Windows 10 Insider Preview: Moved Data Folder

I wanted to try the recently announced Windows 10 Bash prompt aka Windows Subsystem for Linux.

To do this I changed my Windows Update settings to the Fast Ring and next day I received a pretty big Windows Update. I was then able to enable Windows Subsystem for Linux from Windows Features section. However the next day when I went to start VMware Workstation it complained that my VMs were gone. To my horror my C:\Data\Virtual Machines folder was missing, and in its place was something called SharedData which contained some empty sub-folders..

I noticed a Windows.old in my folder and sure enough, my original C:\Data folder along with all sub-folders including Virtual Machines was in there. I moved it back to C:\Data but it will be interesting to see if Windows decides to allow it to stay there. I’ll be sure to back it up regularly.

Installing CyanogenMod 12 (Lollipop) on My Samsung Galaxy S5

This was surprisingly easy to do:

1. Root the Phone

This was made simple thanks to Towel Root. Please see https://towelroot.com/ for this easy to use utility. Afterwards you can confirm that your phone is properly rooted using Root Checker.

2. Install a Custom Recovery

Once rooted this was too easy. Install TWRP Manager making sure to install BusyBox if required. TWRP Manager will manage everything so just follow the instructions and you’ll be good to go. If you get any BusyBox errors fret not, install the supported Stericson BusyBox.

3. Backups!

There’s no tool like Titanium Backup. Install it, buy the Pro key, and back up your user apps and data. Later in Restore Apps & Data you will be able to quickly restore your apps and their config data saving you countless hours of tedious effort. It will also back up and restore your Hangouts/SMS messages.

But possibly more important than backing up your apps & data is making a nandroid backup of your original system. This will allow you to restore your phone to its pre-CyanogenMod state, Samsung’s infamous KNOX warranty bit notwithstanding. Simply reboot to recovery by powering down your phone then powering it up by holding down the power button, home screen button, AND volume up at the same time until the Samsung logo appears. Then select Backup and select what you want to back up. I recommend Boot, System, Data, EFS, and Modem. Once the backup is complete, make sure you copy the files off your phone onto a PC.

Important: both of these backups should go to the SD card so they can be restored later if need be.

I also recommend connecting your phone to your PC and manually backing up photos, videos, etc. These are NOT captured in the above backups. Note that your external SD card will not be affected by the upcoming erase and flash operations unless you do something really goofy.

4. Download the Files

The latest CyanogenMod 12 files are located here. Select the latest Nightly build but understand the risks in doing so. As of this writing there is nothing more stable than Nightly builds but eventually there should be something better.

You will also need the Google Apps package which will allow you to use the Play Store etc.

These two ZIP files should be saved to your external SD card. I use a folder called ROMs for anything I might want to flash.

Flash the Phone

Now that you’re all backed up and no longer afraid to lose anything on your phone, it’s time to leave TouchWiz. Boot into recovery. From here you should do a Wipe/Factory Reset, then select Install. Navigate to your ZIP files and first add the CM12 file followed by the Google Apps file, then flash them. This shouldn’t take very long and once it’s finished, clear the Dalvik cache when you get the chance. Then reboot into CyanogenMod and configure your new phone.

Warning: make sure you have a fully charged battery. The last thing you want is for the battery to exhaust itself in the middle of a flash…

Restore Apps & Data

If you choose to allow it when initially setting up your new phone OS, CM12 will start re-installing your apps. If Titanium Backup was not installed then install it. After launching it you can select Restore and select which apps and/or data to restore. If your apps were automatically re-installed for you then you only need to restore their data.

This restore process works very nicely and allows you to quickly restore your applications’ states without having to manually reconfigure them one by one.

Active Directory FSMO Errors

Today while trying to demote a domain controller I received an error:

The directory services is missing mandatory configuration information, and is unable to determine the ownership of floating single-master operation roles.

Running dcdiag /v yielded an error like the following:

Ownership of the following FSMO role is set to a server which is deleted or does not exist. Operations which require contacting a FSMO operation master will fail until this condition is corrected. FSMO Role: CN=Infrastructure,DC=DomainDnsZones,DC=mydomain,DC=local FSMO Server DN: CN=NTDS SettingsADEL:464a6261-2c82-4ac1-b2b2-144d2e5e1b74,CN=SOMEOLDSERVERADEL:27fa192a-1f79-4a62-9557-d14ce99406d9,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=local User Action: 1. Determine which server should hold the role in question. 2. Configuration view may be out of date. If the server in question has been promoted recently, verify that the Configuration partition has replicated from the new server recently. If the server in question has been demoted recently and the role transferred, verify that this server has replicated the partition (containing the latest role ownership) lately. 3. Determine whether the role is set properly on the FSMO role holder server. If the role is not set, utilize NTDSUTIL.EXE to transfer or seize the role. This may be done using the steps provided in KB articles 255504 and 324801 on http://support.microsoft.com. 4. Verify that replication of the FSMO partition between the FSMO role holder server and this server is occurring successfully. 

The SOMEOLDSERVER reference in the above was indeed an old server that died long ago. Since I thought I followed all the proper instructions for removing a dead domain controller I was surprised to see this was lurking in the metadata after all these years. Much research identified excellent posts and discussions including http://goo.gl/yXSbe3 and http://goo.gl/WEgj8o, the latter of which pointed me to a VB script in http://support.microsoft.com/kb/949257/en-us that when run against DC=DomainDnsZones,DC=mydomain,DC=local (from the output above) corrected the error and subsequently allowed the DCPROMO to run successfully. I hope this post helps save someone the couple of hours of struggling I went through.

Windows Installation from USB Key

I was installing Windows 7 to a fresh hard disk from a bootable USB. When selecting the disk/partition onto which it should be installed I was met with an error about not being able to find a system partition. I followed several guides to no avail but eventually found the following instructions which worked perfectly:

  • Boot Windows installation from USB drive
  • Press Shift+F10
  • In console type diskpart.exe and press enter. In this program execute the following commands:
    • select disk=0
    • create partition primary
    • select partition=1
    • active
    • format fs=ntfs quick
    • assign drive=c
    • exit
  • Navigate to USB flash drive, in my case type: e: (could also be d: e.g. if you don’t have an optical drive)
  • xcopy e: c: /e /h /k
  • cd boot
  • bootsect /nt60 c:

Remove USB drive from computer and restart.
Install Windows as usual.

To remove the unnecessary menu item from the boot screen:

  • Run cmd.exe as Administrator
  • See boot menu list bcdedit
  • Find Windows Setup and copy identifier
  • Run bcdedit /delete {identifier}

Thanks to http://goo.gl/BXw5qR for their great guide!

VMware Workstation VMs Shutting Down Slowly?

I recently noticed that several of my VMware Workstation 10 VMs would take several minutes to power off after their OSes had shut down. The screen would go black until power was finally turned off to the VM.

I finally decided to search for suggestions and found this article which suggested adding the following entries to either individual .vmx files or (for Windows 7) the global config file located at C:ProgramDataVMwareVMware Workstationconfig.ini

prefvmx.minVmMemPct = "100"
mainMem.useNamedFile = "FALSE"
mainMem.partialLazySave = "FALSE"
mainMem.partialLazyRestore = "FALSE"

After restarting Workstation I can confirm that this change works! Thanks to the original author for posting this.

Using permanent_records Gem with ActiveRecord Session Store

I spent a couple hours pulling out hair when, after switching my Rails app from using the Cookie session store to the ActiveRecord session store, I could no longer log in without an arcane exception RecordNotSaved.

Searches on the web revealed no correlation between using the ActiveRecord session store with the permanent_records gem but stepping through the libraries with pry strongly suggested that calls to loaded? in a couple of Session callbacks should have returned true but didn’t because the record had been deleted thanks to permanent_record.

In the end the following quick monkey patch was all that was needed. Place this in config/initializers/session.rb and enjoy.

https://gist.github.com/slamotte/5589389

Enable Extra Mouse Buttons in Linux Guest VM (VMware)

It’s long bugged me that I was not able to use the extra mouse buttons (e.g. back) in my Linux VMs under VMware Workstation. Apparently it’s bugged a lot of others too because today after finally reaching my breaking point I did a quick search and found that manually adding a single line to your VM’s .vmx file will enable this missing functionality. Here’s the line, simply append it to your vmx file when your VM is powered down and restart:

mouse.vusb.enable = "TRUE"

I wish I’d hit my breaking point long ago and fixed this… Now my Kensington Expert Mouse is a first class Linux citizen in VMware.

Source of solution: http://goo.gl/zCYj6

Private Internet Access and pfSense

I’ve long been interested in using a VPN to access out-of-country content as well as to secure whatever nefarious activities that I may be up to. Not that I have anything to hide but it’s no one’s business what I do.

I’d toyed with Tor back when I installed Google Voice. It works but is dog slow. My interest in this subject was recently rekindled when I read this article. I found myself drawn to Private Internet Access (PIA) and it’s promises of low cost and unlimited bandwidth coupled with no throttling. I signed up for a monthly plan with the intention of either canceling it if I didn’t like it or switching to a full-year subscription if I did.

Signing up with PIA was easy enough. You can download client software that runs on your individual machines if you wish, but since I have a pfSense firewall, I knew I should be able to channel all traffic through PIA over VPN so I wouldn’t have to install any additional software. Here are the config steps for pfSense 2.0.1.

To start with though, make note of your current IP address as evidenced by http://ipchicken.com. We want to confirm that your IP actually changes when we’re all done.

pfSense Config Files

SSH to your pfSense server and cd to /etc. Create a file “openvpn-password.txt” with two lines, one for your PIA userid, the other for your password.

You also need to download this file from PIA and extract its ca.crt to /etc.

Set 0600 permissions on both of these files e.g. “chmod 0600 /etc/ca.crt”. You can exit SSH at this point.

Certificates

In pfSense’s webConfigurator, go to System and select Cert Manager. Add a new CA, call it something like “Internal CA” using method “Create an internal Certificate Authority”. Fill in the Distinguished Name pieces below as you see fit.

Now click on Certificates and add a new certificate using “Create an internal certificate”. Call it something like “OpenVPN” and select type “Certificate Authority”.

OpenVPN Service

Go to VPN, select OpenVPN and click the Client tab. Add a new client. Leave all defaults except the following:

  • Server host or address: enter your desired PIA host e.g. us-texas.privateinternetaccess.com
  • Check “Infinitely resolve server”
  • Give it a meaningful name e.g. “Private Internet Access OpenVPN”
  • Clear “TLS Authentication” check box
  • Make sure the CA and Cert you created are selected
  • Select “BF-CBC (128-bit)” for the encryption algorithm
  • Check “Compress tunnel packets using the LZO algorithm”
  • Enter the following for Advanced at the bottom:
auth-user-pass /etc/openvpn-password.txt
ca /etc/ca.crt

Click Save to write your config and the OpenVPN service should start. You can click the blue “S” just under the Help menu to confirm that its status is “up”. Also check the log (blue “L”) to make sure there aren’t any errors.

Enable Interface

Go to Interfaces and select (assign). Click the add button. A new entry called OPTn should appear with “ovpnc1” as the port. Click Save. Now you can enable your new interface. Go to Interfaces and select OPTn. Simply click Enable and Save. Note that you can rename the interface if you want to something like “VPN” but it’s not necessary.

Restart the OpenVPN service so everything is in sync. Go to Status and select Services, then click the restart button beside the OpenVPN service. Ensure that the OPTn gateway has an IP. Go to System: Routing and make sure the Gateway has an IP address.

Firewall Config

At this point the OpenVPN service is running but you aren’t using it. You may not even be able to access the Internet in this state. While there’s a lot you can do to tailor your firewall access, here’s a quick way to route all your outgoing traffic through your new VPN connection.

Go to Firewall and select NAT, then click the Outbound tab. Select any existing rules and delete them. Select the “Automatic” option at the top and click Save, then select “Manual” and click Save. You should see a new set of rules which you can activate by clicking Apply Changes.

There’s lots more that could be done to pfSense to tighten up your security but this is a starting point.

Defining Exceptions

One client of mine requires me to log in to their Cisco VPN. Unfortunately this does not work through the VPN connection I just set up. It’s easy to force connections to their VPN server over the WAN interface, bypassing our VPN, by defining a new route as follows:

  • Go to System and select Routing. Click Routes and create a new route.
  • Enter the IP address of the remote host, in this case my client’s VPN IP address. Make sure the WAN gateway is selected and enter an appropriate name.
  • Click Save then Apply Changes.

Attempts to connect to this IP address from any device on your network will bypass the VPN and go directly to that IP address. Too easy!

Test

At this point you should have all your traffic going through the PIA VPN. You can confirm this by refreshing your ipchicken screen which should now show a different IP address.

Final Thoughts

The biggest concern I had with using a VPN like this was the performance penalty. I used http://speedtest.net before and after and there’s certainly a considerable penalty to be paid, but it’s not as bad as I had feared. I have 100-megabit service and without the VPN connection realize a max throughput of about 93 Mbps. Running the same test WITH the VPN enabled cut that in half. Fortunately, 40+ Mbps is still plenty fast for most of my needs. I have to wonder if the fact that my pfSense is running as a virtual machine plays much of a role here since there’s a whole lot of encryption going on. Perhaps I’d be better off using dedicated hardware, but that’s an experiment for another day.

I may give a few other services a try to see if they offer improved throughput. So far though I am impressed with Private Internet Access.

NOTE: These instructions are for pfSense 1.2.3. For 2.X versions, please see the additional requirements in this article, specifically relating to a bug in older versions of pfSense. Please see the first quote there for more information.

VMware ESXi Corrupted iSCSI Datastore

Terrible scare yesterday. I rebooted my ESXi server, which hosts several critical systems, and ESXi didn’t recognize the iSCSI datastore. It could see the iSCSI LUN, but attempts to add it as a new datastore warned that all data would be destroyed. Backups were available but I’d rather have (a) found out what the problem was/why it occurred and (b) fixed the problem. So started my 12-hour learning process.

This all came about because I rebooted the host in an attempt to get new vNICs working under a VLAN. Yes, holidays are a great time to play and learn, it would seem. As a consultant, I should spend even more time doing this sort of thing.

So why couldn’t VMware mount the datastore? Did something happen to it? I tried all manner of fixes, including ultimately reconfiguring my host from scratch to wipe out any traces of the old datastore in the hope that some config was corrupted, but no go. The last resort, it would seem, would be to repartition the iSCSI LUN, which to me seemed a last-gasp effort. Since I was at that stage, I followed the following instructions:

esxcfg-scsidevs -c (take note of the disk device)
fdisk -l /dev/disks/t10.F405E46494C4540096D427739387D25525F4A5D245638787

Hmmm, this didn’t show “fb VMFS” like it should, but rather “SFS”. A quick search told me that this indicated a Windows dynamic disk. Uh oh… Rewinding a bit, a couple of weeks ago a Hyper-V Windows Server of mine had lost its iSCSI connection. The disk was there but it couldn’t access it. I saw that it was marked as, you guessed it, Dynamic! Does that mean everything is toast? I can only guess that ESXi saw the disk as VMFS since it was first created, and continued to access it as such even once Windows had marked it as dynamic. Since the Windows server didn’t really use it, odds are that the two didn’t interfere with each other except for the partition table.

Only one way to find out. I continued with the terrifying process of repartitioning the datastore:

fdisk /dev/disks/t10.F405E46494C4540096D427739387D25525F4A5D245638787
d (deletes the partition: gulp!)
n (create new partition)
p (make primary)
enter (accept default)
enter (accept default again)
t (change partition type)
fb (VMFS)
X (expert mode)
b (change beginning of partition)
1 (first partition)
128 (select secdtor)
W (write changes and exit: double gulp!)
vmkfstools -V (discover the VMFS)

At this point, in vShpere I did a Rescan on the Storage Adapters, and after clicking on Storage, to my amazement, my iSCSI datastore was there! I added my VMs to the inventory and started them up, and all was fine. Very cool.

To finish things off, I disconnected the LUN from that rogue Windows server and removed the LUN from OpenFiler so this can’t happen again. While it’s fine for different ESXi hsots to share a LUN, it’s clearly a bad idea for Windows and ESXi to try and play together…

VMware Workstation 7.1 and Ubuntu 10.10

Ever since my work computer’s hard disk crashed and I reinstalled VMware Workstation 7.1.2 on Ubuntu 10.10, I get an annoying dialog every time I start Workstation telling me that certain modules need to be compiled. The last, VMCI Sockets, always fails with a compiler error. Apparently the kernel in 10.10 breaks the compile. Here’s how to fix it:

wget http://www.debuntu.org/sites/www.debuntu.org/files/vmware-7.1-ubuntu10.10-patch-v2.tar_.gz
tar -xzvf vmware-7.1-ubuntu10.10-patch-v2.tar_.gz
cd vmware-7.1-ubuntu10.10-patch 
sudo sh ./apply_patch.sh

Sweet! Thanks to this site for the instructions.