Scripting Switch Configuration Backup

Here’s is a short VBS script which telnet’s into your ProCurve switch and sends a config backup to your TFTP Server. The code can easily be changed to telnet into pretty much any device that supports configuration via telnet.

This code is a modified version of a snippet posted on the VBForums

Dim objShell
Dim objNetwork

Set objNetwork=CreateObject("WScript.Network")

strTitle="Telnet Demo"
strDefaultServer="Server01"
strDefaultUser=objNetwork.UserDomain & "\" & objNetwork.UserName
strDefaultPassword="P@ssw0rd"

strComputer=InputBox("What server or device do you want to connect to?",_
strTitle,strDefaultServer)
If Len(strComputer)=0 Then WScript.quit



strPassword="password"

Set objShell=CreateObject("wscript.shell")
'Start Telnet
objShell.Run "Telnet " & strComputer
'Give app a chance to get started
WScript.Sleep 5000
objShell.AppActivate "Telnet " & strComputer

'Send login credentials
objShell.SendKeys strUsername & "~"
WScript.Sleep 2000
objShell.SendKeys strPassword & "~"
WScript.Sleep 2000

'Send commands
WScript.Sleep 200
objShell.SendKeys "~"
WScript.Sleep 200
objShell.SendKeys "copy startup-config tftp 172.16.1.15 "& strComputer &"_config.txt"
WScript.Sleep 1000
objShell.SendKeys "~"

'give lengthy commands time to finish
'WScript.Sleep 10000

'make sure we get window again
objShell.AppActivate "Telnet " & strComputer
'run another command
'objShell.SendKeys "net share"
'WScript.Sleep 200
objShell.SendKeys "~"

'Close session
'make sure we get window again
objShell.AppActivate "Telnet " & strComputer
objShell.SendKeys "exit"
WScript.Sleep 200
objShell.SendKeys "~"
objShell.SendKeys "exit"
WScript.Sleep 200
objShell.SendKeys "~"
WScript.Sleep 200
objShell.SendKeys "y"
objShell.SendKeys "~"
WScript.Sleep 200
objShell.SendKeys "~"

Save this text in a .vbs file and run via “cscript switchbak.vbs“ from the command line

If your modifying the script to run on something other than a ProCurve switch ,you may have to tweak/add/remove the Sleep and SendKeys ”~” . Using the SendKeys and the tilde will send a carriage return to the telnet session

Also, if you’d like to run this script you will need a TFTP server, free download from Solawinds

To make the back script a useful tool I’ve set it to run and query an MS SQL database to get the addresses for our ProCurve switches and have scheduled it to run regularly. I will post an update with how I’ve set that up sometime soon. The Script is essentially the same but I’ve removed the prompt for the device address and added the database connection query, will post the details shortly

If you have setup the ProCurve Manager then you may find this post redundant, but, I’ve found it to be a handy script to have, and send backup config files to a server where they are easily accessible in a disaster, hopefully…

Vista bug – Deletes Inactive Profile

vista Sometime ago now, but still worth sharing, we had an issue with our Vista tablets for Staff. The issue was with Vista, pre SP1 we think, and a Group Policy setting for deleting an inactive profile after 30 days. This GPO setting was a legacy setting that we had on the network to delete Student profiles on network machines that weren’t removed when they logged off.

After successfully rolling out the notebooks to staff, we think about a 30 days after the imaging, we had 4 panicked Staff call the IT Helpdesk within minutes of each other. Their machines had fouled up and restarted and when they logged in they had a fresh profile and all of their documents and email had disappeared!

After a some quick Googling we found Dave’s post on his blog and he’d had exactly the same experience. This is straight from Dave Says:

“Seems the domain controller software has a (Y/N) parameter to delete old profiles that have not been used for 30 days or more.
If set to Y, the software screws up when a terminal logging in is running either Vista or Server 2008 OS. In these instances, it sometimes concludes the current user profile has been inactive for 30 days & deletes it!

Solution is have your admin set parameter to N – apparently there was a note floating around back in the beta days last year – thanks for publicising it guys!”

Thanks to Dave, we immediately change the GPO setting and, luckily, didn’t have any more problems. It was interesting that we only had 4 notebooks with the problem, if it was all 55 we would have been in trouble, but this is what happens when you dive into a new OS I suppose…

More info from Dave Says

DL380 – HP Insight Manager Goodness

Over the weekend I had the opportunity to experience the HP Insight Manager goodness. We were on our way to Melbourne to go shopping for they day, early Christmas shopping, and about half way there I received an email from one of our servers, “IDM”, which had detected a drive failure. The drive that failed is part of a RAID5 array so we could replace the disk and it should rebuild successfully, as long as we could replace the drive before another disk failure!

We have seen a few disk failures before on the DL380 servers and and have had no issues with replacing the disks and DL380rebuilding them, but it was only recently that we started updating all the servers with the latest firmware and configuring them to send alerts on failures. So this was the first time we’d seen the email alerts for a disk failure, which obviously meant that we could deal with it straight away instead of waiting for someone to notice the RED light on the failed disk when they were in the server room.

With the drive failure occurring  on the weekend, and as I was an hour or so away, we had to do a quick call out to our IT Staff to see who was available to perform the disk swap. As luck would have it, someone was heading in to catch up on a few hours and was only a few minutes away. This particular member of Staff is our web developer and has pretty good knowledge of hardware but hasn’t had experience with our DL380 servers before. So, over the phone, I talked him through changing the disks over and starting the rebuild process. When we had our first disk failure on a DL380 we found it hard to find documentation on what to do, and this was probably because it was so easy and that we didn’t expect the RAID controller to do so much of the work by itself.

All Jeff had to to was unpack a new drive from its box, removed the failed drive and then insert the new disk. The new disk is already boxed inside its caddy, ready to slide into the server. So there’s no need to find a screwdriver and remove the disk and insert the new one in the caddy. After inserting the new disk the raid controller detects the disk, initialises and then begins the rebuilding process. This particular RAID array wasn’t too large and took less than an hour to rebuild, and as every change in disk status occurred, the server detected the change and sent a notification message. So as Jeff was replacing the disk, I was getting the notification messages instantly on my phone.

I’ve included the emails from the Insight Manager below. At the moment we only a few of our DL380s with the current firmware and Insight Manager, this is because of a problem we found with the SCSI backplane and the newer firmware. The latest update caused a problem where the Status LED’s on the SCSI disks fail to light up, green or red, for one of the disks in the server. We held off on continuing with the firmware updates but may reconsider that for the moment when we get such comprehensive information from the Insight Manger and alert emails it seems like the gains out weigh the inconvenience of LED issues.

Initial email – detected drive failure
—————————————————————————————————————————–
From: <ProLiant@>
Date: Sat, 22 Nov 2008 09:31:01 +1100
Subject: Storage Agents: Physical Drive Status Change

The system has detected the following event:
SNMP Trap:      3046
Date time:      11/22/2008  09:31:00 AM
Computer:       IDM
Source:         Storage Agents
Type:           Error
Category:       (4)
Description:
A ‘Physical Drive Status Change’ trap signifies that the agent has detected a change in the status of a drive array physical drive.
Details:
IDA Physical Drive Status ‘FAILED’
Drive Type 2
Location  ‘SCSI Port 1 Drive 3’
Error Code 13
Bus # 1
Controller Slot # 2
Model ‘COMPAQ  BD14689BB9      ‘
Serial Number ‘DAA1P6909WNS0637’
Firmware Revision ‘HPB1’

Second Email –new disk inserted and initialised ‘OK’
—————————————————————————————————————————–
From: <ProLiant@>
Date: Sat, 22 Nov 2008 11:47:07 +1100
Subject: Storage Agents: Physical Drive Status Change

The system has detected the following event:
SNMP Trap:      3046
Date time:      11/22/2008  11:47:06 AM
Computer:       IDM
Source:         Storage Agents
Type:           Informational
Category:       (4)
Description:
A ‘Physical Drive Status Change’ trap signifies that the agent has detected a change in the status of a drive array physical drive.
Details:
IDA Physical Drive Status ‘OK’
Drive Type 2
Location  ‘SCSI Port 1 Drive 3’
Error Code 0
Bus # 1
Controller Slot # 2
Model ‘COMPAQ  BF14684970      ‘
Serial Number ‘        J4W1PB3C’
Firmware Revision ‘HPB5’

Third Email – new disk is being rebuilt in the RAID5 array
—————————————————————————————————————————–
From: <ProLiant@>
Date: Sat, 22 Nov 2008 11:47:07 +1100
Subject: Storage Agents: Logical Drive Status Change

The system has detected the following event:
SNMP Trap:      3034
Date time:      11/22/2008  11:47:06 AM
Computer:       IDM
Source:         Storage Agents
Type:           Warning
Category:       (4)
Description:
A ‘Logical Drive Status Change’ trap signifies that the agent has detected a change in the status of a drive array logical drive.
Details:
IDA Logical Drive Status ‘REBUILDING’
Logical Drive # 2
Controller Slot # 2

Fourth Email – all done, RAID rebuilding complete and disk is OK, back to normal
—————————————————————————————————————————–From: <ProLiant@>
Date: Sat, 22 Nov 2008 12:37:07 +1100

Subject: Storage Agents: Logical Drive Status Change

The system has detected the following event:
SNMP Trap:      3034
Date time:      11/22/2008  12:37:07 PM
Computer:       IDM
Source:         Storage Agents
Type:           Informational
Category:       (4)
Description:
A ‘Logical Drive Status Change’ trap signifies that the agent has detected a change in the status of a drive array logical drive.
Details:
IDA Logical Drive Status ‘OK’
Logical Drive # 2
Controller Slot # 2

After reading Mick Liubinskas’ post on ‘How I Blog’ I thought I’d try a quick and nasty, two beer post with minimal spell checking and absolutely no grammar checking or proof reading…..

Vista logged on with a temporary profile

Over the past few months we’ve had a few instances of users logging into their Vista machines and receiving a temporary user profile. We have a fleet of 55 Vista notebooks that we’ve been running since Jan 2008 and had this error 3 or 4 times on different machines and twice on one machine! We haven’t been able to work out what’s causing the profile corruption, its not clear if the users have had trouble shutting down their machines, BSOD, or something else. We imaged these machines pre-SP1, and this problem could be something to do with the pre-SP1 Vista issues. None of our Vista SP1 machines have had this error so far, touch wood…

The error logged in Event Viewer is EventID 1511:
Event ID: 1511 – Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.

The users are logged on with a temporary profile and receive a warning in the system tray to tell them that their changes to the temp profile wont be saved. With the machines that we’ve come across so far the original profile has been in tact and there as been no data loss, just the inconvenience for the user while they loose their machine for an hour while we sort it out.

By looking in the registry under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList you can see that the corrupt profile has been renamed and has a .bak appended to the SID.

Looking the error up in Google took me straight to the Microsoft KB947242 where they say the cause is:

“This problem occurs if the current user’s profile was accidentally deleted from the system.”

WTF?! That doesn’t exactly instil confidence in Vista and user profiles, fortunately we haven’t lost any data yet but it would be interesting to know what’s been causing this error for us and if their are many people out there that have had similar experiences.

This is a copy of the instructions from the Microsoft Knowledge Base Article 947242 to fix the problem. We followed these instructions, pretty easy, just a hassle, and haven’t had any issues with data loss from the original profile.
To resolve this problem, follow these steps:

1. Log on to the system by using an administrative user account other than the user account that is experiencing the problem.

2. Back up all data in the current user’s profile folder if the profile folder still exists, and then delete the profile folder. By default, the profile resides in the following location:

%SystemDrive%\Users\UserName

3. Click Start, type regedit in the Start Search box, and then press ENTER.
If you are prompted for an administrator password or for confirmation, type your password, or click Continue.

4. Locate the following registry subkey:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList

5. Under the ProfileList subkey, delete the subkey that is named SID.bak.
Note SID is a placeholder for the security identifier (SID) of the user account that is experiencing the problem. The SID.bak subkey should contain a ProfileImagePath registry entry that points to the original profile folder of the user account that is experiencing the problem.

6. Exit Registry Editor.

7. Log off the system.

8. Log on to the system again.

Full details here on Microsoft Knowledge Base Article 947242

The temporary profile issue is one of two major profile issues we’ve had since migrating to Vista, will blog the other issue soon, and we are starting to look seriously at client backup and recovery options. The Altiris Client Management Suite and Backup Exec Desktop Edition has been recommended to us but would like to hear from anyone that can recommend this package, or something else, for a corporate environment.

Auto Proxy – WPAD.DAT / PROXY.PAC

Recently we updated our auto-proxy setup for the network when we rolled out our ProCurve installation with different VLANs and subnets etc. With the new setup we had the opportunity to create a guest VLAN for Student internet access where they use their own machines over our network. However, we needed to give the Students a different proxy address to other machines on the network. I thought I’d take some time and create a post to outline the steps involved to setup auto-proxy and the reasons why it such a good thing.

In the past we’d force proxy settings through Group Policy which was fine for Internet Explorer but not as successful with other web browsers. That used to be OK, but now everyone has the web at home and that doesn’t work too well when they still have the proxy address from work in their preferences.

For the auto proxy to be a success you need a DNS server with an entry for WPAD pointing to a web server, and obviously, a proxy server for web traffic. This is really easy to setup, and will let your users run their preferred browser while still running through your proxy.

AutoProxy1

DNS
Create a new DNS host record for WPAD to point to the server that will host the wpad.dat and or proxy.pac files:
Alias name: WPAD
Fully Qualified Domain Name: WPAD.morecowbell.com.au
Fully Qualified Domain Name for target host: webserver.morecowbell.com.au

DHCP
If your network clients support receiving their proxy address through DHCP you can set the autoproxy file under option 252. Note: the string value is in lower case

Set option 252 ClassID with String Value http:/wpad/wpad.dat

MIME
If your web server is something like IIS 6 that can be particular about MIME types then you will have to manually create the MIME types for the proxy config files:
.dat application/x-ns-proxy-autoconfig
.pac application/x-ns-proxy-autoconfig

WPAD.DAT / PROXY.PAC
The code below is the JavaScript which makes up the wpad.dat or proxy.pac file. We are able to assign a different proxy for the students and guest machines by using isInNet to check which subnet the client IP belongs to and return a proxy address for that subnet. Lines 4 and 7 below check if the client is connected via one of the guest VLANs/subnets and assigns the proxy address. All other network clients receive an address from the 172.16.0.0 range are assigned the proxy address from line 10.

   1: function FindProxyForURL(url,host)
   2: {
   3:     if(isPlainHostName(host) || isInNet(dnsResolve(host),"172.16.0.0","255.255.0.0")) {
   4:         return "DIRECT";
   5:     } else if (isInNet(myIpAddress(),"172.16.48.0","255.255.248.0")) {     // Guest Wireless
   6:         return "PROXY 172.16.48.1:80";
   7:     } else if (isInNet(myIpAddress(),"172.16.56.0","255.255.248.0")) {     // Guest Wired
   8:         return "PROXY 172.16.56.1:80";
   9:     } else {
  10:         return "PROXY 172.16.1.21:8080; DIRECT";
  11:     }
  12: }

Future updates include adding some proxy exclusions for intranet and other internal webs using shExpMatch:

if (shExpMatch(url,”*.morecowbell.com/*”)) {return “DIRECT”;}

The WPAD and Pac file need to be in the root of the default web site in IIS. If you try and move the files to another site in IIS then the connection to the file is broken, even if the path is still valid. This quirk has something to do with different browsers sending different information to the web server when they request the auto proxy. This is from Wikipedia:

“When automatic proxy detection is used, Internet Explorer sends a “Host: <IP address>” header and Firefox sends a “Host: wpad” header. This is unexpected behavior, therefore, it is recommended that the wpad.dat file be hosted under the default Virtual Host rather than its own.”

OSX Auto Proxy

The auto proxy in OSX seems to be only semi-automatic… from experience with some of our Apple machines on campus, you have to manually set the address for the auto proxy file under Safari –> Preferences –> Advanced –> Proxies: Change Settings and manually enter http://wpad/proxy.pac

More Info

FindProxyForURL has more information and examples