2025 - Update to How to setup an automated WakeOnLan with Cisco Meraki using MAC allow list

Back a while a go I did a post about setting up an automated WOL system using linux and cron.  With the new updates in the Linux Kernel, and other security updates things break so this is an update to my post in 2020,  as some utilities are now required to keep WOL working.

So the uplink switch that has the WOL clients is set to MAC ALLOW LIST.  with the specified VLANS.  You need to add the server sending the WOL packet, in my case is a virtual machine, and it should be set to a STATIC MAC.

The only required packages required for WOL on Linux, was SAMBA, Net-Tools and wakeonlan.  After some security updates WOL stopped working even though on the linux server it shows that it is running the magic packet but it is not getting though.  It also shows that the WOL, SAMBA and net-tools packages are up to date.

So after troubleshooting using the firewall and the Cisco Meraki Switch, testing the WOL from the firewall and the switch, with it successfully running.

I found an update where I was missing a package called etherwake.  While the windows clients on Windows 10 and 11 still require the driver settings form my post in 2020, the linux server needs to be updated with the etherwake package.  

sudo apt install etherwake

For the startup script I used this format for running cron.

####################

##Put IN ARP CACHE##

####################

sudo arp -i ethx -s $ipaddress $macaddress #Computer Label

####################

##Send WOL Packets##

####################

sudo -i -u $user -p $password wakeonlan -i $ipaddress $macaddress #Computer Label

or

wakeonlan $macaddress #Computer Label

Setting up a WOLS server

What is a WOLS server? WOLS is my acronym for Wake On Lan Shutdown server. I deploy these in organizations that want to have scheduled startup and shutdown system for any windows clients.

You have to get some information from the Windows Client.

If your not on a domain or if you want to use a local admin, create a local admin account, I called my sysadm and add them to the administrators group.  Give them a good password.

Then you will need the mac address and IP of the machine(s) you want to wake and shutdown,

Allow firewall rules that allow wol (wake on lan) packets ICMP for echo requests

RPC firewall rules

Open 

File and Printer Sharing (Echo Requests)

Remote Administration

Remote Service Management

Configure registry for remote access. 

Open CMD prompt as admin and runsc config RemoteRegistry start= auto sc start RemoteRegistry

Then open regedit.exe through the start menu search or run box, and go to 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System

find a key called LocalAccountTokenPolicy.  If it doesn't exist create it.   It is a 32-bit DWORD key named LocalAccountTokenFilterPolicy and set the value to 1.

To remove this tweak you can set the value to 0 or just delete the key.

I've had issues with powersaving on the NIC, so I do recommend disabling the power saving options on the network adapter.

Now for the WOLS Server.  Make sure your linux distro is up-to-date

Install SAMBA.

sudo apt-get install samba

one done you should be able to run the following example and it should shut down the windows machine.

net rpc shutdown -I 192.168.18.x -U sysadm%$PASSWORD -t 1 -f

Now setup Wake On Lan

The etherwake command sends a Wake-On-LAN “Magic Packet” under Linux operating system

To install etherwake

sudo apt-get install etherwake or net-tools

then in the terminal type

wakeonlan xx:xx:xx:xx:xx:xx

replacing the xx:xx:xx:xx:xx:xx with the mac address of the machine you want woke up.

You can view the video on youtube. https://youtu.be/4WOMYpmkKyM

How to fix crontab scripts that won't run on Ubuntu 20.04

I've setup what I like to call WOLS (Wake on Lan & Shutdown) servers for a while now; 10 years to be exact.  They are very handy and require little to no system resources; I usually set them up on Hyper-V systems but have also done it on KVM and VMware.  It is very handy if your wanting to schedule systems for auto on and off without buying a commercial server or software.  You also don't have to have it connected to your domain if you don't want it to be.  

I setup a new server on Ubuntu 20.04 for managing the WOL/Shutdown for a remote location and set it up just as I have done in the past; but something was wrong.  It wasn't working.  The system was not turning on or shutting off the systems it was suppose to be.

For the purposes of this post lets say we are going to run all of our scripts out of /scripts/cron

You can use crontab -e or sudo crontab -e to edit cron, I prefer to modify the /etc/crontab file myself.  So when I build my WOLS server and modify the crontab file it usually looks something like this.

After I install the the required tools, WOL, samba tools, etc I white list the, WOL ports, SAMBA and remote desktop/Remote Access ports access though the firewall on both the client and the server. You can also disable the firewalls, though I don't recommend that.

The Startup Script is a shell script called startup.sh and it looks like this

I have found that if I don't put it in the arp cache I tend to have problems if the system has been off for a while.

sudo arp -i -s $IPADDRESS $MACADDRESS #COMMENT

example:

sudo arp -i -s $192.168.0.6 #FF:CC:DD:33:22:00

Then send the WOL Packets

sudo -i -u $SERVERUSER -p $PASSWORD wakeonlan -i $IPADDRESS $MACADDRESS #COMMENT

example:

sudo -i -u serveradm -p password wakeonlan -i 192.168.0.6 #FF:CC:DD:33:22:00

so you use the server usename and password to run the wakeonlan to the ipaddress with the specified mac address. The same is true with the shutdown script but you are using net rpc and you put in the windows client username and password behind the -U in quotes with a % separating the username and password as shown below.

The shutdown script is also a shell script called shutdown.sh and looks like this

sudo -i -u $SERVERUSER -p $PASSWORD net rpc shutdown -I $ipaddress -U "windowsclientusername%password" -t -1 -f 

sudo -i -u serveradm -p password net rpc shutdown -I 192.168.0.6 -U "joedirt%mopboy5" -t 1 -f

With that done, then adding execute permissions to the files and call it a day, as all the scripts worked when I manually executed them. Unfortunately that wasn't the case.  Something changed in Ubuntu 16 that caused files with extensions to not execute.

After troubleshooting and doing some Googling, I found this post with a similar issue to what I was having.  When I did a ls you can see the scripts in the folder.

With my files definitely having execute permission I tried the run-part command 

run-part --test /scripts/cron 

and got the following result

Nothing.  Absolutely nothing listed in the test.  So I did as Pete Fretag suggested and copied my startup.sh and shutdown.sh with out an extension.

Now the startup and shutdown scripts show up in the test.

When I run the scripts using sudo run-part /scripts/cron they also execute where they did not before.

Setting up and configuring wol and rpc remote shutdown for windows clients

If your looking for an inexpensive way to setup an automatic turning on and shutting off of your windows computer systems, using WOL and RPC are an excellent way to do that, you can even setup a Linux server for controlling the timing for turning the systems on/off and it isn’t too difficult to manage. I will do a post soon about setting up a linux server to run WOL and RPC Shutdown scripts. If your looking to set one up the quick and dirty version is:

Requirements SAMBA, Windows Admin and Password, Linux Admin and Password

Put startup/shutdown scripts in /etc/cron.daily

Startup
sudo -i -u $linuxAdminUser -p $password wakeonlan -i $IPADDRESS $MACADDRESS

Shutdown
sudo -i -u $linuxAdminUser -p $password net rpc shutdown -I $IPADDRESS -U $WindowsADM%$password -t 1 -f

Use Crontab to setup scheduling

Crontab schedule

For more information about crontab, you can visit this link about crontab

Here are the break down of the examples above

00 12 * * 5 user command

at minute 00, hour 12, * - no value (day of the month), * - no value (month), 5  the fifth day of the week (friday), user to run the script and script to run.

So the following example "00 12 * * 5 root /etc/cron.daily/shutdown.sh"

at minute 00, at 12 pm, on friday run as root the script shutdown in /etc/cron.daily

Setting up the Windows 10 Client

For setting up WOL/RPC shutdown, you have to have your windows clients prepped with the proper firewall rules and user accounts for privileged access.

• An administrator account (not called administrator as windows 10 upgrades disables this with each update)
• RPC and Remote Access Firewall Rules Allowing (I also allow ICMP and Ping) for remote management with services such as lansweeper and FOG
• Updated Intel network driver

One thing I have noticed recently is that the manufacturer driver doesn’t seem to work with WOL.  Working with some Lenovo m93 and m900 series and and HP {put hp model here} doing a full windows reinstall/reset breaks WOL.  Even getting an up-to-date manufacturer driver WOL doesn’t seem to work which is extremely odd. A major difference I can account for this is the update to the intel proset tools for their network driver which brings a GUI interface back to add and remove VLANs to Windows 10.

Nic Driver settings to enable WOL in Windows 10

Enable WOL in Windows 10.  In Windows 7 unchecking the computer to turn off the device would leave the device on but in windows 10 it disables all power management and turns it off.  For WOL to work you have to enable "Only allow a magic packet to wake the computer option"

Wake on Link Settings - Disabled

Wake on Magic Packet - Endabled

Wake on Pattern Match - Enabled

Wait for Link - Auto

Even with these settings being enabled and no errors WOL would not go.  I had S3, S4 and S5 enabled in the bios, which would enable WOL to work, but when I send the WOL packet the system stays off.

So I downloaded and installed the latest intel driver which comes with proset tools and this seemed to resolve the issue (Version 25 as of this post)

Version 25 of the Intel network driver and proset tools

Intel Proset software and drivers

Adapter driver Options

Teaming and Vlans

Once I updated the driver to version 25 WOL started working for my windows client.

RPC shutdown from Linux

sudo -i -u $linuxAdminUser -p $password net rpc shutdown -I $IPADDRESS -U $WindowsADM%$password -t 1 -f

RPC SHUTDOWN ERROR

To fix this issue

Manual Registry Hack

Open regedit.exe through the start menu search or run box, and then navigate down to the following key, creating a new key if it doesn’t exist.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System

Change the LocalAccountTokenFilterPolicy to 1

On the right-hand side, add a new 32-bit DWORD value named LocalAccountTokenFilterPolicy and set the value to 1.

To remove this tweak you can set the value to 0 or just delete the key.

With this setup you will be able to startup and shutdown any pc you have listed in your startup and shutdown scripts.

If your interested I had done a post which you can use powershell to add/remove VLANs to Windows 10, and the reason I had done the post is because the Intel VLAN driver no longer worked with Windows 10.

References

https://helpdeskgeek.com/networking/how-to-connect-to-a-remote-registry-windows-7-10/

https://blog.sip2serve.com/post/155565656901/shutdown-windows-10-remotely