Blogs

MIgrating from K1000 os version 5.1 to 5.5 in 5 hours

Greetings friends,

One recent project was to get a client upgraded from 5.1x  to 5.5x on their  K1000
The original install was done 6 years ago, so they wanted to go from the rack mount box to running
on ESX 5.1 on VMware

I will skip over some minor  details here , but there are a few key points that could really help someone who's facing even a few of these steps.  

 I imagine this would also work if you had to go (for instance) from
5.4 to 6.2, but I have yet to confirm that.  Too many other irons in the fire right now.

Back in March 2014,  5.5.90548 was the latest rev of the OS, and because this client was   4 major versions behind on 5.1x,

I chose to run the upgrades on VM workstation 8.1  running on a PC.    I chose VM 8 workstation because I found that newer versions of VM workstation would not support running the old 5.1 virtual machine that KACE pointed me to.   I had to try 3 different PC's for this  because Workstation 8 and K1000 version 5.1 were acting squirrely.  Don't ask , too many hours figuring that out.  Lots of ram is going to help with speed too.

To start with,   I did a sandbox network, and found that 5.1x agents *would* connect up via AMP  to a 5.5x  K1000 server.

That one result  argued for running through the 4 major  OS upgrades  "offline" on a PC, instead of upgrading the rack mount K1000 through 4 versions.   In addition, I didn't have confidence in upgrading the old K1000 through 4 upgrades, because of disk health, and/or  if one of the 4 OS upgrades failed, I'd have to back out and restore, and lose time.

So here's the bare bones version of how this went.  

=======================================================

Purchase 5.5  or latest version of  virtual KBOX OVF, and licensing from Dell/Kace

Install and license  the OVF  on new VM instance on ESX.    Use  a temp IP address on same subnet

as your existing production K1000 rack mount unit.

----------------------------------------------------------------------------------------------

Prep 5.1 production KBOX  before migration of server DB's.

Remove current GPO objects related to install of 5.1 agents  from AD

Remove any large  self service binaries from software library .  These reside in  the DB,

Which will take time for migration.  Smaller DB’s upgrade faster!

Clean up old PC and user accounts and unneeded software jobs.   Run a few good backups via FTP.

Notify all IT Staff of upgrade day, kbox will be offline for at least ½ day.


 

-------------------------------------------------------------------------------------------

Conversion strategy

Install KBOX 5.1x virtual machine  on a VM 8.x workstation instance running on a PC , and license it temporarily.  I had to try 3 different PC's before I found one that would support VM workstation running kbox 5.1x and not freeze up.  Don't ask!.

Use a temporary IP address on the PC running Workstation 8.x


Import production data set from live kbox running 5.1 into temp VM 8 workstation running the exact same  5.1 version KBOX OS  on temp IP . Use binary mode FTP to transfer files to and from KBOX instances if they are over 1.5 gigs.

Reboot, login, and confirm inventory, current data, licensing, and AD integration

Run through 5.2, 5.3, 5.4, and 5.5 upgrade versions on temp VM workstation.  You will need to contact KACE to find out which of the many versions on the download site are suitable  for  this process.  Some minor versions of the K1000 OS won’t work for this process.   Fun stuff!


 Test your   now upgraded 5.5 version  running on the PC  on VM workstation for login, SSL certs, and AD integration,  etc.     You now  should have a clone of the rack mount production K1000 box, but on a different IP address, of course.

Back up the upgraded 5.5x version of the DB on the PC.

Run a VM snapshot on the PC in case of fubar.

Bring up the  VM workstation console on  your PC, login to the KBOX console,  login , konfig/konfig, and run netdiag

Then  run  this command krestore createbackup

***This  refreshes the internal DB’s on the VM instance  to match the  OS version .  Will take 45 minutes or so***.  This is a critical step.

FTP   those refreshed files to a new folder on the same PC you just ran the Krestore createbackup on.

--------------------------------

VM Server work:

Login to the ESX server and run a VM snapshot in case the following goes fubar.

Make FTP writable  on your   VK1000 running on ESX 5.x  before starting so we can delete all backup files,  to get ready for krestore backup commands.  ( we will run those  later  on the VM server console.)

Then go back to the PC, using FTP (Filezilla) on the PC,  log in to the future production server K1000 running on ESX,  delete all existing backup files.   You must do this using FTP.     FTP login/pass are covered on KB articles on Kace website.

Now  at the PC,  FTP the new files that were created from running “Krestore createbackup”  from the PC  up to the VK1000 server.

Login to the VM server console on the  ESX   VK1000 , using konfig/konfig.  Run netdiag

Run krestore backup

Wait 20 minutes, server should reboot, DB’s should load up.

Test that you have current data that matches what you had on the laptop, and on the old server.

------------------------------------------------------------------

Swap IP  implementation

Take old KBOX 5.1 offline  by changing the IP address.    This step will have to be performed at the rack mount box console in your  NOC, because the ip address change won’t work with the web gui.     Don't ask why!.

 Wait til the old machine is up and responds to a ping for the new address.

Using the web gui, dhange IP address of your new K1000 Virtual KBOX 5.5  on the ESX server  to same IP as the old rack mount box and , reboot

Test login, AD integration,

Install SSL certificate, test DNS login via  your FQDN. 

The SSL cert does not come across in the DB, it’s in the OS, and can be retrieved from KACE techs via tether for a charge if you don't have it to restore to the new ESX instance.

--------------------------------------------------------------------

Client push and implementation

Download newest agents, etc,, etc.

Push new 5.5 agents over 5.1 agents via AD authentication if possible.  May have to run a GPO or PSexec job to uninstall the old agents, before pushing from new VK1000.

I wrote a Kscript that would force this upgrade live, will post that later if I get a chance.

check that AMP  connector is live, (computers should show green in inventory).  I have tested  pushing 5.5 agents over 5.1 , and it works fine, new 5.5 agents do connect

------------------------------------------

Backup and followup

Set up FTP backup job, similar to old KBOX 5.1 for dumping *.gz files (databases) to \\server\share.

------------------------------------------

Set up LDAP import on schedule weekly to import new users.   Mapping of LDAP Fields will need assistance from KACE to set this up/

------------------------------------------


Good luck!  Took me quite a few hours of testing to get this right, but client site was only
down for 5 hours, all reports, KB articles, users, prefs were preserved.


Be the first to comment

How to Show How Many Office Installs and What Version of Office per Site

I received an interesting ask today... How do I show what versions of MS Office are installed at each of my sites, by site.

Using the reporting wizard in the K1000 I was able to build a report to show one site at a time using the Device and Software Catalog Discovered Suites topics, but I wanted everything in one report. I looked at what the wizard gave me and changed things a little bit and included a CASE statement in my MYSQL. Take a look, steal it, improve it. I am using IPs to define my different sites (I don't have too many subnets), if you have a large number of subnets and don't want to build a case for each one, you might want to change that bit to use label names instead (assuming you've got smart labels for all of your sites. You do, right?).

I have a couple fields commented out because they didn't give me the info I was looking for (one just showed "Office" and the other showed "2010" or "2014" etc. depending on the version.) You can add in any other fields from the machine table without major mods to the SQL. The last line of the SQL is where I define "office" as what I am looking for, you can very easily change it to almost anything else (remember I am looking at suites though so something like .net would no show up.) Just change the CASE statement for your own environment, subnets and location names, and paste into your K1000.

I am running K1000 version 6.2.

Hope this is helpful! Let me know in the comments :)

SQL:

SELECT MACHINE.NAME AS 'COMPUTER NAME', MACHINE.IP AS 'IP', SAM_VIEW_DISCOVERED_SUITES.NAME AS 'SOFTWARE',
/*
SAM_VIEW_DISCOVERED_SUITES.PRODUCT_NAME, SAM_VIEW_DISCOVERED_SUITES.MAJOR_VERSION,
*/
CASE WHEN MACHINE.IP LIKE '192.168.0.%' THEN 'OFFICE 1'
    WHEN MACHINE.IP LIKE '192.168.1.%' THEN 'OFFICE 2'
    WHEN MACHINE.IP LIKE '192.168.2.%' THEN 'OFFICE 3'
    ELSE MACHINE.IP
END AS LOCATION
FROM SAM_VIEW_DISCOVERED_SUITES 
LEFT JOIN SAM_VIEW_MACHINE_DISCOVERED_SOFTWARE ON SAM_VIEW_DISCOVERED_SUITES.ID = SAM_VIEW_MACHINE_DISCOVERED_SOFTWARE.ID
LEFT JOIN MACHINE ON MACHINE.ID = SAM_VIEW_MACHINE_DISCOVERED_SOFTWARE.MACHINE_ID
WHERE SAM_VIEW_DISCOVERED_SUITES.NAME like '%office%'

Break on Columns:

Location
View comments (1)

K1000 report: Working hours per cathegory per month

A simple report to control how many hours the people was working on tickets per cathegory in the last month. The most interesting thing is the instruction to take the tickets from the last month (we are always gonna make reports at the beggining of one month to control the last one) and the sum of working hours.

select
HD_CATEGORY.NAME as 'Categoria',

SUM(format(time_to_sec(timediff(HD_WORK.STOP,HD_WORK.START))/ 3600.0 + HD_WORK.ADJUSTMENT_HOURS,2)) AS 'Horas trabalhadas'


from HD_TICKET
     INNER JOIN HD_CATEGORY ON (HD_TICKET.HD_CATEGORY_ID = HD_CATEGORY.ID)
     INNER JOIN HD_WORK ON (HD_TICKET.ID = HD_WORK.HD_TICKET_ID)
INNER JOIN USER ON (HD_TICKET.SUBMITTER_ID=USER.ID),
     (SELECT ADDDATE(LAST_DAY(SUBDATE(LAST_DAY(SUBDATE(CURDATE(), INTERVAL 1 MONTH)),INTERVAL 1 MONTH)),1) PrimeiroDia,
           LAST_DAY(SUBDATE(CURDATE(), INTERVAL 1 MONTH)) UltimoDia from dual) T
           
WHERE
HD_TICKET.TIME_CLOSED between T.PrimeiroDia and T.UltimoDia

     
GROUP by
HD_CATEGORY.NAME 
Be the first to comment

Dell KACE and Deep Freeze: Using Scripting to Freeze and Thaw Systems

Introduction

 

Customers who use Deep Freeze need a way to unfreeze their systems in order to do patching and system maintenance and then refreeze the system to allow for normal day to day operation. This guide covers creating scripts for enabling and disabling Deep Freeze for both Windows and Mac systems via the KACE Systems Management Appliance.

After completing this document, you should be able to:

·         Understand the process for creating scripts for freezing and unfreezing Windows computers

·         Understand the process for creating scripts for freezing and unfreezing Macintosh computers


 

Deep Freeze for Windows

 

Thawing Your System

 

Before changes can be made to a computer secured by Deep Freeze, it must be put into a writeable state. This process is known as “Thawing” and can be accomplished with a simple KScript.

·         In the Scripting module, click “Choose Action”, then click “New

QwLTD4.png

 

·         Name your script “Deep Freeze – Boot Thawed” and select Online Kscript from the Type dropdown. You can also input a description of what the script does.

·         Under the Deploy section, uncheck the Select Specific Operating Systems box and then click “Microsoft Windows”. You can also choose what systems to deploy the script to from this section.

·         In the Tasks section, find the Verify option and click “Add”.

·         Choose “Verify a directory exists” and input “%PROGRAMFILES(X86)%” in the text box (without quotes) and click “Save Changes”

·         Go to the On Success section and click “Add”, then select “Launch a program” from the dropdown and enter the following information into the fields:

o   Directory: $(KACE_SYS_DIR)\syswow64

o   File: DFC.exe

o   Check the “Wait for completion” box

o   Parameters: dellkace /BOOTTHAWED

o   Click “Save Changes”

·         Go to the Remediation section and click “Add”, then select “Launch a program” from the dropdown and enter the following information into the fields:

o   Directory: $(KACE_SYS_DIR)\system32

o   File: DFC.exe

o   Check the “Wait for completion” box

o   Parameters: dellkace /BOOTTHAWED

o   Click “Save Changes”

 

Note:

The dellkace entry in the Parameters field logs the user who submitted the thaw command as dellkace. You can replace that entry with the DNS hostname of your appliance if you wish.

 

·         Scroll to the bottom of the page and click “Save”

Twr96N.png

You may run this script on demand by choosing the “Run Now” option, or schedule it to run on whatever schedule you prefer.

 

 


 

Freezing Your System

 

Once changes have been made to the system, it will need to be placed back in a “Frozen” state. Use the following steps to create a script to freeze the target PC.

 

·         In the Scripting module, click “Choose Action”, then click “New

·         Name your script “Deep Freeze – Boot Frozen” and select Online Kscript from the Type dropdown. You can also input a description of what the script does.

·         Under the Deploy section, uncheck the Select Specific Operating Systems box and then click “Microsoft Windows”. You can also choose what systems to deploy the script to from this section.

·         In the Tasks section, find the Verify option and click “Add”.

·         Choose “Verify a directory exists” and input “%PROGRAMFILES(X86)%” in the text box (without quotes) and click “Save Changes”

·         Go to the On Success section and click “Add”, then select “Launch a program” from the dropdown and enter the following information into the fields:

o   Directory: $(KACE_SYS_DIR)\syswow64

o   File: DFC.exe

o   Check the “Wait for completion” box

o   Parameters: dellkace /BOOTFROZEN

o   Click “Save Changes”

·         Go to the Remediation section and click “Add”, then select “Launch a program” from the dropdown and enter the following information into the fields:

o   Directory: $(KACE_SYS_DIR)\system32

o   File: DFC.exe

o   Check the “Wait for completion” box

o   Parameters: dellkace /BOOTFROZEN

o   Click “Save Changes”

·         Scroll to the bottom of the page and click “Save”

vZ7Jdv.png

You may run this script on demand by choosing the “Run Now” option, or schedule it to run on whatever schedule you prefer.

Deep Freeze for Macintosh

 

Thawing Your System

 

·         In the Scripting module, click “Choose Action”, then click “New

·         Name your script “Deep Freeze – Boot Thawed” and select Online Shell Script from the Type dropdown. You can also input a description of what the script does.

·         Under the Deploy section, uncheck the Select Specific Operating Systems box and then click “Mac OS X”. You can also choose what systems to deploy the script to from this section.

·         In the Script section, input the following commands:

#! /bin/sh

 

# Thaw Deep Freeze Mac Client

 

echo - Deep Freeze Mac Thaw Executing

 

DFXPSWD=dellkace /Library/Application\ Support/Faronics/Deep\ Freeze/deepfreeze -u dellkace -p bootThawed

 

echo - Rebooting system

shutdown -r now

 

·         In the Script File Name box, name the script DPM_Thawed.sh

·         Scroll to the bottom of the page and click “Save”

 

krzv92.png

You may run this script on demand by choosing the “Run Now” option, or schedule it to run on whatever schedule you prefer.

Freezing Your System

 

·         In the Scripting module, click “Choose Action”, then click “New

·         Name your script “Deep Freeze – Boot Frozen” and select Online Shell Script from the Type dropdown. You can also input a description of what the script does.

·         Under the Deploy section, uncheck the Select Specific Operating Systems box and then click “Mac OS X”. You can also choose what systems to deploy the script to from this section.

·         In the Script section, input the following commands:

#! /bin/sh

 

# Thaw Deep Freeze Mac Client

 

echo - Deep Freeze Mac Freeze Executing

 

DFXPSWD=dellkace /Library/Application\ Support/Faronics/Deep\ Freeze/deepfreeze -u dellkace -p bootFrozen

 

echo - Rebooting system

 

shutdown -r now

 

·         In the Script File Name box, name the script DPM_Frozen.sh

·         Scroll to the bottom of the page and click “Save”

zk39Nt.png

You may run this script on demand by choosing the “Run Now” option, or schedule it to run on whatever schedule you prefer.

Conclusion

 

By following the steps in this guide, you should be able to create the scripts necessary for freezing and thawing your computers. This will allow you to manage your systems, update security patches and deploy software to the computers without sacrificing the security provided by the Deep Freeze application. 
View comments (1)

KACE Patch Report for Installed Patches past week and Missing Patches for Label

I needed a way to track patches that was more precise than the standard kace shotgun approach. Below are two separate reports.


1. Detect missing patches for a label. (This is a slightly edited version of the default)

SELECT PP.IDENTIFIER,
PP.TITLE,
GROUP_CONCAT(IF((MS.STATUS = 'NOTPATCHED'), M.NAME, NULL)) AS SERVERS_WITHOUT_PATCH,
COUNT(*) AS TOTAL,
SUM(IF((MS.STATUS = 'PATCHED'), 1, 0)) AS PATCHED,
SUM(IF((MS.STATUS = 'NOTPATCHED'), 1, 0)) AS NOTPATCHED,
SUM(IF((MS.DEPLOY_ATTEMPT_COUNT >= MS.MAX_DEPLOY_ATTEMPT 
          and MS.STATUS != 'PATCHED'
        or MS.STATUS = 'FAIL' 
        or (MS.DEPLOY_STATUS = 'FAIL' and MS.STATUS != 'PATCHED')), 1, 0)) AS ERROR
FROM PATCHLINK_MACHINE_STATUS MS
JOIN MACHINE M ON M.ID=MS.MACHINE_ID
JOIN KBSYS.PATCHLINK_PATCH PP ON PP.UID = MS.PATCHUID
JOIN MACHINE_LABEL_JT ML on ML.MACHINE_ID = M.ID
WHERE ML.LABEL_ID = (select ID from LABEL where NAME = 'LABEL NAME')
-- AND PP.IMPACTID = 'Critical'                       UNCOMMENT THIS LINE TO SHOW CRITICAL PATCHES
-- AND PP.IMPACTID = 'Recommended'          UNCOMMENT THIS LINE TO SHOW RECOMMENDED PATCHES
-- AND PP.IMPACTID = 'Software'                    UNCOMMENT THIS LINE TO SHOW SOFTWARE PATCHES
GROUP BY PP.UID
HAVING NOTPATCHED > 0
ORDER BY PP.TITLE


2. Show patches that were installed on a machine based on a schedule name in the last X days/weeks/months and the status of the installation.


select M.NAME as COMPUTER_NAME, PP.TITLE as PATCH_NAME, PP.IMPACTID as PATCH_IMPACT, MS.DEPLOY_STATUS as PATCH_STATUS, MS.DEPLOY_STATUS_DT as INSTALL_DATE from MACHINE M
left join PATCHLINK_MACHINE_STATUS MS on MS.MACHINE_ID = M.ID
left join KBSYS.PATCHLINK_PATCH PP on PP.UID = MS.PATCHUID
left join PATCHLINK_SCHEDULE PS on PS.ID = MS.SCHEDULE_ID
where MS.DEPLOY_STATUS_DT > subdate(now(), interval 1 day)   CHANGE TO TIME INTERVAL. CAN USE # + (second, minute, hour, week, month, year)
and PS.DESCRIPTION = 'Server Patch Job'    CHANGE TO THE NAME OF YOUR PATCH SCHEDULE NAME OR UNCOMMENT FOR ALL SCHEDULES
ORDER BY M.NAME, PP.TITLE

When creating the SQL Report...
Break on Columns: COMPUTER_NAME
Be the first to comment
Showing 1 - 5 of 2611 results