All posts by Fawcs

The author is working as an IT-Systems Engineer for an Austrian company and has spezialiced on Linux (RHEL), Deployment and Monitoring but is also working with VMware, Windows, Cisco, ...

WSUS Server unable to obtain updates

If a WSUS server fails to obtain updates with the following error: “wsus the request failed with http status 404 not found” this might be because it still uses an old/outdated URL ( to obtain the updates from.

This can be checked and changed with the following PS1 Snippet:

$server = Get-WsusServer
$config = $server.GetConfiguration()
# Check current settings before you change them 
# Update the settings if MUUrl is
$config.MUUrl = ""
$config.RedirectorChangeNumber = 4002
Restart-Service *Wsus* -v

PowerShell AD Snippet

Simple snippet to get a list when the passwort of a service user was set the last time.

Get-ADUser -Filter 'Name -like "svc*"' -Properties * | select Name,@{name ="pwdLastSet"; expression={[datetime]::FromFileTime($_.pwdLastSet)}}

Requires the Active Directory Powershell module to run.

Command must also be run in an elevated powershell session (Run as Administrator)

Otherwise the pwdLastSet attribute will not be obtained!

Sid To Username

        HelpMessage="User SID"
$objSID = New-Object System.Security.Principal.SecurityIdentifier $user_sid 
$objUser = $objSID.Translate( [System.Security.Principal.NTAccount]) 

Simply check if login on an ESXi works and return it’s license

Just a simple script to test ESXi Connectivity and return the current license state of the server by using PowerCLI

    [Parameter(Mandatory = $true, HelpMessage = 'Provide username for login on ESXi')]
    [String] $username,
    [Parameter(Mandatory = $true, HelpMessage = 'Provide password for login on ESXi', ParameterSetName = 'Secret')]
    [Security.SecureString] $password


#check user/pwd
if($username -like "" -Or $password -like "")
    Write-Host -ForegroundColor Red "Username/Password seems wrong"

#define domain

#disable certificate checking as we have self signed certs
Set-PowerCLIConfiguration -InvalidCertificateAction Ignore -Confirm:$false


foreach($var_host in $hosts)
    Write-Host -ForegroundColor Yellow $var_host"."$domain
    Connect-VIServer -Server $var_host"."$domain -User $username -Password ([Runtime.InteropServices.Marshal]::PtrToStringAuto([Runtime.InteropServices.Marshal]::SecureStringToBSTR($password)))
    Disconnect-VIServer $var_host"."$domain -WarningAction SilentlyContinue -Confirm:$false
    Write-Host -ForegroundColor Cyan "~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~"

Dovecot: convert mdbox to mbox format

Dovecot comes with a proprietary mailbox-format (sd/mdbox) that provides some benefits in regard of compression and performance but is not really readable with nothing else than an editor.

It seems that there are very little information on how to convert the sd/mdbox-fomat to mbox (at least nothing copy and paste like if you aren’t a dovecot admin and have no clue ;))

So here is one possible-way it could be archived:

To work around adapting the dovecot-config and running a dovecot-service for dsync to use, we can also pass configuration parameters (by default dsync uses the dovecot-configuration file stored at /etc/dovecot/dovecot.conf) directly to dsync.
With that trick there is no need to configure & start a dovecot service.

An example command to convert a mailbox in mdbox-format located in the users home dir under mail to mbox format would look like:

dsync -o "mail_location=mdbox:~/mail" backup mbox:~/dstest

Converting to other formats like maildir might require additional configuration parameters within the /etc/dovecot/dovecot.conf file as namespaces or similar.

Override options specified via “-o” must be passed directly after the dsync command and before “backup”

For converting a mailbox the “backup” attribute is recommended as this will do a 1-way-sync.

Windows – Automatically power on printer on new Print job

My printer at home is powered of most of the time to save power as I’ll only print a couple of pages once every while.

As i was teached that technicians shall be lazy I use a Sonoff POW R2 to work around getting up and switching on the printer when I want to use it. The Sonoff was flashed with Tasmota to as I don’t want some chinese company to have some backdoor within my IOT-home net.

However, I still had to open up the sonnoff webpage every time and hit the power-on-button for my printer to come up and that’s still some work to do which could be avoided in honor of laziness.

So, the ingridents to a lazy but power saving printer are:

  • The Tasmota WEB API
  • Windows Event Log
  • Windows Task Sheduler

We can configure a Task that’s running in case a specific event log entry is appended to the event log and call the printer’s API to switch on the power every time somebody adds a new print job to the OS printer queue.

Event log config (eventvwr.msc)

The entry we want is: “Microsoft-Windows-PrintService/Operational” (Applications and Service Logs -> Microsoft -> Windows -> PrintService : Operational)
That log needs to be enabled first:

Once that’s done there will be new entries every time a new printjob is added:

The interesting part is the Event with the ID 800 -> that’s the one we are looking for as it logs that there is a new spooling job.

Create a Batch-Script to call the Tasmota API

That’s pretty easy. I suggest to simply create a batch script witht he following content:

@echo on
C:\Windows\System32\curl.exe "http://<IPADDRESS>/cm?cmnd=Power%%20On"

As curl already comes with newer installations we can simply use it for our call. A powershell could also be used, but by creting a batch script we do not have to deal with the PS-execution policy settings and getting them correct to work.

Create a Task (taskschd.msc)

A new task needs to be created. The Trigger is a specific event-log enty:

With the correct event configured:

As an action we just want to start a program which is the batchscript witht he content from above.

Once that’s done, the script will be run by the task scheduler every time someone hits the “print” button. Running the script will power up the printer automatically and Windows will print the page as soon as the printer is reachable. – so nomore getting up to power the printer manually 🙂

Kiwix – Make Wikipedia anD other websites availAble offline

In some cases it might be handy to have a website available offline for cases where no internet connection is available.

With Kiwix and the ZIM-package format it’s quite easy to do so. It can easily be run on a Raspberry and made accessible on the local network.

To automate updates of ZIM packages I wrote some little scripts which are available in the following Github repo:

Information on how to use the scripts can be found in the readme in the GIT repo.

To automate the process of updating ZIM packages once a month the “” should be added as a cronjob to your crontab:


#cat /etc/crontab
45 2    1 * *  <username> /<path_to_script>/

Will start an update on ever 1st day of the month at quarter to 3 in the morning.

(35) error:141A318A:SSL routines:tls_process_ske_dhe:dh key too small

When using Zabbix on a Centos8/RHEL8 machine the following error occurred whil trying to monitor an HTTPS-website via the build in web scenarieos:

(35) error:141A318A:SSL routines:tls_process_ske_dhe:dh key too small 

The error itself also shows up when trying to use curl to connect to the website:

$ curl -D - https://<some-legacy-website-> -k
curl: (35) error:141A318A:SSL routines:tls_process_ske_dhe:dh key too small

That error occurs if the server uses an older cipher-suite that’s considered unsafe by the default crypto policy used in Centos8/RHEL8.

To work around that problem, the legacy cipher suites must be enabled by:

# update-crypto-policies --set LEGACY

Although a restart is recommended after issuing the command, for me it also worked without the need of issuing a reboot.

Removing Android Bloatware and backing up Stock aps

Quite a lot of new Android devices come with lots of bloatware that is preinstalled on the phone/tablet. For some apps it’s possible to deactivate these apps in the built in app management. However, most apps are installed as system apps and do not provide the possibility to be uninstalled.

Thankfully there is a possibility to also remove these apps via ADB.

Before removing any app it’s advised to first create a backup of all the installed APKs in case you remove any app that might be needed and therefore cause errors.

adb shell pm list packages > installed_packages.txt

foreach($line in ( Get-Content .\installed_packages.txt) )
    $app_path=$(adb shell pm path $app).Split(":")[1]
    Write-Host -ForegroundColor Yellow "$app : $app_path"
    adb pull $app_path ".\backup\$app.apk"

The above script will create a backup of all APKs currently installed on the device (including the ones which have been installed by the user).
To successfully run the script, adb needs to be in the path and initially pairing between the PC and the Android device must be established.

Removing the bloatware:

adb shell pm uninstall--user 0 <packagename>

#e.g. for AR-emoti-apks provided by samsung
adb shell pm uninstall --user 0

Lists of mappings between the readalbe name (like in the Android apps management) and the package name (for Samsung devices) can be found on (e.g.

iPXE Network boot that supports Virtualbox VMs

iPXE is pretty nice when it comes to network booting computers as it offers lots of scripting functionality at a very early stage of the deployment as it could be configured to load an iPXE script from an webserver. The script provided by the webserver itself can be created dynamically with any scripting language of your choice depeding on parameters that get handed over.

That provides the possibilityty, to automatically roll out systems that have been specified in an inventory. In case a machine can not be found in the inventory you could provide a menu where an users can manually choose what shall be done and lots more.

Not a problem for bare metal machines and also most VMs. However – Oracle with Virtualbox – also seem to have discovered the advantages of virtual box for their virtual machines and every Virtualbox VM will initially load iPXE.
As that’s an iPXE binary with very little capabilities, this could cause issues when trying to PXE boot an Oracle Virtualbox VM via iPXE as the dhcp-server used for iPXE will get the iPXE identifier form Oracls built in iPXE binary instead of the one that will be initially provided via the DHCP-server.

If the iPXE-script, which is loaded in the second stage, uses the console-command, the deployment will halt as that functionality is not supported by Oracles iPXE binary.

To work around this problem we can modify the user-class identifier provided by our iPXE binary to provide something different than the default “iPXE”-string and use that to make sure that our dhcp-server will always provide our ipxe binary in case a new client tires to PXE boot.

To change the “iPXE” userclass string to a custom string, you have to open the “src/net/udp/dhcp.c” file, once the iPXE repository was checked out.

The interesting part is somewhere down at line 90 in the file:

If you don’t want to change to much code – just change any character to somthing else:



Whatever is defined there will be the new user-class identifier that can be used to determine if our custom iPXE was loaded or if the iPXE binary from another vendor is used.

Once the change was done the ipxe file needs to be recompiled and copied to the tftp servers directory.

The check for the custom user-class identifier in dnsmasq would look like: (CSTM as the userclass identifier)


# Boot for iPXE. The idea is to send two different
# filenames, the first loads iPXE, and the second tells iPXE what to
# load. The dhcp-match sets the ipxe tag for requests from iPXE.


A nice example on how dnsmasq can be configured for iPXE can be found at in the iPXE Forum.

Simple script to test if the chan works properly:

console --x 1024 --y 768

VM stuck in invlaid state after export

After trying to export a VM and cancelling the export it could happen that the VM is nolonger reponsive (no start, unregister, delete, … possible)

The hostd.log (in the /var/log directory on the ESXi) will show an error similar to:

2021-09-07T10:55:19.583Z error hostd[2099544] [Originator@6876 sub=Vmsvc.vm:/vmfs/volumes/XXXXXXXX-05c01598-574e-88d7f6d5ef52/myvm/myvm.vmx opID=esxui-6c72-aafe user=root] Invalid transition requested (VM_STATE_EXPORTING -> VM_STATE_DELETING): Invalid state
2021-09-07T10:55:19.583Z warning hostd[2099544] [Originator@6876 sub=Vmsvc.vm:/vmfs/volumes/XXXXXXXX-05c01598-574e-88d7f6d5ef52/myvm/myvm.vmx opID=esxui-6c72-aafe user=root] Method fault exception during VM destroy: Fault cause: vim.fault.InvalidPowerState

It seems the VM is somehow stuck in the Exporting-state and therefore no other operation is possible on the VM .

As a workaround log in to the ESXi Host and restart the Management Agents (