Frequently Asked Questions


windows windows 10 ubuntu mac os x xibo network zenworks android

  1. How do I access my work-computer from home?     [jump in page]
  2. I do not work in Uppsala, how can I activate my university account?     [jump in page]
  3. How do I use AddPrinterGUI to add printers in Windows 7/8/10 x64?     [jump in page]
  4. What is the postal address for BMC-IT?     [jump in page]
  5. I would like to install Adobe CC Complete (Photoshop, Illustrator...)     [jump in page]
  6. How much do Adobe Photoshop and Illustrator cost?     [jump in page]
  7. How do I use an Apple AirPort Time Capsule?     [jump in page]
  8. My Android device is running out of storage. What is using it?     [jump in page]
  9. Backing up via Rsync to Btrfs snapshots     [jump in page]
  10. How do I take backup of the data on my computer?     [jump in page]
  11. What do the different symbols in BlueCat mean?     [jump in page]
  12. Some Cisco switch commands     [jump in page]
  13. After my employment at the university has finished, may I bring home my old computer?     [jump in page]
  14. What do I do with old computers?     [jump in page]
  15. How do I buy a new computer?     [jump in page]
  16. How to connect to a file server via SMB on Mac OS X     [jump in page]
  17. How do I convert video between different formats with free software?     [jump in page]
  18. What is ransomware and CryptoLocker?     [jump in page]
  19. How do I get deduplication to work in Linux?     [jump in page]
  20. How do I set default language in Word?     [jump in page]
  21. How do I use Eduroam, the wireless network, in Windows?     [jump in page]
  22. How do I install EndNote?     [jump in page]
  23. What is the cost for EndNote? What is Zotero? And Pages?     [jump in page]
  24. What are the different PC form factors?     [jump in page]
  25. Graphpad Prism, what does it cost?     [jump in page]
  26. How do snapshots in the HNAS file server work?     [jump in page]
  27. How to map a network drive via SMB on Windows     [jump in page]
  28. My Internet does not work! How can I find the problem?     [jump in page]
  29. What is my IP-address and MAC-address?     [jump in page]
  30. How do I secure IPMI?     [jump in page]
  31. How do I downgrade to Java 6 for Mac?     [jump in page]
  32. How to downgrade to Java 7 for Windows     [jump in page]
  33. How do I lookup LDAP or Active Directory via command line on Mac and Linux?     [jump in page]
  34. How do I set firewall rules in Linux to block SSH?     [jump in page]
  35. How to create a local Windows user     [jump in page]
  36. Print using locked print on Mac OS X     [jump in page]
  37. Print using UserCode for Ubuntu     [jump in page]
  38. Print using locked print on Windows     [jump in page]
  39. How do I change the Mac computer and host name?     [jump in page]
  40. How do I add the Korint IPP printer in Mac OS X?     [jump in page]
  41. Should I upgrade to the latest version of Mac OS X?     [jump in page]
  42. How much memory does my Mac have? Can I get more? How much do I need?     [jump in page]
  43. How do I merge documents with Preview in Mac OS X?     [jump in page]
  44. How do I find the serial number on Mac OS X?     [jump in page]
  45. Troubleshooting mail - what can I do and whom do I ask?     [jump in page]
  46. My mailbox is full! What do I do?     [jump in page]
  47. I would like MATLAB on my computer please!     [jump in page]
  48. How does the reinstallation of computers work?     [jump in page]
  49. How do I mount SMB share in Linux?     [jump in page]
  50. What Internet bandwidth does the university have?     [jump in page]
  51. Who is resposible for what on the BMC network? Who can help me?     [jump in page]
  52. How do I use offline files?     [jump in page]
  53. How do I process orders using shopping carts in produktwebben?     [jump in page]
  54. How do I order computer accessories and peripherals?     [jump in page]
  55. How do I merge PDF documents with PDF-Xchange in Windows?     [jump in page]
  56. What is the BMC-IT computer platform and how does it work?     [jump in page]
  57. How do I start Primula? (or install a new version)     [jump in page]
  58. How do I log in to Raindance-portalen?     [jump in page]
  59. How do I configure my resolver on a Linux machine?     [jump in page]
  60. How do I copy many files in Windows using Robocopy?     [jump in page]
  61. My Save as dialog doesn't show the desktop!     [jump in page]
  62. There is a problem with my screen     [jump in page]
  63. How do I send mail from a shell script in Linux and Mac OS X?     [jump in page]
  64. Who is responsible for the network in the BMC server room?     [jump in page]
  65. Open the server room for me please     [jump in page]
  66. We have a server, where should we put it?     [jump in page]
  67. What service levels does BMC-IT have compared to others at the university?     [jump in page]
  68. May I have SIMCA and MODDE for Windows please?     [jump in page]
  69. How are the network sockets identified?     [jump in page]
  70. What software applications do the university have that I can install?     [jump in page]
  71. Help me I get so much spam! What can I do?     [jump in page]
  72. Spam filter settings in the SUNET Mailfilter     [jump in page]
  73. My harddrive broke! Do you have any spare parts?     [jump in page]
  74. I would like SPSS on my computer.     [jump in page]
  75. My computer was stolen! What should I do?     [jump in page]
  76. How do the different types of storage compare to each other?     [jump in page]
  77. How do I mount my home directory or shared storage at HNAS?     [jump in page]
  78. What is the cost of a PC file server?     [jump in page]
  79. We need more storage! Do you have a file server we can use?     [jump in page]
  80. Who is an employee and who is a student at the university?     [jump in page]
  81. How do I secure IPMI?     [jump in page]
  82. Who manages IT-support for whom at BMC?     [jump in page]
  83. How to transfer web hosting for a domain     [jump in page]
  84. How to use the IBM Spectrum Protect (Tivoli Storage Manager aka TSM)     [jump in page]
  85. How do I install Ubuntu?     [jump in page]
  86. I have installed R in another location. How do I use it in a script?     [jump in page]
  87. Add a printer in Ubuntu 14.04     [jump in page]
  88. My computer has got a virus! What do I do?     [jump in page]
  89. Which Vlans are at the BMC-router?     [jump in page]
  90. Do you have a VMware virtual server I can use?     [jump in page]
  91. How to connect with VPN using AnyConnect in Windows     [jump in page]
  92. How do I connect to the VPN using Ubuntu?     [jump in page]
  93. How do I force activation of Windows 10 using KMS?     [jump in page]
  94. How do I start an elevated command prompt (as administrator) in Windows?     [jump in page]
  95. My Windows computer is running out of storage. What is using it?     [jump in page]
  96. How do I overwrite deleted data in Windows?     [jump in page]
  97. How do I look in the event log in Windows?     [jump in page]
  98. How do I access my home directory?     [jump in page]
  99. How to change language in Windows 7 Enterprise     [jump in page]
  100. How do I activate my Office using KMS?     [jump in page]
  101. My Outlook do not start! What can I do?     [jump in page]
  102. I cannot read my USB-drive. What do I do?     [jump in page]
  103. My Windows 7 computer is stuck in a Windows Update loop!     [jump in page]
  104. How to use WinSCP to access files over SCP on Windows     [jump in page]
  105. How to setup a Xibo-client for signage     [jump in page]
  106. Install Xibo client on local computer for testing     [jump in page]
  107. Manage your Xibo display     [jump in page]
  108. What is ZENworks? How to I install applications via ZENworks application window?     [jump in page]
  109. How do I uninstall the Zenworks agent?     [jump in page]




1. How do I access my work-computer from home?

See also: How to connect with VPN using AnyConnect in Windows
See also: How do I mount my home directory or shared storage at HNAS?
  1. Find out if you need access to the files or the actual computer running programs on it.
  2. If you only need access to the files, then it might be easier to store the files on a file server. Access the files in a secure way from home over VPN connecting to the file server.
  3. If you need access to the computer to be able to run programs on the computer, then:
    1. Allow someone to connect to your computer using Remote Desktop Connection. (Read howto in swedish or Read howto in english)
    2. Lock the computer to a specific IP (Contact your Local IT, computer name, your current IP and MAC-address)
    3. .. and open in the router filter so that you can run remote desktop from the VPN to the computer. (This is also done by your Local IT.)

Mac

In Mac, get Microsoft Remote Desktop which is free in the App Store.

Add a new host hosts with login (with the windows domain) and password and then Start!

Remeber to add the Windows domain in for example the format username@domain, if the host is connected to a Windows domain.

Windows

In Windows, start Remote Desktop Connection and enter the details and then Connect.

Linux Ubuntu

Install rdesktop and run for example this command:

rdesktop -p MySecretPassword -u _jny25782-T -d USER -x 0x80 -g 1800x1100 -k sv dcts.user.uu.se





2. I do not work in Uppsala, how can I activate my university account?

There are several options at www.uu.se/konto.

An easy way is to use an account at www.antagning.se and then activate the university account.

If you already have a student account, use this account to change the password for your employee account.



3. How do I use AddPrinterGUI to add printers in Windows 7/8/10 x64?

If you have ZENworks on the computer

Look for the app PrintGUI in the ZENworks application Window and start it.

Continue below with installing the printers.

If you do not have ZENworks

First, mount the directory \\user.uu.se\BMCI\Common (use on Windows machines connected to USER-AD)

This directory can be reached directly at \\uuit-nasutus.its.uu.se\BMCIT-Common or \\bmcit-common.files.uu.se\BMCIT-Common which may work better on standalone computers not connected to the USER-AD (Active Directory).

Either map the drive in Windows or directly in file explorer enter the path above. It should look like this:

Find AddPrinterGUI and run it

Enter the directory called Apps_Printers_PC. There should be a file called AddPrinterGUI.exe.

You really want to start it.

Installing the printers

The application prints a list of printers depending on what subnet (department) your computer is located. To view all printers in the application click on All but usually you dont need to since all printers on your subnet are visible in the list.

Choose your printer and install it by doubleclicking. Wait a moment for it to install.

You have to be local administrator to add a printer.

If you want printers added to the list, look in the file PrinterList.txt to understand the format, then e-mail the printers you want added to helpdesk@bmc.uu.se or tobias.holm@bmc.uu.se. AddPrinterGUI and the drivers installed with AddPrinterGUI are only available in english.



4. What is the postal address for BMC-IT?

Replace Surname Givenname with the receiver or reference. When ordering or sending an invoice you need to know the reference code.

Small packages and letters

Att: Surname Givenname
BMC
Box 570
75123 Uppsala

Larger packages

Att / Goods labeling: Surname Givenname
BMC
Husargatan 3
752 37 UPPSALA

Invoices

Reference code: 123ABC
Reference name: Surname Givenname
Uppsala universitet
PG1254
737 84 Fagersta






5. I would like to install Adobe CC Complete (Photoshop, Illustrator...)

See also: How much do Adobe Photoshop and Illustrator cost?

For Windows computers that has a Zenworks agent it is quite easy.

  1. First restart computer if it has any pending upgrades. Otherwise the installation will fail.

  2. Open the Adobe Complete application in the Zenworks window.

  3. Answer OK once.

  4. Answer OK twice.

  5. Wait a very long time (all files are around 14.5 GB) for everything to install. The files are read from a file server so you have to be connected to the university network.

  6. It is possible to open a ZENworks progress window from the status bar. Step 7 of 8 will take a very long time.

Normally in Zenworks everything may be loaded over the Internet, but in this case, since the package is so large, for technical reasons we choose to install it directly from a file server.

When installing the bundle a request for registration of licenses will be automatically sent to helpdesk@bmc.uu.se who will confirm the registration at appropriate group or department.

For Windows computers that do not run the Zenworks agent, the same package can be installed by a system administrator. Also contact helpdesk@bmc.uu.se for this.

For Mac OS X this installation is more or less manual. Contact helpdesk@bmc.uu.se.



6. How much do Adobe Photoshop and Illustrator cost?

See also: I would like to install Adobe CC Complete (Photoshop, Illustrator...)
See also: What software applications do the university have that I can install?
See also: How do I merge PDF documents with PDF-Xchange in Windows?
See also: How do I merge documents with Preview in Mac OS X?

Short story: This is how much the Adobe applications cost

Application Cost (updated 2016-05-24)
Adobe Acrobat Pro 763 SEK (perpetual license - one-time fee)
A single application (example: Photoshop or Illustrator) 727 SEK/year
Adobe Complete (all applications) 1339 SEK/year
Adobe Acrobat Reader free

Search Progdist at UU Reload



Search Progdist at UU Reload

  • If buying more than one application the Adobe Complete with all applications are cheaper.
  • All applications using the Adobe Campus UU agreement with the ETLA license type has to be removed (uninstalled) from all computers.
  • All Adobe applications without valid license has to be removed.
  • Old perpetual licenses fully paid via one-time fee (Adobe CS3, CS4, CS5, CS6 etc) or within the ELA license type may still be used but not be upgraded.

Long story:

You can rent the whole suite from Adobe called Complete which contain the following applications:

You can also rent a program as Single-App, but that cost is more than half of renting Adobe Complete.

This means that it will be less expensive to rent the entire suite if you are interested in more than one application.

The applications below are possible to rent as Single-Apps (note that Acrobat Pro and Photoshop Lightroom are not possible to rent as Single-Apps):

Notice that Acrobat Pro is not required to read PDF-files, fill PDF-forms or create PDF-files. This is possible by combining the freeware Acrobat Reader and Microsoft Office.

Some of you may consider finishing your Adobe Campus UU licenses to reduce cost. The Adobe applications must then be removed from your computer. In some cases certain applications can be replaced with earlier versions if they have been bought (not rented). There is no guarantee for how long earlier Adobe versions continue to operated since they may become incompatible with newer versions of Windows and Mac OS.

The applications probably contain report functions allowing Adobe to identify and count computers within UU using their applications and relate that to the number of paid licenses. It is therefore risky to keep Adobe applications without paying for the new license. Such cheating may lead to financial claims from Adobe.

There are some free alternatives to the Adobe applications but no perfect replacements. Here are some suggestions:

ApplicationAlternativePlatform
(Z) means available in ZENworks
Photoshop GIMP Mac OS, Windows (Z), Linux
Illustrator Inkscape Mac OS, Windows (Z - but an old version), Linux
Draw.IO (simple block diagrams) Web
InDesign Scribus Mac OS, Windows (Z), Linux
Acrobat Pro Acrobat Reader (to read PDF and fill forms) Mac OS, Windows (Z), Linux
PDFCreator (to create PDF by "printing" from other applications) Windows (Z)
PDF-Xchange (create, edit, merge PDF) Windows (Z)
Word 2013 (to open PDF, edit and convert to Word) Windows (Z)
PDFsam (to combine, divide and rotate PDF-documents) Mac OS, Windows (Z), Linux
AbleWord (to open PDF, edit and convert to Word) Windows (Z)
CutePDF (to create PDF by "printing" from other applications) Mac OS, Windows, Linux
PDFtk Server (command line tool to manipulate PDF in many ways)Mac OS, Windows, Linux
Dreamweaver We have found no direct replacement, but here is a list of 10 alternatives to Adobe Dreamweaver. Also read the Wikipedia page of Comparison of HTML editors - general information.




7. How do I use an Apple AirPort Time Capsule?

See also: What is ransomware and CryptoLocker?
See also: Who is resposible for what on the BMC network? Who can help me?

Please do not buy one of these for use at BMC! If you do this you must contact your local IT. For most parts of BMC this is BMC-IT helpdesk@bmc.uu.se and we do not recommend these.

Apple Airport Time Capsule is a great tool for a home or small office, providing simple backup, WiFi hotspot and NAT-router all in one.

But we really recommend a normal external hard drive for backup. Keep one at home and one at work.

Also be aware that a backup, where the client has full write access to the backup and can erase old versions of the backup, do not protect against ransomware attacks. The attacker may destroy old backups from the compromised client.

Here is a summary what the problems may be with this kind of equipment:

NAT
SUNET and the Security and safety division at Uppsala university require that it is possible to identify which user is doing what on the network. NAT (in this level of home or small office equipment) is hiding this.

Read the Riktlinjer för säkerhetsområdet and the document UFV 2016/1944 Anskaffning och drift av IT-system in particular section 4.4 Anslutning till universitetets datornät.

DHCP-server
Apple AirPort has built in DHCP-server. When connected the wrong way (NAT-ports) to the department network the device will give IP-addresses to the other computers on the network. This will mess up the network. In the best case (when both WAN- and LAN-ports are connected at the same time to the department network) all that happens is that all traffic will pass through the Apple AirPort which will then act as a bottleneck. In the worst case (only LAN-ports are connected to department network) nothing will work and the whole department network will go down.

WiFi hotspot
The Uppsala University IT-division is responsible to set up WiFi-hotspots all over the Uppsala University campuses. The frequencies has been planned so that they do not interfere with each other. Even when using using a frequency that is not the same as the closest hotspot the frequency may interfere with other hotspots frequencies further away (but still in range).

It may be theoretically possible to turn off all server functions including NAT/WiFI and then secure it with accounts, but it may not be worth the effort. When doing that (turn off NAT and only do Network bridge, turn off WiFi) if the settings are reset by some reason, make sure that the AirPort in a reset state do not mess up the network - only attach the WAN port to the department LAN. The equipment is best used at home or at a small office.

At least these things has to be done:

  1. Turn off NAT and DHCP-functionality.
  2. Turn off WiFi.
  3. Set up with account and password protection.
  4. Set up internal firewall in the equipment so that no one outside the department network can access it.
  5. If that do not work:
    1. Set a fixed IP for the device
    2. Set up the campus router filter so that noone outside the department network can access it.
  6. Actually set up both internal firewall and router filter if possible.
  7. Make sure that the firewalls are working.
  8. Make sure only the user creating the backups can access them.

This list is not guaranteed to be complete.

Our suggestion is to move the equipment to the home office for a backup when working at home. Then get another hard drive for the office.

If you need better WiFi coverage contact helpdesk@bmc.uu.se and then we can together with IT-division hopefully improve the location and coverage of the WiFi hotspots.




8. My Android device is running out of storage. What is using it?

See also: My Windows computer is running out of storage. What is using it?

The app DiskUsage by Ivan Volosyuk is quite good in visualizing and finding what applications are using a lot of storage on an Android device.





9. Backing up via Rsync to Btrfs snapshots

See also: How to use the IBM Spectrum Protect (Tivoli Storage Manager aka TSM)
See also: How do I take backup of the data on my computer?

BMC-IT is running a service for simple incremental file based backups to disk using Rsync and Btrfs snapshots.

  • The computer to be backed up must run a SSH server with Rsync - in practice this is usually Mac OS X and Linux.

  • The computer to be backed up must be contacted from the backup server using a host name. In practice this means the computer to be backed up must be a server that is always on.
  • This is not a good way of backing up large files that are contantly changing - for example virtual machine images. Instead let the virtual machine be backed up from inside the guest operating system.

The service is documented in the SOP - Rsync backup to Btrfs snapshots.





10. How do I take backup of the data on my computer?

See also: How to use the IBM Spectrum Protect (Tivoli Storage Manager aka TSM)
See also: How do I overwrite deleted data in Windows?
See also: Backing up via Rsync to Btrfs snapshots

Option 1: Keep all data on the computer and take backup on your own

  • The university as a central service running TSM (Tivoli Storage Manager) run by IT-division that can be used for enterprise grade backup. Data will be stored in three versions up to 10 years, but this can of course be tweeked to any appropriate numbers. Use this for important documents. This is generally not set up on all client computers. Good for servers.

  • For simple cheap backup use for example on Mac OS X the built in Time Machine Backup. There is no reason to not take backup this way too, because it so easy and cheap to set up. Some departments have shared Time Machine servers that may be used. Good solution. (Understand that a shared time capsule is not much better than a single local hard drive, a good such service requires redundant drives.)

    For other departments local drives are recommended. Just acceptable but...

    ..using local drive at home and another drive at work is better. This is a good solution but requires discipline.

Option 2: Keep all data on file server and let the system administrators take backup

  • Different departments have different strategies on file servers. But this will more and more be central service at the university. The central HNAS file server has built in backups and also snapshots for old versions of files. This is good practice for both Mac OS X and Windows.

Discuss with helpdesk@bmc.uu.se if you need advice in this or help buying extra hardware or order storage space on a file server.



11. What do the different symbols in BlueCat mean?

See also: What is the BMC-IT computer platform and how does it work?
See also: Who is resposible for what on the BMC network? Who can help me?

Here is a description of what the different colours mean in BlueCat.





12. Some Cisco switch commands

See also: Which Vlans are at the BMC-router?

Show Vlan and port configuration:

  • show vlan
  • show vlan brief
BMC-D11-0-A47-1>show vlan brief

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Te1/0/2
2    Management                       active
3    Backbone                         active
4    Backbone-2                       active
50   WLAN                             active
660  FarmBio                active    Gi1/0/13, Gi1/0/14, Gi1/0/15, Gi1/0/16, Gi1/0/17, Gi1/0/18
                                      Gi1/0/19
- - -

Show all ports and which Vlan they have and if they are connected:

  • show interface
  • show interface status
BMC-D11-0-A47-1>show interface status

Port      Name             Status       Vlan       Duplex  Speed Type
Gi1/0/1                    connected    933        a-full a-1000 10/100/1000BaseTX
Gi1/0/2                    connected    664        a-full a-1000 10/100/1000BaseTX
Gi1/0/3                    notconnect   664          auto   auto 10/100/1000BaseTX
Gi1/0/4                    connected    935        a-full  a-100 10/100/1000BaseTX
- - -

Show possible disabled ports:

  • show interface status err-disabled

List all mac-addresses:

  • show mac address-table
  • show mac address-table address 3c07.541d.c8ab

Show DHCP-helper and other info about the Vlan

  • show ip interface vlan 904

Show error-disabled recovery timeout

C7:3-5>show errdisable recovery
ErrDisable Reason            Timer Status
-----------------            --------------
arp-inspection               Disabled
bpduguard                    Disabled
channel-misconfig (STP)      Disabled
dhcp-rate-limit              Disabled
dtp-flap                     Disabled
gbic-invalid                 Disabled
inline-power                 Disabled
link-flap                    Enabled
mac-limit                    Disabled
loopback                     Disabled
pagp-flap                    Disabled
port-mode-failure            Disabled
pppoe-ia-rate-limit          Disabled
psecure-violation            Disabled
security-violation           Disabled
sfp-config-mismatch          Disabled
small-frame                  Disabled
storm-control                Disabled
udld                         Disabled
vmps                         Disabled

Timer interval: 40 seconds

Interfaces that will be enabled at the next timeout:

C7:3-5> _





13. After my employment at the university has finished, may I bring home my old computer?

See also: How do I buy a new computer?
See also: What do I do with old computers?

Unfortunately no. The computer belongs to the university even if you bought it with your research money through the university. This is the general rule.

In certain cases, if you move your employment to another government facility, like another university, it may be ok if all of the following rules match:

  1. It has to be a government facility (like a university). The computer may not be brought to a private company even if the private company do research.
  2. There has to be an agreement (understanding) between the old employer (head of department) and the new employer.
  3. The equipment has to be removed from the university (department) inventory and added to the new employers (department) inventory. The equipment will not belong to the individual but follow the normal rules of the new employer.

Also be aware that the storage of the computer usually contain sensitive data. Before scrapping or repurposing equipment you have two options;

  1. Remove the permanent storage and send it to destruction. Permanent storage may be a hard drive (HDD), a solid state drive (SSD) etc.
  2. Overwrite the whole of the permanent storage with other data on the block level. (This may take a couple of hours.)

    Please note that even block level wipe of the storage does not delete bad blocks. If the data is so sensitive that this is not acceptable the storage has to be destroyed and cannot be repurposed.

Contact BMC-IT for help with this.

From time to time, the department, campus or university may sell old equipment to the employees. But it has to be sold at market value and the costs involved have to be covered. All software licensed to the university have to be removed. For example all our versions of Windows and Office have to be removed. Instead of Windows for example Ubuntu or any other free operating system or software may be installed. In practice all of this makes it very hard to sell old equipment in an usable state at a reasonable price.

Read more in Regler för försäljning av inventarier UFV 2008/159 (local copy)


Old equipment may sometimes be valuable in itself. The computer in the picture is a PDP-12 belonging to the Update computer club at Uppsala University.






14. What do I do with old computers?

See also: After my employment at the university has finished, may I bring home my old computer?
See also: What software applications do the university have that I can install?

Why cannot I just leave it at the electronic recycle room?

The data on the drive (usually a hard drive with permanent storage) in most cases contain software with licenses belonging to Uppsala University (Windows, Office, Adobe etc).

Sometimes the drive contain passwords (stored in Firefox, Safari, Internet Explorer, Outlook, Thunderbird etc) or password hashes (stored in Windows, OS X etc).

Sometimes the drives also contain sensitive personal data or data of other sensitive nature.

Option one - give it to BMC-IT

  1. Give it to BMC-IT. We will either scrap it or try to reuse the parts. If it is not for scrapping or possible reuse we cannot store it.
  2. Report the computer as scrapped in the department inventory.

Option two - scrap it right away

  1. Remove the hard drive (or other permanent storage).
  2. Give the hard drive to BMC-IT (or your Local IT).
    1. If the drive contain really sensitive data it will be sent to the Security and safety division or the facility they recommend.
    2. If the data is not as sensitive and the drive is meaningsful to reuse, we will erase the drive on the block level (killdisk) and then reuse it.
  3. Bring the computer to the electronic recycle room at The Goods reception at BMC.
  4. Report the computer as scrapped in the department inventory.





15. How do I buy a new computer?

See also: What are the different PC form factors?
See also: After my employment at the university has finished, may I bring home my old computer?
See also: My computer was stolen! What should I do?
See also: My harddrive broke! Do you have any spare parts?
See also: How do I order computer accessories and peripherals?

Short story

Contact BMC-IT at helpdesk@bmc.uu.se and describe what you need. We have prepared a couple of standard models.

Long story

Be aware of that Uppsala University is a government facility. This means we have to obey LOU, Swedish Public Procurement Act / Lagen om offentlig upphandling / SFS 2007:1091. This means we are not allowed to go down town in Uppsala to any shop and buy a computer. Or to any web-shop.

Please read the Procurement guide.

The university has a procurement division that have prepared a web site called Produktwebben with many different computers and models. Not all are appropriate to buy even if they are listed there. Technically any group/department can order from Produktwebben, but there may be other policies at the group/department, like wanting all computers to be pre-installed or of certain models to save time (and money). Please check first.

Please note! Contact your LocalIT first! Contact helpdesk@bmc.uu.se! If you do not know what you are doing and do not follow the procedures at your LocalIT / campus / department it is up to you to solve the problems this may create. It may not even be allowed.

Over time, some things have shown to be of extra importance when considering which computer to buy:

  1. The manufacturer should have at least three years support but up to five year support.
  2. The manufacturer should have next-business-day on-site-service. If the computer breaks down it is the responsibility of the manufacturer to come to us. We do not have to send the computer in to them via mail to fix it or pay for this service. This saves a lot of time and money.
  3. The computers should not be of cheapest consumer grade but built to work for a couple of years with replacement parts available. Usually all computers with three year support (or more) are not consumer grade.

At BMC-IT we have prepared some models that we find reasonable and have tested. This means we can quickly install them with operating system (multi language Windows Enterprise or Mac OS X), all drivers, the department printers and common applications like Microsoft Office, Adobe Photoshop, Adobe Illustrator, Adobe Acrobat, EndNote, Matlab, Symantec Endpoint Protection, ZENworks etc.

New odd PC models (like any PC model from produktwebben) that have not been tested first cannot be expected to be easily reinstalled right away. New Mac models are fine when running the latest Mac OS X.

More information

You can read more about purchasing equipment here:
Purchase of goods and services
Direct Award Contracts (DACs)





16. How to connect to a file server via SMB on Mac OS X

See also: How do I mount my home directory or shared storage at HNAS?
  1. In the Finder, choose connect to server... from the menu.
  2. Enter server name and name of the share, in this example smb://filserver.uu.se/neuro


  3. Enter the Windows-domain USER, your username and your password A






17. How do I convert video between different formats with free software?

HandBrake is a GUI open source video transcoder.

HandBrake is available for Windows, Mac, Linux etc.

Mencoder

Mencoder is part of Mplayer, a video player. Mencoder is a command-line open source video transcoder.

Mencoder is available for Windows, Mac, Linux etc.

  1. Download Mmplayer at www.mplayerhq.hu.
  2. Run the command line tool mencoder by starting the cmd. If you don't know what this is then don't follow this instruction. You have to have mencoder in your path.
  3. mencoder.exe input.avi -occ x264 -oac mp3lame -o output.mp4

  4. The new file named theoutput.mp4 should then contain the movie in the new x264 (mp4) format.

FFmpeg

FFmpeg can be used as a command line open source tool for transcoding video.

ffmpeg -i input.avi output.mp4





18. What is ransomware and CryptoLocker?

See also: Help me I get so much spam! What can I do?
See also: My computer has got a virus! What do I do?
See also: How to use the IBM Spectrum Protect (Tivoli Storage Manager aka TSM)
See also: How do I use an Apple AirPort Time Capsule?
CryptoLocker is a ransomware trojan that targets computers running Microsoft Windows.
- Wikipedia on CryptoLocker

CryptoLocker and TorrentLocker infects computers running Windows via seemingly innocent email with links or attachments. There has appeared other ransomwares attacking Mac too.

Read more about ransomware, TorrentLocker and CryptoLocker on Wikipedia.

To be infected, the receiver has in most cases actively tried to open and execute the payload. The payload may be disguised as a Word-document, a script or something that give the imporession that it is innocent. Do not open files or attachments you have not requested!

This (the example above in Microsoft Word) is not safe! Please be careful with Office files that require you to Enable Content. Enabling content may make it possible for evil macros to execute in Office allowing the attacker to take control of your computer.

This (the example above from Windows File Explorer) is an example of an opened .zip-file. .zip-files are in itself not dangerous it is just a way of storing one or many files into one compressed file, but it may be a way to bypass other simple security checks. For example the anti virus software may warn when downloading an .exe-file but may not warn when downloading a .zip-file.

This (the icon above) is an example of how an .js-file look like in the File Explorer. This file will run with the Windows Script Host (wscript/cscript) and execute and may download further potentially evil binaries. Windows Scripting Host also will run .jse and .wsf-files. Also note that a long file name like faktura.pdf.js may hide the real extension in File Explorer and show up as faktura.pdf which is a bit misleading. The real file name extension is hidden.

Even though a ransomware in itself easily can be removed, the files stay encrypted, waiting for a ransom to be payed in order to get the decryption key.

How to not get infected

  • Do not execute programs or even open attachments that random people have sent you.
  • Please don't do it.
  • If you have any suspicions regarding something you received via mail contact helpdesk@bmc.uu.se (BMC-IT).
  • Please forward the evil mail to no-spam@uu.se. Then the Uppsala University Security Division may adjust the rules for the mail filter and network firewall.

What to do if infected

  1. Turn the computer off.
  2. Contact your local IT (helpdesk@bmc.uu.se) for help.
  3. Forward the evil mail to no-spam@uu.se so that the Uppsala University Security Division may adjust mail filter and network firewall rules.
  4. Change your passwords at the university. Change all passwords for all sites that you have automatically saved in your browser.
  5. In general, reinstall computer and restore data from backups or snapshots.

Lessons to be learned from CryptoLocker

  • Use a file server with snapshots for storing data you do not want to lose. For example the central university HNAS file server store snapshots up to a month per default.
  • Everything locally on the computer running in the same security context as the user is not safe.
    • This means that local previous versions / snapshots are not safe, if the users can turn them off. But to have these are better than not.
    • This also means that backups like Time Machine, Cobian or similiar where the system stores a copy of the files on another storage place is not safe, unless the backup storage in is snapshotted outside of the users security context.
    • If you store extra backups of your files on external USB-attached storage, do not keep it plugged in all the time. Keep a couple of them and in rotation so that you can go back to an older version.
  • Already taken backups should not be allowed to be overwritten from the client. This can be accomplished by for example using snapshots on the backup storage, like on a file server.
  • Even more advanced backup systems like TSM may not be safe since it only stores a limited number of versions of each file. If the ransomware encrypt the files and then make some small updates to the file each day, then after the limited number of days have passed, all old uncorrupted versions will be gone.

Also read more

Read more from Europol's European Cybercrime Centre with friends at the No More Ransom! website.

The Uppsala University Security Division has courses in basic information security (in swedish). Every chapters just takes 2-4 minutes. There are 16 chapters in total.



19. How do I get deduplication to work in Linux?

See also: How do I configure my resolver on a Linux machine?
See also: How do I install Ubuntu?

ZFS

ZFS is great for compression and snapshots, but regarding deduplication: Don't go there. ZFS on Linux is doing inline deduplication and requires at least 5 GB of RAM for each TB of storage. It is usually better to get more hard drives. When using too much RAM everything will slow down to a crawl.

Btrfs

Btrfs is not as old and stable as ZFS, but it has compression, snapshots and deduplication. The deduplication in Btrfs is out-of-band.

Compression is stable. Go ahead.

When using snapshots and Btrfs, we recommend not saving more than 24+6+3+11 snapshots, each hour for a day, each day for a week, each week for a month and each month for a year. Otherwise (like saving a snapshot every day and not removing them) the snapshots may take too long time to remove. It seems like Btrfs is checking each file for each snapshot when snapshots are removed on order to know if the original file can be removed. There must be more than enough time (and IOPS to spare) to remove snapshots before new can be created.

Deduplication is run using en external tool. Easiest is to use duperemove on the dataset, we have however not tried any larger datasets.

Other ways...

There most probably are other ways to do this. Let us know.



20. How do I set default language in Word?

To change the default language for new documents in Microsoft Word, go to menu Tools and select Language... Then choose a language and click Default.

The menus for Word in Windows are very similar to the menus in Mac OS X.





21. How do I use Eduroam, the wireless network, in Windows?

See also: What Internet bandwidth does the university have?

For manual installation follow this guide.

With ZENworks you do like this.

  1. Start ZENworks application window and open Eduroam

  2. Wait for installation. It will not take long.
  3. Windows will ask for user and password

  4. Enter your username followed by @user.uu.se and your password B. This is not the password you use for logging in to your computer but the other one.

  5. If you have disconnected from Eduroam and want to connect again open the wireless connections in the taskbar and click on Eduroam.





22. How do I install EndNote?

See also: What is the cost for EndNote? What is Zotero? And Pages?

To do a manual installation of EndNote, contact helpdesk@bmc.uu.se. Also get approval from the one with the money.

EndNote can be installed via ZENworks in Windows, just click on icon in ZENworks application window like this. An email will be sent to helpdesk@bmc.uu.se who will arrange licensing.

Accept the cost:





23. What is the cost for EndNote? What is Zotero? And Pages?

See also: How do I install EndNote?
See also: What software applications do the university have that I can install?

The current (2016-01-11) cost for EndNote X7 is 1376 SEK as a one-time cost, but please note, if you already have an older version of EndNote, an upgrade is only 781 SEK. EndNote is available for Windows and Mac OS X.

Search Progdist at UU Reload

The University library regularly provides courses on the reference management software EndNote - but not EndNote basic.

EndNote basic is a free but limited version of EndNote. It does include EndNote integration in Word via a special plugin.

There are open source alternatives, for example Zotero and Mendeley which are free. They are not compatible with EndNote but may be used instead.

The University library regularly provides courses on the reference management software Zotero.

Pages is a Mac only application available in the Mac App Store. Some say it is great, but as usual, not directly compatible with neither EndNote nor Zotero.



24. What are the different PC form factors?

See also: How do I buy a new computer?

Dell OptiPlex 9020 family

Intel NUC

Full specifications for the Dell OptiPlex 9020 family

NUC - Next Unit of Computing (6th gen)
Dimensions (H x W x D): 3.2 x 11.2 x 11.7 cm
Two memory slots
No expansion
1 internal M.2 (to get a 2.5" drive add a cm or two in height)
Micro - Micro Form Factor
Dimensions (H x W x D): 18.2 x 3.6 x 17.6 cm
2 memory slots
No expansion

1 internal 2.5" bay

USFF - Ultra Small Form Factor
Dimensions (H x W x D): 23.7 x 6.5 x 24 cm
2 memory slots
1 miniPCIe connector
1 external 5.25" slimline bay

1 internal 2.5" bay

SFF - Small Form Factor
Dimensions (H x W x D): 29 x 9.3 x 31.2 cm
4 memory slots
1 low-profile PCI Express x16
1 low-profile PCI Express x4 (x16 slot)
1 internal 3.5" bay
1 external 5.25" slimline bay

MT - Minitower
Dimensions (H x W x D): 36 x 17.5 x 41.7 cm
4 memory slots
1 full height PCI Express x16
1 full height PCI Express x4 (x16 slot)
1 full height PCI Express x1
1 full height PCI (legacy with 32 bit 33 MHz)
2 internal 3.5" bay
2 external 5.25" bay





25. Graphpad Prism, what does it cost?

See also: What software applications do the university have that I can install?

GraphPad Prism is a commercial scientific 2D graphing and statistics software for Windows and Mac OS X.

Perpetual license

Search Progdist at UU Reload

Personal subscription license

There are Personal Subscription Licenses available at the GraphPad Prism homepage. However, those licenses we at BMC-IT cannot order for you via the university. But when using the software for a shorter time that license form is advantageous.

Send a message to helpdesk@bmc.uu.se for help with installing Graphpad Prism.



26. How do snapshots in the HNAS file server work?

See also: We need more storage! Do you have a file server we can use?
See also: How do I mount my home directory or shared storage at HNAS?

The HNAS file server saves old versions of files so that any user can retrieve them. It stores for every five minutes in an hour, every hour for a half a day and for every month for two months.

In Windows open Properties of a file or folder and then in the Previous versions tab pick an appropriate version.

In Mac OS X mount with an extra /~snapshot in the path to access the snapshots folders. Use your own university account instead of the example below.

Then enter the appropriate folder to search for the lost version.





27. How to map a network drive via SMB on Windows

See also: How do I mount my home directory or shared storage at HNAS?

SMB is (at least by default but Microsoft slowly making it better) not encrypted so access only from the local LAN at the university or via the VPN-pool. Do not use from home or over WLAN (wireless network).

  1. Open the file explorer. Press Left Windows key together with E.
  2. Right click on my computer and choose Map network drive...

  3. Enter the network folder you would like to map. In this example \\filserver.uu.se\neuro

  4. Enter your username and password. Please note that the Windows domain USER has to entered. Do not use my username jny25782 but your own username. Enter your password A.





28. My Internet does not work! How can I find the problem?

See also: How are the network sockets identified?
See also: How do I configure my resolver on a Linux machine?
  1. Do you have link?
    If no link, check network cable. Throw away and destroy faulty Ethernet cables, even if is only the little retainer tab that is broken.

  2. Has the network socket never been used before?
    Contact your Local IT and activate the network socket.
  3. If the network socket suddenly stopped working with no link, maybe the switch is broken or the power is out in the cross connect cabinet. Contact helpdesk@bmc.uu.se.
  4. If Internet suddenly stopped working - it does happen that the power is out. It is not very common. The cross connect cabinets are usually located in the same part of the building that the lab or office housing the network socket. So check if power is out. Are the lights on? If the power is out, just wait, Akademiska Hus is almost always already working on it.
  5. Do you have an IP-address?
    Check with ifconfig (Mac/Linux) or ipconfig (win). The IP-address should usually begin with 130.238 if you are at the university.
    If you get a link but do not get an IP-address listen on the network to see what traffic there is. Then you can quite often figure out whether you are on the correct subnet or not. This can be done in Linux with sudo tcpdump -n -i eth0 or on Mac with sudo tcpdump -n -i en0. (The network interface names may differ - check the names with ifconfig) For Windows Wireshark is a bit overkill but should work as well.
  6. If you have a link but do not get an address via DHCP then perhaps the DHCP-server are out of leases for your Vlan. You must contact your Local IT (which could be helpdesk@bmc.uu.se or someone else) to check what is going on.
  7. If this is the first time you are connecting this particular computer, maybe your computers MAC-address has not been included in the DHCP whitelist. This is a list of computers that are allowed to connect to the network. Again you must contact your Local IT (which could be helpdesk@bmc.uu.se or someone else) to check what is going on.
  8. Do you have a gateway? route print (Windows), ipconfig (Windows) netstat -nr (Mac) or route (Linux). If you got an IP-address but cannot reach the gateway maybe there are old firewall rules that are blocking your IP. Check with your Local IT (which could be helpdesk@bmc.uu.se or someone else) and then let them check with Netsupport or Security Division.
  9. Ping the gateway! Example ping 130.238.39.193

  10. Can you reach outside the gateway (router)?
    Test to ping Google resolver ping 8.8.8.8
    If this is not working this might also be a problem with router filters or firewall rules.
  11. Does DNS resolving work?
    1. Check the configured resolvers with nslookup www.uu.se
    2. Check if you can reach the UU resolver with nslookup www.uu.se 130.238.7.10
    3. Check if you can reach Google resolver with nslookup www.uu.se 8.8.8.8 or nslookup www.uu.se 8.8.4.4
  12. Check Internet settings. Here is a guide at Microsoft for Windows.

    Check DNS-server settings. The Uppsala university resolvers (nameservers aka DNS-servers) are 130.238.7.10, 130.238.4.11, 130.238.164.6. (They should have the common name resolver.uu.se.) If you are using DHCP it should look like this:





29. What is my IP-address and MAC-address?

See also: How to connect with VPN using AnyConnect in Windows
See also: How do I connect to the VPN using Ubuntu?

The easiest way to see what IP your computer or phone is currently using when contacting Internet is to go to a webpage that displays it.

For example; go to www.whatismyip.com

On a Mac this is also displayed in System Preferences:

  1. Open the Network tab in System Preferences and go to active interface to see the IP-address. Example 130.238.39.228
  2. Open Advanced. The IP-address is displayed again.
  3. Check MAC-address in Advanced. Example a8:20:66:19:5b:b8

Otherwise, the hard way:

  • For Mac or Linux, open a terminal and type ifconfig
  • For Windows, open a command window and type ipconfig /all

    Example: IP-address is 130.238.39.229 and MAC-address is 08:00:27:27:06:ad





30. How do I secure IPMI?

See also: Who is responsible for the network in the BMC server room?

It is generally recommended to not expose the management interface for servers to the Internet. Not only does some computers come pre-configured with a default login and password, but the embedded software may have vulnerabilities that are not patched as fast as normal operating systems or in some cases are not patched at all.

Most servers with IPMI can change the IPMI out-of-band communication to go via a dedicated network. This is usually done in BIOS. Use a dedicated network or dedicated Vlan for this. In order to not let the servers expose them selves to each other use the Private VLAN (protected ports) feature in the switches. Read about Private VLAN in Wikipedia.

Supermicro

Some Supermicro servers come pre-configured with failover IPMI meaning that the out-of-band communication for IPMI will share the same network connection as the server is normally using.

This is quite unsafe and will expose IPMI with default login and password via the normal network. This can be changed when running with this command:

Dedicated:
ipmitool raw 0x30 0x70 0x0c 0x01 0x00
Shared with LAN1:
ipmitool raw 0x30 0x70 0x0c 0x01 0x01
Failover:
ipmitool raw 0x30 0x70 0x0c 0x01 0x02





31. How do I downgrade to Java 6 for Mac?

See also: How do I downgrade to Java 6 for Mac?
  1. Go to Download Java for OS X 2015-001.
  2. Proceed with the Download link.
  3. Save File.
  4. Open.

  5. Go ahead with installation.

  6. Continue, accept, install, etc.
  7. Done.




32. How to downgrade to Java 7 for Windows

See also: How do I downgrade to Java 6 for Mac?

Some applications at the university (like Raindance and NyA) do only work with the soon obsolete Java 7 and not the current (2015) Java 8.

  1. First go to Programs and Features.
  2. Uninstall Java 8

  3. Go to the download Java 7 page.
  4. Save as.

  5. Save as File Name with .exe in the end

  6. View downloads, open folder, run and install.
  7. Remember to not install the Ask tool bar. Uncheck it.

  8. Done.




33. How do I lookup LDAP or Active Directory via command line on Mac and Linux?

See also: How do I send mail from a shell script in Linux and Mac OS X?

Connecting anonymously to LDAP

ldapsearch -l 10 -x -Hldap://ldap.katalog.uu.se -b 'cn=People,dc=uu,dc=se' '(&(objectClass=person)(uid=jny25782))'

Connecting with authentication to LDAP

ldapsearch -l 10 -x -Hldaps://ldap.katalog.uu.se -D 'uid=jny25782,dc=user,dc=uu,dc=se' -w 'passwordA' -b 'cn=People,dc=uu,dc=se' '(&(objectClass=person)(uid=jny25782))'

Connecting with authentication to Active Directory

ldapsearch -Hldap://dc.user.uu.se -x -D "jny25782@user.uu.se" -b "DC=user,DC=uu,DC=se" -w "passwordA" "(uid=jny25782)" uid mail

Those timestamps in the Active Directory look quite strange do they not?

Convert from Windows time (100 ns/tick resolution) to Unix time ( 1 s/tick) by dividing by 10000000 (changing 100 ns resolution into 1 s) and then subtract 11644473600 to get from 1601-01-01T00:00:00Z to 1970-01-01T00:00:00Z.

$ date -d @$(echo 131243293252095302/10000000-11644473600 | bc) Wed Nov 23 00:02:05 CET 2016 $ _





34. How do I set firewall rules in Linux to block SSH?

See also: How to connect with VPN using AnyConnect in Windows
See also: How do I connect to the VPN using Ubuntu?

This is an example on how to set firewall rules in Linux. The command iptables below first open incoming on port 22/tcp (SSH) for the university network and then drop all other.

The first command (iptables) adds a rule (-A) to the input-chain (INPUT) for protcol tcp (-p tcp) on the incoming (--destination-port) port 22 for SSH (22) which has a source (-s) from the university (130.238/16) that it should accept the packets (-j ACCEPT).

The second command just drops everything else.

# iptables -A INPUT -p tcp --destination-port 22 -s 130.238/16 -j ACCEPT # iptables -A INPUT -p tcp --destination-port 22 -j DROP

How to save the rules is different between different distributions. In CentOS 7 I use the command service iptables save. In Ubuntu/Debian, install the package iptables-persistent and then run the command iptables-save > /etc/iptables/rules.v4. Reboot computer to see that the firewall rules stick.

To see the current firwall rules run this command:

# iptables -L -n

Also, to limit which accounts can login via SSH you can use the AllowUsers keyword in /etc/ssh/sshd_config like this:

AllowUsers myaccount

To allow more users:

AllowUsers firstaccount secondaccount

Restart or reload sshd or restart computer to use the new configuration for sshd.

Read more about iptables at the Netfilter homepage.



35. How to create a local Windows user

  1. You need to be local administrator on the computer for this to work. If you are not then contact helpdesk@bmc.uu.se for help.


    Please note local accounts with local files will not be backed up!

  2. Start computer management:

  3. Go to System Tools and Local Users and Groups and create a New User...

  4. Enter the details. Use a password with more than 10 characters.

  5. Now the user is created.

  6. Opening Properties for the user and add the user to the local group Administrators:

  7. Find the administrators group by typing administrators, press Check Names and then confirm with OK.

  8. It should look like this - the user is member of the local administrators group:

  9. Logout and login with .\labuser (Not the .\ in the beginning so it is a local login and not a Windows-domain user) and the new password.





36. Print using locked print on Mac OS X

See also: Print using locked print on Windows
See also: Print using UserCode for Ubuntu
  1. First you have to make sure you are printing using the driver made for the Ricoh printer. When adding a printer do not use AirPrint but the PostScript driver (the one ending with PS) at the Use: drop down menu.

  2. If you do not have any PostScript driver, you have to download it from Ricoh. The Ricoh homepage is a bit hard to link to, but go to for example https://www.ricoh-usa.com/downloads/ enter the model number of the printer and download drivers.
  3. Then, when printing, enter Show details.

  4. In the drop down menu (currently showing Safari since I was printing from Safari) pick Job Log.

  5. In the Job Log settings, change Job Type: to Locked Print.

  6. Enter your settings - your username and a uniqe password.

  7. Print using these preset settings.
  8. Go to printer and enter the password to get the printer to print.




37. Print using UserCode for Ubuntu

See also: Add a printer in Ubuntu 14.04
See also: Print using locked print on Mac OS X
See also: Print using locked print on Windows

Some printers are set up using UserCode for internal billing purposes. If no UserCode is used one cannot print on the printer.

After adding a printer in Ubuntu, using the correct driver, select Properties for the printer.

  1. In the Printer Options set User Code to Custom UserCode.

  2. In the Job Options add a new option called UserCode.

  3. Enter the code here in the new UserCode option.





38. Print using locked print on Windows

See also: Print using locked print on Mac OS X
See also: Print using UserCode for Ubuntu
  1. Open print dialog for a Ricoh printer.
  2. Open preferences.
  3. Chose Locked Print at Job Type.

  4. Open Details...
  5. Enter user-ID (your own) and password (unique)

  6. Print using these settings.
  7. Go to printer and enter the password to get the printer to print.




39. How do I change the Mac computer and host name?

See also: How do I find the serial number on Mac OS X?

In Mac OS X, change the computer names in the system settings, in the Share (Delning) dialog.

The university name standard begins with an identifier for each department and then a dash and a unique identifier. At BMC-IT and the departments we support we continue with the computer serial number like this:

  1. Begin with a TLA - the three letter ancronym (Neuroscience - INV, Medical Biochemistry and Microbiology - IMB, Pharmaceutical biosciences - FBV, Medical Cell Biology - MCB, Uppsala Biomedical Centre - BMC, Public Health and Caring Sciences - IFV, etc)
  2. Then a dash -.
  3. Then the serial number max 11 characters (cut away the leading ones to keep the usually significant ones)
  4. The full computer name should be 15 characters or less (to not generate possible problems in old network sharing protocols like WINS... In a couple of years, when WINS is totally gone, then this rule most probably can be ignored)

The host name is however picked up from the DHCP-server. It is used as a prompt in the command line. With dynamic DHCP the IP and the host name may change from time to time. So to get a consistant hostname set it manually like this:

gforce:~ jerker$ scutil --get HostName HostName: not set gforce:~ jerker$ sudo scutil --set HostName BMC-07JD0NADJD3.bmc.uu.se Password: gforce:~ jerker$ bash BMC-07JD0NADJD3:~ jerker$





40. How do I add the Korint IPP printer in Mac OS X?

Run this command in a terminal.

lpadmin -p Korint-FollowPrint-IPP -P `dirname "$0"`/PPD/Korint-FollowPrint.ppd -v ipp://ipp.korint.uu.se/printers/Korint-FollowPrint?compression=none -L "Uppsala University FollowPrint" -D "Uppsala University FollowPrint" -E

The -D option is the description. Read more at Korint homepage.



41. Should I upgrade to the latest version of Mac OS X?

See also: How do I find the serial number on Mac OS X?
See also: How much memory does my Mac have? Can I get more? How much do I need?

Find out what version of Mac OS X / macOS your computer is able to run by entering your serialnumber on the Ultimate Mac Lookup, go to the webpage for your model and look at Maximum MacOS.

In general you should upgrade your Mac to a new version of Mac OS X, but we do not recommend upgrade too old computers that do not have enough memory or are too slow to be able to run the latest versions. Older than 2011 should for example not be upgraded to Yosemite, they will get too sluggish. We also recommend replacing a HDD (slow rotating Hard Disk Drive) with a SSD (faster Solid State Drive) when doing major upgrades if it is possible.

Known problems

But other than that, go ahead. Most things work better. If you have any questions contact helpdesk@bmc.uu.se.



42. How much memory does my Mac have? Can I get more? How much do I need?

See also: How do I find the serial number on Mac OS X?
See also: Should I upgrade to the latest version of Mac OS X?
  1. Go to the Apple menu and go to About this computer or Om den här datorn.

  2. Check Memory in GB too see what is currently have. Example with Mac OS X Yosemite and 16 GB.

  3. Open the Memory tab to see how the memory banks are populated:

  4. The more memory the better:
    Tasks
    Memory Writing, Web browsing, Mail Running Virtual Machines with Windows Several Virtual Machines, Matlab with large datasets, Photoshop with very large images, building large apps locally etc
    2 GB RAM Upgrade (works but very slowly - one task at a time) Upgrade (not possible) Upgrade (not possible)
    4 GB RAM Ok Upgrade (works but really slow hard to work in both at the same time) Upgrade (not possible)
    8 GB RAM Great Ok Upgrade (works but slow)
    16 GB RAM Great Great Ok
    32 GB RAM Great Great Great
  5. Find out what model you have. Example from above Mac mini (middle 2011)
  6. Send a message to helpdesk@bmc.uu.se. Supply the following information:
    1. What model the Mac is (see above)
    2. How much memory it currently have (see above)
    3. What room it is in. (Check your room number above the door)
    4. Payment details. (The research group leader and research group name)
    5. Your contact information (phone number) unless it is in the university catalogue.
  7. As Local IT (or interested user) Go to a website with all Apple models and their memory upgrades. Here are two examples from two memory manufacturers:

    At EveryMac you can also see the highest version of the operating system that is possible to run.

  8. As Local IT: Buy memory via produktwebben.

    Please note, this is done by the Local IT. Do not do this unless you really know what you are doing. And then you are on your own if the memory do not fit or something else goes wrong.

  9. As Local IT: Install memory on the Mac.

Troubleshooting

  1. Reset the Mac parameter memory. After rebooting try and hold down these four keys together until it reboots again:
    Cmd/Command/⌘-Alt/Option/⌥-P-R
  2. Change the order of the memory physically. This may just clean the oxide from the connectors.
  3. Remove the memory modules, one at a time, and run the computer with the remaining memory to see of this solves the problem. Replace the faulty memory module.




43. How do I merge documents with Preview in Mac OS X?

See also: How do I merge PDF documents with PDF-Xchange in Windows?
See also: How much do Adobe Photoshop and Illustrator cost?

Apple has a guide on OS X: Combining PDF documents using Preview.

This guide works on the latest Mac OS X Sierra, I have not tried previous versions:

  1. Create a new copy of the first PDF-document you which to merge into (because Preview saves the result in the source).
  2. Open the copy of the first PDF-document in Preview.
  3. Open Finder and drag the second document below the last page of the first document.
  4. Close Preview. It will automatically save the document with the edits you made.




44. How do I find the serial number on Mac OS X?

See also: How do I change the Mac computer and host name?
See also: How much memory does my Mac have? Can I get more? How much do I need?
See also: Should I upgrade to the latest version of Mac OS X?
  1. Open Apple-menu and choose About this computer

  2. Here it is!

  3. For older Mac OS X, double click on the version number to display the serial number.

  4. You can also find the serial number in the hardware section of System Information.

Read more at Apple: Find your Mac`s serial number in About This Mac or System Information



45. Troubleshooting mail - what can I do and whom do I ask?

See also: My mailbox is full! What do I do?
See also: Spam filter settings in the SUNET Mailfilter
See also: Help me I get so much spam! What can I do?

The main mailservers at Uppsala university are taken care of by IT-division. The main spamfilter is taken care of by SUNET.

Please note that the anti-spam filter will put mail that has been classified as mail into the Skräppost / Junkmail folder automatically. Please check there if you are missing mail!

To troubleshoot mail you are missing you need the following information:

  1. Sender of mail
  2. Receiver of mail
  3. Subject
  4. Date and time

Send the request to the postmasters at Uppsala university who can be reached at helpdesk@uu.se.

If you have recieved the mail but still have questions where it was kept up you can open the mail headers and look at the ones beginning with received:. A mail only sent internally in the Exchange server at the university does not contain any such lines.

This can be found in Thunderbird by pressing CTRL-U. For Outlook 2013/2016: Open the message in its own window, On the File tab, select Properties and the header information should appear in the Internet headers box.

In the example below it looks like the mail was delayed 17 minutes in e-mailfilter04.sunet.se but it does not explain the reason - could the next receiver lyra.its.uu.se not receive the mail at that moment or were there queues internally in the e-mailfilter04.sunet.se? To investigate such things further the postmasters have to look at for example queue lengths or other logs for the mail servers.


Received: from lyra.its.uu.se (130.238.7.73) by smtp.user.uu.se (130.238.3.118) with Microsoft SMTP Server (TLS) id 14.3.319.2; Wed, 2 Nov 2016 11:47:01 +0100 Received: from e-mailfilter04.sunet.se (e-mailfilter04.sunet.se [192.36.171.204]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by lyra.its.uu.se (Postfix) with ESMTPS id C869F3942E for <jerker.nyberg@bmc.uu.se>; Wed, 2 Nov 2016 11:47:01 +0100 (CET) Received: from cursor.its.uu.se (smtp-out2.uu.se [130.238.7.173]) by e-mailfilter04.sunet.se (8.14.4/8.14.4/Debian-4+deb7u1) with ESMTP id uA2AUbDF008508 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for <jerker.nyberg@bmc.uu.se>; Wed, 2 Nov 2016 11:30:38 +0100 Received: from e-mailfilter02.sunet.se (e-mailfilter02.sunet.se [192.36.171.202]) by cursor.its.uu.se (Postfix) with ESMTP id C46F11D60 for <jerker.nyberg@bmc.uu.se>; Wed, 2 Nov 2016 11:30:36 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=uu.se; s=centralsmtp; t=1478082636; bh=81SVPu1qJne0nNt3g29NneVtKglBV287biptFjHv6vs=; h=To:Subject:Date:From; b=YZ4xC5F4ISHQEggiwaTS1BJUH5MZ24o2ayd1o/bTadGliYtIveL/nj/kXkq4Ju5/M Usx5NkpjcY+hADrrESdBa2K75+LxUs2ORvv2O3koq7lk7n0YS/D2ZYCGFVqarvLlFY iA6kmrBRO4HTVKoN60GnDW6ef2l5JHS6HJsqaot0= Received: from velox.its.uu.se (velox.its.uu.se [130.238.7.74]) by e-mailfilter02.sunet.se (8.14.4/8.14.4/Debian-4+deb7u1) with ESMTP id uA2AUaGA005478 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for <jerker.nyberg@bmc.uu.se>; Wed, 2 Nov 2016 11:30:36 +0100 Received: from localhost (nimos.rudbeck.uu.se [130.238.63.61]) by velox.its.uu.se (Postfix) with ESMTP id E6AA634651 for <jerker.nyberg@bmc.uu.se>; Wed, 2 Nov 2016 11:30:35 +0100 (CET)



46. My mailbox is full! What do I do?

See also: Troubleshooting mail - what can I do and whom do I ask?

The Exchange mailserver at the university has a limited amount of storage quota for each user. This is to prevent a single user from accidentally filling up all space.

No worries. Just contact contact helpdesk@uu.se to get more space. Send a mail from your own account and ask for a more mailbox space.

The easiest way to check your current mailbox usage is to go to the webmail at https://mail.uu.se and hover your mouse over your name above the Inbox/Inkorgen. A small pop-up will display your current mailbox usage.



47. I would like MATLAB on my computer please!

See also: What software applications do the university have that I can install?

Uppsala University has a site license for MATLAB payed for by the faculty of science and technology.

Go to the Matlab Support Page to read more.



48. How does the reinstallation of computers work?

These are instructions for installing Windows 7/8.1/10 x64 Enterprise via MDT 2013.

  1. Prepare installation
    1. Create USB flash drive
    2. Configuration for network boot
    3. Configuration of router filter
    4. Permissions for autojoin domain
    5. Settings for VirtualBox
    6. Hardware support
  2. Starting install via USB flash drive
  3. Starting install via network
  4. Clearing partitions
  5. Continue with installing
    1. Select task sequence
    2. Fill in computer name and join domain
    3. Select applications
    4. Wait while installing
    5. Administrator password

Prepare installation

Create USB flash drive

  1. Get access to the installation directory through User-AD group bmc-autoadmin-group. Mail a mail to BMC-IT (helpdesk@bmc.uu.se) with your username and what you want.
  2. Get one or several 32 GB USB flash drives. There is also a smaller 16GB-version with only Win10.
  3. Login on a Windows 7 machine with USB-ports as administrator. DO NOT HAVE A NETWORK DRIVE MAPPED TO G: H: I: OR J:!
  4. Insert the USB flash drives (max 4 at the same time) in Windows 7 machine.
  5. Start a command prompt as administrator cmd (use CTRL and SHIFT to run as administrator from the prompt in the start menu)
  6. Run command: net use n: \\BMCIT-Common.files.uu.se\BMCIT-Common /user:user\account and login using your university account and password A.
  7. Run command: \\BMCIT-Common.files.uu.se\BMCIT-Common\MDT\MDT-Media\full.bat

    This will format and erase all USB flash drives inserted in machine!

  8. Wait a long time. The faster the USB flash drives the better.
  9. Done!

Update USB flash drive

  1. Next time, to update the USB, run the command: \\BMCIT-Common.files.uu.se\BMCIT-Common\MDT\MDT-Media\fullsync.bat
    This will not format, just update the sticks with changed files.

Configuration for Network boot

For Windows DHCP it looks like this:


For ISC dhcpd it looks like this: from dhcpd.conf (this is using the central tftp.its.uu.se server)

 filename "bmc/pxelinux.0";
 next-server "130.238.7.37";
/tftpboot/pxelinux.cfg/default (already done)
PROMPT 1
TIMEOUT 100
DEFAULT l
DISPLAY msgs/boot.msg

LABEL l
      MENU LABEL ^Local Boot (default)
      LOCALBOOT 0

LABEL mdt
  MENU LABEL Windows MDT LiteTouchPE x64
  KERNEL memdisk
  APPEND iso initrd=LiteTouchPE_x64.iso raw

/tftpboot/msgs/boot.msg (already done)
Displaying tftp://tftp.its.uu.se/bmc/msgs/boot.msg from 130.238.7.37

 l        Local Boot (default)
 mdt      Windows 7 Enterprise x64 (LiteTouchPE x64 MDT)

Pxelinux is coming from syslinux.org. It is included in most Linux-distributions.

The LiteTouchPE_x86.iso is located at \\BMCIT-Common.files.its.uu.se\BMCIT-Common\MDT\Boot\LiteTouchPE_x64.iso

Configuration of router filter

TFTP is using UDP. The request to the TFTP-server is sent on port 69/udp from any port. The TFTP-server at tftp.its.uu.se (130.238.7.37) is using UDP source ports 6900-6999 for responding.

Open up UDP, both directions, from host 130.238.7.37 to your clients. Usually this is all of your subnets. Send a request for this to netsupport@its.uu.se.

Permissions for autojoin domain

The account USER\bmc-autoadmin-mdt must at least have permission to Create Computer objects in the correct OU to be able to join automatically.

Settings for VirtualBox

  1. Download and install extension pack from VirtualBox homepage.
  2. Select type Windows
  3. Select version Windows 8.1 (64 bit)

  4. Attach network to Bridged Adapter

  5. Set harddrive on IDE-controller instead of SATA.

  6. Activate network boot even if F12 has not been pressed to select boot device.
  7. The latest versions of VirtualBox 4.3.24 (but not the slightly older 4.3.12) has a regression so that the USB-Tablet (mouse pointer) does not work. Use the PS/2-mouse instead and then install guest drivers in the operating system after installation of Windows is done.

Hardware support

MDT 2013 based on Windows 8.1 and Windows 7 have together these requirements:

  • 64-bit CPU
  • 4 GB RAM recommended. It may work with 2 GB RAM but very slow.
  • Support for the PrefetchW-feature in the CPU.

Microsoft has for Windows 8.1 dropped support for CPUs without the PrefetchW-feature. This includes the Pentium D 8xx CPUs hich are used in for example many Dell Optiplex GX620 desktops. So even if they have 4 GB RAM they cannot run the installation.

Some other Dell Optiplex with the slightly faster Intel Pentium D 9xx are working fine.

Check model with wmic csproduct get vendor, version

Starting install via USB flash drive

  1. Press F12 or F10 or whatever it is to be able to select boot source. It depends on the computer model.
  2. Choose to boot via USB. You have to use an USB2-port. USB3 does not work.
  3. Continue with installing.

Starting install via network

  1. Press F12 when starting machine to boot via Network. If the Network adapter do not show PXE-booting may have to be enabled in BIOS.
  2. Choose alternative mdt Windows 7 Enterprise x64 (LiteTouchPE x64 MDT) by typing M D T and pressing ENTER

  3. This will boot the netinstallation ISO over TFTP. Hope that it works. If it do not work, boot via USB flash drive instead (on a USB2-port).
  4. Enter your username and password A to connect to network share. (Use your normal username and not _username) If you do not have access, ask helpdesk@bmc.uu.se to add you to the group USER\bmc-autoadmin-mdt which will grant you read-only access.

  5. Continue with installing.

Clearing partitions

If the installation stops because of a previous installation attempt or if something else is weird with the partition table, previously created partitions may be cleared manually.
  1. Press F8 during installation to start a command prompt
  2. diskpart
  3. sel dis 0
  4. cle
  5. exit

Continue with installing

  1. Select task sequence:
    • W7E is the normal Win7 Enterprise x64 deploy. This is the only working task sequence if you are using an USB-stick.

  2. Fill in computer name. The new computer name standard is first three letters for institution, then a dash and the computer serial number. The serial number is automatically read from the computer BIOS. If you wish to join AD fill in your OU and your credentials. If you wish to join automatically without entering credentials the user USER\bmc-autoadmin-for-mdt must be given privileges to create new computer accounts.

    Or enter the name of the workgroup:

  3. Select what applications or other packages to install during installation:

    These are of special importance:

    1. PrinterGUI_W7_x64_1.0 This package will install all local predefined network printers. Read more here.
    2. SEP (BMC)_12.1.1000.157_W7_x64_1.0 This package will join the SEP server at BMC which may not be what you want unless you are on BMC.
    3. ZenWorks Client (BMC)_11.3_W7_xX_1.0 This package will join ZENworks with a presupplied BMC-key. This will put the machine in control of BMC in ZENworks which may not be what you want.
    4. SetLocalPassAsMD5 (BMC)_W7_1.0 Set the local administrator password as an MD5 sum of a combination of a secret and serialnumber.

  4. Wait up to an hour while the computer is running MDT for installing OS, applications and Windows updates.
  5. For computers in USER-AD at BMC the administrator password is set to a unique hash with for each computer. Any locally set password will be overwritten.

    If the computer is not joined to the USER-AD, the administrator password can be set as an MD5 hash of a secret key and the computer serial number. If you do not know the secret key, don't add the package SetLocalPassAsMD5.

    Without this package the password will be set to bytgenast which means that you are responsible to CHANGE PASSWORD when the installation is done.

    You can always clear it with for example ntpasswd or via the USER-AD or whatever.

    Currently the algorithm looks like this. The serialnumer is lower case and padded by zeroes or cut to 12 characters. The following works at the command line at Mac OS X or Linux to create the password.

    Mac OS X:

    echo -n serial000000SECRET | md5 | head -c 12

    Scientific Linux, Ubuntu etc:

    echo -n serial000000SECRET | md5sum | head -c 12






49. How do I mount SMB share in Linux?

See also: How do I mount my home directory or shared storage at HNAS?
See also: How do I install Ubuntu?

Command line

  1. To mount an SMB-share on the command line in Linux, first create a directory where to mount the share: example like this:

    mkdir /mnt/myfiles

  2. Then mount:

    mount -t cifs -o domain=USER,username=jny25782,password=XXX '//inv-users.files.uu.se/inv-users$/jny25782' /mnt/myfiles

    If you want to be prompted for a password try this instead:

    mount -t cifs -o domain=USER,username=jny25782 '//inv-users.files.uu.se/inv-users$/jny25782' /mnt/myfiles

Permanently

To do this permanently add the following line (as a root user) in the file /etc/fstab

  1. First check your uid (uidNumber) as your normal user:
    id -u
  2. Then enter this line as an administrator in the file /etc/fstab.

    //inv-users.files.uu.se/inv-users$/jny25782 /mnt/myfiles cifs domain=USER,username=jny25782,password=XXX,uid=1000,iocharset=utf8 0 0

  3. Now the normal user with id 1000 should be able to access the files in /mnt/myfiles

Temporarily on an Ubuntu desktop

  1. Start the file browser and open Connect to server...
  2. Enter the path:

  3. Enter your credentials





50. What Internet bandwidth does the university have?

See also: Who is resposible for what on the BMC network? Who can help me?
See also: We have a server, where should we put it?
See also: How to connect with VPN using AnyConnect in Windows
See also: How are the network sockets identified?
See also: What service levels does BMC-IT have compared to others at the university?

Check your own bandwidth



Bredbandsskollen is a bandwidth measuring service. However, above 100 Mbit/s the service may be inaccurate regarding exact speed since it depend too much on the local computer and web browser performance. It requires Flash in the browser in order to work.

For mobile and wireless networks it is quite usually good.

Fixed network

SUNET had 2 x 40 Gbit/s connection to NORDUnet but now even more.

SunetC statistics

The Uppsala University network (UpUnet) had 2 x 10 Gbit/s bandwidth to OptoSUNET but are now connected to SunetC with 2 x 100 Gbit/s.

BMC-campus-router has 2 x 10 Gbit/s to the rest of Uppsala University network (UpUnet) for the BMC-router and 4 x 10 Gbit/s for the BMC-hall-routers.

BMC has internally in the building either 10 Gbit/s, multiple 1 Gbit/s or single 1 Gbit/s bandwidth to the cross connect cabinet distribution switches. BMC linkstatus

The network sockets at BMC are connected via either 100 Mbit/s (Fast Ethernet) or 1 Gbit/s (gigabit Ethernet) to the edge switches. If you only have Fast Ethernet and need gigabit let us know at helpdesk@bmc.uu.se. A few servers have 10 Gbit/s or multiple 1 Gbit/s.

The network in BMC is built by Cisco equipment. Over the years we seem to have acquired all possible models, but mostly C5500, C3500, C2980, C2950, C2960, C2960S, C2960X, C2960XR. Our oldest Fast Ethernet switches - C5500, C3500 and C2980 - are currently being replaced. Some Fast Ethernet switches - C2950 and C2960 - will continue to serve us together with newer gigabit switches.

New cross connect cabinets are built with 10 Gbit/s or dual 1 Gbit/s uplink and flexstacked C2960X with 1 Gbit/s to the clients. Old switches without flexstack are connected via EtherChannel to the stack or have direct connections to the router.

The idea with the network topology is that no switch failure should bring down any other switch. No single interface or transceiver (SFP/SFP+/GBIC) failure should interrupt any switch. The BMC-router is the big exception but Cisco 6500 series are in general quite reliable. It is equipped with with redundant power supplies and is connected to a small dedicated UPS.

Wireless network

Most of the wireless access points in BMC are Cisco AP1131 with support for IEEE 802.11a/b/g up to 54 Mbit/s but in practice less. We have a few Cisco AP2602i with support for IEEE 802.11a/b/g/n which are slightly faster, but usually not above 80-100 Mbit/s since most of them are limited by their connection to 100 Mbit/s PoE Fast Ethernet anyway.




51. Who is resposible for what on the BMC network? Who can help me?

See also: What Internet bandwidth does the university have?
See also: Which Vlans are at the BMC-router?
See also: How are the network sockets identified?
See also: How do I use an Apple AirPort Time Capsule?
See also: What do the different symbols in BlueCat mean?

Local IT

This may be you, your department, BMC-IT or client support at UUIT or any other organisation at the university, depending on where you work.

BMC-IT

Contact helpdesk@bmc.uu.se

UUIT

Contact Domainmaster (DNS/DHCP/TFTP), Netsupport (Network), IRT (Security) or UU helpdesk (everything else).

Responsibilities

These reflect how it is usually done, but are not carved in stone

  • All usage on the VLAN/subnet
  • Local security on the VLAN/subnet
  • Identity of the different computers
  • Request change in router filter
  • Physical network copper and fiber
  • Buy switches
  • Request change of VLAN configuration
  • Patch network in cross connect cabinets
  • Help Local IT track down rogue computers
  • Router and router filter (Netsupport)
  • Firewall (Security division)
  • Installing, configure, replace and maintain switches (Netsupport)
  • Security tracking (Security division)
  • TFTP, DNS and DHCP for UU (Domainmaster)
  • Help Local IT track down rogue computers (Netsupport and Security division)
Install a new network socket Installation of a new socket costs around 2500 SEK for a double socket. It depends on the amount of work. Several sockets in one room is less work per socket than one single socket. Supply the following information:

  • Room number
    Example A1:123d
  • Other requests
    Example right side, near the window
  • Who to charge (Kostnadsställe)
    Example 123ABC

If you want to connect the network sockets to the network (and not only telephone) then also supply:

  • Which Vlan at BMC you would like to use.
    Example Vlan680 "BMC-Data"
  • If you want one or two sockets to be connected. If you only want one, clarify which socket to activate.
    Example Left, right or both
Directly connect two network sockets Two network sockets connected to the same cross connect cabinet may be directly connected with two patch cables in the cross connect cabinet. Just send an email to helpdesk@bmc.uu.se with the network socket and cross connect cabinet identifiers.
New power socket Talk to Bo Ejdesjö at BMC. Will cost money. Hyresgästanpassning.
New pillar with power and network sockets Talk to technical service at BMC. Free of charge AFAIK.
All about fixed telephone Talk to teleservice at university. Will cost money.
Activate network socket BMC-IT does the cross connect cabinet patching and requests VLAN change.

This is currently (oct 2015) done once a week so delivery time is around 1-2 weeks depending on day of week and luck.

Supply the following information. Read more in FAQ on how the network sockets are identified.

  • Cross connect cabinet identifier
    Example A1-D101-11-17
  • Network socket identifier
    Example A1.202:1
  • Vlan name or number
    Example Vlan 664 "NEURO"
  • If it is a double socket identifier, clarify which socket to activate
    Example Left, right or both
Deactivate network socket Send a message to BMC-IT with the following information. Read more in FAQ on how the network sockets are identified.

  • Cross connect cabinet identifier
    Example A1-D101-11-17
  • Network socket identifier
    Example A1.202:1
  • If it is a double socket identifier, clarify which socket to deactivate
    Example Left, right or both
Change VLAN in an already activated socket Send the request to BMC-IT. Please submit:
  • Cross connect cabinet identifier
    Example A1-D101-11-17
  • Network socket identifier
    Example A1.202:1
  • Vlan name or number
    Example Vlan 664 "NEURO"
  • If it is a double socket identifier, clarify which socket to deactivate
    Example Left, right or both
UUIT Netsupport will do the configuration of VLAN in switch.
Server room access in D11:0 May give temporary guided access Contact UUIT for permanent access to your rack
Faster network Upgrades to 1 Gbit/s are available in most cross connect cabinets. If you need 10 Gbit/s contact BMC-IT together with UUIT Netsupport. This is available in a few cross connect cabinets.
Order a new VLAN/subnet First find out how many IP you need
(Remember to fix DNS and perhaps DHCP)
Then contact BMC-IT to see if there are any spare ranges and if this is really what you need. We do not want to create a lot of small Vlans if not needed. Together with BMC-IT contact UUIT Netsupport to get new assignment
Campus router filter settings (Cisco) Figure out what you need And let UUIT Netsupport configure the router filter
University perimeter firewall settings (Fortigate) Figure out what you need And let Security Division configure the firewall
DNS Local IT can do this Or UUIT domainmaster
DHCP Local IT can do this Or UUIT domainmaster
TFTP / PXE-boot Local IT can do this Or UUIT domainmaster tftp.its.uu.se
Finding a rogue computer The responsibility belongs to Local IT Automatic arpwatch and arptrack services to find switch, interface, cross connect and socket. Manual check in router and the Upunet Tracking Database (NetDB) service
Finding used and unused IP-addresses Keeping track of who is using what. Registration and removal of IP in DNS. Automatic arpwatch and arptrack service Manual check in router, Bluecat (IPAM) and the Upunet Tracking Database (NetDB) service
Router and uplink bandwidth Linkstatus graphs available for BMC Netstat graphs available for UU
Magic network problems Contact your Local IT And then let Local IT contact UUIT Netsupport
My windows server does not work Contact your Local IT
Eduroam do not work on my client or in general Local IT may help with client configuration Broken wireless hotspots should be reported to UUIT Netsupport
Wireless (Eduroam) coverage is low in some rooms or corridors Contact BMC-IT to discuss what can be done. All office corridors should have coverage. UUIT Netsupport may together with BMC-IT install new wireless hotspots. This may cost money. All public rooms for students should have coverage.
I need a network cable Contact your Local IT
The IRT-group has disconnected my computer from the Internet! Contact your Local IT to fix your computer Let the Local IT contact the IRT-group to open the router filter when computer is fine.
My Internet do not work! Help! Check how to find the cause of the problem here. Finding configuration problems in the local computer is a job for Local IT. If it should work but get no link then perhaps switch port is broken. Contact helpdesk@bmc.uu.se. This might be a magic network problem. Then contact UUIT Netsupport.




52. How do I use offline files?

See also: How do I access my home directory?

What are offline files?

Short story: It lets you always have access to your files even when not connected to the file server at the Uppsala University network.

Long story: Windows has a feature for making files on a file server available offline even when the connection to the file server is lost. The client stores the files in a offline cache. Changes in the file when offline is stored locally. When the computer or server is back online the data is synced to the server. This works well on files a single user changes but not so well on shared folders where different users make changes on the same files.

Enable offline files

  1. New computers installed and maintained by BMC-IT has offline files already enabled.

  2. In the start-menu, type offline to find and start Enable offline files On this computer the administrator (BMC-IT) has already activated it.

  3. In the Offline Files window, click on Enable offline files.
  4. Restart computer for the changes to take effect.

Make files or folders available offline

  1. The default settings make the folder redirected folders always available offline. This includes Desktop, My documents, AppData etc. For normal use when all data is saved in these locations.

  2. It is possible to get other folders in the home directory available offline. In Explorer, right click on a folder or file and then choose Always available offline.
  3. The shared folders with other users should not be used with offline files. It is technically possible but may lead to conflicts.

View offline files

  1. In the window Offline files (see above) choose the button View your offline files.

  2. Here is a representation of all files available offline. Enter the different directories to see what has been picked up.

Keeping an eye on what's going on

  1. Open the task bar notification window for offline files. It looks like a green recycle circle.

  2. Right click to for example View conflicts

  3. Since the notification did not show a warning there are no conflicts:

Conflicts and how to handle them!

  1. However, we can provoke a conflikt.
    1. Go offline by pressing Work offline in the file explorer.

    2. Change a file on your computer.
    3. Change the same file on another computer.
    4. Then Work online again on your computer.

    5. The status notification should now show a conflict:

    6. Thge View Conflicts dialog now show the file where there is a conflict:

    7. By right-clicking on the file and show View options to resolve... Windows try to help with what to do:

    8. Keeping both versions make both show in the file explorer:





    53. How do I process orders using shopping carts in produktwebben?

    See also: How do I order computer accessories and peripherals?

    If you know what you want but do not want to place the order yourself.

    1. Go to Produktwebben
    2. Create a Shopping Cart

    3. Put products in the cart
    4. Send the cart to BMC-IT at helpdesk@bmc.uu.se or directly to your contact at BMC-IT

    5. Write down the invoice reference (fakturareferens), for example 123ABC. Here you can also write a message. This may for example be about (but is not restricted to) register licenses or installing software.





    54. How do I order computer accessories and peripherals?

    See also: How do I buy a new computer?
    See also: My computer was stolen! What should I do?
    See also: How do I process orders using shopping carts in produktwebben?
    1. First check with your department Local IT (this may be helpdesk@bmc.uu.se) (and of course your supervisor if applicable) to make sure you are following the procedures at your department and research group.
    2. If you are the unsure of what to buy, ask your Local IT.
    3. If you know what you are doing, proceed. Otherwise ask for help.
    4. You have to know the reference to use when ordering. If you do not know this talk to your supervisor.
    5. Go to Uppsala universitets Produktwebb.
    6. Find what you want. To follow the rules of government procurement you have to buy the cheapest one that fulfill your requirements.

      Everything in Produktwebben is a not good choise just because it is there. For example with computers, your IT-support usually has a list of models that have been tested and is preferred. Read more about this in the FAQ about How do I buy a new computer.

    7. Place the order or get help with ordering.





    55. How do I merge PDF documents with PDF-Xchange in Windows?

    See also: What software applications do the university have that I can install?
    See also: How much do Adobe Photoshop and Illustrator cost?
    See also: How do I merge documents with Preview in Mac OS X?
    1. Install PDF-Xchange PRO via the ZENworks Application Window:

    2. Wait for it to install.

    3. Opening the Zenworks Progress window by right clicking on the ZENworks icon in the mini-taskbar show the installation progress. This is optional.

    4. PDF-XChange will launch directly when installation is done. It will ask you if you want to use it as a default PDF application. You can do that, but it is optional.

    5. Start from the menu File (Fil) - New document (Nytt dokument) - Combine Files into a single PDF...

    6. Pick Add Files (Lägg till filer...). You can choose several at the same time.

    7. Press OK. You now have the new document in PDF-Xchange.
    8. Click the Save icon or Save as... (Spara som...) in the menu.

    9. Pick a name and click Save (Spara). The documents should now be merged in the new file.
    10. Done!




    56. What is the BMC-IT computer platform and how does it work?

    See also: What service levels does BMC-IT have compared to others at the university?
    See also: Who manages IT-support for whom at BMC?
    See also: What do the different symbols in BlueCat mean?

    The platform is the stack of software and infrastructure that BMC-IT use.

    Goals for the BMC-IT work with the platform:

    1. Provide a well working platform environment for the end users.
    2. Listen to what the users need. Implement changes in the platform when possible.
    3. Work together with the university and use central systems whenever possible.
    4. Provide options for the users with different needs regarding management, storage and operating system.

    Shared parts of the platform and comparison with some of the other platforms at UU

    University shared systems used by BMC-IT
    Uses the same technology as BMC-IT
    University shared systems not used by BMC-IT
    BMC-IT EPI/UADM UUIT Rudbeck-IT POL-IT EBC UUB EKIT
    server room BMC BMC
    BMC
    UUIT
    ? ITC + Ångström EBC
    CAR
    BMC
    virtual machine platform
    UUIT VMWare VCenter ESXi
    KVM
    Microsoft Datacenter Hyper-V UUIT VMWare VCenter ESXi ?
    Cloudsystem OpenStack
    POL-IT VMWare VCenter ESXi
    EBC VMWare VCenter ESXi
    UBIT VMWare VCenter ESXi
    KVM
    network infrastructure Cisco Cisco Cisco ?
    Fortinet
    HP
    Cisco
    Cisco Cisco
    IPAM solution BlueCat BlueCat BlueCat ?
    BlueCat
    ISC DHCP
    BlueCat BlueCat
    tape backup solution TSM TSM TSM ? Arcserve TSM TSM
    main storage UUIT Hitachi NAS (HNAS) Microsoft Windows Storage Spaces UUIT Hitachi NAS (HNAS) ? HP 3Par NetApp UBIT SAN
    sync storage Windows offline files Windows work folders - ? Microfocus Filr Windows offline files -
    software distribution
    Microfocus Zenworks
    Munki (in development)
    SCCM
    Munki (in development)
    - ? Microfocus Zenworks Microfocus Zenworks
    Microfocus Zenworks
    Mobile Management
    anti-virus software BMCI SEP ? - ? POL-IT SEP F-Secure F-Secure
    printing system
    Korint
    direct print
    ? ? ?
    Korint
    direct print
    Korint
    Korint
    direct print
    Gespage
    number of computers in USER-AD active since 2016 updated 2017-02-09 1044
    bmc- inv- fbv- mcb- imb- ikv- ifv- mdt- neuro- icm- !inv-opht-
    2610
    epi- ep- uadm-
    - 840
    igp- rud- rudb- inv-d0 inv-l1 inv-opht-
    839
    itc- mat- pol- fys- ang- kem-
    407
    ebc-
    638
    uub-
    588
    eh- fek- im- obs- kg- stat-

    These are the major components of the platform

    UpUnet and internal campus network
    • backbone and router financed via IT-division
    • campus switches financed via BMC
    • maintained by IT-division
    • cross connect patched by BMC-IT

    The network and maintenance is payed for by the rent. There are no extra cost involved. However new networks sockets have to be payed for by the tenant.ppp

    BlueCat
    • pushed for and initiated by BMC-IT via IPAM-talk on IT-forum
    • maintained by and financed via IT-division

    BlueCat is a tool for IPAM, an interface to manage DHCP and DNS. BMC-IT are using whitelists in BlueCat to control what clients will get an IP on which networks. BMC-IT also using central TFTP (PXE) server maintained by IT-division

    BMC server room
    • owned via IT-division and BMC
    • maintained by Akademiska Hus
    • operated by IT-division with assistance by BMC-IT
    • financed by the users from the whole university

    The server room is for use by the whole university. Servers BMC-IT maintain for the departments we give support too are paid for by the users of BMC-IT.

    Microsoft deployment toolkit (MDT)
    • included in present licenses
    • maintained by BMC-IT

    MDT is used for installation of Windows and an engine for software distribution (Zenworks) on client computers.

    Munki (In development)
    • open source software
    • maintained by BMC-IT

    Munki is used for software distribution on Mac. Munki does one thing, program and configuration distribution, and does that very well.

    Microsoft Active Directory
    • maintained by IT-division

    The client computers are joined to the Active Directory providing authentication and directory services.

    OCS Inventory (In development)
    • maintained by BMC-IT

    Light weight inventory of software and hardware. Currently run in Mediateket (student computer laboratories) at BMC.

    Zenworks
    • maintained by Uppsala university

    Zenworks is used for software distribution on Windows. Packages that BMC-IT uses are mostly built by BMC-IT but some are shared over the university.

    HNAS file server
    • owned and maintained by IT-division
    • financed by the users

    Better storage. Cost 7000 SEK/TB/year (7 SEK/GB/year) in steps of 500 GB. Offline files may be used for access of Documents and Desktop, but not shared group folders.

    Archive storage (Common Service PC File Server)
    • owned maintained by BMC-IT
    • financed by the users

    In the price range of cloud storage. Simple storage with compression, snaoshots and backup to secondary server. Cost 1200 SEK/TB/year (1.20 SEK/GB/year) in steps of 16 TB.

    OwnCloud sync storage (In development)
    • open source software
    • maintained by BMC-IT

    Syncronized storage, similar to Dropbox in functionality. Currently used by a single department.

    TSM tape backup
    • owned and maintained by IT-division
    • financed by the users




    57. How do I start Primula? (or install a new version)

    1. Open Zenworks Application Window

    2. Find the Pimula Icon in the ZENworks Window

    3. Doubleclick to start. If this is a new version you have to wait a bit for it do download and install first.

    4. Next time, Primula can be started from the Start Menu in Windows. Primula has an automatic upgrade function, but it does not always seem to work. To install a new version, follow this instruction again.





    58. How do I log in to Raindance-portalen?

    1. Go to Medarbetarportalen - mp.uu.se.
    2. You have to log in. Press Logga in / Log in .
    3. Log in as usual with your username and password A
    4. Go to Min sida / My page.
    5. To get Raindance-portalen in the little list you have to press the cog wheel (settings) to the right.
    6. Scroll down a bit in the list to check the mark in front of Raindance-portalen
    7. Now you can go directy to the Raindance-portalen.
    8. Ok, ready to log in using your username and password A.




    59. How do I configure my resolver on a Linux machine?

    See also: My Internet does not work! How can I find the problem?
    See also: How do I install Ubuntu?
    See also: How do I get deduplication to work in Linux?

    The university has a couple of resolvers which are referred to by resolver.uu.se.

    $ host resolver.uu.se resolver.uu.se has address 130.238.7.10 resolver.uu.se has address 130.238.164.6 resolver.uu.se has address 130.238.4.133 resolver.uu.se has IPv6 address 2001:6b0:b:215:130:238:4:133 resolver.uu.se has IPv6 address 2001:6b0:b:732:130:238:164:6 resolver.uu.se has IPv6 address 2001:6b0:b:242:130:238:7:10 $ _

    Historically the host name lookups in Linux were done by the resolver. No resolver was running and no cache existing locally in the machine. The resolvers were put in /etc/resolv.conf, either statically (manually) or via DHCP.

    The problem with this approach is that if the first in the list of external resolvers cannot be reached the timeout is defaulting to 5 seconds with 2 attempts. This means that if the first server is down there will be a timeout up to 2*5=10 seconds. When a resolver is failing most things using the network will get slow and not work very well. This can be decreased but not eliminated by adding a shorter timeout to /etc/resolv.conf:

    options timeout:1 attempts:1 rotate

    Using dnsmasq as a forwarding resolver

    Another, better, solution is to run dnsmasq in Linux. Dnsmasq will get you:

    1. Faster failover.
    2. Local cache.
    3. A well behaved client using central resolvers. (No problems with split-DNS, firewalls or router filters)

    This is how it looks like in CentOS 7 when not using NetworkManager (most common on servers) and using DHCP. It will replace the first nameserver with the local dnsmasq. This works for a server always located on the UpUnet network.

    Here we also add the Google public resolvers. But please note, if you add the those you cannot reach local split-DNS, like the Windows-domains or other local networks (RFC1918). Also check that you have access (not blocked by router filter or firewall) to the Google public resolvers before you add them.

    $ yum install dnsmasq $ echo 'resolv-file=/etc/resolv.dnsmasq' > /etc/dnsmasq.d/resolv.file $ echo 'DNS=127.0.0.1' >>/etc/sysconfig/network $ host resolver.uu.se | grep -v IPv6 | awk '{print "nameserver " $4}' >/etc/resolv.dnsmasq $ echo 'nameserver 8.8.8.8' >>/etc/resolv.dnsmasq $ echo 'nameserver 8.8.4.4' >>/etc/resolv.dnsmasq $ _

    if you are running a totally static setup without NetworkManager you need to manually add the 127.0.0.1 resolver first in resolv.conf instead of adding it to the /etc/sysconfig/network configuration file.

    $ sed -i '1i nameserver 127.0.0.1' /etc/resolv.conf $ _

    Most clients use NetworkManager. For a client moving around between networks you need to get the recommended resolvers from DHCP but also insert the dnsmasq 127.0.0.1 resolver first. NetworkManager has built in support for dnsmasq. Simply adding dns=dnsmasq to the [main] section and then restart NetworkManager should solve it.

    [main] dns=dnsmasq

    Also check that dnsmasq do not have the option bogus-priv activated in /etc/dnsmasq.conf otherwise queries about the local networks (RFC1918) will be blocked with answer NXDOMAIN in dnsmasq. These are used in the university network so they should not be blocked between client and resolver. The default in CentOS 7 is to not have bogus-priv activated which is fine. Otherwise, uncomment with:

    $ sed -i 's/\(^bogus-priv\)/#\1/1' /etc/dnsmasq.conf $ _


    Using Bind as a local resolver

    If you want to maximize reliability then nothing beats a local resolver. Just run BIND and set it up to only listen to the local machine (or local HPC cluster). On the university network, this usually requires openings in the router filters and perhaps firewalls in order to send UDP traffic in and out. Only do this if you do not want to pester the university resolvers with all your requests, like when you are running an HPC cluster connected to the USER-AD, doing statistics for a lot of webserver logs or something else similar.




    60. How do I copy many files in Windows using Robocopy?

    Robocopy is a built in command line tool in Windows to copy files. when it cannot read a file because of any reason, like the file is locked or unavailable, it can retry.

    Mirror a directory into another

    This deletes destination files that are not in the original.
    robocopy g:\myfiles h:\myarchive /MIR /R:2 /W:1
    

    Copy a directory into another

    This just copy the files.
    robocopy g:\myfiles h:\myarchive /E /R:2 /W:1
    




    61. My Save as dialog doesn't show the desktop!

    In Windows, sometimes some of the favourite save as locations may have been removed. This is how to restore them:

    1. Right click on Favorites

    2. Choose Restore favourite links

    3. Now the Desktop should be back.




    62. There is a problem with my screen

    Regarding Apple products:

    1. About LCD display pixel anomalies for Apple products released in 2010 and later
    2. About LCD display pixel anomalies for Apple products released before 2010

    Different type of problems:

    Here are examples of screen problems picked from HP support. Visit their excellent guide for further information. Here are some highlights.

    The screen is unsharp or stretched.

    It may be so that the computer resolution do not match the screen resolution.

    • Restart computer
    • For Windows, change screen resolution to the one recommended for the screen by right clicking on background and pick the correct one.

    • For Mac OS X, open system preferences and the screen tab and change resolution to the one recommended for the screen.

    Some pixels are dead.

    The vendors usually have certain amount of allowed dead pixels on a screen. In practice one often have to live with it if the number is low.

    There are vertical or horizontal lines permanently on the screen.

    This is a hardware problem that cannot be fixed without replacing the screen.

    The screen is bleeding along the edges or corners

    1. This is a hardware problem that cannot be fixed without replacing the screen or parts of the screen. If it is really bothering then get a new screen.
    2. For old thick CRT-screens disconnecting the screen over the night could help. However, for modern LCD/LED-screens we have still not heard that that should help.

    On Mac, colours in the background is bleeding through front window

    The Yosemite GUI introduces transparency for window. For example here in Safari top of window (red) and right side (brown):

    Fix by activating Reduce transparency in Accessibility preferences.





    63. How do I send mail from a shell script in Linux and Mac OS X?

    See also: How do I lookup LDAP or Active Directory via command line on Mac and Linux?

    Here is an example of sending mail on Linux and MacOS, one using sendmail and one using mailx.

    The sendmail binary may be both in /usr/sbin/sendmail and the traditional /usr/lib/sendmail but using the /usr/bin/env as a wrapper should work with both location.

    Please note that both the envelope header and the from-header must be set. This is done with sendmail both inside the mail and as a command line argument. There are other ways of doing this. But this is one of them.

    FROM=helpdesk@bmc.uu.se TO=jerker.nyberg@bmc.uu.se SUBJECT="This is in subject" /usr/bin/env sendmail -f $FROM $TO <<EOF To: $TO From: $FROM Subject: $SUBJECT Hello darkness my old friend! EOF

    FROM=helpdesk@bmc.uu.se TO=jerker.nyberg@bmc.uu.se SUBJECT="This is in subject" /usr/bin/mailx -s "$SUBJECT" -r $FROM $TO <<EOF Hello darkness my old friend! EOF





    64. Who is responsible for the network in the BMC server room?

    See also: We have a server, where should we put it?
    See also: Open the server room for me please
    See also: Which Vlans are at the BMC-router?
    See also: How do I secure IPMI?

    Physical Network

    Netsupport is responsible for the server room routers, the inter-rack connections and usually the top-of-rack switches.

    For the IP-layer there are several different options on how to setup the network.

    Currently the top-of-rack switches are usually connected with dual 1 Gbit/s connections to the server room routers (BMC-hall-routers). If there is a need for higher network connectivity please discuss with Netsupport.

    Securing the management networks

    Management ports for IPMI, LoM, RAID-controllers, dedicated NAS, etc are quite hard to get secure. In particular IPMI may use side-band management LAN connection. And some management controllers run their own operating system, complete with their own security problems and default passwords... This all means that the management ports has to be protected not only from the outside but maybe also from other management ports if they are located on the same network in order for an attacker not to jump between compromised systems over the management network.

    Keeping every management controller on its own Vlan of course solves this, but it use too many Vlans and is too hard to manage.

    On the BMC-IT management network in the server room (called BMC-hall-IPMI) we are using pricate VLAN (protected ports) feature in the switches to protect the management controllers from talking to each other. This is a RFC1918 network and incoming traffic there is restricted to the workstations meant for this management.

    Good Option one - your own network

    Tis option is good if you have a lot of servers in the server room, perhaps your own rack with equipment.

    The users of the server room may, if needed, order their own Vlan and subnet. This Vlan will only be available in the BMC server room. Contact and discuss this with Netsupport.

    BMC-IT will for their own servers (that BMC-IT do system administration for) have two Vlans, one network for the servers and one for the management.

    Good Option two - the shared networks

    This option is good if you need to put a single server or perhaps a small number of servers in the server room.

    There are two shared network, currently (2016-09-15) Vlan956 Public_servers_ACLed or Vlan962 Public_servers_open, which is meant for shared usage in the BMC server room, for activity that do not require their own Vlan.

    The BMC-hall function at the IT-division (UUIT) and BMC is responsible for allocating IP-ranges in this network.

    The normal procedure at the university is that the ones managing a network also is responsible for managing router filter (via Netsupport), perimeter firewall (via Security and safety division), DNS and DHCP (via IPAM or UUIT/Domainmaster).

    But in this network the IP-ranges have been allocated to different users in different parts of the university organisation. Each individual system administrator using the different IP-ranges is responsible for their own activity in the IP-ranges they have been allocated. This responsibility includes managing changes in the router filter and the perimeter firewall. And manage DNS and DHCP via UUIT/Domainmaster.

    Bad Option three - the BMC network

    It is possible, but Not Recommended to attach equipment to the Vlans in BMC in the server room. The switch in one of the BMC-IT racks is connected with a single 10 Gbit/s to the campus router in BMC (BMC-campus-router). Discuss this with BMC-IT. Responsible for that Vlan is the Local IT for that Vlan (which may or may not be BMC-IT).

    The only reasons we have seen for this is for example when handling old equipment with IP-related access control or using Bonjour-based services on Mac which work best over a single Vlan/Subnet.

    It is very important to not connect equipment to both the BMC-router and the BMC-hall-routers at the same time since this may lead to STP-renegotiation which will mess up the network. Don't do this.

    Bad Option four - dedicated network for a specific Vlan

    It is possible, but Not Recommended to use dedicated network to connect to a Vlan somewhere else in the university (or SLU) too. This is only meant for shorter periods during for example migration from one server room to an other. Discuss this with UUIT/Netsupport. This configuration is only meant for a limited amount of time during a migration.

    This is bad in several ways:

    • Less availability. The network will depend on not only the server room functioning (power, cooling) but also the network in the other end (power, router, switches) where the dedicated connection terminate.
    • Complicated network. The stranger the network is setup the harder it is to maintain in the long run.
    • Limited amount of fiber. The university has a limited amount of dedicated fiber. New fiber between campuses is quite expensive.
    • Risk of network loops There is a risk of STP-renegotiation when connecting network from different routers together. This may leader to longer or shorter total network outages.

    It is very important to not connect equipment to both other routers and the BMC-hall-routers at the same time since this may lead to STP-renegotiation which will mess up the network. Don't do this.






    65. Open the server room for me please

    See also: We have a server, where should we put it?
    See also: Who is responsible for the network in the BMC server room?

    BMC-IT can help you access the server room during daytime if your normal access methods by some reason are not possible.

    We need the following information:

    • We need to know who you are. If we do not know you we need to confirm via photo-ID (drivers license or passport) or by someone we know
    • Authorization (written or via phone) from someone responsible at your department or the IT-division

    Either send a mail to helpdesk@bmc.uu.se or visit us in person at BMC C6:3.



    66. We have a server, where should we put it?

    See also: Who is resposible for what on the BMC network? Who can help me?
    See also: How do I buy a new computer?
    See also: Do you have a VMware virtual server I can use?
    See also: Who manages IT-support for whom at BMC?
    See also: Open the server room for me please
    See also: Who is responsible for the network in the BMC server room?

    BMC has a server room in D11:0. The room was built and is maintained together by UADM IT-division and Uppsala Biomedical Centre.

    The server room is equipped with:

    • Diesel backup power generator (maintained by Akademiska Hus and tested each month)
    • Dual battery banks
    • Dual UPS
    • Dual power to each rack
    • Dual routers (called the BMC-hall-routers) with dual connections to the university backbone routers.
    • Single switch in each rack with single power and dual EtherChannel uplink (For dual network to a single server, connect to two switches)
    • In-rack cooling
    • Gigabit ethernet to each server. Dual redundant network and higher speeds can be arranged.

    The BMC-hall-router Vlans on the normal BMC-hall-switches cannot be shared with the Vlans on the router (called the BMC-router) for the rest of the building. Contact netsupport@its.uu.se for help with network configuration for the server room.

    The server room was built in 2013.

    Current rate is 60000 SEK/rack/year or 2000 SEK/U/year plus a one time fee of 5000 SEK. (This should be about the cost of production. Prices from 2015-06-05.)

    For renting space in the server room, contact bmc-hall@uu.se.

    Also consider renting virtual servers or using some of the shared services at the university before buying your own physical servers. Contact uppdrag@its.uu.se for renting virtual servers in the the shared VMware environment or storage. Contact UPPMAX for using the shared HPC resources for computation and storage. Contact BMC-IT for shared storage using PC file server. Check on them from time to time to see what they are up to before building something on your own to reduce the duplicated effort.



    67. What service levels does BMC-IT have compared to others at the university?

    See also: Who manages IT-support for whom at BMC?
    See also: How do the different types of storage compare to each other?
    See also: What Internet bandwidth does the university have?
    See also: What is the cost of a PC file server?
    See also: What is the BMC-IT computer platform and how does it work?

    The different organisations at the university have different level of service in order to fullfull their missions on a cost-efficient way.

    UUIT (IT-division) provides highly available services for the whole university.

    BMC-IT is focused on providing great services for the people at the campus and is trying to keep it simple and durable.

    UPPMAX is providing the best high-performance computing environment available, but is neither focused on high-availability nor user-focused service (not the individual users, but as a collective of course).

    ServiceUUITBMC-ITUPPMAX
    Server room cooling Redundant with backup Non-redundant
    Server room fire extinguisher Yes
    Server room power Dual redundant UPS. Backup diesel power generator. Dual power to each rack. Non-redundant, UPS on critical systems
    Server room network Redundant routers, in general non-redundant switches Non-redundant (redundant core network)
    Server room stand-by personel in-house Yes No
    Server room stand-by personel external techician (power, cooling) Yes
    Stand-by decision making personel, possible to order in technical personel Yes No No
    Stand-by technical personel No No No
    Vacation spread out so that somebody always on duty Yes No - some weeks during holiday all may be on vacation Yes
    All systems maintained by a group (not individuals) Yes Usually, but with a primary responsible person and contact Yes (Primary and secondary contact)
    Somebody among the contacts or responsble for a service always on duty. (Not vacation on the same time) Yes No No
    Redundant storage systems which handle partial failure gracefully Yes No - BMC-IT uses the UUIT file server service Yes
    Simple and small storage system with faster full restore No Yes No
    Maintenance window adapted to individual user groups No Yes No




    68. May I have SIMCA and MODDE for Windows please?

    See also: What software applications do the university have that I can install?

    SIMCA is software for multivariate data analysis.

    Modde is software for design of experiments and optimization

    The university has a site license payed for by some departments that are using SIMCA and MODDE. In practice that means that SIMCA and MODDE are free for end users but the departments that are using it has to pay when the site license is renewed.

    There are Zenworks bundles for SIMCA and MODDE, so check if it is available in the ZENworks application window for you. (Otherwise, ask for it and it can be added).

    Contact helpdesk@bmc.uu.se for help with licenses or manual installation.



    69. How are the network sockets identified?

    See also: Which Vlans are at the BMC-router?
    See also: What Internet bandwidth does the university have?
    See also: My Internet does not work! How can I find the problem?
    See also: Who is resposible for what on the BMC network? Who can help me?

    This is a double socket. The identifiers are written together on a sticker on the socket. This is how to decipher them:

    Network socket identifier Cross connect cabinet identifier
    Left socket B1.216:05 C1-D202-01-03
    Right socket B1.216:06 C1-D202-01-04

    These numbers mean that the socket is located at the B1:216 beam in the B1:2 corridor. The cross connect cabinet serving this network socket is located in C1:2 and in this case the rack called C1-D202 in the panel number 1 and socket number 3 and 4.

    Some of the sockets have room numbers instead of beam numbers where the beams are not applicable.



    70. What software applications do the university have that I can install?

    See also: I would like MATLAB on my computer please!
    See also: I would like SPSS on my computer.
    See also: Graphpad Prism, what does it cost?
    See also: How much do Adobe Photoshop and Illustrator cost?
    See also: I would like to install Adobe CC Complete (Photoshop, Illustrator...)
    See also: May I have SIMCA and MODDE for Windows please?
    See also: What is ZENworks? How to I install applications via ZENworks application window?
    See also: What is the cost for EndNote? What is Zotero? And Pages?
    See also: How do I merge PDF documents with PDF-Xchange in Windows?

    Follow the links above for what is documented in this FAQ.

    Also go to the Uppsala University IT-division service Progdist to search for what the IT-division distribute licenses for). Some of these the university has site-licenses for likeMicrosoft Office, Outlook, Windows which means they are available for no extra cost. Ask helpdesk@bmc.uu.se if you have any questions.



    71. Help me I get so much spam! What can I do?

    See also: Spam filter settings in the SUNET Mailfilter
    See also: Troubleshooting mail - what can I do and whom do I ask?
    See also: What is ransomware and CryptoLocker?

    Spam is also known as junk email or unsolicited bulk email. Whatever name, it is spreading mayhem in the inbox.

    The university is using the SUNET Mailfilter for all incoming and outgoing mail.

    The antispam settings at the university were meant to be set at a reasonable level. If the rules are too tight we might miss proper mail. But it seems like the spam threshold has to be adjusted for the filter to catch the latest spam.

    1. Open the SUNET Mailfilter and login at Uppsala University with your account.
    2. Go to tab Preferences.
    3. Go to tab Quarantine Settings.
    4. Change Spam threshold to about 5.

    No mail that has been delivered to your account will be blocked. All that happens is that the mail is marked as spam and then automatically put in the Junk mail folder. Remember to check your junk mail folder once in a while.

    Read more about mail filtering at Uppsala university at Medarbetarportalen.

    You can also report spam to the IT security group at the university by forwarding it to no-spam@uu.se. If there is a directed attack at the university they appreciate different variants of the spam so firewall and anti-spam filters can be configured to catch it. Read more about IT security at Uppsala university.





72. Spam filter settings in the SUNET Mailfilter

See also: Help me I get so much spam! What can I do?
See also: Troubleshooting mail - what can I do and whom do I ask?

The default settings provide a reasonable protection, better than the old SpamAssassin based mailfilter the university used before. Usually the settings do not need to be changed. But if you really want to, this is how.

  1. Login to SUNET Mailfilter at https://mailfilter.sunet.se/canit/. Click on Login using SWAMID.

  2. Find Uppsala University by begin typing u p p s a l a.

  3. Login with your username and password A as normal for the Joint Web Login at UU.

  4. You can easily let SUNET Mailfilter always accept mail from a certain sender (e-mail-address or domain): (The accept list may also be called a white list.)

  5. Or you can reject (brutally) from a certain sender: (The reject list may also be called a black list.)

  6. To view what mail has been marked as spam, go to the Quarantine. Please note, this is not a real quarantine which holds the mail, but rather an incident log. All mail are sent to you anyway and are put in the Borttaget or Deleted Items folder in Outlook.

    To view the incident click on the date for the message. There it is possible to tell the filter to learn that a tagged spam should not be.

  7. To change the general spam threshold for you, go to Preferences / Quarantine Settings.

  8. If you need to you may lower the Spam threshold from the UU default 6.5 to something that still is reasonable like for example 5 and save by clicking on Submit Changes.

  9. By checking the mail header X-Spam-Score: on a spam that passed the filter you can get an indication on whether or not a changed threshold level would have caught the unwanted mail.

    • View headers in Thunderbird:

      1. View source by pressing CTRL-U.

      2. View headers in Outlook:

        1. Double-click the message to open it in a separate window.
        2. Find the meny Options (Outlook 2007) or Tags/Taggar (Outlook 2010/2013). Click the small arrow-symbol in the lower right corner.

        3. The Message Options window is displayed.
        4. The Internet headers are shown in a scroll area in the bottom of the window.

      3. View headers in OWA (Outlook on the Web aka the Exchange webwail):
        1. Double click on the spam to open it in a separate window.

        2. Click on the little icon for Message Details (Detaljinformation)

        3. Now you can view the headers in the small scroll area.

  10. You may also open the source of a mail and find the header X-Antispam-Training-Spam. By opening this link you can train the SUNET Mailfilter bayesian filter what spam look like.

  11. If you cut and paste the link into your web browser (and login if you are not already logged in) the response should look like this:

Read more about all the other settings in the on-line help or the user's guide (Användarhandledning för slutanvändare) available as a PDF.



73. My harddrive broke! Do you have any spare parts?

See also: How do I buy a new computer?

Yes, we usually have a couple of 120 GB or 250 GB Samsung EVO 8X0 SSD.

You can take one if you order a new one (or your Local IT order for you) and replace it.

Here are examples from produktwebben with current (2015-02-17) prices:

Contact helpdesk@bmc.uu.se as usual to replace your harddrive.

Remember, if you do this on your own and open your computer yourself you got to know what you are doing.



74. I would like SPSS on my computer.

See also: What software applications do the university have that I can install?

Search Progdist at UU Reload

  • For Mac OS X the installation is still manual. Send a mail to helpdesk@bmc.uu.se
  • If you have ZENworks and a SPSS icon in the ZENworks Application Window with SPSS in, install it from there. An automatic notification will be sent to BMC-IT who will take care of registration of license.
  • If you have ZENworks and no SPSS icon in the ZENworks Application Window, send a mail to helpdesk@bmc.uu.se to put it there after registration of a license.
  • If you do not have ZENworks on your computer, send a mail to helpdesk@bmc.uu.se to do a manual installation.

This is how to install SPSS in Windows via ZENworks and trigger license registration

  1. Open ZENworks application window and click on the SPSS 22 icon.

  2. Accept the costs involved with license registration.

  3. Wait a while for the installation to complete.

  4. You can now start SPSS from the Start menu.




75. My computer was stolen! What should I do?

See also: How do I buy a new computer?
See also: How do I order computer accessories and peripherals?
  1. Report to police. Call 11414. If it is not urgent you can do this online at https://polisen.se/Utsatt-for-brott/Gor-en-anmalan/
  2. Report to head of department.
  3. Report to Local IT. BMC-IT can be reached at helpdesk@bmc.uu.se.
  4. Change all your passwords at the university. Go to Akka self-service.
  5. Change the passwords of all the web services you use. Many people save their passwords in the web browser.
  6. Have you used any of these on your computer - change password: Apple (iTunes), Google (Gmail), PayPal, eBay, Spotify, BankID
  7. If you are using SSH with public key authentication without password (you should not), you have to remove your old public keys from the servers where you use this authentication. (If you do not know what SSH is then skip this step.) Create new public and private keys for your new computer.
  8. If you are using a Mac, you can try to find the location of your stolen computer at iCloud. You must have activated this in the system preferences in your Mac. Login at https://www.icloud.com/#find with your Apple ID to try to find it. This only works if the computer has been online after it was stolen.
  9. Order new computer. Contact Local IT to borrow a computer while waiting. (Usually there are some old computers around. For example BMC-IT has plenty of old stationary PCs with Core 2 Duo, 3 GB RAM, mechanical HDD and 19" screens.)
  10. Remove computer from inventory at department by marking it as stolen. This requires a copy of the report to the police.
  11. Restore data from backups and/or file server.




76. How do the different types of storage compare to each other?

See also: We need more storage! Do you have a file server we can use?
See also: What is the cost of a PC file server?
See also: What service levels does BMC-IT have compared to others at the university?

This is an illustration how how the different types of storage that is available compare to each other regarding Availability, Reliability, Performance and Price.

Reliability
High reliability means a low risk of data loss over a long period of time.
Availability
High availability means the system is (almost) always online and in order to do this it has to handle equipment failures of different kinds and still be running.
Performance
Performance may both mean high IOPS (many small requests) and bandwidth (lots of data), but here it is simplified.
Price
This is the cost in SEK per terabyte of stored data per year. (Updated in December 2015.)

One of many things that are beyond this comparison is the cost of entry. A single big PC-server with a lot of disk is around 250 kSEK and can store 576 TB raw data (around half of that is usable when using 3+2 RAID6 plus hot spares) and may last with support for around 5 years. A small share on the HNAS file server, which may be useful for a whole department storing small but important files, may be as low as 1 TB and cost 7000 SEK/year. A Ceph system is only recommended if one is scaling it up to a lot of file servers (and a lot of time for system administration) providing huge amount of bandwidth.

In practice this means that a PC file server, with proper backup or remote snapshotting to another PC file server, may be useful for storing a lot of data cheaply, but not for example used as 24/7 available file storage.

The university HNAS file server service is a very good for general storage of data in a safe way.

Availability-Performance comparison The performance in the HNAS system and a PC with SSDs is great, but HNAS is a lot more available since it has fault-tolerant hardware to higher extent.

Reliability-Price comparison There is a very small risk of data loss in a well set up PC file server with backups. The same applies to the HNAS system, although it is more expensive and as seen above, more available.



77. How do I mount my home directory or shared storage at HNAS?

See also: How do snapshots in the HNAS file server work?
See also: We need more storage! Do you have a file server we can use?
See also: How to map a network drive via SMB on Windows
See also: How to connect to a file server via SMB on Mac OS X
See also: How do I mount SMB share in Linux?
See also: How do I access my home directory?

For Windows clients in USER-AD your home directory and the department common (public) share will automatically be mounted when you login using the drive letters below.

This storage is in the university shared HNAS file server. Some departments also have other storage available - contact helpdesk@bmc.uu.se for details.

  1. Please select your department:
    DepartmentAcronym
    Department of Neuroscience
    Department of Pharmaceutical Biosciences
    Department of Public Health and Caring Sciences
    Department of Medical Cell Biology
    Department of Medical Biochemistry and Microbiology
    International Science Programme (ISP)
    Biomedical Centre Campus Management
    . . . 
  2. Please enter your username here:


    PurposePlatformDFS-pathDirect path Driver letter
    Home directory for personal files Windows \\user.uu.se\BMCI\TLA-Users\account \\TLA-Users.files.uu.se\TLA-Users$\account X:
    Mac smb://account@user.uu.se/BMCI/TLA-Users/account smb://user\account@TLA-Users.files.uu.se/TLA-Users$/account
    Common (public) share for department,
    research groups etc.
    Windows \\user.uu.se\BMCI\TLA-Common \\TLA-Common.files.uu.se\TLA-Common$ P:
    Mac smb://account@user.uu.se/BMCI/TLA-Common smb://user\account@TLA-Common.files.uu.se/TLA-Common$
  3. Sometimes you want to mount via the command line.
    • Windows, command line version on mapping a network share:
      net use x: \\TLA-Users.files.uu.se\TLA-Users$\account /user:user\account
    • Mac OS X, command line version on how to connect to a file server:
      mkdir ~/Desktop/account
      mount_smbfs //user;account@TLA-Users.files.uu.se/TLA-Users$/account ~/Desktop/account
    • On Linux, command line version on how to mount a CIFS file system:
      mkdir ~/Desktop/account
      sudo mount -o username=account,domain=user -t cifs //TLA-users.files.uu.se/TLA-users$/account ~/Desktop/account
  4. Also read in the SOP - Connect a Mac to HNAS (v1.0).pdf or follow the links to other FAQs above on how to use the Windows Explorer or Mac Finder GUI. Remember to use the VPN if you are connecting from outside the university network.




78. What is the cost of a PC file server?

See also: How do the different types of storage compare to each other?
See also: We need more storage! Do you have a file server we can use?
See also: What service levels does BMC-IT have compared to others at the university?

Please note! BMC-IT has a PC storage solution service. Read more in the SOP - Common service PC file server. Also note that for home directories we recommend using the IT-division HNAS file server.

These are examples of the costs of buying and maintaining a PC file server. The example below includes a server from Supermicro and one from HP. HP includes on-site support, Supermicro do not. Please note that TSM-backup is not included in these figures! (Prices updated in September 2016.)

  • Very cheap Good for lots of data when the price has to be low.
  • Acceptable speed Good bandwidth - can receive and send 1 Gbit/s (or 10 Gbit/s with appropriate network and multiple clients). Since the drives are rotating HDD, relative SSD the latency is high and IOPS are lower. But it works fine with large files.
  • Low availability BMC-IT in general only do support during office hours. If the PC server totally breaks down (it may happen!) it will take some time to get service or spare parts or restoring from backups. Compare this with the IT-division HNAS file server which has built in redundancy.
  • Linux and Active Directory These examples uses Linux (preferably CentOS 7) as an operating system and connects to the university Active Directory and works as a file server using Samba. More complex setups than this may need extra time to set up and maintain. For example running a Windows server instead of Linux requires extra costs for licenses.

This is a Supermicro file server with enterprise drives. Includes ship-in support from Southpole.

Normal HP file server with enterprise drives, three year next business day on-site support from HP.

This is a Supermicro file server with archive drices.

Cost of a rack unit per year: 1250 (full rack) or 2000 (single machine) SEK
Number of rack units in the server room:
(If no new space is needed, set a 0 here)
U
Cost for the server with no drives: SEK
The number of drives: drives
Size of the drives: TB
Number of years to run the server
(warranty)
years
Cost of each drive: SEK
The number of working hours spent each year:
(system administration and support)
h/year
The cost of a working hour: SEK/h
The part of the raw storage that is usable:
(RAID6 (two parity drives) on five drives equals 0.6.)
usable storage factor

Purchase cost SEK.

Raw storage TB.

Usable storage TB.

Yearly cost SEK/year over years (includes everything)

Cost for raw disk SEK/TB/year.

Cost for usable storage SEK/TB/year.

Two identical file servers (one for backup using snapshots / shadow copy) would cost SEK/TB/year

Two servers (as above) and a cold standy (no drives) would cost SEK/TB/year



79. We need more storage! Do you have a file server we can use?

See also: How do the different types of storage compare to each other?
See also: How do I mount my home directory or shared storage at HNAS?
See also: How to map a network drive via SMB on Windows
See also: What is the cost of a PC file server?

Common service HNAS file server

The university has a common file server service running Hitachi HNAS called file area (filarea)

The service is highly available and backup is included. Authentication via USER-AD. This is a better alternative in most ways than a small local PC/Mac file server with TSM backup.

  • Highly available and high performance
  • Good for home directories
  • Good for shared documents both small and large
  • Accessible via SMB (Compatible with Mac OS X, Linux/Ubuntu and Windows as a network drive)
  • 7000 SEK/TB/year (This is a reasonable cost for the service level)

Order by contacting IT-division. Different department and groups at BMC have different policies regarding how to share the costs, so we recommend you to contact helpdesk@bmc.uu.se to discuss how to best proceed rather than directly contacting IT-division.

Common service PC file server

BMC-IT has a file server storage service based on PC hardware.

The PC file server storage service is a cost-efficient storage solution for mostly high volume archive data. It is using built on commodity hardware (which means the hardware can be replaced) and open source software (no hidden costs or support agreements). But it also means that we are on our own.

The setup is fully documented in SOP - Install PC file server, SOP - Common service PC file server and SOP - Rsync backup to Btrfs snapshots.

  • Not highly available.
  • Good for archive storage.
  • Good for large documents like sequencing data, large images, and large movies.
  • Accessible via SMB (Compatible with Mac OS X, Linux/Ubuntu and Windows as a network drive)
  • Do not use for home directories.
  • Support and service is best effort during office hours. This means that if the primary server goes down during a weekand or vacation you may have to wait until the weekend or holiday is over until the problems are fixed.
  • 1200 SEK/TB/year

Order by contacting BMC-IT at helpdesk@bmc.uu.se.

Rudbeck-IT EMC Isilon file server

If your department as associated with MedFarm you may be eligible to use the Rudbeck IT file servers running EMC Isilon.

Please contact Rudbeck-IT at helpdesk@rudbeck.uu.se.






80. Who is an employee and who is a student at the university?

There are three different major types of active identity categories at the university - students, employees and other active (övrigt verksamma).

  • A student is always a private individual and cannot act as part of the university authority (myndighet).
  • An employee is always a part of the university authority.
  • An other active is a person where the head of department (or similar) take responsibility for that the other active acts in the same way as an employee.

Persons who are students but are also working on behalf of the department should not use their Student ID but an Employee ID instead. This way the private use is separated from the use as an university employee or other active.

Persons using an Employee ID can via the catalogue get membership to groups controlling access to shared electronic resources belonging to the research group (file server shares, high-performance computing clusters) and other electronic resources at the university.

So why should a person use the role as an other active rather than a student?

  1. The research group leader can give the person access to the shared electronic resources for the research group.
  2. The research group leader control start and stop date for the person getting acccess to the shared electronic resources.
  3. The responsibilites are clearly divided between technical access to the resource for the whole group (initially configured by a system administrator) and including the person in the shared resources for that research group (given by the research group leader).
  4. There is no additional administration by system administrators to manually provide access. This is done automatically via AKKA through the directory services (Active Directory (USER-AD) and LDAP) using groups from the catalogue.
  5. No person that has been given access is forgotten since the access is automatically removed.
  6. Depending on the computer systems that are used, a person using an employee ID and with access to shared electonic resources will automatically get backup of important files (usually on Windows computers this includes Desktop and Documents).
  7. If a student (working on behalf of the university using their Employee ID as an other active) later will get employed all data is already at the right place and with correct ownership. Otherwise the data would have to be moved from their old place to the new and change ownership from the old Student ID to the new Employee ID.

Please read more:

Active category In AKKA controlled by department Type of ID Physical access to department Shared electronic resources via Akka groups Visible in catalogue
Student No Student ID No No No
Employee Yes Employee ID Usually Yes Usually Yes Usually Yes
Other Active Yes Employee ID Yes or No Yes or No Usually No




81. How do I secure IPMI?

Most servers with IPMI can change the IPMI out-of-band communication to go via a dedicated network. This is usually done in BIOS.

Some Supermicro computers come pre-configured with failover IPMI. This is quite unsafe and will expose IPMI with default login and password via the normal network.

Dedicated:
ipmitool raw 0x30 0x70 0x0c 0x01 0x00
Shared with LAN1:
ipmitool raw 0x30 0x70 0x0c 0x01 0x01
Failover:
ipmitool raw 0x30 0x70 0x0c 0x01 0x02




82. Who manages IT-support for whom at BMC?

See also: We have a server, where should we put it?
See also: What service levels does BMC-IT have compared to others at the university?
See also: What is the BMC-IT computer platform and how does it work?

BMC-IT at helpdesk@bmc.uu.se takes care of or helps with IT-support the following departments and groups marked with bold below.

For the others, contact them or their IT-support directly.

BMC-IT may do shorter consulting assignments, planned in advance, and charge 800 SEK/h. This has been dediced by Leif Kirsebom, director at Uppsala Biomedical Centre (BMC) in 2015.

If you are interested in getting IT-support from BMC-IT please contact helpdesk@bmc.uu.se or Gunnar Herlitz, IT-manager at BMC directly.

Faculty of Pharmacy
FBV - Department of Pharmaceutical Biosciences (Institutionen för farmaceutisk biovetenskap)
Department of Pharmacy (Institutionen för farmaci)
Department of Medicinal Chemistry (Institutionen för läkemedelskemi)
Division of Pharmacognosy (Avdelningen för farmakognosi)
Faculty of Medicine
IMB - Department of Medical Biochemistry and Microbiology (Institutionen för medicinsk biokemi och mikrobiologi / IMBIM)
MCB - Department of Medical Cell Biology (Institutionen för medicinsk cellbiologi)
IMV - Department of Medical Sciences (Institutionen för medicinska vetenskaper)
INV - Department of Neuroscience (Institutionen för neurovetenskap)
IFV - Department of Public Health and Caring Sciences (Institutionen för folkhälso- och vårdvetenskap)
IGP - Department of Immunology, Genetics and Pathology (Institutionen för immunologi, genetik och patologi)
Faculty of Social Sciences
IKV - Department of Food, Nutrition and Dietetics
Faculty of Science and Technology
IBG - Biology Education Centre (Institutionen för biologisk grundutbildning)
ICM - Department of Cell and Molecular Biology (Institutionen för cell- och molekylärbiologi)
Department of Chemistry - BMC (Institutionen för kemi - BMC)
University library
University library BMC
University administration
Faculty Offices / Office for Medicine and Pharmacy / Student service, pharmacy, medicine and care
MDT - MedfarmDoIT
Intendenturorganisationen
BMC - BMC-intendenturen
BMC - Mediateket




83. How to transfer web hosting for a domain

  1. Add the correct virtual host to the webserver
  2. Check to whom the mail to change in DNS should be sent
  3. Send a mail to domainmaster and request the change

Step 1. Add the correct virtual host to the webserver

In order to get the new webserver to respond the new name. Usually one must must add the virtual host to the web server configuration.

Check that the new service is working at the new host. Change the the hosts-file on a client computer. On Ubuntu (Linux) and Mac OS X it is called /etc/hosts and Windows %SystemRoot%\system32\drivers\etc\hosts usually c:\windows\system32\drivers\etc\hosts.

If the webserver is called www.department.uu.se and will be moved to the new IP-address 130.238.39.248 then add the following line:

130.238.39.248 www.department.uu.se

Or if you wish to use both www.department.uu.se and department.uu.se you need to put them both in the hosts-file:

130.238.39.248 www.department.uu.se department.uu.se

Now restart the local webbrowser (Firefox, Internet Explorer etc) and open the website (http://www.department.uu.se/). Your webbrowser will now contact the new IP-address (picked from the hosts-file).

If the website has two names (www.department.uu.se and department.uu.se), you need to test them both.

If the the web browser shows an page like this you need to activate the web site on the new web server. If you run Apache you need to create the correct VirtualHost. Contact the responsible person for the webserver or the web site and let them fix the problem before you proceed.

When everything is OK proceed to the next step. Also, remember to remove your changes to your hosts-file.

Step 2. Check to whom the mail to change in DNS should be sent

Then check the SOA field of the domain. The SOA record contain information on what what the contact person is for the domain. When querying for SOA also authoritative nameserver may be shown.

Use the command Dig for this. Dig is included in Mac OS X and Linux and may be downloaded for free for Windows.

The output may look like this:

$ dig soa bmc.uu.se


; <<>> DiG 9.4.3-P3 <<>> soa bmc.uu.se
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35450
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 7

;; QUESTION SECTION:
;bmc.uu.se.                     IN      SOA

;; ANSWER SECTION:
bmc.uu.se.              14400   IN      SOA     ddns.uu.se. domainmaster.uu.se. 2015021900 3600 600 2592000 1800

;; AUTHORITY SECTION:
bmc.uu.se.              1078    IN      NS      dns2.uu.se.
bmc.uu.se.              1078    IN      NS      dns3.uu.se.
bmc.uu.se.              1078    IN      NS      dns1.uu.se.
bmc.uu.se.              1078    IN      NS      dns.uu.se.

;; ADDITIONAL SECTION:
dns.uu.se.              13974   IN      A       130.238.7.10
dns.uu.se.              13974   IN      AAAA    2001:6b0:b:242:130:238:7:10
dns1.uu.se.             13974   IN      A       130.238.4.133
dns1.uu.se.             13974   IN      AAAA    2001:6b0:b:215:130:238:4:133
dns2.uu.se.             13974   IN      A       130.238.164.6
dns2.uu.se.             13974   IN      AAAA    2001:6b0:b:732:130:238:164:6
dns3.uu.se.             13974   IN      A       193.11.12.166

;; Query time: 4 msec
;; SERVER: 130.238.39.248#53(130.238.39.248)
;; WHEN: Fri Feb 27 17:43:03 2015
;; MSG SIZE  rcvd: 304

$ _

There are two interesting things in this output.

  1. The contact person is domainmaster@uu.se. The first unescaped . (dot) in the field is substituted to an @.
  2. There are DNS-servers on uu.se.

Step 3. Send a mail to domainmaster and request the change

  • If you are a webmaster or system administrator for the department in question, go ahead.
  • If you are not a webmaster or system administrator for the department in question, get a confirmation from the webmaster or system administrator. Include the confirmation in the mail to the domainmaster.
The main part of the mail may look like this:
 
To: domainmaster@uu.se From: me@department.uu.se Subject: change webserver www.department.uu.se Hello, Please make www.department.uu.se a CNAME to www.service.uu.se like this: www.department.uu.se. IN CNAME www.service.uu.se. Kind regards, My contact information

Or, if you wish to change both http://www.department.uu.se and http://department.uu.se it may look like this with only IPv4 addresses.

 
To: domainmaster@uu.se From: me@department.uu.se Subject: change webserver www.department.uu.se department.uu.se Hello, Please remove the old A-record for department.uu.se and any record for www.department.uu.se. Add the following: department.uu.se. IN A 130.238.39.248 department.uu.se. IN A 130.238.39.252 www.department.uu.se. IN A 130.238.39.248 www.department.uu.se. IN A 130.238.39.252 Kind regards, My contact information.

If you have any questions contact helpdesk@bmc.uu.se or domainmaster@uu.se.



84. How to use the IBM Spectrum Protect (Tivoli Storage Manager aka TSM)

See also: How do I take backup of the data on my computer?
See also: How do I overwrite deleted data in Windows?
See also: Backing up via Rsync to Btrfs snapshots
See also: What is ransomware and CryptoLocker?


IBM Spectrum Protect is the backup system run at the university at the IT-division. The software was previously known as TSM - Tivoli Storage Manager and is still referenced as both names.

Financing and pricing

The services is paid for by the users. This includes salaries for everyone involved in maintaining the system and all equipment. The costs includes a starting cost per node and (decreasing) cost per GB depending on how much data that is stored in the system. Read the pricelist.

Documentation

IBM has their own documentation of TSM 7.1.3 (the latest version at 2016-04-14)

Schedule

Usually on Windows-systems the backup-client is asking the server whether it should backup or not. Send a mail to backup-admin to let them know.

On Mac and Linux (and other Unix-based systems) instead the client is called at a certain point in time doing the backup like this:

dsmc incr

To put this in crontab in a Linux system first run editor for the crontab as root using emacs as an editor.

EDITOR=emacs crontab -e

Or use the default vi editor:

crontab -e

Then enter the point in time to run the backups (with the full path to the client)

1 1 * * * /usr/bin/dsmc incr

Performance with TSM

  • TSM store files in tapes and after a while the incremental backups will store files in several different tapes. One way of taking care of this is to instead from time to time do a selection backup or a image (block device) backup. The block device backup is harder to read back for certain files obviously.

    There are several options to decrease the amount of data being sent on the wire by doing more work on the client. Inside the university network this usually it not a problem since we usually have enough bandwidth betwen the campuses and to the backup servers.

    • Zip up many small files and exclude the originals from backup.
    • Use virtual mount points to divide up the files in smaller sets.
    • Use journal-based backup to track which files have been changed
    • Use memory efficient backup, if the client is running out of memory.

    Compression yes Memoryefficientbackup yes

    Examples: Query the backup...

    To list what partitions (or file systems) have been backed up:

    dsmc query files

    To list files that have a backup date during a certain date range: (However, running with options time limits (todate, fromdate) will change the behaviour for the client and read a lot of data into RAM. With several millions of files this will be slow. Read about Classic Restore versus No Query Restore (NQR) at IBM)

    The option -inactive will list both active and inactive files.

    dsmc q ba -inact -fromdate=01/01/2016 -todate=01/03/2016 -subdir=yes '/blue/*'

    To get summary of all files backed up and the size:

    dsmc query backup '/etc/*' -subdir=yes -querysummary

    To get more details, for example to see files with the wrong backupclass which still are taking up space in the backup, run this command:

    dsmc query backup '/etc/*' -subdir=yes -querysummary -detail

    Examples: Restoring backup...

    To interactively pick and restore the files, restoring to the directory /tmp:

    dsmc restore -pick '/blue/*' "/tmp/"

    To also interactively pick among the inactive files when restoring:

    dsmc restore -pick '/blue/*' "/tmp/" -inactive

    To also restore subdirectories while restoring:

    dsmc restore -pick '/blue/*' "/tmp/" -inactive -subdir=yes

    To restore the state of a directory at certain different points in time. This will run the restore command each for the specified dates and restore the directory as it were at that point in time.

    for i in 10 11 12 13 14 15 16 17 ; do mkdir /var/tmp/jerker.restore.2016-04-$i-12.00.00/ dsmc restore -pitd=04/$i/2016 -pitt=12:00:00 -subdir=yes '/home/jerker/*' /var/tmp/jerker.restore.2012-11-$i-12.00.00/ done

    To backup everything irrespective of whether files have changed since the last backup, use the selective command:

    dsmc sel '/green/home/USER/jny25782/*' -subdir=yes

    Examples: Deleting old backup data...

    To delete a backup (which may require extra permissions), use the delete command. This time the -pick makes it interactive.

    dsmc delete backup '/archive/jerker/*' -subdir=yes -pick

    To delete all inactive files:

    dsmc delete backup '/archive/jerker/*' -subdir=yes -deltype=inactive

    To delete all inactive files backed up during a certain date range:

    dsmc delete backup -fromdate=01/01/2010 -todate=01/01/2016 '/green/home/USER/jny25782/*' -subdir=yes -deltype=inactive

    With the number of files into multiple tens of millions, this may not work so well since it takes up too memory or perhaps timeout when waiting too long for the confirmation prompt unless the operator (you) are staring at the window. Use the -noprompt option and break it down inte smaller parts like this:

    for i in /home/* ; do dsmc delete backup -fromdate=01/01/2010 -todate=04/01/2016 $i/'*' -subdir=yes -deltype=inactive -noprompt ; done

    To delete all files from the backup, including inactive files, specify -deltype=all. Do not prompt for confirmation.

    dsmc delete backup '/unwanted.data/' -deltype=all -noprompt

    This however do not delete parent directories from the backup. To remove them to, run the expire command. The position of the wildcard is described at IBM but look a bit strange, so be careful!

    dsmc expire '/unwanted.data*' -noprompt

    Different management classes:

    To view the different management classes:

    dsmc q mgmtclass

    To list the details different backup management classes:

    dsmc q mgmtclass -detail

    To change class when taking backup, the new class can be specified in the file dsm.opt when including file systems:

    include /myfilesystem/* TWOYEARCLASS

    Please note that this may (or may not) only affect new objects created in the backup system. Manual clean up (using the method in the previous section) may have to be done.

    The way I know about how to view the current backup management class is to start the graphical client: dsmj and in the menu Utilities the entry View policy information

    This is a small script to list managment classes:

    #!/bin/bash echo 'Management Retain Only Retain Extra Version Version' echo 'Class Version Version Data Exists Data Deleted' echo '--------------- --------------- --------------- --------------- --------------' ( dsmc q mgmtclass -detail ; echo DONE ) | grep -e 'MgmtClass Name' -e 'Retain Only Version' -e 'Retain Extra Version' -e 'Versions Data Exists' -e 'Versions Data Deleted' -e 'DONE' | ( while read A B C D E F ; do if test "$A" = "MgmtClass" -o "$A" = "DONE" ; then if test "$EXTRA" != "" -a "$ONLY" != "" ; then echo -e $MGMT'\t'$ONLY'\t'$EXTRA'\t'$EXISTS'\t'$DELETED | expand --tabs=16,32,48,64 ONLY="" EXTRA="" MGMT="" DELETED="" EXISTS="" fi MGMT=$D fi if test "$B" = "Only" ; then ONLY=$D fi if test "$B" = "Extra" ; then EXTRA=$D fi if test "$C" = "Exists...:" ; then if test "$D $E" = "No Limit" ; then EXISTS="NoLim" else EXISTS="$D" fi fi if test "$C" = "Deleted..:" ; then if test "$D $E" = "No Limit" ; then DELETED="NoLim" else DELETED="$D" fi fi done ) | sort -n --key=2,5

    The output looks like this on the current (2016-05-16) classes on the domain that I are using. Note that there may be different domains with different management classes.

    # ./tsm.list.mgmtclasses.sh Management Retain Only Retain Extra Version Version Class Version Version Data Exists Data Deleted --------------- --------------- --------------- --------------- -------------- ITSDBCLASS 0 0 1 0 ORACLECLASS 0 200 3 0 ONEDAYCLASS 1 1 3 2 DAYCLASS 2 0 1 1 MONTHCLASS 9 9 8 7 TWOWEEKS 14 14 14 1 TDPDIFF 30 30 No Limit No Limit TDPDIFF-META 30 30 No Limit No Limit TDPFULL 30 30 No Limit No Limit TDPFULL-META 30 30 No Limit No Limit TDPLOGS 30 30 No Limit No Limit TDPLOGS-META 30 30 No Limit No Limit PUBCLASS 60 30 2 1 STANDARD 60 30 2 1 QUARTERCLASS 120 90 3 2 ITSCLASS 300 200 3 2 LOGCLASS 300 200 3 2 ITS_DISK 365 200 3 2 DEVCLASS 500 450 4 3 TWOYEARSCLASS 750 30 2 1 ADMCLASS 900 800 8 7 TENYEARSCLASS 4000 30 2 1 # date Fri Aug 26 13:51:51 CEST 2016 # _

    This is how to Assign management class to specified directories or default.



    85. How do I install Ubuntu?

    See also: Add a printer in Ubuntu 14.04
    See also: Print using UserCode for Ubuntu
    See also: How do I mount SMB share in Linux?
    See also: Do you have a VMware virtual server I can use?
    See also: How do I configure my resolver on a Linux machine?

    This is documentation for a network installation of Ubuntu.

    You can always do a manuall installation. Just download the DVD from Ubuntu and install. Skip a few steps in the instructions below.

    1. Netboot the computer.
    2. In the PXE-boot men, start the latest and greatest Ubuntu installation. For example type uwEnter to begin a text installation of Ubuntu 15.04 Wily x64:
         uw       Ubuntu 15.04 Wily x64
      
    3. Step through the text installation. Activate automatic updates.
    4. You can choose several different desktop environments, but I recommend to begin with the standard Ubuntu desktop. This is how the Xubuntu desktop looks like:

    5. If you install in VirtualBox, remember to install the VirtualBox Guest Additions to enable shared clipboard and files between the host and guest OS.
      1. The CD is mounted automatically by VirtualBox. If everything works fine Ubuntu will find the CD and ask you for permission to install the guest additions. Just go ahead.
      2. Otherwise, tro to mount the CD via the menu in VirtualBox with Devices - Insert Guest Additions CD image.... Continue as above.
      3. And finally if the autorun does not execute but the CD has been mounted, you can manually run the installation:
        jerker@computer:~$ cd /media/jerker/VBOXADDITIONS_4.3.28_1003095
        jerker@computer:/media/jerker/VBOXADDITIONS_4.3.28_1003095$ sudo ./VBoxLinuxAdditions.run
        
    6. Wait until finished and then reboot the virtual machine.




      86. I have installed R in another location. How do I use it in a script?

      If you are running Mac OS X or Ubuntu and have installed R in for example in /opt/local64/R/3.1.1/ and have /opt/local64/R/3.1.1/bin in your path would like to write scripts that use this location, and any other location where you install new versions of R, you may use /bin/env to start R.

      The general idea in Unix is that the operating system and the packaging system install software in /bin and /usr/bin. The user install for a local system manually in /usr/local/bin. Shared software over a distributed file system (NFS, Lustre, CepFS..) usually resides in /sw /opt /srv. A packaging system external to the OS (like MacPorts) usually resides in /opt/local.

      $ which R
      /opt/local64/R/3.1.1/bin/R
      $ cat >test.r <<EOF
      > #!/bin/env Rscript
      >
      > print('hello')
      >
      > EOF
      $ cat test.r
      #!/bin/env Rscript
      
      print('hello')
      
      $ chmod +x test.r
      $ ./test.r
      [1] "hello"
      $ _
      




      87. Add a printer in Ubuntu 14.04

      See also: How do I install Ubuntu?
      See also: Print using UserCode for Ubuntu
      1. Find System Settings.

      2. Open System Settings

      3. Open Printers in System Settings

      4. Add a New Printer

      5. Expand the Network tree and see if it is browsable. Choose a way to connect. It usually does not matter. If the printer has dynamic DHCP (different IP from time to time) then use DNS-SD (Bonjour).

      6. Many printers are automatically found correct drivers for, but if not, see if you can find it in the driver database. You need to know:
        • Manufacturer
        • Model
        • Perhaps the IP-address of the printer

        If not found automatically, pick Maker

      7. If not found automatically, pick Model

      8. Give it a name. We recommend room number and model.
      9. Ok! Lets go! Print Test Page and press Ok.

      10. Done!





      88. My computer has got a virus! What do I do?

      See also: What is ransomware and CryptoLocker?

      Contact helpdesk@bmc.uu.se for advice.

      First, if the anti-virus program catches the virus, it is usually not a big problem and the infected file may have been put in quarantine.

      These instructions are mainly meant for Windows.

      Try to clean the computer with Symantec Endpoint Protection and McAfee Stinger

      1. Run LiveUpdate in SEP again. If there is a new definition now SEP might be able to clean up the file.
      2. Run Full Scan in SEP.

      3. If the files are in quarantine, open with View Quarantine in SEP.
      4. Delete permanently or clean the files
      5. Download another antivirus tool. We recommend McAfee Stinger. Download a new version directly from McAfee which includes updated virus definitions. Do not download tools from unknown sources if you do not trust them.

      6. Wait for it to complete.

      7. We seem to be safe.

      How do I enable and test the Symantec Endpoint Protection?

      1. Open Symantec Endpoint Protection
      2. Make sure the Status is green like this:

      3. Test by going to EICAR site and download a test-virus. You may have to download the Zip to even be able to get it to your computer.
      4. SEP should print a warning message when trying to run the test-virus.

      5. And also show a detection result window:

      How to fix the computer to be safe?

      Computers that have been running with a virus or trojan usually download a lot more trojans and viruses. It is really hard to clean them all. To be sure, reinstall computer.

      1. Contact helpdesk@bmc.uu.se for advice. How to do this the most efficient way depend on the computer and environment. For example, if all files are on the file servers then just reinstall computer.
      2. Get a new (or an other unused) harddrive.
      3. Replace the old harddrive with the new one.
      4. Install operating system and applications on the computer using the new hard drive.
      5. Copy files from the old hard drive to the new computer while checking them for viruses.




      89. Which Vlans are at the BMC-router?

      See also: Some Cisco switch commands
      See also: How are the network sockets identified?
      See also: Who is resposible for what on the BMC network? Who can help me?

      This list was updated in 2015-10-08.

      IT-division has a tool called Netreg for looking up which IP-addresses belong to different Vlans and vice versa all over UpUnet. Contact Netsupport for access.

      IT-division is also running NetDB - Network tracking database, that does similiar things like Arptrack we are running on BMC and just like for Netreg please contact Netsupport for access.

      VLAN numberVLAN name
      1 default
      2 Management
      3 Backbone
      4 Backbone-2
      50 WLAN
      660 FarmBio
      661 ILK-fkog
      662 MCB-instr
      663 Kemi-analyt
      664 Neuro
      665 ILK-anafarm
      666 Farmaci
      667 Ytbioteknik
      668 ILK-orgfarm
      669 eu-support
      670 Ludwig
      671 Struktbio
      672 LCB
      673 Medcellbiol
      674 IBG-kurs
      675 IMBIM
      676 Struktbio-internt
      677 Kemi
      678 BMC-Adm
      679 BMC-Gemensamt
      680 BMC-Data
      681 FKI
      682 BMC-Styr
      683 Ludwig-internt
      684 Bibliotek
      685 NatBiokemi
      686 ICM
      687 SLU-hgen
      688 Bioorgchem
      690 MedfarmDoIT
      691 SLU-mbv
      692 BMMS
      693 Neuro-micro
      694 Ventilation
      695 Netlogin
      696 BMC-Mediatek
      697 Medfarm-kansli
      698 Korint
      699 IBG-adm
      900 BMC-AD
      901 AKKIS-UU.225
      902 IHV
      903 HORS
      904 Pubcare
      905 AKKIS
      906 Farm-Bio_cluster
      907 BMC-signage
      908 ICM-MB
      909 IGP-Dumanski
      910 IGP-A
      911 IGP-B
      912 ICM-MB-IB
      913 ICM-MB-EN
      914 ICM-MB-IPMI
      915 Video-conf.
      916 MEDSCI-ARRAY
      917 IGP-UGC
      918 IGP-FUG
      919 UPPNEX
      931 Molmed-client
      932 Molmed-lab
      933 SciLifeAdm
      934 SciLifeLab
      935 Neuro-IPMI
      936 FarmBio-IPMI
      937 IGP-C
      938 IMV
      939 BMC-CAM
      940 BMC-PROJECTOR
      941 ISP




      90. Do you have a VMware virtual server I can use?

      See also: We have a server, where should we put it?
      See also: How do I install Ubuntu?

      The UADM IT-division (UUIT) has a highly-available VMware ESX environment where anyone at the university can rent a server.

      The current rate is 7000 SEK/year. This includes 50 GB disk. Disk is available for 7000 SEK/TB/year or 13000 SEK/TB/year depending on class (speed & availability) (Prices from 2016-03-10)

      Contact uppdrag@its.uu.se at IT-division to order a virtual server. If you need help contact helpdesk@bmc.uu.se and we can guide you.

      If you need computer resources for high-performance computing (HPC) we recommend that you contact UPPMAX where you can apply for plenty of resources in the shared multiuser environment.




      91. How to connect with VPN using AnyConnect in Windows

      See also: How do I access my work-computer from home?
      See also: How do I set firewall rules in Linux to block SSH?
      See also: How do I connect to the VPN using Ubuntu?
      See also: What is my IP-address and MAC-address?

      Read more about the VPN service.

      1. Start Cisco AnyConnect Secure Mobility Client.
      2. Enter vpn.uu.se and press Connect.

      3. Enter Username and password A and press OK.

      4. When connected it should briefly look like this.

      5. Open the client again by for example clicking the little icon in the toolbar.

      6. Disconnect by pressing Disconnect.





      92. How do I connect to the VPN using Ubuntu?

      See also: How to connect with VPN using AnyConnect in Windows
      See also: How do I set firewall rules in Linux to block SSH?
      See also: What is my IP-address and MAC-address?
      1. First apply for the VPN-service. Go to VPN service at Medarbetarportalen and follow instructions in the section Application for VPN service.

      2. Then install the openconnect client:

        sudo apt-get install network-manager-openconnect-gnome

      3. From the menu choose Edit connections...

      4. Select Add

      5. Select the Cisco AnyConnect Compatible VPN (openconnect) connection type.

      6. Edit your connection by naming it (VPN.UU.SE in this example) and then enter the gateway vpn.uu.se:

      7. The new connection will now show up in the Network Manager menu. Open it.

      8. Enter your username and password-A and if you dare select Save passwords.

      9. It worked!

      10. Check your new IP-address:

        ip addr list vpn0

      11. You can also go to websites like www.whatismyip.com to see where you are connecting from.




      93. How do I force activation of Windows 10 using KMS?

      See also: How do I activate my Office using KMS?

      When updating Windows Pro 7 to Windows 10 activation may fail. The name of the university KMS-server has also changed a few times, making Windows computers using the old name get unactivated.

      It may look like this:

      1. Connect to the university fixed network (ethernet).
      2. First start a command window as administrator.
      3. The command slmgr.vbs /ato should try to do an automatic activation if the computer is part of the Active Directory. If it is not part if the Active Directory you need to specify the KMS-server, see below.

      4. If that do not work, try to specify the activation server first with slmgr.vbs /skms kms.user.uu.se and then followed by slmgr.vbs /ato again.
      5. And if that do not work, try to reset the product key and then do an activation with the command slmgr.vbs /rearm.

      6. Display information about activation with slmgr.vbs /dli. It should look like this:

      7. You can also check when the license expires with the command slmgr.vbs /xpr.
      8. If things do not work, maybe the KMS-address has changed? You can also check the current address with the command nslookup -type=srv _vlmcs._tcp.user.uu.se. If that is the case, the address kms.user.uu.se should be changed to the new one. Please send mail to helpdesk@bmc.uu.se to let us know if this is the case. In the example below both reference to the same server which is correct.





      94. How do I start an elevated command prompt (as administrator) in Windows?

      See also: How do I activate my Office using KMS?
      1. Start a command interpreter window by entering cmd in the search prompt.

      2. Launch by pressing CTRL SHIFT and ENTER at the same time.

      3. Answer Yes to run as administrator.

        It should look like this for Windows 7:

        And like this for Windows 10:

      4. If everything works fine you are running as administrator. The Window title bar should contain the text Administrator:.

        It should look like this for Windows 7:

        It should look like this for Windows 10:

      It does not work! What do I do now?

      1. If you need to be local administrator, send a mail to helpdesk@bmc.uu.se where you specify your computer name and your account name. We can then add you as a local administrator, after we have confirmed that it is your computer. Then restart computer.

      2. If it does not work anyway, restart computer again. When the computer restarts it should read the group policy which adds the members in a group in the Active Directory to that computers local administrators.
      3. If the group has been created and populated with members and it still do not work? Run the command gpupdate /force in a command window to force the computer to update the group policy if this was not done automatically. It may look like this. Answer y and enter to logoff. Then login and try again.





      95. My Windows computer is running out of storage. What is using it?

      See also: My Android device is running out of storage. What is using it?

      Wikipedia has a list of disk space analyzers. Disk space analyzers do a scan of the file system and display what is using up all the resources.

      We have tested TreeSize Free which can be downloaded from Jam-software.

      After installation it will scan the hard drive and display a nice window that looks like a file manager. It will display the size for every directory and the contents in it.




      96. How do I overwrite deleted data in Windows?

      See also: How do I take backup of the data on my computer?
      See also: How to use the IBM Spectrum Protect (Tivoli Storage Manager aka TSM)

      Microsoft Windows has a tool called cipher which can erase (fill with zeroes) unused space on the harddrive, including already removed files.





      97. How do I look in the event log in Windows?

      In the event log Windows stores events that happened on the computer. For example - who has logged into your computer and when.

      First start Event Viewer.

      Then find the Security log and scan for interesting events.

      Using the Filter Current Log... feature it is possible to only display events of a certain type.

      To catch all logon events there is a setting in the group policy to activate auditing of these. Start up gpedit and change Computer Configuration / Windows Settings - Security Settings - Local Policies - Audit Policy - Audit login events. This is the setting you wish to change:

      Audit both Success and Failure.

      It should look like this after you are done:





      98. How do I access my home directory?

      See also: How do I mount my home directory or shared storage at HNAS?
      See also: How do I use offline files?
      Open the Explorer in Windows and look for X: and P:. Store your personal stuff on the file server in X:. The P: is used for shared (public) storage between members in a group or at the university.

      If should look like this:

      On some computers (all the new ones) the desktop is also stored on the file server. Check if you put stuff on the desktop it also shows up on X:\Desktop.



      99. How to change language in Windows 7 Enterprise

      Computers with Windows 7 Enterprise are installed with a default language. We install with either english or swedish.

      Install swedish language pack

      There are two ways of doing this.
      • If you are a local administrator you can start Windows Update and find the optional update Swedish Language Pack. Install.
      • If you have Zenworks installed you can in the ZENworks application window start Win7 LangPack SE to install the language pack. You don't have to be administrator for doing this.

      Change language from swedish to english

      Microsoft Windows 7 Enterprise may change language after installation if you have more than one language installed.

      (The version of Windows pre-installed (OEM) is usually Windows 7 Professional or Home. In those versions language cannot be changed after installation.)

      1. Start Byt visningsspråk or Change display language
      2. Change to english
      3. Copy settings to welcome screen and new users
      4. Click the checkboxes
      5. Restart computer
      6. Done




      100. How do I activate my Office using KMS?

      See also: How do I start an elevated command prompt (as administrator) in Windows?
      See also: How do I force activation of Windows 10 using KMS?

      Microsoft Office 2010, 2013 or 2016 on Windows 7 or Windows 10 connected to the USER-AD, the university Active Directory (using the university accounts), should automatically activate on the university network.

      If it does not work or if the computer is not part of the Active Directory, follow these steps:

      1. Connect computer to the wired network at your department.
      2. Start an elevated command prompt window - run cmd (command prompt) as administrator. Please see the FAQ How do I check if I am a local administrator in Windows? on how to do this.
      3. Enter the Office installation directory (
        Office 2010 (32-bit)
        Enter the Office installation directory with typing cd c:\Program Files (x86)\Microsoft Office\Office14
        Office 2013 (32-bit)
        Enter the Office installation directory with typing cd c:\Program Files (x86)\Microsoft Office\Office15
        Office 2016 (32-bit)
        Enter the Office installation directory with typing cd c:\Program Files (x86)\Microsoft Office\Office16
        Office 2016 (64-bit)
        Enter the Office installation directory with typing cd c:\Program Files\Microsoft Office\Office16
      4. Run the activation script:
        1. First try to run the command cscript ospp.vbs /act. (Read more about this here: Tools to manage Office 2013 volume activation.)
        2. If the computer cannot find the KMS-server (you may be behind NAT in a virtual machine) you can try the command: slmgr /skms kms.user.uu.se first and then the command slmgr /ato to activate (Windows) or cscript ospp.vbs /act (just Office).

          To find the correct host (currently 2016-05-30 kms.user.uu.se) follow these instructions: How to discover Office and Windows KMS hosts via DNS and remove unauthorized instances

      5. Close the command prompt window.

      If an old version if Windows in some way managed to block the new installation, then run the EasyFix uninstall tool from Microsoft

      1. Uninstall Office 2016, Office 2013, or Office 365 from a PC using the easy fix tool (Really useful if you have an Surface Pro or any other new computer with pre-installed Office 365 that you want to get rid of!)
      2. Uninstall or remove Office

      It is possible to do a manual uninstall of Office





      101. My Outlook do not start! What can I do?

      Run Outlook in safe mode and will repair and start again.

      You can also hold down ctrl when starting Outlook or you can start Outlook with the argument /safe like this:

      Follow the instructions from Microsoft on how to Open Office apps in safe mode on a Windows PC.



      102. I cannot read my USB-drive. What do I do?

      Drive is ok but has lost power a bit too much

      If the drive can be seen (accessed) by the computer but cannot be read (open file system), I would try to check the file system of the drive.

      I assume the drive is using a DOS or NTFS file system (this is the standard file system for Windows).

      1. Open Start-menu and click on Computer.
      2. Right-click the drive that you want to check and click Properties.
      3. In the Tools-tab, under Error checking, click Check now. Enter administrator password.

      Cabinet is broken but drive is ok

      Secondly, if the drive cannot be seen at all, maybe the electronics in the cabinet is broken but the drive is OK. Contact helpdesk@bmc.uu.se to get help.

      1. You can do this yourself too. Send a mail to helpdesk@bmc.uu.se and ask for a spare SATA-USB-adapter if you do not have one. The internal SATA-port and SATA-power in a PC might work too (only connect when the computer is turned off).

      2. Open the USB-drive cabinet and remove the drive.
      3. Insert the drive into the SATA-USB-adapter and connect the USB to the computer.
      4. Open file system and read your files.

      Broken drive with bad blocks

      If the drive has bad blocks and is generally messed up, reading the blocks one by one may help.

      1. Run Linux on a computer. Contact helpdesk@bmc.uu.se to get help if you cannot do this yourself.
      2. Use the tool ddrescue to create a block image of the drive.
      3. Take the file and write it to a disk or virtual device. (A copy of the file).
      4. Try to read the file system in Windows and perhaps check the file system.
      5. The tool TestDisk can be useful for partition recovery and deleted files recovery.

      Almost all hope is gone

      Send it to a company that can rescue broken drives by for example changing the electronics from another identical drive. This does cost a lot of money. IBAS is one of them.

      If the drive plate is confetti even these companies cannot help you.



      103. My Windows 7 computer is stuck in a Windows Update loop!

      Windows 7 in particular sometimes get stuck during updates. Windows will try to install the updates, then revert, and they try again. After a few iterations in this loop it will allow the user to login.

      Microsoft has the following instructions regarding how to try to fix problems with Windows Update: How do I reset Windows Update components?

      The easy way out is just to temporarily block the offending update. This will give you some time until the next cumulative update shows up. Hopefully Microsoft has fixed the problem then.

      1. Start Windows Update.

      2. Check for Updates

      3. Select the important updates.

      4. Hide the problematic update.

      5. It will be grey in the list...

      6. ...and show up in Restore hidden updates.





      104. How to use WinSCP to access files over SCP on Windows

      SCP is encrypted making this a relatively secure way to access files even from home or over WLAN (wireless network).

      1. Download and install WinSCP from http://winscp.net/eng/download.php or open it in ZENworks application Window.
      2. Login on the server, in this example neuro-l2.neuro.uu.se using your username and password A.

      3. Accept the host key.

      4. Access your files.





      105. How to setup a Xibo-client for signage

      See also: Install Xibo client on local computer for testing
      See also: Manage your Xibo display

      In order to publish data on Xibo it is best to setup a Xibo client on your own computer or dedicated computer to play with. Preferably use one screen to change the content and another screen to view the work.

      1. Here is the Xibo homepage and the Xibo project homepage at launchpad.
      2. Download the Xibo client. Currently 1.4.2 is used on BMC. Go to all versions go to next and to the Xibo 1.4.2 "Brorsen" release. Download client for Windows or Ubuntu.
        Direct link to xibo-client-1.4.2-win32-x86.msi for Windows.




      106. Install Xibo client on local computer for testing

      See also: How to setup a Xibo-client for signage
      See also: Manage your Xibo display
      1. Save MSI-package.

      2. Run it and follow the wizard.

      3. Accept Xibo license.

      4. Go ahead with default path.

      5. Run the installation. You need to be local administrator.

      6. Enter the magic key for register the display (which you get by contacting Xibo administrator)

      7. Register with an appropriate name:

      8. Wait for a Xibo administrator will register the display.

      9. This is how an unregistered display looks when the Xibo client is running:

      10. For the next step the Xibo administrator needs the register the display by pressing Edit on the display and save in the Xibo web interface.





        107. Manage your Xibo display

        See also: How to setup a Xibo-client for signage
        See also: Install Xibo client on local computer for testing

        1. Get an account for Xibo from the Xibo administrator (contact helpdesk@bmc.uu.se with correct permissions for your displays.
        2. Go to the Xibo server address to manage the device.
        3. Upload media (images)
        4. Create Layout
        5. Edit display and set default layout.




        108. What is ZENworks? How to I install applications via ZENworks application window?

        See also: What software applications do the university have that I can install?

        Distribution and installation of software

        Novell ZENworks is a computer management software.

        The most used feature of ZENworks is the ZENworks application window where anyone can easily install software on client computers.

        1. Open ZENworks Application Window

        2. Start any program. If it is the first time you have to wait for the installation to finish.

        Remote management session request

        ZENworks can make a remote management session request, which makes it possible to do directly cooperative control of a client. The client has to make the request. (This is done together with a phone call to the person the request is sent to and not a way to initiate a request, because the listener has to be started a the other end first.)

        1. Open ZENworks Show Properties

        2. Open General under Remote Management.
        3. Open Request Remote Management Session.

        Prerequisite for installing ZENworks Adaptive Agent

        If you want to run ZENworks client on a computer that has not been preinstalled by BMC-IT, you have to make sure of this first:

        1. The computer has to be owned by the university.
        2. Name the computer like XXX-SERIALNUMBER for example INV-CZC133F3 for a computer with the serial number CZC133F3 at the Department of Neuroscience. This makes it easier to identify the computers.
        3. Take a backup.
        4. Install client. Ask helpdesk@bmc.uu.se for help with this.

        Blissful ZENworking!





        109. How do I uninstall the Zenworks agent?

        Zenworks is used for these major reasons:

        1. Do automatic installation of software and settings when the computer is deployed. Some of the effort in this is shared all over the university.
        2. May be used for remote interactive control by user request.
        3. Self-service installation of software by the users, even without local administrator privileges, and far away from the university network over the Internet.
        4. Do inventory. This may save a lot of time when we really need to find out exactly how many copies of a certain program are installed on the computers.

        The Zenworks agent load on the computer is not much on a modern computer, but if the computer is very old and slow there are a chance to notice a performance impact. In this case you might want to uninstall the Zen agent even though this will increase the load of your local IT-support. There are often other better ways of speeding up the computer:

        1. Make sure the computer has enough RAM. Upgrade to at least 8 GB RAM so that all programs fit in memory.
        2. Replace HDD with SSD. Solid state drives are a lot faster than rotating hard disk drives.
        3. Reinstall Windows. Windows-computers seem to get slower and slower over time. An extreme example was Windows Update in Windows XP that got glacially slow over time. This has been improved with later versions of Windows but it still exists.

        In the Zenworks console

        Anyway. The Zenworks agent is protected from uninstallation by the settings in Zenworks. A system administrator (contact helpdesk@bmc.uu.se) has to open the client in the Zenworks console, open Settings, open Device Management, open Zenworks Agent, choose Override the System settings and enable the option Allow users to uninstall the ZENworks Adaptive Agent.

        On the computer

        1. You have to be local administrator on the computer.
        2. Refresh the Zenworks agent in the task bar.

        3. Then on the computer open Programs and Features

        4. Find the Zenworks client and choose uninstall.

        5. Check the box Local uninstallation only.

        6. Do not keep anything. Do not retain CASA.

        7. Ok, go ahead...

        8. Wait for the Zenworks Uninstaller to complete.

        9. It will probably complain about not being able to remove everyting, but just go ahead and restart when done.

        10. Uninstall done.

        This documentation is covered by GNU Free Documentation License.