Blog Archives

Howto: Sonicwall SSL-VPN (NetExtender) on Windows 8.1

Those familiar with the Sonicwall SSL-VPN 2000 appliance and Windows are used to connect to the SSLVPN using the NetExtender software. Older versions of the NetExtender appliance will still offer this software when connected using the browser.There are various forums actually providing instructions on how-to install this old software on Windows 8.1. Most include instructions like disabling the WHQL (windows driver signing) check leaving your system vulnerable. Once the software is installed you will prob run in to various issues including: RRAS isn’t addressed properly, Unable to connect even though authentication is working fine, no routes are being added after a successful connection is established.

Not many people seem to know that Sonicwall mobile vpn provider is a build-in option in windows 8.1. It is -obviously- also the preferred method to connect. Naturally because all the Windows security mechanisms are kept in place using the readily available Sonicwall mobile provider. The instructions below will guide you through the steps required to configure an VPN profile for the SSLVPN appliance and offers an alternative to the older NetExtender software. Additionally consider the maintenance options you have implementing these using domain policies 😉 

  1. Type: Windows key + S;
  2. In the search field type: VPN;
  3. Select the ‘manage virtual private networks’ option;
  4. Select ‘Add a VPN Connection’;
  5. In the ‘VPN provider’ select the ‘Sonicwall Mobile Connect’ option;
  6. Type a descriptive name in the ‘Connection name’ field;
    (this name will be visible throughout windows)
  7. In the ‘Server name or Address’ field type the webadress without the protocol portion. example:
    Adress field:
  8. Select save;
  9. Close all the windows;
  10. Type: Windows key + S;
  11. In the search field type: VPN;
  12. Now select ‘Connect to a network’;
  13. Select your created profile;
  14. In the username field use the following:
    domain\username (remember the domain portion is case sensitive!)
  15. Type your password;
  16. Connect.

If all is correct the connection should come up without any problems. If this is not the case, then please review the advanced settings. These settings are available in the ‘manage virtual private networks’ by selecting the ‘edit’ option on the created profile. (steps 1/3).

You can simply review the routes as follows:

  1. Type: Windows key + R;
  2. In the run field type: powershell;
  3. Run the command: route print | Out-GridView;

Hope this helps.

If you have already disabled driver signing in a previous attempt, then please re-enable it.
Driver root kits are fairly common and a real risk!

Oracle Enterprise Linux 6.x networking

Lately I got many questions regarding the network configuration of Oracle Enterprise Linux 6 (Red Hat Enterprise Linux 6).
Enough to write a little article about it.

It seems that some of the network configuration was altered in OEL6. The reason as far as I know is the implementation of the NetworkManager daemon. I don’t know why they are using CamelCase for the daemon name, but mind that. Even though the NetworkManager should make the configuration as painless as possible (at least thats what the manual page said), it seems to actually make the configuration more of a pain for some.

Below I will cover some topics in an effort to get you going and remove the pain 🙂

Configuring eth0 for manual operation

  • Step 1: disable the NetworkManager daemon
    service NetworkManager stop
  • Step 2: remove the NetworkManager from Init (start-up)
    chkconfig --level 2345 NetworkManager off
  • Step 3: open the ifcfg-eth0 config file (alter the suffix ‘eth0’ to match the adapter of your choice)
    vi /etc/sysconfig/network-scripts/ifcfg-eth0
  • Step 4: Alter the following to match your environment…
    HWADDR={Your MAC address here}
    #PREFIX=24    [can be used alternativly to NETMASK=]
  • Step 5: Write/close the configuration file (:wq in vi)
  • Step 6: Restart the network service
    service network restart
  • TIP 0: Obviously match the configuration above to match your home network.
  • TIP 1: NetworkManager is not always present in which case you can obviously skip step 1 – 2.
  • TIP 2: There are reports that is actually more stable then PREFIX=xx notation.
    My advice, use NETMASK= which is also better understood by non networking guys.
  • TIP 3: Not sure about the correct NETWORK, NETMASK, BROADCAST or PREFIX settings, give ipcalc a try:
    ipcalc --netmask {IPADDR}
    ipcalc --prefix {IPADDR} {NETMASK}
    ipcalc --broadcast {IPADDR} {NETMASK}
    ipcalc --network {IPADDR} {NETMASK}

Configuring DNS

DNS always seems to be a bugger and a hard one to understand. Do note that DNS is JUST A IP PHONEBOOK. Nothing fancy there. Also there are various ways of configuring DNS. One way is by adding the DNS configuration in the ifcfg-suffix configuration file with the DNS1=ip.ip.ip.ip DNS2=ip.ip.ip.ip keywords. As an effect, the networking service will update the appropriate configuration files. To be frank, I find this to be confusing and do not like duplicate configurations everywhere in my -has to be clean- environment. My advice is to configure the DNS is the appropriate files directly like this…

  • Step 1: Edit the resolve.conf where DNS is configured.
    vi /etc/resolv.conf
  • Step 2: Add or Alter the following to match your environment
    search mydomain.home
  • Step 3: Test to see if name resolution works
    set debug
  • TIP 1: Linux actually tries to find the ip in the /etc/hosts file first. If you know the hostnamename and FQDN to an certain IP and it can be classified as static. Consider using the hostsfile instead of a centralized DNS. This will boost performance if the name is resolved often. If multiple systems use and depend on a machine reference, use centralized DNS in order to lighten the administrative tasks.
    vi /etc/hosts
  • TIP 2: Experiencing slow log on times or slow application performance? A faulty DNS configuration might just be the cause. A quick way to test this is by temp. disabling DNS all together. This can be done by editing the /etc/nsswitch.conf file.
    vi /etc/nsswitch.conf
    • alter the line
      hosts:     files dns
    • to the line
      hosts: files
    • write the file and test if the performance has improved.
  • The reason for this is that DNS is often used to register user logon or session information based on the visitors IP address. Examples are the ssh daemon, ftp servers, webservers, linux logon, etc.


In some case you want linux to use alternative routes to access certain Linux resources. The way to go in these cases are creating routes. In most cases you want these to be presistant in which case ‘route add –‘ wont suffice. In our example we will create two new routes. On describing a route to a specific host, the other describing the route to a specific network. Alter the example to match your needs.

  • STEP 1: Create a new file called static-routes in the /etc/sysconfig/ directory
    vi /etc/sysconfig/static-routes
  • STEP 2: Add the following, obviously matching your specific needs
    any net gw metric 1
    any host gw metric 1
  • STEP 3: Restart the network service
    service network restart
  • TIP 1: SIOCADDRT: No such process means the designated gateway doesnt exsist on any known interface. (typo?)
  • TIP 2: view the route information usint the route command
  • TIP 3: use the ipcalc –prefix {IPADDR} {NETMASK} command to determin the right /prefix for your environment.
  • TIP 4: In older environments the ifup-routes is used, this shscript still exsists in the /etc/sysconfig/network-scripts/ifup-routes

Locate my mac address

The ifcfg-eth# config allows you to configure the specific mac address to guarantee the IP is bound to the right adapter. In virtualized environments this might save you a lot of trouble in the situation where the virtualized domain is altered. On the other hand it might cause trouble when the staticly configured MAC is migrated in virtual environments. Either case, you might want to know the MAC linux sees belonging to an certain adapter. You can find the MAC address in the following location:

 cat /sys/class/net/eth0/address

Obviously you need to alter eth0 in the path to match the adapter you are looking for. Not sure? The change directory to /sys/class/net and perform a list to see all discovered and registered adapters.

IPTables (Linux firewall)

By default IPtables (which is the linux firewall) is enabled. You can view the running configuration by checking the service status like this.

 service iptables status

You can simply turn the firewall off by modifying and applying steps 1-2 of the first configuring eth0 instruction. This will reduce the security of your linux platform significantly. My advice, add the ports you need for your services and let IPtables protect you. The easiest way is by simply editing the iptables configuration file.

 vi /etc/sysconfig/iptables 

Adding a port is as easy as copy/pasting the always present firewall rule that allowes port 22 (ssh). Copy past it and alter the -p (protocol) -dport (destination port) to match your needs. For example, allowing HTTP/HTTPS.

-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT

afterward restart iptables

service iptables restart

TIP: If you are experimenting with IPv6 (then your Instant COOL!), mind that the ipv6 firewall is called ip6tables and the configuration is called the same. The basic iptables doesnt handle ipv6 at all.

TIP: If you are using ipv6 code your IPv4 ip to ease administration. Example:

ipv6: 2001::0192:0168:0010:0001/64
Then route on the nibble of choice.

Additional questions?

Just post it below and maybe ill respond in due time 🙂

Fix the inline images -bug- in glpi knowledgebase (htmLawed.php)

GLPI-0-84-8 FIX

GLPI uses the htmLawed filter to clean inserted HTML code. Documentation on this framework can be found here:

Problem with this framework in GLPI is that it does not match image tags properly when they contain inline base64 information.

Here is a simple fix to overcome this problem. The htmLawed.php file can be located in %glpi_root%/lib/htmlawed/htmLawed.php. Open it with your favorite editor. Next locate line: 47. Somewhere arround that area you should find the following.

Web - sftp___nagios@glpi.amis.nl_var_www_glpi_prod_lib_htmlawed_htmLawed.php - A_2013-10-29_12-34-30

Add ‘data’ at the end of the marked line.

$x = (isset($C['schemes'][2]) && strpos($C['schemes'], ':')) ? strtolower($C['schemes']) : 'href: aim, feed, file, ftp, gopher, http, https, irc, mailto, news, nntp, sftp, ssh, telnet; *:file, http, https, data';

The above will stop htmLawed from adding disabled: to the data: in the src=”” tag.

The next step is a bit trickier.

Now we need to actually change the hl_tag function. In the file locate the hl_tag($t) function somewhere around line:407. In this codeblock we are looking for the regular expression marked in the image below:

Web - sftp___nagios@glpi.amis.nl_var_www_glpi_prod_lib_htmlawed_htmLawed.php - A_2013-10-29_12-38-10

This is the expression that doenst match the valid <img> tags within the htmLawed. We dont want to create leaks here, so all we need to do is introduce an exception for our images. You can do so by replacing the text with the following:

Web - sftp___nagios@glpi.amis.nl_var_www_glpi_test_lib_htmlawed_htmLawed.php - A_2013-10-29_12-49-27

In code:

if(!preg_match('`^&lt;(/?)([a-zA-Z][a-zA-Z1-6]*)([^&gt;]*?)\s?&gt;$`m', $t, $m)){
if(strstr($t, 'data:image')){
return $t;
return str_replace(array('&lt;', '&gt;'), array('&amp;lt;', '&amp;gt;'), $t);
}elseif(!isset($C['elements'][($e = strtolower($m[2]))])){
return (($C['keep_bad']%2) ? str_replace(array('&lt;', '&gt;'), array('&amp;lt;', '&amp;gt;'), $t) : '');

After this, the images should show up just fine

GLPI - Knowledge base_2013-10-29_12-50-51

I hope this was helpfull 🙂

Update GLPI tickets with requesters group

When using GLPI it can be very usefull to automatically assign a group based on the ticket requester. This allows you to use the reporting module and report for instance based on dept group. The problem is that GLPI does allow this using the Behaviour plugin, but it will not report tickets that couldnt be assigned a group. This will actually render reports unusable because you might miss unassigned tickets. For this reason we wrote a little script to process this AND report any ticket that couldnt be assigned (the requester isnt assigned a group)

Business Rules:
0. GLPI version : 0.83.7
1. GLPI uses the mailgate that creates tickets of known users.
2. All known users are assigned to at least one group
4. Script seeks groups and then assigns them uniquely to the ticket.
5. Script will be triggered by cron
6. All actions will/can be reported in a mail
7. If no actions where executed, no mail will be send.

$usr = 'john'; $pas = 'doe'; $db = 'glpi_0837';&lt;/pre&gt;
$db = new mysqli(&quot;localhost&quot;, $usr, $pas, $db);
 printf(&quot;Connect Failed %s\n&quot;, mysqli_connect_error());
/* Get all the tickets */
$s1 = 'select, t.users_id_recipient from glpi_tickets t';
$r1 = $db-&gt;query($s1);
while($row = $r1-&gt;fetch_array(MYSQLI_ASSOC)){
 // check to see if ticket has a group assigned //
 $s2 = &quot;select * from glpi_groups_tickets where tickets_id = '{$row['id']}' and type = '1'&quot;;
 $res1 = $db-&gt;query($s2);
 // Update the tickets without a group assignment.
 if($res1-&gt;num_rows == 0){
 // There is no group for this ticket so find the applicable group and assign it
 $s3 = &quot;select as tid,
 ti.users_id_recipient, as tuid,
 tu.type,,, as gid, as group_name,
 FROM glpi_tickets ti, glpi_tickets_users tu, glpi_groups gr, glpi_users us, glpi_groups_users gu
 WHERE = tu.tickets_id
 AND tu.type = 1
 AND tu.users_id =
 AND tu.users_id = gu.users_id
 AND gu.groups_id =
 AND = '{$row['id']}'&quot;;
 if($res2 = $db-&gt;query($s3)){
 if($res2-&gt;num_rows &gt; 0){
 while($row1 = $res2-&gt;fetch_array(MYSQLI_ASSOC)){
 $groups[$row1['tid']][$row1['gid']] = $row1['group_name'];
 $messages[$row['id']][] = &quot;INFO: Updated ticket:{$row1['tid']} with group {$row1['gid']}:{$row1['group_name']}&quot;;
 $messages[$row['id']][] = 'ERROR: No group assigned to requester!';
 $messages[$row['id']][] = &quot;INFO: Please assign groups to the requester in this ticket.&quot;;
 $messages[$row['id']][] = &quot;ERROR: SQL errorno: {$db-&gt;errno} met melding: {$db-&gt;error} is opgetreden&quot;;
 //$messages[$row['id']][] = 'INFO: Ticket allready has a group assigned';

// Generate a mailmessage
$message = 'INFO: Script running at: &lt;br/&gt;';
$ecount = 0;
 foreach($messages as $key =&gt; $val){
 foreach($val as $k =&gt; $v){
 $message .= &quot;ON Ticket: $key : {$v} &lt;br/&gt;&quot;;
 $ecount ++;
 $mail = true;
 $mail = false;

// Insert the associations
 foreach($groups as $key =&gt; $val){
 foreach($val as $k =&gt; $v){
 $sql = &quot;insert into glpi_groups_tickets(tickets_id, groups_id, type) values('{$key}','{$k}','1');&quot;;
 //$message .= &quot;INFO: Group $k:$v assigned to ticket $key&lt;br/&gt;&quot;;
 $message .= &quot;ERROR: Failed to associate $k:$v to ticket $key&lt;br/&gt;&quot;;
 $message .= &quot;ON General : Finished... &lt;br/&gt;&quot;;
 $message .= &quot;ON General : Did nothing, but finished with succes... &lt;br/&gt;&quot;;
if($ecount &gt; 0){
 $message .= &quot;ON General : INFO: Please correct the reported errors &lt;br/&gt;&quot;;

$to = 'AMIS Support &lt;;';

$subject = 'Automated ticket - groups assignment';

// To send HTML mail, the Content-type header must be set
$headers = 'MIME-Version: 1.0' . &quot;\r\n&quot;;
$headers .= 'Content-type: text/html; charset=iso-8859-1' . &quot;\r\n&quot;;

// Additional headers
$headers .= 'From: Monitor &lt;;' . &quot;\r\n&quot;;

// Mail it
 mail($to, $subject, $message, $headers);
//echo $message;


Simply run this script

Extract all content to disk from a SPS2007 content DB using PHP

Today I ran into a problem. We needed to migrate a huge amount of data from an old SharePoint 2007 content database without the availability of the MOSS front-end. All i had was the database and a corrupted sharepoint install that wasnt going to help me allot.

To overcome this problem I decided to write a little PHP application that would do this task for me. I allready had WAMP setup on my desktop, so i figured this to be the quickest route. Then i figured, maybe other people face this problem as well. So here it is, the code, and some helpers to get you going.

* @name           : index.php - MSSql Content connector
* @Author        : Chris Gralike
* @version        :
* @copyright     : WETFYWTDWI - what ever ** you want to do with it, no guarantees 🙂
*  This script ONLY READS the database tables, so dont give it more permissions 🙂

// What to search for in the directory structure.
$search = '';
// Where too put the files
$createdir = './Downloaded';
// What server too connect to.
$ServerName = 'amisnt05.amis.local';
// Database connection parameters.
$connectionInfo = array('Database' => 'MOSS_PROD_WSS_Content_WebApp02',
'UID' => 'php_login',
'PWD' => 'welcome12345678');
// This can be a very long task to complete, so disable the timelimit.
// Create a connection
$conn = sqlsrv_connect($ServerName, $connectionInfo)
or die( print_r( sqlsrv_errors(), true));

// The SQL statment to query the AllDocs tables.
$tsql = "SELECT dbo.AllDocs.Id,
dbo.AllDocStreams.Id as StreamId,
FROM dbo.AllDocs
RIGHT OUTER JOIN dbo.AllDocStreams ON dbo.AllDocs.Id = dbo.AllDocStreams.Id
WHERE AllDocs.DirName LIKE '%{$search}%'
AND AllDocs.SetupPath IS NULL
AND AllDocs.Extension != ''
// The result set
$result = sqlsrv_query($conn, $tsql);

// Process the results
while($row = sqlsrv_fetch_array($result,  SQLSRV_FETCH_ASSOC)){
// When create is true, then it will create the folders in
// in the foreach
$create = false;
$dirptr = $createdir;

// Find the folders and recreate them starting from the searchstring.
$folders = explode('/', $row['DirName']);
foreach ($folders as $val){
if($val == $search || $create == true || empty($search)){
$create = true;
$dirptr .= '/'.$val;
echo "INFO: created $dirptr <br/>";
echo "WARN: skipping $dirptr allready exists. <br />";

// Recreate the file
$filepath = $dirptr.'/'.$row['LeafName'];
if($fp = fopen($filepath,'w')){
fwrite($fp, $row['Content']);
echo "INFO: file {$row['LeafName']} written. <br />";
echo "ERROR: file {$row['LeafName']} could not be written in $filepath. <br />";
// Close the database connection.

Simply configure the first vars in the script and run the file. It might take a huge while before you get some output.

TIP: Use the $search to narrow down the query a bit.
It searches the DirName (I.e. Site\DocLib\Folder\SubFolder\)

The output will look like this.

INFO: created ./Downloaded/SearchCenter
INFO: created ./Downloaded/SearchCenter/Pages
INFO: file facetedsearch.aspx written.
WARN: skipping ./Downloaded/SearchCenter allready exists.
WARN: skipping ./Downloaded/SearchCenter/Pages allready exists.
INFO: file resultskeyword.aspx written.

Then please leave a comment 🙂

WARNING!: YOU NEED THE Microsoft MSSQL DRIVER FOR PHP, not the old php equivalent.
here are some tips on where to get it. My version was php 5.3.8

First off, mssql isnt supported out of the box anymore. when using PHP 5.2 and up, you need to get the Microsoft for PHP driver. Check this site for more information :

Its a bit of an hassle ill give you that.
Challenge: I needed 1.5hours to find the correct Lib,Install,Coding info and get it working.

Basically it requires you to download the native client, the drivers and an correct update of the php.ini your wamp instance is using.

Tip: Use <?php phpinfo() ?> to find the right version for your PHP compilation.
Search for : PHP Extension Build : API20090626,TS,VC9


Be sure to verify the SQL query inside the $tsql=” var and alter it accordingly. The other part should be pretty straight forward.

Exact Globe, folder allready exists during CLIOP export to network.

On Windows 7.

If you get an error message suggesting that the user doesnt have the correct rights to create a new directory inside the designated CLIOP export networkpath. This might be, because you are running Exact in an elevated state (as administrator). This is needed by some users to netupdate the client, but will cause all sorts of problems when the client is used in this state.

To resolve this problem, verify that the user has the proper rights on the designated network location. This can simply be done by opening the path in windows explorer, next create a folder and file. If this is succesfull the network rights are correct (so you dont need to create a new support call 😉

Next verify that the exact client isnt running as administrator. You can verify this by rightclicking the shortcut, and then select properties. Locate the ‘Compatibility’ tab, and verify that the checkbox ‘run as administrator’ isnt checked. IF it is, uncheck it and apply the new settings.

If network policies allow, also verify that the checkbox isnt checked on the exact binairy inside the exact installation dir.

I hope this helps 🙂

Rgrds, Chris

Certificates, what to know…

Certificates is a tough and complex world to be in.

Here are the main things to remember when renewing old certificates, or requesting new ones 🙂

  • CAis a short for “Certificate Authority” and is usually a party that ‘Signs’ certificates on behalf of the requester. Because someone other then the party hosting a site signed the certificate it is assumed that dualism applies.
  • CSR is a short for “Certificate Signing Request” and contains the hash needed by any CA to create a “Signed” certificate.
  • Private Key Is the server keyportion of the certificate that enables the server to “Decrypt” traffic generated by a remote client using the provided certificate. This part of the certificate should always be kept save, and should never be exchanged with any 3rd party. He who has the private key can assume the identity of the server/service on which the certificate applies.
  • Public KeyIs the client keyportion of the certificate that allows a client to decrypt the traffic that is generated by the remote server. This key is exchanged encrypted using the certificate during connection time, and because only the server holds the server portion of the privatekey, he is the only one in the world who can theoretically decode this traffic containing the key.
  • Certificates CN (Common Name) should always comply with the url used by the visiting client. i.e. for google the CN would be
  • Certificates O (Organization) should match the company listed in the whois that is performed on the domain name. i.e. for google it would be “Google Inc.”
  • When you want to use the Certificates for Mobile Devices, a special certificate should be used. Check for more information.
  • SAN – is a short for “Subject Alternative Name” not to be mistaken with “Storage Active Network”, it is a special certificate that allows for multiple CNs. (multiple sites), also used in a number of Microsoft products.
  • If you have an option on this point dont use certificates that use MD5 cryptographic hash . These are considered to be weak, and might be blocked by future browsers being insecure. Weaknesses allow hackers to create a ‘valid’ certificate and steal the identity of you site by applying it. (though read, for the wiz-kids

This should help you on your way 🙂

this might also be usefull, CSR Checker that will also perform a few checks to make sure all the info inside the CSR adds up.

peimg.exe missing? here is how to fix it :)


peimg is not being used anymore in the WAIK for windows 7. Instead you need to use the dism command. because the help is hidden pretty well, here is the Help you prob. are looking for 🙂

To get all the available options on the “offline” wim image provided by dism you need to run the following.

# Mount the image as usual (use the WAIK command line from the start menu

imagex /mountrw C:\path\to\image.wim {1/2}* C:\path\to\mount-dir\

*There can be multiple images in a wim image, for boot.wim these are 1 = Microsoft Windows PE, 2= Microsoft Windows Setup. The 1 or 2 in the given command selects the required image.

#To get all the dism options type the following;
dism /image:C:\path\to\mount-dir /?

Keep in mind that sub options have new help menus. For example, adding additional drivers has new help instructions that are accasible by calling;

dism /image:c:\path\to\mounted\image /add-driver /?

All the base options provided by dism

Image Version: 6.1.7600.16385

The following commands may be used to service the image:

/Apply-Unattend - Applies an unattend file to an image.

/Remove-Driver - Removes driver packages from an offline image.
/Add-Driver - Adds driver packages to an offline image.
/Get-DriverInfo - Displays information about a specific driver
in an offline image or a running operating system.
/Get-Drivers - Displays information about all drivers in
an offline image or a running operating system.

/Apply-Profiles - Applies profiles to the Windows PE image.
/Disable-Profiling - Disables profiling.
/Enable-Profiling - Enables profiling.
/Get-PESettings - Displays Windows PE image information.
/Get-Profiling - Gets the enabled/disabled state of the Windows PE
/Get-ScratchSpace - Gets the configured amount of Windows PE system
volume scratch space.
/Get-TargetPath - Gets the target path of the Windows PE image.
/Set-ScratchSpace - Sets the scratch space of the Windows PE image.
/Set-TargetPath - Sets the target path of the Windows PE image.

/Set-LayeredDriver - Sets keyboard layered driver.
/Set-UILang - Sets the default system UI language that is used
in the mounted offline image.
/Set-UILangFallback - Sets the fallback default language for the system
UI in the mounted offline image.
/Set-UserLocale - Sets the user locale in the mounted offline image.
/Set-SysLocale - Sets the language for non-Unicode programs (also
called system locale) and font settings in the
mounted offline image.
/Set-InputLocale - Sets the input locales and keyboard layouts to
use in the mounted offline image.
/Set-TimeZone - Sets the default time zone in the mounted offline
/Set-AllIntl - Sets all international settings in the mounted
offline image.
/Set-SKUIntlDefaults - Sets all international settings to the default
values for the specified SKU language in the
mounted offline image.
/Gen-LangIni - Generates a new lang.ini file.
/Set-SetupUILang - Defines the default language that will be used
by setup.
/Get-Intl - Displays information about the international
settings and languages.

/Add-Package - Adds packages to the image.
/Remove-Package - Removes packages from the image.
/Enable-Feature - Enables a specific feature in the image.
/Disable-Feature - Disables a specific feature in the image.
/Get-Packages - Displays information about all packages in
the image.
/Get-PackageInfo - Displays information about a specific package.
/Get-Features - Displays information about all features in
a package.
/Get-FeatureInfo - Displays information about a specific feature.
/Cleanup-Image - Performs cleanup and recovery operations on the

For more information about these servicing commands and their arguments,
specify a command immediately before /?.

DISM.exe /Image:C:\test\offline /Apply-Unattend /?
DISM.exe /Image:C:\test\offline /Get-Features /?
DISM.exe /Online /Get-Drivers /?

Migrating a running OVS to a new OVM (howto)

What is this article about?

When reading the Oracle Documentation you might discover that the method of ‘migrating’ a running OVS-server into a new POOL is not very well documented. In this article I will explain in steps that allow you to add a running OVS-Server into a new POOL on a new OVS-Manager.

Setup used to write this article.

  1. two ovs-managers (ovs-manager1 / ovs-manager2).
    Both version 2.2.0
  2. one ovs-server (ovs-server1) that has two running domain ontop of it.
    version 2.2.1


In my setup I didnt create a OCFS cluster (shared storage) from which the domains are ran. Even though the domains use fysical paths to the actual domain components, even though the cluster file service service will not allow the cluster to be broken (service stopped) with running domains I cannot assume this article is applicable… You are adviced to ‘TEST’ a migration in a LAB situation first! This article might help you get an idea of the required steps.

This article will describe the steps taken to migrate the “ovs-server1” which was managed on “ovs-manager1” to the new manager “ovs-manager2”. Any reason to do this might be iron-replacement without a decent backup of the ovs-manager, ovs-manager1 was fysically destroyed and needs to be restored, etc…


  1. Make sure you have a backup of the ovs-managers database (see ovs-manager documentation no how a backup is created)
  2. Logon to ‘ovs-manager1’ in which the ovs-server is member of an existing pool.
  3. Select the ‘Server Pools’ tab.
  4. “!Make sure you have all the CIs if this server documented!”
  5. Select the pool in which the ‘ovs-server1’  is listed and select “Delete”
  6. In the delete form “ONLY SELECT FORCE REMOVE”. DO NOT SELECT  any other option!
  7. When the pool is succesfully deleted logon to the ovs-server1 using a ssh-client.
  8. verify that all the domains are still in the state we left them using the following command;
    xm list
  9. Document the root repository used by the ovs-agent. You need to document it because the repositories are part of the ovs-agents local database thats being cleaned in the next step. You can find the current repository by running the following command;
    /opt/ovs-agent-2.3/utils/ -l

    It should return a string simular to this one;
    [ * ] e3514a86-a763-4eee-84b5-0fedcc03416d => /dev/sdb1

    We need this string to verify the repository when we recreate it.

  10. The next step is to clean the ovs-agents local database in which the ovs-manager is registered. This entry prevents us from linking any other ovs-manager to this agent. The ovs-agent, version 2.3 contains a cleanup script located in /opt/ovs-agent-2.3/utils/ that is needed to perform this cleanup. If the cleanup script is not there, you are probably using ovs-server version 2.2.0. You can check the ovs-server release by issuing the following command;
    cat /etc/*-release

    Oracle VM server release 2.2.1

    In the situation you indeed using version 2.2.0, you might simply copy the script from a ovs-server version 2.2.1 and put it in the path mentioned above. (yeah, same ovs-agent versions but still minor differences 😉 ).

  11. If the is in place, run it;
    Confirm the question
  12. The result of this action is that the agents local database has been cleaned. As a result of this you might notice that the /OVS mapping is gone as well. Not to worry, using the xm list command you are able to verify that the various domains are still up and running. This is because they are being configured to use the fysical path to its template directory somewhere in the /var/ovs/mount/ which is still mounted.
  13. Before you add the ovs-server to the new manager we need to restore the agents entry for the root repository. For this we need the information documented in step 9. Use the information, specific the devices listed in step 9 to restore that config. Initially you need to add the various repositories, afterward (step 14) we need to assign the ‘root’ label to one of them, in our case the one created here.
    /opt/ovs-agent-2.3/utils/ -n /dev/sdb1
  14. As a result the previous command returned a rule that also contains the UUID for this repository. verify that the UUID is the same as the one listed in step 9. The recreated UUID should be the same!
  15. Assign the ‘root’ label to this repository (that might be a different one if you used multiple repositories)
    /opt/ovs-agent-2.3/utils/ -r e3514a86-a763-4eee-84b5-0fedcc03416d
  16. When you have are finished restoring the repo config you can start adding the server to a new POOL on ovs-manager2.
  17. Logon to ovs-manager2 (the new ovs-manager)
  18. Select the “Servers Pools” tab.
  19. Select “Create pool”.
  20. Fill out all the required fields and use the cleaned ovs-server1 machine as to be added server.
  21. Finish all the required steps so a new pool is created.
  22. You might notice you have a new pool with the ovs-server1 in it, but with no virtual machines. This is because we need to “discover / reimport” these from the ovs-server. This is done as followed.
  23. Select “Resources”
  24. Select “Virtual machine Images”
  25. Select “Import”
  26. Select “Select from server pool (discover and register)”
  27. Select the Server POOL you have just created.
  28. Select the “running?” Virtual machine image name in the pulldown and fill out all the fields required (It might be wise to match these with the initial configuration of the VM Image you are trying to register)
  29. Finish all the steps and repeat step 25 > 29 for each VM image you like to import.

This should be all you need to do to restore the machine and all of its (running?) images into the new OVS-manager.

If all is well, after creating the new POOL in step 19 / 21 the /OVS share should be remounted by the ovs-agent / ovs-manager. You might want to verify this on the ovs-server box.

Hope this helps 🙂
Rgrds, chris

Simple PHP script to walk and print a directory tree

function walk_dir($dir){
	$relativedir = '.'.$dir;
	if($dh = opendir($relativedir)){
	while(false !== ($file = readdir($dh))){
		if(($file !== '.') && ($file !== '..')){
				echo '<a href="'.$dir.$file.'" title="'.$file.'">'.$file.'</a>'."\n";