WSUS Doesn’t Download Updates

While rebuilding WSUS (once again) I discovered another snag. When first configuring WSUS I put in “D:” for the drive to store the updates because the wizard didn’t like “D:\”. Unfortunately, both are wrong. From what I read in various posts, the wizard used to default to the largest drive with free space and append \WSUS for a directory. If you just specify “D:”, the updates try to download to D:WsusContent and not D:\WsusContent. (The eventlog shows this.)

A comment on this blog post helped fix it without a reinstall:

wsusutil movecontent D:\WsusContent D:\WsusContent\movelog2.log -skipcopy

After a reboot (and waiting, as WSUS isn’t very speedy) , the updates started downloading.

For future installs: don’t specify the just the root of a drive, specify a subdirectory like “D:\WSUS”.

PS: here’s what the log file says:

2017-04-07T21:04:23 Successfully stopped WsusService.
2017-04-07T21:04:23 Beginning content file location change to D:\WsusContent
2017-04-07T21:04:23 Did not copy files due to -skipcopy flag.
2017-04-07T21:04:23 Successfully changed WUS configuration.
2017-04-07T21:04:24 Successfully changed IIS virtual directory path.
2017-04-07T21:04:24 Successfully removed existing local content network shares.
2017-04-07T21:04:24 Successfully created local content network shares.
2017-04-07T21:04:24 Successfully changed registry value for content store directory.
2017-04-07T21:04:24 Successfully changed content file location.
2017-04-07T21:04:25 Successfully started WsusService.
2017-04-07T21:04:25 Content integrity check and repair...
2017-04-07T21:04:25 Initiated content integrity check and repair.

pi-hole.net: DNS based ad-blocking

pi-hole.net is a fun little project. I set it up as a VM and set my DHCP server to use it as the DNS server and whammo! insta-adblocking.

GOOD:

  • Easy to install and setup. (Walk through the wizard to install, then update your DHCP server to use pi-hole as your DNS server.)
  • Fast and small. (Well, it was designed to run on a Raspberry Pi.)
  • Nice GUI and reports.
  • Effective.
  • Fun little weekend project.

BAD WISHLIST:

  • There is nothing bad, but I wish it would run under Alpine Linux. The Ubuntu server I spun up is terribly large.

RESULTS:

pi-hole.net doesn’t block everything that uBlock does, but it does catch an extra 3% more ads than without uBlock (according to the sites I visit), and it will help all the tablets and phones on your network that don’t have uBlock.

dashboard212[1]

Rebuilding WSUS gotchas

I had to rebuild my SUS server because the old one was still on Win2008 (x86) and I couldn’t get any of the Win10 Anniversary Edition updates.

After rebuilding the server, everything is going great. The service is installed, the updates are downloading, and I see that there are updates for the SUS server pending. So I apply them and reboot.

And the updates breaks SUS and the SUS Console giving me a constant “Reset Server Node” error.

I found this post with details to fix it. KB3159706 needs some post install steps done to unbreak SUS. (Why can’t these post install steps can’t be done automatically or with a warning?)

Summary of the fix:

  1. Open an elevated Command Prompt window and run: “C:\Program Files\Update Services\Tools\wsusutil.exe” postinstall /servicing
  2. Install HTTP Activation under .NET Framework 4.5 Features
  3. Restart the WSUS service.

Also, don’t forget to add the port (:8530) to the GPO:

gpo_update_settings.PNG

(I haven’t configured SSL yet. It is recommended, and it does change the port to 8531.)

LDMS 2016.3

Ivanti Landesk Management Suite 2016.3 is probably the most buggy it’s ever been. Ivanti Landesk has taken the crown when it comes to shipping a product so full of bugs that it’s hardly usable.

Here is a list of what I’ve encountered so far. Note that I haven’t dove deep into any of the features yet. I’m just trying to get AV and inventory stabilized.

  1. Kaspersky/Jabber/Win10 issue is back!
  2. Corrupt antivirus definitions on new agent installs.
  3. Security menu doesn’t work, so I can’t fix corrupt av definitions.
  4. Console extender renames items sometimes. Have to restart console.
  5. Console extender no drag n’drop. (bug or missing feature?)
  6. Legacy RC 2016.3 can’t remote control an older agent (2016.0).
  7. No software deployment run on older agents (2016.0).
  8. Can’t provisioning into VMWare Workstation. (I’ve tried editing the .vmx)
  9. LDAV.exe crashes when trying /updatefrominternet. (bummer, that’s the fix for #2)
  10. Uninstalling a partially installed agent fails and b0rks future agent installs. (I had to rebuild a server over this.)
  11. Coworker can’t install console until we install 9.6 console, upgrade to SP2 then upgrade to 2016.
  12. Restarting servers because of “Legacy API shutdown”. (Even though the agent is set to never reboot a server.)
  13. (UPDATE) Previous PXE agent service (2016.0) disappears off the PXE server w/o installing the new agent.
  14. (UPDATE) 2016.3 installer doesn’t detect x64 properly and tries to install Remote Console on Win7 SP1 x86. (These kinds of bugs really annoy me, because this is just sloppy workmanship.)

The first three are the most important. If I could get those fixed, the rest could me annoyances.

UPDATE 2017-03-10: Service Update 3 fixed #2 and #3.

Kindle Fire

Here are some of my first impressions with the $50 Kindle Fire. After using iPad and iPhones (and one stint of a Galaxy Nexus on Android 4.x) I needed something to replace an aging and slower iPad 2. (Curse you iOS 9, I want iOS 6 back.)

Screen – definitely not Retina-class. The ppi is 171. That shouldn’t be too bad for movies or books, but it’s noticeable when coming off of an iPhone. Fingerprints show up easily and I’m missing auto-brightness.

Speed – Not bad, but the slowness can be noticed. Heavy websites aren’t super speedy on the Silk browser. The rest of the OS is fine and mostly smooth if you’re not in a hurry.

Feel – I like it. I think it’s a good size. Fits most pockets and doesn’t feel too thin like an iPad does. I don’t have a case yet.

Weight – Enough heft to know it’s there. That can be good as I don’t think I’ll break it by handling it, and bad as it might get noticeable when reading a book. I might need a case that stands it up.

Software – meh, it’s Android. Which means there are dozen ways to do things and it’s annoying. A little cluttered with lots of default Amazon apps and “suggestions” (glorified ads) on every page. At least the ads suggestions can be turned off. Once I get used to it, it should be fine tho’.

I still have to get all my software on it. Lastpass, Plex, Netflix, etc… we’ll see how it does over the next week or so.

Bonus – SD card slot for expandability.

So far – Seems like I’ve been pointing out all the flaws. Actually, I like it. There’s actually lot of value for the money. Especially if you’re already in the Amazon ecosystem for books and videos (or Amazon Prime).

For reading and watching video should be a winner. For light browsing it should be good enough. Much better than my iPad 2, but not as good as an iPad Air 2. Of course I’m comparing wildly different class tablets too.

UPDATE – It’s been two weeks now and I’m not as impressed as I was. The CPU is too anemic for browsing and moving around the UI can be quite laggy. And the screen resolution is annoying for small text, which seems to plague a lot of websites with crappy mobile design. As a Kindle (book reader), it’s good, but don’t inflate your expectations beyond that.

Brave on ElementaryOS

I wanted to install Brave on a test ElementaryOS install and I’d rather use apt instead of the .deb file that’s on Brave’s main site. Brave does have a repo available but it won’t work with ElementaryOS out of the box. Here are the instructions.

The trick is here: “You will want to make sure the bottom line of /etc/apt/sources.list lists a new repository and doesn not contain the word lsb_release.”

When you run the two provided commands:

curl https://s3-us-west-2.amazonaws.com/brave-apt/keys.asc | sudo apt-key add -
echo "deb [arch=amd64] https://s3-us-west-2.amazonaws.com/brave-apt `lsb_release -sc` main" | sudo tee -a /etc/apt/sources.list

…’loki’ is inserted into the new source in /etc/apt/sources.list. Replace it with ‘xenial’.

Brave installed just fine with apt after that.