Updating Ubuntu for the Unexperienced and

Time has come to update one of our Ubuntu boxes.  I can never remember how to do it and always have to go lookup the commands.  Maybe if I write them down here it'll help me remember them for next time.

I started with a lsb_release -a to see what version I was on.  Which happened to be 12.0.4.5 so I wasn't too far out of date.

Then I ran sudo apt-get update and then sudo apt-get upgrade to update all the packages that were available on the current version.  That brings me up to a fully patched system that needs to be upgraded to the latest LTS version (this is a production box running applications so I like to stick with LTS versions, I've never had a need to utilize the long term part, but it makes me feel better).

Next step I did was sudo apt-get dist-upgrade.  I'm no expert and I probably could have skipped this step and it's possible this step caused my later troubles.  Hind sight is 20/20 they say.

Now I just need to make the plunge and upgrade to the next release.  That's pretty easy,  sudo do-release-upgrade handles that.  And then the fun started.

Part way through this it prompts me because some of the apache configuration files have been modified from their originals.  I look through these changes and it really doesn't seem to like too big of a deal, but I don't want to stumble into something since most of these tweaks were done 2 years ago so I make a backup.  This machine is virtual and I didn't have the machine integration plugin installed so I couldn't switch between consoles there.  No problem though, I just SSH'd back into the machine and made a quick copy of the config file in question and then told the updater to replace it.  

The update gets done, I give the box a reboot, it seems to come back up normally and I think all is right in the world.  Then I pull up one of the websites hosted on the box and it just displays the content of the php file rather than processing the php file.  Maybe it's just this one site, nope, all the sites are equally broken.

No sweat, I've got a backup of that configuration file.   So I compare my "custom" file to the new file and don't see anything obviously wrong with it.  Obviously some of my tweaks are gone, but those wouldn't affect php not running.  I try restarting apache and it complains about a line in a configuration file (if I had noted the file I would have shared it here), that line looks like it has sometihng to do with php.  I did a bit of Googling and came across a reference to enabling php module with this command sudo a2enmod php5.  No luck, restarted apache, still no luck, same error and web pages still aren't right.

I find the command apt --installed list to show which packages are installed. I see a lot of php5-something else packages, but no php5 package.  I run sudo apt-get install php5 and let it install (it doesn't complain that it's already installed).  I restart apache and it works.  No error.  My web pages are back to normal.

I run apt --installed list again and it shows php5 is now installed.

In hind sight I think maybe the apt-get dist-upgrade may have been what did me in.  I'm not sure why, but none of the other commands should have removed any packages.  I guess if I had paid more attention to those apt-get message about packages being updated and being removed I would have been on top of this.  Lesson learned.

Zenworks Configuration Management Updating 11.2.0 to 11.2.4

Sometimes I can get a little behind.  You really know you're behind when you go to System Updates and look at the release date and realize it was a year and a day before your download date.  But that's the name of the game.  We jumped from Zenworks for Desktop 7 straight to Zenwork Configuration Management 11.2 last summer and brought all of our XP clients along with us.  For the most part 11.2 was a good version for us and our XP clients and we didn't really have a need to upgrade.  Fast forward a year and we've deployed a whole lot of Windows 7 machines and are running into some bugs that have been patched, now we need the update.  A good long weekend with a couple of user free days looked like the perfect opportunity to do the upgrade.

You can safely ignore that "Check for Updates" option in the System Update section.  It's a known issue (apparently been known for a while) and has something to do with the update being too big to download automatically.

To start out, grab the update from the Novell page (you can find it here http://download.novell.com/Download?buildid=ZCUFlvDkC9w~ ).  The instructions in the details section at the bottom are spot on.  Copy the file to the server, run the "zman sui" command, and now it shows up in the System Updates section.

The online instructions (you can find them here https://www.novell.com/documentation/zenworks11/zen11_sys_updates/data/bjppvdf.html ) look pretty straight forward but are not as clear.  You can skip the first couple of steps about getting the updates (since you just did that manually with the download and the zman sui). What through me for a loop was that I only wanted to update one server before I rolled it out to the rest of the servers.  Which is their recommendation.  The instructions aren't obvious on this.  The process starts out designate a server and then assign the update.  That looks pretty easy.  What they don't tell you is that you don't assign the update on the frontend, you pick the update and set it to install and then pick which server on the backend.  If you read ahead this becomes a bit clearer and after you've done it once it's really obvious how it works and it's really easy.  But for the first time through it not super clear and can be a little unnerving.

The update on the first box went pretty smoothly.  It took an hour or so (quick description, about a dozen primary servers spread out across different sites, ~3000 devices total, internal Sybase DB, running in a Hyper-v VM on a Dell R720 with the slowest 10K SAS hard drives ever).  After it came back up the Configuration tab of the ZCC showed no version for the server.  That did induce a little bit of panic, but running a "zac ref" on the server updated the display version so it showed the correct 11.2.4.0 version number.  That trick would come in handy as most of the updated servers also showed up blank, but refreshing the agent on those boxes fixed it.

Then I kicked off two more server updates.  Two hours later they both showed "Rebuilding Deployment Packages"  This wasn't cool, the first server updated in around 2 hours and it supposed to take the longest.  I searched around to see what I could find.  Since I had two boxes I left one alone and picked on the other.  I tried a "zac ref", no luck, I tried a "zman surp" (found that on the forums) still no luck, tried a reboot, nothing.  I did dig around in the file system and I found the folder C:\Program Files\Novell\Zenworks\install\downloads\msi which looks to contain the deployment packages.  I noticed that most of the files had varying timestamps from today and that some of the timestamps were only a few minutes old.  That would mean it was still actually doing something and hadn't stalled.  So I left that folder open and went about searching for more things to check or try and while I did that it finished... Update Completed.  Then the box that I hadn't touched finished a few minutes later.  Apparently, I was just impatient.  I'm glad I didn't toast the box trying to hurry it along, but it is nice to know that the process can be fairly resilient.

Then I picked a few more to start upgrading and kicked them off.  They seemed to progress nicely.  I picked the remaining boxes and set them a scheduled time over night to upgrade.  Crossed my fingers and went home.

I arrived in the morning to find some boxes updated, some boxes "Rebuilding Deployment Packages" and one box failed.

The failed box hadn't run out of space, the update was all there, and the log files looked to just have a simple "failed to update..." message.  So I selected the box from ZCC and selected "Redeploy update to device", it jumped back to rebuilding packages and in about 20 minutes it showed "Update Completed".  Easy enough right?

The rest of the boxes?  Just slow.  As the morning progressed they slowly started finishing.   All except for one.  Over a day later is looked like it was stuck.  I gave it a reboot and a couple of hours after that I tried to the "zman sui" command.  A few hours later I rebooted again and waited.  It finally picked up and finished.

Zenworks Configuration Management, PXE, and Firewalls

I recently added a new site to my ZCM setup and I couldn't get the clients to PXE boot.  This problem was particularly frustrating because it seemed so familiar and I knew that I had encountered it and fixed it once before.

I did remember to start the Proxy DHCP (pdhcp in some places) service and set it to automatically start.  That's a simple as going to the Services console, picking the "Novell Proxy DHCP Service" and setting the Startup type to Automatic and then clicking on Start.

But PXE still doesn't work.  What did I miss?

The firewall configuration.

Out of the box, the Zenworks installer sets a lot of firewall allow rules, but it doesn't set the ones needed for PXE booting.  You have to set those manually.  Here's how to do that.

Go to the Control Panel > System and Security > Windows Firewall.  Click on the "Allow a program or feature through Windows Firewall".  (You could just turn off the Windows Firewall if you wanted to, that would also fix this problem).


Then click on the "Allow another program..." button.

Then the "Browse..." button

Now you want to browse to your Zenworks folder.  By default that's C:\Program Files (x86)\Novell\Zenworks.  From there we're going to drill down further into the bin\preboot folder.  You should have wound up at C:\Program Files (x86)\Novell\Zenworks\bin\preboot

You'll notice a couple of applications: novell-pbserv, novell-proxydhcp, novell-tftp, novell-zisdservice, and novell-zmgprebootpolicy.  We're going to select and allow each of these in the firewall.  Just start with the first one, novell-pbserv, select it, then click the Open button.  Now you're back to the "Add a Program" screen, just click the Add button.

It should automatically check the box for the Domain network location which should be all you need.

At this point it's just rinse and repeat.  You'll click on the "Allow another program button" and go through and selecting all the "novell-xxxx" applications one by one adding them to the list.  Once you get them all done, it'll look like this.

How to change CTRL+ALT in vSphere Web Client

I've been working on setting up a new SYSPREP Win7.  I started the build on a virtual machine running on top of VMware vSphere.  I tweaked it and got it like I wanted it.  Then I went take the image in Zenworks and realized I couldn't get into the imaging mode.  To load the imaging menu you press CTRL + ALT during the PXE boot portion, but CTRL + ALT is also the same key combination to release control of the virtual machine window.  I could have just booted it from a Zenworks boot CD, but I wanted to use the PXE boot.  I looked through the options in vCenter and couldn't find anything related to the changing those settings.  Then I turned to Google and I found a bunch of posts talking about how you couldn't change it.  The outlook was starting to look a little bleak, but then I stumbled into a workaround.  Apparently, the standalone program VMPlayer and the vSphere console use the same configuration file.  You can find that file here:

C:\Users\yourusername\AppData\Roaming\VMware\preferences.ini

There are lot of guides on how to tweak the settings in that file.  But here's the settings that were relevant to what I wanted to do.

pref.hotkey.control = "true"
pref.hotkey.gui = "true"
pref.hotkey.shift = "false"
pref.hotkey.alt = "false"

These settings change the CTRL+ALT combination to CTRL + Win (that's "gui" above).  Keep in mind that the "Hint" across the top of the window still says press CTRL+ALT to release the cursor.   You also have to close and reopen the window for it to pickup the change.  I panicked at first because I changed the settings, couldn't get them to work and then forgot that I had changed them.  Later when I went back into a VM I couldn't get out of it.  I'll admit, it did take me minute to realize what I had done.

Stubborn Broadcom USH device on a Dell E6400

I recently revisited the driver installation on a Dell E6400 laptop.  There was one stubborn driver that I couldn't get working, the "Broadcom USH" device.  Dell's support website didn't list a driver for this so I went out on a wider search across the internet forum.  I found a lot of posts talking about installing the Control Vault device drivers.  So I grabbed the Dell ControlPoint Security Device Driver and found that it was useless.  The drivers were wrapped in an installer (that I didn't want to run, I just wanted the drivers).  Then I scrolled a little further down the page and found the Dell ControlVault Driver package (here's the page where I found it). After extracting that exe file I was left with a bunch of MST files and one MSI file.  So I extracted the MSI and there they were, the elusive drivers.  But it wasn't just a straight forward install.

I tried to install the driver, but it didn't work either.  It told me it couldn't find one of the files.  At first glance, everything was there.  So I ran DPInst against it.  It errored on two different drivers.  I looked through their INF files and found that they were looking for 2 files that weren't there.  A ccidflt.sys and a cvusbdrv.sys were missing.  Looking in the folder there was a ccidflt.sys2 and a cvusbdrv.sys1.  Close enough, right?   I removed the extra number from the ends of the extension and ran DPInst again and it worked!

So there you go, sometimes drivers can be stubborn.  But a little persistence pays off in the end.

Chromebook Chargers (HP, Samsung, and Dell)

Again with the Chromebook posts, right?  There are tons of reviews out there.  But you can only rehash the same specs so many times.  In the K-12 market I need to know about the physical properties of the devices too.  Let's face it, these things are going to take some abuse.  What takes more abuse than the power connector?  The charger is going to be plugged up every day, it's got to be tough.

My first experience with a Chromebook was the Samsung Chromebook.  No model number, just the Chromebook.  That was the first ARM based one that was priced at $249.  My thoughts initial thoughts were wow, it's light, it's thin, maybe a little flimsy, but what's with that crazy small charger connector.  Really, is this a Nokia phone from 2008?  In saying that, I still love that particular model.  I was just worried about unleashing a hoard of students on that small connector.  The teachers haven't had an issue with it, but I feared the students.  I've seen what they were capable of with much more robust connectors.

Then I came across the HP Chromebook 11.  Not as thin or light, but not as flimsy either.  So how did that charger connector stack up?  It's micro-usb.  That's great, right?  I really thought it was.  It's micro-usb! Most of these kids are used to plugging these up with their cell phones.  My toddler can plug up a micro-usb connector.  Not to mention that micro-usb chargers are everywhere which should have been a huge advantage (but it's not, just Google it for the details, the short version is that cell charger doesn't provide enough juice, Chromebook battery will die while trying use and charge at same time).

All micro usb connectors are not the same.  The HP Chromebook 11 appears to have a micro-a usb socket.  What is that you ask?  It's almost just like the ubiquitous micro-usb connector.  In fact, the micro-b usb connector that you're used to works in a micro-a socket.  The big difference is that that micro-a connector is a rectangle, it doesn't have the "clipped" corners that make the micro-b connector look kind of like a trapezoid.  Here's a link to the USB Wikipedia article, they cover it better than I do and they have pictures, too.

What does the different connector mean to you? It means the socket doesn't have an obvious up side (or downside).  I know I'm guilty of blindly trying to plug a cable in, doesn't fit, flip it and try it again.  With the more common micro-b connector this isn't a problem.  The metal casing on the connector will only fit one way so if it doesn't fit, it just doesn't fit.  But the HP Chromebook 11 doesn't have a micro-b socket, it's got a micro-a socket.  This means that the metal casing will fit either way.  The only thing stopping it from going in upside down is the thin little plastic strip that holds the metal contacts.  Do you see the problem with this?

So enough about the Chromebook 11, how about the Chromebook 14?  It doesn't have the same problem as the 11.  It's got a more standard barrel connector.  It seems fairly robust.  I haven't spent much time with this one so I don't have a lot more to say about it.

Now let's get to the latest Chromebook that I've tried out.  The Dell Chromebook 11. I got it out of the box and was thrilled to see the standard Dell barrel connector.  The power adapter is a 65W adapter.  It's got rounded corners and doesn't look like the other Dell power bricks that I'm familiar with, but the business end is the same.  It even has the light up ring where the cord goes into the back side of the barrel connector.  I checked it out, it looked pretty cool.  But I didn't plug it up.  Right there on my desk was another Dell power adapter from another Dell laptop (not a Chromebook), I picked it up, plugged it in and.... It blew up.  Wait, no it didn't.  It just worked.

So there we go, the Dell Chromebook 11 has a nice big, fat, rugged power connector.  And it's not unique, it's a Dell connector.   There's a thriving market for Dell laptop chargers.  Try finding an after market HP Chromebook 11 charger (which isn't the same as a HP Chromebook 14).  Heck, try to find an OEM adapter for that matter.  The HP is always out of stock.  Good luck finding a replacement if your dog eats homework, er.... Chromebook charger.

Disable Chrome Frame

Now that Google has ended support for Chrome Frame (see here) the time has come to transition to their new Legacy Browser Extension.  I've run into a few systems that I'm unable to remove Chrome Frame from.  This wouldn't be an issue except that we have a new site that's IE only, and Chrome Frame is ignoring the policy to render the site with IE.  So now they open it in Chrome, the LBS extension kicks them over to IE and then it gets rendered in Chrome Frame.  That's extremely helpful, right?  Easiest solution is to remove Chrome Frame, right?  That would work great if it would uninstall, but the uninstaller fails.  So I tried to install a newer version so I that I could maybe get it to uninstall.  That didn't work either, the installer fails.  So what about a quick and dirty way to disable Google Chrome Frame?  You can go into IE and disable it through the Add-On Manager, but I need to disable it on a bunch of machines.  How can you do that?  Just push the registry key to the machine that says disable the Chrome Frame.  What is that registry key?  Actually, it's two keys and here they are (just cut and paste this into a .reg file for easy import).

Windows Registry Editor Version 5.00[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7}]"Flags"=dword:00000001"Version"="*"

Import those keys to disable it and just delete them to re-enable.  Which hopefully you will never have to do once you get Legacy Browser Support up and going.

This is for my old XP machines.  I haven't run into this issue on Windows 7 yet, so I haven't bothered with testing it there.