Categories
Homebrew WODs

2016.09.06 – Shoulder Blaster

Accessory:

  • 3×10 Dumbbell Side Raises (10#)
  • 3×10 Dumbbell Front Raises (15#)
  • 4×10 Seated Dumbbell Shoulder Presses (20-30-40-45#)
  • 6×10 Strict Pull-Ups (bodyweight, 6-10 reps, to failure, absolutely no kip)
  • 5×10 Reverse Cable Crossover (30-40#, 8-10 reps, try to keep weight even in feet, don’t lean back)

Metcon:

Long Annie
3 Rounds, NOT for time (sit-ups will slow you down, take your time and save your back)

  • 50 Double Unders
  • 50 Incline Sit-Ups

Conditioning:

Rowling
5 Frames @ 150 meters

  • Every meter over/under 150, add up and do 2x Burpee penalty
Categories
Information Technology

A romp through installing SCVMM 2016 Tech Preview

Another “brain-purge” blog post. Please please please do these things in this order or you will want to kill yourself. SCVMM’s pre-requisite check does a decent job at identifying certain things missing on the server, but it fails miserably at checking the things you can potentially waste a lot of time on. So here is a quick recap:

  1. If you’re installing this onto a VM, you should probably give it a good amount of RAM and at least 2 cores.
  2. Install .NET 3.5 first. You probably need to mount the server ISO and install from D:\Sources\sxs
  3. Restart the server. Just do it. Trust me.
  4. Install a version of SQL Server that isn’t Express. SCVMM won’t tell you this until halfway thru the install, so again, save yourself the time.
  5. Create an AD service account. I believe it has to be an actual User object, not one of those new-fangled “Managed Service Accounts” that debuted in Windows 7 + 2008 R2. Add it as a local admin to the SCVMM machine.
  6. Install SCVMM.
  7. Wait awhile.

More info here: https://blogs.technet.microsoft.com/kevinholman/2013/10/18/scvmm-2012-r2-quickstart-deployment-guide/

Categories
Information Technology

Office 365 + Importing PST Files

I have yet to try this myself, but I figured a single, documented location for this process should be somewhere on the interwebs:

  • PST Capture – Microsoft-developed tool for scanning your network and computers for PST files: https://technet.microsoft.com/en-us/library/hh781034(v=exchg.141).aspx
  • AzCopy – Import PST files directly into Azure Storage Explorer and run PowerShell script against mailboxes to import: https://www.reddit.com/r/sysadmin/comments/45ga6y/microsoft_utility_pst_capture_will_scan_your/czxuxeo
Categories
Information Technology

Cryptolocker FSRM Template Scripts

Nothing fancy… but I decided to whip together some scripts to make my FSRM file screen templates easier to install.

Server 2012 and Up:

New-FsrmFileGroup -Name "Cryptolocker 20160314" –IncludePattern @("_Locky_recover_instructions.txt","DECRYPT_INSTRUCTIONS.TXT","DECRYPT_INSTRUCTIONS.HTML","DECRYPT_INSTRUCTION.TXT","DECRYPT_INSTRUCTION.HTML","HELP_DECRYPT.TXT","HELP_DECRYPT.HTML","DecryptAllFiles.txt","enc_files.txt","HowDecrypt.txt","How_Decrypt.txt","How_Decrypt.html","HELP_TO_DECRYPT_YOUR_FILES.txt","HELP_RESTORE_FILES.txt","HELP_TO_SAVE_FILES.txt","restore_files*.txt","restore_files.txt","RECOVERY_KEY.TXT","how to decrypt aes files.lnk","HELP_DECRYPT.PNG","HELP_DECRYPT.lnk","DecryptAllFiles*.txt","Decrypt.exe","ATTENTION!!!.txt","AllFilesAreLocked*.bmp","MESSAGE.txt","*.locky","*.ezz","*.ecc","*.exx","*.7z.encrypted","*.ctbl","*.encrypted","*.aaa","*.xtbl","*.abc","*.JUST","*.EnCiPhErEd","*.cryptolocker","*.micro","*.cryptotorlocker*","*.frtrss","*.vault","*want your files back.*","confirmation.key","cryptolocker.*","*decrypt_instruct*","*help_decrypt*","help_restore*.*","how to decrypt*.*","how_to_decrypt*","how_to_recover*","howtodecrypt*","install_tor*.*","last_chance.txt","recovery_file.txt","vault.hta","vault.key","vault.txt","HOW_TO_RECOVER_FILES.*","HELP_YOUR_FILES*","*.zzz","*.xyz","*.ccc","*.vvv","*.xxx","*.ttt","*.locked","*.crypto","_crypt","*.crinf","*.r5a","*.XRNT","*.crypt","*.R16M01D05","*.pzdc","*.good","*.LOL!","*.OMG!","*.RDM","*.RRK","*.encryptedRSA","*.crjoker","*.LeChiffre","*.keybtc@inbox_com","*.0x0","*.bleep","*.1999","*.HA3","*.toxcrypt","*.magic","*.SUPERCRYPT","*.CTB2","HELPDECRYPT.TXT","HELP_YOUR_FILES.TXT","HELP_RECOVER_FILES.txt","INSTRUCCIONES_DESCIFRADO.TXT","How_To_Recover_Files.txt","YOUR_FILES.HTML","YOUR_FILES.url","encryptor_raas_readme_liesmich.txt","HOW_TO_DECRYPT_FILES.TXT","ReadDecryptFilesHere.txt","Coin.Locker.txt","_secret_code.txt","About_Files.txt","Read.txt","ReadMe.txt","DECRYPT_ReadMe.TXT","FILESAREGONE.TXT","IAMREADYTOPAY.TXT","HELLOTHERE.TXT","READTHISNOW!!!.TXT","SECRETIDHERE.KEY","IHAVEYOURSECRET.KEY","SECRET.KEY","HELPDECYPRT_YOUR_FILES.HTML","help_decrypt_your_files.html","RECOVERY_FILES.txt","RECOVERY_FILE*.txt","HowtoRESTORE_FILES.txt","howto_recover_file.txt","restorefiles.txt","howrecover+*.txt","_how_recover.txt","recoveryfile*.txt","recoverfile*.txt","Howto_Restore_FILES.TXT","help_recover_instructions+*.txt")

Server 2008 and 2008 R2:

filescrn filegroup add /filegroup"CRYPTO2016" /members"_Locky_recover_instructions.txt|DECRYPT_INSTRUCTIONS.TXT|DECRYPT_INSTRUCTIONS.HTML|DECRYPT_INSTRUCTION.TXT|DECRYPT_INSTRUCTION.HTML|HELP_DECRYPT.TXT|HELP_DECRYPT.HTML|DecryptAllFiles.txt|enc_files.txt|HowDecrypt.txt|How_Decrypt.txt|How_Decrypt.html|HELP_TO_DECRYPT_YOUR_FILES.txt|HELP_RESTORE_FILES.txt|HELP_TO_SAVE_FILES.txt|restore_files*.txt|restore_files.txt|RECOVERY_KEY.TXT|how to decrypt aes files.lnk|HELP_DECRYPT.PNG|HELP_DECRYPT.lnk|DecryptAllFiles*.txt|Decrypt.exe|ATTENTION!!!.txt|AllFilesAreLocked*.bmp|MESSAGE.txt|*.locky|*.ezz|*.ecc|*.exx|*.7z.encrypted|*.ctbl|*.encrypted|*.aaa|*.xtbl|*.abc|*.JUST|*.EnCiPhErEd|*.cryptolocker|*.micro|*.cryptotorlocker*|*.frtrss|*.vault|*want your files back.*|confirmation.key|cryptolocker.*|*decrypt_instruct*|*help_decrypt*|help_restore*.*|how to decrypt*.*|how_to_decrypt*|how_to_recover*|howtodecrypt*|install_tor*.*|last_chance.txt|recovery_file.txt|vault.hta|vault.key|vault.txt|HOW_TO_RECOVER_FILES.*|HELP_YOUR_FILES*|*.zzz|*.xyz|*.ccc|*.vvv|*.xxx|*.ttt|*.locked|*.crypto|_crypt|*.crinf|*.r5a|*.XRNT|*.crypt|*.R16M01D05|*.pzdc|*.good|*.LOL!|*.OMG!|*.RDM|*.RRK|*.encryptedRSA|*.crjoker|*.LeChiffre|*.keybtc@inbox_com|*.0x0|*.bleep|*.1999|*.HA3|*.toxcrypt|*.magic|*.SUPERCRYPT|*.CTB2|HELPDECRYPT.TXT|HELP_YOUR_FILES.TXT|HELP_RECOVER_FILES.txt|INSTRUCCIONES_DESCIFRADO.TXT|How_To_Recover_Files.txt|YOUR_FILES.HTML|YOUR_FILES.url|encryptor_raas_readme_liesmich.txt|HOW_TO_DECRYPT_FILES.TXT|ReadDecryptFilesHere.txt|Coin.Locker.txt|_secret_code.txt|About_Files.txt|Read.txt|ReadMe.txt|DECRYPT_ReadMe.TXT|FILESAREGONE.TXT|IAMREADYTOPAY.TXT|HELLOTHERE.TXT|READTHISNOW!!!.TXT|SECRETIDHERE.KEY|IHAVEYOURSECRET.KEY|SECRET.KEY|HELPDECYPRT_YOUR_FILES.HTML|help_decrypt_your_files.html|RECOVERY_FILES.txt|RECOVERY_FILE*.txt|HowtoRESTORE_FILES.txt|howto_recover_file.txt|restorefiles.txt|howrecover+*.txt|_how_recover.txt|recoveryfile*.txt|recoverfile*.txt|Howto_Restore_FILES.TXT|help_recover_instructions+*.txt"
Categories
Information Technology

How to get your Chromecast to work with Popcorn Time again

Yes, I use Popcorn Time, specifically whatever the latest “clean” Community build is from /r/PopCornTime. It works great for TV shows I missed and other things…

When I recently moved, setup my new WIFI SSID, and reconfigured my Chromecasts, I decided to rename them based on what room they were in. We decided on using the first initials of our first names and then the room it was in (ex: E&S Bedroom). Everything continued to work just fine when I casted to them: YouTube from my iPhone, Chrome tabs from my Macbook or Windows laptops, Spotify…

…except Popcorn Time

Why? I literally tried every build possible (old and new) with no hope. Did Chrome block the AppID or something? The Chromecast devices show up in the little drop-down menu! No errors were being spit out by app or the Chromecast. Doing some Googlein’g didn’t help either. No one had this specific problem… but one person did have an issue with his Android phone, his Android build of Popcorn Time, and his Chromecast with an “apostrophe” in its name.

Oh my god. Are you kidding me?! Popcorn Time isn’t parsing the string name correctly and I guess wasn’t escaping out the & in the E&S name.

Removed the & and boom… working again.

Categories
Information Technology

Intel NUC NUC5CPYH: An Adventure with WDS, USB 3.0, and Windows 7

Another day, another hiccup in the usually amazing procedure of using WDS for quick mass deployments of OS images. Today’s annoyance comes courtesy of using an Intel NUC that only has USB 3.0 ports and no way to force them into USB 2.0 mode. Why is this an issue? Because after deploying a Windows 7 image via WDS and PXE, you’re left with the Setup Windows screen uncontrollable via keyboard or mouse.

Erm……

This is a documented and well-known issue with the Intel NUC NUC5CPYH. As a matter of fact, for fresh installs of Windows 7 (via USB), there’s an official Intel tool that will modify the setup files to alleviate your pain. Very nice. If you want to go the manual route, there’s also tutorials to do that as well.

But what about us Sysadmins who want to use WDS? I’ve had wonky results with using the WDS console to add USB 3.0 drivers for PnP install at setup. I finally decided to just mount the specific image with DISM and inject the drivers myself to force the issue. There’s actually 2 sets of drivers to install: one for a virtual hub and one for the actual USB 3.0 ports itself. But beware! You can’t just grab the smaller .WIM file you think you would want to modify. You first must export from WDS to generate a catalog and resource file to get an injectable .WIM

  1. In the WDS console, find the install image you want to inject the drivers into and export it somewhere. Right-click and export… In this example, I’m going to call it “biz-usb3.wim
  2. Download the USB 3.0 drivers from Intel’s site
  3. Extract the drivers, specifically HCSwitch and Win7, to a folder called usb3. Move the usb3 folder into the same place your biz-usb3.wim is located.
  4. Create a temporary mount location for your .wim image to be manipulated in. Make a folder and call it mount.
  5. Open an admin CMD console and CD into the directory where your biz-usb3.wim, mount, and usb3 folder are located.
  6. Mount the biz-usb3.wim image using DISM: dism /mount-wim /wimfile:"biz-usb3.wim" /index:1 /mountdir:"mount"
  7. After the mounting is complete, inject the drivers: dism /image:"mount" /add-driver /driver:"usb3" /recurse
  8. Save changes to the image: dism /unmount-wim /mountdir:"mount" /commit
  9. Import the .wim back into WDS and name it whatever you want. Now would be a good time to disable the old image to make sure you don’t confuse them during deployment. You can delete if you want, but I find disabling prevents any accidental screw-ups from happening. Plus, the delta should only be a few megabytes, so no need to stress about storage (more on this below).

If all was done correctly, you should be able to PXE boot or whatever into your WDS server and deploy the Windows 7 image to the NUC with USB 3.0 drivers enabled. For what it’s worth, there isn’t much of a difference going on here from the original tutorial; I’m just using similar steps to edit a WDS image instead of a raw Windows 7 install image. The only extra step is exporting the .WIM from WDS to generate a resource catalog.

A few gotchas:

  • If upon PXE booting you see 2x the new image listed, don’t panic. You probably just did all your work in WDS’s image folder itself. This isn’t a bad thing, just kind of sloppy. I would recommend deleting the larger of the two .WIM files (in this example, biz-usb3.wim). The imported one automatically was diff’d and only the delta is stored. WDS is smart enough to not waste gigabytes of space when the base image already has 99% of the stuff you need.
Categories
Information Technology

Failover Cluster Validation Hiccups (Or: How to Be a Network Cable Detective)

I don’t get to spend a lot of time at my current company’s offsite DR location. I’m currently building the cluster stack from the ground up, mimicking our production environment almost 1:1. Other than a shittier SAN and one less server in the cluster, the specs are just about the same. The problem is getting it all up and running with what little time I have on location.

Yesterday, I spent a good portion of my time on-site cleaning up some wiring and getting my Hyper-V servers ready to be clustered remotely. Switches were on the correct management VLAN, iDRAC access was working smoothly, everything else should be able to be handled from my desk or laptop in a different ZIP code. Cool.

So today, I plop myself down at my desk, RDP into both Hyper-V nodes, and begin the Failover Cluster wizard. And so my troubles began:

NODE1 - iSCSI1 cannot communicate with NODE2 - iSCSI1

That’s weird. Why would only one set of my iSCSI NICs not see each other? (I have two Quad Port NICs on each server; Intel and Broadcom). After some PING’ing out of specific interfaces, the only conclusion I could come to was I crossed a patch cable somewhere (or worse yet, didn’t click it in all the way!). That would absolutely suck – I would have to drive back out there just to plug a stupid network cable in? Complete waste of a day. Unless….

I popped open the switch’s config and dumped out which ports had jumbo packets detected on their connection. “Spaced” out correctly were 4 ports, 2 for each server, showing 9216 byte frame sizes. Perfect! The cables are plugged in and now I know which ports they’re actually on. Could I really have been so foolish and forgotten to untag those ports for my iSCSI VLAN? No way…

Yup. That was it. Something so simple. Validation passed and I moved on with my life.

So, lessons learned:

  1. Always make sure your switches are manageable offsite.
  2. Always document your switchport usage somewhere (Wiki, JIRA ticket, whatever). I have a small environment where I could visualize what was what. Coupled with my jumbo frame detective work, I was able to figure this one out.
  3. Bonus Lesson: Always make sure you have your iDRAC / out-of-band management working before you leave. You cannot rely on RDP, especially when fixing wonky network settings on switches and clusters. Things will absolutely drop!
Categories
CrossFit

CrossFitters, Do We (Literally) Drink the Kool Aid?

This isn’t news to most people in the bodybuilding and supplement world, but Progenex, the CrossFit “endorsed” (or whatever) supplement company that you see plastered all over the Games, ECC’s, and other events, is the token protein company most boxes seem to push these days. Now, let me be clear, HQ does not and never will tell an Affiliate what merch they must sell – that’s not the way of HQ’s Libertarian modus operandi. But when a box can get a hookup with a local Progenex rep and make a decent commission and markup on moving protein in shiny silver bags, why wouldn’t they?

Honest disclosure: until this afternoon, I was a huge fan of Progenex. It’s tasty, it’s thick, it’s chocolate and peanut butter. Who doesn’t love that?! I’ve gone back and forth between Progenex and Strengthlete (a locally owned supplement company) for the past year and have seen great results from both… but for whatever reason, Progenex has been landing me on the porcelain more often than anything else (‘ll save you the gory details).

To the ignorant, whey protein = milk, so thus whey protein + bathroom = lactose intolerance reaction. Makes sense, right? Whey is derived from milk curds, so you’re obviously going to have a poor reaction.

False.

The sugars that cause your toilet-terrors when you’re lactose intolerant are so minimal in whey-derived protein that it won’t have any effect, so what’s going on here? I spent some time Googlin’ and there’s tons of pseudoscience and other hypothesis out there. You can read all about them yourself, but I found an interesting article from JaktRX that set me off on anther direction.

The gist of the Progenex scandal can be read here, but I’ll try to summarize below as much as possible.

Apparently, Progenex changed formulas quite a few years ago after its founder, Dr. Scott Connelly, was bought out by (criminal) Adam Zuckerman and other investors. To increase their margins, they dumped Dr. Connelly’s formula (which apparently was revolutionary) and switched to lower-grade stuff.

So what does this all mean for my wallet and my tummy? Well, I certainly won’t be using Progenex anymore. I know a few people who swear by it and probably won’t be swayed from these facts. That’s fine, if their getting their protein and carbs from Progenex protein and IIFYM, cool. Probably will try JaktRX and continue to use Strengthlete’s two offerings. Fingers crossed!

Categories
Information Technology

WDS + Windows 7 + Windows 10 Installer Files = Kill Me

I was having issues getting a desktop to install updates recently from my company’s WSUS server. Being that I was in a time crunch and needed these updates installed within the next 24 hours, I decided to take the desktop off the domain and grab the Windows Updates directly over the internet from Microsoft.

Spoiler Alert: This was a terrible idea.

Fast forward to the next day. Updates are downloaded, installed, and the machine is ready to be sysprep’d for WDS. I finish up a few last software tweaks and capture the image via PXE boot + WDS. Everything goes smoothly and the .WIM file is appearing on my WDS server. Hooray! Let’s start pushing this out to a few machines.

WDS: Windows cannot install required files. Make sure all files required for installation are available, and restart the installation.

What?

What does that even mean? I do a WDS service restart just to make sure I’m not losing my marbles, but I keep getting the same, nonsensical error. After Google was consulted, the only information I could find was from January concerning a WinPE image source sitting in a hidden folder on the C: drive.

Wait… C:\$WINDOWS.~BT … why does that sound familiar? Oh that’s right, it’s the directory Microsoft has been pushing Windows 10 install files to! When I walked away the night before after taking the machine off the domain, it had grabbed the update from Microsoft. Show Hidden Files was off by default, so I never even saw the directory!

OK, so easy-peasy fix. Pop open ImageX or DISM and let’s mount the .WIM and trash that directory.

The specified image file did not contain a resource section.

What?

Ugh… of course, I need to export the .WIM out of WDS first, then mount, make my changes, and commit.

dism /Mount-Image /ImageFile:"exported_image.wim" /index:1 /mountdir:"C:\mount_wim"

Trashed the C:\$WINDOWS.~BT directory and imported back into WDS. Full steam ahead!

Dism /Commit-Image /MountDir:"C:\mount_wim"

This is a real pain in the neck, though. There’s no clear way to block Windows 10 from installing its slimy files on your box. Some people have suggested blocking it at the firewall, but I’m sure Microsoft’s CDN will wreck havoc on that idea. I guess I should have never taken the machine off the domain!