It's "powned" idiots not "pawned"

Technical blog of Rafael Wolf

OpenFire Web Chat confusion abounds online.  It drives me FREAKING CRAZY all the incompetence online lately and when I search for stuff I have to thread bits and pieces I find into a workable tapestry that THEN works.

It is taking all my strength not to %&*#*’ing swear and lose all “professionalism” as it makes me feel better!!!


So you installed Ignite Realtime Chat and now what?  My reference to get started was this blog: – not quite what I needed since any sane person setting up a server wouldn’t put a desktop on it nor would you access it then from a local host address.  It was a good start though and I got the JDK install string from them so eah, I’ll throw them a bone.


Install Ubuntu Linux LTS 14.xx

Install JDK (Java):  apt-get install openjdk-7-jre

Go here and download the .deb file for Debian – Ubuntu is based on Debian:

Note you can also do like I do and make a temp directory, I have a habit of doing that here:

mkdir /var/ftp

cd /var/ftp

Then you “wget” the file which when I did this it was the 4.0.1 version:  wget

Then do:  dpkg -i openfire_4.0.1_all.deb

Go to your hostname in your browser and configure the install:  http://yourhostname:9090.  Note that if you want to access it in the future use port 9091, I think it’s disabled by default I’m not sure, I quickly used 9090, went through the install and then accessed it on 9091.  You’ll want to get a legit SSL cert too eventually.

Now, that we’ve got it installed and YES it’s that freaking easy.  Done!  You can do a command to see where it’s installed, “whereis openfire”.  Note those two paths.


Install a few pluggins, go to:  plugins > available plugins:  Fastpath Service, and Fastpath Webchat.  Where the HELL is the fastpath webchat plugin?  %&*#*’ing hell some moron in their infinite wisdom doesn’t list it on the plugins page!  Who knows why the gods themselves did so, supposedly because of technical security issues, whatever.  You need to go to the forums and download the stupid thing.  Can you believe that?  WTF!!!???  Here is the forum url:  Again, are you f’ing kidding me?  The war file is here: so you can go do this to “install” the plugin:

cd /usr/share/openfire/plugins


Done!  Now go to the “plugins” tab and you should see fastpath and fastpath webchat!

Now, go to the fastpath tab > create a workgroup > do your thing > put your user into that workgroup, I deleted all the default crap and made my own.  I can’t hold your hand too much on this one…it would take too long and I’m not that committed to hand holding – be a good admin and figure it out ;-)  I got you this far!


The next thing is your HTML for the “chat button” on your website.  See if you can see your jive script file here:  http://yourhostname:9090/webchat/jivelive.jsp

…I’ll finish this momentarily, I have to work on something else.




DokuWIKI search not working or updating

I installed a DokuWIKI with https on Ubuntu 14.  It’s pretty straight forward however I rand into a small issue where search wasn’t yielding any results.

To fix this I found this article about using the indexer.php file from the command line.

What you do then is:

cd /var/www/bin… <- where your dokuwiki is installed, mine was installed in the root of www but most of the time you’ll find it in a /var/www/doku folder I think

chmod +x indexer.php

This makes the script executable.  You can test it to see if it works by typing cd .. > ./bin/indexer.php.  You should see it index.  Now your search works.  So what we now need to do is schedule that script to run.  It’s supposed to run with some pixel and when you update a page but for me, that’s not working and I don’t have time to figure that out so this is the quickest fix I can live with.

I usually make a folder in /var called ftp and put my notes, scripts and downloads into that folder…it’s an old habit.  You can put your script wherever you want, change the paths accordingly.

Create a script that we can put into a cron.

I usually do this to create the file:

touch /var/ftp/

nano /var/ftp/

Paste the below script contents into that file:

cd /var/www/bin

Save it.

Then type:  crontab -u www-data -e

* This is on Ubuntu anyway, you need to run the script as www-data or else it seems perms to the files get changed to “root” and it messes up the ability to save the meta information (wiki changes).  Reference: StackOverflow

Choose 2 > nano as your editor, it is the easiest editor in the list.

For our crontab put this in to run the indexer every 4 hours:

0 1,4,8,12,16,20 * * * sh /var/ftp/

Mind the space between the zero and the 1.  The zero means to kick it off at 1:00 for example, 4:00…if I had a 5 in there it would be 1:05 or 4:05.


PFSense postfix forwarder + mailscanner + freshclam contab

I recently brought email “in house” for a client.  The setup they had was:

mail going to their web hosting provider (CPanel web host) > they then had their email server (Exchange 2003) setup with a pop3 connector that would pop email down every 15 minutes to user inboxes > users would then get their email.

This setup is less than ideal primarily because:

  1. Email is delayed depending on when the pop connector checks it and the users check it.
  2. Connecting other devices like phones, tablets and such also experience receiving delays
  3. No real root access to the filter mechanism on the CPanel server

Ideally it should be as direct as possible and in your control as much as possible.

The solution I came up with was to replace their lame Netgear VPN firewall which was not a real solution because of how limited and inflexible it is with a far more flexible and feature rich open source firewall called PFSEnse.  We’ve got almost 30 of these deployed for a number of clients in various configurations depending on their needs.

What we needed then was an anti-spam solution since the one benefit of the CPanel pop connector solution was that server did a bulk of the filtering for viruses, malware (I assume) and spam.

We used postfix forwarder and connected it to active directory which worked PERFECTLY however, I wasn’t able to figure out how to filter out zip file and other attachments.  Eventually I found the solution and you can too if you check out their forums BUT what wasn’t clear was clamav and updating it.

As it stands, clamav doesn’t get automatically updated and you have to make a cron separately to do it.

So from the console do this:

  1. setenv EDITOR /usr/local/bin/nano <– that will set your editor as nano, otherwise it’s VI.
  2. crontab -e <– that will edit your root crontab if you’re logged in as root, and you should be
  3. I put this in as my cron:  * 0,4,8,12,16,20 * * * /usr/local/bin/freshclam

That should update clamav definitions every 4 hours, the first * = minutes, the second section with the 0,4, 8…etc is the hours in the day so at midnight (0 hours) it runs freshclam which fetches clamav updates.

I’d recommend using:  PFSense + postfix forwader + mailscanner

It seems like mailscanner started blocking zip file attachments (among others) and anything it missed, the postfix forwader header and mime mods I made also caught some.  In addition to the RBL’s it’s a solid system.

Note that in mailscanner you’ll get a footer in a blocked piece of content like this:  “For all your IT requirements visit:

That’s because those guys sponsor mailscanner I guess (or develop it, not sure) and you can edit that out on PFSEnse x64 bit in this directory, all the report text files have it at the bottom:


* Assuming you use the English version, if not it’s a directory higher and in the language you chose in the setup

The setup they now have is:  Email to their firewall which runs postfix forwarder tied to active directory for valid recipient checking > mailscanner to check for viruses, spam and bad attachments > postfix forwarder for more checking > user inbox.  It’s a fast, more direct and realtime method without much delay, certainly not 15 minutes!  LOL!


Vonage and Comcast troubleshooting notes

I had a client recently get Vonage Business.  We’re using a PFSense which is in my honest opinion, “Enterprise Class”.  It scales like no other for the price!

I’m going to document my troubleshooting, more to come.  My client was experiencing voice jitter, voice fading and call dropping on occasion.

The first thing I did was a trace route.  Linux that command is:  traceroute hostname, Windows it’s:  tracert hostname.  In my example I trace routed to the SIP provisioning IP / host name of Vonage which at the time of writing is:

I did the trace route on CTS Telecom (Fiber), Charter and Comcast.  The interesting thing is that on CTS and Charter it worked from start to finish!

I’m removing the first 5 hops so you don’t know where I live :P  Stalkers!

Charter HOME connection trace:

traceroute to (, 30 hops max, 60 byte packets

6 (  50.797 ms  42.233 ms *
7 (  41.505 ms (  20.111 ms  20.375 ms
8 (  21.629 ms  21.607 ms  21.618 ms
9 (  19.501 ms  50.857 ms  57.366 ms
10 (  76.101 ms  74.702 ms  75.813 ms
11 (  74.757 ms  72.764 ms  74.133 ms
12 (  64.993 ms  64.200 ms  64.097 ms
13 (  62.473 ms  52.542 ms  51.231 ms
14  * * *
15  * * *
16  * * *
17  * * *^C
…it never finishes!

Notice I preface this with a HOME connection…why?  Because the business Charter is DIFFERENT!

Charter BUSINESS trace:

Tracing route to []
over a maximum of 30 hops:

6    18 ms    15 ms    15 ms []
7     *        *        *     Request timed out.
8    30 ms    22 ms    22 ms []
9    20 ms    22 ms    32 ms
10    21 ms    22 ms    21 ms []
11    38 ms    38 ms    38 ms
12    37 ms    38 ms    38 ms []
13    50 ms    45 ms    49 ms []
14    40 ms    44 ms    55 ms
15    40 ms    38 ms    38 ms
16    37 ms    41 ms    38 ms

Trace complete.

It finishes and the ROUTES are different!

Charter must route their traffic differently based on home user or business.


Comcast was much like the Charter failures for home users: (  26.269 ms (  18.524 ms  17.141 ms (  29.193 ms  24.221 ms  27.240 ms (  22.148 ms  25.057 ms  22.213 ms (  24.499 ms  23.066 ms  27.972 ms (  31.775 ms  31.013 ms  31.473 ms
10 (  52.204 ms  55.201 ms  48.346 ms
11 (  46.763 ms  58.040 ms  48.552 ms
12 (  49.561 ms  49.876 ms  56.578 ms
13 (  53.821 ms  58.421 ms  46.651 ms
14  * * *
15  * * *
16  * * *
17  * * *


I had to actually call Comcast tier 1 tech support – yes, the people who just tell you to reboot your router.  Then, after discussing it with the tier 1 tech he logged into the modem I was on and did his own trace route.  He said, it works for me.  It finishes.  I said, really – what IP address did you resolve to and get to?  He told me and it was some IP address in the Netherlands!  I then insisted he get this escalated because who in their right mind would do VOIP from the midwest to servers across the Atlantic ocean to the Netherlands?  That makes no sense.

You have to push these guys to THINK!

After submitting my ticket, the trace routes FINALLY work like they should.

I can’t say this fixed my call quality issues but I’m still troubleshooting.  These things take time BUT don’t EVER rule out the ISP’s network as possibly causing the problem.  This is the 2nd time and ISP has had the problem with routing on their backbone that has affected service.  The other time I dealt with Frontier about their backbone in Muskegon, MI – they were great about it and I actually talked to the guy who fixed it out of New York.  I did an IP Who Is lookup which lists the maintainers email (that never works) and the telephone of the maintainer – which told me to call another number, then after a brief phone tree battle I got to the guy who fixed it!

Moving on…

I also updated / forced the phones on the network to use Google DNS servers, and  I am trying that rather than the local DNS server and in favor of using Comcast’s which is and  Comcast (believe it or not) DNS servers have 150 ms + ping times OMG!  Google DNS servers; something like 20 ms or less, maybe a touch over BUT they’re fast.  I don’t know if that will make a difference to the phone quality (probably not) but it’s another thing I’m touching and changing.

QoS might be next BUT once your traffic hits the public InternetS all bets for QoS are off.  QoS is really for your local network and routing but my client is barely touching their WAN – they’re too busy working and nobody steams or uses the Internet for more than work.

I’ll update this as I move forward, I thought about SIP proxy with the PFSense and QoS on that SIP Proxy per some tutorials on the PFSense forum but haven’t gone there yet.


I had an interesting thing I hadn’t seen before on a VMware guest that was a Windows Server 2012 machine.

System process (PID 4) 50% cpu or higher:  vmware 5.x + server 2012.

I looked at another 2012 server and noticed it had the e1000 NIC in it and I remember when building this current server I had changed it to the vmxnet3 thinking, oh…vmnet3 NIC must be better than the e1000.  I was wrong.  I don’t think Server 2012 likes the vmxnet3 for whatever reason (driver related) regardless of whether you have VMware Tools installed or not because I did; and it wasn’t having problems.  So I Changed the NIC from vmxnet3 to e1000.

Again; it’s related to a networking issue (References):

I don’t think any of those happen to actually say, switch from vmxnet3 to e1000 BUT that’s what I did and the problem went away!


I experienced something interesting the past week for a client.  Slow performance on iSCSI, SAN and VMWare when large throughput or heavy network i/o was occurring.  They had a setup like this:

VMware > All VM’s on a big fat volume iSCSI to the SAN > SAN < 1 TB volume

Inside the guest (Server 2012 for example), you then make an iSCSI connection to the SAN to run their db’s, file shares, etc.  They were using Sage 2014 and it was VERY slow especially when printing or running reports.   It took me what seemed like FOREVER to figure it out BUT in the end it was all about the MTU.  If you don’t know what MTU is, go look it up :P

In the end make sure your MTU matches this with a Dell setup:

SAN interfaces = MTU 9000 (they had a Dell Equallogix PS4100 – that might be auto configured, I think it is)
Switch where SAN & VMWare connect = MTU 9252 (they had a Dell Force10 S60)
VMware = MTU 9000 (that means ALL vswitches)

Note that you ALSO want MTU on the interface where your VM’s talk to the rest of your network.  For me that was the vmkernel port and the physical switch ports on the core switch that connected the physical to the virtual – MTU 9252.

There’s a decent kb from VMWare that pointed me in the right direction.  Oh, I also believe I disabled the ACK on the VMware iSCSI connector inside the VMWare server based on another KB but this didn’t really help me as far as I know, I have not turned it back on.  Again, check that out online if the MTU confirmation doesn’t work for you it might be the ACK on the iSCSI connector.



Command line uninstall of LogMeIn, I had a need and this is what fixed me up!

Reference:  IT Ninja:

Their solution only hinted at the fix – for me dumping or querying the registry didn’t show me anything.

1 – Download the MSI package from LMI’s website

2 – Copy the files to your target machine, I usually do this via UNC to the workstation:  start > run or type in \\workstation-name\c$ > enter.  That’s the administrative share.  Then I usually copy stuff to c:\temp

3 – Download PSTools from Micro$oft, unzip it co c:\temp\pstools, open a command prompt then execute the command to that workstation so you can get a remote command shell:  psexec \\workstation-name -u yourdomainhere\youruserhere cmd <- Then hit enter.  It will ask you for a password.

4 – Then:  cd\temp

5 – Then:  msiexec /x c:\temp\logmein.msi /qn

6 – Then:  Reboot with:  shutdown /r /t 10 /c “Rebooting – RW” /f

7 – Log back in with a remote cmd using PSTools and PSExec then run the batch file or command line installer you can download from their deployment option on the LMI website.  Mine was something like this:  msiexec.exe /i c:\temp\LogMeIn.msi /quiet DEPLOYID=00_longstringofgarbateblahblahblahblahblah INSTALLMETHOD=5 FQDNDESC=1

* I think that long string of garbage is somehow tied to your account – it lets you install the msi via command line.

On the IT ninja blog they said to query an uninstall registry but I couldn’t find my LMI in there ANYWHERE and I dumped the entire registry hive for the key and all subkeys and looked.  I find that doing an uninstall and pointing it at the MSI that it would read that MSI and uninstall it EVEN IF it’s a newer version ;)

After kicking off the install with that msiexec /i command pointed to the logmein.msi file I got the email that the workstation has been added and I could get in!



Auto Desk and Auto Cad are losers!  Capital L!

Their downloader is junk and I’m here telling you so and you’re here BECAUSE you know it!

If you can’t download using their Akamai net session downloader garbage do this.  I mucked around with this for over an hour which is why I’m angry – they owe me time on my life!

Download this Akamai installer 64 bit installer or 32 bit installer > install > then go back to the AutoCad website, re-download your trial or application > agree to the terms > then install > AND TIP ME ON THE RIGHT VIA PAYPAL!  $2 dollars please!


Office 2010 Starter Edition Download

Supposedly you can’t get Office Stareter on a computer unless it’s OEM from a manufacturer.  I saw on a Dell forum a guy crying out about it because his hard drive went bad.  I had a clients hard disk go bad too and they couldn’t live without office starter even though it’s a minimal office version with ads.

That will help you put Office Starter back on your computer ;-)

Updating BIOS and BMC on a Dell SC24

Un – FREAKING – real!

I managed to (biting nails, fingers, wrists and arms) to update the BIOS and BMC on my Dell SC24.  I purchased mine from Stallard Technologies.  Here’s the link to the server:

I’d recommend calling and asking for William or Geoff, a couple of sales guys from that place I do business with.  I am NOT in any way making money by putting a link to their site, I in no way work for that company and I in no way have ever met them.  I pretty much email them and have spoke with Geoff about some RMA’s because a system I put in didn’t go well (blogged about the Dell drive controllers on another post).

Back to business!

References for this “how to” are as follows – again, NOTHING I found was clear cut and nobody held your hand like I’m going to…I’m that sensitive!  LOL!

The most helpful:

The second most helpful and the post that got me going, it was the first one I found:

Now down to brass tacks.  I recommend BEFORE doing anything you read those two posts AND my entire post – yes even the bottom – just so you know how this crap works OK!  If I EVER catch you trying something WITHOUT understanding it first…I’m bringing the pain!  Running scripts without reviewing them, downloading junk on the Intenet then applying it to hot machines…big mistake.  I am a fairly trusted sources though BUT STILL!  Please understand what YOU are doing then we’ll all be a better race.

Another side – if this made things easy as pie for you, how about a $5 donation…or a $2 donation?  On the right hand side toward the top you can PayPal me –>       :-)

Donations received:

  • Eder Torreiro – Spain ($2 April, 2014)

1 – Fire up your server, get into the BIOS by hitting f2.  Navigate in the BIOS screen to your BMC and find out what IP address it is.  I think by default it’s set to DHCP.  I believe under the BIOS screen it’s under the “Server” area.

2 – Open a web browser and try to get into the BMC – it’s usually:  https://IPaddressHERE:447 or maybe port 81.  Mine was :447.  The default user will be one of two things.  root:root (like mine was) or root:changeme (per the documentation for this BMC).  By the way I think it goes without saying that in order to connect with a web browser to your BMC you need to have it plugged into ETHERNET.  It’s the optional NIC next to the 2 onboard dual NIC’s.  Plug that in first, then do the above step in the BIOS to find the IP address.

3 – Now that you’ve established you can get into your BMC go to:

BMC Version (tab):  You should see something LESS than 1.95 for “Firmware Revision”

Server Board Information (tab): You should see something LESS than “S45_3A20”.  Mine started out at BMC 1.10 and FW S45_3A09.

4 – Go to this website and download rufus, it is quite nice:

5 – Make a freedos boot disk on USB.  This assumes you have a USB disk you can live without for now as it WILL wipe out all your files so back that disk up!

6 – Download my files that I collected from the above forums:

7 – Extract them to your desktop or something.  On your pen drive make a directory called “bios”, copy the files you just extracted there.  Feel free to look at the bat files, you’ll be calling them in the DOS environment, nothing sexy as it could be here but eh; it gets the job done!

8 – Reboot your server, you might need to do another “F2” and get into the boot options making your USB drive the fist boot device, I had to.

9 – Boot to DOS, you’ll see a “c:\” just sitting there if you’re successful and I know you will be because you’re under expert tutelage :P

10 – NOW, here’s the warning – this has ONLY worked on my SC24.  Like all the other losers online I make no warranties or guarantees.  It’s now time for YOU to do some nail biting :P

11 – cd bios

12 – bios.bat – per the bat file contents it will backup your current BIOS to “S45_3A09.ROM” and then slap the new one on there for you.

13 – That will get done successfully

14 – bmc.bat – per the bat file contents it will backup your current BMC version to “backup.BIN” and then slap the new one on there for you.

15 – When it’s successful you can do a ctrl + alt + del.  One commenter on the forums said yank the cord but I don’t think you have to…even though I pussed out and did!

NOTE:  Don’t cry too early – you WILL GET AN ERROR, FANS WILL SCREAM.  The BIOS will get a “checksum error” BUT it will say…resetting to defaults in 5 seconds.  Your server will reboot and all will be right with the world.  DO NOT NOT NOT YANK THE CORD if you see this checksum error.

Another note:  I have VMWare 5.5 with all the updates and the server is STILL misbehaving.  I might try and back rev it to 5.1 or something.  The processors are at 50% utilization or higher with NOTHING on them.  A real shame but I don’t think the SC24’s are on the HCL for VMWare so…that’s what I get.

If by chance you need to restore your firmware or your BMC firmware, you can – we backed it up.  You’ll need to edit those batch files and point them to the backups to do a “restore” but if it works I don’t know who would want to go back.

0 visitors online now
0 guests, 0 members
Max visitors today: 3 at 01:26 am UTC
This month: 7 at 01-19-2017 07:43 am UTC
This year: 7 at 01-19-2017 07:43 am UTC
All time: 57 at 12-07-2016 02:39 am UTC