I learned a quick, silly lesson today. I run some servers that tunnel using openvpn to facilitate our single sign on. I've migrated one before, and at the time, I foolishly did not create a new certificate/key pair for the new server and re-used the old one. During the point of the migration where I had both servers online at once, the two openvpn clients kept fighting - one connected, the other disconnected, and so forth, until I figured it out.
This time - I did things right - I generated a new certificate. HOWEVER, The subjects of the certificates were still the same, so they were being assigned the same IP address. This caused basically the same situation. Fortunately this time I was a bit quicker to realize. Make sure you differentiate your subject names when using openvpn. In general, you would already be doing this, but in the case of moving a server hosting a given domain from one box to another, since the domain name being served is the same there is an inclination to just type the same domain name in...don't do it. Make sure it's unique. Thanks for the forum post which lead to my answer, Jan Just Keijser!
I'm not sure if just the OU or CN must be different, or if both should be different. I erred on the side of caution and made sure both were distinct. I falsely assumed only the certificate itself had to be unique, but that's not the case.
This is a self-reminder blog post / post of shame. DOH!
Tuesday, March 27, 2012
Tuesday, March 20, 2012
World Time Buddy - an awesome timezone website
As the company I work for grows and has more users in remote areas of the globe, knowing what time it is for everyone gets tricky. We're in the US on the East Coast, but have employees in California, Hawaii, Germany, France, India, Ukraine, and other locations. A very simple site I found that does the best job I've seen is www.worldtimebuddy.com - hands down.
Here is a sample of one I configured in around a minute and then bookmarked and shared:
I couldn't get a larger image to work well in this theme so to see this for yourself use this link.
It may not have the fanciest name or super sleek graphics, but its display of information is amazing. Above we see that:
If you deal with multiple time zones a lot, definitely check out World Time Buddy.
Here is a sample of one I configured in around a minute and then bookmarked and shared:
I couldn't get a larger image to work well in this theme so to see this for yourself use this link.
It may not have the fanciest name or super sleek graphics, but its display of information is amazing. Above we see that:
- It displays current times clearly for all timezones I care about in an easy to read/compare way.
- Everything is vertically aligned with readable values for easy comparison
- I see whole-hour times for a 24 hour period
- I see current exact times
- I see offsets (+4, -6, etc) from my home time zone
- It shows the current date in each time zone in an easy to follow way
- It shows business hours, night hours, and late night hours in different colors
- It alerts me to upcoming time changes - in this case, Europe's daylight savings equivalent happens 4 days from now
- I can remove a timezone I no longer need with one mouseclick
- I can change my home timezone with one mouseclick
- Not visible in the above screenshot, but visible with the mouse cursor is the ability to drag and drop re-order timezones in any way I choose. I put mine in ascending order, but that isn't enforced, it was my preference.
- I can click link icon in the top right corner to get a link to the site containing my customizations, easily bookmarkable and shareable with coworkers.
- New timezones can be added by using an autocompletable field (just start typing a city or country name)
If you deal with multiple time zones a lot, definitely check out World Time Buddy.
Thursday, January 26, 2012
How to Ruin a Perfectly Good Evening
Open your brand new SSD (Samsung 830 series 128GB)
Marvel with excitement at the iPhone-like packaging and eagerly image your old drive (Intel 80GB G1 SSD) onto the new one with Clonezilla - 15 mins and booted into Windows 7 on the new SSD. This is where I should have stopped - oh what a fool I was to continue.
Side-track to find out why PC basically hangs for 1-2 mins after login and discover it is Microsoft Security Essentials misbehaving - story for another day - 20 mins ...
Everything has gone smoothly so far - run AS SSD and ogle the new benchmark numbers. Uh oh. offset 31K bad? Great. I recall that I never fixed this on my Intel SSD and that is why, so I foolishly decide to try and fix it. I find an answer at lifehacker.
Download GParted and install on my trusty multiboot USB drive - I actually already had a GParted livecd on there but decided to throw Parted Magic on there to see what that was like.
Create a Windows 7 Repair Disc (directly from my copy of Windows 7 Home Premium I'm running at home). Wait, no, side-track and test out lightscribe to make a fun label for it first.
Discover that lightscribe software service needs to update. Do that. Find a label maker software - oh, already had one in some software suite - great. Hmm, it won't let me select my CDRW as my lightscribe driver...it will apparently only accept the lowest lettered optical disc drive. Wow. That's good engineering (Cyberlink LabelPrint). Re-map drive names so DVDRW drive comes first. Burn lightscribe label - remember why I haven't burned a lightscribe label in 6 years - because it takes way too long. Finally, let Windows create/burn a windows 7 repair disc.
Boot into Parted Magic and shift my partition forward a few MB, wait 15 mins, then shift back 1 MB, per Lifehacker instructions. Success - now, Windows will no longer boot because it's confused. (This is expected)
Boot up my freshly burned Windows 7 repair disc. I'm greeted with the following:
The windows recovery disc I burned from the copy of windows I am trying to repairing is incompatible with itself. Yes, that's right - incompatible with itself.
Do some quick searches and come up short. Decide screw it - I'll just reinstall Windows 7 on my SSD. Insert my Windows 7 Upgrade DVD (Family Pack - likely the source of all my pain!) Format the drive, select it - realize that Windows 7 RTM does not create "100MB" partition which has possible side-effect of aligning partition properly (same issue w/ original SSD install I think...). Decide to try and manually create partitions back in GParted and then let Windows 7 try to install.
Nope - Windows 7 will not install on it. Error 80300024. Excellent. No real useful info found.
Remove fancy new SSD and put back in old Intel one. Admit defeat for now.
4 hours after I started - blog about it, back at square one.
Marvel with excitement at the iPhone-like packaging and eagerly image your old drive (Intel 80GB G1 SSD) onto the new one with Clonezilla - 15 mins and booted into Windows 7 on the new SSD. This is where I should have stopped - oh what a fool I was to continue.
Side-track to find out why PC basically hangs for 1-2 mins after login and discover it is Microsoft Security Essentials misbehaving - story for another day - 20 mins ...
Everything has gone smoothly so far - run AS SSD and ogle the new benchmark numbers. Uh oh. offset 31K bad? Great. I recall that I never fixed this on my Intel SSD and that is why, so I foolishly decide to try and fix it. I find an answer at lifehacker.
Download GParted and install on my trusty multiboot USB drive - I actually already had a GParted livecd on there but decided to throw Parted Magic on there to see what that was like.
Create a Windows 7 Repair Disc (directly from my copy of Windows 7 Home Premium I'm running at home). Wait, no, side-track and test out lightscribe to make a fun label for it first.
Discover that lightscribe software service needs to update. Do that. Find a label maker software - oh, already had one in some software suite - great. Hmm, it won't let me select my CDRW as my lightscribe driver...it will apparently only accept the lowest lettered optical disc drive. Wow. That's good engineering (Cyberlink LabelPrint). Re-map drive names so DVDRW drive comes first. Burn lightscribe label - remember why I haven't burned a lightscribe label in 6 years - because it takes way too long. Finally, let Windows create/burn a windows 7 repair disc.
Boot into Parted Magic and shift my partition forward a few MB, wait 15 mins, then shift back 1 MB, per Lifehacker instructions. Success - now, Windows will no longer boot because it's confused. (This is expected)
Boot up my freshly burned Windows 7 repair disc. I'm greeted with the following:
The windows recovery disc I burned from the copy of windows I am trying to repairing is incompatible with itself. Yes, that's right - incompatible with itself.
Do some quick searches and come up short. Decide screw it - I'll just reinstall Windows 7 on my SSD. Insert my Windows 7 Upgrade DVD (Family Pack - likely the source of all my pain!) Format the drive, select it - realize that Windows 7 RTM does not create "100MB" partition which has possible side-effect of aligning partition properly (same issue w/ original SSD install I think...). Decide to try and manually create partitions back in GParted and then let Windows 7 try to install.
Nope - Windows 7 will not install on it. Error 80300024. Excellent. No real useful info found.
Remove fancy new SSD and put back in old Intel one. Admit defeat for now.
4 hours after I started - blog about it, back at square one.
Subscribe to:
Posts (Atom)