Spreading the word about Solarwinds

Everyone knows monitoring your network is important and there are so many tools out there to get the job done it can be overwhelming.  I have tried several and have found SolarWinds to be my favorite.  I have been using it since around 2007 and love the active support and community.

SolarWinds has a whole set of tools for whatever your needs are from standard network monitoring to configuration management and security event management.  The great thing about all their products is they offer some of the highest quality support I have ever dealt with.  Their support is responsive and they really know the products they support.

If you’re looking at getting something for network management checkout the solutions from SolarWinds.

CentOS & RHEL 6.3 missing libnetfilter_queue

I am no Linux expert so it bugs me when I have to go hunting for packages to meet my requirements. In this case I was trying to setup a new CentOS 6.3 development VM for my project OpenNOP. To build OpenNOP it requires libnetfilter_queue & libnetfilter_queue-devel. These are very popular packages now and most distro have them out the door. Debian, Fedora, openSuSE are the ones I know of to include these packages. Now that would be fine if these were burried away down in some "extra" or "contrib" repo but no they just dont seem to exist. Redhat has not packaged them for RHEL thus CentOS does not have them either.

Well to finally end my frustration I was able to find a repo that contains these packages for me and from a trusted source. ClearOS the gateway appliance based on CentOS has built packages for libnetfilter_queue and libnetfilter_queue-devel.

Just create a new repo and enable them to install the packages. Then disable them when finished. They offer almost all the same packages as the RHEL/CentOS repos so we want to be very careful when using these. Be even more careful when trying to update them.

nano /etc/yum.repos.d/ClearOS-Base.repo # CentOS-Base.repo # # The mirror system uses the connecting IP address of the client and the # update status of each mirror to pick mirrors that are updated to and # geographically close to the client. You should use this for CentOS updates # unless you are manually picking other mirrors. # # If the mirrorlist= does not work for you, as a fall back you can try the # remarked out baseurl= line instead. # # # # Added Custom Repo for libnetfilter_queue # #base - packages by ClearOS [clearos] name=ClearOS-$releasever - Base #mirrorlist=http://mirror.clearfoundation.com/?release=$releasever&arch=$basearch&rep$ #baseurl=http://mirror.centos.org/centos/$releasever/contrib/$basearch/ baseurl=http://mirror.clearfoundation.com/clearos/community/$releasever/os/$basearch/ gpgcheck=0 enabled=0 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6 # # Added Custom Repo for libnetfilter_queue # #addons - packages by ClearOS [addons] name=ClearOS-$releasever - Addons #mirrorlist=http://mirror.clearfoundation.com/?release=$releasever&arch=$basearch&rep$ #baseurl=http://mirror.centos.org/centos/$releasever/contrib/$basearch/ baseurl=http://mirror.clearfoundation.com/clearos/community/$releasever/addons/$basearch/ gpgcheck=0 enabled=0 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6

Grading the quality of your source code

While reviewing the source code for OBS over on GitHub. I stumbled upon a very neat little tool called Code Climate. It reviews your code and provides you with real-time feedback on it's quality. Currently Code Climate only supports Ruby and while that helps me very little the concept is still pretty great. I asked them if they had plans to include other languages for their service. They answered "Yes" but did not have any plans to include C or a link to SVN at this time. If you’re into Ruby and Git it’s a pretty neat tool. I hope they will soon include other languages and help people make better code.

WSUS Wont download updates

Over the years of working with WSUS I have had some clients that just refuse to download and install updates. Eventually manually clearing out the BITS download cache and trying to resync they will eventually work. So I made a little script to do that for me. net stop wuauserv net stop bits REG DELETE "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" /v NextDetectionTime /f del %windir%\SoftwareDistribution\*.* /q/s net start bits net start wuauserv wuauclt /detectnow

New Core Switches

I got some new toys at work and am in the process of getting the first pair installed. We still need to figure out how to free some rack space to place the second pair at our other location. Here is a photo of the first pair of 6506Es we got installed. There is one more vertical cable organizer to install on the left side but the install went pretty smooth. Considering we had to pull out two 23" racks and install the two 19" racks without turning some equipment off. Thats not something I want to do every week.

Here are the specs of the four switches we got:
Cisco Catalyst 6506E
SUP-720-3B
WS-X6748-GE-TX + DFC
WS-CAC-2500W
WS-CAC-2500W

Throttle WSUS durring business hours

Deploying a WSUS server in a corporate network is pretty standard practice but it can negatively impact users when the PCs have to download updates from a remote WSUS server over a WAN connection.

The problem is that WSUS does not throttle the amount of bandwidth available to download the updates it will just use as much of your WAN circuit as possible while the PCs download the required updates.

One solution would be to enable throttling of the WSUS traffic on your routers during business hours. This can be complex to setup if it’s even supported by your routers. An easier option is to enable IIS throttling on your WSUS site in IIS during business hours and disable IIS throttling after closing.

To do this you need to use the script adsutil.vbs in "C:\Inetpub\AdminScripts\" and create a scheduled task to enable/disable the throttle.

1. You need to find the site identifier for your WSUS Administration site. Open the IIS Manager click on "Web Sites". Look at the "Identifier" column of your WSUS Administration site. This is your sites id.

2. Create a new scheduled task to enable the throttle. Enter the site id for your WSUS Administration site from step 1. Pick a time when you want to start the throttle. I picked 6:00AM because I want to make sure it’s enabled before anyone shows up to work. The property to enable the throttle is "MaxBandwidth" and is in bps. If you want to limit WSUS to 512K you must enter "524288" (512 * 1024) the IIS Manager will list this in Kbps.
C:\WINDOWS\system32\cscript.exe "C:\Inetpub\AdminScripts\adsutil.vbs" SET /w3svc/<siteid>/MaxBandwidth 524288

3. Create a second task to disable the throttle. To disable the throttle we set the value to its max not to 0. I scheduled this task to run at 8:00PM after everyone has left.
C:\WINDOWS\system32\cscript.exe "C:\Inetpub\AdminScripts\adsutil.vbs" SET /w3svc/<siteid>/MaxBandwidth 4294967295

In the end you have two scheduled task that look somewhat like this. One that will enable throttling on your WSUS site to prevent it from saturating your WAN during the day and a second to disable it so the PCs can get their updates as fast as possible in the evening.

SCVMM: Mount Shared ISO

I have been using SCVMM R2 for a while but one thing I never got working correctly is the ability to mount an ISO directly from the library share rather than copy the ISO to the VM. There are plenty of guides to help you get that setup. Like here:
http://blogs.technet.com/b/dutchpts/archive/2009/02/09/hyper-v-and-scvmm-2008-mounting-iso-s-from-a-network-share.aspx?wa=wsignin1.0

It never worked for me until I found this other little blog entry by Timothy. http://www.avianwaves.com/Blog/default.aspx?id=187&t=SCVMM-Mounting-Shared-ISOs-From-The-Lib

Basically if your SCVMM library is on the same server as the Hyper-V host you just need to add the NT AUTHORITY\Network Service user account to both your library Share and NTFS permissions.