jbmurphy.com

  • Cisco ASA memory issues – disable webvpn cache may fix?

    The credit for this article goes to @xrobx99. I wanted to blog about his discovery so that others might find the solution quicker.

    We have an Cisco ASA that we had to reboot every month because the memory would keep growing. We thought it was a memory leak (and it may have been in previous revisions), so we just lived with the fact that we had to keep rebooting the ASA to clean up the leak. @xrobx99 found that by default the ASA caches html when using webvpn. Well that explains that! A growing cache could easily be misinterpreted as a memory leak (see CSCtb68311)!

    webvpn cache disable

    Our memory use has not grown since making the change!

  • Cisco ASA: tunnel-group commands and Connection Profiles

    I have to say, it is difficult to learn Cisco products.  I have been hacking away at my new Cisco ASA 5505, and it is not easy. One of the toughest things is that the ASDM displays the configuration one way, but when you look at the config, it is completely different. For example, ASDM shows Connection Profiles, but the actual code uses tunnel-group. Not even close. The documentation has one line out of 46 pages.

    You configure connection profiles using tunnel-group commands. In this chapter, the terms “connection profile” and “tunnel group” are often used interchangeably.

    Took me quite a while to figure that out. I guess that is why people go to training (and the 5505 is not a consumer product).

     

  • PowerShell wrapper script to send email

    I wanted a standard function that I can call from other scripts to send email. I needed multiple recipients, and default sender and smtp arguments. Here is the script that I came up with.

    function JBMURPHY-Send-Email {
Param(	[parameter(Mandatory = $true)]$ToAddress,
	[parameter(Mandatory = $true)]$Subject,
	[parameter(Mandatory = $true)]$Body,
	[parameter(Mandatory = $false)]$FromAddress="[email protected]",
	[parameter(Mandatory = $false)]$SMTPAddress="192.168.1.1")
$msg = New-Object Net.Mail.MailMessage
$msg.From = $FromAddress
$msg.Body = $Body
$msg.Subject = $Subject
if($ToAddress -isnot [Object[]]) {$ToAddresses = ([string]$ToAddress).Split(";")}
foreach($Address in $ToAddresses) { $msg.To.Add($Address)}
$smtp = new-object Net.Mail.SmtpClient($SMTPAddress)
$smtp.Send($msg)
}

  • PowerShell script to add users to a group

    In this previous post : PowerShell wrapper for creating a new distribution group, I created a script for creating a new distribution group. I wanted to take that a step further and prompt the SysAdmin to add users. I created a new recursive function called AddToDistributionGroup. In this code, I prompt for a group name, and a user to add. The SysAdmin types in the first few parts of the name (I could have used samaccountname) and then I then loop through ADusers with that name asking the SysAdmin if that is the user they want to add. 

    function JBMURPHY-EXCHANGE-AddToDistributionGroup {
Param(	[parameter(Mandatory = $true)]$GroupName,
	[parameter(Mandatory = $true)]$UserToAdd)
JBM-EXCHANGE-StartPSSESSION
if (!($GroupName)) {write-host "you need to specify a group name"
break}
if (($UserToAdd)) {
 $UserToAdd=$UserToAdd+"*"
 Get-aduser -filter {(name -like $UserToAdd) -and (Enabled -eq $true)} | foreach-object {
  $UserName=$_.Name
  $message = "Add $UserName to the group: $GroupName"
  $yes = New-Object System.Management.Automation.Host.ChoiceDescription "&Yes","Yes add $UserName to the group $GroupName"
  $no = New-Object System.Management.Automation.Host.ChoiceDescription "&No","No, don't add $UserName to the group $GroupName?"
  $options = [System.Management.Automation.Host.ChoiceDescription[]]($yes, $no)
  $result = $host.ui.PromptForChoice($title, $message, $options, 0) 
  if ($result -eq 0){
   write-host "Adding $UserName"
   Add-DistributionGroupMember -Identity $GroupName -Member $UserName
  }
 }
JBM-EXCHANGE-AddToDistributionGroup $GroupName
}
}

    * Note, there is not any error checking to see if the group exists. I am mainly using this code to be called from a NewDistributionGroup script, where I know the name of the group. I may add a lookup to see if the group exists at some point.

    ** Now that I think about it, this is for any type group, not just distribution groups.

  • VMware Fusion 4 – Did they move vmrun?

    Did they move vmrun in VMware Fusion 4?

    In version 4, I find it here: “/Applications/VMware Fusion.app/Contents/Library/”

    But this documentation says that the command should be in “/Library/Application Support/VMware Fusion”, but I found it here”/Applications/VMware\ Fusion.app/Contents/Library/vmrun”

    I don’t see anything in the release notes.

    Anyone?

     

  • PowerShell wrapper for creating a new distribution group

    Unknown to me, in Exchange 2010 when you create a new distribution group in EMC, by default, the group will not receive email from external recipients – the setting “Require that senders are authenticated” is checked. We use distribution groups to communicate with clients, so unauthenticated senders need to email these groups.  This setting is on the Mail Flow Setting – Message Delivery restrictions page.  I wrote a simple wrapper script to create a new distribution group and turn off the “Require that senders are authenticated” setting:

    function JBMURPHY-EXCHANGE-NewDistributionGroup {
Param([parameter(Mandatory = $true)]$GroupName)
Write-host "Creating group named $GroupName"
new-DistributionGroup -Name $GroupName -OrganizationalUnit 'site.name/OUName' -SamAccountName $GroupName -Alias $GroupName
Set-DistributionGroup $GroupName -RequireSenderAuthenticationEnabled $false
write-host "The $GroupName distribution group has been created."
}

    Simple one. I know.

  • PowerShell wrapper scripts for Exchange 2010 – first step: make a connection

    As I talked about in this previous post, I like to write wrapper scripts that collect input and pass it along to the actual provided functions. I call these wrapper scripts because they are not really doing anything ground breaking, they are just a series of conditionals and commands that I put together, with a common naming convention. Then, all we have to do is tab completion through the scripts that I have written.

    I wanted to do the same for creating new distribution groups in Exchange 2010, but first ,I needed to make  the Exchange 2010 PowerShell functions available on our local machines. I wrote the following function that starts a PSSession on the exchange server. This function will be called at the beginning of every Exchange wrapper script, guaranteeing that we have a connection to the Exchange PowerShell functions.

    Here is that function:

    Function JBMURPHY-EXCHANGE-StartPSSESSION {
if(! (Get-PSSession | Where-Object { $_.ComputerName -like "servername.company.com" })){
Write-Host "Createing PSSession to SVNYEXCH01.SARDVERB.LOCAL" -ForegroundColor Green
Import-PSSession (New-PSSession -Configurationname Microsoft.Exchange –ConnectionUri http://servername.company.com/powershell) | out-null
}
}

  • PowerShell script to email users if password expires soon, and send a summary to IT

    I wanted to expand on my previous script: powershell-to-list-all-users-and-when-their-password-expires, so that it would send the user an email if their password was going to expire soon. Additionally I wanted to send a summary to our IT staff of accounts that were going to expire soon.

    Here is that script:

    $maxdays=(Get-ADDefaultDomainPasswordPolicy).MaxPasswordAge.TotalDays
$summarybody="Name `t ExpireDate `t DaysToExpire `n"

(Get-ADUser -filter {(Description -notlike "IfYouWantToExclude*") -and (Enabled -eq "True") -and (PasswordNeverExpires -eq "False")} -properties *) | Sort-Object pwdLastSet |
foreach-object {

$lastset=Get-Date([System.DateTime]::FromFileTimeUtc($_.pwdLastSet))
$expires=$lastset.AddDays($maxdays).ToShortDateString()
$daystoexpire=[math]::round((New-TimeSpan -Start $(Get-Date) -End $expires).TotalDays)
$samname=$_.samaccountname
$firstname=$_.GivenName
if ($daystoexpire -le 3){
	$ThereAreExpiring=$true

	$emailFrom = "[email protected]"
	$emailTo = "[email protected]"
	$subject = "$firstname, your password expires in $daystoexpire day(s)"
	$body = "$firstname,
	Your password expires in $daystoexpire day(s).

	Please press Ctrl + Alt + Del -> Change password"

	$smtpServer = "smtp.yourdomain.com"
	$smtp = new-object Net.Mail.SmtpClient($smtpServer)
	$smtp.Send($emailFrom, $emailTo, $subject, $body)

	$summarybody += "$samname `t $expires `t $daystoexpire `n"
}
}
if ($ThereAreExpiring) {
$emailFrom = "[email protected]"
$emailTo = "[email protected]"
$subject = "Expiring passwords"
$body = $summarybody
$smtpServer = "smtp.yourdomain.com"
$smtp = new-object Net.Mail.SmtpClient($smtpServer)
$smtp.Send($emailFrom, $emailTo, $subject, $body)
}