Yearly Archives 2011

The first, last and only impression

By : Sean Brown |November 07, 2011 |Clicks and Bits |1 Comment

Meeting new people can be a traumatic and anxious event in your life, especially in the employment process; sadly, little emphasis is given by the majority of people during this crucial step – the first impression.

The instant I meet you, you have less than 15 seconds to define how our [working] relationship evolves – Sean Brown

In my management career, I have been directly responsible for hiring, evaluating/promoting and firing people and have supervised teams across multiple offices.  I have seen every type of individual walk through my office door to interview with me, from desperate individuals (about to lose their house in foreclosure) to un-kept slobs in shorts and a t-shirt, don’t get me wrong – there are a select few individuals who do it all right, but it’s few and far between.

Let’s start by identifying some of the areas EVERYONE should work on…

On-line reputation

I discussed this in detail in my Identity vs Anonymity post last week and went into a lot of detail about making sure your on-line reputation is squeaky clean. Things you should do to avoid a potential employer from passing you up.

Make sure ALL of your social networks are set to private and not shared with the public (or indexed by search engines).  Why? Because recruiters/human resources personnel routine use your email address on your resume to search you out on social networks.  Them seeing “I was so drunk last night” status updates isn’t a good first impression and will prompt them (with a variety of reasons) to look for other candidates better suited for the job.  While you CAN make the argument about those tactics are discriminatory (and in my opinion they ARE) it’s not discrimination because you never knew and will never know if they ever considered you in the first place…

Use a PROFESSIONAL EMAIL ADDRESS for all employment correspondences!  An employer will not take you seriously (especially if it is anything more than entry-level) if they’re emailing partyanimal69@aol.com; Again, other “more qualified” candidates will be called instead.  Go to Gmail, Yahoo or any one of the 23,549,072,001 free email services out there and get a simple john.doe@email.com or anything related to just your name (not activities, colors nicknames or animals you like).

If you’re legitimately looking for employment, you MUST check your email multiple times a day; with smartphones this is a lot easier, but if you can’t afford that luxury in an unemployed status, make sure to check your email and immediately respond to any employer responses AS SOON AS POSSIBLE.  If an employer has questions or needs more information from you, assume that they have asked these questions to everyone and now the clock is ticking to see who gets the information to them first so they can figure out who they want to interview.

Resume & Cover Letter

This is [BY FAR] the worst section everyone needs help on (I won’t lie, I was horrible at this until I was in a position of management and saw [first hand] how it affects an employer’s view of a potential employee).

Do your research on your potential employer, find out what they’re doing, why they need this position filled (is it a new position? are they replacing an existing employee?) and how you can make a difference for the company.  Gather as much information about them, as you feel is necessary.  You’re not [only] being interviewed for the position, but you’re also interviewing to see if you would like working for this company.

Your cover letter is “the knock at the door” asking for permission to enter.  What content you write in here determines IF the person reading it is interested enough to flip to page 2 to read your resume.  Typically cover letters should accentuate you as a person, your ethics and brief synopsis of related experience which would put you ahead of the other candidates vying for this position.  Spend some time on this very important step and USE SPELL CHECK!

You do not have “one resume,” you have “one resume for each job you apply for.” This is one step where it will add a LOT of time and effort in finding a job, but will pay off quickly if done right!  Sending the same “generic” resume to every company shows that you’re doing what it takes to “meet the minimums.”  Take the time to customize your resume specifically for the posted needs in the job description, citing any relevant work you’ve done with what they’re specifically looking for.  The more information you include that is relevant to the posted job means the recruiter/human resources individual is going to pass your resume on to the hiring manager to consider.

Appearance

Individuality is what makes everyone different; Unfortunately, it also is what gives the “next guy” the job and you looking for another. Mohawks, green hair, visible tattoos and extreme piercings are all completely acceptable… If you want to work as a mechanic.  In the Information Technology industry, there is an unwritten “code of appearance” for people who have to interact the other employees, customers or vendors.

Again, people can logically make the argument that it is discrimination, but [again] they’ll never disclose why they didn’t hire you except for the standard “We’ve chosen another, more qualified candidate…” line of BS.  In this section, I fully agree with the employer, not the potential employee.  Why? Either facing customers, vendors or colleagues, you are a representative of the company as a whole, not a statement of individuality.  If you’re applying for a professional position, paying a professional wage, you MUST adhere to the generic standard of clean-cut, well groomed and modest attire.

While I agree that everyone should be able to customize their appearance in what ever way they see fit, the fact is that it absolutely, without a doubt will affect your ability to land the job [and pay] you want.  If you’re going to become an individual and make changes to your appearance to appease you (and you only), make sure it is easily concealable (especially tattoos).

First Interview

When interviewing for a potential job, put some effort into getting there on time! I can’t stress this enough – SHOW UP EARLY.  If you’re not familiar with where the address/area, take a drive by the location the day before and get your bearings, figure out any detours and the best way to get there.

Dress appropriately – Under no circumstances should you expect to dress down for this event (unless they specifically ask you to).  Men should be clean shaven in a suit with modest tie.  Women have a lot more flexibility, however under no circumstances should you wear anything revealing.

Bring a few copies of your resume, reference letters/contact information and have your drivers license, social security card and other identifying information (in case they ask you to fill out paperwork).  Be organized and prepared for every situation during an interview – be prepared to talk about your career highlights and your biggest challenges.  A skilled interviewer will ask you open ended questions trying to provoke a specific response, emotion and to see how you handle the question and/or situation.  If they ask you a direct question, give a direct response.

DO NOT DISCUSS SALARY DURING THE INTERVIEW unless they specifically ask you about it.

At the end of the interview, ask for their business card and end things with a firm handshake, thanking them for the opportunity to interview.

Follow up

After the interview, be sure to follow up with the person/people who interviewed you; Send them a thank you email and ask them if there is further information they need.  This step will ensure that if they liked you, your name will be in front of them, readily accessible to call you back again.

With the current state of the economy and unemployment rate, you need to realize that you may not be chosen for a variety of reasons.  It is very important to understand that you need to keep up the effort and get in front of as many potential employers as you can, keeping in mind that your first impression is your ONLY impression with them.

Read More

Indentity vs Anonymity

By : Sean Brown |October 31, 2011 |Clicks and Bits |2 Comments

I find it interesting that the word “googling” is “officially” listed as a verb in Merriam-Webster’s online dictionary; Everyone [at some point] has googled themselves – not out of egotism but out of curiosity.  If you have a unique name your search results are generally focused on you, a common name – not so much.

Ask you self… Why are there so many results for my name? What is relevant and what is not?  Is there anything out there that shouldn’t be?  How the hell did it get there?

How it got there?

(Sorry for the history lesson) Since the beginning of time (well almost) humans began keeping records of things… Take the ancient Egyptians, laying King Tut to rest in elaborate tombs filled with decorative paintings, sculptures and artifacts – all telling a store of his life up to his death in (approximately) 1323 BC… Fast forward roughly 1500 years to sometime around the 2nd century AD, the Chinese invent paper (hemp scrolls) and begin keeping tabs of things.  This event marked the beginning of document-based record keeping which has evolved from scribbles on odd-shaped hemp paper to the organized record keeping era of the 1960′s to today’s digital age of on demand information at the speed of light.

With the continual evolution of computer processing, storage and inter-networked databases, information is being continually digitized, archived and made available to anyone (good and bad) who knows where and how to find it.

Where does it come from?

  • Public records
    • Purchased/refinanced a house
    • Traffic infraction
    • Civil or Criminal proceedings
    • Owned a business
    • Historical archives (family heritage)
  • Public Utilities
    • Home phone
    • Power company
  • Creditors
    • Credit Card companies
    • Car loans
  • Social Media
    • Facebook
    • Twitter
    • Myspace
    • News paper articles

The list above is quite broad and includes on-line indexing and direct marketing (usually shows up in your mailbox as “pre-screen offers”).  Yes there are differences, but i’m not going to get into that in this post; no matter how you slice it, if you find your information on the internet it was placed there by someone.

How accurate is it?

In the most basic sense, the information you see about yourself is as accurate as you make it; obviously if you have common name shared with lots of people, information may cross paths but if you bought a house, it will show up (assuming your bank verified your identity).  If you’ve received a speeding ticket (guilty or not) it is logged as public record and it will show up (assuming it’s your drivers license).  If your facebook/myspace/google plus pages are not private, your posts, friend associations, interests and pictures will all be indexed and will show up.

How do I fix my online identity?

Well this is a little harder then it sounds…  There are plenty of web sites that allow you to find people; all of these sites simply scour the internet, public records, direct mailing lists and other sources to compile a huge database of information.  Most of the larger sites have easy ways to remove or update your information.

BE AWARE that any information you use to remove or update the profile with it now stored in the respective site’s databases! All sites SHOULD have a privacy link (usually towards the bottom of the page) – this link does provide a lot of useful information about what information is kept, how it’s used and the ability to remove or opt-out of communications from that company or companies it chooses to share its’ marketing lists to.

You should know that the internet is a nasty place – anything that’s been indexed by google or other search engines or sites is typically kept forever… yes… forever.  If something is wrong or there is derogatory information, if is YOUR responsibility to fix it, not the web site owner.  As an IT professional I’ve helped people clean up their identity, some easy, some involving lawyers, litigation and DMCA notices for removal of copyrighted information.

Identity vs Anonymity

Either way you choose, your online identity is something that is being used by marketing companies to send you junk mail (electronic and in your mailbox), private investigators to find you, old friends looking to get in contact with you, identity thieves to steal identity and even potential employers to pre-screen job applicants based upon what they see about you.

No matter what you use the internet for, be very careful about what information you give out and also what information is already available for others to see.

Read More

ECONNREFUSED while connecting to mxlogic.net

By : Sean Brown |October 27, 2011 |Microsofft Exchange Server |10 Comments

Junk email sucks but nothing’s worse than sending [legitimate] email and having it being inadvertently flagged as spam.  What makes things even worse is when the company filtering you has horrible support and virtually no [easy] process in place to get unblocked;  Surprisingly i’m not talking about AOL!?  We all remember way back in the day when AOL upgraded their spam filtering and put in place IP reputation checking and rate limiting; today’s version of AOL is a McAfee and their mxlogic.net spam filtering.  Essentially it’s a hosted or “cloud based” service you put in between your domain name and your email server to eliminate junk mail.

This all sounds GREAT, but McAfee and their mxlogic.net team have a horrible method to support their product – not from the paying customer side, but from the legitimate non-customer trying to communicate through it.

The issue is quite simple:  The client I was supporting had two outbound SMTP servers in different geographic areas of the country, both sites are fiber optic, business class service with static IP addresses.  Their domain name A records are setup to load balance in-bound email between both sites; their outbound email cluster is setup to distribute outbound email to which-ever site has a lesser load.  Both sites have correct MX and A records setup in DNS, both sites have matching PTR records on their IP address matching the SMTP banner at each site however mxlogic.net has flagged one of our two sites and half of our servers cannot send emails to *ANY* customer using McAfee’s mxlogic.net service.

I am appalled and shocked that this company is blocking a legitimate, properly setup server that has a GOOD IP reputation, zero virus/spam activity and is not listed on ANY blacklist services;  What boggles my mind is that they’re blocking it from not one one domain, but EVERY domain using their service.

(oh yeah, and for anyone wanting to defend them) The ONLY spam service we had a problem with was McAfee’s mxlogic.net; we haven’t had any issues communicating with postini, AOL or any other hosted/cloud spam services/products.

Where things get tricky is actually fixing the problem -For a good laugh, google “mxlogic.net” and “how to remove listing” and you’ll find thousands of articles written by frustrated techs just trying to get their user’s email delivered, NOT spamming the earth with “enlargement” techniques.

Sadly, when you contact mxlogic.net, their support team is less then willing to help you out since you’re not a paying customer of theirs.  They ask everyone to “contact the user who you’re trying to send to and have them open a ticket”

I was tasked with fixing this problem today and went through every avenue of support with mxlogic.net (i am NOT their customer) and spoke to technicians, managers, sales and [i think] a director-level person and EVERYONE had a firm footing of not wanting to help.

I finally managed to get a hold of someone who gave me a little-known (and definitely not published) way to submit a request for investigations to have a blocked IP researched and figured it would be something good to share with the world.

[social-locker]

MXLOGIC.NET support phone number: 1-877-695-6442

Link to web form to investigate false-positive listing: http://mcafeesews.com/postmaster

[/social-locker]

 

I will admit that I typically keep a neutral stance on items and very rarely blast a company for shotty service, but McAfee’s spam filtering “solution” is BY FAR one of the worst companies to deal with if you don’t pay them money (in the aspect of not being their customer); I’m sure they boast some BS of having the lowest spam rate, but they’re also blocking legitimate corporations, properly setup and configured per the standard, globally accepted SMTP configurations.

In my opinion, if you’re going to offer a product and want to keep a calm, drama-free relationship with your customers, support them – NOT ONLY the end-users but the legitimate people who are trying to talk to them.

Read More

LACP, PAgP, Etherchannel not working, %EC-5-CANNOT_BUNDLE2

By : Sean Brown |October 26, 2011 |Cisco |2 Comments

I’ve been dealing with an upgrade project to upgrade the entire corporate networked infrastructure for a company.  The project has been moving along without incident up until yesterday; I ran into a significant problem with link aggregation not working “as described”.

Scope of work:

Enable link aggregation of backbone connections between core switches and floor distribution.  The goal is to bundle two gigabit Ethernet trunk connections from diverse cards on the CORE01 switch together to allow for 2gb bandwidth between core & distribution switches and for fail over/fault tolerance where if one of the connections failed, traffic would be seamlessly shifted to the remaining connection.

Equipment used:

CORE01:

Cisco Catalyst 4507

IOS firmware 12.2(20r)EW1

FLoor Distribution (FLDxx) switches:

Cisco Catalyst 3560

IOS firmware 12.2(25)SEE3

[image size="large" lightbox="true"]http://www.sleepyshark.com/wp-content/uploads/2011/10/lacp-pagp-etherchannel-setup.jpg[/image]

Background:

The trunks between floors are essential in carrying multiple VLANs to the port-level and/or allowed for devices to tag to specific VLANs on each FLD0x switch; VLANs are used for security, network management, voice traffic, data traffic and servers.

The issue I experienced when setting up standard LACP or PAgP (Cisco’s proprietary version of LACP) configurations is that once the links were bundled, each interface would show up/up, but the port-channel would should down/down and never try to negotiate a connection using either LACP or PAgP; I commonly saw this console message %EC-5-CANNOT_BUNDLE2.  I went back and forth looking at my configs which were all correct, however using either LACP or PAgP, the port-channel trunk would not come up.

Solution:

[social-locker]

I managed to find an obscure Cisco document outlining how both LACP and PAgP work, which confirmed my initial configurations, however one small foot note caught my eye; “In order for trunks to use LACP or PAgP, you must enable trunk encapsulation on both the interface and port-channel”.

Essentially, in the debug output of LACP and PAgP, I kept seeing no negotiation of the LACP or PAgP frames.  The fix was simple, once you understood how Cisco tiers their interfaces and port channels and what is required configurations on the interface which interacts with the port-channel.  Please use the figure (above) on this post to understand where the configurations were added, please note that I shortened the output significantly and only shows how I fixed one of the five switches, simply repeat the configs for as many switches and/or bundled ports you have and viola!

CORE01# sh run
!--- Output suppressed.
!
interface Port-channel1
 description Trunk-to-FLD01
 switchport
 switchport trunk encapsulation dot1q
 switchport mode trunk
 spanning-tree portfast trunk
 spanning-tree guard none
!
!--- Output suppressed.
!
interface GigabitEthernet3/33
 description FLD01_Trunk-A
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-protocol pagp
 channel-group 1 mode desirable
!
!--- Output suppressed.
!
interface GigabitEthernet4/33
 description FLD01_Trunk-B
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-protocol pagp
 channel-group 1 mode desirable
!
FLD01# sh run
!--- Output suppressed.
!
interface Port-channel1
 description Trunk-to-CORE01
 switchport
 switchport trunk encapsulation dot1q
 switchport mode trunk
 spanning-tree portfast trunk
 spanning-tree guard none
!
!--- Output suppressed.
!
interface GigabitEthernet0/1
 description CORE01_Trunk-A
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-protocol pagp
 channel-group 1 mode desirable
!
!--- Output suppressed.
!
interface GigabitEthernet0/2
 description CORE01_Trunk-B
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-protocol pagp
 channel-group 1 mode desirable
!

[/social-locker]

 

Important notes/FAQ

I was stumped on this somewhat simple task for a little while; doing some googling, I came across multiple articles calling this a “firmware bug” and they even listed the exact firmware I was using, which left me frustrated.

Obviously this is not a firmware bug since I’ve posted the solution, but a simple misunderstanding of how Cisco handles LACP/PAgP in trunks; I hope this article will shed some light for  other frustrated techs trying to troubleshoot LACP, PAgP or Etherchannel using trunks.

Read More

Slow browsing of AS/400 file shares with Windows 7

By : Sean Brown |October 17, 2011 |IBM OS/400, Microsoft Windows, Windows Server |0 Comment

Microsoft and IBM – two powerhouse companies with very loyal followers have taken two distinctly different paths; IBM keeping very slow and steady, Microsoft continually evolving, upgrading and making things “people proof”.  While both paths have their advantages and disadvantages IT department are continually having to find workarounds to make things play nice with each other and users are the ones getting stuck with the re-training and frustration of just trying to do their job.

A user came to me and stated that their XP machine which has been working perfectly fine over the years has just recently been upgraded to Windows 7 – of course most users hate change, but are tolerant of this because of the stability and speed of Windows 7.  The user reported an odd behavior to me – he said that on his XP machine, he could browse mapped iSeries/AS400 drives quickly and without delay; On his Windows 7 machine, it would take approximately 30-45 seconds to open the drive and navigation between folders was painfully slow.

The initial investigations led me through in-depth diagnostics of the network core and bandwidth/latency – all fruitless.  Further investigations and having the user replicate the problem allowed me to see that this problem occurred [ONLY] with browsing to the iSeries shares – any Windows->Windows file sharing was speedy and considered “normal”.  What I noticed was the green explorer progress bar; it took quite a while to finish and once finished the network share would appear.  It appears that the culprit was Microsoft’s evolution of network browsing of file shares (first implemented in client operating systems in Vista) – technically it’s called Remote Differential Compression and the reason for the browsing slowness was that Windows 7 wanted to try to compress the file structure and synchronize the results between machines (which is how Windows Vista/7 communicate with file sharing).  Seeing as I have MANY articles outlining workarounds on how to make Windows and AS/400 play nice together, this will become one also – not because there are incompatibilites or poorly written software [sigh]; however the paths both companies have taken differ in the aspect that IBM has focused on the core application and functionality to keep [in my opinion] an ancient solution alive for a few more years.  Microsoft has listened to the developers, IT professionals and the public and has adapted their products [sometimes poorly - ahem, Vista] to meet the needs of the masses to keep the stronghold alive far into the future.

Essentially remote differential compression makes file sharing MUCH quicker between computers and networks (especially distant networks over higher latency connections).  Why does this mean anything?  In Windows XP – Ever time you clicked on a file share, your computer went to the server and displayed each and every item, one at a time until there was nothing else left to display.  Where this becomes VERY problematic is for users sharing documents between locations or teleworking; each time a user would browse to a remote file, it would list ever item – one by one.  It doesn’t sound like a major headache to list files this way, but local networks communicate at [typically] <2ms latency and have 100mb of bandwidth, even if you have the fastest broadband connection, typical latency between offices (on different carriers) range between 60-100ms and asymmetrical internet services (Cable modem and/or DSL lines) you max out a just a few mb upload speed.  The lack of bandwidth combined with the latency factor mean that browsing file shares remotely was PAINFULLY slow.

Microsoft’s solution was remote differential compression which took all of the pain out of browsing files over high-latency internet connection by taking the entire directory structure (files and all) squishing into one transfer to sending it to the remote side to display.

Where things get hairy is using this Microsoft solution on IBM’s OS/400; IBM has no clue what remote differential compression is – not because they can’t, but let’s face it, command-line based applications can’t really get any faster or more compressed so IBM has no support for it.

 

[social-locker]

Fixing this and making Windows 7 browse OS/400 file shares is quite easily – you just have to “dumb down” Windows 7 to not use remote differential compression by:

  • Open the control panel
  • Click Turn Windows features on or off
  • Uncheck Remote Differential Compression
  • Click Ok

The down side to not using remote differential compression is that if you’re working remotely (not on the LAN) it will take XP-times to browse file shares.

[/social-locker]

 

Read More

SNMP Monitoring of Sonicwall Email Security Appliance

By : Sean Brown |October 10, 2011 |Sonicwall |0 Comment

It seems like my blogs are becoming centered on Sonicwall – Not necessarily because they’re the most used vendor out there, but it seems like they have a bunch of quarky little things that you need to work around in order to function on a day-to-day basis.

 

PROBLEM DESCRIPTION

Today’s oddity involves SNMP monitoring of some Sonicwall equipment.  Most of their firewalls have native support for SNMP monitoring so you can easily turn it on and have the ability to track CPU, memory, interface utilization, etc…  Recently I ran into some issues with Sonicwall’s Email Security Appliance (both hardware and VM-based).  There were some significant delays in delivering/processing email.  It [ultimately] was a hung-process which caused the CPU to stay at 100% utilization causing a drastic slow down in mail delivery; However, I wanted to be able to monitor this and other important resources on the appliance to give me a pro-active heads-up on the overall health of the unit.

WORKAROUND

Seeing as Sonicwall has ZERO native support for SNMP monitoring in their admin/management interface, it took a call to Sonicwall (ahem, I mean India) and they were able to give me this nice piece of information on how to monitor the Email Security appliance with SNMP…

[social-locker]

  • Open your favorite handy dandy SNMP monitoring software
  • Query the IP address of the Sonicwall Email Security Appliance
  • For the SNMP read community use “snwl

[/social-locker]

Using this specific read community, you can easily gain monitoring access to items such as disk utilization, CPU utilization, memory utilization, interface utilization, and much more.  This is absolutely vital in keeping a pro-active eye on the network and being able to spot trends/issues before they become a wide-spread problem for all users.

Read More

Accessing other user’s Exchange 2007/2010 mailbox

By : Sean Brown |September 28, 2011 |Microsofft Exchange Server |1 Comment

PROBLEM DESCRIPTION

Administrators are usually faced with administrative/HR tasks to open user’s mailboxes for various reasons.  Exchange 2003 left this task in the GUI, however with the implementation of Powershell and command-line interfaces, the task isn’t as easy.  Below is the simplest way to grant access to mailbox access to another user without the end-user knowing.

 HOW TO

[social-locker]

  • Start
  • Microsoft Exchange Server 2007/2010
  • Exchange Management Console
  • in the powershell CLI, type: add-mailboxpermission domain\enduser -user domain\newuser -accessrights fullaccess -inheritancetype all

[/social-locker]

[notice]This command will allow domain\newuser to have full access and control to the domain\enduser’s mailbox.

From there, simply add the account as a secondary exchange account in Outlook and you’re done.[/notice]

Read More
Page 2 of 3123