Getting Windows Deployment Services running

There are some good resources out there for Windows Deployment Services (WDS), such as the following:

technet.microsoft.com (obligatory manual reference)
Dan Stolts blog
Tom and Jason include some nitty gritty details on their blog
www.google.com (obligatory google reference)

Basically, I'm trying to set up the following:

WDS service on non-DHCP server in an AD environment with DHCP running on AD Domain Controllers only
Should note that the server is 2008 Standard R2, and the AD DC's are 2008 R2 and 2003.

DHCP scope option settings:
66 - <ip of WDS server>
67 - boot\x86\wdsnbp.com

I'm also setting this up so that unknown devices need admin approval in AD (pending devices approval in WDS), and the problem I've run into is the following:

-------------snip-------------
An error occurred while trying to create the machine account for the following  device:

 Name: install01
 OU: CN=Computers,DC=<company_name>,DC=local
 MAC Address: 00000000000000000000BC305B9C1C03
 GUID: 44454C4C560010348039B8C04F435031

 Error Information: 0x5
-----------end snip-----------

This also shows up with Task category BINLSVC and an Application Error code of 524 (google search of "microsoft wds error 524" has details).

Solution to this is at the following technet page, and included below:

Per Microsoft's Technet page:
--------------------------------

Ensure that the server has the necessary permissions

To perform this procedure, you must either be a member of the local Domain Admins group or have been delegated the appropriate authority.
To grant permissions:

1. In Active Directory Users and Computers, locate the organizational unit that you are creating machine accounts in. The organizational unit is specified in the server properties for the Windows Deployment Services server.
2. To view the organizational unit information, open the Windows Deployment Services MMC snap-in, right-click the server name, click Properties, and then click the Directory Services tab.
3. Right-click the organizational unit, and then click Delegate Control to grant the Windows Deployment Services server Full permission to create and edit accounts.

Note: The computer that caused this issue is specified in the event message string. To view this information, open Event Viewer, expand Custom Views, expand Server Roles, click Windows Deployment Services, and then locate BINLSVC event 524 or 525.
--------------------------------

In my case, I opened AD Users and Computers, selected the OU where I wanted the installed systems to show up, r-click and select "Delegate Control", then had to do the following:

change "Object Types..." to Computers
enter the beginning of the system name and "Check Names"
verify computer name and click next
select "Create a custom task to delegate", click next
select "Only the following objects in the folder:"
check the "Computer objects" box
check the "Create selected objects in this folder"
leave "Delete selected objects in this folder" UNchecked
click next
check "Full Control", click next
click finish

At this point, you'll be able to name devices in the "Pending Devices" tab for the WDS role when you approve them without that annoying error.

The beauty of this is that once you have the server set up and the OS's configured for an install, you can literally just plug the computer in at it's location and PXE boot it and install the OS and pull in the user data in one fell swoop.  Also, you can use this system to manage server images as well as desktop images.  While there are other ways of installing systems, especially in a VM environment (templates, ghost images, etc.), the advantage this holds is that you can install both virtual and physical systems from this one server, and be sure that you have the same config on all your systems.  See Chapter 3 of "The Practice of Systems and Network Administration, 2nd Edition" for more wise counsel related to systems configuration and automated installation.

Setting up OTRS on CEntOS 5.5

OTRS (Open Ticket Request System) is a great open source ticketing system with a pretty clean interface, written entirely in Perl.  Below are some notes from setting this up on Centos 5.5, see the website above for full install instructions.

some things to remember:

run /opt/otrs/bin/otrs.checkModules to verify that everything is installed correctly, RPMForge yum repo can help with Perl packages

use generic agent to automagically move tickets/delete tickets.  This works great for deleting stuff in the junk folder.

set up 2.4.9, not 3.0 (the interface was significantly changed in 3.0, not used to it yet.  I think there was another reason for this as well, but I can't remember this right now).

remember to set up mysqld and httpd with chkconfig --levels 2345 <daemon> on

Cheap x64 VM environment how-to: Dell 6850 w/ Intel Xeon 7140's (SL9HA)

Short note, hope this might save someone else a few "bang head here" headaches:

need: cheap VM environment with the ability to run 64-bit VM's in VMWare ESXi4.1

Solution: Dell 6850 w/ 4x Intel Xeon 7140m processors and 32GB RAM (cost, $1220)

Problem number 1: 6850's require 200-240V power.  Since I was going to use this in my home, I don't have a circuit with that voltage (think electric stove or electric dryer; these are the plugs with a diameter about half that of a CD).  had I noticed this before the purchase, wouldn't have purchased the system.  However, I was able to use it for work.

replaced existing CPUs and hooked up power, only to run into...

problem 2: system wouldn't post, wouldn't get into the BIOS config, and reported that the processors were incompatible with the system.  BIOS was at latest for 6850's (A06), motherboard part is WC983, Rev A00.  Double checked the 6850 documentation PDF that Dell put out and confirmed that the 7140M is indeed compatible (read the fine print, it was used for a bench mark).

"No problem, I'll just call Dell."  Make sure you have your system ownership information updated before doing so, or you'll get nowhere.  That was problem number 3.

After talking with Dell over two days (seems even they have to dig for this info) it turns out that you need the following parts for the Xeon 7140M (SL9HA) processors (these are mandatory):

2x Dell Part YC902 (Voltage Regulator Modules)
4x Dell Part WG189 (Heatsinks for Motherboard, N6164 will not work)
1x Dell Part PD838 (3rd VRM for Cache) CANNOT BE PART K5331!
1x Dell Part RD318 (6850 Mother Board)
4x Dell Part ND891 (Memory Risers, part N4867 did not work)
1x The rest of the server

So, is the 6850 a cheap, viable option for running 64-bit VM's in ESXi4.1?  Viable, with a few caveats.  First, make sure you have the correct voltage!  Second, you must have the Xeon 7000 series processors (Intel part number SL9HA, SL9HB, SL9HC, SL8UD, SL8UB) since these are the only ones with the VT-x technology you need.  Third, make sure you have the voltage regulators to support the processors.  Finally, make sure you have the right 6850 Motherboard (RD318 if you want to run the SL9HA's).

As for cheap? well, after getting the rest of the parts needed (VRMs, Rails, disk), the total for the unit I've put together will be about $1220 for 8 cores @ 3.4 GHz, 64MB cache, 24GB RAIDed RAM, 800 FSB, and 2x 36GB 10K U320 SCSI HDD in RAID 1.  Stallard, Inc sells comparable 1950s for about $3460 each (w/o RAM RAID), but they have to be Gen III and still only capable of 24MB cache max.  You might be able to find everything on ebay for a bit cheaper, but it's still going to cost you more than $1000.  I should probably also mention that this system is not hosting the storage (using a 2850 running OpenFiler for that for the time being, 6x 146GB 10K U320 SCSI = 730GB usable in 5+1 RAID 5, approx $400).

For those of you looking to repeat what I've done, here's a list:

Dell 6850 (liquid8technology.com has them w/ 16GB RAM for a good price on ebay)
4x 4GB (2x2GB) PC2-3200 DDR2 RAM (server-ram on ebay)
2x 36GB 10K U320 SCSI HDD (check your back plane, could be SAS)
4x Intel Xeon 7140m (SL9HA)
4x Heatsinks (WG189)
1x 6850 RD318 Motherboard
4x ND891 Memory Risers
2x YC902 Voltage Regulator Modules
1x PD838 Voltage Regulator Module (hard to find on Ebay, can be as much as $150 elsewhere)
Rails, of course

Happy Virtualizing!

Configuring Alfresco Community Edition for OpenOffice Document Transforms

this is for alfresco version 3.4.d

have been getting an error similar to the following after configuring a rule in alfresco for converting documents from MS formats to Open Document formats:

Failed to run Actions due to error: 02050010 Transformer for 'application/msword' source mime type and 'application/pdf' target mime type was not found. Operation can't be performed

since I'm now having to dig for the second time on this, figured I'd write it down.

See the following pages:

http://wiki.alfresco.com/wiki/Setting_up_OpenOffice_for_Alfresco (most details)
http://wiki.alfresco.com/wiki/Repository_Configuration (location of the .properties file)

the long and the short of it is this:

find the location of the "alfresco-global.properties" file

[root@OPS5-Alfresco ~]# locate alfresco-global.properties
/opt/alfresco-3.4.d/tomcat/shared/classes/alfresco-global.properties

if you open this file, look for the following line:

ooo.enabled=false

change to true using your favorite editor (vi, nano, etc)
restart alfresco

service alfresco restart (bounces tomcat and mysql)

to know when the alfresco system is up, use "tail -f /opt/alfresco-3.4.d/tomcat/logs/catalina.<date>.log" and look for the line:

INFO: Server startup in 136056 ms

this will confirm that when alfresco starts, OpenOffice will be started with the service and able to convert documents.  Happy uploading!

Print from Linux to a Windows Shared Printer

setting up a print in cups to connect via samba share (or so I thought):

highly recommend the site openprinting.org, they have a very thorough list of printers, and their known working states

I have a Samsung ML-2010, so the drivers aren't included by default for linux, and wonderful Samsung isn't going to help us out.

Some sites that have helped:

- http://www.linuxfoundation.org/collaborate/workgroups/openprinting/database/driverpackages
- http://www.linuxfoundation.org/collaborate/workgroups/openprinting/database/cupsdocumentation
- http://localhost:631/admin (for those unfamiliar, this is the local web management interface for CUPS)
- http://tldp.org/HOWTO/SMB-HOWTO.html#toc8

well, this battle is finally over.  When I started, I had a small Zonet ZPS2102 print server (that I've had for years) and it was currently set up over the network and successfully allowing windows systems (XP and 7) to print to it via a samba share.  However, as I've been moving to a truly mixed environment at home, I needed to get my linux systems printing capability.  I wanted to do this without changing where the printer was plugged in so I didn't lose printing capability in the process.  Basically, add the linux systems without affecting anything else.

After banging my head against the SAMBA/CUPS wall for several hours, I decided to try the LPD/LPR configuration on the print server.  This was after I'd visitied several sites, learned more about SAMBA than I was expecting at this point, reworked the /etc/samba/smb.conf file several times, and finally plugged the printer into my computer to see if the drivers were working.

With a successful print from a direct physical connection, I decided to try the LPD/LPR config, and it worked like a charm.  I hope this saves you some time, I know I'll certainly remember it.  So...


Total time to complete this is about 15 to 20 mins tops.  (I'll spare you the extra book I wrote while I was banging my head agianst a wall.)

Setting up a ("non"-) supported printer like the Samsung ML-2010 on linux:

WARNING... if you are on RHEL/CEntOS 5.5, you will only have LSB 3.1 installed (and no way to get to LBS 3.2 without compiling it yourself), so make sure you download the correct splix rpm for RHEL/CEntOS 5.

verify signature
[user@linuxbox Downloads]$ rpm -K splix-1.0.1-3lsb3.1.i486.rpm
splix-1.0.1-3lsb3.1.i486.rpm: sha1 md5 OK

you also need to confirm you have the rest of the tools to make this work:

# yum install foomatic ghostscript
# yum --nogpgcheck localinstall splix-1.0.1-3lsb3.1.i486.rpm


navigate to /opt/splix/ppds/Samsung/ and use gunzip to extract the file you need, the files that are installed with .gz won't work for CUPS:

# cd /opt/splix/ppds/Samsung
# gunzip -d Samsung-ML-2010-splix-en.ppd.gz

on the system you want to install the printer on, go to:
http://localhost:631/admin

Click on Administration tab
Click on Add New Printers
click on Add Printer
    under Name: => <Unique_Printer_Name> (PrintServer_Samsung_2010)
        click contiue
    select "LPD/LPR Host or Printer", click continue
    device URI: => lpd://<hostname_or_ip>/<lpd_queue_name>
         (in my case, lpd://192.168.x.x/Samsung_2010)
    Select "Browse" and browse to /opt/splix/ppds/Samsung/
         Select the file you unzipped above, click Open
    Click "Add Printer"

Click on the Printers Tab
Assign the printer as the default, and print a test page.

Happy Printing!


Extra points: REMOTE INSTALL

To install this remotely, the only extra step was to log in to the other system via ssh with X11 forwarding enabled (-X), and then running "firefox &" to get the web interface for CUPS.  Total time is still the same.

$ ssh -X -l user 192.168.x.x  (to log in)



I think it is worth noting that I acheived my goal of getting my linux systems to be able to print, but I did not complete my stated goal when I started, which was to set up the printer via SAMBA/CUPS.  However, this works just as well for me.

Take-away lesson: if there's another configuration possibility that you haven't tried and you're having to dig deep to solve what you're on, try the other route first.

Fast user switching in Centos Gnome desktop

Several people have posted wonderful blog entries on how to get the user switching option turned on for Gnome desktop so that when you lock the screen, someone else who would use the computer can log in without logging you out.

The blog I followed can be found here. (complete with screen-shots (= )

However, because of the way that the gnome desktop configuration is set up, this only sets this option for the user you were logged in as when you went through this exercise.

Ok, so I was going to give the file to edit, but as I went looking through gconf-editor some more, I noticed the following:

if you run gconf-editor as root, you will be able to set Default and Mandatory Keys that effect all users.  Default = users can edit/change these; Mandatory = locked down to sys admin setting.  Once you have chosen keys that should be mandatory/default, you then have to open another window to edit them (one for default, one for mandatory), where you can set the values you want.  You can find more information about these settings here.

So, to have user_switch_enabled set to true for all users (aka, someone else can log in when you have locked the screen), here's what I did (screen-shots to follow):

1. as root, run: gconf-editor &
2. Expand Apps, click on gnome-screensaver
3. find user_switch_enabled, right-click, choose "Set as mandatory"
4. Ctrl+M
5. expand tree on left, set "user_switch_enabled"
6. close editors

(note: "yum install gconf-editor" if your system complains in step 1 above)

You may have to log out of the user you were on for the changes to take effect.  At this point, if the screen is locked by one user, another user is still able to log in and use the system.  If the account you're switching to is not currently logged in, you'll get the standard prompt screen.  Otherwise, you'll get the prompt from the locked screen.  Everything each user was doing will be saved just as they left it.

(After this, I'll be posting more as I dig into GNOME and other desktops.  If there is something you'd like to find out about, leave a comment and I'll see what I can do.  I hope to expand this to include most major linux releases and desktops, but we'll see.)

Setting up Mach build environment

So, clearly taking me a bit longer to get this going than I thought it would.  So here's the first tidbit I can give pretty quickly: I'm working on setting up a build environment using mach (stands for Make A CHroot).  This is a nifty tool to work in a clean build environment, and can be found here.  Basically, it will pull the packages you need to be able to get a clean build for whatever software you're working with.  If you are missing a dependancy, it will pull it automagically, if it can be found in the repos.  It also allows you to be able to build software for any version that is supported (ls /etc/mach/dists.d/ to get an idea).

Anyway, I'm just going through setting this up again, on a Centos 5 system that I'm planning on using for builds, and wanted to make a few notes, since the documentation still makes you dig a bit:

Steps followed so far:

1. set up yum for epel repo
2. run: yum install mach
3. add build user(s) to the mach group (ie: usermod -G mach <username>)
4. run: mach -r <root> setup build
5. go check irc or something (approx 5 mins)

remember that the root name needs to have an extension after the architechture, since that is what it is looking for in the /etc/mach/dists.d/ config files (separate file for each major os version).  For instance, the base centos 5 root that I just created wouldn't work as "centos-5-i386", it had to be "centos-5-i386-os".

Also, something else that should be mentioned is that it doesn't look like this package currently is able to perform builds for ubuntu/debian packages, but it does support apt-get, so maybe a config file could be created?