Phantom DHCP servers

I recently came across this issue when working with the DHCP servers on the domain at work. Instead of 41 DHCP servers, one for each remote location, the DHCP administration snap-in was showing we had 93! That’s just a few too many.

In order to clean up the DHCP server list, I first opened Active Directory Sites & Services. You have to click View and then Show services node in order to see the available AD services. Then, I expanded Services and clicked on NetServices to see what DHCP servers (dHCPClass records) were listed. I removed all of the invalid records (but not the DhcpRoot record) and then checked the DHCP admin utility. All of the invalid servers were still listed.

The next step was to use ADSI Edit in order to edit the DhcpRoot record found in the NetServices container. Using ADSI Edit, I browsed to the CN=NetServices,CN=Services,CN=Configuration,DC=Domain,DC=Domain container, substitute your domain name after DC=, right clicked on DhcpRoot and chose Properties. I found another list of invalid DHCP servers when I opened the dhcpServers property of the DhcpRoot record. Once I deleted the invalid servers there, the DHCP admin utility only listed the valid DHCP servers.

It was odd that the list was wrong to begin with. Any time a DHCP server is taken off line it is unauthorized first. Only one or two of the invalid servers were servers that had been replaced due to a server crash that resulted in reloading Windows Server 2003. I may need to set up a DHCP server, authorize on the domain and then decommission it to see if AD is removing them properly. I hope it was just a minor glitch carried over from when the domain controllers were Windows 2000 based.

Patience is something you admire in the driver behind you and scorn in the one ahead. – Mac McCleary

23.Nov.09 Active Directory, DHCP, Networking, Server 2003, Windows Comments (0)

Home domain

I’ve finally decided to set up a domain on my home network. I’m trying to decide if I should use Ubuntu Server or Windows Server 2003 (Standard Edition) as the domain controller. Currently, I have an Ubuntu server (6.06.1) running BIND9, DHCP, MySQL and Apache.

We use Windows 2000 & 2003 at work so I have more experience setting it up. I want to learn more about Linux administration, though, so that makes me lean toward Linux. There’s a write-up on HowtoForge about setting up a domain controller using Ubuntu 7.10 and Samba. I plan to follow that article if I go the Linux route.

Either OS will run fine on the system I have:

• 1.8 GHz processor
• 2 GB PC2700 RAM
• 160 GB, 7200 RPM hard drive
• Gigabit ethernet

The current Ubuntu server installation isn’t using many resources. Webmin shows that it’s only using 192 MB of RAM (out of 2 GB) and 0 MB of swap. I know that Windows 2003 would use more than that just with a base OS install.

I think I’ll try to get Ubuntu working first. If I can’t get it to work, I’ll load Windows 2003. Either way, I will have Apache and MySQL running because I use Jinzora as my media server. I’ve tried running Jinzora on IIS but it didn’t run as well as it does on Apache.

A nation of sheep will beget a government of wolves. – Edward R. Morrow

29.Dec.07 Linux, Networking, Windows Comments (3)

Check the hash

Many download sites are now listing the file hash values so that users can verify that the file has not been altered by a 3rd party. There are a few programs out there to allow Windows users to verify the file hash but the easiest I’ve found is HashTab. HashTab is a shell extension that adds a tab to the Windows Explorer file properties window that allows you to see the hash values of a file.

By default, the only values it shows are CRC32, MD5 and SHA-1. Those three are the most commonly used hash types. You can also add the following values through the program settings:

• HAVAL
• RIPEMD-128
• RIPEMD-256
• RIPEMD-320
• SHA-512
• Tiger
• Whirlpool

According to the HashTab site, version 2.0.7 is compatible with all versions of Windows. The last version, 1.14, had separate Windows x32 and x64 installers. The older version is still available from the HashTab site.

There is no safety in numbers, or in anything else. – James Thurber

21.Dec.07 Security, Software, Windows Comments (0)

Reload!

It was inevitable. I had to reload XP on my computer at work. It had to be done because I kept having little errors pop up that would crash the explorer.exe process. The “This won’t take too long” idea turned into “Do I really need all this crap?” after I realized how much software I use almost daily.

I used nLite and RyanVM Integrator to create an XP Pro install CD that had all of my drivers and most of the MS hotfixes. The drivers were the most important. The hard drives in my workstation, a Dell Precision 490, are set up on an Intel SATA RAID. The original Windows XP Pro CD doesn’t have the drivers. Integrating the drivers made it so that I didn’t have to hit F6 during the installation start. Plus, I had the latest drivers for all of the hardware installed on first boot.

It took a while to reinstall all of the applications. Once it was done, I made a Ghost backup. Everything is running much better and faster. I’m going to start utilizing the Windows XP virtual machine (VMware Server) more for testing software. I think the installing and uninstalling of software was one factor in causing the errors.

The first program I’m going to test is DriveImage XML. It’s free, backs up to an XML file and creates hot backups because it uses Microsoft’s Volume Shadow Copy service. It looks like a pretty nice application. If it runs well on the VM, I’ll install it on my workstation so that I always have a current backup.

If it takes a lot of words to say what you have in mind, give it more thought. – Dennis Roth

29.Nov.07 Windows Comments (2)

Windows: Easy MAC address spoofing

While testing out the different NAC solutions, I wanted to see how they would handle a connection where the MAC address that was previously associated with a printer was suddenly associated with a PC. The NIC in my laptop allows me to manually change the MAC address in the NIC properties. That works but I wanted an easier way to make the changes. The solution ended up being a freeware program called Technitium MAC Address Changer.

Some of the features of Technitium MAC Address Changer include:

• Easy to use GUI interface.
• Huge list of manufacturers MAC addresses to choose from.
• Full NIC hardware and configuration information.
• IP configuration shortcuts.

I’m using it tomorrow to test a Cisco NAC we have on loan. The MAC address I’m going to try is currently associated with a Cisco IP phone. According to the Cisco reps, the NAC should detect that the MAC address is being used by a different system and drop me into the quarantine role. That’s just one of a few features they said works but weren’t able to demo during the initial setup.

Men will always be mad, and those who think they can cure them are the maddest of all. – Voltaire

25.Sep.07 Networking, Software, Windows Comments (4)