Joining domain during Windows logon using VPN

Published
by
Ville Walveranta
on 07 May 2008
in MostlyTechnical.info
. Comments

I didn’t know that this was even possible! I’m setting up a new laptop whose primary user account is also a domain account. I joined the laptop to the domain while at the office, but forgot to log in as the user and hence the user profile had not been created and the login credintials hadn’t been cached.  I needed to install software on the laptop and make it generally ready for use, but I needed the user account ready before then. What to do?

I came across an article in Tech Republic that provided the solution: Joining domain during Windows logon using VPN. Perfect! I got the user account created the logon credintials cached, and subsequently the software installed and the desktop made ready for the user!

CI Host: 40°C and Rising

Published
by
Ville Walveranta
on 11 April 2008
in MostlyTechnical.info and Rants
. Comments

I spent most of today dealing with server emergencies. Last night we had severe thunderstorms pummeling through the Dallas-Fort Worth metro area with high winds, even few tornado alerts. No tornadoes were officially spotted in the city area, but winds and the lightning were strong enough to do some damage to the power grid. Servers were still working normally at night (I was up, watching the weather radar at 4am), but by the morning the dedicated servers I manage were unreachable. A quick call to CI Host’s tech support produced no help: a busy tone. Dialing repeatedly for the next half an hour didn’t make any difference, so there didn’t seem to be support available today. According to the recorded “current network status” at the company’s main phone number there were “no current network outages or other issues”. Yeah, right. Being only 20 minutes or so away from the facility I decided to go to investigate.

At the hosting company’s Bedford facility (”CDC-01″) chaos reigned supreme. All the doors were open, diesel generators were spewing fumes into the air (while being cooled by rigged water-hoses), and a mixture of technicians and concerned looking nerds were running around. Being one of the nerds, I joined in. There was no usual security, I strolled in to the lobby and chatted with one of the CI Host’s admins. Mains power was down as I had gathered from the diesel generators running outside of the building. Since I was there, I decided to take a look at the co-located servers on two different floors. Elevators were not working, of course, so it was up the stairs. Approaching the 2nd floor server room the temperature was increasing on every step — the generators were able to provide electricity for the servers, but not for the A/C!. Inside the room, the thermometer on the wall was displaying 90°F (32°C), but someone who had been there for several hours working on their server swore the thermometer was pegged to not go over the 90°F mark. My server’s internal temperature sensors were indicating 43°C for the case temperature.

After a few moments I decided to shut down the servers to prevent hardware damage.. the CPU temperatures were reasonable but the hard drives were running rather hot — normally the server room is some 30-40 degrees (C) cooler.

After shutting down the servers I was ready to leave, and picked up the phone to have someone to come to let me out. Line busy! Was I trapped in the sauna? No… I forgot there was no security today; all the doors were unlocked. So I decided to pay a visit to the third floor co-lo room where the A/C was supposed to be running and where another of the servers I manage is located. Once I made it there (through a staircase), I found just another hot room full of concerned nerds and their baking computers. I switched off the server there, too, and left.

According to the case temperature sensors the A/C started working again around 10:30 in the evening. I switched the servers back online through remote access.

With the dust settled, I’m starting to look for alternative co-lo facilities. While the power outage was not the fault of CI Host, their level (or lack of) disaster preparedness is disheartening. Firstly, it is very irresponsible to let the clients’ servers run in that kind of “torture test” environment — I think they should not provide electricity for the servers if there is no electricity for the A/C. This exact same thing happened few years back after a major storm, but early summer rather than in the spring, so the temperatures were even higher. Clearly there has been no improvement in the emergency power since that time.

The strongest contender at the moment is Colo4Dallas. I’m going to tour their facility in the next few days, and likely start planning a move there.

Farewell qmail, you’ve served well!

Published
by
Ville Walveranta
on 16 March 2008
in MostlyTechnical.info
. Comments

In the fall of 2001 I set up a “general purpose” server (mail, web, database…) that is still in use today. At that time qmail was still a fairly attractive option even though there had already then not been updates from it’s author for about four years. There were no other major players at that time if one didn’t want to venture to the Sendmail realm (which I didn’t). Postfix and exim had major issues at that time while qmail had all the features available though an increasing number were patches written by various skilled programmers other than Dan Bernstein, author of qmail.

Some years passed by with no further updates to qmail, and already around 2004 exodus started from qmail to alternative clients, namely Postfix. And now, in 2008, it has been a decade since the last release (the original release, in fact) of qmail. In the coming months I have the operating system upgrade (to the newly released FreeBSD 7) coming up, and at the same time I’ll move away from qmail. The most likely replacement MTA is Postfix with dovecot. The details are still somewhat fuzzy; instructions to set up exactly what I’m thinking about don’t seem to be available anywhere, so lots of Googling and trial-and-error are to be expected. A how-to document that perhaps comes to closest is “HOWTO: Postfix, Dovecot, Jamm, OpenLDAP, and SASL” by Peter Lacey. But I don’t want to use Jamm. I get hives from using Java-based management tools, so there has to be something better, right? No? Well, I would also like to use MySQL for at least user data storage if not for message storage as well.

If you’re setting up something similar, or have something similar already up and running, I would like to hear about it. I will be posting details and how-to info here as the configuration of the new mail system is progressing.

Network Solutions follow-up

Published
by
Ville Walveranta
on 26 February 2008
in MostlyTechnical.info and Rants
. Comments

The last of the two domains I registered on February 14 was finally live on Feb 24th.. after several calls to NSI technical support (and probably total of 2 hours on hold). Even though both of the domains were included in the initial trobule ticket on Feb 17th, only one of them was fixed and operational on the 19th. The second domain took additional five days to get online. Good going, NSI!

One thing I did learn, though: apparently it is possible to have the reservation deleted. In other words, if you or someone else looks up a domain name using NSI’s home page and they “do you a favor” by reserving the name for the next seven days “so that the scalpers can’t register it” (I can’t really see how that improves the situation — they have no way of knowing who checked the availability of the domain name initially), you can call NSI’s tech support and request the name to be removed from the reservation list immediately, thus opening it up for reservation at other registrars.

Stay away from NSI!

Network Solutions — Pay More, Get Less

Published
by
Ville Walveranta
on 16 February 2008
in MostlyTechnical.info and Rants
. Comments

The two domains I was forced to register via Network Solutions (see the previous post) are still not live, two days later. I set the name servers correctly immediately after the domains were registered, created the corresponding name server records, and tested them. Then I waited. 24 hours.. no live domains. 48 hours.. no live domains! I called NSI’s technical support and, after about 30 minutes on hold, was told to preferably use their internal managed name servers, or if I really had to use my own name servers, reassign the name servers to the internal, then back to my own. In other words, “flip the switch” few times. Click. Click. Click. And then call them back some hours later if nothing happens. For this I had to pay $20 more per domain per year! Generally at GoDaddy the domains are live instantly, and at latest within an hour or two after registration. No fuss. I’m sure the same is true with many other good registrars out there, Network Solutions is just not one of them.

Network Solutions Uses Creepy Marketing Tactics!

Published
by
Ville Walveranta
on 14 February 2008
in MostlyTechnical.info and Rants
. Comment

Network Solutions is now apparently resorting to rather questionable marketing tactics to be able to continue to charge the excessive $35/year for .com registrations while stellar competition (such as GoDaddy) offers the same for $9.99/year and you get better customer service and easier to use management interface.

There are many snazzy AJAX-based whois tools on the web, such as ajaxwhois.com. Some of them abuse the collected lookup information so that when a user finds a cool sounding domain name that is available but doesn’t register it right away, the owner of the whois-tool goes and registers the domain name and slaps a $5,000 sticker on it. Few people go for that, but what if the increased sticker was $35? This is what Network Solutions now does! If you look up a domain name at networksolutions.com, and it is currently free, the cost is $9.00/year. That’s ¢95 less for the first year than the same registration through, for example, GoDaddy. But if you don’t register the domain right away, let’s say you wait couple of hours, Network Solutions snaps it up, and the price suddenly increases to the NSI’s old $35/year (since now you don’t have the option to use a competing registrar). Lookup at, for example, GoDaddy tells that the domain name you looked up “is already taken”. Command line Whois, on the other hand, says:

Registrant:
This Domain is available at NetworkSolutions.com
13681 Sunrise Valley Drive, Suite 300
HERNDON, VA 20171
US

Domain Name: THE-DOMAIN-I-LOOKED-UP-COUPLE-OF-HOURS-AGO.COM

————————————————————————
This Domain is Available - Register it Now!
600,000 domain names are registered daily! Don’t delay; there’s no guarantee
that a domain name you see today will still be here tomorrow!
Register it Now at www.NetworkSolutions.com.
————————————————————————

Administrative Contact, Technical Contact:
Network Solutions, LLC domainsupport@networksolutions.com
13681 Sunrise Valley Drive, Suite 300
HERNDON, VA 20171
US
1-888-642-9675 fax: 571-434-4620

Record expires on 14-Feb-2009.
Record created on 14-Feb-2008.
Database last updated on 14-Feb-2008 17:20:18 EST.

Domain servers in listed order:

ns1.reserveddomainname.com 205.178.190.55
ns2.reserveddomainname.com 205.178.189.55

Swell, eh? When you don’t have what it takes to offer better service than the competition, then you use shady tactics to extract money from the unwilling clientele. NSI is a bit akin to SBC/AT&T in that both originate from the time when they had the monopoly in their respective business areas. Times change, but procedures and even more importantly the old corporate mind-set stick hard.

Today I registered two domain names through NSI at the elevated $35/year cost because the names were needed, and because my boss looked up their availability earlier today using Network Solutions homepage. I will be transferring the domains to GoDaddy shortly, and will from now on advice everyone stay away from NSI (well, I already have been doing so but this is yet another reason to continue do so).

Firefox, IE not able to resolve domain names

Published
by
Ville Walveranta
on 13 February 2008
in MostlyTechnical.info
. Comments

Today I spent some time trying to figure out what was wrong with my daughter’s Windows XP Pro PC whose Internet browsers (both IE7 and Firefox 2.0) had stopped resolving domain names. Direct access to IP numbers worked as long as the web server being accessed was not redirecting to a domain name, and the LAN domain names (provided by a WINS server) were resolving correctly. Further, NSLOOKUP was working normally, and I could telnet from a command prompt both to LAN and WAN targets.

Some web-searching later I came across a thread in Tek-Tips (”Browser cannot resolve domain names”) that seemed to describe a similar scenario. Disappointingly, despite of many suggestions that were offered and tried, the person with the problem had ended up reinstalling WinXP to solve the problem.

So what had changed? I couldn’t remember making any changes on that PC, though of course my daughter could’ve made some change (if she had she didn’t admit to it ;) ). But in the end it was Mea Culpa. In the Tek-Tips thread someone mentioned that the possible culprit could be a problem with a deterministic network driver. Hmm. To get some network application working on that computer I had disabled Kaspersky Internet Security firewall last night. It turns out that disabling the firewall disables DNS resolution on the computer (NSLOOKUP works because it talks to the name server directly). Shutting down KIS entirely didn’t make a difference, but once I re-enabled the firewall, things returned back to normal. I suppose had I uninstalled KIS it would have no longer interfered with the name resolution like it did when it was simply turned off.

For some reason it was not possible to respond to the thread in Tek-Tips Forums, so I leave this follow-up to the problem here. Maybe this info will save someone from having to reinstall XP in order to restore network access on their PC.

AT&T (sbcglobal.net) misses a beat?

Published
by
Ville Walveranta
on 27 October 2007
in MostlyTechnical.info
. Comments

A client whose emails are being relayed through a server I maintain alerted me that he wasn’t getting any emails though. After confirming that the email server was running smoothly, I checked the name resolution for “sbcglobal.net” with nslookup. Nothing there! Several other major DNS providers with exception of OpenDNS weren’t resolving sbcglobal.net, either (perhaps OpenDNS holds the cache for longer?) Would the queries be blocked from some areas of the net (I can’t imagine why)? I tried from three major networks with the same results. Yet there’s no major outcry on the web that sbcglobal.net would not be working, and DNSStuff DNSresport doesn’t find anything majorly wrong with sbcglobal.net service (other than that there is no A record.. but my digging couldn’t find anything – not even an MX record!) Every other valid zone I try works normally at their corresponding name servers (as listed in the zone’s registrar records). Can anyone explain?

Here’s a transcript from one of the systems (others were like a mirror copy.. exactly the same results):


[Astronite:/] [14:41]# whois sbcglobal.net

Whois Server Version 2.0

Domain names in the .com and .net domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information.

   Domain Name: SBCGLOBAL.NET
   Registrar: NETWORK SOLUTIONS, LLC.
   Whois Server: whois.networksolutions.com
   Referral URL: http://www.networksolutions.com
   Name Server: NS1.PBI.NET
   Name Server: NS1.SWBELL.NET
   Name Server: NS2.SWBELL.NET
   Status: clientTransferProhibited
   Updated Date: 09-oct-2006
   Creation Date: 27-mar-2000
   Expiration Date: 27-mar-2015

>>> Last update of whois database: Sat, 27 Oct 2007 19:40:32 UTC < <<

[whois server legal yada-yada deleted]

Visit AboutUs.org for more information about SBCGLOBAL.NET
AboutUs: SBCGLOBAL.NET

Registrant:
SBC Internet Services, Inc.
   1701 Alma dr
   Plano, TX 75075
   US

   Domain Name: SBCGLOBAL.NET

   Administrative Contact, Technical Contact:
      Southwestern, Bell                DNSCONTACT@att.com
      Southwestern Bell Internet Services
      1701 Alma dr
      Plano, TX 75075
      US
      1-800-648-1626 fax: 214-473-2253

   Record expires on 27-Mar-2015.
   Record created on 27-Mar-2000.
   Database last updated on 27-Oct-2007 15:41:08 EDT.

   Domain servers in listed order:

   NS1.PBI.NET                  206.13.28.11
   NS1.SWBELL.NET               151.164.1.1
   NS2.SWBELL.NET               151.164.11.218

[Astronite:/] [14:41]# nslookup
> server ns1.pbi.net
Default server: ns1.pbi.net
Address: 206.13.28.11#53
> sbcglobal.net
Server:         ns1.pbi.net
Address:        206.13.28.11#53

*** Can’t find sbcglobal.net: No answer
> server ns1.swbell.net
Default server: ns1.swbell.net
Address: 151.164.1.1#53
> sbcglobal.net
;; connection timed out; no servers could be reached
> server ns2.swbell.net
Default server: ns2.swbell.net
Address: 151.164.11.218#53
> sbcglobal.net
;; connection timed out; no servers could be reached
> exit

[Astronite:/] [14:42]# dig @ns1.pbi.net sbcglobal.net /all
;; Got answer:
;; ->>HEADER< <- opcode: QUERY, status: NOERROR, id: 2301
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;sbcglobal.net.                 IN      A

;; AUTHORITY SECTION:
sbcglobal.net.          7200    IN      SOA     ns1.swbell.net. postmaster.swbell.net. 2007102500 7200 900 604800 7200

;; Query time: 182 msec
;; SERVER: 206.13.28.11#53(206.13.28.11)
;; WHEN: Sat Oct 27 14:42:37 2007
;; MSG SIZE  rcvd: 89

; <<>> DiG 9.4.1-P1 < <>> @ns1.pbi.net sbcglobal.net /all
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER< <- opcode: QUERY, status: NOERROR, id: 64773
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 13, ADDITIONAL: 13
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;/all.                          IN      A

;; AUTHORITY SECTION:
.                       386954  IN      NS      B.ROOT-SERVERS.NET.
.                       386954  IN      NS      C.ROOT-SERVERS.NET.
.                       386954  IN      NS      D.ROOT-SERVERS.NET.
.                       386954  IN      NS      E.ROOT-SERVERS.NET.
.                       386954  IN      NS      F.ROOT-SERVERS.NET.
.                       386954  IN      NS      G.ROOT-SERVERS.NET.
.                       386954  IN      NS      H.ROOT-SERVERS.NET.
.                       386954  IN      NS      I.ROOT-SERVERS.NET.
.                       386954  IN      NS      J.ROOT-SERVERS.NET.
.                       386954  IN      NS      K.ROOT-SERVERS.NET.
.                       386954  IN      NS      L.ROOT-SERVERS.NET.
.                       386954  IN      NS      M.ROOT-SERVERS.NET.
.                       386954  IN      NS      A.ROOT-SERVERS.NET.

;; ADDITIONAL SECTION:
B.ROOT-SERVERS.NET.     473354  IN      A       192.228.79.201
C.ROOT-SERVERS.NET.     473354  IN      A       192.33.4.12
D.ROOT-SERVERS.NET.     473354  IN      A       128.8.10.90
E.ROOT-SERVERS.NET.     473354  IN      A       192.203.230.10
F.ROOT-SERVERS.NET.     473354  IN      A       192.5.5.241
G.ROOT-SERVERS.NET.     473354  IN      A       192.112.36.4
H.ROOT-SERVERS.NET.     473354  IN      A       128.63.2.53
I.ROOT-SERVERS.NET.     473354  IN      A       192.36.148.17
J.ROOT-SERVERS.NET.     473354  IN      A       192.58.128.30
K.ROOT-SERVERS.NET.     473354  IN      A       193.0.14.129
L.ROOT-SERVERS.NET.     473354  IN      A       198.32.64.12
M.ROOT-SERVERS.NET.     473354  IN      A       202.12.27.33
A.ROOT-SERVERS.NET.     473354  IN      A       198.41.0.4

;; Query time: 92 msec
;; SERVER: 206.13.28.11#53(206.13.28.11)
;; WHEN: Sat Oct 27 14:42:37 2007
;; MSG SIZE  rcvd: 441

[Astronite:/] [14:42]# dig @ns1.swbell.net sbcglobal.net /all
;; connection timed out; no servers could be reached

; <<>> DiG 9.4.1-P1 < <>> @ns1.swbell.net sbcglobal.net /all
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER< <- opcode: QUERY, status: NOERROR, id: 2766
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 13, ADDITIONAL: 13
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;/all.                          IN      A

;; AUTHORITY SECTION:
.                       49366   IN      NS      a.root-servers.net.
.                       49366   IN      NS      b.root-servers.net.
.                       49366   IN      NS      c.root-servers.net.
.                       49366   IN      NS      d.root-servers.net.
.                       49366   IN      NS      e.root-servers.net.
.                       49366   IN      NS      f.root-servers.net.
.                       49366   IN      NS      g.root-servers.net.
.                       49366   IN      NS      h.root-servers.net.
.                       49366   IN      NS      i.root-servers.net.
.                       49366   IN      NS      j.root-servers.net.
.                       49366   IN      NS      k.root-servers.net.
.                       49366   IN      NS      l.root-servers.net.
.                       49366   IN      NS      m.root-servers.net.

;; ADDITIONAL SECTION:
a.root-servers.net.     49366   IN      A       198.41.0.4
b.root-servers.net.     49366   IN      A       192.228.79.201
c.root-servers.net.     49366   IN      A       192.33.4.12
d.root-servers.net.     49366   IN      A       128.8.10.90
e.root-servers.net.     49366   IN      A       192.203.230.10
f.root-servers.net.     49366   IN      A       192.5.5.241
g.root-servers.net.     49366   IN      A       192.112.36.4
h.root-servers.net.     49366   IN      A       128.63.2.53
i.root-servers.net.     49366   IN      A       192.36.148.17
j.root-servers.net.     49366   IN      A       192.58.128.30
k.root-servers.net.     49366   IN      A       193.0.14.129
l.root-servers.net.     49366   IN      A       198.32.64.12
m.root-servers.net.     49366   IN      A       202.12.27.33

;; Query time: 486 msec
;; SERVER: 151.164.1.1#53(151.164.1.1)
;; WHEN: Sat Oct 27 14:43:16 2007
;; MSG SIZE  rcvd: 441

[Astronite:/] [14:43]# dig @ns2.swbell.net sbcglobal.net /all
;; connection timed out; no servers could be reached

; <<>> DiG 9.4.1-P1 < <>> @ns2.swbell.net sbcglobal.net /all
; (1 server found)
;; global options:  printcmd
;; connection timed out; no servers could be reached
[Astronite:/] [14:44]#

Loose email address validation with JavaScript

Published
by
Ville Walveranta
on 23 October 2007
in MostlyTechnical.info
. Comments

I was looking for a fairly basic validation routine to weed out intentional garbage from a form email field. All I came across were either too restrictive or didn’t check what could be checked, so I wrote my own (inspired by various scripts on the web).

// pattern to match email addresses loosely
regex1 = /^[^\s\n@]*[^\s\n\.@]\@[^\s\n\.@][^\s\n@]*(?=\.[^\s\.\n @]+$)\.[^\s\.\n @]+$/;

// pattern to check for double-dots
regex2 = /(?:\.\.)/;

// get the form value and trim whitespace using jQuery
email_address = jQuery.trim($j("#bus_email").val());

if (!email_address.match(regex1) || email_address.match(regex2))
alert("Please check the email address for accuracy!");

The above regex pattern will look for the following points in an email address:

  • Only one @-sign.
  • No spaces in the string.
  • No newlines/linefeeds in the string.
  • One or more characters before the @-sign. The character immediately before @ may not be a period.
  • The character immediately after @ may not be a period.
  • One or more characters after the @-sign, followed by at least one period followed by one or more characters at the end of the string (for the TLD).
  • No two adjacent dots.

The RFC 2822 that defines the email address format is pretty complex, and new TLDs are added from time to time. This script helps to catch typos and randomly entered garbage, but of course has no way to prevent users from entering correctly formed but invalid addresses.

I’m using two separate regular expressions as there doesn’t seem to be a way to negate a string (i.e. two consecutive dots) but only single characters. If someone reading this happens to know how to combine the two regular expressions into one, please let me know!

JavaScript to ID credit card type

Published
by
Ville Walveranta
on 23 October 2007
in MostlyTechnical.info
. Comments

I’m working on a subscription page which needs to identify the type of the entered credit card number, and display a logo accordingly. I came up with the following script to ID the card:


// get entered cc_number using jQuery
cc_number = $("#cc_number").val();


// remove spaces and hyphens
cc_number = cc_number.replace(/[ -]/g,"");


// initially the card type is unknown
cardtype = '';
$j("#cc_type").val("");


// define card names and their matching patterns
ccArray = {"visa" : "^4[0-9]{12}(?:[0-9]{3})?$",
"mastercard" : "^5[1-5][0-9]{14}$",
"discover" : "^6011[0-9]{12}$",
"amex" : "^3[47][0-9]{13}$"};


// identify the card type
for (key in ccArray) {
regex = new RegExp(ccArray[key]);
if (regex.test(cc_number)) {
cardtype = key;
break;
}
}

I validate the card number next (JS routine available elsewhere on the web), and if that’s ok, display the logo using the card type.