Deploy and Configure the Derdack Enterprise Alert Mobile App for iOS through Air-Watch

Derdack Enterprise Alert is a software suite that provides insight into your enterprise operations allowing for super fast and effective incident response and resolution.

Air-Watch is a global leader for Enterprise Mobility Management (EMM) which allows for seamless integration across enterprise systems by delivering unified endpoint management, end-to-end security from devices to data centers.

As enterprise mobility standards are adopted, software developers have additional tools at their disposal to allow a more modular customization process for their product.  Through the use of a set of vendor supplied options, and a community that neutralizes the development playing field, enterprises can now leverage their existing EMM investments to improve the end user experience during mobility deployments.

Derdack has allowed their customers to customize a property on their iOS app to pre-configure a server URL, negating a need IT for provide it, and the end user to enter it.  This aids in reducing help desk calls for human input error, and streamlines the setup process.

The following steps will show you how to add the Derdack Enterprise Alert mobile app to your Air-Watch instance, and configure it with a DefaultServerURL configuration key:

  1. Login to your Air-Watch instance with a user who has rights to manage public applications.
  2. Navigate to Apps & Books > Applications > List View > Public> Add Application

  3. In the Add Application window, select Apple iOS as your Platform, Search App Store as your Source, enter Derdack into the Name field and click Next.

  4. Click Select to choose the Derdack Enterprise Alert app.

  5. In the Add Application window, select the Deployment tab.
    a.  Select Send Application Configuration.
      b.  Enter the following information:
    Configuration Key = DefaultServerURL
              Value Type = String
              Configuration Value = Your EA Server ie, https://ea.company.com
      c.  Click Save and Publish.

  6.  Install Derdack Enterprise Alert on your mobile device from your EMM, and launch the the App.

    The Connect To field will be pre-configured with the DefaultServerURL you specified in step 5, and if you have connectivity to your alert system, will be presented with a login screen.

Posted in Air-Watch

Horizon View Events Database Creation Script

I built this script out to create a Horizon View Composer database along with the schemas and permissions for my lab.

use [master]

go

CREATE DATABASE [HZNViewEvents] ON PRIMARY

(NAME = N'HZNViewEvents', FILENAME = N'C:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\DATA\HZNViewEvents.mdf', SIZE = 250MB, FILEGROWTH = 10% )

LOG ON

(NAME = N'HZNViewEvents_log', FILENAME = N'C:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\DATA\HZNViewEvents.ldf', SIZE = 100MB, FILEGROWTH = 10%)

COLLATE SQL_Latin1_General_CP1_CI_AS

go

 

 

use HZNViewEvents

go

CREATE LOGIN [hznveventuser] WITH PASSWORD=N'!2345AbcDE', DEFAULT_DATABASE=HZNViewEvents, DEFAULT_LANGUAGE=us_english, CHECK_POLICY=OFF

go

CREATE USER [hznveventuser] for LOGIN [hznveventuser]

go

use MSDB

go

CREATE USER [hznveventuser] for LOGIN [hznveventuser]

go

 

 

use HZNViewEvents

go

sp_addrolemember @rolename = 'db_owner', @membername = 'hznveventuser'

go

use MSDB

go

sp_addrolemember @rolename = 'db_owner', @membername = 'hznveventuser'

go

 

 

CREATE SCHEMA [HZNVEVENTS]

go

ALTER USER [hznveventuser] WITH DEFAULT_SCHEMA =[HZNVEVENTS_ADMIN_ROLE]

 

if not exists (SELECT name FROM sysusers WHERE issqlrole=1 AND name = 'HZNVEVENTS_ADMIN_ROLE')

CREATE ROLE HZNVEVENTS_ADMIN_ROLE;

GRANT ALTER ON SCHEMA :: [HZNVEVENTS] to HZNVEVENTS_ADMIN_ROLE;

GRANT REFERENCES ON SCHEMA :: [HZNVEVENTS] to HZNVEVENTS_ADMIN_ROLE;

GRANT INSERT ON SCHEMA :: [HZNVEVENTS] to HZNVEVENTS_ADMIN_ROLE;

 

GRANT CREATE TABLE to HZNVEVENTS_ADMIN_ROLE;

GRANT CREATE VIEW to HZNVEVENTS_ADMIN_ROLE;

GRANT CREATE Procedure to HZNVEVENTS_ADMIN_ROLE;

 

if not exists (SELECT name FROM sysusers WHERE issqlrole=1 AND name = 'HZNVEVENTS_USER_ROLE')

CREATE ROLE HZNVEVENTS_USER_ROLE

go

GRANT SELECT ON SCHEMA ::  [HZNVEVENTS] to HZNVEVENTS_USER_ROLE

go

GRANT INSERT ON SCHEMA ::  [HZNVEVENTS] to HZNVEVENTS_USER_ROLE

go

GRANT DELETE ON SCHEMA ::  [HZNVEVENTS] to HZNVEVENTS_USER_ROLE

go

GRANT UPDATE ON SCHEMA ::  [HZNVEVENTS] to HZNVEVENTS_USER_ROLE

go

GRANT EXECUTE ON SCHEMA :: [HZNVEVENTS] to HZNVEVENTS_USER_ROLE

go

sp_addrolemember HZNVEVENTS_USER_ROLE , [hznveventuser]

go

sp_addrolemember HZNVEVENTS_ADMIN_ROLE , [hznveventuser]

go

use MSDB

go

if not exists (SELECT name FROM sysusers WHERE issqlrole=1 AND name = 'HZNVEVENTS_ADMIN_ROLE')

CREATE ROLE HZNVEVENTS_ADMIN_ROLE;

go

GRANT SELECT on msdb.dbo.syscategories to HZNVEVENTS_ADMIN_ROLE

go

GRANT SELECT on msdb.dbo.sysjobsteps to HZNVEVENTS_ADMIN_ROLE

go

GRANT SELECT ON msdb.dbo.sysjobs to HZNVEVENTS_ADMIN_ROLE

go

GRANT SELECT ON msdb.dbo.sysjobs_view to HZNVEVENTS_ADMIN_ROLE

go

GRANT EXECUTE ON msdb.dbo.sp_add_job TO HZNVEVENTS_ADMIN_ROLE

go

GRANT EXECUTE ON msdb.dbo.sp_delete_job TO HZNVEVENTS_ADMIN_ROLE

go

GRANT EXECUTE ON msdb.dbo.sp_add_jobstep TO HZNVEVENTS_ADMIN_ROLE

go

GRANT EXECUTE ON msdb.dbo.sp_update_job TO HZNVEVENTS_ADMIN_ROLE

go

GRANT EXECUTE ON msdb.dbo.sp_add_jobserver TO HZNVEVENTS_ADMIN_ROLE

go

GRANT EXECUTE ON msdb.dbo.sp_add_jobschedule TO HZNVEVENTS_ADMIN_ROLE

go

GRANT EXECUTE ON msdb.dbo.sp_add_category TO HZNVEVENTS_ADMIN_ROLE

go

sp_addrolemember HZNVEVENTS_ADMIN_ROLE , [hznveventuser]

go

use master

go

grant VIEW SERVER STATE to [hznveventuser]

go

GRANT VIEW ANY DEFINITION TO [hznveventuser]

go
Posted in View, Vmware

Horizon View Composer Database Creation Script

I built this script out to create a Horizon View Composer database along with the schemas and permissions for my lab.

use [master]
 go
 CREATE DATABASE [HZNViewComposer] ON PRIMARY
 (NAME = N'HZNViewComposer', FILENAME = N'C:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\DATA\HZNViewComposer.mdf', SIZE = 250MB, FILEGROWTH = 10% )
 LOG ON
 (NAME = N'HZNViewComposer_log', FILENAME = N'C:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\DATA\HZNViewComposer.ldf', SIZE = 100MB, FILEGROWTH = 10%)
 COLLATE SQL_Latin1_General_CP1_CI_AS
 go
 use HZNViewComposer
 go
 CREATE LOGIN [hznvcmpuser] WITH PASSWORD=N'P@ssword', DEFAULT_DATABASE=HZNViewComposer, DEFAULT_LANGUAGE=us_english, CHECK_POLICY=OFF
 go
 CREATE USER [hznvcmpuser] for LOGIN [hznvcmpuser]
 go
 use MSDB
 go
 CREATE USER [hznvcmpuser] for LOGIN [hznvcmpuser]
 go
 use HZNViewComposer
 go
 sp_addrolemember @rolename = 'db_owner', @membername = 'hznvcmpuser'
 go
 use MSDB
 go
 sp_addrolemember @rolename = 'db_owner', @membername = 'hznvcmpuser'
 go
 CREATE SCHEMA [HZNVCMP]
 go
 ALTER USER [hznvcmpuser] WITH DEFAULT_SCHEMA =[HZNVCMP_ADMIN_ROLE]</pre>
if not exists (SELECT name FROM sysusers WHERE issqlrole=1 AND name = 'HZNVCMP_ADMIN_ROLE')
CREATE ROLE HZNVCMP_ADMIN_ROLE;
GRANT ALTER ON SCHEMA :: [HZNVCMP] to HZNVCMP_ADMIN_ROLE;
GRANT REFERENCES ON SCHEMA :: [HZNVCMP] to HZNVCMP_ADMIN_ROLE;
GRANT INSERT ON SCHEMA :: [HZNVCMP] to HZNVCMP_ADMIN_ROLE;

GRANT CREATE TABLE to HZNVCMP_ADMIN_ROLE;
GRANT CREATE VIEW to HZNVCMP_ADMIN_ROLE;
GRANT CREATE Procedure to HZNVCMP_ADMIN_ROLE;

if not exists (SELECT name FROM sysusers WHERE issqlrole=1 AND name = 'HZNVCMP_USER_ROLE')
CREATE ROLE HZNVCMP_USER_ROLE
go
GRANT SELECT ON SCHEMA :: [HZNVCMP] to HZNVCMP_USER_ROLE
go
GRANT INSERT ON SCHEMA :: [HZNVCMP] to HZNVCMP_USER_ROLE
go
GRANT DELETE ON SCHEMA :: [HZNVCMP] to HZNVCMP_USER_ROLE
go
GRANT UPDATE ON SCHEMA :: [HZNVCMP] to HZNVCMP_USER_ROLE
go
GRANT EXECUTE ON SCHEMA :: [HZNVCMP] to HZNVCMP_USER_ROLE
go
sp_addrolemember HZNVCMP_USER_ROLE , [HZNVCMPuser]
go
sp_addrolemember HZNVCMP_ADMIN_ROLE , [HZNVCMPuser]
go
use MSDB
go
if not exists (SELECT name FROM sysusers WHERE issqlrole=1 AND name = 'HZNVCMP_ADMIN_ROLE')
CREATE ROLE HZNVCMP_ADMIN_ROLE;
go
GRANT SELECT on msdb.dbo.syscategories to HZNVCMP_ADMIN_ROLE
go
GRANT SELECT on msdb.dbo.sysjobsteps to HZNVCMP_ADMIN_ROLE
go
GRANT SELECT ON msdb.dbo.sysjobs to HZNVCMP_ADMIN_ROLE
go
GRANT SELECT ON msdb.dbo.sysjobs_view to HZNVCMP_ADMIN_ROLE
go
GRANT EXECUTE ON msdb.dbo.sp_add_job TO HZNVCMP_ADMIN_ROLE
go
GRANT EXECUTE ON msdb.dbo.sp_delete_job TO HZNVCMP_ADMIN_ROLE
go
GRANT EXECUTE ON msdb.dbo.sp_add_jobstep TO HZNVCMP_ADMIN_ROLE
go
GRANT EXECUTE ON msdb.dbo.sp_update_job TO HZNVCMP_ADMIN_ROLE
go
GRANT EXECUTE ON msdb.dbo.sp_add_jobserver TO HZNVCMP_ADMIN_ROLE
go
GRANT EXECUTE ON msdb.dbo.sp_add_jobschedule TO HZNVCMP_ADMIN_ROLE
go
GRANT EXECUTE ON msdb.dbo.sp_add_category TO HZNVCMP_ADMIN_ROLE
go
sp_addrolemember HZNVCMP_ADMIN_ROLE , [hznvcmpuser]
go
use master
go
grant VIEW SERVER STATE to [hznvcmpuser]
go
GRANT VIEW ANY DEFINITION TO [hznvcmpuser]
go
Posted in View, Vmware

Convert a Mac OS X Mavericks Download into a bootable ISO for VMware Fusion/Workstation/ESXi

# Mount the installer image

hdiutil attach /Applications/Install\ OS\ X\ Mavericks.app/Contents/SharedSupport/InstallESD.dmg -noverify -nobrowse -mountpoint /Volumes/install_app

# Convert the boot image to a sparse bundle
hdiutil convert /Volumes/install_app/BaseSystem.dmg -format UDSP -o /tmp/Mavericks

# Increase the sparse bundle capacity to accommodate the packages
hdiutil resize -size 8g /tmp/Mavericks.sparseimage

# Mount the sparse bundle for package addition
hdiutil attach /tmp/Mavericks.sparseimage -noverify -nobrowse -mountpoint /Volumes/install_build

# Remove Package link and replace with actual files
rm /Volumes/install_build/System/Installation/Packages
cp -rp /Volumes/install_app/Packages /Volumes/install_build/System/Installation/

# Unmount the installer image
hdiutil detach /Volumes/install_app

# Unmount the sparse bundle
hdiutil detach /Volumes/install_build

# Resize the partition in the sparse bundle to remove any free space
hdiutil resize -size `hdiutil resize -limits /tmp/Mavericks.sparseimage | tail -n 1 | awk ‘{ print $1 }’`b /tmp/Mavericks.sparseimage

# Convert the sparse bundle to ISO/CD master
hdiutil convert /tmp/Mavericks.sparseimage -format UDTO -o /tmp/Mavericks

# Remove the sparse bundle
rm /tmp/Mavericks.sparseimage

# Rename the ISO and move it to the desktop
mv /tmp/Mavericks.cdr ~/Desktop/Mavericks.iso

Posted in Mac, Vmware

Putting a PC on a Diet

Where I work, we have a fairly large VMWare View deployment, primarily for publicly facing devices such as library patron kiosks, digital signage, and computing labs; we mostly use Zero Clients for the front end.  I found that we were deploying more and more View desktops and didn’t have enough Zero Clients to fill the need, so we turned to looking for a temporary solution.  I scoured the web looking for options, I figured, “Why reinvent the wheel?”  There is some nice software out there on the market to turn a physical pc into a thin client, but I really didn’t want to spend any more money when I was going to replace them with Zero Clients eventually, so I looked at thinning down desktops that were already in place.  With a virtual desktop, one of our biggest challenges of deployment was with user acceptance.  To have a user grasp the concept that their desktop really isn’t physically in front of them and is in a datacenter across town wasn’t on my agenda, so this setup helps bridge that gap.  The end user still sees the PC that they have been accustomed to, its big, bulky, hot, loud, and when they turn it on, it works with expected results but this case much faster.

I found a great blog post on the web that offered up a great solution to our project.  By utilizing Windows 7 ThinPC, which we had available to use through our Software Assurance Agreement, and some scripting, coupled with some secret sauce, this project moved forward very quickly.  I felt that to make the experience for our end users more what they are used to, I needed to tweek the view command line scripts that were initially provide.  By design of the author, the end user was required to manually connect with the client, a step I feared my end users would balk at.  It’s change; change is bad for productivity and the help desk unless implemented properly, anything we can do ease the blow.  I had two difference scenarios where I would need to have two different launch scripts.  The first, a shared computer lab where the view clients were provisioned to multiple pools, the second a pure Kiosk that could be entitled to a floating or dedicated pool based on the specific need.

Scenario 1 – Computing Lab with multiple View Pools entitled:

“C:\Program Files\VMware\VMware View\Client\bin\wswc.exe” -desktopLayout fullscreen -desktopProtocol PCOIP -connectUSBonStartup True -connectUSBOnInsert True -domain YOURDOMAIN -username YOURUSERNAME -password YOURPASSWORD -serverURL YOURCONNECTIONSERVERFQDN

The user that you define in the in the command will need to be entitled to the pools in your Admin Portal, if you assign the user to multiple pools, you will get the following expected result:
IMG_0791

The user need only to choose the desktop they wish to use, if they hit exit or log out of a desktop, it comes right back to this screen.  I found that if you didn’t include all of the options for name, password, and domain, that it would not auto-connect to the View Connection Server, requiring extra input from the end user.

 Scenario 2 – Kiosk with a single View Pool entitled:

“C:\Program Files\VMware\VMware View\Client\bin\wswc.exe” -unattend -serverURL YOURCONNECTIONSERVERFQDN

 By changing the launchview script to have the above command, you can utilize VMWare View’s Kiosk Mode, which in my mind is an under utilized feature.  In a previous post I outlined a script that I threw together that helped facilitate the creation of Kiosk Accounts on a View Connection Server; don’t forget to prepare your systems first.  You will need to entitle the account that is created with the scripts to a single pool to which the device has access to.   We have a few different situations in which floating or dedicated pools are being used in conjunction with disabling SSO to achieve the desired result.  Here are a few examples:

  1. A computing lab or user workstation with a dedicated pool and SSO disabled
    This would allow you to have a one to one relationship with a physical device and View desktop
  2. A computing lab with a floating pool and SSO disabled
    This would allow you have a better transition time between log offs in a busy environment; coupled with a refresh on logoff, provide a clean desktop every time someone sits down to the workstation.
  3. A computing lab or public computer with a floating pool and SSO enabled
    If logins were not of concern, such as walkup kiosks that are always on, elementary school computer labs where students may not have a login this is a good choice.  The user that the desktop will login as is the kiosk user defined by the scripts, so plan accordingly for network security should you go this route.
  4. A digital sign with a dedicated or floating pool and SSO enabled.
    This would be a special use case where there wouldn’t be an end user sitting in front of the device, and it’s used to launch some soft of signage or powerpoint view on login of the View Desktop.

As you can see, putting a PC on a diet and thinning it down has it’s benefits, and I hope this provides some help should someone need to go down that route.

Posted in View, Vmware

Prepare to Mass Deploy VMWare Horizon View Client For Mac (with Composer)

The VMWare Horizon client is an easy install in itself as it’s a drag and drop installer, but here are times where as an administrator you’d like to push out the connection settings and other little tweaks to fit your environment.  In our Company we use the Casper Suite to manage our Apple Devices, it truly is a nice piece of software.  In the Casper Suite, there is a nice packaging utility called Composer, and while it can accomplish the same functionality of Apple’s PackageMaker, it has a number of nice additions and a simpler creation procedure.

Download the view client by visiting your portal and clicking on the appropriate link, which jumps you to VMWare’s download site. Once the .dmg file download has completed, drag the installer to your Applications folder.
Screen Shot 2013-05-31 at 7.54.18 AM

Once the copy to your Application folder completes, open the client, and enter in your connection information just as you would if you were setting it up for a singular device.

Screen Shot 2013-05-31 at 8.01.28 AM

This is where the road splits, you have two choices.  You can either call it a day and prepare for packaging or, you can send out settings that include the usb arbitration and the ability for them to startup on login.  For the purpose of this quick tip i’ll go the route of settings up the usb, but will show the differences at the end.

Go ahead and login to your connection server.

Screen Shot 2013-05-31 at 8.01.35 AM

Once connected, start the desktop USB Services.

Screen Shot 2013-05-31 at 8.02.52 AM

 

Screen Shot 2013-05-31 at 8.03.01 AM

Once the USB services have started, it will prompt your for a local admin password on the device.  If you’re planning on putting documentation together for your end users, make sure they have local admin rights on the mac.  You can then preselect the settings that you wish your end users to be pre populated with.

Screen Shot 2013-05-31 at 8.03.24 AM

 

Something to note:  The end user will need to start USB services on their device, the purpose of these steps is to only pre populate the settings above into the plist file that you’ll see below.

Now that your VMWare Horizon View Client has been installed and configured, lets take a look at the preference, or plist file that was generated on the local machine.  Plist files are located in two places on the machine, the ones we’re interested are located in the local users home folder, ~/Library/Preferences or /Users/username/Library/Preferences.

If you’re running Mac OSX 10.7 or higher, the User’s Library folder is now hidden, but you can fix that by running the following command from the Terminal:  chflags nohidden ~/Library

If you decided to do the USB services settings in your client, here is what your plist will look like:

Screen Shot 2013-05-31 at 8.04.28 AM

If you decided to skip the USB service configuration and leave the onus on the end user, your plist file is much smaller as shown here:

Screen Shot 2013-05-31 at 8.04.25 AM

I understand that there a number of different ways to deploy custom software packages on the Mac, there are some really nice products out there, but seeing as we use the Casper Suite in house, lets go through the steps to prepare this package for deployment with their software.  Once you have your application and plist files the way you want, go ahead and fire up Composer and drag the VMWare Horizon View Client from the Applications folder, and your modified plist file from the ~/Library/Preferences folder into the window; you should see something like the following:
You’ll notice that it creates the folder structure for you, this is a nice little time saver over creating the package root with Apple’s Packagemaker.

Screen Shot 2013-05-31 at 10.30.56 AM

You might be asking yourself, “Self, it looks like the preference file will only be put into the current users home folder, how can this be published to all users?”  Good question, but first here is the Packagemaker way.  You would need to create a post flight script that reads all the current users on the system you’re deploying, put that into an array, and then copy the preference file into each of their Library/Preferences folders, then also copy it to the user template for all new users.  While we’ve been doing this for years with the Apple approach, the Casper Suite, can do this systematically for you with a checkbox in the Casper Server, neat!

You’ll need to build this application as a DMG file to be able to fill the user preferences and templates, and save it someplace that you can easily find, I typically throw it on the desktop.

This is where I’m going to leave you, I know it’s a cliff hanger you’re saying, but if I was to show you step by step on how to upload the DMG file to a JSS, it would be a long drawn out post.  Instead, check out Casper Quick Start Guide on page 114, they do the process more justice than I could.  If you have additional questions, or would like to know more about the advanced functions of Composer, start reading on page 68 of the Casper Admin Guide.

 

Posted in View, Vmware

VMWare View Kiosk Mode Admin Script

I had started to deploy some repurposed PC’s for thin clients using Windows ThinPC while we wait to place an order of Tera2 devices.  While after configuring a few Kiosk clients I thought I would save myself some time in the long run by creating a very simple batch file to issue the vdmadmin.exe commands in the correct format that fit my needs.  The following is a very crude script that will allow the Addition, Removal, and Listing of Kiosk clients for your connection server(s). Please keep in mind, the vdmadmin.exe command has a ton of other commands, and the purpose of this is to save some time for a few Admins and Helpdesk staff members to keep the syntax correct when running these commands. I plan to do a powershell version very shortly, but given the need to implement, this worked out fine.


@echo off
ECHO VMWare View Kiosk Admin
ECHO _______________________________
ECHO Please make a selection
ECHO (A)Add - (R)Remove - (L)List
ECHO _______________________________
set /p choice=Enter [A/R/L]: %=%

if %choice%==A GOTO :ADD
if %choice%==R goto :REMOVE
if %choice%==L goto :LIST
if %choice%==a GOTO :ADD
if %choice%==r goto :REMOVE
if %choice%==l goto :LIST
:ADD
ECHO Add Kiosk Devices
ECHO _______________________________
set /p hwadd=Enter Mac Address: %=%
set /p desc=Enter A Description: %=%
rem set /p group=Enter The Associated Group: %=%
ECHO _______________________________
ECHO Harware Address: %hwadd%
Echo Description: %desc%
rem ECHO Group: %group%
ECHO _______________________________
PAUSE
"\\172.16.30.172\C$\Program Files\VMware\VMware View\Server\tools\bin\vdmadmin.exe" -Q -clientauth -add -domain portlandschools.ad -clientid %hwadd% -group %group% -description %desc%
PAUSE

:REMOVE
set /p hwadd=Enter Mac Address: %=%
ECHO _______________________________
ECHO YOU ARE ABOUT TO REMOVE THIS CLIENT ID
ECHO Harware Address: %hwadd%
rem Echo Description: %desc%
rem ECHO Group: %group%
ECHO _______________________________
PAUSE
"C:\Program Files\VMware\VMware View\Server\tools\bin\vdmadmin.exe" -Q -clientauth -remove -domain portlandschools.ad -clientid %hwadd% -force
PAUSE

:LIST
"\\172.16.30.172\C$\Program Files\VMware\VMware View\Server\tools\bin\vdmadmin.exe" -Q -clientauth -list
PAUSE

Posted in View, Vmware

vCenter ADAM_VMwareVCMSDS event logging every 1 minute

First off, if you are using VMWare to virtualize a datacenter you need to vCheck if you’re not rolling your own solution.  If I had a ton of fingers, i’d be using them to count how many times it’s found issues that needed to be resolved within my vCenter; it’s a priceless tool.  That being said, vCheck found this little bugger for me in the event logs that I thought was resolved in vSphere 5.0, but as I converted to 5.1 it reared it’s head again, thankfully it’s a quick and easy fix.

Active Directory Web Services encountered an error while reading the settings for the specified Active Directory Lightweight Directory Services instance. Active Directory Web Services will retry this operation periodically. In the mean time, this instance will be ignored. Instance name: ADAM_VMwareVCMSDS

A few years ago I came across this article which outlined the fix which was simple.

Open the registry editor and browse to:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\ADAM_VMwareVCMSDS\Parameters

There is an existing string that is called “Port SSL” delete it.  Create a new DWORD named “Port SSL” and set it’s value to 636.

You then need to restart the services that reference these entries which are VMwareVCMSDS and the Active Directory Web Services.  Im a big fan of restarting the whole server for this change, but it’s not necessary.

Posted in Vmware

Creating Your Own Time Machine….Server

Dr. Who, Marty McFly, and Steve Jobs all had the same vision, Time Travel.  While a Tardis, a Delorean. and a Steam Engine seem like the most logical choice for this task, im going to show you that with a basic computer, and some Linux magic, you too can Travel Time.

Mac OS X Leopard introduced a great feature call Time Machine, which gave end users the ability to keep a fresh backup of their computer with the use an external hard drive.  As the operating system and related peripherals evolve, the ability to backup your systems to a network drive became increasing easier, for a price.  While I am one to say that i’ve been drinking the Apple Kool-Aid, I can’t bring myself to purchase an expensive Apple branded Time Capsule or wireless access point to backup my computers through my local network; enter Linux.

I don’t want to dive into a Linux Distro conversation, but I used to be a Fedora man.  Their use of bleeding edge kernel updates and having to constantly recompile drivers was right in my wheelhouse, but time consuming.  I prefer CentOS, and for this paper, is the Distro of choice.

  1. Download and install a minimal server of CentOS (there are a number of tutorials on the web that can walk you through this.)
  2. The following are some setup items that I always do when setting up a CentOS server:
    Disable the firewall, you can enable it again later.

    Disable SELinux

    • vi /etc/sysconfig/selinux
    • # This file controls the state of SELinux on the system.
      # SELINUX= can take one of these three values:
      #               enforcing – SELinux security policy is enforced.
      #               permissive – SELinux prints warnings instead of enforcing.
      #               disabled – SELinux is fully disabled.
      SELINUX=disabled # change
      # SELINUXTYPE= type of policy in use. Possible values are:
      #               targeted – Only targeted network daemons are protected.
      #               strict – Full SELinux protection.
      SELINUXTYPE=targeted
    • hit esc  :  wq   enter  to exit vi

    Setup the Networking
    For this setup im using DHCP, if you want a static IP, you’ll need to set it up.

    • vi /etc/sysconfig/network-scripts/ifcfg-eth0
    • Change ONBOOT=no to yes
    • hit esc  :  wq   enter  to exit vi
    • /etc/rc.d/init.d/network restart
    • chkconfig network on

    Disable IPv6 if you don’t need it

    • echo “install ipv6 /bin/true” > /etc/modprobe.d/disable-ipv6.conf
    • reboot

    Setup Repos

    • yum -y install yum-plugin-fastestmirror
    • yum -y install http://epel.mirror.freedomvoice.com/6/x86_64/epel-release-6-8.noarch.rpm

    Install Netatalk

    • yum -y install netatalk

    Install Avahi

    • yum -y install avahi

    Create a User

    • useradd geoffrey
    • passwd geoffrey

    Configure Netatalk

    • vi /etc/netatalk/afpd.conf
    • Add this line to the bottom of the file
      – -transall -uamlist uams_randnum.so,uams_dhx2.so -nosavepassword -advertise_ssh
    • hit esc  :  wq   enter  to exit vi
    • vi /etc/netatalk/AppleVolumes.default
    • Add this to the bottom of the file (for each user you want to allow, create a new line substituting their home folder path and allow: statement.  You could create a group of users, and use the group name in the allow: statement and give permissions to a shared location on the server, but I find this more secure)
      /home/geoffrey TimeMachine allow:geoffrey options:usedots,upriv,tm cnidscheme:dbd volsizelimit:100000

    Configure the advertisement with Avahi

    • vi /etc/avahi/services/afpd.service
    • Add this information into the file:
      <?xml version=”1.0″ standalone=’no’?><!–*-nxml-*–>
      <!DOCTYPE service-group SYSTEM “avahi-service.dtd”>
      <service-group>
      <name replace-wildcards=”yes”>%h</name>
      <service>
      <type>_afpovertcp._tcp</type>
      <port>548</port>
      </service>
      <service>
      <type>_device-info._tcp</type>
      <port>0</port>
      <txt-record>model=Xserve</txt-record>
      </service>
      </service-group>
    • hit esc  :  wq   enter  to exit vi

    Make Netatalk and Avahi start at Boot Time

    • vi /etc/rc.local
    • Add this information to the file:
      sleep 15
      /etc/init.d/avahi-daemon restart
      /etc/init.d/netatalk restart
    • hit esc  :  wq   enter  to exit vi

    Setup Your Mac’s Time Machine

    • Navigate to System Preferences>Time Machine
    • Click on Select Disk, you should see your Time Machine volume presented to you.  Select your volume, then click “Use Disk.”
      TimeMachine
    • Keep in mind your first backup will take a considerable amount of time, with subsequent backups only taking the delta changes.
    • Once your backup starts, your Mac will mount your network volume, and begin backing up.
      TimeMachine2

As you can see, my cat has been skinned, my Mac is being backed up, and I didn’t have to use a flux capacitor to alter my future.

Posted in Mac, Tech

VMWare View Linux Client & The Phantom Pixel

I took delivery of some new thin clients and 20 in monitors that I quickly hooked up to my VMWare View connection server, and noticed something strange, a dead pixel.  I went through all the troubleshooting of replacing cables, monitors, thin clients, and even changed view Desktops, the dead pixel was still there.  The funny thing was, after troubleshooting, I realized it wasn’t a hardware problem, the pixel was moving, I couldn’t believe I didn’t pick up on this before.  I phoned the hardware vendor, they couldn’t replicate the issue, of course, so I turned to VMWare, it’s a bug in their latest linux client.  Thankfully this phantom pixel is on the very top of the screen, almost off the screen, so by taking a black sharpie, I used a low-tech solution to fix a high tech problem.  Below is a short video of the phantom pixel that was driving a few of my users crazy.

[jwplayer mediaid=”42″]

Posted in Tech, View, Vmware