWare NAT Service
VMware Virtual Mount Manager Extended

There’s also the VMWare Agent Service, but this is set to manually start, and is probably invoked by VMWare itself (I’ve never seen it running, so I can’t say for certain).

These four started services probably don’t consume a lot of resources – I’ve rarely seen them above 3 or 4 mb of memory usage, and minimal proc usage.  But they do load drivers into the network stack.  If you take a look at your protocols and drivers in the Network Properties page you’ll see the VMWare Bridge Protocol (Virtual Machine Network Services is for VirtualPC, and is also required for networking support in VPC machines).  Again, these are only used for guest OSes, so they’re not required for typical network operations (getting a DHCP address, surfing the web, checking email, etc.). 

Every once in a while though, I’ve had a VMWare error pop up, even though VMware was never started.  So I decided to stop VMWare from starting automatically, and require my action to turn the services on.  This will keep the services from loading, chewing up memory, but most importantly prevent attaching unnecessary active services to the network card.

First set those four services to start up manually, rather than automatic.  (I’ll put screenshots up here when I have a moment, but it’s done from the Administrative Tools\Services MMC).  Once they’ve been changed to manual, either reboot or just stop them by hand (right click the service, stop).  Then I wrote the following script into a batch file that I named "Vmware-Start.bat"

net start vmauthdservice
net start vmnetdhcp
net start "vmware nat service"
net start vmount2

I didn’t write a full batch script with the echo cmds etc, mainly because I’m not a coder so I have little to no clue about proper syntax without an awful lot of googling, but secondarily because for net start and stop commands, it’s just not needed.  [Please post dissenting opinions if you have them, I'd like to get my scripting skills up a bit.]

So those four lines are used to start the VMware services, when I need to open VMware.  These next four lines were put into another batch file named (you guessed it) "VMware-Stop.bat"

net stop vmauthdservice
net stop vmnetdhcp
net stop "vmware nat service"
net stop vmount2

Save the scripts into the \Program Files\VMware\ directory, and create shortcuts to them.  Put the shortcuts on your desktop (I put mine into the VMware start menu group).  Each time you want to run VMware, you’ll need to run the Start batch file, and when you’re done with VMware you can run the Stop batch file.  This will give VMware everything it needs to run effectively, and keep services offline when you don’t need them. 

It may just be a USB drive…

I was working on a client’s Small Business Server today. It had been some time since they’d had updates run, so I installed Server 2003 SP1, SBS 2003 SP1, then rebooted to prepare for Server 2003 SP2. After I’d rebooted, the server posted, loaded Server 2k3, and just before the expected ‘Preparing network connections’ I got a message that ‘The Active Directory is Rebuilding Indices’. Assuming it was something to do with the Service Packs I’d just loaded, I let it sit for a short while. Well, 20 minutes later it hadn’t made any progress, the disks were still idle, and my client was understandably wondering how much more time they’d be billed for this screen saver equivalent.

Rather than hardboot the server while it was still loading, I began to research exactly what the problem could be. I found several posts about the message having to do with VSS, others explaining that pulling the power cable to shut down the server isn’t the most advantageous method (nice), others offering that it may be the AD catalog has gone belly up and would need restoring (makes sense, but I really hoped not), and some suggesting that RAID hardware may be failing – either the controller or a drive in the array.

Well, this server was on a RAID array, which made my pulse quicken. But I’d seen no other signs of failed hard drives – the controller booted fine, no errors with the disks, chkdsk wasn’t offering itself up for sacrifice upon every boot. Didn’t seem like a failing array.

This post made mention of a corrupted USB driver, and how the poster’s server rebooted fine when there wasn’t a USB hard drive. I instantly thought back to the time I gave myself a heart attack when a clients server displayed ‘OS Not Found’ after I tried to reboot it, inadvertantly with a USB hard drive attached. (I turned off Booting from a USB Device shortly after that).

Well, I looked at the server I was working on, and sure enough there was a USB hard drive attached that my client used for backing up data. The disks weren’t being read (either the RAID or the USB) while it was stalled, so I thought what the hell. I turned off the power to the USB drive, disconnected the USB cable, and within seconds the server moved on to ‘Preparing Network Connections’.

So in conclusion, the ‘Active Directory is Rebuilding Indices’ message during boot may be indicative of a stalled drive or accessory. Check for a USB peripheral, an external SCSI disk drive, or maybe something using firewire. If you have any such devices, try turning them off (little bit tougher with external SCSI drives, but feasible if there’s nothing critical), and then try rebooting. I didn’t run into the message again, and it saved me a complete AD restore from tape, let alone uninstalling and reinstalling service packs and hotfixes.

While this is probably fairly common knowledge I thought I would round up the information and experience I had gathered and present it from the perspective of someone who is new to networking. While I’m sure this is also possible under Linux I’m not that experienced in that OS – maybe later.

Items:
Laptop or PC (should be located on the same network as device to be sniffed)
Software (my experience was positive using Wireshark, formerly Ethereal)
Administrative access to the Laptop or PC

Overview:
Installing Wireshark will provide you with the ability to do some basic sniffing of a remote Windows PC but unless that PC routes its network traffic directly thru Wireshark some traffic will go undetected. Initially I tried adding a secondary network adapter and physically running the remote device traffic thru the laptop using a network bridge. This worked for about 5 seconds and then the remote PC stopped working. After doing some more research I found a simpler method (other than just running Wireshark on the PC) was to enable my laptop to accept VPN connections. Then on the remote PC I set up a VPN connection to point to my laptop. I then started up the VPN on the remote PC to my laptop and the started up Wireshark on my laptop. This worked very well and allowed me to successfully see all traffic to and from the remote PC.

Details:
How to enable the acceptance of VPN traffic
- Create a local user account (does not have to be an administrator)
- Click on Start | Settings | Control Panel
- Open Netowrk Connctions
- Open New Connection Wizard
- Click Next.
- At Network Connection Type select Set up an advanced connection. Click Next.
- At Advanced Connection Options select Accept incoming connections. Click Next.
- At Devices for Incoming Connections do not select any item. Click Next.
- At Incoming Virtual Private (VPN) Connection select Allow virtual private connections. Click Next.
- At User Permissions select the user you created above. Click Next.
- At Networking Software make sure Internet Protocol (TCP/IP) is checked. Click Next.
- Click Finish

How to set up remote PC to connect to laptop’s VPN.
- Click on Start | Settings | Control Panel
- Open Netowrk Connctions
- Click Next.

- At Network Connection Type select Connect to the network at my workplace. Click Next.
- At Network Connection select Virtual Private Network connection. Click Next.
- At Connection Name enter name to describe VPN connection. Click Next.
- At Public Network select Do not dial the initial connection. Click Next.
- At VPN Server Selection enter the laptop name (or if the laptop is not registered in DNS it’s IP address). Click Next.
- At Connection Availability choose who may use this connection. Click Next.
- At Completion of New Connection Wizard you can select Add a shortcut to this connection to my desktop. Click Finish.
- When opening up the VPN connection use the user ID created on the laptop to establish the connection.