Category Archives: Work

Looting

I’ve really hit the jackpot lately with acquiring “new” equipment. Several weeks ago, a guy from my LUG (Linux User Group) sent a message to our mailing list saying he had a few old servers to get rid off. I was looking to scrap some of my old parts together to make one to run Windows Small Business Server 2003 R2 at Crestview, so I quickly replied and secured dibs on a Dell PowerEdge 350. Several emails later, he had a better server that he was retiring, and also a few other goodies thrown in, so I made plans to go pick it up.

When I met Sean in Charlotte to get the stuff, this is what I ended up coming home with:

  • Dell PowerEdge 350 (1u)
  • Celeron 700
  • 512MB RAM
  • 40GB HD
  • 2x 10/100 NIC
  • Dell PowerEdge 350 (1u)
  • Celeron 700
  • 384MB RAM
  • 40GB HD
  • 2x 10/100 NIC
  • SuperMicro Server (2u)
  • Intel P3 1.26Ghz
  • 1GB RAM
  • No HD
  • 1×10/100 NIC
  • IBM 2104-DU3 SCSI Disk Array
  • 2x 18.2GB 10,000RPM Ultra160 SCSI Drive
  • 6x IBM Ultrastar 36.7GB 10,000RPM Ultra320 SCSI Drive

I brought it all home, setup the one server at church and the rest is sitting idly in my basement while I try to figure out what to do with it all. If I can find a controller card for it and ensure it works properly, I may bring the IBM Disk Array to work and use it along with iscsitarget as a backup location for my VMware stuff.

So, after acquiring the Dell PowerEdge 2950 for work a few weeks ago, I’ve been dreaming about getting a nice server cabinet to house the stuff. I maxed out our little 18U wall-mount APC NetShelter a long time ago, and it’s too shallow for this new server anyway. I quickly realized there was no chance of getting approval to purchase a new one as a 48U cabinet from Dell is about $900. I shopped around a few other places and found similar, or worse pricing and then decided to shoot a message to the LUG mailling list asking if anyone knew of a place in the Charlotte area to get used equipment like that. A few days later, Jack responded with this:

I have a full-size APC rack, with front & rear doors and rolling casters, just sitting in my garage. I used to host several sites for friends & non-profits, but I’ve since moved them to GoDaddy. You are welcome to have the rack, including all equipment inside:

  • Compaq DLT Array
  • Compaq SCSI Array (with drives)
  • Compaq 6500 Quad P-200
  • Compaq 5000 (may not work)
  • Compaq 15″ CRT
  • Compaq 8-way KVM switch
  • Compaq Keyboard w/ trackball
  • Rack-mounted power strip
  • Misc cables (scsi, ethernet, power cords, etc)

Like I said, you are welcome to it all. I don’t have a truck, so you have to come get it (I suggest brining a few guys with you).

I uploaded the pics to Flickr yesterday, so you can see that photo set here if you’re interested.

If you’re in the need for some old computer equipment, you might want to get in touch with me…

Name that server

I just got my first VMware host box in yesterday and I set out this morning to get the host OS up and running. One of the joys of being a network admin is naming servers. Prior to me working here, there existed about six or seven Windows servers, each named according to it’s purpose. I’ve since added a couple of Linux boxes, and they typically receive more fun names, typically somewhat related to sci-fi, which is odd, because I’m not that into sci-fi.

skynet was the first, setup around three years ago now running an evaluation version of SuSE Linux Enterprise Server 9. It is still up and running today, serving the same purpose it originally did – a sandbox of sorts where the IT folks test things and as a fairly general file storage area for things that may be of sensitive nature.

www was the next Linux machine, running SuSE Linux 10.0. I’m not really sure why I didn’t stick to my naming convention. Probably because one server hardly qualifies it as a naming convention. It’s also up and running strong today, hosting our company Intranet and soon, our public facing website as well.

intrepid was Linux server number three and served as my testing box back when I was evaluating and learning Asterisk. You can see I picked up the naming convention again here. intrepid is actually not even a Linux box anymore. It’s now running as my VMware Server demo machine with Windows Server 2003 as the host OS. That will soon be changing though…

borgcube is our fourth and was the first Dell server to enter my environment here. borgcube is a Dell PowerEdge 830 with a dual-core Pentium D processor running at 3.2 Ghz with 2GiB of RAM and serves as our production Asterisk box running CentOS 4.4.

And that bring us to today. Drum roll please…
atlantis will be entering service later this afternoon. As the first of two VMware Server host boxes, I ordered it “extra-beefy” in comparison to anything else inside the ESI IT environment (well, with the exception of the iSeries I guess). It’s also a Dell, but this time, a PowerEdge 2950 (2u rack-mountable) with a single Quad Core Intel Xeon E5320 processor, 4GiB of RAM, and three 160GB hard drives in RAID5 configuration. As far as the name is concerned, I couldn’t really come up with anything else great sci-fi related, so I chose to begin moving towards aeronautics/space travel in general for names, both factual and fictional names are valid. This name comes directly from NASA and Orbiter Vehicle #104 – also known as Space Shuttle Atlantis, which will likely be retired in a year or so, following STS-125, the final planned mission to service the Hubble Telescope.

I’m having to work hard on getting the OS to load. I was going to use Ubuntu 6.06 LTS as the host OS, but it won’t recognize my network card. I’ve got CentOS 4.55 x86_64 disc one downloading now – we’ll see how that goes I guess. I’m in a bit of an awkward position as far as OS goes. I was really wanting to go Ubuntu LTS so that the security fixes are guaranteed for the next several years, but with the driver support, that’s not happening. The CentOS 4.x line is my second favorite distro right now, and those fixes are guaranteed for a while also, so hopefully that works out. I’m quite hesitant to add another distro to the hodge-podge I already have.

My New Office

I just posted some photos of my freshly painted office to my Flickr account. This Thursday, August 23, will mark my three year anniversary at ESI and I’ve not done anything at all decor-related in those three years. I’ve been talking for at least six months about doing something, so while I was in Charleston, I found an awesome piece of artwork that I used as my inspiration piece. Shortly after I got back, someone from one of our branch offices donated another piece from a Charleston Print collection. I finally bit the bullet and went to the paint store last Friday, got the paint, and spent all day Saturday painting. I put the finishing touches on yesterday morning and got things cleaned up and I couldn’t be happier.

What does your workspace look like?

Tip of the Hat

I just need to give a quick Tip of the Hat to Danny Ybarra at Perimeter Church for posting a link to Microsoft’s SmtpDiag tool on the IT Discuss list a couple days ago.

One of our branch offices has been having trouble emailing a new client for a few weeks now, and after a quick peek at the returned mail she was getting, I knew the problem wasn’t on my end. At that point, I instructed her to talk with her client and have them check with their IT folks to see if if/why we were being blocked. She responded yesterday according to their outsourced IT guy, that we weren’t blocked anywhere.Time to do some more digging I guess…
A quick dig shows that their MX records are pointing to some sort of outsourced email solution (smtp.secureserver.net and mailstore1.secureserver.net). Not really sure where to go from there, since I figured it was some big hosting company with impossible to find contact info, I happened to remember seeing that post on IT Discuss about SmtpDiag. Microsoft has it labeled as an Exchange tool, but I extracted it on to my Vista desktop machine and ran this command, and it worked like a charm:

C:\Users\jmoore\Desktop\SmtpDiag>SmtpDiag.EXE jmoore@ourdomain.com jdoe@clientdomain.com /v
Note: Substitute real email addresses when using SmtpDiag

Part of the output was this, which I hadn’t seen in the previous returned mails:

Checking MX servers listed for jdoe@clientdomain.com.
Connecting to smtp.where.secureserver.net [208.109.80.149] on port 25.
Received:
220 rblsmtpd.local

Sent:
ehlo ourdomain.com

Received:
250 rblsmtpd.local

Sent:
mail from: <jmoore@ourdomain.com>

Received:
250 rblsmtpd.local

Sent:
rcpt to: <jdoe@clientdomain.com>

Received:
553 Bogus helo mailstore1.secureserver.net. <http ://unblock.secureserver.net/?ip
=66.20.xx.xxx>

A quick visit to that link gave me a short and simple form to fill out. A few minutes later, I ran the same SmtpDiag command again and it went through without a hitch.

My office is now exchanging mails with the client. Of course, I also felt the need to send this note:

Using a SMTP trace tool, I’ve just confirmed that we were indeed being
blocked by the company hosting [ourclient]‘s email. It won’t give me a reason
why, but I have submitted a request to their system to be removed from
the blacklist and it appears to have been processed already.

I’m copying their IT guy so that he will know what was going on with it,
as well as your contact at [ourclient] to confirm that they are now able to
receive mail from us. Please reply and let me know you have received this.

All in a day’s work.

OpenWrt Remote Admin

I’ve been struggling for a while with getting what I’ve always called “remote administration” working for some Linksys WRT54GL routers running OpenWrt with the X-Wrt extensions. My routers are currently on OpenWrt White Russian – With X-Wrt Extensions 0.9. Rules added through the web interface or in /etc/config/firewall never worked, and I finally ran across this post in the OpenWrt forums. The rule given by eisbaw works a treat for getting remote SSH access to the router. However, I’m not one who likes to open that for everyone to be able to SSH in, as they may be able to guess the password. Also, I wanted to be able to access the Webif interface also, so I made some tweaks. Here is the resulting /etc/firewall.user file:

## Open port to WAN
## — This allows port 22 to be answered by (dropbear on) the router
iptables -s 66.20.xx.xxx -t nat -A prerouting_wan -p tcp –dport 22 -j ACCEPT
iptables -s 66.20.xx.xxx -A input_wan -p tcp –dport 22 -j ACCEPT
iptables -s 66.20.xx.xxx -t nat -A prerouting_wan -p tcp –dport 1080 -j DNAT –to 192.168.0.1:80
iptables -s 66.20.xx.xxx -A input_wan -p tcp –dport 80 -j ACCEPT

I simply replicated the first rule and changed it to a DNAT to get remote Webif access via port 1080 on the WAN side. Also, you’ll notice that I added the “-s 66.20.xx.xxx” – this only allows access to those two ports if the traffic is coming from our corporate office. If you copy and paste, be sure to modify or remove that directive, otherwise, you’ll still be unable to remotely admin your router.

Upgrade Active Directory

Does anyone have any advice or tips on upgrading an Active Directory environment to Windows Server 2003 from Windows Server 2000? It’s a single domain controller. I’d like to think that it’s as simple as setting up a new machine running Server 2k3 and promoting it to a Primary role, but I’m not so sure from all the things I’ve read. Just something I’ve been wondering about. If you know, please advise.