Ubuntu 16.04 LTS packages required to install VMware-vSphere-Perl-SDK-6.0.0-3561779.x86_64

The below command is more a reminder for me, but I’m sure some will find it useful.

sudo apt-get install libarchive-zip-perl libcrypt-ssleay-perl libclass-methodmaker-perl libdata-dump-perl libsoap-lite-perl perl-doc libssl-dev libuuid-perl liburi-perl libxml-libxml-perl lib32ncurses5 lib32z1 libcrypt-openssl-rsa-perl libsocket6-perl libnet-inet6glue-perl

ATen IP 8000 KVM PCI Card

So recently I bought an Aten IP 8000 KVM PCI Card from eBay, it was 2nd hand and a ¼ of the price of other ones at the time (around 90 dollars AUD). When it arrived the eBay listing was correct, it truly was just the card and the KVM cable, it was missing the feature cable, CD, 5 volt adaptor, a reset jumper shunt, and Manual.

Aten if your reading this don’t stop making these cards, they are awesome but you could make them in PCIe and the web console remote viewer could be better.

My initial thoughts went to what that missing feature cable looked like and why did the card stop responding when on the network. A quick google around showed me what the card should look like by way of a how to install video here. Luckily I had a multi volt adaptor I had previously bought so I was okay on that front.

The manuals, firmware, and software can be downloaded from Aten’s IP 8000 website.

If you have lost / didn’t receive the serial number for the remote software you can ask for the key by logging a ticket to support here. Essentially you need to create a new account, then register your card and finally log a ticket against that card. They are pretty quick to respond – I received a new key in around 8 hours (4 of which would have been outside business hours due to the time difference).

The first problem I faced was rebuilding that feature cable since it seemed nobody sold these. To do this I had 2 options, 1st was to buy a jumper wire pack from Jaycar, the other option was to build one.

Jumper wire pack
ip8000-jumper-wire-pack
Source: Jaycar Catalogue

I checked in with Jaycar but the local shop had sold out the last pack a couple of days earlier and it would be a week or so till they had more stock, so I opted for the build your own option.

To do this I dug through my PC parts box for an old analogue CDROM cable and then pulled a case from the shelf I had meant to throw out in the last rubbish run but forgot to (lucky me). Taking the power and switch jumper housings from the old case I was able to remove the housing from one end of the CDROM cable and put the 2 new housings (power / reset) on in place whilst ensuring that I kept the black cables with the corresponding red and white ones. The end result is shown below

ip8000-featurecable-assembly

Following the manual (Page 9) I then plugged the cable in ensuring I lined the wires up correctly with the function (reset / power), nothing worse than trying to power the machine on in the KVM only to realise you need to hit reset instead of power because you have wired it backwards.

I decided red would be for power and white would be for reset.

ip8000-featurecable-install

Then it was time to quickly reset the BIOS to clear all previous settings, curiously this process actually gets done outside of the PCI slot. The basic process is at follows

  1. Short the jumper shunt on J2 (you can see it in the picture above it is the 2 right most jumpers with the password default written next to it)
  2. Plug the 5 volt adaptor in and count down from 5 seconds
  3. Unplug the adaptor
  4. Plug PCI card back in to motherboard

The process is documented in the manual on Page 85.

The end result now

ip8000-cardinstalled

After putting the server back in the rack I found that I wasn’t able to connect to it, I kept getting SSL interrupted or timed out Secure Connection Failed errors from both IE and Firefox

From Firefox
ip8000-512bit key failureFrom the WinClient – When Clicking Admin Utility
ip8000-winclient

So the problem you have here is that Windows KB2661254 has been installed on your system (For windows 7 / 2008 and below), if you’re on windows 8 and above there is no hope.

The first clue on the actual issue can be seen from the release notes
ip8000-releasenotesIf your card has firmware older than V1.1.103 (Which mine did it was on V1.0.087) you’re going to need to lower the minimum RSA key size allowed to 512bits so you can upgrade your firmware.

The underlying issue is that the certificate service on windows won’t allow you so connect to an SSL website with a Key Size lower then 1024

I decided I would use a test VM I had on my laptop to fix this problem, as I have personal concerns with adjusting things like this on my main machine.

You will need to run the following command as the Administrator (depending on your OS you may need to right click and run as administrator)

certutil -setreg chain\minRSAPubKeyBitLength 512

 

                A note from Microsoft on this procedure

NoteAll certutil commands shown in this article require local Administrator privileges because they are changing the registry. You can ignore the message that reads “The CertSvc service may have to be restarted for changes to take effect.” That is not required for these commands because they do not affect the certificate service (CertSvc).

                                Source: https://support.microsoft.com/en-us/kb/2661254

Once you have completed this step like magic your Internet Explorer browser will be happy to show you the this website isn’t safe screen, but this time you can continue on
ip8000-512bit-ie-errorClick on and you will see the admin console
ip8000-admin-console-loginNext Login
ip8000-admin-console-main-menuClick the Maintenance button in the top left hand corner
ip8000-admin-console-firmware-updateFrom here you will be able to add your Firmware file and click upload. The card will now upload your firmware confirm it is error free and suggest you logout so it can actually upgrade your firmware (don’t do this until it tells you to).

Once you have confirmed that you can see the admin console login screen from Firefox you will need to revert the minimum key settings.

Run the following command (running as administrator) to do this

certutil -delreg chain\MinRsaPubKeyBitLength

You will now find that your admin utility will magically start working.

And Done!

Other Interesting notes

  • Prior to the upgrade when my Firefox browser attempted to browse to the web console the card would stop responding, this seems to have fixed itself with the upgrade.
  • The WinClient is fantastic for completing BIOS upgrades and OS Installs.

Linux ADDS and WinStore problems

So you have been to Richard’s blog at http://blogging.dragon.org.uk/samba4-ad-dc-on-ubuntu-14-04/ and you now have a running Linux ADDS but your windows Store no longer works and throws one of the 2 following errors:

  • Windows Store Error – Unable to download apps – “Try that again” Error Code 0x8004804e
  • HRESULT Exception 0x80070520

The first one you will see on windows 8.1 more often than not. On windows 10 you won’t be able to add your Microsoft account when clicking Start > Settings > Accounts. It will bomb out when you try to log it in. You will also find that on both Windows 8, 8.1 and 10 you can’t log OneDrive in.

After much searching and digging in logs plus going over the winstore log and not finding an answer, I stumbled across a post in the Microsoft forums where people where having problems on Windows ADDS Windows Forum Post. This thread was a huge help as it directed me to the actual problem which was the Credential Manager permissions for the users. The windows Store uses the credential manager to store its credentials.

So whats happening where is your friendly windows workstation is attempting to store your winstore credentials in AD and your friendly Linux ADDS has no idea what to do about that.

The following site details a rather manual way to fix this problem (under the heading of NT4 style domain controllers. https://wiki.samba.org/index.php/Required_settings_for_NT4-style_domains

However the best way to ensure this works everywhere as you would expect (on your workstations) is to add it to new group policy (I guess you could add it to the default domain policy if you want).

So let’s get this fixed

The registry setting you will be pushing out is

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Protect\Providers\df9d8cd0-1501-11d1-8c7a-00c04fc297eb]
“ProtectionPolicy”=dword:00000001

***If your familiar with this process you can finish reading now, for those of you needing further assistance please read on.

1. Open Group Policy Management
2. Now create a new registry item by right clicking in the left hand panel
3. Create new policy
4. Click Computer Configuration > Preferences > Windows Settings > Registry

LinuxADDSandWinstore-registry-1

5. Fill in the details

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Protect\Providers\df9d8cd0-1501-11d1-8c7a-00c04fc297eb]
“ProtectionPolicy”=dword:00000001

LinuxADDSandWinstore-registry-2

6. Then save (Apply then Ok)

Apply this policy to the OU where you’re keeping your Workstations.

You will now want to do a gpupdate /force on your workstation and you’re done.