Recently in Travel and Work Category
As requested, here is another of my geeky "what am I doing posts".
Last Wednesday I built a VPN to Sri Lanka with Cisco ASA appliances at both ends. Unfortunately, with the time difference, coordination between sites was problematical. Sri Lanka did their part of the thing like at 3am our time, so I didn't see the link as up until Thursday.
The VPN looks like this:
Endpoint (Sri Lanka) <- VPN Site-to Site -> US Company#1 - router - Internet - firewall - US Company #2 Endpoint
As you can see, the site to site is between companies in Sri Lanka and the US, but the US endpoint is on a second company on the US side, not the company terminating the VPN. For some reason they won't put in a site-to-site between Sri Lanka and Company #2. I'm working at Company #1 and have no direct access to Sri Lanka or Company#2.
One of the features of a VPN is that you tell the firewall exactly what traffic is allowed thru the pipe. In this case, a single private IP address was allowed on the Sri Lanka side, and an entire class C network (public) was allowed on the US side. In effect that single IP in Asia was connected to that network in the US through an encrypted pipe. I am also told that the private IP address on the Sri Lanka side is specifically blocked (for security reasons) on the US end by Company #2. I had to NAT the incoming address so it was a number that wouldn't be blocked.
As I was not at either endpoint location, I could only see that the pipe was up, but not able to test the propriatary software that was to be used between the endpoints. I was told, by Sri Lanka, on Thursday that the link and software was tested and OK.
They lied.
Late Friday afternoon I get an email that, while the link is up and solid, the software doesn't work. I'm not quite sure what to do. Numero Uno: I ain't at either end. Numuro Duh: I don't know squat about their propriatary software. As I'm the only techie that the company who is trying to set this up (Company#1) has easy access to, I get the call.
At the moment, I have no clue. I could have screwed up the internal NAT, I suppose, but that isn't that hard to configure. Sri Lanka refuses to change the numbers they use, and Company#2 refused to accept them. NAT'ing is their only hope.
Something to do Monday, I guess.
Last Wednesday I built a VPN to Sri Lanka with Cisco ASA appliances at both ends. Unfortunately, with the time difference, coordination between sites was problematical. Sri Lanka did their part of the thing like at 3am our time, so I didn't see the link as up until Thursday.
The VPN looks like this:
Endpoint (Sri Lanka) <- VPN Site-to Site -> US Company#1 - router - Internet - firewall - US Company #2 Endpoint
As you can see, the site to site is between companies in Sri Lanka and the US, but the US endpoint is on a second company on the US side, not the company terminating the VPN. For some reason they won't put in a site-to-site between Sri Lanka and Company #2. I'm working at Company #1 and have no direct access to Sri Lanka or Company#2.
One of the features of a VPN is that you tell the firewall exactly what traffic is allowed thru the pipe. In this case, a single private IP address was allowed on the Sri Lanka side, and an entire class C network (public) was allowed on the US side. In effect that single IP in Asia was connected to that network in the US through an encrypted pipe. I am also told that the private IP address on the Sri Lanka side is specifically blocked (for security reasons) on the US end by Company #2. I had to NAT the incoming address so it was a number that wouldn't be blocked.
As I was not at either endpoint location, I could only see that the pipe was up, but not able to test the propriatary software that was to be used between the endpoints. I was told, by Sri Lanka, on Thursday that the link and software was tested and OK.
They lied.
Late Friday afternoon I get an email that, while the link is up and solid, the software doesn't work. I'm not quite sure what to do. Numero Uno: I ain't at either end. Numuro Duh: I don't know squat about their propriatary software. As I'm the only techie that the company who is trying to set this up (Company#1) has easy access to, I get the call.
At the moment, I have no clue. I could have screwed up the internal NAT, I suppose, but that isn't that hard to configure. Sri Lanka refuses to change the numbers they use, and Company#2 refused to accept them. NAT'ing is their only hope.
Something to do Monday, I guess.
...and one of these is anchored right below the building I'm working in on the waterfront in Staten Island.
Kewl
This morning it was docked at Stapleton, 6/10th of a mile from that window.
I am reminded tomorrow starts Fleet Week in New York. I'll bring my camera just in case.
Kewl
This morning it was docked at Stapleton, 6/10th of a mile from that window.
I am reminded tomorrow starts Fleet Week in New York. I'll bring my camera just in case.
Friday was to be my last day working on the harbor in Staten Island, so I got in about an hour early so I'd have time finishing up some projects...
Oh, silly me.
The Day, the first day of Spring you know, starts with driving up to SI in a blinding snowstorm.
I forget my cell phone at home.
Noonish I get an emergency email from my company to drop everything and truck up into mid-town. Server Crash. And I mean crash - it couldn't crash any harder if it was a spaceship traveling at .3 over light speed smacking into a nickle-iron DeathStar. A push-the-'on'-button-and-the-screen-says-'Wot?' type of crash.
You cannot get to mid-town from SI without pain.
I decided to get off the island to Jersey and take the train into the Port Authority, and then walk the few blocks to the site. So basically I drove 45 minutes in the opposite direction to pick up a train that makes it into midtown (just 14 miles from where I started) in 45 minutes. Believe me, if you were familiar with the area - this would make sense.
And what a site.
This is the type of industry that attracts pretty girls (every industry uses servers somewhere or the other). The place was gorgeous, the girls were hot, and the server should have been in a museum.
Which I fixed, sort of, probably temporarily. I don't really trust old-old servers that start crashing if you look at them funny. Its running but throwing errors. I'm sure I'll be back to upgrade the hardware and software.
Then walk 6 blocks to the train (with 3 minutes to spare), train to the car, and car to home.
Happy Spring.
Oh, silly me.
The Day, the first day of Spring you know, starts with driving up to SI in a blinding snowstorm.
I forget my cell phone at home.
Noonish I get an emergency email from my company to drop everything and truck up into mid-town. Server Crash. And I mean crash - it couldn't crash any harder if it was a spaceship traveling at .3 over light speed smacking into a nickle-iron DeathStar. A push-the-'on'-button-and-the-screen-says-'Wot?' type of crash.
You cannot get to mid-town from SI without pain.
I decided to get off the island to Jersey and take the train into the Port Authority, and then walk the few blocks to the site. So basically I drove 45 minutes in the opposite direction to pick up a train that makes it into midtown (just 14 miles from where I started) in 45 minutes. Believe me, if you were familiar with the area - this would make sense.
And what a site.
This is the type of industry that attracts pretty girls (every industry uses servers somewhere or the other). The place was gorgeous, the girls were hot, and the server should have been in a museum.
Which I fixed, sort of, probably temporarily. I don't really trust old-old servers that start crashing if you look at them funny. Its running but throwing errors. I'm sure I'll be back to upgrade the hardware and software.
Then walk 6 blocks to the train (with 3 minutes to spare), train to the car, and car to home.
Happy Spring.
My home server's AV showed a notice that it had detected the win32.agent.icb Trojan and then immediately crashed to blue screen. Reboot went immediately to blue screen. Ran Spybot. No luck.
What needs to be done is for me to replace certain system files that have been overwritten by whatever true Trojan I discover. Changing system files while the system is running requires some tricky software utilities...which were out in my briefcase in the car...which I didn't feel like dragging in last night.
I'll play with it tonight. Worst comes to worst I'll do an 'update' install of 2003 Enterprise to overwrite the infected files. I don't expect to lose anything.
...but that means the home server is down, and certain blog pictures/docs are not available until I fix the thing.
Update: Worked on it Saturday Nite and got it up and running by about 3AM. Needed Spybot, MalWareBytes, and Windows Defender to clean it up. I needed the OS disk to replace system files. I needed to delete some fake .dlls. This crap takes forever.
What needs to be done is for me to replace certain system files that have been overwritten by whatever true Trojan I discover. Changing system files while the system is running requires some tricky software utilities...which were out in my briefcase in the car...which I didn't feel like dragging in last night.
I'll play with it tonight. Worst comes to worst I'll do an 'update' install of 2003 Enterprise to overwrite the infected files. I don't expect to lose anything.
...but that means the home server is down, and certain blog pictures/docs are not available until I fix the thing.
Update: Worked on it Saturday Nite and got it up and running by about 3AM. Needed Spybot, MalWareBytes, and Windows Defender to clean it up. I needed the OS disk to replace system files. I needed to delete some fake .dlls. This crap takes forever.
I am working for these two weeks in Staten Island...hard by the waterfront looking out into NYC harbor. It is an incredible view from here on the 7th floor. The stately movement of huge freighters and tankers up and down the channel is hypnotic. In the background are the skyscrapers of Brooklyn and Manhattan bounded on the south by the Narrows Bridge. Kewl.
The Commute Sucks Toads, though.
The Commute Sucks Toads, though.
Here is what I was doing the past few days....
One of our Linux servers crashed and took a VM with it. I rebuilt the server and saved the VM...that didn't take long. I tried to get support from the vendor, but that was taking too long and we decided to just wing a rebuild. We lucked out.
My company has installed a new sales person in her home, and required me to set up a site-to-site VPN with VOIP (digital voice over IP) phones.
We have an ASA 5510 Cisco appliance at the main office; which is a pretty sweet VPN device (for a box that is not specifically designed for VPNs). A couple of weeks ago I had upgraded the ASA from v.7 to v.8.x so some of our Vista users could use Cisco AnyConnect to VPN into the office. Previous versions of the ASA firmware were good to go for VPN clients on XP or lower, but Vista HAS to use AnyConnect if you want to stay with a Cisco VPN client. AnyConnect is an SSL based product rather than the older client being IPSEC based.
The site-to-site VPN I was to create is IPSEC based.
The first task I had was to recommend a SOHO router to put in the home office of the new sales person. Naturally I recommended a Cisco 861n wireless SOHO router. WRONG! - too expensive. Always go for the platinum stuff first, you know.
OK - After actually finding our what the budget was - how about a SonicWall T150. Within budget but still pricey and I'm running out of time.
...and naturally it was so popular that even finding one was problematical and getting it delivered in time was impossible.
So I went with a Linksys wrvs4400n which was pretty cheap and available.
As the new sales person and I have the same ISP, I brougt the unit home to test the site-to-site VPN and especially the never-to-be-sufficiently-damned VOIP phone over the link.
I was able to get the VPN and phone up and running, the VOIP phone being a nutcracker naturally, and repacked everything to rebuild at the remote site Friday night.
...where it wouldn't work for shit.
So I bring everything home and set it up again...works like a charm.
Now moving the setup from one place to another isn't quite as easy as it sounds. Changing the IPs from one house to another requires rebuilding the VPN at each end. It is critically important that the setup be identical at both ends except for the IP address you use to anchor each end of the VPN. As the Linksys is not as feature rich as the Cisco ASA, the Cisco appliance needs a configuration that's a bit 'dumbed down' so it matches the Linksys.
Also, they use different words for the same configurations, ie, Where you set up the Cisco to use Diffie-Hellman Group 2, you have to know to set the Linksys simply to Group 1024-bit.
Another problem is 'protected groups'. You tell the VPN what IP addresses on the other side (remote group) are allowed to access your side (local group). On each side, your local group has to be the other guys remote group, and visa versa. This is one of the areas I had to dumb down the Cisco as it is able to define multiple networks as remote groups but the linksys can define only one.
...and this was a problem how? On the Linksys side there was only one home network, but on the Cisco side there is our normal work network, but also a second network VLAN exclusively for that never-to-be-sufficiently-damned VOIP phone.
The Linksys side could easily be configured to see one or the other of the Cisco-side networks...but not both (after all, the Linksys side only had one network, remember both sides need to match). I got it working by using some creative IP netmasking at both ends for the cryptomap rules...convincing the Cisco device that there were multiple networks at the Linksys-end allowed me to configure the Linksys device to see multiple networks on the Cisco-end. Both sides have to match.
Also the keepalives work like crap between the two devices so I wrote a batch file to ping through the pipe every 10 minutes. When I get it in place I'll use our IPMonitor Server at work to keep the pipe up.
Gonna try it again at the remote site Monday night. This time I've taken screen shots of the Linksys and ASA 5510 configs. This time I hope not to look like an idiot.
Update: As we were buried in snow Monday, we got a 'work from home' day. I went over to the sales persons house in the afternoon (via 4x4) and everything lit up easy squeezy.
One of our Linux servers crashed and took a VM with it. I rebuilt the server and saved the VM...that didn't take long. I tried to get support from the vendor, but that was taking too long and we decided to just wing a rebuild. We lucked out.
My company has installed a new sales person in her home, and required me to set up a site-to-site VPN with VOIP (digital voice over IP) phones.
We have an ASA 5510 Cisco appliance at the main office; which is a pretty sweet VPN device (for a box that is not specifically designed for VPNs). A couple of weeks ago I had upgraded the ASA from v.7 to v.8.x so some of our Vista users could use Cisco AnyConnect to VPN into the office. Previous versions of the ASA firmware were good to go for VPN clients on XP or lower, but Vista HAS to use AnyConnect if you want to stay with a Cisco VPN client. AnyConnect is an SSL based product rather than the older client being IPSEC based.
The site-to-site VPN I was to create is IPSEC based.
The first task I had was to recommend a SOHO router to put in the home office of the new sales person. Naturally I recommended a Cisco 861n wireless SOHO router. WRONG! - too expensive. Always go for the platinum stuff first, you know.
OK - After actually finding our what the budget was - how about a SonicWall T150. Within budget but still pricey and I'm running out of time.
...and naturally it was so popular that even finding one was problematical and getting it delivered in time was impossible.
So I went with a Linksys wrvs4400n which was pretty cheap and available.
As the new sales person and I have the same ISP, I brougt the unit home to test the site-to-site VPN and especially the never-to-be-sufficiently-damned VOIP phone over the link.
I was able to get the VPN and phone up and running, the VOIP phone being a nutcracker naturally, and repacked everything to rebuild at the remote site Friday night.
...where it wouldn't work for shit.
So I bring everything home and set it up again...works like a charm.
Now moving the setup from one place to another isn't quite as easy as it sounds. Changing the IPs from one house to another requires rebuilding the VPN at each end. It is critically important that the setup be identical at both ends except for the IP address you use to anchor each end of the VPN. As the Linksys is not as feature rich as the Cisco ASA, the Cisco appliance needs a configuration that's a bit 'dumbed down' so it matches the Linksys.
Also, they use different words for the same configurations, ie, Where you set up the Cisco to use Diffie-Hellman Group 2, you have to know to set the Linksys simply to Group 1024-bit.
Another problem is 'protected groups'. You tell the VPN what IP addresses on the other side (remote group) are allowed to access your side (local group). On each side, your local group has to be the other guys remote group, and visa versa. This is one of the areas I had to dumb down the Cisco as it is able to define multiple networks as remote groups but the linksys can define only one.
...and this was a problem how? On the Linksys side there was only one home network, but on the Cisco side there is our normal work network, but also a second network VLAN exclusively for that never-to-be-sufficiently-damned VOIP phone.
The Linksys side could easily be configured to see one or the other of the Cisco-side networks...but not both (after all, the Linksys side only had one network, remember both sides need to match). I got it working by using some creative IP netmasking at both ends for the cryptomap rules...convincing the Cisco device that there were multiple networks at the Linksys-end allowed me to configure the Linksys device to see multiple networks on the Cisco-end. Both sides have to match.
Also the keepalives work like crap between the two devices so I wrote a batch file to ping through the pipe every 10 minutes. When I get it in place I'll use our IPMonitor Server at work to keep the pipe up.
Gonna try it again at the remote site Monday night. This time I've taken screen shots of the Linksys and ASA 5510 configs. This time I hope not to look like an idiot.
Update: As we were buried in snow Monday, we got a 'work from home' day. I went over to the sales persons house in the afternoon (via 4x4) and everything lit up easy squeezy.
Dear Staff Member
Due to the current financial situation caused by the slowdown of economy in the country since last Christmas, Management has decided to implement a scheme to put workers of 40 years of age on early retirement. This scheme will be known as RAPE (Retire Aged People Early).
Persons selected to be RAPED can apply to management to be eligible for the SHAFT scheme (Special Help After Forced Termination). Persons who have been RAPED or SHAFTED will be reviewed under the SCREW scheme (Scheme Covering Retired Early Workers)...
A person may be RAPED once, SHAFTED twice and SCREWED as many times as Management deems appropriate. Persons who have been RAPED can only get AIDS (Additional Income for Dependants or Spouses).or HERPES (Half Earnings for Retired Personnel Early Severance). Obviously persons who have AIDS or HERPES will not be SHAFTED or SCREWED any further by management.
Persons staying on will receive as much SHIT (Special High Intensity Training) as possible. Management has always prided itself on the amount of SHIT it gives employees. Should you feel that you do not receive enough SHIT, please bring it to the attention of the supervisor. They have been trained to give you all the SHIT you can handle.
Have a good day
Managing Director
A security audit at a very large company you all know...and who has neat hats.
Monday's job was installing a site-to-site VPN between Jersey and Germany on Cisco ASA hardware. Not everyone was ready, so I installed a DMZ and put some machines on it.
Tuesday and Wednesday I'm in the home office maintaining our stuff.
Next Monday I'm in the Princeton area looking for (and closing) back doors into the network of a company that fired it's NetAdmin and is worried about disgruntled employee attacks.
The week of December 8th I'm doing a security audit at a company every one has heard of. Those jobs are sweet - I set up equipment that pounds on a network for a week, and just sit around and watch it. I get to hack at them to my heart's content. Then I write a pretty report.
...and whatever comes up in between. I expect something will come up to fill up next week.
Tuesday and Wednesday I'm in the home office maintaining our stuff.
Next Monday I'm in the Princeton area looking for (and closing) back doors into the network of a company that fired it's NetAdmin and is worried about disgruntled employee attacks.
The week of December 8th I'm doing a security audit at a company every one has heard of. Those jobs are sweet - I set up equipment that pounds on a network for a week, and just sit around and watch it. I get to hack at them to my heart's content. Then I write a pretty report.
...and whatever comes up in between. I expect something will come up to fill up next week.
On the way home I stopped at my daughter's to set up a wireless router she scammed from my son so that she could access her laptop while RedBoy would be monopolizing the house computer. The following assumes you know a bit about computers...as there were no problems, I'm not going over all the checks I did to ensure nothing was too far from default starting configuration.
Hint...
Download the manual for the (used) router BEFORE you unhook the Internet, idiot.
Plug the cable modem into the router's WAN port with a CAT5 cable.
Plug the house computer's NIC into one of the router's switch ports with a CAT5 cable.
Reboot the cable modem so it gives it's public IP address to the wireless router. On the house computer, release and renew the DHCP address so the house machine gets a new private IP from the router. (If you don't know how to do that, reboot the computer).
Check that the house computer can get on the Internet.
Then...
Reset the fucking wireless router to factory defaults so the username/password in the manual will work.
Configure the wireless router with a security WEP code. Run the Wizard if you have to.
Configure the laptops wireless utility with the same WEP code. Laptops are all different...this was an Apple. Piece of Cake.
Voila!! Internet on the Laptop.
Easy Squeezy. I was there an hour, and watched RedBoy play Wii for half of it.
Note: Pretty much all of these home-owner sized wireless routers come with built-in wizards to set up wireless. They all act as DHCP servers to give private IP addresses to anything that attaches to them by wire or wireless. These little devices all do NAT (Network Address Translation) to translate private internal IP addresses to usable public addresses for the Internet. They ALL have a username and password protecting the management console...hence the reset cuz my son never gave my daughter the current password. On this one there was a hole you stuck a pin into for 10 seconds.
Another interesting fact: Most of these devices do PAT (Port Address Translation). That means with some configuration you can set it up to be able to attach to your home machine from anywhere on the InterWeb. I connect to my home machine this way...via Web, FTP, DameWare, and Terminal Services.
In the real world, I have spent days installing $500 Wireless Access Points on every floor of a building, moving them around to ensure the best coverage, mooshing them into a Domain architecture, and installing wireless USB connectors on dozens of machines.
One of my readers asked me to include some computer stuff on the blog, so on days I do something interesting I'll do so.
I am spending a couple of days covering for the NetAdmin at a well known company. He's recovering from surgery. Today and tomorrow his 2nd is out also.
Today I installed Backup Exec on a couple of HP 64 bit Windows 2003 servers. I did not build the servers, but I did install them as Domain Controllers a month or two ago. About a year ago I installed a Reo NAS for these guys and built another BUE server to backup to shared iSCSI storage (superfast)
Note: Installation of BUE failed on one machine because it had (dot)Net v2 sp1 installed. I had to remove SP1 to get installation to work BUE installs its own (dot)Net v2.0.
I installed and configured a couple of 400 GB SCSI tape drives and inventoried and labeled 10 tapes. I created backup jobs and ran a BU of each machine. At 500 GB/min, it went pretty quick...fast machines. Remember to test the restore function.
Note: The default for media sets is to "never overwrite". You have to set the media set to "append then overwrite" as well as setting the timeout for "overwrite protection" to a time low enough to expire before the tape is used again.
Took a couple of hours.
The rest of the time today I worked (remotely) on configuring LiveMeeting on a Communications Server and figuring out why the LiveMeeting update wouldn't work on my laptop (you can't have LiveMeeting Outlook Add-on on the same machine you have Exchange Management Console on - and I've got shitloads of Management programs on my laptop).. I did some troubleshooting on a DNS replication problem, fixed a big honkin' Kyocera printer, investigated a Bluetooth connectivity problem, and tested (unsuccessfully) an AirCard.
I have no clue yet what I will do there tomorrow. Friday I'm hoping to upgrade a ASA5510 Cisco Firewall to a version that will allow it to accept Cisco AnyConnect VPN clients, and configure the IOS to do so. Fun Stuff for me. I'd like to fix the Bluetooth connectivity problem too, but that's more difficult...the Treo model phone I'm dealing with specifically blocks the feature I want...but I think I found a tweak on a forum.
That's pretty much my typical day...just replace what I did with anything else you can think of...hardware from Firewalls to SANs, software from client stuff to Server based, everyday is new. Most times I have no idea what I'm doing...but I know the secret - no one else knows what I'm doing either.
Update: On the way home I get a call that a company's email server has crashed right in the middle of a buyout. When I get home I remote into their system and fix the problem in about an hour and a half. The owner of that company calls one of our directors to thank him for the fast reaction. Our director didn't realize it had been fixed already.
Sometimes things go right.
I am spending a couple of days covering for the NetAdmin at a well known company. He's recovering from surgery. Today and tomorrow his 2nd is out also.
Today I installed Backup Exec on a couple of HP 64 bit Windows 2003 servers. I did not build the servers, but I did install them as Domain Controllers a month or two ago. About a year ago I installed a Reo NAS for these guys and built another BUE server to backup to shared iSCSI storage (superfast)
Note: Installation of BUE failed on one machine because it had (dot)Net v2 sp1 installed. I had to remove SP1 to get installation to work BUE installs its own (dot)Net v2.0.
I installed and configured a couple of 400 GB SCSI tape drives and inventoried and labeled 10 tapes. I created backup jobs and ran a BU of each machine. At 500 GB/min, it went pretty quick...fast machines. Remember to test the restore function.
Note: The default for media sets is to "never overwrite". You have to set the media set to "append then overwrite" as well as setting the timeout for "overwrite protection" to a time low enough to expire before the tape is used again.
Took a couple of hours.
The rest of the time today I worked (remotely) on configuring LiveMeeting on a Communications Server and figuring out why the LiveMeeting update wouldn't work on my laptop (you can't have LiveMeeting Outlook Add-on on the same machine you have Exchange Management Console on - and I've got shitloads of Management programs on my laptop).. I did some troubleshooting on a DNS replication problem, fixed a big honkin' Kyocera printer, investigated a Bluetooth connectivity problem, and tested (unsuccessfully) an AirCard.
I have no clue yet what I will do there tomorrow. Friday I'm hoping to upgrade a ASA5510 Cisco Firewall to a version that will allow it to accept Cisco AnyConnect VPN clients, and configure the IOS to do so. Fun Stuff for me. I'd like to fix the Bluetooth connectivity problem too, but that's more difficult...the Treo model phone I'm dealing with specifically blocks the feature I want...but I think I found a tweak on a forum.
That's pretty much my typical day...just replace what I did with anything else you can think of...hardware from Firewalls to SANs, software from client stuff to Server based, everyday is new. Most times I have no idea what I'm doing...but I know the secret - no one else knows what I'm doing either.
Update: On the way home I get a call that a company's email server has crashed right in the middle of a buyout. When I get home I remote into their system and fix the problem in about an hour and a half. The owner of that company calls one of our directors to thank him for the fast reaction. Our director didn't realize it had been fixed already.
Sometimes things go right.
I'll be in Dallas most of the week.
Update: Fucking bumpy trip between Atlanta and Dallas.
Update: Fucking bumpy trip between Atlanta and Dallas.
cuz work has been heavy.
I've been installing Exchange 2007 mail roles on 64bit VMWare Virtual Machines. Layers upon layers of aggravation.
First I had to build 3 64 bit servers.
Then I had to install the Unix based VMWare ESX on each
Then each machine got two Windows Enterprise 2003 server VMs for a total of 6 VMs that all needed hotfixes and upgrades to handle MX2007.
Then I created a clustered mailbox server on two of the VMs.
I then created two hub transports required for mail routing.
The last two VMs got edge transport (internet SMTP) and OWA (webmail) on the DMZ.
All of the above required tweaking Active Directory in the Domain as well as our internal and external DNS servers, not to mention the firewall.
Each installation requires it's own brand of suck...most of which involve command line manipulation of shit no human should be required to touch.
So I get it all working yesterday and move a couple of mailboxes to the new 2007 from the old 2003 Exchange server. My mailbox being one of them.
Today I'm testing communication, and everything works fine...email moving smoothly thru the enterprise and the interweb.
Then I test the cluster by forcing a failover. What should happen is that the passive node of the cluster should take over the mailbox role when the active cluster goes down.
Gak.
The failover fails miserably, violently removing the cluster and the two mailbox installations from this earth...along with the mailboxes I moved to the new server.
So tomorrow I have to restore the mailboxes to the old server from backup.
Then I can start rebuilding.
I've been installing Exchange 2007 mail roles on 64bit VMWare Virtual Machines. Layers upon layers of aggravation.
First I had to build 3 64 bit servers.
Then I had to install the Unix based VMWare ESX on each
Then each machine got two Windows Enterprise 2003 server VMs for a total of 6 VMs that all needed hotfixes and upgrades to handle MX2007.
Then I created a clustered mailbox server on two of the VMs.
I then created two hub transports required for mail routing.
The last two VMs got edge transport (internet SMTP) and OWA (webmail) on the DMZ.
All of the above required tweaking Active Directory in the Domain as well as our internal and external DNS servers, not to mention the firewall.
Each installation requires it's own brand of suck...most of which involve command line manipulation of shit no human should be required to touch.
So I get it all working yesterday and move a couple of mailboxes to the new 2007 from the old 2003 Exchange server. My mailbox being one of them.
Today I'm testing communication, and everything works fine...email moving smoothly thru the enterprise and the interweb.
Then I test the cluster by forcing a failover. What should happen is that the passive node of the cluster should take over the mailbox role when the active cluster goes down.
Gak.
The failover fails miserably, violently removing the cluster and the two mailbox installations from this earth...along with the mailboxes I moved to the new server.
So tomorrow I have to restore the mailboxes to the old server from backup.
Then I can start rebuilding.
Been working straight thru since last Monday. Some network thingies can only be done at night....and God forbid you miss out on your day's work too.
Then Friday, Saturday, and Sunday in a class to learn more things that will keep me working straight thru more often. Interesting as the class was developed by the Brits...and believe me, we are two countries separated by a common language. Good thing it wasn't developed by the Germans - then just the introduction would have been a 15 week class.
I'm taking tomorrow off.
Then Friday, Saturday, and Sunday in a class to learn more things that will keep me working straight thru more often. Interesting as the class was developed by the Brits...and believe me, we are two countries separated by a common language. Good thing it wasn't developed by the Germans - then just the introduction would have been a 15 week class.
I'm taking tomorrow off.
My two week project in 9 cities and 4 countries from Argentina to Canada is complete. I'm now on vacation until the 3rd. Thank God. That and driving 5 hours round trip to where I needed to be to do the remote access.
Note: Trying to work on servers remotely in Buenos Aires and Mexico city is like sticking your crank in a light socket...it feels soooooo good when it's over.
Note: Trying to work on servers remotely in Buenos Aires and Mexico city is like sticking your crank in a light socket...it feels soooooo good when it's over.
The facility I was at out in Kirkland WA experienced a power surge when something went wrong with a transformer outside the office park.
I've seen computers die, but I've never see servers throwing sparks, flame, and sizzling like bacon on a grill...at least a half-dozen of them at the same time. Even protected by surge protectors they fried...along with blowing out the lights (and I mean explosive detonation).
Fortunately, It wasn't my job to fix fried servers. Within 15 minutes I was on the phone to the airline getting an earlier flight. So I'm typing this at 2:45AM instead of 9AM in the morning.
Nighty-night.
Here's a shot of Seattle from the Bainbridge Island ferry on a typical Seattle afternoon. I forgot my camera in my motel, so I had to use my cell phone. 
Here I am sitting in my motel in Kirkland Washington.
Nasty trip. Flying just isn't any fun anymore. The flight was smooth, but boring and packed like sardines. I swear to God that they are tightening up the seats. I ain't gaining weight, but it keeps getting tighter and tighter. The offered food was so paltry that I avoided it. They got me here, 20 minutes ahead of schedule, didn't lose my luggage, so I'm thankful for that.
Worst beyond all was the check-in at the airport back East. Like lines of cattle filing into the slaughterhouse. Shoes, belt, pockets emptied, watch ring, phone, laptop...all piled into little baskets, all mixed up as passengers tried to get thru the checkpoint.
H2O is still forbidden, and I had to throw away a couple of bottles in my carry-on. After passing at least 10 signs telling me that my BIC lighter was going to land me in jail, I purposely kept it on me and they missed it.
I can't wait for the trip back...especially with the time change. I'll be getting into the airport at 6AM Saturday, and probably home by 8 or 9. My body is telling me it's 2AM on a work night.
The lack of posting is due to oppression by the man and the fact that the capitalistic overbosses of the computo-fascist hegemony that I work for has kept me in a state high utilization.
Starting last Tuesday...a mid-sized bank had it's email server begin to crash in the middle of it's takeover bid by a huge bank. It took Friday and 3 hours Saturday for the repair, with an earlier couple a short visits to get a new server built...the crash and all the repairs were invisible to the users, thank goodness. I worked a couple hours Tuesday on it, 8 hours Friday, and moved data overnight and Saturday morning. If I screwed up there would have been a week's data gone in the middle of a $10 Billion takeover. You ready for this, my company charged $26,000 bucks for my time....13 hours total...thats $2000/hour for my tender butt. Jesus!
The rest of the week saw me rebuilding a trashed Sharepoint Portal installation, and repairing a broken mirror set. This morning I trekked up the GSP for 2 1/2 hours to Parsippany to Dun & Bradstreet to participate in an Altiris Installation. I'm supposed to be here for 3 weeks, but I know that'll never happen...I'll get called away for sure.
So at the moment I'm getting creamed...working nights and Saturdays always throw me off. I think I'll go home and take a nap.
In my languid quest to find gainful employment, I traveled over the bridge to Horsham PA today for an interview. The Interview went well, but the best thing about the trip was finding a classic Pennsylvania gun store...Claytons on Rt 611 just south of the Willow Grove Air Base.
Picture this poor Jersey rube in your mind's eye. He sees 30 yards of gun cases with rifles and shotguns stacked tight together and 10 deep. He sees a $6000 Blaser .K95 Mannlicher in .243 with stocks that would make a man weep at the beauty, he sees a GE minigun hanging up on the wall over the gun cases, boxes of Hi-cap mags like scattered gold coins on the ocean floor, short barreled and silenced weapons laid out so even a mortal man could touch them.
OK, they're a bit pricy, and I don't know how they are to deal with...always an important factor for me. But man, it was so sweet to walk into a gun store and find actual guns. One hour and 15 minutes, a hundred yards of river, and a world away.
The wonderful company which bought mine two months ago has decided that my department is 'extra' to the needs of the company. Nicely put, isn't it. I told you before this new company had the worst employee satisfaction rating in the world…truly.
Next Friday will be my last day.
As I've been up to my ass in integrating my old company with the new, I'm not quite sure who is going to complete the balls-to-the-wall three month project....email integration alone is a nightmare, much less switching over the infrastructure of routers and firewalls, re-numbering, moving the DMZ, handling the port mapping to inside servers, adding the new company's servers and desktop applications. The only other guy available has excellent email skills (but not Cisco), and his own huge projects in another department. The management of my company is in a bit of a shock also, they were told company cuts were done 2 weeks ago and then ordered to cut the department without being told who will continue to do the work...which still needs to be done.
I knew this was on the horizon but I figured it for a couple of months down the road when the infrastructure was complete. Moneywise I'm good. I just like to work.
I think I'll look for something a lot closer….2 ½ hours each way was getting to be a pain. At least I won't have to commute to Bangladesh…that's where my old company will be in a year.
The Gethuman Database: Gives you the numbers to bypass voicemail and reach a person at over 400 customer service numbers. Suitable for printing.
Pajama's Media has some good stuff, but this is really worthwhile.
My contract job in the city was finally up today. They held me over for an additional 3 months on a 6-month contract for other projects. It was nice sleeping on the bus going in and on the way home. It was nice going to the same place every day instead of bouncing around like a super ball on crack.
I especially liked the area of old New York I was in....directly between the South Street Seaport and the World Trade. Nice. Shops, narrow streets, food, convenient to transit…did I mention the food?
I'm taking vacation until the 18th altho we don't really have anything other than day-trip plans. Work a bit around the yard, scoot over to Pennsy to check out houses (and Cabelas), and generally heal up for the next contract. I've already been told I'll be spending a couple of months upgrading the old company infrastructure to the new company standards...a low impact job I can probably stretch out for a while...at least while I look around for something more interesting. The new company, as I've said, doesn't thrill me to pieces.
And absolutely the best of all, the topping on the pie, the sweet spot, the wonder of wonderfuls….I don't have to get up at 4 fucking AM to catch mass transit for a week and a half.
Priceless.
Today I had to send a digital picture to my new company so they could make an ID badge for me. I was havin' none of that 'come into the office' crap. I am not exceptionally thrilled about this whole thing either. I have three stories....two are mine, and one related to me today by a co-worker.
Story
I interviewed with this company 9 years ago. At the time I was at the top of a hot field, and job interviews (and offers) were coming my way at about 25 per week. To make a long story short (finally), I had three interviews with them, gave a presentation to people they flew in just to hear me talk, and was offered a job for a substantial amount of money at the end of the presentation. I accepted.
OK, I give two weeks notice to where I'm working and wait for the offer to show up in writing. It did. For half the money they offered me at the interview. Apparently their HR department (way, far, away on the planet Fuck You) has the final say on how much money people get. They figured that I was offered too much and I would be willing to work for half the money. They were wrong. I shortly signed with another company for 20% more than the original offer above...and a bonus. I was there for 4 years until they got bought out and closed.
Story
The first time I walked into a division of this company, I was impressed. A gorgeous new building with a built-in garden Atrium...very nice. Then the hairs stood up on the back of my neck. A huge room with 500 programmers in cubes...so quiet you could hear a pin drop. Men walking up and down the rows with their arms crossed, making sure no-one spoke or did anything other than exactly what was required of them for 8 hours a day. I swear it looked like a Gulag. It smelled of fear. I did my business and got out.
Story
The best friend of one of my co-workers started with this company at a moderately high-end job last year. He lasted three weeks. The first day he needed a pencil and while looking for the stationary cabinet he was told he would have to put in a req for it. Which he did. Three weeks later he still didn't have a pencil.
Why didn't he bring one from home? Of course he did, but that's not the point. What would happen if he didn't bring one from home? The point is that this company is anti-employee to the point that even pencils are more important as company property than they are as tools to do your job. When the pencil still had not arrived after 3 weeks....he quit. Believe me, it wasn't the pencil. At a certain level you expect to be given the tools necessary to do your job...pencils were the least of it.
Today we were notified that our company was bought by the 5th largest computer company in the world. Our New Jersey office will become the state headquarters. They are immediately doubling the size of our office from 60 to 100 people. Part of the deal was to keep everyone working there (yeah, right).
I hate change. I have no idea how this is going to affect my job, because what I do is not what my company does...my skills are farmed out for consulting cash to fund the software development that is the main bent of my company...and the reason they were bought. Now that they are part of a 4 billion dollar company, I doubt they need the $250/hour that I bill.
On the other hand, I am more familiar with the software products of the new company than I ever was with the software products of the company I'm working for...and never really had an interest to learn. I have to say from experience tho, getting bought by a huge company is never good for the small one. But unlike those past experiences, my skillset is more aligned with the new company than the old.
We'll see. I wouldn't surprise me if a year from now the software my company developed was outsourced to India and all the people were gone. Oh, and I turned down a job with the new company about 10 years ago because I didn't like the corporate culture...and I'm not taking bets that it's changed.
Update: And today the company I've been consulting at since last October offered me a job.....let the negotiations begin.
They got a record 26.9" of snow in the City this morning.
I've got 2" in my backyard.
I live 55.1 miles (as the bullet flys) from where I work down town.
It's going to be an interesting trip in tomorrow morning.
Update: No traffic, a clean and dry road, empty trains on time, and dry shoveled sidewalks in New York...
Yep, they got over 2 feet of snow, but handled this one very well. I left so early that I was in before 7AM.
Finally.
The past four weeks have been pretty much of a blur. 80-hour weeks don't leave much time for anything but sleep. However the project was a success, and lawyers around the globe are singing my praises...not!
My reward is the Superbowl tonight...and a 4AM wakeup so as to make it into Connecticut by 9AM tomorrow. Bad luck that, but at least there'll be no more nights and weekends for a bit. The Conn job should be cake...but I'm going to miss all the Monday morning watercooler talk about the game.
Superbowl Update: This would have been a good Monday Night game early in the season. Seattle would have learned something about awful play choices and horrendous time management and gone on with the season. A bit late for those lessons in the SuperBowl, don'cha know. Smashmouth football wins again. Go Steelers!
I went to lunch today with two Sunni Muslims that I work with.
One is a secular Turk, and the other a very devout Pakistani. I like them both very much. The Turk is a Green (don't get him started on Kyoto), and I dont really know where the Paki stands politically. Both have been in the country long enough to have their children growing up westernized.
We talked about America.
Question: Why is America disliked?
Answer: America is disliked because it interferes.
Question: OK, what would happen if America became isolationist?
Answer: Ooh, that would be worse...the world would be full of terrible problems without America. The Turk felt that one superpower (even a benign one) was dangerous and needed to be balanced by another; his choice was China.The Paki hoped for Pakistan (he's a joker). The 'bull in a china shop' is a good paraphrasing of what they felt America's effect was on the world...no matter how good our intentions.
Question: What do you like about America?
Answer: It is moral and conservative, more than most countries they had lived in or visited.... Europe especially was seen as far too secular and immoral. France and Germany were the worst. America made them immediately feel welcome. Both had spent many years working in a variety of countries before being enticed to come to America by our company. Russia was pointed out as a country undergoing a religious revival after nearly a century of communist rule.
Question: Where is the best place in America to live.
Answer: Anywhere 50 miles outside of a city. The people are friendly and moral.
Question: What is the most important thing that a country need do to ensure it's future.
Answer: A belief in God and a sense of community. A belief in God, no matter what He is called, will always steer a country in the proper direction.
The Turk liked the Amish country in Pennsylvania. He recommended that the Paki take his family to visit it. He found it beautiful and liked the people.
Notice how many times they based their opinion on values and morality...not religion, race, or politics.
I enjoyed lunch today...even if I have to eat that damned diabetic crap.
I'm a techie, and even billing at nearly $200/hour, companies are willing to pay that to my firm to get me 50 hours a week, month after month after month...
When I am 'encouraged' to give extra time to help a shorthanded department with their massive OS rollout, well, that's a big charge off to get me working on nights and weekends. We're better than 60% done, so I figure another 2 weeks....and I'm getting tired.
At least this is the view from above....
That's Times Square in the middle of the picture (about 20+ stories below). You should see it lit up at night from this angle, but the pictures come out blurry...I suck at photography.
That's Times Square in the middle of the picture (about 20+ stories below). You should see it lit up at night from this angle, but the pictures come out blurry...I suck at photography.
I was asked to help another department with their OS rollout so that they could get done on schedule. I've been putting in my 8 hours down at 100 Williams, and then trucking up to 44th and 6th for a couple of hours. Saturdays have been full time uptown. This will go on for the next 4 weeks. It's not as bad as it sounds, cuz I'm taking a month of Mondays as vacation days. My workweek will be busy, but I'll still get a weekend.
It leaves me little time for blogging, or death-stick planning, or anything else, except on the weekends.
Speaking of death-stick plans....boy howdy, if you look around you can find some real deals....
Hogue
I've see the set as low as $60 if I could remember where it was....
ACE stocks
I can get seconds direct from ACE for $55
Varmint Upper
Another Upper
Well, now this looks interesting....available unsanded.
