Windows 2012 R2 network trace

OS: Windows 2012 R2

For years, I used to get upset when I knew that a simple network trace would give me the answer to an issue only to find that netmon or an equivalent was not installed on the server. Well, with the later versions of Windows, the “netsh trace” command is there to help. Netsh is a very powerful command that I continue to turn to for help.

Just a few of the “netsh trace” options:
report: Creates an HTML report file that I found pretty useless. However, this also creates a CAB file that contains potentially a lot of useful information.
scenario: You can choose different scenarios. I chose NetConnection, but I just wanted to capture the traffic.
persistent: If yes, the trace will restart when the server is rebooted. Would almost never want that on, which is the default.
maxsize: To specify the maximum size of the trace file. the default is 250MB.
correlation: The will try to group related packets together.
tracefile: The name and location of where you want the file(s) to be saved.

Start a trace:

C:\>netsh trace start scenario=NetConnection capture=yes report=yes persistent=no maxsize=1024 correlation=yes tracefile=trace.etl

Trace configuration:
——————————————————————-
Status: Running
Trace File: trace
Append: Off
Circular: On
Max Size: 1024 MB
Report: On

Stop a trace:

C:\>netsh trace stop
Correlating traces … done
Merging traces … done
Generating data collection and report … done
The trace file and additional troubleshooting information have been compiled as
“C:\trace.cab”.
Tracing session was successfully stopped.

If you open up the etl file using NetMon and see the following messages in the description:

MicrosoftWindowsTCPIP: Windows stub parser: Requires full Common parsers. See the “How Do I Change Parser Set Options(Version 3.3 or before) or Configure Parser Profile (Version 3.4)” help topic for tips on loading these parser sets.

Then, you need to enable to Windows Parser under Parser Profiles in Network Monitor. In version 3.4, it is in the top right corner of the window. In the Options, you can set it to be the default parser profile.

Save iPhone voicemail from an iTunes backup.

OS: MacOS Mavericks
iPhone 5s

Voicemail messages are stored in the backup, and saved as one file per message. Nice. Backups are stored in:

~/Library/Application\ Support/MobileSync/Backup

Within the Backup directory, there directories of backups for all your iDevices. I made it easy on myself by performing a backup just prior to saving the my voicemails.

Launch Terminal.

Go to the backup directory:

$ cd ~/Library/Application\ Support/MobileSync/Backup

List the files/directories and sort by date:

$ ls -trl

The last directory, in my case, was the one with the most recent backup I had just completed.

Make a copy of this directory to mess around with:

$ cp -rp 44e1c7c3d719bd24e3b9dd1aa87eb924c9153ff5 /Users/jgz/TestBackup

Change directories to the where you made your copy:

In my case:

$ cd /Users/jgz/TestBackup

Then, identify the voicemail files using the file command:

$ file * | grep “Adaptive Multi-Rate Codec”

This will list all of the voice mail messages in the backed up.

Rename the files with an .amr file extension, and play them in QuickTime. Once, you find the ones you want to keep, export them as Audio only files (m4a) to keep.

Fixing yum

OS: CentOS6

I was getting a bunch of duplicate package messages when I tried to update one of my servers. It had been a while and I didn’t remember what I might have done, but I suspect that I stopped a yum update in the middle to cause all the duplicates.

Here are a list of commands that I used in the past to get yum working again:

Complete any unfinished transactions, if it was stopped in the middle at some point:

# yum-complete-transaction

Will clean all cached data:

# yum clean all

List duplicate packages:

# package-cleanup –dupes

Remove duplicate packages:

# package-cleanup –cleandupes

Minicom + Ativa USB to serial adapter on a Macbook

Well, I finally broke down and went for a USB to serial adapter, because I was getting tired of creating computer rooms hazards by running console cables into the back of servers with serial ports. And I have had to do this quite a bit lately. My primary mobile desktop is an old MacBook (early 2008) running Mavericks.

I bought an Ativa adapter from Office Depot. The key to getting it work, is to make sure you use the correct driver. The Ativa adapter was easy. I downloaded the driver from http://nozap.me/driver/osxpl2303/index.html/. I downloaded NoZAP-Pl2303-10.9-installer.dmg, since I am running Mavericks. I mounted the DMG, and the ran the package in the mounted DMG.

Then, I downloaded and installed minicom from: http://pbxbook.com/other/mac-tty.html#minicom.

The next issue is finding the correct device file. My first guess at a newly created tty file in /dev did not work. Next time, I looked a little closer and found a file called usbserial. Too obvious.

I launched the minicom setup:

/opt/minicom/current/bin/minicom -s

Then, configure and save the configuration as outlined in http://jim-zimmerman.com/?p=916, except use /dev/usbserial for the serial device file. Permissions and Terminal settings were fine. I didn’t have to change them from the defaults.

Now, I can use my laptop to access my Cisco equipment.

Windows 7 – Reset local account password

I used to use a linux based floppy for reset forgotten local passwords on Windows machines. I haven’t really kept up with whether those solutions still work or not, especially since they do not really seem needed any longer. There are a couple loopholes in the Windows 7 login interface that can allow you access to an administrator command prompt to issue a “net user” command to change the password. Both use the same kind of procedure. One replaces the sticky key command and the other the shutdown/restart button action.

Boot off of your installation DVD.

Proceed until you get to the second or third screen, and select “Repair your computer.”

This will then detect your Windows installation, and bring up a menu with five or six options to choose. Select the “Command Prompt” option.

From the command prompt, you are going to create a backup of the files you are going to replace with the command prompt executable.

Sticky key option:

copy D:\WINDOWS\SYSTEM32\SETHC.EXE D:\
copy D:\WINDOWS\SYSTEM32\CMD.EXE D:\WINDOWS\SYSTEM32\SETHC.EXE

or

Shutdown/Restart button option:

copy D:\WINDOWS\SYSTEM32\UTILMAN.EXE D:\
copy D:\WINDOWS\SYSTEM32\CMD.EXE D:\WINDOWS\SYSTEM32\UTILMAN.EXE

Exit out of the Command Prompt and reboot.

Once the machine has rebooted use the following to access the adminstrator Command Prompt.

Sticky key option:
Press the Shift key five times.

Shutdown/Restart button option:
Click the red Shutdown/Restart button in the bottom right corner of the logon screen.

Once you have the Command Prompt up enter:

net user MyUserName MyNewPassword

You should get a message stating that the command completed successfully.

Don’t forget to copy the backup SETHC.EXE or UTILMAN.EXE in the D:\ drive back to D:\WINDOWS\SYSTEM32.

copy D:\SETHC.EXE D:\WINDOWS\SYSTEM32\

or

copy D:\UTILMAN.EXE D:\WINDOWS\SYSTEM32\

CUPS notes

OS: Ubuntu 12.04 LTS

I decided it was about time to solve a couple issues that seem to constantly come up for me when it comes to using CUPS in linux for printing.

The first was getting access to the configuration page from a machine other than the console. To do this you have to modify the /etc/cups/cupsd.conf file.


# JGZ – 3/26/2014 – To listen on the eth0 interface
Listen 10.10.10.9:631

# Restrict access to the server

Order allow,deny
# JGZ – 3/26/2014 – To allow access to /
Allow all

# Restrict access to the admin pages

Order allow,deny
# JGZ – 3/26/2014 – To allow access to /admin
Allow all

# Restrict access to configuration files

AuthType Default
Require user @SYSTEM
Order allow,deny
# JGZ – 3/26/2014 – To allow access to /admin/conf
Allow all

After the changes are made to the /etc/cups/cupsd.conf file, you need to restart cups:

# service cups restart

The next issue I had is the default size of the font. I frequently print files I create in vi or configuration files or scripts, and the font is too big by default to make the document readable. For this, I added the following to the printers.conf file in /etc/cups.


# JGZ – 3/26/2014 – decrease default font size
Option cpi 15.000000
Option lpi 9.000000

I put this un the ErrorPolicy line in between the and directives. If you have multiple printers, make sure that myprinter is the printer that you want to modify. Obviously, when you look at the printers.conf file, you will find many other options you can modify. In my case, I had to add the missing entries (see man printers.conf). For this change, you do not need to restart cups.

Windows Group Policy Results

The following tools can be used to review group policies.

Since Windows Vista SP1:
rsop.msc

To view the policies applied to the computer you are logged into:
gpresults

To force a policy update:
gpupdate /force

Used in concert with rsop:
gpinventory.exe

Add DNS search suffix in Ubuntu

Sometimes I hate change, and this is one. I just want to edit the /etc/resolv.conf. The search suffix in Ubuntu can be added by adding the following to the /etc/network/interfaces file:

dns-search domaintosearch

For example, on my Ubuntu client:

# cat /etc/network/interfaces
auto lo
iface lo inet loopback

# The primary network interface
auto eth0
iface eth0 inet dhcp
dns-search jim-zimmerman.com

I am not sure if the network needs to be restarted. I did restart it by:

# service networking restart

Import PST into Exchange 2013 mailbox.

I was trying to use New-MailboxImportRequest to import a PST file into a mailbox. From EMS, I kept getting the following error:

“The term ‘New-MailboxImportRequest’ is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again”

I had to enter the following to get the necessary permission:

New-ManagementRoleAssignment –Role “Mailbox Import Export” –User UserImporting

I did this for the Administrator account, so:

New-ManagementRoleAssignment –Role “Mailbox Import Export” –User Administrator

Then, I was able to import the PST mail. With following command the email was put back into the same folder as when the mail was exported:

New-MailboxImportRequest -Mailbox mailboxname -FilePath UNCToFile

I imported the PST into a mailbox with an alias of jim:

New-MailboxImportRequest -Mailbox jim -FilePath \\SERVER1\c$\jim.pst

Change DC IP address.

If you are going to change IP address of a domain controller, there are a couple things you should do afterwards to ensure that the DNS is in order.

First, go ahead and make the network modifications on the domain controller (IP address, mask, gateway, DNS, etc.).

Then, register the changes with the DNS using:

ipconfig /registerdns

Then, use the following to ensure that the service records are properly updated in the DNS as well. This could really mess things up if not correct, so do the following to make sure:

dcdiag /fix

Return top

INFORMATION