Wednesday, November 29, 2017

Create a USB Bootable Disk on OS X

To create a bootable USB Disk in Mac OS X, You must have the Application of the version of Mac OS X that you want to install downloaded and extracted.  Please make sure you have a mac and root access before proceeding.

So for this example we are going to use macOS Sierra.  You must have the "Install macOS Sierra.app" and if your looking for step by step instructions it must be downloaded into your Applications Folder.

To download an older version of MacOS from Yosemite to Catalina, you can download the MacOS App using this url https://support.apple.com/en-us/HT211683


Plugin a Flash Drive; I'm going to use a Verbatim 16GB USB Flash Drive. Open /Applications/Utilities/Terminal.app

sudo /Applications/Install\ macOS\ Seirra.app/Contents/Resources/createinstallmedia --volume /Volumes/STORE \N \GO --applicationpath /Applications/Install\ macOS\ Seirra.app --nointeraction

You can modify this command line to use with any previous version of OS X if you can get a copy of the Install.app and replace the bolded text with the previous version of the OS X install.app  for example "Install\ OS\ X\ El\ Capitan" and you must put \ $text so the mac can recognize spaces in the name.  The \ is an "escape" and tells the OS that there is a "space" character.

***UPDATE***

You can find this on apple's knowledge base for the issue but they removed the application path for the USB installer.

sudo /Applications/Install\ macOS\ High\ Seirra.app/Contents/Resources/createinstallmedia --volume /Volumes/STORE \N \GO

https://support.apple.com/en-us/HT201372

***Pre High Seirra***

sudo /Applications/Install\ macOS\ Seirra.app/Contents/Resources/createinstallmedia --volume /Volumes/STORE \N \GO --applicationpath /Applications/Install\ macOS\ Seirra.app --nointeraction

Below is the log from my terminal screen.  This could take up to 10 - 30 minutes depending on your system, and if may have to make adjustments if your file system is case sensitive or not.

sudo /Applications/Install\ macOS\ Sierra.app/Contents/Resources/createinstallmedia --volume /Volumes/STORE\ N\ GO --applicationpath /Applications/Install\ macOS\ Sierra.app --no interaction
Erasing Disk: 0%... 10%... 20%... 30%...100%...
Copying installer files to disk...
Copy complete.
Making disk bootable...
Copying boot files...
Copy complete.
Done.

At the end of this you will have a bootable USB device that you can do a system recovery, disk image, or a fresh install of your mac with.

Monday, November 27, 2017

ENETUNREACH FTP Error in Filezilla caused by Kaspersky Security Center 10

 Server/client security software is annoying at best but it is even more annoying when things are not clear how to fix a problem much like I had with Kaspersky Security Center 10 and Filezilla.  After a server update a new policy was made and all FTP access was denied from our clients and they needed access for us to continue to do our business.  Here is how to fix the ENETUNREACH Error that you will get if your trying to use Filezilla with Kaspersky.
Filezilla FTP ENETUNREACH Error caused by Kaspersky Security Center 10

If your using Kaspersky Security Center 10 and Filezilla for any FTP services you may require if you don't have a proper policy in place you will encounter the following error

Error: The data connection could not be established: ENETUNREACH - Network unreachable

To resolve the error and allow your users to FTP again you need to make the following changes in your policy.



Right click on the policy and go Properties.

Go to Anti-Virus Protection -> General Protection Settings -> Monitored Ports Settings


De-select/uncheck the FTP port as shown in the image below.



Hit OK then go to Firewall Settings -> Configure Rules for Network Packets and Data Streams


Add a new Network Packet Rule



After you add the rule you can move it to the top of the list to ensure it doesn't get blocked by another rule.  You can also limit this to particular IP addresses if you only want specific users to have access.


Hit Ok -> Hit Apply -> Hit Ok

That's it your done.


Special thanks to Pavel Labanov and his great YouTube video also documenting how to fix this issue.

Thursday, November 23, 2017

Hyper-V Virtual Switch Settings

Back in September I got a message from the facebook group VMware vSphere and Microsoft Hyper-V I am a part of and I got asked for some help with an issue with Hyper-V Switches.

The Issue:



The host machine is Server 2012R2 With the Hyper-V Role Enabled. Then a client VM was made on the host and connected it to virtual switch to communicate with my host.
The host operating system is pinging vm but i am unable to ping my host OS from VM .
host and guest vm and virtual switch created in host are all on same subnet and the firewall is off on both systems
So some simple questions about the setup.

Q:   What type of virtual switch?

A:   Virtual switch is internal

Q:   DHCP Server Setup?

A:   Yes on Host

So lets review our Hyper-V virtual switch Types:


External 


A Hyper-V virtual switch in external mode allows communications between virtual adapters connected to virtual machines and the management operating system. It uses single or teamed physical adapters to connect to a physical switch, thereby allowing communications with other systems.


External virtual networks are used where you want to allow communications between
  • VM to VM on the same VM Host
  • VM to VM Host (and visa-versa)
  • VM to externally located servers (and visa-versa)
  • (Optional) VM Host to externally located servers (and visa-versa)
External Virtual Switch


Internal 

A Hyper-V virtual switch in internal mode allows communications only between virtual adapters connected to virtual machines and the management operating system (VM Host).

Internal virtual networks are used where you want to allow communications between
  • VM to VM on the same physical server
  • VM to VM Host (and visa-versa)
Internal Virtual Switch


Private

A Hyper-V virtual switch in private mode allows communications only between virtual adapters connected to virtual machines.
Private virtual networks are used where you want to allow communications between
  • Virtual machine to virtual machine on the same physical server
Private Virtual Switch


Host Network Adapters


Dedicated

Dedicated switches are a physical Network Card on the host just for use just by virtual machines. 

They allow communication between:

Virtual machine to virtual machine on the same physical server
Virtual machine to externally located servers (and visa-versa)
The prevent the VM Host from using the adapter

A dedicated switch is just an external network switch that doesn't allow the host OS from using the adapter.


Dedicated Virtual Switch

According to the what we know the firewall being off and having a DHCP server setup everything should have been working unless we didn't have the DHCP server running on the right network.  The IP range on the host internal network adapter and the VM internal network adapters appeared to be getting different 169 addresses so the DHCP server was not running on the internal network.  Changing the IP address to STATIC IP addresses on the same subnet resolved the issue.  So it was an issue with the DHCP server on the internal network.


Video

I did a full video of the 3 mail virtual network options down below.


https://youtu.be/zI3p1AjZkPU

Sources

https://blogs.technet.microsoft.com/jhoward/2008/06/17/hyper-v-what-are-the-uses-for-different-types-of-virtual-networks/

https://www.altaro.com/hyper-v/the-hyper-v-virtual-switch-explained-part-1/

Monday, November 20, 2017

SirsiDynix HIP Search Error 30015e

If your orgainization uses SirsiDynix Hip and you get a 30015e Error, The SirsiDynix KB has a post about the iPac 2.x admin tool, the other thing it could be as was in this case if you use a third party for your Customer front end for your catalogue such as bibliocommons having an issue with hold could cause the JBOSS to run out of memory.  Bibliocommons in this case were performing an upgrade that caused an issue with holds.  Since HIP is required for holds it made sense to either try reboot the hip server or try start the JBOSS Service.  Since it is the middle of the day and the Horizon Client requires HIP restarting JBOSS made the most sense.  This can cause the HIP Search to display the error unable to retrieve data. 30015e



Search Error with code 30015e
If you login to your hip server and restart jBOSS your search should come back just fine so long as you haven't modified any of the settings posted in the iPac 2.x admin tool.  If that doesn't resolve your issue follow the instructions in the KB Below.

https://support.sirsidynix.com/kb/129707

Friday, November 17, 2017

Creating a Security System with iSpyConnect

I heard of iSPY about 5 years ago, but found it buggy and it did not work with the camera that I needed it to work with.  I thought I'd revisit the project because I had a project that I needed to setup an inexpensive security system for.  I downloaded and installed ispy on a windows 8.1 VM with 8GB of RAM; 120GB Drive for the OS and Application and a 500GB drive for storage.


The project was to view and monitor a hidden public area where someone was stealing DVD movies; and they were leaving RFID tags in the area that is going to be monitored.  A company can spend a few thousand dollars on a security system, but it would also require an additional few thousand dollars worth of setup in the proposed location which was not practical.

Reasons I went with iSPYConnect
  1. The budget, it almost non-existent
  2. No wiring required except for power
  3. Microsoft Hyper-V server for setting up the iSPY Server
They did have a Windows 8 Key and Install Disk for use in the Hyper-V System that was not being used, so I created a basic VM with 8GB of Dynamic Ram, 2 core processor and 120GB drive for the OS and 500GB drive for the video storage.  The camera that was selected was a D-Link DCS-2530L for monitoring the location.
Specs on the D-LINK DCS-2530L
  • 180° Field of View
  • 1080p HD Quality Video
  • Unique De-Warping Technology
  • Sound and Motion Detection
  • Local Recording via SD Card
  • Night Vision
D-Link DCS-2530 Picture Quality
I did have some difficulty getting the Webcam to connect to the WiFi Network, but got it resolved, the Camera would connect to the WiFi then it got removed by the security features in the Cisco WiFi Access Points being used.  I had to whitelist the camera once I got it connected to the network.  The procedure was simple since the camera was already in the list.  The Wifi AP that is in use is a Cisco Meraki, and you need to go into Air Marshal and change the status from contained to whitelisted.  Then I was able to access the camera on the LAN.

Configuring the Camera

There are a couple of things to keep in mind at least in this use case.  I had to set the camera to a constant 1 constant mbps bit rate at 720p quality.  Anything more then that and the camera had disconnection issues with the ispy software and I also used the VLC and setting it to the other setting (excellent) was just compressed so much it was not usable.

D-Link Home Page
RTSP Streams


Camera Configuration

In the setup by default ispy tries to use mjpg for the video capture which is just to slow, I was getting framerates of 0.6 to 0.8.  To resolve this problem I used the VLC Stream capture feature in ispy, for this I disabled the basic security features in the camera to access the stream as it seems to break when I turn it on.  Then using the VLC plugin, I was getting 7 to 9 FPS which is good enough for what we were looking to get.  This camera has 3 possible feeds as you can see by the RTSP streams listed above.  You can also test these streams by using VLC Player and open the stream. rtsp://$IPADDRESS:554/live1.sdp

Quality Comparison

Default Settings Using IP Camera Wizard

VLC RTSP Stream

Configuring iSPYConnect to use RTSP Streams

How to setup iSpy to use RTSP with a D-Link 2530L video

With the D-Link 2530L the rtsp stream does not come up using the IP Camera wizard so we need to manually add the RTSP stream to iSpy.

Add a camera and select VLC Plugin in the tab.


Once that is done you can configure the rest of the settings how you like it is very straight forward.  By default it keeps the videos for 72 hours before deleting them.

I did this using Hyper-V but you could also do this on a Mac or Linux system using another virtualization system such as virtualbox or kvm, it is up to you what you use and what you have available to you.

About iSPYConnect


Started back in 2007 the software has continually evolved and improved to become a robust, feature rich solution.
The number one use of iSpy is small business security, but home monitoring, neighborhood watch, checking in on the kids, desktop monitoring, nanny-watch and mobile access through a iSpyConnect.com are valued features.
Facial recognition and detection of changes in lighting and audio offer the subtleties that set the software apart from competitors.
Getting started with iSpy is easy: all you need is a webcam or IP camera connected to your computer or network.
iSpy connects to the camera and shows the live view. You can then define specific areas of the video that iSpy should watch for movement, and set a threshold value for the amount of motion that would trigger automatic recording. iSpy can also operate in always-recording or manual-recording modes and supports scheduling and remote access (with an iSpyConnect subscription)
iSpy was designed to provide a low-cost alternative to expensive surveillance systems. It has become a highly scalable application that can be tailored to record and take actions on specific incidents as defined by the user either locally or remotely.

Photoshop ippcvm7.dll Error on Hyper-V

Downsizing systems can be hard but to make space virtualization is a great way to go, however sometimes you encounter issues when virtualizi...