ManageEngine ServiceDesk Plus MSP – Bind to Specific IP

I’m testing out ManageEngine ServiceDesk Plus MSP and trying to get it to bind to a specific IP address on my Linux server to no avail.

Documentation from 2005, 2008, 2011 and 2014 all indicate to modify server/default/conf/TrayIconInfo.xml and add the following changes:

<SDP-PROPERTIES RequestScheme="http" WebPort="80" ipToBind="ww.xx.yy.zz"/>
 <ADDITIONALPARAMS ParamName="ipToBind" ParamValue="-bww.xx.yy.zz"/>

This doesn’t work and still listens on all interfaces causing my other services a conflict.

Eventually if I figure this out, I’ll put a note here for my future reference.

Sending SNMP Traps of Windows Events

Furthering my build-out for a monitoring solution which includes Observium as the primary SNMP polling system, I am writing an application to handle SNMP traps from my Windows servers.

Most of my servers are Windows 2008 R2 or Windows 2012 R2. With that being said, I can use evntwin.exe on the servers to setup traps for specific event logs on my Windows servers and send them to my trap receiver to further classify and alert/notify.

There are a few steps involved in the overall process here.

Create a Custom Event Log Source

Before I can translate a specific event log entry, I create an event log source DevTrap and use an Event ID of 1000.  This is optional, as you’ll see in the next step you can dig right in and start filtering traps from any existing Event Log sources.

C:>eventcreate /T success /id 1000 /l application /d Test event to be trapped. /so DevTrap

2016-06-14_123757

Translate Events to Traps

Using evntwin.exe, I click on Custom and then Edit >>

2016-06-14_124208

From here, I can navigate the event log tree in the left pane and find my DevTrap source in the Application log.

2016-06-14_124334

Double clicking on the row will give me some properties for the event and allow me to modify when to generate the trap based on number of events within a specific time period.  I left this as default since I’ll be testing manually and this won’t generate hundreds of traps.

2016-06-14_124452

Now the event is listed in the Events to be translated to traps box.  I need to Apply and then Export the trap translations.  If I wanted to add more, I could simply keep going before clicking Apply and Export.

2016-06-14_124506

When the Export dialog box opens, it wants to know where to save the configuration for the translations.  Choose a location that makes sense.  After saving, you can close evntwin.exe program.

2016-06-14_124825

A Look at events.cnf

So the events.cnf file was exported in the previous step.  This file contains commands that will be used with evntcmd.exe to actually process and do something with the translations.  Here is what my file contains thus far.

2016-06-14_124937

The format of the #pragma add line is:

#pragma add <LogName> <SourceName> <EventID> <EventCount> <TimeInterval>

I need to add a trap destination and community to this file:

#pragma ADD_TRAP_DEST public 10.147.204.88

I add the line and save my changes and the file looks as follows.

2016-06-14_125836

Here is a useful table if you want to build the file manually and include the trap destination.  Find more information on the use of evntcmd.exe at Microsoft’s TechNet article.

ADDspecifies that you want to add an event to trap configuration.
DELETEspecifies that you want to remove an event to trap configuration
DELETE_TRAP_DESTspecifies that you do not want trap messages to be sent to a specified host within a community
ADD_TRAP_DESTspecifies that you want trap messages to be sent to a specified host within a community.
CommunityNamespecifies, by name, the community in which trap messages are sent.
HostIDspecifies, by name or IP address, the host to which you want trap messages to be sent
EventLogFilespecifies the file in which the event is recorded
EventSourcespecifies the application that generates the event.
EventIDspecifies the unique number that identifies each event

Using evntcmd.exe

Now that I have the configuration file as needed, I use evntcmd.exe to configure the trap translations and trap destinations.  Run the command from an elevated command prompt.

evntcmd.exe events.cf

Here is what the output looks like after running the command.

2016-06-14_130149

At this point, any event logged in Application as source of DevTrap with ID of 1000 will send a trap to my manager on 10.147.204.88.  I can test this by generating an event and monitoring my trap manager server to make sure I see it come across.

C:>eventcreate /T success /id 1000 /l application /d Test event to be trapped. /so DevTrap

Batch Script Add Windows Users using Netsh

The following batch script will add a group of users to Windows, set no password, and require a password change at first logon.

@echo off
setlocal enabledelayedexpansion

set user1=John Q. Smith
set user2=Jane Doe
set user3=Joe Montana
set user4=Alicia Silverstone

set users=(user1 user2 user3 user4 user5 user6)

for %%u in %users% do (
  echo net user %%u /logonpasswordchg:yes /fullname:"!%%u!" /add
)

Use netsh to set interface IP static or dhcp

Get Configuration Info

Using the command below, you can gather information on the adapter’s current configuration. Make note of the connection name since that is what is used to in the configuration command further down.

netsh interface ip show config
Figure 1 - Example of netsh interface ip show config

Figure 1 – Example of netsh interface ip show config

You can see the existing configuration with the following command.

netsh interface ip dump
2016-05-05_113938

Figure 2 – Example of netsh interface ip dump

Set Interface DHCP

To set interface address as DHCP, issue the following.  Change the items highlighted in Red to suite your environment.

Note:  Use the above command (netsh interface ip dump) to figure out which interface you need to use.  Default is “Local Area Connection” but many environments will differ.  Match the interface= portion and supply that in the Red sections below.  I’m leaving the default of “Local Area Connection” but you can see that my interface would be “Ethernet”.

2016-05-05_113938-2

Figure 3 – Determine the interface name to use when configuring the interface via netsh

netsh interface ip set address "Local Area Connection" dhcp

You also can set the DNS statically or via DHCP as well.

netsh interface ip set dns "Local Area Connection" 8.8.4.4

Set a secondary DNS server:

netsh interface ip set dns "Local Area Connection" 8.8.4.4 index=2

Set Interface Static

Set the interface with a static address. Change the items in Red to suite your environment.

netsh interface ip set address "Local Area Connection" static ipaddr subnetmask gateway metric

Set the DNS server statically.

netsh interface ip set dns "Local Area Connection" 8.8.4.4

Set a secondary DNS server:

netsh interface ip set dns "Local Area Connection" 8.8.4.4 index=2

Speed up Send/Receive in Outlook 2013 Synchronized Folders

Ran into a performance issue for an end-user today where the Send/Receive process was hanging on synchronizing subscribed folders.

One method to help speed up this process was to disable calculating the number of unread items each in subscribed folder that are synchronizing.

Step 1

Click on Send/Receive tab in the Ribbon and then click Send/Receive Groups and choose Define Send/Receive Groups

2016-04-25_113309

Step 2

Click Edit in the right pane

2016-04-25_113317

Step 3

Uncheck Get folder unread count for subscribed folders and click OK

2016-04-25_113331

Searching GMail with Regex

Interesting discussion in IT Professionals community I saw regarding needing to be able to search GMail for some IP addresses.

I’ve tinkered around with a few things and found a pretty easy way to do the regex searches.

Step 1: Setup Google Doc’s Sheet

Source: http://www.labnol.org/internet/advanced-gmail-search/21623/

Follow these directions to the end of #2 below:

  1. Click here to make a copy of the Gmail RegEx sheet into your Google Docs account.
  2. Wait for 10–15 seconds and a new Gmail RegEx menu will appear in your new Google sheet. Choose Initialize from the menu and grant the necessary permissions as requested by the program.
  3. The program will search your entire mailbox by default but if you would like to limit the search to any particular lable (say Inbox or Spam), just put that label name in cell F3.
  4. Now enter any regular expression in the cell F4 and choose “Search Mailbox” from the Gmail RegEx menu to begin searching.

Step 2: Modify Script

We need to modify the script since the subject is what contains the IP address that have been emailed.

Click on Tools > Script editor…

1

When this opens, modify line #32:

Originally, it says:

var msg = messages[m].getBody();

Change it to:

var msg = messages[m].getSubject();

2

Save your script…

3

Search!

Back on the spreadsheet, fill in the search field with the following regex.

d{1,3}.d{1,3}.d{1,3}.d{1,3}

Note: This will match 0.0.0.0–999.999.999.999 — but who cares… we’re not being that strict are we? I’ll leave the exercise to you to filter for proper IPv4 address or even IPv6 hah.

So with the regex entered in, go up to GMail Regex > Search Mailbox

4

Results, Prosper

Here’s an example?—?I sent myself some test messages with some IP addresses in the subject.

5

Microsoft Camera Codec on Windows 10

I just installed Microsoft Windows 10 Technical Preview and have been going through and setting up some of my software for testing.  I noticed that Windows isn’t generating previews for my Canon DSLR RAW files (.CR2).  After a quick search, Microsoft Camera Codec pack is needed to generate previews for RAW file types.  I downloaded the Codec pack but it errored on the initial install stating my current operating system was not supported.

To work around this, I downloaded Windows Installer 4.5 redistributable which contains Orca.  Orca allows modification of Microsoft Installation files (.MSI).

I modified the following value indicating a check for OS level needing to be less than 9200 and changed it to an arbitrary 9900.

2015-01-25_100738

2015-01-25_100756

After saving the changes, I closed Orca and ran the Codec Installer again. This time it ran through installation successfully and a reboot was required. Now I can view thumbnail previews of my .CR2 files.

Hope this helps anyone testing Windows 10 Technical Preview and needing to preview RAW images.

Clearing Command and Buffer History in Powershell

Clear Powershell’s last 10 commands:

clear-history -count 10 -newest

After executing that, use get-history to see what’s left…

Clear the console buffer by scripting F7+2:

[system.reflection.assembly]::loadwithpartialname("System.Windows.Forms")
[System.Windows.Forms.SendKeys]::Sendwait('%{F7 2}')

Try using the Up key to cycle through history — won’t happen.