Rainbow Scenery
Valid HTML 4.01 Transitional

Intel NUC5i5RYH
Becoming Baobei

Jim Carter, 2016-01-18, upated 2018-01-16

On 2018-01-13 the NUC6CAYH arrived, freeing up the NUC5i5RYH to become Baobei, the machine running Microsoft Windows and its task preparation and accounting packages. Here's what I did to set that up.

BIOS Setup

Symptom: it would not wake on LAN from S5. Actually I did this late, should have done it first. The following is from after I installed BIOS 0367 and reverted explicitly to factory defaults (press F9). All settings were left alone except as noted.

How should I set the Primary Power Setting? The only differences that I can see are in Package Power Limit 1 (Sustained) which is 20W for Max (the factory default), 15W for Balanced, 8W for low power. And also an averaging window changes. Burst mode is 25W for all. If the machine encounters a task requiring a lot of CPU, if allowed 8W it will run longer but cooler, or at 20W it goes quicker but hotter. Or with more power a game's frame rate can be higher. Hotter means more fan noise and in theory can shorten the life of the CPU, but I doubt that it gets hot enough on the factory default setting of Max to do damage; you need to get into the overclocking menu to really do a roast job. For my use case in Windows, most of my computation is in burst mode, and I doubt I will notice any difference between different values of Primary Power Setting.

Windows 10 Pro License and Media

Ben bought us a product key for Windows 10 Pro ($35). It's recorded in win10-key.txt (not publicly readable). The reason for getting the Pro edition is to get a RDP server. Win10 Home has a RDP client but not the server. Here are the steps in getting the media.

Steps in Window-10 Installation

We're going to install Windows, then check things out. Hostname to be orion.

Setup Information

Once it boots it asks you for this setup information:

User Initiated Setup

These are additional setup steps to get it working on my network.

Windows Update

As this is written, Ben says the current build number is 16299.192 . We are now at 16299.15 which I think is just what's on the installation media. If you hit Check for Updates it may or may not find some after a ridiculously long time, but makes no progress downloading the ones that were found.

Skipping a page of troubleshooting steps. I power cycled Jacinth and things got a lot better.

Short story on Windows Update: on some but not all content delivery nodes, IPv6 is screwed up. Sometimes you can update using IPv6 and sometimes you can't. I disabled IPv6 on the network adapter and got the updates. Build number 16299.192 which is current as of 2018-01-18.

Install Application Software

RDP Server on Windows

I'm using the Remmina client on Linux; see the next section. But it absolutely could not connect to the RDP server. Skipping another page or two of troubleshooting steps. Ben and I worked together to break this loose. The issue turns out to be, there are 3 choices for the security protocol:

Another possibility is to do the remote desktop thing by VNC. I actually installed the TightVNC server on Baobei and used it successfully. But our security rules require that authentication data, and preferably the entire content, be encrypted on the wire, similar to what SSH does. That would mean setting up an intra-data-center VPN from the Financial Manager's machine to Baobei. While that kind of thing is a best practice in the corporate world, particularly with outsourced colocation services, it would be ridiculous overkill in our situation. There are also useability issues with VNC authentication which reduce the WAF (Wife Acceptance Factor) of VNC. So I will continue debugging RDP, with its intrinsic security.

Ben finally found this procedure to turn off NLA. Then TLS could be used successfully.

Linux RDP Client

5 of the Best Linux Remote Desktop Clients, on Techradar. RealVNC, TigerVNC, TightVNC do VNC only, so don't help me. Remmina and Vinagre can do both RDP and VNC, and can make the connection over a SSH forwarded port (if the target has a SSH server, not typical for Windows). Remmina can spawn SSH shell sessions (and several other remote desktop protocols, using plugins). Since my Linux machines already have Remmina and don't have Vinagre, I'm concentrating on Remmina.

It is assumed that the reader will have used the procedure detailed above to not insist on NLA. A couple of pages of troubleshooting steps, involving NLA being required and not having the required Kerberos ticket, have been omitted.

How to use Remmina: preparing a connection profile. Hit +, or right click on an existing connection line and pick edit.

How tp use Remmina: making the connection. Double-click the connection row, or right click and pick Connect. Accept the lame self-signed cert from the target (first time only). You will get a window with a framebuffer as if on the target's console. Authenticate to the Windows greeter, and do your thing. When you sign out, the connection will be closed and the framebuffer window will vanish. (VNC works similarly, assuming a VNC server is running on the target.)

Tweaking remmina startup preferences: ~/.config/remmina/remmina.pref

Windows does not really have the concept of multi-user operation. If the same user is already logged in to the target, e.g. at the console, that instance will be locked, and the RDP session will see the ongoing framebuffer and will have input focus. When the user disconnects RDP (without signing out), the other instance will unlock. When different users are involved I'm not sure what will happen, but this is not something Windows is designed to do. Remote Assistance uses RDP, and both instances would then be able to see the session and to provide input.

Installing TightVNC server

TightVNC-2.8.8 includes a server and a viewer. The installer also associates .vnc files with the viewer; registers the server as a system service; allows simulated ctrl-alt-del; and makes a firewall hole for VNC. Post-install setup wizrd: you need to set a password for remote access and for the administrative interface. See nearby file (mode 600) for the password. The server is started immediately, and at reboot. Since I have RDP working, I'm going to de-install the VNC server.

Transplanting Baobei

The job now is to get user files off the virtual machine (Baobei) onto the new bare metal machine (Orion), after which the VM will never be seen again, and Orion will take over tha name and IPv4/6 addresses of Baobei. Actually I renamed the VM to baobei-vm just in case.

How to Back Up Baobei

I shared the C:/ drive on Baobei, and created a script on Diamond: /home/backup/baobei/baobei-suck. It mounts the whole drive and uses rsync to copy the wanted subdirectories into the backup area.

How I shared my C:/ drive in Windows 10:

Details in the backup script:

Rainbow Scenery