Category Archives: Uncategorized

Home Networking – Archer C7 with OpenWRT and the Zoom 5370

So I’ve recently relocated for work, and have moved across the States for a bit 🙂

As part of the transition, I’ve had to get a new apartment, and took the opportunity to re-work my internet stack. I had a really poor experience with my last cable modem, the Motorola SB6141 – it kept rebooting every 45 minutes or so, and after reading numerous threads full of people having similar issues, I don’t think I was the only one – so I decided to jump ship on the Motorola modems and try something new.

I found the Zoom 5370 after I had used the older model to replace my failing SB6141 at my previous residence. I don’t *need* the extra overhead (The model I just bought is 16×4 channels instead of 8×4) as my plan will likely be one of the lower service tiers to keep cost down, but I figured I’d get it anyway to future-proof my purchase 🙂

So far, the modem has been spectacular! It’s the stability I’ve come to know and love from the Zoom modems, at a price point that’s competitive. It reminds me of what I *used* to know the Motorola Surfboards for, it’s just a bit of a jump for a lot of people who had come to trust the Motorola brand. I *highly* recommend giving this a shot if you’re in the market for something new and have a supported cable provider (Comcast or Time Warner I can personally vouch for, not sure who else this works with).

Beyond that, I went with a router that I’ve had a great experience with before, the TP-Link Archer C7. While the last time I bought this and used it I kept the stock firmware on there, I decided that this time I was going to flash it with OpenWRT and use that, despite the fact that there is a known slowdown from WAN -> LAN ports. I followed these instructions, which were spot on but used a different TFTP server as I was doing this from a windows box.

After the first flash attempt, the router never successfully rebooted. I saw the successful transfer of the OpenWRT firmware, but then things kinda stopped. It would reboot, but instead of coming back up fully, I’d just get the power light, and the single ethernet port light that my cable was plugged into. The TFTP firmware update method worked like a charm, despite it looking like I had just bricked my brand new router, and I was able to use that same process to get the stock TP-Link firmware back up and running :). I was disappointed that things didn’t work the first try, I was  but I was determined to make this work.

After a frustrating few hours, I finally got fed up with trying every stable version OpenWRT (Most recent version is Chaos Calmer 15.05.1) or DD-WRT (I tried these just in case) and went off to download a nightly build of OpenWRT. To my amazement, it loaded and worked the very first time! Of course, I had to ssh to the router and install LuCI, the OpenWRT GUI, but otherwise the setup was flawless. Had I read the ‘notes’ in the Quickstart Guide on the OpenWRT wiki first, I would have seen that newer versions of the Archer C7 have a new flash chip that requires a nightly build of OpenWRT, instead of the most recent ‘stable’ build. Live and learn I guess 🙂

Oh, one last thing! To get 5ghz WiFi working you’ll also need to install the ath10k drivers and firmware. You can do it via SSH by typing:

opkg update && opkg install kmod-ath10k ath10k-firmware-qca988x

Or by installing the two packages – kmod-ath10k and ath10k-firmware-qca988x – from the LuCI GUI in the admin console, then rebooting.

Just thought I’d post and get some good info out there as a google search during my unsuccessful flashing didn’t yield any meaningful results. If your TP-Link Archer C7 isn’t rebooting properly after a flash with OpenWRT, at least you’ll know what’s up 🙂

On ‘the cloud’ – Why sometimes it just doesn’t add up

I got back from TechEd last week and had an absolute blast! The Cireson team and I set up an amazing booth, had some excellent presentations from some of our partners, and we, as a company, got to do some team building for the first time ever! Nothing like being able to shoot your coworkers with paintballs to build team spirit 🙂 I think I only cursed out my boss, oh, 100 times or so. Thankfully, I’m still employed.

Of course, Microsoft’s big theme this year was ‘Cloud.’ It was Azure this, or Office 365 that, or “look what you can do with our cloud” again and again and again. Microsoft’s ‘hard’ tools, including a good chunk of the System Center suite, was left to play second fiddle to whatever was being offered via a cloud subscription model.

Now, I’m not outright opposed to the cloud, at all. I think there’s some awesome uses for it, but I had some really interesting conversations with a few people, and did some research of my own, that really puts the whole cloud vision in perspective – and I think it’s perspective worth sharing.

One of our developers lives in New Zealand and loves it. When he wasn’t being the butt end of one of our jokes (“Hey, whose that guy with an Australian accent over there!”), he and I had some awesome conversations about food, life, and of course, technology.

Somehow, the topic of internet access came up, and I expressed my love for my 100mbps down/ 5 mbps up connection that I get here in Baltimore, for a decent price. My Kiwi friend’s jaw nearly dropped. His connection, and keep in mind he’s one of our developers, is 500k down, who knows what/up, and is capped at 5GB per month. Sure, I get it, he’s on an island, but New Zealand is far from isolated compared to some of the markets Microsoft wants to get into, and if you’re using a cloud solution for resources, I can see that not only will your connection be spotty on a 500k link, but you’re apt to run up to that 5GB bandwidth cap really quickly! I’m sure businesses in NZ have better connections than a lowly developer, but putting all your eggs in a ‘cloud’ basket seems like a rather expensive, and potentially slow or limited, solution to your IT needs. It’s especially terrifying as we see Microsoft move more of their offerings to cloud only (PowerBI anyone?) with no on-premise solution.

Let’s head to another island, this time, one rather well connected, Great Britain. Another one of my co-workers, the ever-so-talented Shaun Laughton, happens to live on this very island! He joined in on this conversation and lamented his own internet situation – that he can see his local telecom box from his house, and yet his internet speed was only moderate at best, expensive, and had a data cap. If he lived in a major city, say London (where Google happens to have a massive campus with super-fast internet) then internet access would be cheap, fast, and without a cap.

This scenario isn’t uncommon and puts cloud solutions in a really interesting situation. For people in very well connected areas (read: Urban, 1st world) then cloud makes some sense. Why own the infrastructure when someone else can do it for you, and then just lease the time and resources you need? In this same instance, Microsoft’s own direction makes a lot of sense, as they are positioned to provide the *best* platform for their products in the cloud, and can really benefit from the subscription licencing model – hopefully attracting smaller customers with more reasonable, monthly or annual pricing.

As soon as you leave one of those major cities however, this plan breaks down. Who is going to depend on a cloud service when it’s going to eat at their monthly data cap, and even then, not be accessible nearly as fast as a local server or instance of a software application would be? For these customers, not only does the cloud not make sense from a costing perspective (as relying on it would require multiple, redundant, unlimited, internet lines, likely costing a fortune themselves) but their users are far less likely to have reasonable access to high-bandwidth connections from outside the office, thereby breaking down the ‘work anywhere’ principles that cloud relies on.

One final example that I thought was really interesting comes from my own situation. I currently reside in good ole’ Baltimore, MD. I’m therefore conveniently positioned in the densely populated ‘Northeast Corridor’ of the USA that spans from Boston, MA down to Washington D.C. This area of the USA boasts the most dense concentration of transportation infrastructure in the States, both physical and telecom. I have the luxury of fast internet at a reasonable price, and if I really wanted to, I could hop on over to a University library and get on the Internet-2 bandwagon for some really insane speeds.

Recently, I’ve been having issues with my Data Warehouse for SCSM remaining intact on my laptop lab. I’m sure it’s a case of too many reboots and restarts, too many ups, then downs, and so it’s had me looking at setting up a more permanent lab somewhere that isn’t on my laptop. I started looking at cloud solutions because hey, why not! Everyone’s doing it, it’s got to be cost effective… right?

Azure (US East, USD):

1, Medium (A2) Basic Instance Annual cost: $110/month = ~$1300/year

I’m going to cheap out, but let’s say I go with a Medium (A2) instance for my SCSM server. On that single server, I could toss the SCSM Workflow Server and a SQL Standard instance. It would be stupid to do, since an A2 instance only gets me 2 cores and 3.5Gb RAM, but I’m trying to keep costs low. Right. So that’s just one server, let’s scale up a bit.

1, Medium (A2) Basic Instance Annual Cost: $110/month = ~$1300/year

1, Large (A3) Basic Instance Annual Cost: $219/month = ~$2628/year

Alright, now I’ve got a large instance for my SCSM DW server, and the medium one for my Workflow server. I’m looking at almost $4000 USD a year to run two servers. This doesn’t even start to include an SCCM Server, Domain Controller (Though I think Azure has other services in play for that) or any client machines or servers for hosting demo web-portals. Wowza.

Amazon (US East, USD):

1, m3.large Instance Annual Cost: $197/month = ~$2365/year

Now this isn’t exactly apples to apples, since this m3.large instance has 7.5Gb RAM and can flex up to 6.5 ‘Elastic CPUs’, but humor me here. Double that for two servers, like above, and we’re at about $4700 a year to run two instances of this, again, with no additional machines for clients or other servers. Oh yea, and if you don’t have licenses for the MSFT software, good luck (Thankfully I have MSDN, phew!).

So, imagine I’m not even paying for my internet access here at home, it’s still a lot of money to use cloud services for a small guy like me, running an instance 24/7. What’s my alternative? Well, it is, of course, my favorite – do it yourself!

I priced out a rough machine that would do what I wanted from a hardware perspective:

1, Supermicro MBD-H8DCL-6F-O – $360

1, AMD Opteron 4386 8 core, 3.1 GHZ – $350

64GB Kingston RAM – $670

1, 1TB Samsung SSD, $470

Case, power supply, and other things: $250

Total hardware cost: $2100

Now let’s factor in power – I tried to do this with a pretty low power requirements, but I’m going to estimate on the high end.

600 Watts * .12 per kWh * 24 hours/day  = $52 per month = ~$630 per year

So for a total cost of $2730 in the first year, and $630 every year thereafter, I can have a server that can run an entire lab of VM’s (I’ve got 13 running on my laptop right now with 4 cores and 32GB RAM – this server could double that easily). There’s no point in me going to the cloud, at all.

The cloud may be the future, but the future isn’t now, at least not for everyone. Thankfully, Microsoft hasn’t totally killed off their on-premise solutions yet. Let’s just hope they don’t get around to doing that for a long, long time.

Java 7u51 – System Wide Exception Site List

I recieved a visit from a co-worker the other morning informing me that Java updates had broken his software. He wasn’t too upset, which was nice, but we needed to figure out what went wrong.

As it turns out, Java 7u51 introduced some new security features (yay!) but unless programs using Java applets had applied security certificates to their applications, Java would flag them as potentially malicious and not run them (not yay!).

The workaround isn’t hard; if you go into the ‘Java’ control panel area, head over to the ‘Security’ tab, and add the websites that you need exempted to the ‘Exception Site List’ then your applications should be running once again. The bad news is that doing things this way is only a per-user setting. We needed a way to do this on a system-wide basis, and then be able to deploy it to our organization via SCCM.

As it turns out, there *is* a way to do it, it’s just a bit complex. Oracle has official documentation in a few places but it’s a bit fragmented and there’s not an easy path from these documents to an actual working solution:

Exception Site List Documentation
Java Deployment Documentation

But, to save you all the time and trouble, I’m going to post exactly what you need to do to make it all work!

First, you’re going to need to create a file called ‘deployment.config’ – add the following lines:

Cool. Sweet. Progress. This is just telling Java that it *must* read the system wide config file I’m specifying, and then giving it the path to said config file. Yes, the double slashes and slash in front of the ‘C’ are necessary. Don’t ask me why, but it works as shown above.

Now you’re going to need to make a file called ‘deployment.properties’ – add the following to it:

Same idea as above, you’re telling Java the path to the security exemption site list. I’m putting all this in the same folder because we want it to be system readable and not writable. That makes it so users can’t change the sitelist.

Last, but not least, you’ll need to create the ‘exception.sites’ file. Once you do so, just add whatever site(s) you need, one per line. For example:

Now, dump all that in the “%systemroot%\Sun\Java\Deployment\” folder (You may have to create this folder, it doesn’t exist by default) and head back to that Java control panel area. Head over to the ‘Security’ tab and you’ll see that your site or sites that you listed show up! It’s like magic! In case you were wondering, Java reads that config file every time it loads. This includes in the browser or via the Control Panel, so there’s no need to reboot or do anything crazy, as long as you’re not trying to adjust an already spawned Java session.

All you’ve got to do now is write up a little batch file to make that folder and dump those files in the right place on each machine (SCCM!), and you’re all set! Remember, if you allow users to write to your exemption.sites file via Windows permissions, then they can edit the list, otherwise it’s read only (We went the read only route to give us complete control). Equilibrium has now been restored to your Java-tainted environment 🙂

java1

If you’re wondering about the Mac side of things, it looks like someone else beat me to it! Head on over there and check it out!

Other References:

https://www.java.net/node/658559
https://community.oracle.com/thread/2311948

Lync 2013 Silent or Unattended Install

Ah Mondays. The best day of the week! It’s the day that everyone comes to you with some new task or thing to do that you don’t ever, ever have time for. And yes, I know that I’m posting this on a Tuesday. Remember that whole thing about not having time?

So a co-worker came to me, asking for my scripting skills in creating a nice silent install package for Lync 2013. The official Lync 2013 package itself was pretty straightforward. Just like any other office product, the steps were, as follows:

– Download the Office product

– Get that thing extracted so you’ve got a nice directory structure like the following, underneath the folder referring to your platform architecture of choice. For example, the following resides underneath the “x86” directory once I’ve extracted the Lync client installer properly.

filetree– Now, open up a command line, navigate to the folder, and run ‘ setup.exe /admin’ This opens up a customization window where you can tell the installer all kinds of options. The ones we’re interested in are the following.

–  Install Location and Organization Name: I changed the Organization Name as desired

– Licensing and user interface: This is the important one! Enter a product key (if necessary) or leave the KMS option checked by default, as that’s likely what you, as a corporate user, are using. You’ll then want to check the box that says ‘ accept the terms in the License Agreement’ and then change the display level to ‘None.’ The Suppress modal should then be checked, and the other two options (completion notice and no cancel) should be unchecked. In fact, you can make it look like this:

licensing– Add registry entries: This is also pretty important. When the user runs Lync for the first time they’ll get a screen that asks them to configure Windows Update for the Lync application. It’s fine and dandy when it’s your own box, but not so awesome when you’re trying to deploy this to bunches of people. To eliminate the issue, add the following registry keys and rest easy (Note: These are REG_DWORD values)!

registryIt’s worth noting that those aren’t typos above, the key is really named ‘ShownFirstRunOptin’ Who comes up with these things, I’ll never know.

If you don’t put these in, your users get the following popup. Not good.

firstthingsfirst

Boom. Save the admin file as a .msp, add it to the ‘Updates’ folder in your Lync install files directory, and run the following: setup.exe /adminfile "updates\<adminfile>"

Example: setup.exe /adminfile "updates\Lync2013-Rev1.msp"

So after a bit of waiting you’ve got Lync 2013 installed silently. Or, wait… what was that popup that showed up for just about a second when the installer started to run. It loudly exclaimed ‘Please wait while setup prepares the necessary files”. You know, this screen:

setupfilesIt is, as far as I can tell, impossible to turn off. If you have a user manually run your script, this thing will display. End of story. Ugh. The only good news? It doesn’t show up when you deploy via SCCM! Happy days.

So, now we’re all done! Lync 2013 for everyone! I thought my co-worker would be super excited now that I got it all done. Right? Wrong! I now had to package the Lync 2013 VDI plugin. Goodie.

If you’re unfamiliar with what this thing does, you can check out a nifty PDF that details it right here. So when I was provided the installation files for this bad boy I got the following:

installersOh. No. There are few things I hate more in life than someone giving me a random installer, especially a .exe, and telling me to package it. There could be anything inside! Anything! I started by trying to pass it the parameters that it seemed to ask for ‘/silent /passive /norestart’. This of course, did absolutely nothing.

As it turns out, the VDI installer is similar to the Lync Basic installer. It’s an executable that has the install files inside, which actually work like a normal Office install. Why they decided to distribute them in a .exe, I have no idea.

To extract, run lyncvdi32.exe /extract:<PATH TO EXTRACT> and watch the magic happen ( I usually use lyncvdi32.exe /extract:.\Lync2013\ to extract to a folder in the current directory)! It will extract the files and you’ll see a file tree magically appear just like what you saw with the original Lync 2013 setup files. If you happen to try to extract the .exe with another utility like 7Zip, the files won’t come out right and the admin wizard won’t run properly. You’ve been warned!

Then, just like before, run setup.exe /admin and configure the admin file like above. You’ll only need to touch the Organization Name and Licensing screens – no registry editing needed – and then apply that admin file to the Lync 2013 VDI setup.exe the same way.

Viola! Now you’ve got silent installs for the Lync 2013 full client, and the Lync 2013 VDI plugin. Enjoy!

Welcome!

Welcome to System Center Synergy – a blog, or website kinda thing, for the tips, tricks, and quirks that I find while using System Center on a daily basis. Check back for my first updates soon!