Last Post Here

I recently decided to go all out on my professional web presence. I’ve bought myself a fancy new domain, and have migrated this blog along with some other goodies. It won’t be too long before this older blog is completely unavailable.

Come join me at my new home!

Ben | For The Win

Or click here if you want to go straight to the new blog.

PXE Boot: Windows vs Linux

At work, we’re currently stuck with an old version of SCCM (2007) and it just doesn’t cut the mustard any more for OS deployments. I’ve set up an interim MDT server because it’s easy and required no specific budget, but the hard part is getting it able to PXE boot without squashing the SCCM stuff already in place.

There’s a few guides out there like this one that are excellent, but a little out of date. They reference Syslinux 3, and we’re up to 6.x now. Below is all my notes that you need to get SCCM, MDT, and Linux all working with PXE boot options and all the latest version tools. No VLAN switching magic or DHCP option trickery required. You can mix and match components all you want. No MDT, no problem. No Linux deployment needs, no worries.

Read more »

Installing Lync Sucks, So I Fixed It.

There’s apparently a bug in certain Lync 2013 SP1 client install media, where if you put a custom MSP file in the Updates folder, the install gets all wonky and puts in all the shared components but Lync.exe never gets installed.

I didn’t like most of the solutions out there that I read about, and there’s other weirdness with the install so I made the script below and called it Install.cmd. In the same folder as the script, make a folder called SystemDrive, then Temp, then Lync. Put all the install files (setup.exe, the x86 and x64 folders, etc) there and don’t forget to create/place your config.xml file. Create your MSP with setup.exe and put it in the Lync folder – not in the x86\Updates folder. If you use the Cisco remote call stuff, put your addrccmenu.bat file in the Lync folder too and configure the server. If you don’t use that, remove that part of the script.

ECHO Downloading install files…
ECHO Download complete. Installying Lync…
START “Install Lync” /WAIT %SYSTEMDRIVE%\Temp\Lync\setup.exe /config %SYSTEMDRIVE%\Temp\Lync\x86\lync.ww\config.xml

ECHO Waiting for the Lync base install to complete…
IF %ERRORLEVEL%==0 GOTO :Loopstart

IF EXIST “%ProgramFiles%\Microsoft Office\Office15\lync.exe” SET Success=YES
IF EXIST “%ProgramFiles(x86)%\Microsoft Office\Office15\lync.exe” SET Success=YES

ECHO Base install complete. Installing configuration pack…
START /WAIT Msiexec.exe /update %SYSTEMDRIVE%\Temp\Lync\config.msp

ECHO Configuration pack installed. Adding Cisco Remote Call Plugin….
%SYSTEMDRIVE%\Temp\Lync\addrccmenu.bat yourserverinfohere

ECHO Install complete. Removing temporary files…

ECHO Install failed. Removing temporary files…

Use this freely, just give credit where credit is due.

Web Admin I am Not… yet

I threw myself into an argument I started about SSL and TCP at work over the past couple days.

It all started when I asked the networking guy to look into why downloads from an https web app weren’t going as fast as the customer wanted. I ruled out internal CPU/RAM/Disk bottlenecks, and any testing from within the data center was amazingly fast – it was only the connection point between the server and the outside world that seemed to be slow. The network guy said “It’s because it’s HTTPS and this is expected”

I made the unfortunate assumption that calling out HTTPS implied that an HTTP connection would have no problems at all. A coworker threw out a bunch of math related to TCP and latency. This threw me down quite the rabbit hole of what kind of overhead SSL has, but at least I learned a lot on the way. Some of it seems rather elementary, but having it reinforced helps my confidence, putting me in a better position to win this argument.

  • An established TCP connection does not wait for each packet to be acknowledged before sending the next. Each bit of data gets numbered sequentially as it goes out. If it’s not arriving in order, the data is buffered until it gets the next pack in the sequence. And if the source doesn’t receive acknowledgements in a timely fashion, it will throttle its send rate until it does
  • The SSL performance hit is mostly in the CPU on the server for encryption. Even that is mitigated depending on the algorithm being used and the CPU features. There is a latency hit while an SSL handshake is established but after that the network adapter should be sweeping any other noticeable overhead under the carpet.
  • Fiddler is a great tool for looking at what’s going on with your website communication. I used it to show that an SSL handshake is only happening once when downloading a single large file.
  • Satellite and cellular networks have a lot of cool tricks up their sleeves to get better throughput. For example, they will put CRC checks for the previous TCP packet into the current one to make validation quicker. Or they’ll use a gateway to pre-fetch content on your behalf, bringing it closer to you and reducing the latency
  • There are straightforward formulas for calculating max TCP throughput. There are no such formulas for HTTPS over TCP throughput

Happy SysAdmin Day!

I’ll have a bigger, real post next week, but I just wanted to wish those one or two people who might follow this blog to have a great day. May your ticket queue be small, and your projects be successful!

The Interview

I wish this post title didn’t coincide with a movie of the same name, despite the fact that both are about job opportunities at Google.

So yeah. Now that I’ve admitted my job opportunity to my boss I feel more comfortable blogging about this. I will have to write myself an IOU for 2 blog posts – one about ComicCon and the other about my recent adventures with a Raspberry Pi.

In two weeks I fly up to Mountain View, CA for a 5-hour interview. I don’t think even the Engineering positions at Sony had that long of an interview, but I am looking forward to it. I just hope I have some time to decompress and recompress between ComicCon ending Sunday and my flight leaving Monday morning. I hear my hotel room will have a Rubix Cube and/or Etch-A-Sketch in it… I think I’ll be alright!

During my most recent phone interview at Google I didn’t put my best foot forward – I didn’t vocalize my thought process enough, I stumbled through a couple technical questions I really should know better, and I didn’t demonstrate my ability to prioritize and make quick and effective judgement calls. But somewhere in there I guess they must have seen my Diamond in the Rough skillset; I am really looking forward to sitting down and bumping elbows with some interesting IT/tech leaders, whether or not I end up with a job offer after the experience.


Microsoft recently announced that they are discontinuing TechNet Subscriptions. For the uninitiated, these are annual packages for ~$275 that gives you unresetricted testing/development licenses for every MS operating system, as well as most software (e.g. Office, Sharepoint).

With that package, I’m able to run a home lab for professional development. It enables me to have my professional career also be a hobby at home without breaking the bank.

The big counterpoint from Microsoft is that virtually everything they offer can be run in Evaluation mode, giving up to 180 days of free access. My problem with that is that my lab well outlives the 180 days. I don’t want to have to set up a brand new lab every 6 months because the time I take to set that up is going to seriously cut into whatever time I had set aside to do new things in the lab. Microsoft is removing incentive for the IT industry that supports it to continue doing so.

On the bright side, maybe next time I set up a server for something I’ll be learning a lot more about CentOS!

Want to Buy – One Network Admin

I’ve been working for a while now on an asset management tool based entirely in PowerShell. Here’s my cocktail napkin elevator pitch:

An asset management system that requires few system resources to run, gathers data automatically (while allowing overrides). Minimal PowerShell knowledge is needed, and data can be displayed in a GUI web format or output as an object for other PowerShell scripts to tie in. Asset data and collection tools can be centralized or decentralized. Cheap and easy for small to medium sized businesses. And most importantly, it will beat the hell out of an Excel spreadsheet.

Here’s what I have built so far:

  • Collect info via WMI, WinRM, etc. on a local machine
  • Same as above but with multiple remote machines asynchronously with a customizable timeout
  • Prompt for data that can’t be mined
  • Calculate other data based on the gathered/queried stuff
  • Take all this information and present it as a single object with nested arrays. Any number of assets with any number of NICs and any number of HDDs, etc.
  • Spit it out to XML (Export-CliXml)

And here’s what’s left:

  • Stress test (at what point would I need an actual DB? Hopefully > 5000 assets)
  • Display data as XML (ConvertTo-Xml) + HTTP
  • Add infrastructure properties, like a list of possible VLANs, routers, etc.
  • A GUI way to prompt for custom data or overrides of collected data
  • Better data curating
  • Encryption
  • A method for merging assets being input from multiple sources
  • Handle infrastructure data (VLANs, routers, virtualization, etc.)
  • Discovery via VMware, Hyper-V, AD, DNS, DHCP, etc.

IPv6 and the Dancing Turtle

So I recently attended a LOPSA meeting where I got to listen to a rather familiar presentation about IPv6, how to pitch it to a business and how to get started with it. The silly/fun motivation for getting it to work is to load up – if you are IPv6 enabled, the turtle will dance (more like swim). Otherwise it sits there like a bump on a log.

Well, this weekend I courted the fickle turtle, but after a day and a half (plus a router upgrade), the turtle now dances to my whims. I encountered some trickiness that others hopefully wont, regarding ATT’s uVerse service and the 2WIRE modem/router/combo unit:

  • The 2WIRE won’t give you native IPv6
  • There is no way to configure an IPv6 tunnel on the 2WIRE
  • There’s no bridge mode that drops the NAT to let a downstream router that IS capable be in charge of your network

The solution was to buy an Apple AirPort Extreme (my Linksys didn’t support IPv6 and I’m too lazy to keep up with and constantly support a DD-WRT setup). Here’s the list of steps I performed to get up and running, hopefully written so anyone can follow suit. Read more »

Flip The Switch

I made a new PowerShell script at work recently. It’s not as big as it looks – all it does is shut down a VMware guest. This assumes you have the PowerCLI modules loaded and are already connected to a VIserver.

Since the “Shutdown-VM” command just initiates a shutdown of a VM guest, I wanted to script something out that would actually pause until the VM is completely shut down.

Read more »