Juniper Pulse VPN Client on Linux

If you are running 64 bit linux, you may need to install 32 bit libraries for glibc, zlib, and nss-mdns. In the instructions below, replace with the your VPN appliance hostname.

You will need to know the login realm in order to connect. If you don’t already know the realm, you can get it as follows:

wget -q --no-check-certificate -O - '' | sed -n 's/.*<input\( [^>]*name="realm" [^>]*\)>.*/\1/p' | sed -n 's/.* value="\([^"]*\)".*/\1/p'

Download and unpack the VPN client java application:

mkdir -p ~/.juniper_networks/network_connect
cd ~/.juniper_networks/network_connect
unzip ncLinuxApp.jar

Get the VPN server certificate

sh ./ company.crt

Finally, establish the VPN connection

./ncsvc -h -u username -r realm-f ./company.crt

A big thanks to StardustOne on for providing this information.

LSI MegaRaid on XenServer

If you are like me, you may be interested in monitoring a XenServer host’s local LSI RAID controller. In particular, I wanted to see the status via SNMP, in order to tie into monitoring systems. You can also use the MegaRAID Storage Manager for viewing and configuring remotely and without having to reboot the host.

Switch the system to shadow passwords. This is required for the Storage Manager application, and it’s insane the XenServer doesn’t already run this way by default.


Install the required packages. The .rpm files are all included in the download from LSI. Be sure to get the x86 version (not x64), as the XenServer dom0 is not 64 bit.

yum --enablerepo=base install net-snmp-utils
rpm -ivh Lib_Utils-1.00-09.noarch.rpm
rpm -ivh Lib_Utils2-1.00-02.noarch.rpm
rpm -ivh MegaRAID_Storage_Manager-12.05.03-00.noarch.rpm
rpm -ivh sas_ir_snmp-12.05-0201.i386.rpm

Add the following lines to /etc/sysconfig/iptables in order to allow Storage Manager and SNMP traffic. These lines should go right next to the similar lines for port 22, 80, etc.

-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 161 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 3071 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 5571 -j ACCEPT

Apply the firewall changes

service iptables restart

Add the following line to /etc/snmp/snmpd.conf in order to permit reading LSI OIDs via the “public” community.

view    systemview    included   .

Finally enable/start all the services, and try an snmp query to make sure it works:

chkconfig vivaldiframeworkd on
chkconfig snmpd on
service vivaldiframeworkd start
service snmpd start
snmpwalk -v2c -c public .

ESXi – Getting past installer hang

If VMWare ESXi 5.5 installer hangs at “Relocating modules and starting up the kernel”, you can use the following to get it to run:

  1. Press shift+O during ESXi boot
  2. Append “ignoreHeadless=TRUE” to the options
  3. When the system reboots after the install, perform steps 1 and 2 again
  4. From the ESXi shell, run the following command (this applies the ignoreHeadless option permanently): esxcfg-advcfg –set-kernel “TRUE” ignoreHeadless

Lightroom SQLite Magic

You may know that the Adobe Lightroom catalog (.lrcat) file is actually just an SQLite database. That means you can use the regular SQLite tools on it. I wanted to grab a simple list of all files in my Lightroom catalog, so I came up with this query to do the job:

SELECT root.absolutepath||folder.pathfromroot||file.idx_filename AS path
FROM aglibraryrootfolder AS root
INNER JOIN aglibraryfolder AS folder
ON folder.rootfolder=root.id_local
INNER JOIN aglibraryfile AS file
ON file.folder=folder.id_local;

Automated Shadow Copies in Windows 8.1

For some ridiculous reason, Microsoft decided to not include the Volume Shadow Copy GUI features in Windows 8.1. I wrote the powershell module below to use in a scheduled task. It creates a shadow copy on the specified volume, and optionally deletes any old shadow copies on that volume. You can actually still access the “Previous Versions” property tab for network volumes to retrieve files. To access the shadow copy files on the local machine, just use the admin UNC path (\\host\c$ or similar). To install the module, just save it as a .psm1 in a same-named subdirectory of your PSModulePath (such as c:\Program Files\WindowsPowerShell\Modules\ShadowCopy\ShadowCopy.psm1). You can then just use the Invoke-ShadowCopy command to run it.

function Invoke-ShadowCopy()
    Create shadow copies for a volume and optionally delete old shadow copies
	Designed to be used as a scheduled task for newer versions of
	Windows that don't have built-in support for automated shadow copies
    The drive letter or ID of the volume
	If a number of days is specified, shadow copies older than this will be deleted
    Author: Darrell Enns
    Date:   January 16, 2014    
	$ErrorActionPreference = "Stop"
	$vol=Get-WmiObject -class win32_volume | Where { $_.DriveLetter -eq $volume -or $_.DeviceID -eq $volume }
	write-host "Creating shadow copy on" $vol.DriveLetter
		write-host "Deleting shadow copies older than $PurgeDays days"
function CreateShadowCopy($vol)
	$result=$sc.create($vol.DeviceID, "ClientAccessible")
function DeleteOldShadowCopies($vol)
	Get-WmiObject -class win32_shadowcopy | Where { $_.VolumeName -eq $vol.DeviceID } | Foreach-Object `
		if(($age.TotalDays) -gt $PurgeDays) {
			write-host Deleting old shadow copy from $shadow_date
Export-ModuleMember Invoke-ShadowCopy

Here’s another approach – creating a wrapper to get the full functionality from “vssadmin”. It’s definitely a bit of a hack, but a pretty elegant one and a good read.