GDesklets won’t run in Ubuntu 7.10 Gutsy Gibbon

After a clean install/upgrade of Ubuntu 7.10 (Gutsy Gibbon) you may be unable to get gdesklets to run. I have noticed several threads out there with no resolution so I thought I would post a fix. Most users will get the app installed successfully but when they run the gdesklets shell, the app begins to load, goes gray, and then has to be closed using force quit. Also, running gdesklets start from a console shows that the daemon is starting but it never does. By default Gutsy Gibbon uses Python 2.5 while gdesklets is looking for 2.4. This is pretty straight forward to resolve using these steps. Install python2.4 by running sudo apt-get install python2.4 from a console. After that is complete we need to tell gdesklets to use Python2.4. From the console we need to add a few entries to the gdesklets config files. Locate the line that says “#! /usr/bin/env python” and append it with a 2.4. So each line should now look like “#! /usr/bin/env python2.4”. This line needs to be updated at the top of each of the files listed below.

/usr/lib/gdesklets/gdesklets
/usr/lib/gdesklets/gdesklets-shell
/usr/lib/gdesklets/gdesklets-daemon
/usr/lib/gdesklets/gdesklets-migration-tool

After updating the files with your favorite text editor, start the app by running gdesklets start from a console. This should have you up and running in no time.

–himuraken

Sonicwall GVPN w/ Simple Client Provisioning

In this post I am going to cover one of the ways that you can configure your Sonicwall device so that it provides secure client access to your internal network using the Sonicwall Global VPN client. There are several different ways that you can connect clients using the Global VPN client, but in this example I will cover one of the easiest and fastest ways to get the job done. For this example I will be using a Sonicwall TZ170 running standard OS. The steps will be nearly identical on other Sonicwalls running the standard OS. This configuration should also work just fine on devices running the enhanced OS provided that you aren’t running some off-the-wall configuration.

Step 1: Firewall configuration

Using your favorite browser login to your Sonicwall by going to https://x.x.x.x (<- Your IP here.) Go to the Users menu item and choose Local Users. Click on add and enter in the desired username and password for this user. Put a check mark in the “Access from VPN client with XAUTH” box and click OK.

Next we need to open the VPN menu item. By default there will be a VPN policy named GroupVPN. Make sure that this policy has the Enable box checked and then click on the edit button under Configure. The first two tabs require zero configuration for this how-to. Select the third tab which is named Advanced and make sure that “Require Authentication of VPN Clients via XAUTH” under Client Authentication is selected. On the client tab look for the setting “Cache XAUTH User Name and Password on Client” and change it to Always. Under Client Initial Provisioning make sure to place a checkmark next to “Use Default Key for Simple Client Provisioning” and click OK.

The final item to complete in this step is to send the GVPN policy to the client. Back on the main VPN page under Configure, click on the Export/Save button (Floppy disk icon). Accept all defaults on the pop-up window and click Yes. Once again, accept any defaults presented and enter a password so that the exported VPN policy is encrypted, this is important for several obvious reasons. Click on Submit and save the file. Now you can send the exported VPN policy to any user that needs it.

Step 2: Client Configuration

Using your MySonicwall account or original Sonicwall media install the Global VPN client on the desired PC and accept all defaults. Open the Global VPN client and press cancel when presented with the connection wizard. Go to the File menu and choose Import Connection. Click on the …Browse box and navigate to the exported GVPN policy. Now enter in that password that we used to encrypt the file earlier and click OK. You should now see the imported policy in the list of connections. Right click on the connection select Enable. Enter in the username and password that we created in step1 under Local Users. Put a checkmark in the “Remember my username and password” box and click OK. After a few moments of provisioning and passing encryption information, you should see the status as connected. Your client is now connected to your internal LAN securely via VPN.

Now you can create additional users as needed and send them the exported GVPN policy.

NOTE: I highly recommend sending the exported GVPN policy and encryption password separately. I generally accomplish this by emailing the policy and then sending a text message of the encryption password to the intended user and/or give it to the user verbally.

–himuraken

Print Server Properties in XP

Here is an under-used feature in Windows XP: Printer Server Properties. I use this tool frequently to remove printer drivers that just won’t go away. Often times you will disconnect a printer, uninstall the software and/or drivers, and plug the printer back in only to find that instead of prompting you for the drivers you recently downloaded, the system just loads the old driver. Getting rid of these “stored” drivers is quite simple.Step 1: Remove the printer

Disconnect your printer and then uninstall the accompanying software and driver. Once this has been completed, make sure that the printer is no longer present in the Printers & Faxes folder.

Step 2: Remove the driver

Open the control panel and go into the Printer & Faxes folder. Click on File and then select Server Properties. From here, select the Drivers tab, click on the printer / driver in question and then click on Remove. You can also click on Properties to see the actual driver and support files for the particular printer driver.

A lot of users ask me to disable the system tray notifications that they get when sending jobs to a network printer. This was introduced with Windows XP Service Pack 2 and basically just alerts the end user that the network printer received the job and hopefully started printing it. To rid your users of these notifications perform the following:

Step 1: Disable the notifications

Within Printers & Faxes, go to File and then select Server Properties. Select the advanced tab and uncheck the option “Show informational notifications for network printers”. Hit OK and you are done.

–himuraken

HP LaserJet 3005 Series Nightmares!

If you haven’t had the pleasure of working with HP’s LaserJet P3005 series of printers, do yourself a favor and never go near them. I have a customer in the banking industry that has an office full of these, and each one is more fun than the next. The issues range from overall system performance degradation during printing, to long pauses between pages. For the most part reinstalling the original software makes little or no difference. So far I have seen the majority of issues come from printers attached to systems via USB, but please note that I have seen issues on network and parallel models as well. Regardless of how you connect to your printer the following steps should get you headed in the right direction.Step 1: Remove current drivers

This step is pretty self explanatory, unplug the USB cable and then go into Add/Remove Programs and uninstall all software related to your printer. Once this is completed reboot your system and make sure that the printer is no longer listed in Printers & Faxes.

Note: Sometimes all issues are resolved in step 2 so uninstalling is just a precautionary step. In some cases I would recommend performing step 2 prior to step 1.

Step 2: Update the printers firmware

Most if not all of the issues with these printers are caused by their earlier firmware revisions. Go to the product page for the P3005 series printers here and get the latest firmware for your respective printer model. Extract the download and read over the instructions provided. There are several different ways to transfer the firmware to your device depending on the model:

Method 1: If your printer has a network jack, you can FTP to the device’s IP address and use the Put command to transfer the firmware file to the device. Once the transfer is complete the printer will restart and eventually display Ready on the display.

Method 2: Another way to send the firmware update is to open up your browser and enter in the device’s IP address. From the main screen click on the print option in the lower left hand corner. This should take you to a page that is normally used to upload print jobs directly to the printer. Click on browse and choose the firmware file and start the upload. Once again the printer should restart after several seconds and go to the Ready status.

Method 3: If your best or only choice is to use your parallel port don’t fret, it is quite simple. Copy the firmware to the root of your C:\ drive. Open up the command prompt and use the CD \ command to traverse to the root of the drive. Use the following command to transfer the firmware to your printer:

copy /b yourfirmwarehere.fru lpt1 and press enter.

Step 3: Reinstall Drivers / Software

Download the latest drivers for your printer here and then begin the install. Choose the basic install and then accept all of the default setup prompts. After the install has completed, restart the computer and test the printer.

Special Note: While upgrading a P3005dn using the file upload method, the printer froze, gave some random error code and restarted. After power cycling the device numerous times, I kept getting an error stating that I should download the firmware to the printer again. The difficulty in this situation was that the unit had two interfaces: USB and Ethernet. The Ethernet interface was not loading due to the corrupt firmware load and doing the firmware update via USB was not detailed anywhere that I could find. In this scenario the printer was not uninstalled prior to attempting the upgrade. Share your printer if it isn’t already, write down your computer name and the printer share name. From this point forward just use a slightly different command similar to the lpt1 method mentioned in step 3 by running this from the command line:

copy /b yourfirmwarehere.fru \\computername\printersharename

This should take care of re-sending the firmware to the printer.

–himuraken

Exchange Outbound SMTP Smart Hosting

There are countless situations in which you might not want to send email via SMTP directly from your site. Maybe you aren’t familiar with PTR’s and A records, or maybe your IP has been blocked / banned via your ISP or some external RBL. If your mail host allows you to use their server as a smart host, you can avoid most of these worries. Up until recently most mail traveled to and from servers and clients using the SMTP protocol which runs on 25 (TCP). Several mail hosts and ISP’s are now requesting or flat out requiring that the mail be submitted to their servers using the more modern mail submission port which is 587 (TCP). For more information on this please see this link. In order to successfully complete this how-to, you must get in touch with your mail host and see which port they want mail submitted on.

I will use port 587 in this example since this is what my mail hosting company requires.

Step 1: Configure Exchange to use the desired port

Open up the Exchange System Manager and expand Servers, Your Server, Protocols, SMTP. Expand SMTP and right click / properties on the Default SMTP Server. Go to the Delivery tab and then click on Outbound Connections. The last box is the port that Exchange is currently configured to send mail on. Once again, for my mail host port 587 is required. Click OK until you get back to main window of Exchange System Manager.

Step 2: Create an SMTP Connector to route mail

Right click on the Connectors folder and choose New -> SMTP Connector. Name the new connector and then choose the option to “Forward all mail through this connector to the following smart hosts.” Now enter in the hostname provided to you by your hosting company. This is usually the same as the outbound mail server that you would configure in your mail client. Under local bridgeheads click add. Select your Exchange server and click OK. Next, select the Address Space tab and click add. Choose SMTP and click OK. Leaving the default email domain of * and the default cost of 1 should be sufficient depending on your Exchange configuration. Click OK after confirming these defaults.

From here we need to configure outbound authentication. Select the advanced tab and click on Outbound Security. Click on “Basic authentication password is sent in clear text” and then click Modify. Enter in the username and password that was given to you by your mail host. Hit OK until you are back down to the main Exchange System Manager window.

Step 3: Verify the configuration

Start by going to start run and typing in services.msc. Locate the Simple Mail Transfer Protocol server and restart it. Now open up Exchange System Manager again and expand Servers, Your server name, Queues. Send a few test email messages from a client machine and watch the queues. If you see domains that were recently sent to showing a ready state all should be well. If you see domains that have a retry status and messages piling up there is an issue somewhere. Go back through all of the settings mentioned above and look for typo’s, misspellings, and other possible obvious points of failure in the configuration. Double check with your mail host and be sure that you are using the correct information.

NOTE: After correcting any issues found, right click on the failed queues and try forcing the connection. It is sometimes necessary to right click each domain and find messages and then delete them.

–himuraken

Terminal Services Audio Mapping

I am often asked how to enable audio mapping (audio redirection) for Terminal Services users. Configuring audio mapping is quite simple. A small configuration on the server and client is all that is necessary.

Step 1: Enable Audio Mapping on the Terminal Server

On the terminal server go to Start -> Administrative Tools -> Terminal Services Configuration. Select Connections on the left pane and then right click and get properties on the RDP-Tcp connection within the right pane. Click on the client settings tab and under Disable the following, uncheck audio mapping. Hit OK and then close the Terminal Services Configuration windows. Important note, these changes will only take effect for RDP sessions created after the configuration changes are applied.

Step 2: Verify client settings

On the client PC open the remote desktop connection. Click on Options and then select the Local Resources tab. Make sure that the Remote Computer Sound option is set to “Bring to this computer”.

Sounds produced on the terminal server should now be redirected to the client PC.

–himuraken

Command Line Scheduling

I am going to go over some of the basic at command usage and some real world examples of its usage.

at – Run without any switches the program will display scheduled items or inform you that there aren’t any scheduled jobs.
at /delete – Using the /delete switch will make the command prompt you to delete all current entries.
at ID /delete – Using the job ID and the delete switch, the program will clear the specified ID/entry without prompting.
at time command – This is the most common way schedule a single task which will run once.
at time /every:X command – Same as above plus a recurring job based on X, which can indicate a day of the week or month.

I use the at command every day since it is a very simple and effective tool. Below are some common scenarios where you might use at

I often perform maintenance such as Windows Updates which require a reboot but I cannot reboot the server to apply the updates. In this fairly common scenario the solution is very easy, a scheduled reboot. To perform a reboot from the command line of a Windows 2003 server you would run “shutdown -r” and press enter. If you wanted to do this at 3:00am you would simply run “at 3:00 shutdown -r“ from the command line. Another one that I use frequently is the scheduled defrag. I use this on all servers and client computers that I come across: “at 3:oo /every:1 defrag c:” which runs a command line defrag of the c: partition at 3:00am on the 1st of every month. You can substitute the 1 for a day such as M,T,W,Th,F,S,Su or any such combination separated by commas.
There countless useful tools that can be executed from the command line and just about all of them can be ran unattended by using the at command. I highly recommend automating your daily tasks such as defrags, reboots, and system cleanups using this command. It is very important to run the command without any switches after doing any work with the command so you can double check for typos. You can also see your scheduled jobs from the GUI by typing tasks in the run dialog and pressing OK.

–himuraken