Monday, July 9, 2018

FreeNAS smartd service refuses to start

Logged into my FreeNAS-11.1-U5 console after updating it and had a system alert that smartd was unable to start.


The GUI log was complaining as well:


Don't recall which disks these were, so I went over to Storage | View Disks in the GUI and they were the USB sticks used for the mirrored boot. I knew this as I labeled each drives slot in the server.


Since the event log was mentioning removable this was another clue. S.M.A.R.T. really is not designed for USB flash drives and more for hard drives and solid-state drives. Click Edit on each of these and turn off S.M.A.R.T.:

I did not try it but you could pass '-d removable' for S.M.A.R.T. extra options based on the syslog complaining about that switch. This all generates a fresh smartctl.conf located in /usr/local/etc. Once completed, just head back over to services and smartd is running happily. If not just start it and you should be good.


-Kevin


Tuesday, July 3, 2018

Flash IEClickToPlay ConfigMgr Compliance Setting (manipulate mms.cfg)

Recently we updated Flash to version 30.0.0.113 on Windows 7 systems and discovered that they are not able to view Skype Broadcast events in Internet Explorer as discussed in greater detail here on the Adobe Forum. We use them quite heavily at my firm and basically, the video never starts. You see the spinning wheel at startup of the Skype Broadcast. It only impacted IE whereas Chrome and FireFox worked fine. We obviously do not want to revert to an older version so chose to correct the issue.

Compliance setting to the rescue, however, I won't cover how to create one from scratch. We are using one to set this line below in mms.cfg so that Skype Broadcast will work in IE on Windows 7.

 EnableInsecureByteArrayShareableDomain=*.broadcast.skype.com  

The mms.cfg file is located in %WINDIR%\System32\Macromed\Flash or %WINDIR%\SysWOW64\Macromed\Flash depending on the arch. We have a Powershell Discovery Script that looks for this line in mms.cfg and reports back and then a Remediation Script that sets it if needed.

For the Configuration Item we set the Supported Platforms to Workstation OS' of Windows 7 and higher as it may impact Windows 10.

The Compliance Rules are pretty straightforward. We have two rules, one for System32 and the other for SysWOW64 locations. This screenshot is for System32 and it looks for the script to return 'OK' and if not to run the remediation script.


The remediation script will keep any existing lines and just modify the one in question as well as encode in ANSI so Flash processes it correctly.

The Compliance Baseline is deployed to our 'All Workstations' Collection to evaluate every 14 days. This will eventually get incorporated into our main Adobe Flash Compliance setting as it manipulates autoupdate etc. We actually just took our Flash autoupdate PS1 code and changed the top lines so its easy to manage multiple settings in mms.cfg via one Compliance Setting.

  $SettingsToRemove = @(   
  )   
  $SettingsToAdd = @(  
  "AutoUpdateDisable=1"  
  "SilentAutoUpdateEnable=0"   
  "EnableIEClickToPlay=1"   
  )   

On the client side, the baseline's compliance report is pretty straightforward.




Download



These scripts are provided as-is, no warranty is provided or implied. The author is NOT responsible for any damages or data loss that may occur through the use of this Script.  Always test, test, test before rolling anything into a production environment.

You can find the report here


-Kevin