Guess what? I found a site that’s giving Minecraft gift codes away for free! http://freeminecraftgiftcode.net
vCenter wants to format lost ESX LUNs
Posted: September 22, 2011 in TechnologyTags: esxcfg-rescan, icsci, lun, vcenter, vmware
So out of a sudden you notice a few LUNs are missing from one or more of your ESX servers. Strange isn’t it? So you do a storage scan / refresh and they still do not automatically appear. You look for additional LUNs to add to your ESX server but as you’re adding them you are told that they will be formatted, this is obviously not an option if you have any data in them!
To solve this problem log into your ESX4 server and become root:
$ sudo su –
Deduplication Volume is nearly over deduplicated
Posted: September 22, 2011 in TechnologyTags: deduplication, dfm, netapp, volumes
A couple of my NetApp NFS volumes are being overly deduplicated, usually that’s a good thing but DFM (Data Fabric Manager) is set up out of the box to notify you if they reach the 140% and 150% marks. This is an easy fix.
To eliminate these alerts set the over deduplication thresholds to a higher value in the DFM server:
dfm options set volNearlyOverDeduplicatedThreshold=<higher value>
dfm options set volOverDeduplicatedThreshold=<higher value>
Using Multicast WNLB
Posted: May 17, 2010 in TechnologyTags: ARP, CAS, Cisco, Exchange, Load Balancing, MAC, Switch, WNLB
If you’re like me and have already configured your 2010 Exchange CAS in a WNLB cluster then you must have chosen 1 of 3 choices: Unicast, Multicast or IGMP Multicast. At first I went with Unicast as it was the easiest one to setup but then I realized that I may not want Unicast due to the nature of how it operates. An excerpt of a VMware white paper on MS load balancing reads:
Unicast mode works seamlessly with all routers and Layer 2 switchs. However, this mode induces switch flooding, a condition in which all switch ports are flooded with Network Load Balancing traffic, event ports to which servers not involed in Network Load Balancing are attached.
As you can see that may not be something you want to do. So I switched it up to Multicast, but once I did that I was no longer able to hit the virtual IP address associated with my CAS cluster. In order to fix this you must add a static ARP entry in the router, mapping the cluster IP address to its MAC address:
User Access Verification Password: XXXXXXXXXX>en Password: XXXXXXXXXX#config t Enter configuration commands, one per line. End with CNTL/Z. XXXXXXXXXX(config)#ARP 10.X.X.X YYYY.YYYY.YYYY ARPA
Where 10.X.X.X is the virtual IP address of my WNLB and YYYY.YYYY.YYYY is the virtual MAC address created for me by WNLB. After I completed that command I was able to connect to Exchange.
Manually Remove a User off the SQL Database in BlackBerry Enterprise Server Express 5.0
Posted: May 7, 2010 in TechnologyTags: BES, BESMgmt, BlackBerry Enterprise Server, RIM
If you’ve ever removed a user off the BlackBerry Enterprise Server via the Administrator Web Console and have come to find that you’re no longer able to re-add the user this might help you:
- Connect to the database from within the BES server (where BLACKBERRY is the name of your database instance, note it could be something else depending on your setup.)
C:\> sqlcmd -S .\BLACKBERRY
- Dump a list of possible names:
1> use BESMgmt 2> select DisplayName from UserConfig 3> go Changed database context to 'BESMgmt'. DisplayName Carlos Serpa (1 rows affected)
- Remove the desired user:
1> use BESMgmt 2> delete from UserConfig where DisplayName="Carlos Serpa" 3> go Changed database context to 'BESMgmt'. (1 rows affected)
- Exit:
1> exit
An Erroneous Yum Update Broke my Trixbox Zap Features
Posted: April 22, 2010 in TechnologyTags: Asterisk, centos, dahdi, Kernel, Linux, Trixbox, VoIP, xen, zap, zaptel
After a yum update and later on a reboot I broke my Trixbox 2.8 / Nagios server as it wasn’t dialing out anymore using the FXO card attached to the server. The server dials out thanks to Asterisk performing a text2speech function which eventually results in a call to me through one of my company’s POTS. After some research and log searching I got the following errors identified:
Loading DAHDI hardware modules: FATAL: Module dahdi not found. wct4xxp: FATAL: Module wct4xxp not found. [FAILED] wcte12xp: FATAL: Module wcte12xp not found. [FAILED] wct1xxp: FATAL: Module wct1xxp not found. [FAILED] wcte11xp: FATAL: Module wcte11xp not found. [FAILED] wctdm24xxp: FATAL: Module wctdm24xxp not found. [FAILED] wcfxo: FATAL: Module wcfxo not found. [FAILED] wctdm: FATAL: Module wctdm not found. [FAILED] wcb4xxp: FATAL: Module wcb4xxp not found. [FAILED] wctc4xxp: FATAL: Module wctc4xxp not found. [FAILED] xpp_usb: FATAL: Module xpp_usb not found. [FAILED] Error: missing /dev/dahdi!
The error could be duplicated by trying to start the dahdi service (# service dahdi start) or by simply restarting the server and looking at server load up.
Researching the forums showed that Trixbox 2.8 now uses dahdi modules instead of zap modules but I had the dahdi modules and packages installed, which led me to see what kernel I was actually running, it seemed I was actually running a XEN kernel, 2.6.18-164.11.1.el5xen to be exact, a-ha!
I am unsure why I had installed XEN kernels but it must have been a mistake and 2.6.18-164.11.1.el5xen was set up as my default kernel boot option. I uninstalled kernels, rebooted, ran setup-pstn and it’s all back to normal!
[root@hostname][~]# cat /etc/grub.conf # grub.conf generated by anaconda # # Note that you do not have to rerun grub after making changes to this file # NOTICE: You have a /boot partition. This means that # all kernel and initrd paths are relative to /boot/, eg. # root (hd0,0) # kernel /vmlinuz-version ro root=/dev/sda2 # initrd /initrd-version.img #boot=/dev/sda default=0 timeout=5 splashimage=(hd0,0)/grub/splash.xpm.gz #hiddenmenu title CentOS (2.6.18-164.11.1.el5) root (hd0,0) kernel /vmlinuz-2.6.18-164.11.1.el5 ro root=LABEL=/ initrd /initrd-2.6.18-164.11.1.el5.img title trixbox-base (2.6.18-128.1.10.el5) root (hd0,0) kernel /vmlinuz-2.6.18-128.1.10.el5 ro root=LABEL=/ initrd /initrd-2.6.18-128.1.10.el5.img
[root@hostname][~]# dahdi_cfg -vv DAHDI Tools Version - 2.2.1
DAHDI Version: 2.2.1 Echo Canceller(s): MG2 Configuration ====================== Channel map:
Channel 01: FXS Kewlstart (Default) (Echo Canceler: mg2) (Slaves: 01)
1 channels to configure.
Setting echocan for channel 1 to mg2
[root@hostname][~]# /etc/init.d/dahdi restart Unloading DAHDI hardware modules: ERROR: Module dahdi_echocan_mg2 is in use ERROR: Module wcfxo is in use ERROR: Module dahdi is in use by dahdi_echocan_mg2,wcfxo error Loading DAHDI hardware modules: wct4xxp: [ OK ] wcte12xp: [ OK ] wct1xxp: [ OK ] wcte11xp: [ OK ] wctdm24xxp: [ OK ] wcfxo: [ OK ] wctdm: [ OK ] wcb4xxp: [ OK ] wctc4xxp: [ OK ] xpp_usb: [ OK ] Running dahdi_cfg: [ OK ]
Manually Joining an RHEL/CentOS 5.X Server to a Windows Domain
Posted: April 21, 2010 in UncategorizedTags: Active Directory, centos, domain, Domain Controller, kerberos, Linux, rhel, samba, winbind
- Install the required packages:
yum install samba krb5-workstation krb5-libs pam_krb5 samba-common ntp
- Edit /etc/krb5.conf (and replace the entries in bold, do not use the <> symbols!):
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = <DOMAIN.LOCAL>
dns_lookup_realm = true
dns_lookup_kdc = true
ticket_lifetime = 24h
forwardable = yes
[realms]
<DOMAIN.LOCAL> = {
kdc = <domain-controller.domain.local>
admin_server = <domain-controller.domain.local>default_domain = <DOMAIN.LOCAL>
}
[domain_realm]
.<domain.local> = <DOMAIN.LOCAL>
<domain.local> = <DOMAIN.LOCAL>
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
- Edit /etc/samba/smb.conf [global] section (again replace the entries in bold and do not use with <> symbols):
[global]
workgroup = <DOMAIN>
netbios name = <COMPUTER-HOST-NAME>
server string = <Computer Description>
security = ads
realm = <DOMAIN.LOCAL>
encrypt passwords = yes
smb passwd file = /etc/samba/smbpasswd
allow trusted domains = yes
unix password sync = Yes
passwd program = /usr/bin/passwd %u
passwd chat = *New*password* %n\n *Retype*new*password* %n\n*passwd:*all*authentication*tokens*updated*successfully*
pam password change = yes
obey pam restrictions = yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
dns proxy = no
idmap uid = 16777216-33554431
idmap gid = 16777216-33554431
winbind use default domain = yes
# winbind separator = #
winbind enum users = yes
winbind enum groups = yes
template shell = /bin/bash
template homedir = /home/%U
load printers = no
printing = none
printcap name = /dev/null
disable spoolss = yes
Note: I don’t like to use the winbind separator feature because I like my domain accounts to authenticate without having to use something like DOMAIN\username or DOMAIN+username to login to the Linux shell. This is up to you. Same with the HOMEDIR location, I like the users to remain within the /home directory rather than /home/DOMAIN/
- Edit /etc/nsswitch.conf:
passwd: files winbind
shadow: files winbind
group: files winbind
hosts: files dns
- Edit /etc/pam.d/system-auth:
auth required pam_env.so
auth sufficient pam_unix.so likeauth nullok
auth sufficient pam_krb5.so use_first_pass
auth sufficient pam_winbind.so use_first_pass
auth required pam_deny.so
account required pam_unix.so broken_shadow
account sufficient pam_succeed_if.so uid < 100 quiet
account [default=bad success=ok user_unknown=ignore] pam_krb5.so
account [default=bad success=ok user_unknown=ignore]pam_winbind.so
account required pam_permit.so
# Use option below if you want to restrict all users but
# those that belong to the ‘unix’ group in AD
# account requisite pam_succeed_if.so user ingroup unix
password requisite pam_cracklib.so retry=3
password sufficient pam_unix.so nullok use_authtok md5 shadow
password sufficient pam_krb5.so use_authtok
password sufficient pam_winbind.so use_authtok
password required pam_deny.so
session required pam_limits.so
session required pam_unix.so
session optional pam_mkhomedir.so skel=etc/skel/ umask=0027
session optional pam_krb5.so
- Once these files are added, you need to turn on winbind manually for the test:
/etc/init.d/winbind restart ; /etc/init.d/smb restart
- Ensure winbind and Samba are running in the proper run levels:
chkconfig –level 345 winbind on ; chkconfig –level 345 smb on
- You will now want to try to add the computer to the domain. You will need an account with domain admin privileges to do this:
net ads join –U <administrator>@<DOMAIN LOCAL>
This will join the computer to the domain, and will prompt you for the administrator password. It should work successfully. If not, look at log files, conf files, and ensure they match this guide!
To see if you are able to see groups, just type in:
wbinfo –g
- Other commands to try:
getent passwd (password list, should retrieve domain users as well)
getent group (group list, should retrieve domain groups as well)
wbinfo –g (lists groups from domain)
wbinfo –u (lists users from domain)
Enabling the DHCP service in a RO Active Directory DC in W2K8 R2
Posted: April 21, 2010 in UncategorizedProblem:
You get the following error when trying to start the DHCP service in a Read-Only Domain Controller within Windows 2008 2008/R2 server:
The DHCP Server service terminated with the following error:
The request is not supported.
and/or
The DHCP service was unable to create or lookup the DHCP Users local group on this computer. The error code is in the data.
Solution:
Since the Read-Only DC can’t write back to Active Directory in order to create the DHCP Administrators/Users security groups the service local DHCP service in the RO DC fails to start.
In order to remedy this you need to install the DHCP role within a regular R/W DC and replicate the data to the R/O DC. Once that happens you’re able to start the service. This only applies to DCs that will be hosting the first DHCP server in a Forest and happens to be an RODC.
In my case I have a total of 4 DCs in different sites but only my datacenters have R/W DCs, my regular offices have R/O DCs. Since there is no need for my servers at the datacenter to grab IPs from a DHCP server I installed the role (in order to create the security groups) in a R/W DC and then I stopped and disabled the service within that DC.
Connecting a Lenovo T61 to a wireless network with CentOS 5.3 (Gnome)
Posted: May 11, 2009 in UncategorizedMy work Lenovo T61 comes loaded with an Intel Pro Wireless 4965 (iwl4965 and iwlagn), so we will need specific pieces of software to get it going. First we need to ensure we have the RPMForge Repo installed, the following should be run for RHEL/CENTOS 5 x86 systems:
rpm -Uhv http://apt.sw.be/redhat/el5/en/i386/rpmforge/RPMS/rpmforge-release-0.3.6-1.el5.rf.i386.rpm ; yum clean all ; yum update
Followed by:
yum install iwl4965-firmware
Your wireless device should be working now. Enable NetworkManager to use it. In the CLI:
chkconfig NetworkManager on
service NetworkManager start
You may want to disable the start of your network at boot time, since you won’t need it anymore. For this, simply do:
chkconfig network off
I’m an RHCE!
Posted: May 11, 2009 in UncategorizedI didn’t really post this in time since I received my congratulary email days ago… but I passed the RHCE with a 100% score. Yay for studying.