This is a very nice article with great step-by-step screen shots for migrating your master domain controller from an older 2008r2 box to a new 2012 server.
Thanks for this Naresh!
Archive for the ‘Software’ Category
Migrate Active Directory from 2008r2 to 2012
Posted in Microsoft, Software, Windows 2008r2, Windows Server 2012, tagged AD, Microsoft, Migrate on May 3, 2013 | Leave a Comment »
Installing DB2 Enterprise v10.1
Posted in IBM, Installation, Software, tagged DB2, IBM, Installation, step-by-step on April 29, 2013 | Leave a Comment »
Extract installer file…
Run Prechecks…
I already solved the first one… See below on how to disable SELinux on your RHEL system.
Below that, I’ll show you how to solve the missing packages so we can continue with DB2 installation
Fully Disabling SELinux
Fully disabling SELinux goes one step further than just switching into permissive mode. Disabling will completely disable all SELinux functions including file and process labeling.
In Fedora Core and RedHat Enterprise, edit /etc/selinux/config and change the SELINUX line to SELINUX=disabled:
# This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - No SELinux policy is loaded. SELINUX=disabled # SELINUXTYPE= can take one of these two values: # targeted - Only targeted network daemons are protected. # strict - Full SELinux protection. SELINUXTYPE=targeted
… and then reboot the system.
(thanks… http://www.crypt.gen.nz/selinux/disable_selinux.html)
Installing dapl…
On my ISO are the various RPM packages I’ll need. Attempting to install dapl resulted in additional dependencies…
…installing libibverbs…
…installing librdmacm…
and finally… it works
Installing sg3_utils…
This seems to be a recurring theme any time I play with *nix boxes.. dependencies upon dependencies…
…installing libsgutils2 which refers to sg3_utils-libs…
and finally… it works
I was unable to find an sg_persist package… so I re-ran the db2prereqcheck script… and looks like it is included in one of the packages that were installed… and v10.1.0.0 is ready for installation!
Back to the installation:
After answering some basic questions like where to install, etc… it finished!
To validate it is running… try this:
ps –eaf | grep –i db2sysc
To automatically start DB2 instance…
/opt/ibm/db2/V10.1/bin/db2iauto –on db2inst1
Installing Microsoft SQL 2012
Posted in Installation, Software, SQL 2012, tagged Installation, Microsoft, SQL, step-by-step on March 15, 2013 | Leave a Comment »
Like many of my step-by-step articles, it’s mostly for corporate level documentation purposes.
I won’t describe every screen, only those that include important decision points that affect my particular use case.
The above dialog is warning me that the firewall does not allow remote database connectivity. The below command line can be used to open up the SQL port. The cmd prompt must be opened with administrative permissions for this to work.
netsh advfirewall firewall add rule name = SQLPort dir = inprotocol = tcp action – allow localport = 1433 remoteip = localsubnet profile = DOMAIN
This is one of those major decision points. My purpose for this database is to house the newest IBM Endpoint Manager v9 database… nothing else. So I only require a few items to accomplish this simple task. The following items are needed for my particular use case:
- Database Engine Services
- Full-Text and Semantic Extractions for Search
- Management Tools – Basic
- Management Tools – Complete
In order to get IEM installed properly… an SA account is required. So I’ll configure the database authentication in “Mixed Mode” and specify a password for the SA account.
That’s all there is to it. Installations are almost always straight forward… but some corporations require complete step-by-step documentation, I hope this fits the bill.
Installing Windows Server 2012
Posted in Installation, Microsoft, Software, Windows Server 2012, tagged Installation, Microsoft, step-by-step, Windows Server 2012 on March 15, 2013 | Leave a Comment »
Recently I’ve had a need to setup a Windows Server 2012 and wanted to document the process for future attempts.
I won’t document every single screen, only those that include decisions to be made and considerations to be considered.
I’ll be using this server as a root server for my new IBM Endpoint Manager v9, so a GUI would be very handy during install and general maintenance of that application.
At first I wanted to go with a regular install… not Custom… so I chose the top option.
Turns out this is for upgrading an existing OS installation. Since this is a brand new hard drive with no pre-existing OS, I should have chosen the “Custom” option. After hitting Close, I was sent back to the very beginning of the installation.
Once I arrived at the start up screen… it hung there for nearly 30 minutes. Turns out since I was setting this up on a VMWare ESXi v5.0 server it doesn’t support Windows Server 2012. So after some research I came across this article: http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2006859
I learned that I had to upgrade my VMWare ESXi server to a patch or v5.1… I opted for v5.1 and was able to get past this sticky part.
The server manager has been redesigned for the new GUI. Interesting choices…
I don’t want this application to come up every time I log in… so choosing the Manager –> Server Manager Properties, I was able to check the “Do not start Server Manager automatically at logon”.
Now I need to add my new server to my LDAP domain. Choosing “Local Server” from the left menu…
Click on “WORKGROUP” and the familiar computer properties dialog opens where you can change these settings.
One restart later I was able to log in and I’m done.
Content Database
Posted in Analyses, BigFix, BigFix Relevance, Code, Fixlets, Programming, Tasks, tagged Analysis, BigFix, Fixlet, Relevance, Task, Tivoli Endpoint Manager on October 12, 2012 | 2 Comments »
I’ve just added a new feature to my BigFix.me website… the Content Database!!! Come check it out!
This side-project catalogues fixlets, tasks, and analyses into one big content database (CDB). The first available feature of the CDB is the ability to search relevance statements. Type in one or more keywords like "operating system" or "exists" and you’ll get back tons of examples of how to use those inspectors or key words within your own relevance statements. The database even knows what type of data will be returned and we sort all the results by re-use count, which can be helpful in finding the most popular statements.
If you want to contribute to the database, simply logon or register and visit our import BES content page.
You can learn more here: http://bigfix.me/cdb.
Installing BigFix.me MDM onto your iOS devices.
Posted in BigFix, Installation, iPad, iPhone, MDM, Software, tagged BigFix, Installation, MDM, Mobile Device Management, step-by-step, TEM, Tivoli Endpoint Manager on August 29, 2012 | Leave a Comment »
The following step-by-step process demonstrates how to install/configure MDM on your iOS devices… iPhones, iPods, and iPads.
| 1. Visit https://bigfix.me using your mobile device. |  |
| 2. Click "Continue to this website (not recommended)" if prompted. |  |
| 3. Click the "SSL certificate" link towards the bottom. |  |
| 4. Click the "Install" button on the "Install Profile" screen. |  |
| 5. Click the "Install" button on the "Warning" screen. |  |
| 6. If you have a password set, you will need to enter it now and hit "Done". |  |
| 7. Click the "Done" button on the "Profile Installed" screen, you will be returned to Sarfari. |  |
| 8. Enter your email address, choose Device Ownership value and click the "Enroll" button. |  |
| 9. Click the "Install" button on the "Install Profile" screen. |  |
| 10. Click the "Install Now" button within the popup box. |  |
| 11. If you have a password set, you will need to enter it now. |  |
| 12. Click the "Install" button one more time for the "Warning" screen and your done. |  |
| 13. Click "Done" and your all finished. |  |
BigFix Endpoint Command Polling
Posted in BigFix, Configuration, Fixlets, Software, Tasks, tagged BigFix, Endpoint Manager, IBM, Tivoli, Tivoli Endpoint Manager on May 31, 2012 | Leave a Comment »
Command polling is a feature built into every Tivoli Endpoint Manager endpoint. This feature instructs endpoints to query their relay for new instructions instead of waiting the UDP ping regarding new actions.
This feature is invaluable when it comes to endpoints that are beyond your DMZ or UDP pings are not allowed. By activating this task, you can speed up the responsiveness of your endpoints in this ping restricted locations.
Look for the “BES Client Setting: Enable Command Polling” task within the BES Support external site.
My DMZ relay is identified when endpoints communicate with my public domain name: bigfix.me. When the endpoint talks to this relay I would like them to poll for commands every 45 minutes. When the endpoints switch to talking to a different relay, I would like them to turn off the polling settings.
To do this I will activate two different actions. One that is targeted at computers talking to my bigfix.me relay. A second task will have additional relevance to differentiate them and allow me to turn off polling.
Enable Polling
Activate this action choosing the second take action option which allows us to specify the number of seconds… at 2700 or 45 minutes.
Next we’ll need to copy the “Relay” global property relevance so we can add a bit of logic to our action.
Copy the relevance for “Relay” into the clipboard and hit Cancel to close the Manage Properties window.
Returning to the Take Action dialog, specify the Preset = Policy and select “All Computers” as the target.
On the “Applicability” tab we’ll want to modify the relevance and add the following to the end of what is there (copied from the Relay global property):
AND (if ((it does not contain "127.0.0.1" and it does not contain "::1") of name of registration server) then (name of registration server) else if (exists setting "_BESRelay_PostResults_ParentRelayURL" of client and exists value of setting "_BESRelay_PostResults_ParentRelayURL" of client as string) then (preceding text of first "/" of (following text of first "//" of (value of setting "_BESRelay_PostResults_ParentRelayURL" of client))) else "BES Root Server") as lowercase contains "bigfix.me" AND NOT exists setting "_BESClient_Comm_CommandPollEnable" of client
After updating the relevance, we’re ready to hit OK to activate this action.
It will run on all endpoints which have “bigfix.me” within the Relay global property.
Disable Polling
Now that we have this feature getting enabled, we’ll want to disable it where it is not needed. In other words, when endpoints are talking to any other relay except my “bigfix.me” DMZ relay.
Under the Target tab, specify all computers, configure Preset = Policy and update the name so we know this will “Disable Command Polling”.
Next we’ll move over to the “Applicability” tab as we did before and add the following slightly modified relevance from before (notice the “does not” at the end):
AND (if ((it does not contain "127.0.0.1" and it does not contain "::1") of name of registration server) then (name of registration server) else if (exists setting "_BESRelay_PostResults_ParentRelayURL" of client and exists value of setting "_BESRelay_PostResults_ParentRelayURL" of client as string) then (preceding text of first "/" of (following text of first "//" of (value of setting "_BESRelay_PostResults_ParentRelayURL" of client))) else "BES Root Server") as lowercase does not contains "bigfix.me" AND exists setting "_BESClient_Comm_CommandPollEnable" of client
After updating the relevance, we’re ready to hit OK to activate this action.
Now I will start to receive better response from endpoints communicating through my DMZ relay server.
If you have any questions or comments, please add them to the comments section below.
How to Tattoo your BigFix Endpoints
Posted in BigFix, Software, Tasks, tagged BigFix, Endpoint Manager, endpoints, IBM, organizing, Tattoo, Tivoli, Tivoli Endpoint Manager on May 30, 2012 | Leave a Comment »
A large organization utilizing Tivoli Endpoint Manager (BigFix) has many things to do when it comes to organizing your endpoints.
Organization comes in many forms… grouping computers by: Operating System, Processor, Available Disk Space and Last Report Time are all out-of-the-box features of any BigFix infrastructure. BUT that doesn’t make it very useful for the business side of your organization.
To help organize your endpoints into business centric groups… we need to utilize a process I call automatic tattooing. Tattooing endpoints can happen in many ways but they are all triggered off from properties on endpoints. These properties can be values within INI files somewhere on the file system of your endpoints. They can also take the form of: is a certain program installed?
For this article I will limit the scope to a few windows properties that are hidden deep within the registry. In a later article I will help describe the process of a cross-platform tattooing method.
For my purpose I will focus on the RegisteredOrganization and RegisteredOwner string values within HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion of the Registry.
I will create a few things:
1. Two global properties which I can use within WebReports, and to help with targeting actions.
2. A task to make it very easy to configure this value using an action.
Global Properties
Crafting relevance for my two global properties is actually really easy. In my case I’ll be reading into the registry for the values of my properties as such:
Registered Organization = value "RegisteredOrganization" of key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion" of native registry
Registered Owner = value "RegisteredOwner" of key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion" of native registry
Now let’s implement those within our console.
Click on Tools->Manage Properties, Click “Add New” and specify the “Name:” and “Relevance:”. If you have more than 100k endpoints, you may want to consider increasing the “Evaluate” property to something like “1 day” or longer. For my tiny deployment, I will leave it at the default “Every Report”.
Once the properties have propagated, your endpoints will start to return data…
Configuration Task
Next up is something a tad more difficult, depending on your experience with creating custom content. We will create a custom task which will allow us to configure these two registry values. This task will utilize to very special commands: action parameter query, regset and regset64. Read more about those in this document.
Let’s start with a new task:
As anybody who has read my previous articles knows, I like to fill in every blank. It makes for a better deliverable product to customers.
The action script for this task will need to do the following things expressed in sudo-code:
Query the user for the value they want to configure for both properties.
if 64bit OS
configure 64bit registry values
else
configure 32bit registry values
validate
After a bit of research, our action script ends up looking like this:
action parameter query "Organization" with description "Please enter the name of your Organization (Ex: Moran IT):" and with default value ""
action parameter query "Owner" with description "Please enter the Owner’s name (Ex: Daniel):" and with default value ""
if {exists x64 of operating system}
regset64 "[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion" "RegisteredOrganization]" = "{parameter "Organization"}"
regset64 "[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion" "RegisteredOwner]" = "{parameter "Owner"}"
endif
regset "[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion" "RegisteredOrganization]" = "{parameter "Organization"}"
regset "[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion" "RegisteredOwner]" = "{parameter "Owner"}"
continue if {(value "RegisteredOrganization" of key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion" of native registry) = (parameter "Organization")}
continue if {(value "RegisteredOwner" of key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion" of native registry) = (parameter "Owner")}
Of course we can’t forget about a URL with additional detail on this task…
The relevance required to do this is actually very simple. Since only windows computer have a “registry” we can eliminate all non-windows endpoints from running this action with the following relevance:
name of operating system contains "Win"
It is highly unlikely that a windows registry will not have the following key, but so we all learn good habits I’ve added the following relevance as well:
exists key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion" of native registry
Let us not forget my article on Properties.
It’s been a few minutes and it looks like my fastest computers have already responded with their applicability responses.
I won’t go into detail on how to launch this task, I’ve already covered that. Targeting is way more important to think through and understand how you are going to organize your endpoints. In later articles I will cover other tattooing methods and how they can benefit your organizations.
For your convenience, here is a zip file containing the content covered in this article: http://dl.dropbox.com/u/41985632/Content/Configure%20Registered%20Organization%20and%20Owner.zip
If you have any questions or comments, please leave them below. I’d love to hear about some other tattooing methods and how you implement them within your deployment.
How to use the BigFix Software Distribution Wizard
Posted in BigFix, Installation, Software, Software Distribution, Tasks, tagged BigFix, Distribution, Endpoint Manager, IBM, Installation, Policy, Software, Task, Tivoli on May 29, 2012 | 4 Comments »
BigFix is of course now called Tivoli Endpoint Manager a product of IBM. I’m getting a bit lazy and calling it BigFix for short from now on.
Anyways… This article will provide helpful direction when you want to distribute software within your organization.
I have recently wrote a c# application and want to have it automatically installed across my infrastructure. When new systems come on-line, I want my application to automatically be installed once it is properly linked into my BigFix infrastructure. One note to be made when writing your own applications… be sure to properly register your application so you can easily detect that software on your endpoints. I wrote an article which will show you how to properly register your app when creating your Visual Studio Setup application.
The following screen shots might help you with accomplishing this.
First we’ll need to launch the wizard itself, then specify the application name.
Here we’ll need to specify our MSI installer. Visual studio creates both a setup.exe and a setup.msi. the exe is a stand-alone file which creates an environment with which to launch the msi. IE: you can distribute the msi all by itself, but if you want to use the exe, you must distribute both the exe and msi files.
BigFix can handle, so if your application has a simple stand-alone exe, then point the wizard to it. Or the folder or URL of the file in question. It even has the capability of handling ZIP files. (if you’d like more info on this, ask me in the comments section below).
Now we’ll need to specify the operating systems that our application will work on. In my case I want to limit it to newer computers which will have my requirement of .NET to be installed. Note: With Windows 8 coming out soon, you may need to modify the relevance of the resulting task in order to install this application onto those endpoints. As of v8.2 of Tivoli Endpoint Manager, we do not recognize Windows 8. It appears in the console as “WinUnknown 6.2.8250” for the Consumer Preview Release.
Our next step is to help the wizard “craft” our relevance that will be used for this software distribution task. Since my application follows proper registration techniques, it is as easy as specifying my executable within the Registered Application box.
Step 5 of our wizard asks us to properly craft the command line that will be used to silently install our application. Since I’m using an msi installer file that follows Microsoft standards, the defaults are fine. Otherwise you can change the command line parameters here. Remember that the end user will NOT see the installer GUI. So if the installer hangs at a certain step, it will never be noticed and you will have to manually kill the installer before the task will respond with a status.
Complete the wizard by validating the parameters and hitting Finish.
Here we have our newly generated task. I like to fully customize my tasks, especially when I create something that will become customer facing.
Thus I’ll work on each tab in order… First we’ll modify the description so the admin launching the task will know what this task is/does and what to expect.
Also remember to modify which site to “save” the task into and which domain it belongs to. For more on domains, read one of my other articles covering that domains.
I also like to follow naming standards by the BigFix home office, thus on software, I’ll name it as such: [application name] v[version number] Available
Next I like to include a URL link to the application so if the admin wants additional information or support links it’s as easy as clicking one of the actions.
The Software Distribution Wizard does a great job of creating the basic relevance that will be used. I, however, like to separate out my relevance for easy reading. Here I’m separating the OS relevance from my RegApp relevance. Remember that you can only separate if they are connected by an AND, so be careful!
A final piece of “ribbon” for this task is to specify the various properties. View my other article on BigFix Task Properties.
And there we have it… If you look under the site you specified and “Fixlets and Tasks” you will see your task. It is unlikely that any of your endpoints have responded to your new task… therefore you may need to click the “Show Non-Relevant Content” button.
Now that you have the software distribution task created you can Activate it by following this guide.
For your convenience, here is a zip file containing the content covered in this article: http://dl.dropbox.com/u/41985632/Content/ScreenResolutionRuler.zip
If you have any questions or comments, please leave them below.
Visual Studio: Add Uninstall to Your Application
Posted in BigFix, Installation, Microsoft, Programming, Software, Visual Studio, tagged BigFix, Code, Microsoft, Programming, Relevance, Setup, Tivoli Endpoint Manager, Uninstall, Visual Studio on May 28, 2012 | 4 Comments »
First let me send a shout out to my reference for this little tidbit of information: How to add a Uninstall option in Visual Studio Setup project without writing code GoGoToTo created a very nice article on this. I simply expanded it further to include getting your application “registered” so within BigFix it will show up as one of the registered apps.
First View your File System so we can add the special folder “System”
If your application is x86, then we’ll want to add the msiexec.exe from the c:\windows\SysWow64 folder.
Left click to highlight the msiexec.exe file and in the properties window, adjust as indicated in the following image:
Next we’ll need to add a shortcut to the “User’s Program Menu”. In my example, I’ve created a sub-folder named after my application. Click that folder and in the right window, right-click and create a shortcut.
Navigate to the System Folder and select the msiexe.exe file.
Before we modify the shortcut’s properties, we’ll need to copy the ProductCode from the Setup Application Properties.
Using that ProductCode, modify the shortcut’s properties as follows:
Now we get to register our application… Open the Registry View.
Under HKEY_LOCAL_MACHINE add the following sub-keys:
Microsoft\Windows\CurrentVersion\App Paths\[name of your exe]
Remember to specify the last key to “DeleteAtUninstall” = True
Add the following 2 string values with the values as shown.
That’s it. You now have an uninstall link that will be created upon installation of your app. You will also have your application properly “registered” so BigFix can properly detect it.
-
Tags
Twitter Feed
- Students can't resist distraction for two minutes ... and neither can you: Are gadgets making us dumber?... nbcnews.to/1101dKk #News 2 days ago
- Update: IBM Endpoint Manager Mobile App ibm.co/19ADjV3 #BigFix #IBM 4 days ago
- Update: SCM Reporting - Import Windows SCAP Content Wizard ibm.co/17BoR2C #BigFix #IBM 4 days ago
- May 2013 Patch Tuesday Content Release Update (2 of 2) ibm.co/148yf9K #BigFix #IBM 4 days ago
- #Tivoli #BigFix May 2013 Patch Tuesday Content Release Update (2 of 2) ibm.co/148yf9K 4 days ago
Flickr Photos
More Photos
