Network booting without changing your existing infrastructure

James Cort 16 Comments

There’s lots of instructions out there explaining how to set up PXE booting – but most of them assume you’re happy to mess with a perfectly good DHCP configuration. There’s lots of reasons you might not want to do this, but that doesn’t mean you have to forego the convenience of just hitting a key at boot and booting PCs or servers from the network. In this tutorial, we’ll be looking at setting up network booting from a Linux box without touching your existing DHCP infrastructure. This will work even if you’re using something else entirely for DHCP.

These instructions were originally written for Debian, though they should work equally well with minor tweaks on Ubuntu.

First, you want to install dnsmasq:

apt-get install dnsmasq

(use sudo if you’re not logged in as root!)

Once you’ve done that, you need to configure dnsmasq to act as a Proxy DHCP server. I’ve put this in a separate configuration file in /etc/dnsmasq.d/pxe.conf:

# Put your own DHCP range in here.

dhcp-range=192.168.42.0,proxy
pxe-prompt="Press F8 for menu", 20
pxe-service=x86PC, "Boot from local disk"
pxe-service=x86PC, "Install Linux", pxelinux
enable-tftp

# This can be anywhere you like.

tftp-root=/srv/tftp
tftp-secure

Make sure /srv/tftp exists:

mkdir -p /srv/tftp

That’s the hard work out of the way. All we need now is something that can be served up via tftp, and the nice people behind Debian provide that for us:

cd /srv/tftp
wget ftp://ftp.debian.org/debian/dists/stable/main/installer-i386/current/images/netboot/netboot.tar.gz
tar zxf netboot.tar.gz
rm netboot.tar.gz
chown -R dnsmasq /srv/tftp

Restart dnsmasq, check it’s started up using ps:

service dnsmasq restart
ps -ef | grep dnsmasq

Now you can test. Boot a PC from the network; if it all goes according to plan, you should see something like this:

Press F8 as per the instructions and you’ll be prompted to choose between booting from the local disk or installing Linux. Choose install Linux and you’ll drop into the Debian installer menu:

From here, you can install Debian as per usual.

Read More

Reset your ASA5505 Password

Josh Reichardt 7 Comments

If you have forgotten the password to access your ASA configuration or need to perform maintenance on an ASA device but do not have administrative access, this process will guide you through the steps that are necessary to recover the password to administer it.  You must be physically connected to the device for this method to work.  In my case, I am directly consoled to the device through a serial cable connection and using PuTTY to reach into the device itself.

  • Reboot the device.  While it is powering up, press the escape key to enter ROMMON.
  • To tell the device to ignore its normal configuration when the device is reloaded enter the following while in ROMMON:

rommon #0> confreg

You will see the current configuration register (normally 0x00000001) and will be prompted to to change its value.  Be sure to make note of the register value so you can change it back later, when you are finished making changes.

  • Enter Y at the “Do you wish to change this configuration?” prompt to change the register value.
  • Accept the defaults (you don’t not need to specify Y/N, the default is already picked for you, simply hit enter to accept) for all settings except the “disable system configuration?” setting, select Y at this prompt as depicted below.

  • Reload the ASA to have it pick up the changes you just made.

rommon #0> boot

You should now be able to access the ASA by typing “en” to get to enable mode and then “conf t” to enter global config mode.  From here you can paste in the config file you would like to use or simply change the password so you can administer the device as you normally would.

hostname(config)# password password
hostname(config)# enable password password
hostname(config)# username name password password

Finally, to exit out of ROMMON and have the ASA boot with its normal startup configuration, enter “confreg” value, where value is the previously noted registry value we recorded, 0x1.  If you have trouble finding the usage or syntax of this command type “help” to well, help you.

rommon #1> confreg 0x1

Followed by a reload, as pictured below.

The ASA should boot up normally now and you should be able to go about your business without any further complications.  Let me know if you know of any easier or better ways of resetting passwords for ASA devices.

Resources:
http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/trouble.html#wp1049302

Read More

Protip August: Quickly Determine Linux System Info

Josh Reichardt 59 Comments

If you have ever found yourself in a situation where you are looking at a foreign Linux OS you know how handy it is to know exactly what type of system you are dealing with.  Practically all modern flavors of Linux offer the following commands to quickly determine important information about a particular system.

lsb_release -a

This command is handy for obvious reasons.  It quickly tells you what OS version you are looking at.  As you can see it looks like my OS is a little bit out of date. 🙂

uname -a

This one is handy for quickly obtaining kernel information as well as generic OS info (OS, platform, etc).

Update (11/1/12)

I just found another way to gather the OS version quickly from the command line using the venerable cat command.  The syntax for the command is as follows.

cat /etc/issue

Sweet!  This is handy if you are only concerned with looking up the OS and version you are working.

 

Read More

Adjust Exchange 2010 Mailbox Quotas

Josh Reichardt 11 Comments

I just wanted to make a note of this because it is easy to do via the Exchange Management Shell but can become problematic through the EMC, especially with a large number of mailbox databases.  Essentially what we are looking to do here is change the default warning and prohibit limits that Exchange uses for user mailboxes.

The following command will change the warning size to 7GB and prohibit users the ability to send messages at 8GB.

Get-MailboxDatabase | Set-MailboxDatabase -issuewarningquota 7gb -prohibitsendquota 8gb

And we can double check our handy work through the EMC to make sure that we have these properties adjusted properly.

Everything looks good.  I should note that there are a number of other really handy things that can be changed via the set-mailboxdatabse cmdlet and the ability to pipe it through get-mailboxdatabase is fairly straight forward, making global changes to your Exchange environment such as this one much quicker and easier to do. There is some good reading here:

http://technet.microsoft.com/en-us/library/bb123971.aspx
http://technet.microsoft.com/en-us/library/dd297937.aspx

Read More

Use Windows Backup to Truncate Logs in Exchange 2010 with DAG Configuration

Josh Reichardt 3 Comments

I ran into a few minor glitches that weren’t mentioned in other posts when using this method in my own environment.  So first I will mention what was different for me, then I will be going over the full set of instructions to use this method.  My goal for this post is to be as thorough and unambiguous as possible so there are no questions after reading these instructions.

First, it wasn’t readily apparent what specifically needed to be backed up in the pieces I read.  Though, it is quite possible I managed to misread the sections that described them.  After some experimentation in our test network I learned that all volumes containing databases and log files need to be backed up.  This means that if you have separate drives for logs and databases, both of them need to get backed up, I would have saved a lot of time had I known this beforehand.  And, as far as I can tell, both the mailbxes and logs have to be backed up for this method to work, not just one or the other.  So just to reiterate this with an example, you have to back both the (L:) and (M:) volumes up.

The other thing that was mentioned in other posts but wasn’t clear cut was the need to change the registry key to disable VSS trasnport replication.  It is necessary for Exchange environments using a DAG configuration with both active and passive databases, if this change isn’t the case the backup may work but your logs won’t get truncated.  Finally, ensure that you have the Microsof Exchange Server Extension for Windows Backup service started.

  • Log on to the server by using an account that has local administrator access, and open regedit
  • Navigate to HKEY_LOCAL_MACHINE\Software\Microsoft\ExchangeServer\v14\Replay\Parameters.
  • Add a new DWORD value named EnableVSSWriter, and set its value to 0.
  • Exit Registry Editor and then restart the Microsoft Exchange Replication service.

Okay, now we need to enable the Windows Backup feature (I will leave that to the reader), just make sure not to enable the backup command line tools (they are outdated).

So now you just create your backup job and after everything is all said and done your logs should get truncated, it seems like a lot more work than should be necessary but if your logs don’t get truncated then really bad things happen, so it is a small price to pay I guess to make sure things are working the right way.

That’s pretty much it.  Once the backup has completed your log volume should have more room.  There are other ways to clear the transaction logs, maybe I will go over them in another post but this method is (for the most part once you figure out what you’re doing) easy and built into Windows.  Just make sure you have enough free space somewhere on your network to house the backups, especially if there there is a lot to move.

Read More