Thursday, December 31, 2015

Awesome Star Wars ASCII Animation

With the recent release of Star Wars: The Force Awakens, I figured that it's an opportune time to share this.

When you have a couple minutes to kill, telnet to towel.blinkenlights.nl for some awesome Star Wars ASCII animation.


Tuesday, December 29, 2015

Calculating MD5 Checksum in Windows

Thanks to PowerShell, you can calculate the MD5 checksum of a file in Windows without having to download any additional utilities.

For these examples, I'm going to be using a file called asa924-k8.bin with an MD5 checksum of 4558b27d0dd7ba1751e43b0ba33593a3.

The example file's download page showing its MD5 checksum

To calculate the MD5 checksum of a file, open a PowerShell window and run this command.

Get-FileHash -Algorithm MD5 'C:\Path To\YourFile.exe'


If you want to take it a step farther, you can compare the file's calculated MD5 checksum against the original MD5 checksum that you got from the download page (or wherever) with this command.
Hint: You can paste into PowerShell by right-clicking.

(Get-FileHash -Algorithm MD5 'C:\Path To\YourFile.exe').hash | Compare-Object <Original MD5 Checksum> -IncludeEqual

Output when the checksums are equal

Output when the checksums are not equal

Thursday, December 24, 2015

Permitting PPTP VPN Connections through a Cisco ASA

I had a client who uses a PPTP-based VPN client to connect to one of his customer's networks. He was having trouble getting his VPN client to connect after a new ASA was installed on their network. Fortunately, all I had to do was enable PPTP inspection.

To enable PPTP inspection, SSH or console into your ASA and run the following commands in global config mode.

ASA(config)# policy-map global_policy
ASA(config-pmap)# class inspection_default
ASA(config-pmap-c)# inspect pptp

Friday, November 20, 2015

Lenovo Warranty Experience

In this post, I'm going to talk about my recent experience with Lenovo's warranty repair department. The laptop that I had repaired is my personal laptop and is from their consumer line of products.

A little while back, I purchased a Lenovo U31. I ordered the it directly from Lenovo and received it in about a week directly from their factory in China. The model that I got came with a 500 GB SSHD (Solid State Hybrid Drive), which I immediately swapped out for a 500 GB Samsung 850 Evo SSD. Overall, I was pretty happy with the laptop. It was less expensive than similarly spec'd models from other manufacturers, and it worked well for what I use it for - mostly web browsing and casting content to my Chromecast.

After using the laptop for a while, I noticed that the lid sensor wasn't working - when I closed the lid the display would stay on and the computer wouldn't go to sleep. I was bummed at the prospect of having to be without my brand new toy while it was being repaired, but hey, defects happen. That's whey they have warranties. I called Lenovo and they emailed me a prepaid shipping label to send the laptop to their repair center in Grapevine, TX.

I removed my SSD and reinstalled the factory hard drive in the interest of not sending in any personal data. I also figured that the drive would probably end up getting re-imaged (it did).

I was told that the repair would take 5-7 business days - pretty standard for a consumer-grade product. That time frame went out the window when there was a "service parts shortage" and the repair was put on hold. Lenovo ended up being in possession of the laptop for over a month before the repair was completed.

Tracking history for my support case

When I finally got the laptop back, there were a few grease/dirt stains on it that definitely weren't there before. This wasn't a big deal since I was able to remove them with a little rubbing alcohol, but it was still an annoyance.

The biggest issue that I had was when I went to reinstall my SSD. I discovered that they didn't reinstall the screws that secure the hard drive caddy to the chassis. Really?! Fortunately, I was able to scavenge some screws that would work from my collection of old computer hardware.

I like the laptop, but based on my experience, Lenovo's infrastructure leaves much to be desired.

Friday, October 30, 2015

Showing "This PC" Icon on the Desktop on Windows Server 2012 R2

It's been years since Microsoft has shown the My Computer (now known as Computer or This PC) icon on the desktop by default, but myself and many other admins feel lost without it. Restoring this icon in Windows Server 2012 R2 isn't as straight forward as it is on modern desktop versions of Windows.

Most of the guides that I've come across advise you to install the Desktop Experience features through the Add Roles and Features wizard. While this works, it installs a lot of unnecessary crap that most servers don't need. More importantly, there is an easier way to do it.

Bring up the start screen, search for "common icons" and click on either of the results.


You'll be greeted with the familiar Desktop Icon Settings window.


Tuesday, October 20, 2015

Digi CM 32 & Digi CM 48 Fan Replacement

My Digi CM 32 terminal server's fan was making a grinding/rattling noise, indicating that the fan was in the beginning stages of failure and in need of a replacement. This is usually due to the use of a cheaper sleeve bearing fan rather than a ball bearing fan.

I decided to preemptively replace the fan on my CM 48 while I was at it, so this guide will cover both models. My CM 48 is the dual power supply model, so there may be some slight variances if you have the single power supply model.

What You'll Need

  • Phillips screwdriver
  • Small flat blade screwdriver
  • Small cable ties
  • Replacement fan - I'd highly recommend getting a ball bearing fan.
    • The CM32 uses a 40mm, 12 volt, 3 wire fan.
    • The CM 48 dual power supply model uses a 40mm, 5 volt, 3 wire fan. I would assume that the CM 48 single power supply model uses the same fan, but I don't have one so I can't confirm that. If you have a single power supply CM 48, I'd recommend removing the fan and double checking the voltage before ordering a replacement.

Fan Replacement Process

1. Remove the rack ears.

2. Remove the case screws indicated in the pictures below.

Left side

Right side

Top
3. Remove the top cover by sliding it straight back.

CM 32

CM 48 Dual Power Supply

4. Use a small flat blade screwdriver to pry the locking tab slightly forward and remove the fan connector by pulling straight up.

Fan Locking Tab

5. Remove the fan screws, remove the fan, and install the new fan. Use some small cable ties to clean up the excess wiring.

Fan screws
CM 32 with the new fan installed. The replacement fan that I used is about twice the thickness of the original fan, but the case accommodates it with no problems.

On the CM 48, there is a clear plastic sleeve around the fan wires. This is probably there to protect the wires from heat because they rest on top of the power supply. Rather than hacking up the new fan wiring to transfer the sleeve, I just used cable ties to route the wiring so it doesn't touch the power supply.

CM 48 with the new fan installed and wiring cleaned up.

6. Re-assemble everything and test

Sunday, October 11, 2015

Migrating a Windows Media Center Installation

Recently, I did a small refresh of my home theater PC. I installed an SSD for the OS to live on and used the 1 TB platter drive that was already in there for recorded TV storage. I also ditched Windows 7 and did a fresh install of Windows 8.1 (no Windows 10 since Microsoft dropped WMC).

These are my notes from the process.

Export Current WMC Settigns and Content

I used Sean's WMC Backup to create a backup of my recording schedule. For whatever reason, most of the shows that I have set to record didn't show up in the list, but I used Notepad to look at backup file that was generated and everything was there there, so don't worry if you don't see everything.



I also grabbed a backup of my channel lineup. Sean warns that this feature is experimental and may or may not work. It worked for me, but your mileage may vary.



Finally, I copied all of my recorded TV, along with any other files that I wanted to keep, to an external hard drive. Recorded TV is stored in "C:\Users\Public\Recorded TV" by default.

Disconnect the Platter Drive and Install the SSD

I'm leaving the platter drive disconnected during the fresh installation so that it will be easy to roll back if everything goes horribly wrong.

Install Windows 8.1 and WMC

I installed Windows 8.1 along with all the necessary Windows updates and drivers.

Next, I installed the software for my SiliconDust HDHomerun Prime tuner.

Finally, I begrudgingly paid Microsoft $10 and installed WMC.


See this page if you need more information on installing WMC on Windows 8.1. Basically, WMC isn't included with Windows 8.1 out of the box like it was with Windows 7. You can get it, but you'll need to buy a feature pack. If you have Windows 8.1 Pro, the WMC pack is $9.99. If you have the non-Pro version of Windows 8.1, you'll have to buy the Pro pack which will upgrade you to Pro and includes WMC. This pack is $99.99. Ouch!

Import WMC Settings

Open Sean's WMC Backup and restore the backup data. After that, take a few minutes to test out WMC. Make sure that live TV works, and that your recording schedule is there.


Everything imported without any problems, but my guide was blank. To remedy this, force an update of the guide listings by going to Tasks > Settings > TV > Guide > Get Latest Guide Listings.



Re-Connect Platter Drive and Format

Now that I'm confident that the new installation is good to go, I reconnected the platter drive and formatted it.

Change WMC Recording Storage Location

Do this by going to Tasks > Settings > TV > Recorder > Recorder Storage.


Restore WMC Content

Now that WMC is using the platter drive for storage, I copied my Recorded TV from the external hard drive to the platter drive. After restarting WMC, my recorded TV from the previous installation is all there.

Run a Channel Auto Select

Your tuner will usually pick up some channels that are there, but you can't watch because they aren't included with your cable package. WMC has the ability to scan all the channels and automatically disable the ones that aren't available.

To do this, go to Settings > TV > Guide > Edit Channels, and choose the option for Auto Select. The scan can take a couple hours, and all your tuners will be tied up while it is running, so it's best to do it at a time when you don't want to watch TV and don't have anything scheduled to record.

Auto Select Channels

Your tuner will be unavailable while the scan is running

Tuesday, September 22, 2015

IIS not Listening on Port 80

I was helping a client migrate an IIS web server from an aging on-site machine to a hosted VPS (Virtual Private Server). I ran into an issue with the VPS where I was getting a connection refused error whenever I tried to visit any of the sites hosted on the machine.

For testing, I set up a binding on one of the sites for 127.0.0.1:8080. When I browsed to this address on the server, the site loaded, so at least IIS wasn't completely dead.

This led me to suspect that IIS wasn't listening on the machine's other IP addresses. I ran a quick netstat to confirm this.

netstat -an | find ":80"

Sure enough, IIS was only listening on 127.0.0.1.

IIS is only listening on 127.0.0.1. Ignore the listener on port 8080 - this was set up for testing and was later removed.
The /i (ignore case) flag isn't necessary for this command to work since we aren't filtering any letters, but I tend to use it out of habit.

There are two ways to remedy this. I performed these steps on a Windows Server 2012 R2 machine, but they should work on pretty much any version of Windows Server.

Method 1: Delete the 127.0.0.1 Listener (Recommended)

The easiest way to fix this is to simply delete the 127.0.0.1 listener. This will cause IIS to listen on 0.0.0.0 (all IP addresses).

Open an elevated command prompt and run the following commands.

netsh
http
show iplisten

This will run netsh, switch to http mode, and list the current port 80 listeners, allowing you to quickly confirm what you have.


Next, run these commands.

del iplisten ipaddress=127.0.0.1
exit
iisreset

This will delete the listener on 127.0.0.1, exit netsh, and do an iisrest.


Run netstat again and you should now see IIS listening on 0.0.0.0.


Method 2: Add Listeners for Specific IP Addresses

The second options is to add listeners for specific IP addresses. I prefer the first method as this method has the potential to create a headache down the road if someone changes the machine's IP or adds additional IPs and doesn't know that you did this.

This starts off the same as the first method, but instead of deleting the 127.0.0.1 entry, use this command to add a listener for each IP that you want to listen on.

add iplisten ipaddress=x.x.x.x

When you're done adding listeners, do an iisreset, use netstat to confirm that the changes were successful, and you're done.

References

Monday, September 21, 2015

Restoring Spell Check Functionality in Notepad++

The spell check plugin is disabled by default in version 6.8 of Notepad++ due to a stability issue.


As of this writing, the stability issue appears to be resolved. The plugin will presumably be re-enabled by default in a future release, but it's easy to manually enable the plugin in the meantime. I have not had any issues since re-enabling spell check, but your mileage may vary. If you run into any problems, you can simply disable the plugin again.

To re-enable the spell check plugin, go to Plugins > Plugin Manager > Show Plugin Manager. Locate DSpellCheck in the Available tab and install it.


After restarting Notepad++, spell check functionality should be restored.

Sunday, September 13, 2015

Connecting to a Serial Console in Mac OSX

This post will cover a few methods of connecting to a serial console in OSX. It assumes that you already have a USB to serial converter with the drivers installed. If you're using an FTDI-based converter, OSX drivers are available here.

Screen

OSX comes with text-based utility called Screen that lets you connect to serial ports.

To use Screen, open a terminal and run the following command:

ls /dev/cu.*

This will tell you the name of your serial port. In my case the the serial port is /dev/cu.usbserial-FTG6HDUZ.


Next, run this command:

screen /dev/cu.usbserial-<yourserialportname> 9600




This will open a connection to the serial port at 9600 baud.

Screen running with a serial connection to a Cisco ASA

To close the connection, press Control-A, followed by Control-\.

Confirmation dialog when closing the connection

If you don't close the connection, the port will remain in use and you'll get an error if you try to connect to it later. If you have a session that you didn't disconnect from, you can reconnect to it with the screen -r command.

If you had more than one active session, you will be informed of this and given a list of session numbers.



If you're not sure which session you need, you can run the following command and it will list session numbers along with device names.

lsof | grep usbserial


Below are some additional command-line options that can be used with Screen

<baud_rate>
Usually 300, 1200, 9600 or 19200. This affects transmission as well as receive speed.

cs8 or cs7
Specify the transmission of eight (or seven) bits per byte.

ixon or -ixon
Enables (or disables) software flow-control (CTRL-S/CTRL-Q) for sending data.

ixoff or -ixon
Enables (or disables) software flow-control for receiving data

Serial Console Apps with a GUI Front-end

There are several good options if you want a serial console app that has a GUI front-end. All of the paid apps listed below have free trials available.

CoolTerm (free)

I tried a few freeware serial port applications and had the best luck with CoolTerm. CoolTerm works well, but some settings need to be tweaked for it work properly with Cisco gear.

First, click the Options button. In the Serial Port section, select the correct serial port from the drop-down menu and set the rest of the settings as shown in the screenshot below.

Serial Port settings for Cisco devices

Next, go the the Terminal section and configure your settings as shown below.

Terminal settings for Cisco devices

You may want to save these settings so you don't have to change them every time you use the program.

CoolTerm connected to a Cisco ASA

Serial ($29.99)

Serial is the least expensive of the paid apps. A nice feature of this app is that it has built-in support for most USB to serial converters, so there's no need to manually install drivers.

Serial detected my USB to serial converter with no problems

Configuring Serial's terminal with Cisco settings

Serial connected to a Cisco ASA


SecureCRT (starting at $99)

SecureCRT is my favorite terminal emulator on Windows. I haven't used the Mac version extensively, but at first glance it seems to be on par with its Windows counterpart.

SecureCRT connected to a Cisco ASA



ZOC ($79.99)

ZOC is another nice paid option.

Accessing ZOC's serial port settings

ZOC serial port settings for Cisco

ZOC connected to a Cisco ASA


References


Monday, September 7, 2015

Cisco ASA 5505 RAM Upgrade

I recently acquired a Cisco ASA 5505 for my home lab. It's an older unit that was manufactured before February, 2010. This means that it only has 256 MB of RAM. In most instances, running version 8.3 or later of the ASA software requires 512 MB of RAM. See this page for more details.

If you run one of these later versions without 512 MB of RAM, you'll get a warning like the one below at boot.


Since I want to be able to run the latest and greatest software, a RAM upgrade is in order.

Issuing the show version command shows how much RAM you have. It's time for an upgrade!


A Word of Caution

While this guide doesn't cover software upgrades, I feel that it's important to mention this since software and memory upgrades often go hand-in-hand.

Tread carefully if you're in a production environment and planning to upgrade from a pre-8.3 software version to 8.3 or later. A lot of changes were made in 8.3 and bad things will happen if the upgrade isn't performed correctly. A good write-up of the changes, as well as the correct upgrade procedure is available here.

Since I'm doing the upgrade on a lab ASA that doesn't have any meaningful configuration on it, I'm just going to upgrade straight to the latest version then do a write erase afterwards to clean up any residual weirdness.

Type of RAM Needed

The ASA 5505 uses 184-Pin DDR1 400 MHz (PC3200) RAM. ASAs are known for being picky about RAM, so I wouldn't buy any RAM that isn't specifically listed as being compatible with the 5505. However, if you have a stick of this type of RAM laying around, give it a try. It might just work.

If you're going to buy the RAM, you can expect to pay a small fortune if you source the RAM from Cisco. Fortunately, compatible RAM is fairly inexpensive on ebay.

RAM Upgrade Procedure

Remove the screws shown below and remove the top cover.



Remove the old RAM

RAM Location

Install the new RAM in the same manner that you would install RAM in a PC.


Top: Original 256 MB RAM stick
Bottom: New 512 MB RAM stick

Before putting the cover back on, go ahead and boot up the ASA and confirm that everything works properly.


The same ASA, now with 512 MB of RAM

If everything looks good, put the cover back on and you're done.