Close Your Ports. Batten down the hatches!

Close Your Ports. Batten down the hatches! Gentlemen callers from nations without extradition policies are calling.

3 days of having port 3389 open on a Linux box. Lesson. Close your ports, use strong passwords, and make sure your software is updated! This is the equivalent of random people coming up to your front door and just checking if your house is open 19 times over 3 days. I know this isn’t a shocker to most people, but it is good to have a reminder. 🙂

2012-12-31 18:10:43 [INFO] Disconnecting / Protocol error
2012-12-31 18:10:43 [INFO] / lost connection
Host :
Country : Portugal
2012-12-31 19:55:40 [INFO] Disconnecting / Protocol error
2012-12-31 19:55:40 [INFO] / lost connection
Host : ( )
Country : United States
2012-12-31 22:13:05 [INFO] Disconnecting / Protocol error
2012-12-31 22:13:05 [INFO] / lost connection
Host : ( )
Country : United States
2012-12-31 22:29:39 [INFO] Disconnecting / Protocol error
2012-12-31 22:29:39 [INFO] / lost connection
Host : ( )
Country : United States
2012-12-31 22:39:10 [INFO] Disconnecting / Protocol error
2012-12-31 22:39:10 [INFO] / lost connection
Host : ( )
Country : United States
2012-12-31 22:47:24 [INFO] Disconnecting / Protocol error
2012-12-31 22:47:24 [INFO] / lost connection
Host : ( )
Country : United States
2012-12-31 22:54:48 [INFO] Disconnecting / Protocol error
2012-12-31 22:54:48 [INFO] / lost connection
Host : ( )
Country : United States
2012-12-31 23:01:44 [INFO] Disconnecting / Protocol error
2012-12-31 23:01:44 [INFO] / lost connection
Host : ( )
Country : United States
2013-01-01 06:30:10 [INFO] Disconnecting / Protocol error
2013-01-01 06:30:10 [INFO] / lost connection
Host :
Country : Russian Federation
2013-01-01 12:18:39 [INFO] Disconnecting / Protocol error
2013-01-01 12:18:39 [INFO] / lost connection
Host :
Country : Pakistan
2013-01-01 12:28:49 [INFO] Disconnecting / Protocol error
2013-01-01 12:28:49 [INFO] / lost connection
Host :
Country : Italy
2013-01-01 21:27:20 [INFO] Disconnecting / Protocol error
2013-01-01 21:27:20 [INFO] / lost connection
Host :
Country : United Arab Emirates
2013-01-01 21:41:46 [INFO] Disconnecting / Protocol error
2013-01-01 21:41:46 [INFO] / lost connection
Host : ?
Country : China
2013-01-01 21:47:09 [INFO] Disconnecting / Protocol error
2013-01-01 21:47:09 [INFO] / lost connection
Host :
Country : United States
2013-01-01 22:23:08 [INFO] Disconnecting / Protocol error
2013-01-01 22:23:08 [INFO] / lost connection
Host :
Country : China
2013-01-02 00:10:00 [INFO] Disconnecting / Protocol error
2013-01-02 00:10:00 [INFO] / lost connection
Host : ?
Country : China
2013-01-02 02:05:02 [INFO] Disconnecting / Protocol error
2013-01-02 02:05:02 [INFO] / lost connection
Host :
Country : Uruguay
2013-01-02 03:57:31 [INFO] Disconnecting / Protocol error
2013-01-02 03:57:31 [INFO] / lost connection
Host :
Country : Brazil
2013-01-02 13:37:12 [INFO] Disconnecting / Protocol error
2013-01-02 13:37:12 [INFO] / lost connection
Host :
Country : Netherlands


Turn on your VMs when vCenter is down

If you don’t want to sit through connecting to all your 4.1 ESX hosts to find your vCenter server or your MS SQL server if they need help, you can do it through the command line.

ssh ESX-IP-Address
SSH to your ESX host

vim-cmd vmsvc/getallvms
This lists your VMs

vim-cmd vmsvc/power.on 64
This will power on Vmid 64. You can get your VM’s Vmid from the getallvms command.

vim-cmd vmsvc/power.reboot 64
This will reboot the VM having problems.

vim-cmd vmsvc
This will show you all the possible commands you can run. There’s quite a few.

This is way faster than to vSphere client and I’d recommend it for all your vCenter outage needs. Apparently it works with ESXi 5.0 according to the indomitable Boche here.

vim-cmd vmsvc/tools.cancelinstall 64
Also absurdly useful to stop a hung tools install

Bash Script to Create a Bomgar Licensing Report

I recently showed a developer at work the Bomgar API so he can whip up some fancy reporting. But why should devs have all the fun?

Figuring out the sed part made my brain catch on fire.

# Author Greg Carriger
# Rep Console Usage file version v1
## Collect Data
wget --no-check-certificate\&password=examplepassword\&action=get_logged_in_reps
grep display_name command.ns* > user1
rm command.ns*
wget --no-check-certificate\&password=examplepassword\&action=get_logged_in_reps
grep display_name command.ns* > user2
rm command.ns*
usert=$(cat user1 user2 | sort -u | wc -l)
user1=$(cat user1 | wc -l)
user2=$(cat user2 | wc -l)
time=$(date +%s)
## Write Data
echo $usert $user1 $user2 > tempstats
cat tempstats | sed '$s|^|'"$time"' |' >> stats
## Clean up
rm user1 user2 tempstats

Not done yet.

Revisiting VM Limited in light of vSphere 5.1

The youtube link is gone and i expect this one to be unavailable as soon as the Microsoft marketing guy recovers his vimeo account password. I think VMware answered all the criticisms with 5.1 cloud suite including offering their own cloud hosting “Project Zephyr” much to their partner’s dismay. Gotta say it’s a funny but infuriating advert.

Apparently Tad doesn’t have anything to say about the new launch.

VMware View Windows 7 Optimization Experience

If you are using View then you should look at this fabulous document VMware’s Windows 7 Optimization Guide

I chose the traditional install of Windows 7, because our company image of Windows 7 was created by someone else and I am just throwing it into View for a couple specific purposes.

Make sure to run the script with a “>>c:\result.txt” on the end because it’s long and you want to capture any messages. I had 2 failures. I was not able to purge the Volume shadow copies because the script turned it off before it tried to purge.

The Fix I ran:
Powershell Set-Service 'VSS' -startuptype "manual"
vssadmin delete shadows /All
Powershell Set-Service 'VSS' -startuptype "disabled"

It didn’t actually do anything because this is a fresh install… but hey that’s okay.

The other failure was disabling a Windows Defender service which wasn’t installed.

Also be sure to read through what you are doing because company policy may prevent you from implementing some of the guide such as:
netsh advfirewall set allprofiles state off — Not always the best idea to turn off the windows firewall

And of course make sure your GPOs are not conflicting and the best case scenario is this is applied through GPO so it is easily repeated and enforced.

Good luck!