Just managed to complete my next MCP TS: Windows 7, Configuring which keeps me on my way to my MCITP: Enterprise Administrator qualification which I am hoping to get for the end of the summer.
Adobe Reader X Protected Mode
I started to deploy Adobe Reader X to one of my clients the other day and found that users were unable to open files on shared drives mapped to our DFS. Searching through the web I found the following KB article from Adobe (http://kb2.adobe.com/cps/860/cpsid_86063.html)
Cannot open PDF files whose source is DFS or NFS: PDF files in shared locations on a distributed  or networked file system (DFS/NFS) cannot be opened. Attempting to open such a file results in an error opening this document. Access denied.”
Initially I thought I would have to remove Adobe from all the workstations however a quick look in the registry found the place where this has been set – HKEY_CURRENT_USERSoftwareAdobeAcrobat Reader10.0Privileged. To get around the problem I added the following to my login script to force the “bProtectedMode” value to 0
reg add “HKCUSoftwareAdobeAcrobat Reader10.0Privileged” /v bProtectedMode /t REG_DWORD /d 0 /f
This is definitely one to watch out for if rolling out Adobe Reader via GPO.
Opsview: Host Attributes and Keywords
Having been an avid Nagios/Opsview user for a while I am always keen to see new features that make my life of defining and managing systems easier. I had been meaning to try out the host attributes feature of Opsview for a while to redefine the way I monitor various “generic” features on my infrastructure. Up until now I have had to create an exception for a host that I want to monitor in a slightly different way and remembering what did/didnt have exceptions was never the easiest thing to do.
This has all changed with the Host Attributes feature in Opsview. I can now define a single service check that will take a number of values (currently Opsview 3.7.2 will only let you define one however looking at the SQL database there is capacity for 9 arguments. A forum post from Ton Voon has revealed a patch to the host-attributes tab that allows you to define 4 attributes which should be released in an upcoming release – 3.7.3 maybe). This means that I can define a host attribute (e.g. DISK) and then set in this the partition/disk name and the warning/critical values in different arguments to make sure that I can reduce the number of custom service checks or exceptions that I need to define.
I have managed to abstract my Disk space checks and also some checks for Exchange Information Store sizes across my organisation. I plan to try and further abstract other generalised items of monitoring (e.g. Windows Services, Performance counters etc).
Once I had created these checks I needed to add in a viewport to display the status of my Information Stores. In the past this used to be setup individually on each host and service check manually. In the latest release its possible to create a new keyword and then add in the host/services that you want from the Keywords tab. This has made the process of making new views/displays easier and made the monitoring much simpler.
When I get some time I will put up some pictures to go with this article and expand on my ability to monitor network interfaces with the latest version of Opsview.
Rancid email notification issues
Just spent a few days getting RANCID setup on one of my monitoring servers to backup my device configs on a daily basis. Whilst setting it up I followed a number of guides to get my config files setup and checked. The one thing I couldnt get to work however was the email when RACID detected a config change on one of the network devices.
Scouring the Internet I couldnt find what I had missed. Postfix was setup correctly and I could use the aliases I setup in /etc/alises if i “telnet localhost 25” and mail was delivered. In the end looking at the update logs I could see a line saying it couldnt find sendmail.
A quick look at racnid_control and I updated the lines that referenced sendmail to include a full path to /usr/sbin/sendmail and low and behold my inbox was full of config changes this morning.
I’m sure that if I was able to get the money to buy Opsview Enterprise I would make full use of the RANCID module within this but for the moment this works well enough for me.
My next goal is to get SNMP Trap processing setup so that if the appropriate trap is received from a monitored device it will pull the latest config down and we will always have the latest config.
Opsview users – beware javascript-common package
I have just come across an interesting issue with my production Opsview server where the web interface was loading successfully on http://<server>:3000 however http://<server> through the apache proxy was not working following an upgrade from Ubuntu 8.04 to 10.04
The upgrade process went smoothly and everything looked OK having reinstalled Opsview (the upgrade process will uninstall the package but the data is kept in the databases) except for the fact that I couldnt expand any of the menus across the top of Opsview and a small box had appeared under the search bar.
A bit more research in my browser showed the following errors:
Following on from this I popped a quick email to the opsview-users distribution group. to find out if they were aware of any issues with the upgrade process. I reviewed the Apache proxy config and replaced this with the stock one from the new Opsview install. This didnt help.
Next I ran through disbaling and re-enabling the three proxy modules and reloading apache a few times and still no joy.
Feedback from the mailing list suggested that the proxy config was correct but to try accessing the javascript file http://<server>/javascript/prototype.js (this returned a 404 error) and to also look at the apache error logs at the same time.
The logs from apache gave me the following:
[Thu May 27 10:19:35 2010] [error] [client 10.9.4.138] File does not exist: /usr/share/javascript/prototype.js [Thu May 27 10:20:08 2010] [error] [client 10.9.4.138] File does not exist: /usr/share/javascript/prototype.js, referer: http://10.9.0.220/status/hostgroup [Thu May 27 10:20:08 2010] [error] [client 10.9.4.138] File does not exist: /usr/share/javascript/scriptaculous.js, referer: http://10.9.0.220/status/hostgroup [Thu May 27 10:20:08 2010] [error] [client 10.9.4.138] File does not exist: /usr/share/javascript/validation.js, referer: http://10.9.0.220/status/hostgroup [Thu May 27 10:20:08 2010] [error] [client 10.9.4.138] File does not exist: /usr/share/javascript/forms.js, referer: http://10.9.0.220/status/hostgroup [Thu May 27 10:20:08 2010] [error] [client 10.9.4.138] File does not exist: /usr/share/javascript/opsview_sidenav.js, referer: http://10.9.0.220/status/hostgroup [Thu May 27 10:20:08 2010] [error] [client 10.9.4.138] File does not exist: /usr/share/javascript/anylinkcssmenu.js, referer: http://10.9.0.220/status/hostgroup [Thu May 27 10:20:08 2010] [error] [client 10.9.4.138] File does not exist: /usr/share/javascript/overlib_mini.js, referer: http://10.9.0.220/status/hostgroup [Thu May 27 10:20:08 2010] [error] [client 10.9.4.138] File does not exist: /usr/share/javascript/status.js, referer: http://10.9.0.220/status/hostgroup [Thu May 27 10:20:08 2010] [error] [client 10.9.4.138] File does not exist: /usr/share/javascript/prototype.js, referer: http://10.9.0.220/status/hostgroup [Thu May 27 10:20:08 2010] [error] [client 10.9.4.138] File does not exist: /usr/share/javascript/scriptaculous.js, referer: http://10.9.0.220/status/hostgroup [Thu May 27 10:20:08 2010] [error] [client 10.9.4.138] File does not exist: /usr/share/javascript/validation.js, referer: http://10.9.0.220/status/hostgroup [Thu May 27 10:20:08 2010] [error] [client 10.9.4.138] File does not exist: /usr/share/javascript/forms.js, referer: http://10.9.0.220/status/hostgroup [Thu May 27 10:20:08 2010] [error] [client 10.9.4.138] File does not exist: /usr/share/javascript/opsview_sidenav.js, referer: http://10.9.0.220/status/hostgroup [Thu May 27 10:20:08 2010] [error] [client 10.9.4.138] File does not exist: /usr/share/javascript/anylinkcssmenu.js, referer: http://10.9.0.220/status/hostgroup [Thu May 27 10:20:08 2010] [error] [client 10.9.4.138] File does not exist: /usr/share/javascript/overlib_mini.js, referer: http://10.9.0.220/status/hostgroup [Thu May 27 10:20:08 2010] [error] [client 10.9.4.138] File does not exist: /usr/share/javascript/status.js, referer: http://10.9.0.220/status/hostgroup
I would expect the path for the javascript to be /usr/local/nagios/share/javascript/… and not just /usr/share/javascript. I double checked my apache config and ran through all the configuration files that were included. excluded the /etc/apache2/conf.d directory and reloaded Apache. The result… Opsview loaded and displayed correctly:
Going back through the different files in the directory I came across javascript-common.conf which has the following code in it:
Alias /javascript /usr/share/javascript/
<Directory "/usr/share/javascript/">
Options FollowSymLinks MultiViews
</Directory>
I removed the symlink, re-enabled the conf.d directory in the apache config and all looked good.
Having a quickl look round I couldnt find any reason for the package being installed on my machine so I removed it and restarted apache followed by an apt-get check to see if there were any broken dependencies and there were none.
Upshot of all of this… Unless you want all your Javascript to be in one location dont install the javascript-common package.
T-Mobile UK 2G Data outage
I’ve been having some issues with my clients’ Blackberry handsets this morning and just received the following update from T-Mobile
I am afraid we have currently got an issue with 2g data services which is affecting all BlackBerry. Its currently affecting central and east London.
I dont have any further information at this time but it looks to only be affecting the BB Curves we have and not the Bolds. Looking at a couple of devices they appear to have GPRS back again but I am still waiting on the OK from T-Mobile to confirm everything is working
New Qualification – JNCIA-FWV
Today I sat and passed, after a long time of putting it off, my JNCIA (Juniper Networks Certified Internet Associate) Firewall/VPN Exam.
This now means that I have a qualification in the firewall technology that we are using at work. Hopefully I can play with some of the more funky stuff they use and work towards my JNCIS now 🙂
Check E-Trust Antivirus Definitions
Following on from my Symantec AV check I have written a first version of a similar check for E-Trust virus definitions. The format and structure to the check is the same as this check but it should return the relevant information for Computer Assoicates E-Trust Antivirus product.
For details on installation and configuration please check out the previous post. For the source code please check out the details below. If you wish to download this from Monitoring Exchange please use this link.
' Script: check_etrust_av.vbs ' Author: Matt White ' Version: 1.0 ' Date: 12-03-2010 ' Details: Check the current definitions for E-Trust AntiVirus are within acceptable bounds ' Usage: cscript /nologo check_etrust_av.vbs -w:-c: ' Define Constants for the script exiting Const intOK = 0 Const intWarning = 1 Const intCritical = 2 Const intUnknown = 3 ' Parse Arguments to find Warning and Critical Levels If Wscript.Arguments.Named.Exists("w") Then intWarnLevel = Cint(Wscript.Arguments.Named("w")) Else intWarnLevel = 2 End If If Wscript.Arguments.Named.Exists("c") Then intCritLevel = Cint(Wscript.Arguments.Named("c")) Else intCritLevel = 4 End If ' Define Date Regular Expression Const strDateRegExp = "(0[1-9]|1[012])[- /.](0[1-9]|[12][0-9]|3[01])[- /.](19|20)dd" ' Create required objects Set objShell = CreateObject("Wscript.Shell") Set ObjProcess = ObjShell.Environment("Process") Set objRegExp = New RegExp Set objReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\.rootdefault:StdRegProv") const HKEY_CURRENT_USER = &H80000001 const HKEY_LOCAL_MACHINE = &H80000002 ' read the path of E-Trust Anti-Virus from the registry strKeyPath = "SOFTWAREComputerAssociatesScanEnginePath" objReg.GetStringValue HKEY_LOCAL_MACHINE,strKeyPath,"Engine",strScanEnginePath If TypeName(StrScanEnginePath) = "Null" Then WScript.Echo "UKNOWN: Cannot read registry Info. Is E-Trust installed?" Wscript.Quit(intUnknown) End If 'strScanEnginePath = ObjShell.RegRead("HKLMSOFTWAREComputerAssociatesScanEnginePathEngine") ' Determine CPU architecture for correct executable to run strCPUArch = objProcess("PROCESSOR_ARCHITECTURE") If InStr(1, strCPUArch, "x86") > 0 Then strExecutable = "inocmd32.exe" ElseIf InStr(1, strCPUArch, "64") > 0 Then strExecutable = "inocmd64.exe" End If ' If the path doesnt exist Exit with an Unknown status If Len(StrScanEnginePath) = 0 Then Wscript.Echo "UNKNOWN: Unable to read registry path" Wscript.Quit(intUnknown) End If ' Run the command and read the output into a string Set objExec = objShell.Exec(strScanEnginePath & strExecutable & " /sig") strVirusDefs = objExec.StdOut.ReadAll() ' Search the Virus definition for the date using Regular Expression objRegExp.Pattern = strDateRegExp objRegExp.Global = True objRegExp.IgnoreCase = True Set regExpMatch = objRegExp.Execute(strVirusDefs) ' If date not found in the output. Exit with a warning If regExpMatch.Count = 0 Then Wscript.Echo "UNKNOWN: Unable to read date from the output" Wscript.Quit(intUnknown) End If intDateDifference = DateDiff("d",CDate(regExpMatch(0).Value), Date) Wscript.Echo strVirusDefs If intDateDifference > intCritLevel Then Wscript.Quit(intCritical) ElseIf intDateDifference > intWarnLevel Then Wscript.Quit(intWarning) ElseIf intDateDifference <= intWarnLevel Then Wscript.Quit(intOK) End If Wscript.Quit(intUnknown)
Failing hard disk
I had a small shock this evening when I noticed that one of the iSCSI mounts to my lab servers was not working as expected. I could see a folder structure but no data in the folder. I have had issues in the past because the iSCSI mount is a dynamic disk (Yes I know now that I should have left it a basic disk but I have not got enough space to move the relevant data off, covert to basic and move it back again) and when I reboot the server that it mounts to I have to reactivate the disk manually and recreate the appropriate shares. This issue was different.
I logged onto the admin interface for my NAS (Thecus 5200BR Pro) and checked the disk status to find the following screen
I hadnt been notified that my Nas was not 100% healthy so this was quite a shock. Clicking further on the Warning I had the following screen confront me
I think this is why I have some errors on my server. I shut down all the VMs and powered the NAS back on to do a file system check which it seemed to pass but it only checks the file system and not the iSCSI mounts that exist.
I rebooted the NAS again into normal operating mode and powered my ESX servers back on, logged back into my server with the iSCSI mount and reactivated the local disk and shared the folders again. Data was there 🙂
I dont trust that this wont happen again so I have purchsed a further two 1TB Western Digital hard drives from my preferred supplies (www.overclockers.co.uk) and am having them shipped to work so I can get them installed as soon as possible in my lab. I think I am also going to take this as a chance to move the iSCSI mount away from the existing setup and onto a new iSCSI array that is mounted on a dedicated iSCSI LAN and hopefully improve performance a little bit.
Publishing scripts to Monitoring Exchange
As I start to write/modify more checks and scripts for monitoring applications in Nagios/Opsview I have decided to share these as much as possible with the community so they can enjoy, and if necessary, improve the scripts I have written. I have decided to use the MonitoringExchange.org website to host my scripts (as well as detailing them on this blog) as I have found a number of good scripts here that do what I wanted them to.
All the scripts should appear as projects under my profile (wibble) with a link back to the same script on the blog here. I will also endeavour to post the link to Monitoring Exchange in the bottom of the blog post.