Fix: A BINDING-ACK message with transaction id for DHCP Server

I have been getting this error for a while on my Server 2012 R2 DHCP cluster. Every time it syncs or replicates hundreds of errors are generated.

Some information around the web indicates I needed KB 2919393, KB 2919355 and KB 2955135 installed. KB 2955135 was not my scenario here, however it was installed. All other KBs are already installed.

Some information told me to replicate the scopes, using the powershell command:

Invoke-DhcpServerv4FailoverReplication

However, this did not resolve the issue and is the same command used by the DHCP management tool.

A deconfigure of the failover and reconfigure of the failover did not solve the issue. However I knew based on previous searches that I was still out of sync with the scope.

Finally was resolved after a deconfigure of the failover, restarting the dhcp server that no longer had the failover, then reconfigured the failover. This cleared up the issues and the errors are not longer occurring.

Auto-decline “Preview of Monthly Updates”

In WSUS it isn’t very easy to clear on how to automatically decline updates based on more criteria than what you get out of the box.  Luckily with powershell we can get around this.  Using a scheduled task to execute powershell.exe with a -file parameter, I was able to decline the “Preview of Monthly Quality Rollups” Microsoft has introduced.

Keeping this simple, using some searches I was able to find enough base information to get connected up to WSUS through powershell and then able to decline the updates.

 

Zabbix 3.0 on Ubuntu 16.04 with Percona

After upgrading to Ubuntu 16.04, I couldn’t get Zabbix to run and was receiving the following

To fix this I needed to symlink the perconaclient library to the mysql client libraries that Zabbix was expecting.

 

SMF 2.0 with PHP 7

SMF does not officially support running version 2.0.x with PHP 7.0.  This is due to PHP removing the mysql library in favor of more secure MySQLi library.  To get around this if you have root access to your server, you could manually build in the old mysql library functions.  Or you know, build compatibility functions.  I’m releasing this as a proof of concept that this works, I highly suggest migrating all code toMySQLi functions rather than using this, but it provides a simple path that allows you to upgrade PHP and enough time to migrate your code base over.

In $sourcedir/Subs-Db-mysql.php Find:

Add before this:

Now find:

Replace with:

In $sourcedir/Subs-Compat.php at the end before ?> add:

 

This should allow SMF to run just fine.  These are all the functions SMF calls from it’s database abstraction layer and thus should work.  Anyone using mysql functions outside of SMF’s database abstraction layer may need to add in additional functions.

Fixing stuck Exchange delegated access

Recently ran into an issue where an admin account had stuck delegated access to user accounts.  Even after removing the access the admin would still see the user account showing in Outlook.  Force updating the Offline Address Book and others didn’t fix it.  PowerShell showed that the admin account was still there with deny permissions

As seen, the permission are inherited and not explicitly implied.  The below example is what it looks like when the delegated admin had access. The delegated admin is not inherited and not denied.

When you remove the delegated admins permissions the delegated admin is not inherited and is now denied.

So using proper where I can filter out to just find the bad access.

Applying Remove-MailboxPermission to the end of that query properly removes them and after proper time removes itself from Outlook.  So we need to trace this down to figure out where its coming from.  So I checked the mailbox permissions to see if it was applied there.

So digging even more I checked Active Directory Users and Computers under the “Microsoft Exchange System Objects” OU and looked at all the SystemMailbox objects permissions.  None of them had any weird permissions.  Additionally it isn’t easy to tell which object belongs to which mailboxes, loading up ADSI Edit and connecting to the “Default naming Content” and opening the “Microsoft Exchange System Objects” gets you back to the SystemMailbox objects and you can get the properties to find the name of the mailbox object.

So, next I connected to ADSI Edit again and the “Configuration” context and went to the “Services” > “Microsoft Exchange”.  I checked permissions here, the admin account didn’t exist.  Digging down one more to the “COS” (The name of the exchange organization) I found the admin account had permissions implied here.  Below the “COS” is the objects for the Exchange mailbox databases.
Now trying to remove the admin permissions the GUI would give me a dialog stating that it would change 100+ permissions on all child objects.  That was a scary message as the last thing I wanted to do was break all child objects or change permissions on them.

After reading around I found the dsacls command (Technet article) and found a way to remove permissions.

Running the command didn’t seem to change any child permissions from what I can see and removed the admin user from having inherited permissions.  Now removing or adding delegated access does not leave the user around in Outlook.

The only logic I can figure out is Exchange Control Panel fails to properly remove delegated access because the user exists already under some sort of access to the mailbox.  Because it gets confused I think it is changing it to a deny access rather than deleting it.

WordPress won’t update

I’ve had issues with WordPress failing to update.  After searching forever and manually updating myself for months, I found the problem.  Check the /wp-contents/upgrade folder for any files.  A previous failed upgrade to core, themes or plugins will stay there and silently cause WordPress to fail to update without any notices.  Further more WordPress doesn’t make attempts to clean up the folder.

LetsEncrypt Nginx SSL Sites

I got my hands on the LetsEncrypt beta and already testing it out.  Incase it wasn’t obvious, if you have sites that are SSL only (I have a few subdomains which do not operate on http/port 80), you will need to set them up.  Here is a quick example of how I adjusted my Nginx to only support the LetsEncrypt script, but make sure everyone else is https only.

And if it helps anyone, the relevant portion of the server setup with SSL

 

Check your listen attributes.  I’ve sometimes seen this cause things to not work and other times you need this in order for it to work (with IPv6).  Do a configtest to make sure of your changes before restarting nginx.

Fixing Warnings opening files in Explorer from SharePoint

While opening files in Explorer to a connected SharePoint Document library, you may receive a warning that action is unsafe, etc.  The fix to this for network drives is to add them to the Intranet sites in Internet Settings.  It isn’t clear how to do this for SharePoint as using SSL gives you a address such as \\sharepoint@SSL\davwwwroot\.  Adding this site to your list just results in it storing SSL as an address rather than the full address you want (i.e. sharepoint@SSL).  The fix is simple, just use registry

I’ve directly added sites to my intranet sets in the past before with registry.  It is how I manage my company so users can still modify their trusted sites, but I can inject the proper trusted/intranet sites they need for things to work.

Raspberry Pi NOOBS install without DHCP

Having got a Raspberry Pi and having never setup Raspberry Pi from scratch, I went ahead and proceeded to do the NOOBs install for myself. However since my Cisco switches have Spanning-Tree-Protocol enabled, it takes a while before DHCP addresses are handed out. Long enough that the NOOBS install would time out and give up without letting me continue.  The noobs install doesn’t have a reboot or shutdown function and power cycling the device causes it to go offline on the switch, which has it recheck it for loopbacks upon it starting up again.  Further more it appears if I edited /etc/network/interfaces and gave it a static IP address then rebooted, changes where lost.

To get around this, we just simply need to restart the recovery GUI.

  1. I booted up my Raspberry Pi and let the NOOBS installer fail
  2. Press ALT+F2 to switch to a virtual console
  3. login as root / raspberry
  4. Run:  killall recovery
  5. Edit our interfaces file:  vi /etc/network/interfaces
  6. My interfaces file looks like this, yours may vary:
  7. Then we edit our resolver:  vi /etc/resolv.conf
  8. My resolv.conf just contained a single line:  nameserver 8.8.8.8
  9. I then restarted my network interface:  ifdown eth0 && ifup eth0
  10. Did a quick ping test to verify everything was working:  ping google.com
  11. Finally I restarted the recovery console:  /usr/bin/recovery qws
  12. At this point the recovery console started up and after a few minutes offered me my download options.

 

Although I didn’t, If you had a working DHCP server you could just do a  ifdown eth0 && ifup eth0  until you get a ip address reported in ifconfig, and then restart the recovery console.

SlickGrid Autocomplete

I’ve been working with SlickGrid on a project recently and it has been fun to work with.  It isn’t the best documented setup, but after a while I have figured out how to work with it on most levels giving me exactly what I want to work with.  One of the things my users asked for is a Autocomplete function.  I found a Stackoverflow question giving me the hint I needed in order to make this work.  The only problem was the autocomplete example provided was using a static list.  I wanted to have it build the list from that columns existing values and show a list, just like you get in Excel.  So here is the init function where I set this up.

Highslide for Wordpress Plugin