Entries by Craig Deering

Ran into something interesting today. We have an application that the majority of it is run from a network drive. It looks like not too many people ever access the help system because it wasn't working. After some testing, it was discovered that the same help file copied to the local C: drive worked fine.

There is a security setting in Windows (at least 2003 server) that disables the ability to use remote .chm help files. Here's a way around it. Create a .reg file like this. Or use the path to create it manually in regedit.exe.

<-- Start Reg File -->
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\HTMLHelp\1.x\ItssRestrictions]

"MaxAllowedZone"=dword:00000001
<-- End Reg File -->

Save this somewhere and double click it. After the file has been merged, anyone on the computer will be able to view .chm files off of network drives!

Craig Deering
Network Engineer
Astro Shapes, Inc. - Aluminum Extrusions
Website - http://www.astroshapes.com

This might be a problem with other flavors of Linux as well, but I've had issues with my Nvidia GeForce Go 7600 adapter on an HP dv9000 laptop running Ubuntu 7.10 - Gutsy. This is also using the stock installation of Compiz.

From time to time, I would notice my screen flicker black and then go back to normal. Every once in a while, the screen would freeze entirely for periods as long as a few minutes. Usually the mouse would hang, but sometimes it would move. I run the system monitor applet in the Gnome panel and it would completely freeze up. Most of the time, the screen would come back after a minute or so and then business as usual. Other times, I had to do the old ctl-alt-backspace to kill X and start over.
Continue reading "Ubuntu 7.10, NVidia and Screen Flickering"

If you are attempting to build multiple Ubuntu server installations, here is some information you will find helpful in making each server have the same software packages. This is a quick way to bring up more than one server with identical package lists utilizing the dpkg technology.

First, build your first server exactly the way you want it. Once you are happy with the package list, get a command line and do:

# dpkg --get-selections > dpkg.list

You need to copy this file over to another server that you want to make the package base the same. Once there, you should make certain your package sources are up to date:

# apt-get update

Now, set the dpkg list to be the same as the other server:

# dpkg --set-selections < /tmp/dpkg.list

The package list is now the same, so have the system add/remove/update the packages to match:

# apt-get -u dselect-upgrade

That's all there is to it! You now have two servers with identical package lists!

Craig Deering
Network Engineer
Astro Shapes, Inc. - Aluminum Extrusions
Website - http://www.astroshapes.com

If you ever run into a situation where you have deployed an AJAX web application onto multiple servers using round robin DNS and find you are getting horrible performance on Windows and Linux is running great, check your DNS!!

This has bit me a few times and figured it might save someone a ton of aggravation.  Here is the scenario.  Two web application servers each have their own "A" record in the DNS server.  When the browser tries to connect to the web server, it asks the DNS servers for the IP addresses resolved from the host/domain name.

If, for whatever reason, one of the servers is unavailable, Windows does not always do what you would expect.  Here's what was happening to me.
Continue reading "Windows, DNS and AJAX"

Every once in a while, I find the need to do some manual training of my SpamAssassin Bayes database using sa-learn. I use Thunderbird as my mail client and there was no easy way to get the messages in an mbox format to perform the training.

What I had been doing was opening Evolution when I needed to do this, highlighting the messages, right clicking and selecting "Save As". This would save it out as an mbox type file.

This process was always a hassle for me. If I moved to a new laptop, I had to set up Evolution again.

The guys over on the SpamAssassin users list pointed something out. If Thunderbird is set up correctly, each folder is stored in the mbox format!! I don't need Evolution any more!!
Continue reading "SpamAssassin, sa-learn and Thunderbird"

I have been a devout Gentoo fan for the last two or three years. I have used it personally on my laptop as well as on nearly every server I manage. While I loved the ability to tweak every aspect of the software I was using, I dreaded the unexpected reinstall because a laptop hard drive went bad. It could literally take three days to bring my laptop back to the way I wanted it. I recently gave Ubuntu a shot and was really impressed. Coming from an RPM based backend in the beginning, I really took to the way Ubuntu's Synaptic package management system worked. I also never liked the way Fedora required half a dozen CD's or a DVD to perform the install so I gave Ubuntu a try on the recommendation of a colleague.

Continue reading "Migrating from Gentoo to Ubuntu Server"

Many new servers come with multiple Network Interface Cards (NIC). Linux gives you the ability to "bond" those ports together to create a single usable interface. This gives you the advantage of fault tolerance and load balancing the NICs together. There are many different bonding types, but I will focus on the newer of them call balance-alb (Adaptive Load Balancing). It is great because it requires no special switch configuration and load balances both outgoing and incoming packets by influencing the switches by altering outbound ARP packets.

This procedure is using Ubuntu Server 7.10 (Gutsy). I was interested in making two separate bonds out of four interfaces, one for the corporate network and the other to connect the server to a SAN. The configuration for other types of Linux are similar in concept but usually have different configuration files.
Continue reading "Port Bonding with Linux - Ubuntu Server"

I've wrestled with getting a remote management card working 100% with Linux and decided to document the process in case someone else was trying to do the same thing. I did this on a Tyan Barebones GT24 B2891, a Tyan System Management Daughter Card M3291 and Ubuntu Server 7.10 (Gutsy). The specs of the server probably have no bearing to making this work. This should also adapt with many other set ups.

The goal of this project was to build a server where I had remote capabilities such as cycling power, monitoring vital statistics like CPU temp and fan speed, and gain console control during the boot process so I could make changes to the BIOS settings remotely. You also gain the advantage that if network services like telnet or SSH become unavailable, you can likely still use the remote console.

Some manufacturers include this capability into their equipment. Many of them call it "Lights Out" administration. The Tyan equipment I purchased needed a card added and set up. If anyone is interested in the hardware installation including the firmware updates, let me know and I'll write it up. This document is strictly dealing with the Linux setup.
Continue reading "Remote Management Card with Ubuntu Server"

Working in Information Technology for years, I have to giggle a little when I see what a normal user's perspective is on how networking and the Internet should operate.

Unfortunately, their perspective is not accurate. Not by a long shot. I've had many calls over the years wondering why certain things aren't behaving the way they feel it should. And most of those questions revolve around email.

Email is very dynamic and varies by magnitudes from company to company. One organization might run a single Exchange server sitting on the Internet sending and receiving every piece of it's corporate email. In this situation, it is reasonable to expect an email to take anywhere from one second to eight hours to deliver a message through it, depending on what else is happening on the internet.

Another company might have ten mail servers. And guess what... You should still expect that delays are going to occur from time to time.
Continue reading "Email is not Instant Messaging..."

As the email administrator for our company, I am always hearing questions like this... "My brother tries to send email from home to my dad at work and the emails don't ever get there. What's wrong?" The answer to this and all related questions usually lies within the content of the email.

E-Mail today has become very cumbersome to an IT department. Over the last few weeks, only 5% to 7% of the emails I process are legitimate. That means that out of 10,000 emails, only 500 make it to the end user. That does not bode well for the people who are attempting to send jokes, "email this to 7 friends or you'll get bad luck" and those "AOL is going to pay you $25,000 for every message you send" to people inside of a corporation. Here's how the process works and why many of the message you are sending never make it to the recipient.
Continue reading "Where did my email go??!?!"

Over the last few years, I've resorted to building my own servers out of barebones equipment for a varying number of reasons (beyond the scope of this article).  One of my biggest hurdles has been deciding the storage architecture I want to use.

With the advent of the SAN, the hard drive requirements of the server have drastically changed.  If I have a high powered SAN with dozens of high RPM SCSI drives that handle the bulk of the file storage, does the server need SCSI drives itself?  If the server is running mostly from RAM and using the local drives for nothing other than log files and binaries, then the answer is no.

So the next question becomes, how do I keep the OS fault tolerant of a hard drive failure?  I could go expensive and use a hardware RAID in the form of a card...  I could go with a software RAID provided by my Linux kernel...  Or I can use the BIOS RAID supplied by my BIOS...
Continue reading "Hardware, Software or Fake RAID?"

Taking the plunge into an opensource phone system can be a little unnerving, even for the most opensource of us. It's one decision I have never regretted!

About four years ago, we started looking into single points of failure around the company. The phone system is an integral part of our day to day business and it's the one area that lacked redundancy. At the time, we were running a Cisco 7750 CallManager with 115 extensions on Cisco 7910, 7940 and 7960s. The cost to duplicate the system itself to prevent a long term outage was high enough that we were never going to see the funding. So we started looking for alternatives.

After searching the net for a while, we stumbled on a little project called Asterisk. Asterisk is released under the GPL, so that means free! I don't think it was even at version 1.0 at the time, but we decided to start testing. After a few weeks of playing, we had about 75% of the Cisco system duplicated and it was running on my laptop. The Cisco CallManager was at version 3.x and ran on three separate blades. One had the phone system portion, one held "Unity" which was the voicemail part and the last was the T1 card. We also had external equipment to handle the music on hold. And I mean CD changers, external USB sound cards, etc... And all of this wrapped around a single PRI and a few FXO and FXS ports to support the paging system.
Continue reading "To Asterisk, or not to Asterisk..."

As an opensource shop, one of the strangest problems we had to face with email is the way Microsoft Outlook/Outlook Express handles email attachments. They decided to encode the attachments into a single attachment and name it winmail.dat. Third party applications don't seem to want to open it. So how do you get around it?

Here's how we did it!! We process our email in-house and MIMEdefang is one of the packages we use. If you've never heard of it, MIMEDefang lets you inspect, modify, bounce and reject email before it is passed on to the next mail server. You can strip out potentially harmful attachments like .exe, .scr, .bat, etc... It also lets you check for viruses, Spam and other unwanted content. If you can dream it up, you can get MIMEDefang to do it.

When an attachment comes through and it is of the winmail.dat variety, simply let MIMEDefang run a procedure against it to extract the real attachments and discard the winmail.dat part.

See the extended article for detailed code.

Continue reading "Microsoft Outlook and Winmail.dat Files"