Work is coming along nicely with the Server Room, we’ve now removed the last Cisco switch from our infrastructure and the HP 5400R series switch is deployed replacing the 2530 that was in its place; over time we’ll be bringing more fibre from our edge switches into this room as well hence the number of SFP+ ports on the 5400R. The entire front of the cabinet is now populated with hardware or a blanking panel as well (panels available from Comms Express) to keep things looking tidy. I wish there were a little more that I could do with the cables coming into the 5400R however with a very narrow rack there’s not much that can be done.
Some interesting things have come out of both Rucks and PaloAlto recently in that they offer Hyper-V compatible VMs for their services which could free up a further 3U of space and remove a further 4-6 cables out of the picture.
Looking for some fun ways to get more out of your your Smart Card deployment? If so have you tried……?
- Use Smart Cards to login to your Servers via Remote Desktop
- Use Smart Cards with the PowerShell Get-Credential Commandlet
- Use Smart Cards with your Firewall for single sign on
- Use Smart Cards to login to IIS Web Applications (just a box to tick and a radio option to select)
- Store multiple identities on your Smart Card and assign different (and perhaps more complex) PINs to the identities
Have a look at the screen shots below for some more details…
If you are looking for a free tool to manage some of the more intricate features of the Gemalto IDPrime .NET and MD cards then the Mini-Driver Manager (downloadable from http://www.gemalto.com/products/dotnet_card/resources/development.html) may well fit the bill. However it has one small downfall in that out of the box it only allows you to manage cards with the Admin Key set to 48 0s or 48 Fs with neither option being much use to anyone once they have changed the Admin PIN.
Luckily these values are only set in a INI file so its pretty easy to change them to anything else.
Please note that this guide uses a feature in Notepad++ to elevate an application to have local Admin access, you can download Notepad++ from https://notepad-plus-plus.org however you could also use plain old Notepad you’ll just need to launch it as an Administrator and browse to the INI file within Notepad.
On with the guide!!
So after meaning to play with Smart Cards in greater detail for some time we’ve just received a set of cards and accessories from Smartcard Focus (http://www.smartcardfocus.com/) including….
- Gemalto GemPC Shell Token V2 (IDBridge K30) (a USB dongle style Smart Card reader which you can see in the screen shot sequence below)
- Gemalto IDPrime .NET smartcard – SIM cut (to go in the IDBridge K30)
- Gemalto IDPrime .NET card – just your standard Smart Card
- Omnikey 3121 – just your standard Smart Card reader
One of the first things I wanted to do was get PIN complexity and policy defined; the chaps over at Gemalto provide a number of tools which can be used to manage the cards which can be downloaded from the links below…
So time to get on with the guide (which also shows you which downloads are needed from the links)!
48 0s typed out… 🙂
Is the desktop dead yet? Well with the 4th Gen Lenovo X1 Carbon (i5-6300U/8GB/256GB) and the ThinkPad OneLink+ Dock it might as well be! This powerful little dock has just a single cable to plug into your laptop which provides power and connectivity to the dock.
For connectivity the dock includes
- On the front…
- Stereo/microphone audio combo port on the front
- 2x USB 3.0 ports on the front one of which is ‘always on’ powered – great for charging up your phone
- On the back…
- 2x USB 2.0 ports (or as I now call them ‘Keyboard and Mouse ports’)
- 2x USB 3.0 ports
- 1x Gig Ethernet port
- 1x VGA port
- 2x (full sized) Display Port 1.2 ports
- Cable to your laptop
- On the side…
- Kensington cable lock
Going by the Lenovo website (Super long Lenovo link) this dock will work with the ThinkPad X1 Tablet, ThinkPad P40 Yoga, ThinkPad Yoga 14, ThinkPad Yoga 260, ThinkPad Yoga 460, X1 Carbon (4th gen), X1 Yoga.
Some super awesome little features that have really helped
- Power on button for the laptop on the dock – even with the screen closed it’ll power on your laptop (just too bad with the screen closed I can’t get to the fingerprint reader!)
- With the Ethernet cable plugged into the docking station the laptop will turn off its WiFi
- The docking station comes with a power cable (thus you don’t have to sacrifice your laptops power cable or buy an additional one!)
- Even though only one of the front ports is ‘always on’ powered the second port has no issues in powering up and running a 500GB Freecom USB Hard Disk Drive.
So as you will have seen from the photos this screen has no issue in running 3x screens; but what about 3x screens while running a video on each screen, hammering the USB 3.0 port on the front running Crystal Disk Mark to a USB HDD, with audio streaming and my phone on charge? I certainly couldn’t notice any issue and the CPU on the X1 stayed below 22% through the test.
In the past I’ve seen docks like these kick out a fair amount of heat (when under load in particular) and while you can feel some heat from the OneLink+ dock it really isn’t much at all (only a few more degrees Celsius above its ‘off state’). In addition some laptops seem to ramp up their internal fan when attached to a dock – in this case the X1 Carbon behaves and under ‘productivity tasks’ I couldn’t notice the fan noise at all.
I would prefer to see the VGA port replaced with a further display port (on high resolution screens VGA really does not work well) the Lenovo ThinkPad OneLink+ Dock really is an excellent bit of kit; not once have I looked back on my desktop and having extra desk space is just an added bonus.
So first things first….the title of this article is misleading; thus far Avid do not seem to have released a sounds pack specific for Sibelius 8 as you will see on the website when you login in (https://my.avid.com/account/orientation) the only option is for the 7.5 sounds pack. But…this works!
Now deploying Sibelius it’s self in a silent manner is (in my opinion) pretty well documented at this link – http://avid.force.com/pkb/articles/en_US/how_to/en396971.
When you get to the sounds the documentation (again in my opinion) (which can be found here – http://avid.force.com/pkb/articles/en_US/How_To/Installing-and-using-Sibelius-Sounds-across-a-network) is flaky at best not to mention the confusion around version 7/7.5/8.
For example the install path is listed as C:\Program Files (x86)\Avid\Sibelius Sounds\Sibelius 7 Sounds, well Sibelius 8 is x64 only so do we put it in the C:\Program Files folder instead? The registry entry is listed as HKEY_LOCAL_MACHINE\SOFTWARE\Avid\Sibelius Sounds\Sibelius 7 Sounds\ContentPath – well again do we update this to be ‘Sibelius 8 Sounds’?
Well as it transpires their guide is correct in all respects; however, as it states in the clear there is no silent install command for the sounds. Ultimately though its just a copy and paste operation with the addition of a registry key so lets use some PowerShell to get this software deployed! Continue reading
One of those monthly jobs that every SysAdmin will come across is good old Patch Tuesday; to help make Patch Tuesday a little more fun after all of the servers have been updated I use Hyper-V Replica (run by a PowerShell script) to shutdown each Virtual Machine and move it onto another host (ticks the box for the machine reboot component of Windows Updates and also tests our DR solution in one hit!).
However as both of my DCs are Virtual Machines I want to make sure that at least one DC is up at all times, to do that I have built a little PowerShell function (see below to download it within a zip file!) that is run before every migration to ensure that both DCs are up and running (along with the Network Policy Server service which is used to authenticate clients on the network (and so is very important!!)) before any migration happens.
Hopefully this will help someone someday!
See if DCs are up (905 bytes, 88 hits)
A silly gotcha more than anything else…. after recently updating my WSUS server to use SSL (to allow publishing through the firewall) I noticed my clients that were deployed with MDT (Microsoft Deployment Toolkit) were not installing updates as part of the Task Sequence; indeed the message log at the end indicated that the updates could not be downloaded as there was no connectivity to the WSUS server.
Lone behold I had updated the path to be https:// (against http://) in the Group Policies that pointed the clients at the WSUS server but not in the Deployment Share properties in MDT. So let the lesson be learnt… be sure to make the URL change in MDT as well as in Group Policy.
While working on my most recent Hyper-V Replica PowerShell script when attempting to reverse replication from a source Hyper-V host to the a target host using Certificate authentication I was getting the error message…
Hyper-V failed to establish a connection with the Replica server ‘<target hostname>’ on port ‘443’. Error: The connection with the server was terminated abnormally (0x00002EFE).
As it turns out I had recently deleted and created a new certificate for the target host and as such there was no certificate listed in Hyper-V Settings > Replication Configuration. The fix was to set the replacement certificate in the box provided. See the screenshots below for a little more…
Having recently purchased a Dell T430 tower server which we will be using for backup and Hyper-V replica I thought I’d share some photos of what the castors (an option in place of either the rack mounting kit or the floor stand feet) look like!
The castor assembly comes in a separate box to the server and only takes a minute or two to install; I perhaps was expecting slightly larger wheels however they do a good job all the same on hard floors.