stichl.at tech at work

25Feb/150

vCenter refuses to delete empty cluster object

Today I wanted to remove an old cluster object in a vCenter server, but got this error followed by a vSphere Client disconnect.

A general system error occurred: Error(VdbODBCError) (-1) "ODBC error: (23000) - [Microsoft]
[SQL Server Native Client 11.0][SQL Server]The DELETE statement conflicted with the REFERENCE constraint "FK_VPX_COMP_DAS_VM_REF_VPX_COM". The conflict occurred in database "vCenter", table "dbo.VPX_COMPUTE_RESOURCE_DAS_VM", column 'COMP_RES_ID'." is returned when executing SQL statement "DELETE FROM VPX_ENTITY WITH (ROWLOCK) WHERE ID =?"

 

To resolve this issue you need to access the vCenter database using SQL.

First find out the ID of the entity which you are trying to delete:

SELECT ID FROM VPX_ENTITY WHERE NAME="2delete"

After that you may delete the references in the table mentioned in the error message:

DELETE FROM dbo.VPX_COMPUTE_RESOURCE_DAS_VM WHERE COMP_RES_ID = 123

After that you can delete the cluster object in the vSphere Client normally :)

Filed under: Linux, Tech, Windows No Comments
17Apr/141

check_mk multisite auto-login

Today I changed the logon mechanism on our OMD based check_mk multisite nagios instance to the cookie-based method.

I ran into the same problem as everybody else - our wall-mounted kiosk monitoring infoscreen refused to do auto-logon like http://user:pass@omdhost/site/check_mk/

After some investigations in the login.py script I tried something and succeeded instantly. The login.py simply does not care if you supply the data via GET or POST, just be sure to set all the variables

Use following Syntax:

http://omdhost/site/check_mk/?_username=user&_password=pass&_login=1

 

Make sure you create a regular user (not an automation account) and set a proper password (no special characters as you want to pass it in a url...)

If you have any questions about that, feel free to ask!

Filed under: Linux 1 Comment
17Jan/1440

Volvo XC90 instrument cluster self repair

Recently we purchased a 2003 Volvo XC90 because we needed more space for our family :)

There is a well known problem on Volvo XC90 instrument clusters (also called DIM / Driver Information Module) - they have connectivity problems on the circuit board. Most of the time there will not be any function on the DIM. If you push the left button very hard, the displays may work for some time. The LCD display says "SRS Airbag Service urgent" which is a common issue on almost any Volvo model produced around 2003. This message is caused by the Airbag/SRS module which detects an interruption of it's connection to the airbag warning lamp. If you read the car's error codes there can be several errors regarding canbus communication.

Our car also had a non-functional DIM at the time of purchase - we already knew this. Several companies in Europe offer instrument cluster repair services for about 200 Euros, but as electronics geek I thought about fixing this problem by myself. I bought a cheap SMD rework station on ebay.

So I fixed my DIM and can now offer a step-by-step procedure on how to successfully repair your own instrument cluster.

But be warned: Any modification of your car's electronic components can cause several malfunctions which can have massive impact on your car's security. I just give you an idea, where the problem can be located on the circuit board. If you decide to follow my instructions, you will do it on your own risk! I cannot be held responsible for any undesired outcome of the described modifications.

  1. Prepare your workspace. You will need a set of different screwdrivers, a torx T20, a SMD rework station, a soldering iron, desoldering braid, fluxing agent and very good illumination.
  2. Disconnect your car's battery which is located in your trunk. Take a look in your owner's manual for detailled intructions. If you remove your instrument cluster without disconnecting your battery, the car's electronics components will not power down and drain a severe current. Your battery can be completely empty in several hours! If you need to lock your car in the meanwhile, try following procedure: Unlock, get in the car, lock all doors, just open driver's door, disconnect battery, remove cluster, lock driver's door using the key :)
  3. Take the T20, remove the two screws on the inner top side of the plastic cover, loosen the upper plastic cover on the "neck" of the steering wheel, pull out the rest of the plastic cover part. Your DIM is mounted with 4 screws - remove them. Take care that you do not drop your screws - finding them again behind these plastic covers is very difficult. A magentic type of T20 tool can be useful. Remove the green connector on the back side of the DIM.
    1

  4. Remove the lamps and any screws on the back side of the DIM
    2     3

  5. Take a flat screwdriver and gently unlock the plastic cover parts, first the orange ones to remove the transparent one, then the red ones to remove the black part. They are located all around the DIM, I just took one photo :)
    2
  6. If you removed all screws on the back, the four meters can easily be pulled out.
    5   6

  7. Remove the remaining white plastic housing.
  8. Resolder the following orange highlighted sections using the hot air SMD rework device - I put some flux on the IC's legs and heated them until the original solder got fluid again (If you never used a hot air rework device before, a little practice on old computer parts may be helpful - I blowed one of the parts away and searched for about 10 minutes before I realized that it's still sticked to the voltage regulator's heatsink - a pair of good eyes can be also helpful...)78
  9. Reassemble the DIM - be careful when putting the meters back in, if you miss those springs your meters will not work and the springs will be damaged! Connect the DIM to your car, reattach the battery and test it... Maybe you need to rework some more of the SMD components on the back side.
  10. You will need to take your car to a Volvo dealer to delete the SRS airbag error codes. Or you can buy a Volvo VIDA DICE device and do it by yourself. If you need detailled instructions on how to do this, please contact me.

If you are located near Innsbruck, Austria I can also fix your DIM or delete the car's error memory if you want :)

Update:

Some people reported that resoldiering worked great but only for some weeks, then the problem reappeared. Try to resolder the small green parts around the motorola chip carefully (red color in the photo). On most of the boards the problem will be permanently fixed.

Filed under: Tech 40 Comments
17Jan/144

DFS quota Management the easy way

This week I migrated some older Windows 2003 DFS servers to newer machines running Windows 2008R2. Just DO NOT ask me why I'm not using 2012 or 2012R2, thanks!

In the past we have been using the old style NTFS volume quotas to stop our users from storing every bullsh*t on the servers. They needed to request another 5GB whenever they ran out of disk space.
When one user's quota value changed it has to be modified on each DFS server - stupid work! And if you do not keep the values in sync, DFS will have massive problems when the user runs out of disk space on just ONE of the DFS servers...
At first we tried to solve this problem with FSRM (which also offers a full-featured command line interface), but it's not possible. FSRM can not assign individual user quotas. Thank you Microsoft!

Volume based NTFS quotas can be viewed by a command line tool, but exporting/importing or changing values (like in the GUI) is not possible via command line :(

This is the point where we built two different VBS-Scripts. One script is running on our master DFS server, which exports all quota settings to a CSV-File. This file is stored on the DFS volume and gets replicated to every branch DFS server. The branch DFS servers are running a script which is importing the quota settings. We are running these scripts every 10 minutes using the task scheduler.
We also placed the VBS-scripts in the same folder as the CSV file (QUOTA_FILE) so we didn't need to copy them on each single server.

Our monitoring is checking the result code of the scheduled tasks and the age of the CSV file on the master server. If this file is older than 15 minutes, there is a problem.

As a result you just have to modify a quota on the master server and it gets updated on the branch servers automatically :)

UPDATE: There seems to be a problem with objFSO.OpenTextFile and DFS, as DFS-R sometimes misses the changed contents of the .csv file. Just add a line (see below) to delete the csv file before writing into it.

quota_export.vbs

Const QUOTA_FILE="D:\DFSroot\_quota\usrquota.csv";
Const QUOTA_PATH="D:\";

Set objDiskQuotas = CreateObject("Microsoft.DiskQuota.1")
Set objFSO = CreateObject("Scripting.FileSystemObject")

objDiskQuotas.Initialize QUOTA_PATH, False

objFSO.DeleteFile(QUOTA_FILE)

Set objFile = objFSO.OpenTextFile(QUOTA_FILE, 2, True)
For Each objUser in objDiskQuotas
 If objUser.AccountStatus<>5 Then
 strOutput = objUser.LogonName & ";" & objUser.AccountStatus & ";" & objUser.QuotaLimit & ";" & objUser.QuotaThreshold
 objFile.WriteLine strOutput
 End If
Next

objFile.Close

quota_import.vbs

Const QUOTA_FILE="D:\DFSroot\_quota\usrquota.csv"
Const QUOTA_PATH="D:\"

Set objDiskQuotas = CreateObject("Microsoft.DiskQuota.1")
Set objFSO = CreateObject("Scripting.FileSystemObject")

objDiskQuotas.Initialize QUOTA_PATH, True
objDiskQuotas.UserNameResolution=1

Set objFile = objFSO.OpenTextFile(QUOTA_FILE, 1)

Do While Not objFile.AtEndOfStream
 quotaentries = objFile.ReadAll()
Loop
quotaentries = Split(quotaentries, vbCrLf)

For Each quotaentry in quotaentries
 if quotaentry <> "" Then
 entry = Split(quotaentry, ";")
 sLogonName = trim(entry(0))
 sQuotaLimit = int(entry(2))
 sQuotaThreshold = int(entry(3))
 Set objQuotaUser = objDiskQuotas.AddUser(sLogonName)
 If objQuotaUser.QuotaLimit<>sQuotaLimit or objQuotaUser.QuotaThreshold <> sQuotaThreshold Then
 objQuotaUser.QuotaLimit = sQuotaLimit
 objQuotaUser.QuotaThreshold = sQuotaThreshold
 End If
 End If
Next

objFile.Close
Filed under: Windows 4 Comments
17Oct/130

RunAs with elevation and encrypted credentials

As most of you know Windows UAC can be a real pain in the a**.

My problem: We use software where an additional tool is included to switch the license type (network vs. standalone). This tool saves it's settings to the HKLM registry hive and our users do not have admin privileges so we need to think about a solution. We need to run just this tool with local administrative privileges, but without asking the user for any credentials.

I tried a lot, PsExec, Elevate.exe, RunAs, but none of the solutions offered the possibility to pass (encrypted) credentials AND force the application to run with elevation.

In the end I ended in writing a VBS-Script which uses lsrunase and calls itself twice, sounds complicated but works. You need to follow these instructions:

    1. Create a unprivileged service account in your active directory and choose a secure password (you'll need it later). Just be sure to set "user cannot change password" and "password never expires".
    2. Set up your group policy that this service user gets local administrative privileges on your client computers.
    3. Search for lsrunase.zip (lsrunase.exe and lsencrypt.exe are free tools provided by Geert Moernaut which are now included in a commercial software named Lansweeper in a newer version. But the older version of these tools can be found easily.)
    4. Start lsencrypt.exe (which has a GUI) and encrypt your service user password
    5. Edit the localadmin.vbs file - pay attention to the comments
    6. Drag-and-drop the localadmin.vbs to encoder.vbs which creates an encoded localadmin.vbe file which you can copy to your clients. Be sure to put lsrunase.exe in the same directory as the .vbe script.

'------------------------------------------------------------------------------
' localadmin.vbs
'
' (by) Ing. Florian Stichlberger 2013
' http://www.stichl.at/
'
'
' Run any program with elevation and local administrative rights
' using an encrypted password
'
' WARNINGS:
' * Be sure to deploy a encoded .vbe file only - otherwise the user can be able
' to modify this script and run any command with admin privileges!
'
' * This script has been tested on Win7 Enterprise 64bit and Win8 Enterprise 64bit only
'
' * If you find any errors or improvements, please let me know...
'
' * As usual, if you decide to execute this script the author cannot be held
' responsible for any malfunctions, data corruption or unintended functionality
'------------------------------------------------------------------------------

'------------------------------------------------------------------------------
' CHANGE THE FOLLOWING PARAMETERS TO YOUR OWN VALUES
'------------------------------------------------------------------------------
Const strDomain="CONTOSO"
Const strUser="svclocaladmin"
Const strPasswd="+ld/m/4L+Lrag6irTt1AgGE="

Const strCommand="c:\some\path\name\program.exe"

'------------------------------------------------------------------------------
' DO NOT EDIT ANYTHING BELOW THIS LINE!
'------------------------------------------------------------------------------
Set oShellApp = CreateObject("Shell.Application")
Set oWshShell = CreateObject( "WScript.Shell" )
Set oFso = CreateObject("Scripting.FileSystemObject")
strCurDir = oFso.GetParentFolderName(WScript.ScriptFullName)
'shortpath is needed because lsrunase does not support double escaping of quotation marks
strScriptName = oFso.GetFile(WScript.ScriptFullName).ShortPath

' I know, Arguments.Count is not very nice but it's fast and easy
If WScript.Arguments.Count=0 Then 'running for the first time - run myself with correct credentials
 strParam = "/user:" & strUser & _
 " /password:" & strPasswd & _
 " /domain:" & strDomain & _
 " /command:""wscript " & strScriptName & " //b proceed"" /runpath:C:\"
 Call oShellApp.ShellExecute(strCurDir & "\lsrunase.exe", strParam, "", "", 1)
Else 'running the second time with (hopefully) correct credentials
 If Not IsElevated Then
 ' We do not have elevation yet, so re-execute with elevation
 Call oShellApp.ShellExecute("wscript.exe", strScriptName & " //b proceed", "", "runas", 0)
 Else
 ' In this section the command gets executed
 Call oShellApp.ShellExecute(strCommand, "", "", "", 1)
 End If
End If

Function IsElevated
 Set shell = CreateObject("WScript.Shell")
 Set whoami = shell.Exec("whoami /groups")
 strWhoamiOutput = whoami.StdOut.ReadAll()

 If InStr(1, strWhoamiOutput, "S-1-16-12288", vbTextCompare) Then
 isElevated = True
 Else
 isElevated = False
 End If
End Function

Download sources here: localadmin.zip

Filed under: Windows No Comments
5Aug/132

awk trick to split string on last occurence of character

Today I needed to transform some filename on the linux shell - in my case i needed to truncate the filename after the last occurence of a delimiter character.

the filename:  special_file_1.0-12.tar.gz

the result needed: special_file

the awk command to do it:

awk -F_ '{OFS="_";NF--;print $0;}'

Have fun :)

Filed under: Linux 2 Comments
19Jul/130

Group Policy Preferences to create a VPN connection

Everybody knows the Group Policy Preferences method to create a VPN connection on a Windows 7 client.
But there seems no way to disable IPv6 or check the "Use default gateway on remote network" checkbox via Group Policy.

Indeed, there is a hidden way:

If you look on the client, there is a rasphone.pbk file located in %appdata%\Microsoft\Network\Connections\Pbk
For system-wide connections the path is %programdata%\Microsoft\Network\Connections\Pbk

You can try to open that file using your favourite text editor - you will see a INI-style structure.

That gives us the possibility to set the missing options using Group Policy INI Preferences:

ExcludedProtocols=8 disables IPv6
IpPrioritizeRemote=1 enables that default gateway checkbox

INI preferences

Filed under: Windows No Comments
3Jul/130

Detect version of linux kernel file

Today I needed to detect the kernel versions of various files in our netboot environment, but there was no tool to do it and Google wasn't much help with this issue.

So here is the command I used:

grep -oae "[0-9]\+\.[0-9]\+\.[0-9]\+" ./kernelfile

Operating on more files looks like this:

grep -oae "[0-9]\+\.[0-9]\+\.[0-9]\+" ./vmlinuz-*
./vmlinuz-20100927:2.6.35
./vmlinuz-20110117:2.6.37
./vmlinuz-20110819:3.0.3
./vmlinuz-20120119:3.2.1
./vmlinuz-20120728:3.5.2
./vmlinuz-20130207:3.6.11
./vmlinuz-3.2.1:3.2.1
./vmlinuz-3.6.11:3.6.11
Filed under: Linux No Comments
11Apr/132

Extracting VMware Tools drivers

Hi there,

Today I needed to extract VMware Tools drivers for use in our software deployment project.

Whenever you aleady have an .iso file (grabbing it from your next ESX host or downloading from: VMware Tools Repository) the extraction process is simple and straight-forward:

1. Unpack your .iso file using 7-zip to C:\TEMP

2. Extract the .exe on a DOS commandline:

C:\TEMP> setup64.exe /a /p c:\temp

3. When the Tools-Installer-GUI asks for the destination - just enter c:\temp again.

4 .You will find the drivers in C:\temp\Program Files\VMware\VMware Tools\VMware\Drivers

With the VMware player drivers it's a little more tricky:

1. First find your player version here: http://softwareupdate.vmware.com/cds/vmw-desktop/player/
     For Player 5.0.1 it's: http://softwareupdate.vmware.com/cds/vmw-desktop/player/5.0.1/894247/windows/packages/tools-windows-9.2.2.exe.tar

2. Download and untar the File to C:\TEMP

3. Extract the containing MSI file like this (Note: you have to create another subfolder, because extracting to the same directory fails...)

C:\TEMP> mkdir extract
C:\TEMP> tools-windows-9.2.2.exe /a /p c:\temp\extract

4. Navigate to C:\temp\extract and extract tools-windows.msi using 7-zip by right-clicking it and choosing 7-zip>extract here

5. Now we have our .iso file which you can process as described above.

So VMware is publishing a .tar file which contains a .exe which contains a .msi which contains a .iso which contains a .exe which contains our drivers. THIS IS WEIRD!

Filed under: Windows 2 Comments
23Mar/130

Arduino moodlight

I needed to create a moodlight which fades between blue, green, cyan and white - a perfect job for an Arduino board I had leftover from another project :)

So I soldered the common anode RGB-Led to a little piece of PCB and added a 4-header.

After some research I found a really useful arduino library which is perfect for PWM-fading on any I/O pin.

Just look here: https://code.google.com/p/rogue-code/wiki/SoftPWMLibraryDocumentation

     

The sourcecode is considerably short and easy to write:

#include <SoftPWM.h>

#define PIN_G 2
#define PIN_R 3
#define PIN_B 4
#define PIN_CA 5
#define T_WAIT 10000

void setup()
{
 // Setting the common anode
 pinMode(PIN_CA,OUTPUT);
 digitalWrite(PIN_CA,1);

// Init Soft-PWM
 SoftPWMBegin(SOFTPWM_INVERTED);
 rgbPWMset(0,0,0); // black
 SoftPWMSetFadeTime(ALL, 4000, 4000);
 SoftPWMSetFadeTime(PIN_R, 4000, 3000); // because Red was too dominant when fading out
}

void loop()
{
 rgbPWMset(0,0,255); // blue
 delay(T_WAIT);

 rgbPWMset(0,255,255); // cyan
 delay(T_WAIT);

 rgbPWMset(0,255,0); // green
 delay(T_WAIT);

 rgbPWMset(255,255,255); // white
 delay(T_WAIT);
}

void rgbPWMset(int r, int g, int b)
{
 SoftPWMSet(PIN_G, g);
 SoftPWMSet(PIN_R, r);
 SoftPWMSet(PIN_B, b);
}

An example Implementation looks like this: (sorry but flickering is because of the camera...)

Filed under: Electronics, Tech No Comments