tag:blogger.com,1999:blog-2448469302595647392016-05-03T10:44:32.708-04:00IT Cookbook - real world experienceQuick Tips, Tricks, & Guidescomputingbeenoreply@blogger.comBlogger97125tag:blogger.com,1999:blog-244846930259564739.post-37552321007338489522016-04-21T22:14:00.000-04:002016-04-21T22:14:40.067-04:00Nagios Plugin for Overland Storage <span style="font-family: "arial" , "helvetica" , sans-serif;">Icinga2 is a great Network & Systems monitoring tool forked from Nagios. It's very flexible and very easy to understand and use. I have worked with many different Network and Systems monitoring tools throughout my career, Solarwinds, SCOM, WhatsUP Gold, ManageEngine, SpiceWorks, Nagios, etc. just to name a few. But this one beats them all. </span><br /><span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span><span style="font-family: "arial" , "helvetica" , sans-serif;">If you can't find a plugin (or check as they call it in Nagios world), you can write your own and that's what I did. Go check it out, it's on github, </span><br /><span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span><span style="font-family: "arial" , "helvetica" , sans-serif;">https://github.com/computingbee/check_overlandstorage</span><br /><span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span><span style="font-family: "arial" , "helvetica" , sans-serif;">This lets you monitor Disk, RAID status, and NIC failures on your Overland Storage arrays.</span>computingbeenoreply@blogger.com0tag:blogger.com,1999:blog-244846930259564739.post-91603285760282161892016-04-14T23:50:00.003-04:002016-04-14T23:50:48.405-04:00check_nwc_health icinga2 service config script<span style="font-family: Arial, Helvetica, sans-serif; font-size: x-small;">This bash script lets you quickly generate configs for you switch for use with icinga2 monitoring command check_nwc_health as described here, <a href="https://gist.github.com/lazyfrosch/005c8becab82c712681c">https://gist.github.com/lazyfrosch/005c8becab82c712681c</a>. It assumes you have already configured and installed check_nwc_health under /usr/bin/nagios/plugins/.</span><br /><span style="font-family: Arial, Helvetica, sans-serif; font-size: x-small;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif; font-size: x-small;">It's helpful if you have 100s of interfaces on your switches in MDFs or IDFs.</span><br /><span style="font-family: Arial, Helvetica, sans-serif; font-size: x-small;"><br /></span><span style="font-family: Courier New, Courier, monospace; font-size: x-small;">#!/bin/bash</span><br /><span style="font-family: Courier New, Courier, monospace; font-size: x-small;">host_addr="1.1.1.1"</span><br /><span style="font-family: 'Courier New', Courier, monospace; font-size: x-small;">for i in {1..2} #module</span><br /><span style="font-family: Courier New, Courier, monospace; font-size: x-small;">do </span><br /><span style="font-family: Courier New, Courier, monospace; font-size: x-small;"> for j in {1..24} #interfaces</span><br /><span style="font-family: Courier New, Courier, monospace; font-size: x-small;"> do </span><br /><span style="font-family: Courier New, Courier, monospace; font-size: x-small;"> if_name="GigabitEthernet$i/0/$j"</span><br /><span style="font-family: Courier New, Courier, monospace; font-size: x-small;"> if_desc=`/usr/lib/nagios/plugins/check_nwc_health --hostname "$host_addr" --mode interface-status --community mysnmp --name "$if_name" | cut -d' ' -f5 | tr -d ')'`</span><br /><span style="font-family: Courier New, Courier, monospace; font-size: x-small;"> </span><br /><span style="font-family: Courier New, Courier, monospace; font-size: x-small;"> if [ "$if_desc" == "is" ]; then</span><br /><span style="font-family: Courier New, Courier, monospace; font-size: x-small;"> continue</span><br /><span style="font-family: Courier New, Courier, monospace; font-size: x-small;"> fi</span><br /><span style="font-family: Courier New, Courier, monospace; font-size: x-small;"> </span><br /><span style="font-family: Courier New, Courier, monospace; font-size: x-small;"> if_setting='</span><br /><span style="font-family: Courier New, Courier, monospace; font-size: x-small;">vars.interfaces["'"$if_name"'"] = {</span><br /><span style="font-family: Courier New, Courier, monospace; font-size: x-small;"> description = "'"$if_desc"'"</span><br /><span style="font-family: Courier New, Courier, monospace; font-size: x-small;">}'</span><br /><span style="font-family: Courier New, Courier, monospace; font-size: x-small;"> echo "$if_setting"</span><br /><span style="font-family: Courier New, Courier, monospace; font-size: x-small;"> done</span><br /><span style="font-family: Courier New, Courier, monospace; font-size: x-small;">done</span><br /><span style="font-family: Courier New, Courier, monospace; font-size: x-small;"><br /></span><span style="font-family: Courier New, Courier, monospace; font-size: x-small;">#####</span><br /><span style="font-family: Courier New, Courier, monospace; font-size: x-small;">#Port Channels</span><br /><span style="font-family: Courier New, Courier, monospace; font-size: x-small;">#####</span><br /><span style="font-family: Courier New, Courier, monospace; font-size: x-small;"><br /></span><span style="font-family: Courier New, Courier, monospace; font-size: x-small;">for i in {1..10} #Port Channel Numbers</span><br /><span style="font-family: Courier New, Courier, monospace; font-size: x-small;"> do </span><br /><span style="font-family: Courier New, Courier, monospace; font-size: x-small;"> if_name="Port-Channel$i"</span><br /><span style="font-family: Courier New, Courier, monospace; font-size: x-small;"> if_desc=`/usr/lib/nagios/plugins/check_nwc_health --hostname "$host_addr" --mode interface-status --community mysnmp --name "$if_name" | cut -d' ' -f5 | tr -d ')'`</span><br /><span style="font-family: Courier New, Courier, monospace; font-size: x-small;"> </span><br /><span style="font-family: Courier New, Courier, monospace; font-size: x-small;"> if [ "$if_desc" == "" ]; then</span><br /><span style="font-family: Courier New, Courier, monospace; font-size: x-small;"> continue</span><br /><span style="font-family: Courier New, Courier, monospace; font-size: x-small;"> fi</span><br /><span style="font-family: Courier New, Courier, monospace; font-size: x-small;"> </span><br /><span style="font-family: Courier New, Courier, monospace; font-size: x-small;"> if_setting='</span><br /><span style="font-family: Courier New, Courier, monospace; font-size: x-small;">vars.interfaces["'"$if_name"'"] = {</span><br /><span style="font-family: Courier New, Courier, monospace; font-size: x-small;"> description = "'"$if_desc"'"</span><br /><span style="font-family: Courier New, Courier, monospace; font-size: x-small;">}'</span><br /><span style="font-family: Courier New, Courier, monospace; font-size: x-small;"> echo "$if_setting"</span><br /><span style="font-family: Courier New, Courier, monospace; font-size: x-small;">done</span>computingbeenoreply@blogger.com0tag:blogger.com,1999:blog-244846930259564739.post-12673463583724538132013-05-13T10:49:00.002-04:002013-05-13T10:49:32.625-04:00Link to Windows DebuggerI always forget this link so I am adding here as a bookmark for myself.<br /><br /><a href="http://www.microsoft.com/en-us/download/details.aspx?displaylang=en&id=8279">http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=8279</a>computingbeenoreply@blogger.com2tag:blogger.com,1999:blog-244846930259564739.post-4034869983065686112013-05-03T11:29:00.003-04:002013-05-03T11:29:59.282-04:00MySql - Display tables in a database<b><span style="font-family: Arial, Helvetica, sans-serif; font-size: x-small;">Getting number of tables in a database:</span></b><br /><span style="font-family: Courier New, Courier, monospace; font-size: x-small;">select count(*) as tables from information_schema.tables where table_schema = 'dbname' </span><span style="font-family: 'Courier New', Courier, monospace; font-size: x-small;">and table_rows != 0</span><br /><span style="font-family: Courier New, Courier, monospace; font-size: x-small;"><br /></span><b><span style="font-family: Arial, Helvetica, sans-serif; font-size: x-small;">Getting tables in a database:</span></b><br /><span style="font-family: Courier New, Courier, monospace; font-size: x-small;">select * from information_schema.tables where table_schema = '</span><span style="font-family: 'Courier New', Courier, monospace; font-size: x-small;">dbname</span><span style="font-family: Courier New, Courier, monospace; font-size: x-small;">' </span><span style="font-family: 'Courier New', Courier, monospace; font-size: x-small;">and table_rows != 0</span><br /><span style="font-family: 'Courier New', Courier, monospace; font-size: x-small;"><br /></span><b><span style="font-family: Arial, Helvetica, sans-serif; font-size: x-small;">Getting tables and columns in a database:</span></b><br /><span style="font-family: 'Courier New', Courier, monospace; font-size: x-small;">SELECT table_schema,table_name,column_name, ordinal_position, column_key</span><br /><span style="font-family: Courier New, Courier, monospace; font-size: x-small;">FROM information_schema.columns WHERE table_name in (</span><br /><span style="font-family: Courier New, Courier, monospace; font-size: x-small;"> SELECT table_name</span><br /><span style="font-family: Courier New, Courier, monospace; font-size: x-small;"> FROM information_schema.tables WHERE table_schema = 'dbname' and</span><br /><span style="font-family: Courier New, Courier, monospace; font-size: x-small;"> table_rows != 0</span><br /><span style="font-family: Courier New, Courier, monospace; font-size: x-small;">)</span>computingbeenoreply@blogger.com7tag:blogger.com,1999:blog-244846930259564739.post-12570035579782727122013-05-03T11:24:00.003-04:002013-05-03T11:24:52.664-04:00PowerShell Robocopy Wrapper - RoboWrapper<span style="font-family: Arial, Helvetica, sans-serif;">Last week I was asked to help review our CTO's backup architecture for his home PCs and Windows Home Server. Apparently, he backs up his PCs to his WHS and replicate using on of the cloud based solution but when he tried to restore, he found out that his backups were corrupt because they were too large. I recommended using xcopy (older version of robocopy) which will copy full and differentials between sources and destination. Rather than write a simple batch file and run it on every machine, I told myself to write a PowerShell wrapper for robocopy and automate the process of backing up machine on a network with logging and alerting capabilities via email for any errors. Here is version 1 of the script which runs synchronously. I will post version 2 that runs asynchronously next week.</span><br /><span style="font-family: Arial;"></span><br /><br /><span style="font-family: Courier New, Courier, monospace; font-size: xx-small;">$destinationServer = "BKUPMACHINE"</span><br /><span style="font-family: Courier New, Courier, monospace; font-size: xx-small;">$destinationHardDiskLetter = "C:"</span><br /><span style="font-family: Courier New, Courier, monospace; font-size: xx-small;">$shareUsername = "Everyone"</span><br /><span style="font-family: Courier New, Courier, monospace; font-size: xx-small;">$sourceMachines = "MACHINE1","MACHINE2","MACHINE3"</span><br /><span style="font-family: Courier New, Courier, monospace; font-size: xx-small;"><br /></span><span style="font-family: Courier New, Courier, monospace; font-size: xx-small;"><br /></span><span style="font-family: Courier New, Courier, monospace; font-size: xx-small;">$mailserver = "smtp.gmail.com"</span><br /><span style="font-family: Courier New, Courier, monospace; font-size: xx-small;">$from = "from@gmail.com"</span><br /><span style="font-family: Courier New, Courier, monospace; font-size: xx-small;">$to = "to@gmail.com"</span><br /><span style="font-family: Courier New, Courier, monospace; font-size: xx-small;"><br /></span><span style="font-family: Courier New, Courier, monospace; font-size: xx-small;">$defaultDirExclusionSet = "'System Volume Information' *RECYCLE.BIN Windows* 'Program Files*' Recovery ProgramData"</span><br /><span style="font-family: Courier New, Courier, monospace; font-size: xx-small;">$defaultFileExclusionSet = "pagefile.sys hiberfil.sys *.dat.* *.TMP"</span><br /><span style="font-family: Courier New, Courier, monospace; font-size: xx-small;">$roboLog = "/LOG+:$LOGFILE`-Robocopy`-$TIMESTAMP.log"</span><br /><span style="font-family: Courier New, Courier, monospace; font-size: xx-small;">$roboMsgTypes=@{</span><br /><span style="font-family: Courier New, Courier, monospace; font-size: xx-small;">"16"="Errror"</span><br /><span style="font-family: Courier New, Courier, monospace; font-size: xx-small;">"8"="Error"</span><br /><span style="font-family: Courier New, Courier, monospace; font-size: xx-small;">"4"="Warning"</span><br /><span style="font-family: Courier New, Courier, monospace; font-size: xx-small;">"2"="Information"</span><br /><span style="font-family: Courier New, Courier, monospace; font-size: xx-small;">"1"="Information"</span><br /><span style="font-family: Courier New, Courier, monospace; font-size: xx-small;">"0"="Information"</span><br /><span style="font-family: Courier New, Courier, monospace; font-size: xx-small;">}</span><br /><span style="font-family: Courier New, Courier, monospace; font-size: xx-small;">$roboMessages=@{</span><br /><span style="font-family: Courier New, Courier, monospace; font-size: xx-small;">"16"="Serious error. robocopy did not copy any files.`n</span><br /><span style="font-family: Courier New, Courier, monospace; font-size: xx-small;">Examine the output log: $LOGFILE`-Robocopy`-$TIMESTAMP.log"</span><br /><span style="font-family: Courier New, Courier, monospace; font-size: xx-small;">"8"="Some files or directories could not be copied (copy errors occurred and the retry limit was exceeded).`n</span><br /><span style="font-family: Courier New, Courier, monospace; font-size: xx-small;">Check these errors further: $LOGFILE`-Robocopy`-$TIMESTAMP.log"</span><br /><span style="font-family: Courier New, Courier, monospace; font-size: xx-small;">"4"="Some Mismatched files or directories were detected.`n</span><br /><span style="font-family: Courier New, Courier, monospace; font-size: xx-small;">Examine the output log: $LOGFILE`-Robocopy`-$TIMESTAMP.log.`</span><br /><span style="font-family: Courier New, Courier, monospace; font-size: xx-small;">Housekeeping is probably necessary."</span><br /><span style="font-family: Courier New, Courier, monospace; font-size: xx-small;">"2"="Some Extra files or directories were detected and removed in $DESTINATION.`n</span><br /><span style="font-family: Courier New, Courier, monospace; font-size: xx-small;">Check the output log for details: $LOGFILE`-Robocopy`-$TIMESTAMP.log"</span><br /><span style="font-family: Courier New, Courier, monospace; font-size: xx-small;">"1"="New files from $SOURCE copied to $DESTINATION.`n</span><br /><span style="font-family: Courier New, Courier, monospace; font-size: xx-small;">Check the output log for details: $LOGFILE`-Robocopy`-$TIMESTAMP.log"</span><br /><span style="font-family: Courier New, Courier, monospace; font-size: xx-small;">"0"="$SOURCE and $DESTINATION in sync. No files copied.`n</span><br /><span style="font-family: Courier New, Courier, monospace; font-size: xx-small;">Check the output log for details: $LOGFILE`-Robocopy`-$TIMESTAMP.log"</span><br /><span style="font-family: Courier New, Courier, monospace; font-size: xx-small;">}</span><br /><span style="font-family: Courier New, Courier, monospace; font-size: xx-small;">$mail = New-Object Net.Mail.SmtpClient($mailserver, 587)</span><br /><span style="font-family: Courier New, Courier, monospace; font-size: xx-small;">$mail.EnableSsl = $true</span><br /><span style="font-family: Courier New, Courier, monospace; font-size: xx-small;">$mail.Credentials = New-Object System.Net.NetworkCredential("user@gmail.com", "Password");</span><br /><span style="font-family: Courier New, Courier, monospace; font-size: xx-small;"><br /></span><span style="font-family: Courier New, Courier, monospace; font-size: xx-small;">$sourceMachines | % { </span><br /><span style="font-family: Courier New, Courier, monospace; font-size: xx-small;"> $defaultShares = @()</span><br /><span style="font-family: Courier New, Courier, monospace; font-size: xx-small;"><span class="Apple-tab-span" style="white-space: pre;"> </span>$sourceHarddisks = Get-WmiObject Win32_LogicalDisk -ComputerName $_ | where {$_.DriveType -eq 3 } </span><br /><span style="font-family: Courier New, Courier, monospace; font-size: xx-small;"><span class="Apple-tab-span" style="white-space: pre;"> </span>$sourceShares = Get-WmiObject Win32_Share -ComputerName $_</span><br /><span style="font-family: Courier New, Courier, monospace; font-size: xx-small;"><span class="Apple-tab-span" style="white-space: pre;"> </span>foreach($hd in $sourceHarddisks ) {</span><br /><span style="font-family: Courier New, Courier, monospace; font-size: xx-small;"><span class="Apple-tab-span" style="white-space: pre;"> </span> foreach($sh in $sourceShares) {</span><br /><span style="font-family: Courier New, Courier, monospace; font-size: xx-small;"><span class="Apple-tab-span" style="white-space: pre;"> </span> if ($sh.Path -eq ($hd.DeviceID + "\")) {</span><br /><span style="font-family: Courier New, Courier, monospace; font-size: xx-small;"><span class="Apple-tab-span" style="white-space: pre;"> </span> $defaultShares += $sh.Name</span><br /><span style="font-family: Courier New, Courier, monospace; font-size: xx-small;"><span class="Apple-tab-span" style="white-space: pre;"> </span>}</span><br /><span style="font-family: Courier New, Courier, monospace; font-size: xx-small;"><span class="Apple-tab-span" style="white-space: pre;"> </span> }</span><br /><span style="font-family: Courier New, Courier, monospace; font-size: xx-small;"><span class="Apple-tab-span" style="white-space: pre;"> </span>}</span><br /><span class="Apple-tab-span" style="white-space: pre;"><span style="font-family: Courier New, Courier, monospace; font-size: xx-small;"> </span></span><br /><span style="font-family: Courier New, Courier, monospace; font-size: xx-small;"> Invoke-Command -ComputerName $destinationServer -ArgumentList $destinationHardDiskLetter,$_,$shareUsername -ScriptBlock { </span><br /><span style="font-family: Courier New, Courier, monospace; font-size: xx-small;"><span class="Apple-tab-span" style="white-space: pre;"> </span> # Windows ACL Helper functions </span><br /><span style="font-family: Courier New, Courier, monospace; font-size: xx-small;"><span class="Apple-tab-span" style="white-space: pre;"> </span> function Create-WMITrustee([string]$NTAccount){ </span><br /><span style="font-family: Courier New, Courier, monospace; font-size: xx-small;"><span class="Apple-tab-span" style="white-space: pre;"> </span> $user = New-Object System.Security.Principal.NTAccount($NTAccount) </span><br /><span style="font-family: Courier New, Courier, monospace; font-size: xx-small;"><span class="Apple-tab-span" style="white-space: pre;"> </span>$strSID = $user.Translate([System.Security.Principal.SecurityIdentifier]) </span><br /><span style="font-family: Courier New, Courier, monospace; font-size: xx-small;"><span class="Apple-tab-span" style="white-space: pre;"> </span>$sid = New-Object security.principal.securityidentifier($strSID) </span><br /><span style="font-family: Courier New, Courier, monospace; font-size: xx-small;"><span class="Apple-tab-span" style="white-space: pre;"> </span>[byte[]]$ba = ,0 * $sid.BinaryLength </span><br /><span style="font-family: Courier New, Courier, monospace; font-size: xx-small;"><span class="Apple-tab-span" style="white-space: pre;"> </span>[void]$sid.GetBinaryForm($ba,0) </span><br /><span style="font-family: Courier New, Courier, monospace; font-size: xx-small;"><span class="Apple-tab-span" style="white-space: pre;"> </span>$Trustee = ([WMIClass] "Win32_Trustee").CreateInstance() </span><br /><span style="font-family: Courier New, Courier, monospace; font-size: xx-small;"><span class="Apple-tab-span" style="white-space: pre;"> </span>$Trustee.SID = $ba </span><br /><span style="font-family: Courier New, Courier, monospace; font-size: xx-small;"><span class="Apple-tab-span" style="white-space: pre;"> </span>$Trustee </span><br /><span style="font-family: Courier New, Courier, monospace; font-size: xx-small;"><span class="Apple-tab-span" style="white-space: pre;"> </span> } </span><br /><span style="font-family: Courier New, Courier, monospace; font-size: xx-small;"><span class="Apple-tab-span" style="white-space: pre;"> </span> function Create-WMIAce{ </span><br /><span style="font-family: Courier New, Courier, monospace; font-size: xx-small;"><span class="Apple-tab-span" style="white-space: pre;"> </span> param( </span><br /><span style="font-family: Courier New, Courier, monospace; font-size: xx-small;"> [string]$account, </span><br /><span style="font-family: Courier New, Courier, monospace; font-size: xx-small;"> [System.Security.AccessControl.FileSystemRights]$rights </span><br /><span style="font-family: Courier New, Courier, monospace; font-size: xx-small;"><span class="Apple-tab-span" style="white-space: pre;"> </span>) </span><br /><span style="font-family: Courier New, Courier, monospace; font-size: xx-small;"><span class="Apple-tab-span" style="white-space: pre;"> </span>$trustee = Create-WMITrustee $account </span><br /><span style="font-family: Courier New, Courier, monospace; font-size: xx-small;"><span class="Apple-tab-span" style="white-space: pre;"> </span>$ace = ([WMIClass] "Win32_ace").CreateInstance() </span><br /><span style="font-family: Courier New, Courier, monospace; font-size: xx-small;"><span class="Apple-tab-span" style="white-space: pre;"> </span>$ace.AccessMask = $rights </span><br /><span style="font-family: Courier New, Courier, monospace; font-size: xx-small;"><span class="Apple-tab-span" style="white-space: pre;"> </span>$ace.AceFlags = 0 # set inheritances and propagation flags </span><br /><span style="font-family: Courier New, Courier, monospace; font-size: xx-small;"><span class="Apple-tab-span" style="white-space: pre;"> </span>$ace.AceType = 0 # set SystemAudit </span><br /><span style="font-family: Courier New, Courier, monospace; font-size: xx-small;"><span class="Apple-tab-span" style="white-space: pre;"> </span>$ace.Trustee = $trustee </span><br /><span style="font-family: Courier New, Courier, monospace; font-size: xx-small;"><span class="Apple-tab-span" style="white-space: pre;"> </span>$ace </span><br /><span style="font-family: Courier New, Courier, monospace; font-size: xx-small;"><span class="Apple-tab-span" style="white-space: pre;"> </span> } </span><br /><span style="font-family: Courier New, Courier, monospace; font-size: xx-small;"><span class="Apple-tab-span" style="white-space: pre;"> </span> $rights = [System.Security.AccessControl.FileSystemRights]"FullControl"</span><br /><span style="font-family: Courier New, Courier, monospace; font-size: xx-small;"><span class="Apple-tab-span" style="white-space: pre;"> </span> $sd = ([WMIClass] "Win32_SecurityDescriptor").CreateInstance()</span><br /><span style="font-family: Courier New, Courier, monospace; font-size: xx-small;"><span class="Apple-tab-span" style="white-space: pre;"> </span> $ace=Create-WMIAce $args[2] $rights </span><br /><span style="font-family: Courier New, Courier, monospace; font-size: xx-small;"><span class="Apple-tab-span" style="white-space: pre;"> </span> $sd.DACL += @($ace.psobject.baseobject)</span><br /><span style="font-family: Courier New, Courier, monospace; font-size: xx-small;"><span class="Apple-tab-span" style="white-space: pre;"> </span> $sd.ControlFlags="0x4"</span><br /><span style="font-family: Courier New, Courier, monospace; font-size: xx-small;"><br /></span><span style="font-family: Courier New, Courier, monospace; font-size: xx-small;"> $bkupdir = $args[0] + "\Backup\" + $args[1]</span><br /><span style="font-family: Courier New, Courier, monospace; font-size: xx-small;"> if(-not(Test-Path -Path $bkupdir)){ New-Item -Path $bkupdir -type directory -Force}</span><br /><span style="font-family: Courier New, Courier, monospace; font-size: xx-small;"><span class="Apple-tab-span" style="white-space: pre;"> </span> $wmishares=[WMICLASS]"Win32_Share"</span><br /><span style="font-family: Courier New, Courier, monospace; font-size: xx-small;"><span class="Apple-tab-span" style="white-space: pre;"> </span> $share = "name='" + $args[1] + "'"</span><br /><span style="font-family: Courier New, Courier, monospace; font-size: xx-small;"><span class="Apple-tab-span" style="white-space: pre;"> </span> if(-not(Get-WmiObject Win32_Share -filter $share )) {$wmishares.Create($bkupdir,$args[1],0,5000,"Backup Share",$null,$sd) } </span><br /><span style="font-family: Courier New, Courier, monospace; font-size: xx-small;"> }</span><br /><span class="Apple-tab-span" style="white-space: pre;"><span style="font-family: Courier New, Courier, monospace; font-size: xx-small;"> </span></span><br /><span style="font-family: Courier New, Courier, monospace; font-size: xx-small;"> #bkup every hard disk by default</span><br /><span style="font-family: Courier New, Courier, monospace; font-size: xx-small;"> foreach ($sh in $defaultShares ) {</span><br /><span style="font-family: Courier New, Courier, monospace; font-size: xx-small;"> $roboSource = "\\" + $_ + "\" + $sh</span><br /><span style="font-family: Courier New, Courier, monospace; font-size: xx-small;"><span class="Apple-tab-span" style="white-space: pre;"> </span> $roboDestin = "\\" + $destinationServer + "\" + $_ + "\" + $sh.TrimEnd("$")</span><br /><span style="font-family: Courier New, Courier, monospace; font-size: xx-small;"><span class="Apple-tab-span" style="white-space: pre;"> </span> robocopy $roboSource $roboDestin /E /ZB /COPYALL /MON:10 /MOT:30 /DCOPY:T /MT:20 $roboLog /XF $defaultFileExclusionSet /XD $defaultDirExclusionSet /XJ /R:3 /W:300 /V /FP /ETA /TEE /SAVE:DailyCopyJob</span><br /><span style="font-family: Courier New, Courier, monospace; font-size: xx-small;"><span class="Apple-tab-span" style="white-space: pre;"> </span> $exitCode = $lastExitCode</span><br /><span style="font-family: Courier New, Courier, monospace; font-size: xx-small;"><span class="Apple-tab-span" style="white-space: pre;"> </span> if ($roboMessages."$exitCode" -gt $null) {</span><br /><span style="font-family: Courier New, Courier, monospace; font-size: xx-small;"><span class="Apple-tab-span" style="white-space: pre;"> </span> Write-EventLog -LogName Application -Source "RoboWrapper" -EventID $exitCode -EntryType $roboMsgTypes."$exitCode" -Message $roboMessages."$exitCode"</span><br /><span style="font-family: Courier New, Courier, monospace; font-size: xx-small;"><span class="Apple-tab-span" style="white-space: pre;"> </span>$mail.Send($from, $to, "RoboError: " + $roboMsgTypes."$exitCode", $roboMessages."$exitCode")</span><br /><span style="font-family: Courier New, Courier, monospace; font-size: xx-small;"><span class="Apple-tab-span" style="white-space: pre;"> </span> }</span><br /><span style="font-family: Courier New, Courier, monospace; font-size: xx-small;"><span class="Apple-tab-span" style="white-space: pre;"> </span> else {</span><br /><span style="font-family: Courier New, Courier, monospace; font-size: xx-small;"><span class="Apple-tab-span" style="white-space: pre;"> </span> Write-EventLog -LogName Application -Source "RoboWrapper" -EventID $exitCode -EntryType Warning -Message "Unknown ExitCode. EventID equals ExitCode"</span><br /><span style="font-family: Courier New, Courier, monospace; font-size: xx-small;"><span class="Apple-tab-span" style="white-space: pre;"> </span>$mail.Send($from, $to, "Unknown RoboError", "Unknown ExitCode. EventID equals ExitCode")</span><br /><span style="font-family: Courier New, Courier, monospace; font-size: xx-small;"><span class="Apple-tab-span" style="white-space: pre;"> </span> }</span><br /><span style="font-family: Courier New, Courier, monospace; font-size: xx-small;"> }</span><br /><span style="font-family: Courier New, Courier, monospace; font-size: xx-small;">} </span><br /><br /><span style="font-family: Arial;"></span>computingbeenoreply@blogger.com1tag:blogger.com,1999:blog-244846930259564739.post-81525214572064085872013-05-03T11:15:00.000-04:002013-05-10T15:40:34.958-04:00Understanding Dell SSDHere are some good Dell SSD resources.<br /><br /><a href="http://www.dell.com/downloads/global/products/pvaul/en/Solid-State-Drive-FAQ-us.pdf">http://www.dell.com/downloads/global/products/pvaul/en/Solid-State-Drive-FAQ-us.pdf</a><br /><br /><a href="http://www.dell.com/downloads/global/products/pvaul/en/enterprise-hdd-sdd-specification.pdf">http://www.dell.com/downloads/global/products/pvaul/en/enterprise-hdd-sdd-specification.pdf</a><br /><br /><a href="http://www.dell.com/Learn/us/en/04/campaigns/poweredge-express-flash?c=us&l=en&s=bsd">http://www.dell.com/Learn/us/en/04/campaigns/poweredge-express-flash?c=us&l=en&s=bsd</a><br /><br /><a href="http://www.sandisk.com/business/industries/enterprise/interface-primer/">http://www.sandisk.com/business/industries/enterprise/interface-primer/</a><br /><br /><a href="http://www.dell.com/downloads/global/products/pvaul/en/dell-r720-drive-options.pdf">http://www.dell.com/downloads/global/products/pvaul/en/dell-r720-drive-options.pdf</a><br /><br /><a href="http://www.dell.com/us/business/p/fusion-io-drive/pd">http://www.dell.com/us/business/p/fusion-io-drive/pd</a><br /><br /><a href="http://www.dell.com/Learn/us/en/04/campaigns/dell-hard-drives?c=us&l=en&s=bsd">http://www.dell.com/Learn/us/en/04/campaigns/dell-hard-drives?c=us&l=en&s=bsd</a><br /><br /><a href="http://www.dell.com/Learn/us/en/19/dcm/A-look-at-server-internal-storage-options?c=us&l=en&s=dhs">http://www.dell.com/Learn/us/en/19/dcm/A-look-at-server-internal-storage-options?c=us&l=en&s=dhs</a><br /><br /><br /><br />computingbeenoreply@blogger.com0tag:blogger.com,1999:blog-244846930259564739.post-54303865588606746872012-07-04T21:00:00.002-04:002012-07-04T21:00:15.331-04:00Linux: Find your public IP from CLI<span style="font-family: Arial, Helvetica, sans-serif;">It's needed from time to time</span><br /><br /><span style="font-family: 'Courier New', Courier, monospace;">#curl ifconfig.me</span>computingbeenoreply@blogger.com0tag:blogger.com,1999:blog-244846930259564739.post-30170288340377184872012-07-04T16:02:00.002-04:002012-07-04T16:02:44.183-04:00Linux: Change user group membership onUse the following command to add user to another group.<br /><span style="font-family: 'Courier New', Courier, monospace;">#sudo usermod -G asterisk root</span><br /><br /><br />computingbeenoreply@blogger.com0tag:blogger.com,1999:blog-244846930259564739.post-18041196412065308232012-07-04T15:57:00.003-04:002012-07-04T15:57:45.082-04:00Display folder size on linuxUse this command to find folder size on linux. Output will be in KB, MB, and GB respectively.<br /><br /><span style="font-family: 'Courier New', Courier, monospace;">#sudo du -h /var</span><br /><br /><span style="font-family: 'Courier New', Courier, monospace;">56K /var/log/apt</span><br /><span style="font-family: 'Courier New', Courier, monospace;">4.0K /var/log/apparmor</span><br /><span style="font-family: 'Courier New', Courier, monospace;">54M /var/log</span><br /><span style="font-family: 'Courier New', Courier, monospace;">4.0K /var/spool/asterisk/tmp</span><br /><span style="font-family: 'Courier New', Courier, monospace;">4.0K /var/spool/asterisk/voicemail/default/1150/INBOX</span><br /><span style="font-family: 'Courier New', Courier, monospace;">16K /var/spool/asterisk/voicemail/default/1150</span><br /><span style="font-family: 'Courier New', Courier, monospace;">20K /var/spool/asterisk/voicemail/default</span><br /><span style="font-family: 'Courier New', Courier, monospace;">28K /var/spool/asterisk/voicemail</span><br /><span style="font-family: 'Courier New', Courier, monospace;">15G /var/spool/asterisk/backup/MIGRATED_Dailybackup</span><br /><span style="font-family: 'Courier New', Courier, monospace;">15G /var/spool/asterisk/backup</span><br /><span style="font-family: 'Courier New', Courier, monospace;">15G /var/spool/asterisk</span><br /><span style="font-family: 'Courier New', Courier, monospace;">8.0K /var/spool/cron/crontabs</span><br /><span style="font-family: 'Courier New', Courier, monospace;">4.0K /var/spool/plymouth</span><br /><span style="font-family: 'Courier New', Courier, monospace;">15G /var/spool</span><br /><span style="font-family: 'Courier New', Courier, monospace;">4.0K /var/tftpboot/SoundPointIPLocalization</span><br /><span style="font-family: 'Courier New', Courier, monospace;">44K /var/tftpboot/logs</span><br /><span style="font-family: 'Courier New', Courier, monospace;">4.0K /var/tftpboot/overrides</span><br /><span style="font-family: 'Courier New', Courier, monospace;">4.0K /var/tftpboot/licenses</span><br /><span style="font-family: 'Courier New', Courier, monospace;">8.0K /var/tftpboot/contacts</span><br /><span style="font-family: 'Courier New', Courier, monospace;">4.0K /var/tftpboot/languages</span><br /><span style="font-family: 'Courier New', Courier, monospace;">16M /var/tftpboot</span><br />computingbeenoreply@blogger.com0tag:blogger.com,1999:blog-244846930259564739.post-35638916742792228502012-07-04T14:04:00.003-04:002012-07-04T14:05:27.315-04:00Resize Linux File System using (LVM)<div style="font-family: Arial,Helvetica,sans-serif;">To resize a linux partition on LVM volume that has a file system on it, run these commands. </div><div style="font-family: Arial,Helvetica,sans-serif;"><br /></div><div style="font-family: "Courier New",Courier,monospace;">#lvm</div><div style="font-family: "Courier New",Courier,monospace;">lvm> lvextend -L +40G /dev/mapper/system-var</div><div style="font-family: "Courier New",Courier,monospace;">lvm> quit </div><div style="font-family: "Courier New",Courier,monospace;"><br /></div><div style="font-family: "Courier New",Courier,monospace;">#resize2fs /dev/mapper/system-var</div>computingbeenoreply@blogger.com0tag:blogger.com,1999:blog-244846930259564739.post-78537688927819267582011-10-02T23:58:00.001-04:002011-10-02T23:58:00.504-04:00Single ( Same ) Domain for Active Directory and Company Website<span style="font-family: Arial, Helvetica, sans-serif;">Almost every organization (except one) that I have worked at or done consulting complained about this issue. They want to use the same domain for Active Directory as for company's website but doing so does not allow internal users (behind the firewall) to get to the website using the top level domain format (i.e. google.com) which is hosted externally or in DMZ. This happens because AD member computers must have DNS servers set to those that reslove AD domain to domain controllers for purposes of authentication, LDAP queries, etc. Since DC doesn't have a listener for port 80, it doesn't repsond to HTTP requests.</span><br /><br /><span style="font-family: Arial, Helvetica, sans-serif;">As a workaround these organizations' IT department has to educate their users to use www or another A (HOST) record when going to company's website when sitting in the office behind the firewall. </span><span style="font-family: Arial, Helvetica, sans-serif;">However, they don't have to do this when they are outside. While it works for majority, some users get annoyed as they are used to typing top level domain format becuase it's quick and so on and so forth.</span><br /><br /><span style="font-family: Arial, Helvetica, sans-serif;">There are two solutions to this problem:</span><br /><br /><span style="font-family: Arial, Helvetica, sans-serif;"><strong>1. Well known DSN Rewrite</strong> - Unless you have Cisco firewall on your edge or another device that support this feature you are pretty much out of luck.</span><br /><br /><span style="font-family: Arial, Helvetica, sans-serif;"><strong>2. Installing Web Server on Domain Controller</strong> - Using this option will require installing a web server on your domain controllers and perform a permanant redirect to a fully qualified domain (i.e. google.com to </span><a href="http://www.google.com/"><span style="font-family: Arial, Helvetica, sans-serif;">www.google.com</span></a><span style="font-family: Arial, Helvetica, sans-serif;">) This option is not a recommended one but works just fine. </span><br /><span style="font-family: Arial, Helvetica, sans-serif;">It's not recommended because Micorsoft does not recommend installing mulitple roles on your domain controllers as a best practice for load, security, etc. However, since you will only be doing a redirect which doesn't cause server to consume many resources but you need to keep an eye on the servers to watch out for any unusual spikes after the permanent redirect. You also have be to be careful as to allow anyone from outside to connect to web servers on your DC as this may result into a security breach. Only internal users should be allowed.</span><br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/-752tzqAWmtE/ToDPPh1gTfI/AAAAAAAAAGo/V5iQ27m-EbI/s1600/IIS-HTTP-Permanent-Redirect.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" src="http://3.bp.blogspot.com/-752tzqAWmtE/ToDPPh1gTfI/AAAAAAAAAGo/V5iQ27m-EbI/s1600/IIS-HTTP-Permanent-Redirect.png" /></a></div>computingbeenoreply@blogger.com0tag:blogger.com,1999:blog-244846930259564739.post-56684127221906790852011-09-28T22:29:00.000-04:002011-09-28T22:29:00.751-04:00Workaround for VMDKs Larger than 2 TB (2048 GB)Largest virtual disk (VMDK) that VMware supports inside a virtual machine is 2TB - 512 KB unless you want to do RDM - Raw Device Mapping. However, you can get around this by spanning multiple disks inside Guest (Windows). <br /><br />To do this, you need to do the following:<br /><br />1. Create and attach 2 or more VMDKs of various sizes you want.<br />2. Start VM and go into Disk Management Utility (diskmgmt.msc)<br />3. Bring disks online and initialize. <br />4. Convert Basic disks to dynamic or the next step will do it for you.<br />4. Right click on one of the disks and click "New Spanned Volume"<br />5. Follow the wizard and assign drive letter.<br /><br />You are done.<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/-llKj5Zn9OWc/ToDG2J2f72I/AAAAAAAAAGk/3Ti076czUFE/s1600/VMDK-Larger-Than-2-TB.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="539" src="http://1.bp.blogspot.com/-llKj5Zn9OWc/ToDG2J2f72I/AAAAAAAAAGk/3Ti076czUFE/s640/VMDK-Larger-Than-2-TB.png" width="640" /></a></div>computingbeenoreply@blogger.com0tag:blogger.com,1999:blog-244846930259564739.post-91137187017842990262011-09-15T22:54:00.001-04:002011-09-15T22:54:00.047-04:00Internet Edge Design: SSL VPN Placement?<span style="color: #0b5394;"><strong><span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">Internet Edge Design: SSL VPN Placement?</span></strong></span><br /><br /><span style="color: black; font-family: Arial, Helvetica, sans-serif; font-size: small;">This is another question that arose today. Where do you want place your VPN gateway (SSL or other VPN concentrators) in you internet edge for the network? Should they be placed next to firewalls on the edge, routers, or behind the firewall? </span><br /><br /><span style="font-family: Arial;">In my opinion, VPN concentrators should be behind a firewall with OOB - Out of Band Management - capabilities, especially if it's a SSL or Web VPN device. Because, HTTP/HTTPs are proned to web based attacks like <span style="background-color: white;">ssl stripping</span> and SSL VPN has two parts (Web Server and VPN Server). </span><br /><br /><span style="font-family: Arial;">However, I would like to know what others have to say about it in the community and if there is a better approach. </span><br /><br /><span style="font-family: Arial;">Please feel free to leave you suggestions and thoughts in the comment section.</span><br /><br /><span style="font-family: Arial;">Thanks</span>computingbeenoreply@blogger.com12tag:blogger.com,1999:blog-244846930259564739.post-38829813020602706112011-09-15T00:28:00.000-04:002011-09-15T00:28:41.438-04:00How to add static ARP on a Nortel switch and other ARP operations?<span style="font-family: Arial, Helvetica, sans-serif;">Configuring ARP operations on Nortel Passport 8600 or any other Nortel switch on your network should be very easy thing but if you don't have much Nortel background, it can be a tedious task as there isn't much documentation out there for Nortel as it is for Cisco. So I thought it would be nice to post it in case someone is looking to add static ARP on their core or other Nortel switches on the Network.</span><br /><br /><span style="font-family: Arial, Helvetica, sans-serif;"><strong>Show ARP table</strong></span><br /><span style="font-family: "Courier New", Courier, monospace;">8600#show ip arp info</span><br /><br /><span style="font-family: Arial, Helvetica, sans-serif;"><strong>Clear ARP (Port or VLAN)</strong></span><br /><span style="font-family: "Courier New", Courier, monospace;">8600#clear ip arp vlan 444</span><br /><span style="font-family: "Courier New", Courier, monospace;">8600#clear ip arp port 1/4</span><br /><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><br /><span style="font-family: Arial, Helvetica, sans-serif;"><strong>Configure Static ARP (Port or VLAN)</strong></span><br /><span style="font-family: "Courier New", Courier, monospace;">8600#config ip arp add ports 1/4 ip 1.1.1.1 mac 00:00:00:44:44:44</span><br /><span style="font-family: "Courier New", Courier, monospace;">8600#config ip arp add ports 1/4 ip 1.1.1.1 mac 00:00:00:44:44:44 vlan 444</span><br /><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><br /><span style="font-family: Arial, Helvetica, sans-serif;"><strong>Delete an ARP Entry</strong></span><br /><span style="font-family: "Courier New", Courier, monospace;">8600#config ip arp delete 1.1.1.1</span><br /><br /><span style="font-family: Arial, Helvetica, sans-serif;"><strong>Set ARP Age Time</strong></span><br /><span style="font-family: "Courier New", Courier, monospace;">8600#config ip arp aging 4</span>computingbeenoreply@blogger.com0tag:blogger.com,1999:blog-244846930259564739.post-85347150473701499412011-09-14T22:36:00.005-04:002011-09-14T22:36:00.505-04:00Internet Edge Design: Single Firewall or Layered Firewalls?<span style="font-family: Arial, Helvetica, sans-serif;"><span style="color: #0b5394; font-size: large;"><strong>Internet Edge Design: Single Firewall or Layered Firewalls?</strong></span></span><br /><br /><span style="font-family: Arial, Helvetica, sans-serif;">While redesigning Internet Edge of our network many ideas came to the table. One was to use single firewall vs. layered (or dual) firewall design.</span> <br /><br /><br /><br /><br /><span style="font-family: Arial, Helvetica, sans-serif;">In my opinion and experience - if your company have the budget - opting for a layered firewall approach is a better and more secure design than just having a standalone firewall on your edge. In addition, I like to have at least different vendors for each firewall at different layers. Each firewall should be running in different mode (i.e. transparent vs routed). </span><br /><br /><span style="font-family: Arial, Helvetica, sans-serif;">In this post, I would like to know what others think? Please leave your opinions and ideas in the comment section. </span><br /><br /><span style="font-family: Arial, Helvetica, sans-serif;">Thanks</span>computingbeenoreply@blogger.com7tag:blogger.com,1999:blog-244846930259564739.post-3365789066086181742011-09-10T23:59:00.003-04:002011-09-10T23:59:00.618-04:00Internet Edge Design: Secure Web Gateway - Proxy or Not To Proxy?<span style="font-family: Arial, Helvetica, sans-serif;"><strong><span style="color: #0b5394; font-size: large;">Internet Edge Design: Proxy or Not To Proxy?</span></strong></span><span style="font-family: Arial, Helvetica, sans-serif;">We are building a new Enterprise Internet Edge for our organization and are debating whether to use a web proxy for Internet traffic or not. Here are some of the requirements we see fitting for proxy solution:</span> <br /><br /><br /><br /><br /><br /><span style="font-family: Arial, Helvetica, sans-serif;">So far we have looked at following vendors which offer both appliances and cloud-based solutions. We like the cloud based solution because it's simple. But, we have concerns about performance during peak Internet hours for our network.</span><br /><br /><span style="font-family: Arial, Helvetica, sans-serif;">-Bluecoat (Expensive + Too many appliances)</span><br /><span style="font-family: Arial, Helvetica, sans-serif;">-Websense (Very Expensive but well known and single clustered appliance)</span><br /><span style="font-family: Arial, Helvetica, sans-serif;">-Zscalar (Cloud based + Cheaper than previous two + No appliance required)</span><br /><br /><span style="font-family: Arial, Helvetica, sans-serif;">In this post I would like to see what others are doing and thinking for a web proxy solution for their network. Do you think a web proxy is still needed for a network where advanced firewalls on the edge have the capabilities to fight worms and viruses that can make their way into a network on HTTP/HTTPs ports?</span><br /><br /><span style="font-family: Arial, Helvetica, sans-serif;">Please leave your thoughts in the comment area.</span><br /><br /><span style="font-family: Arial, Helvetica, sans-serif;">Thanks</span>computingbeenoreply@blogger.com15tag:blogger.com,1999:blog-244846930259564739.post-70958108287524749592011-09-08T22:28:00.001-04:002011-09-08T22:31:55.243-04:00VMware ( vSphere and ESX ) VMDK Size Limit for NFS<span style="font-family: Arial, Helvetica, sans-serif;">There is a lot of confusion on the web about what is the largest size of a VMDK file on a NFS mounted datastore for VMware vSphere and ESX. Today, I was able to confirm that the largest vmdk you can create on an NFS mounted datastore is 2TB minus 512KB. Yes that's the same as for a VMFS formatted datastore. </span><br /><br /><span style="font-family: Arial, Helvetica, sans-serif;">There was lot confusion because I thought the size of a file on an NFS mounted export is restricted by the underlying storage device. I called both VMware and NetApp about this issue. VMware support told me what I already thought the answer was (Storage vendor restriction) and NetApp support said they are not sure and will research.</span><br /><br /><span style="font-family: Arial, Helvetica, sans-serif;">So I decided to try creating a 1.99, 2.0, 2.1, 3,4, and 5 TB vmdks on both NetApp and Windows 2008 NFS storage. I got the same error message stating</span><br /><br /><span style="font-family: "Courier New", Courier, monospace;">DiskCapControl: ... Out of Range ... ( )</span><br /><br /><span style="font-family: Arial, Helvetica, sans-serif;">for all sizes except 1.99 which is less than 2TB-512KB.</span><br /><span style="font-family: Arial, Helvetica, sans-serif;">Hopefully someone out there will find this info helpful.</span>computingbeenoreply@blogger.com7tag:blogger.com,1999:blog-244846930259564739.post-13484807578393648022011-09-05T21:37:00.000-04:002011-09-05T21:37:16.186-04:00KDC Event ID 11 - Solved<span style="font-family: Arial, Helvetica, sans-serif;">If you are creating SPN records in AD and don't take pre-cautions, you may end with duplicate SPN records. This will prevent AD users from logging on to the machine. Following event id is logged in event log.</span><br /><br /><span style="font-family: "Courier New", Courier, monospace; font-size: x-small;">Event Type: Error </span><br /><span style="font-family: "Courier New", Courier, monospace; font-size: x-small;"></span><br /><span style="font-family: "Courier New", Courier, monospace; font-size: x-small;">Event Source: KDC </span><br /><span style="font-family: "Courier New", Courier, monospace; font-size: x-small;">Event Category: None</span><br /><span style="font-family: "Courier New", Courier, monospace; font-size: x-small;">Event ID: 11</span><br /><span style="font-family: "Courier New", Courier, monospace; font-size: x-small;">Date: 4/11/2011</span><br /><span style="font-family: "Courier New", Courier, monospace; font-size: x-small;">Time: 3:57:13 PM</span><br /><span style="font-family: "Courier New", Courier, monospace; font-size: x-small;">User: N/A</span><br /><span style="font-family: "Courier New", Courier, monospace; font-size: x-small;">Computer: DC00</span><br /><span style="font-family: "Courier New", Courier, monospace; font-size: x-small;">Description:</span><br /><span style="font-family: "Courier New", Courier, monospace; font-size: x-small;">There are multiple accounts with name cifs/devap02.abc.local of type DS_SERVICE_PRINCIPAL_NAME.</span><br /><span style="font-family: "Courier New", Courier, monospace; font-size: x-small;">For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.</span><br /><span style="font-family: "Courier New", Courier, monospace;"><br /><span style="font-size: x-small;"></span></span><br /><span style="font-family: "Courier New", Courier, monospace; font-size: x-small;">Event Type: Error</span><br /><span style="font-family: "Courier New", Courier, monospace; font-size: x-small;">Event Source: KDC</span><br /><span style="font-family: "Courier New", Courier, monospace; font-size: x-small;">Event Category: None</span><br /><span style="font-family: "Courier New", Courier, monospace; font-size: x-small;">Event ID: 11</span><br /><span style="font-family: "Courier New", Courier, monospace; font-size: x-small;">Date: 4/11/2011</span><br /><span style="font-family: "Courier New", Courier, monospace; font-size: x-small;">Time: 3:31:53 PM</span><br /><span style="font-family: "Courier New", Courier, monospace; font-size: x-small;">User: N/A</span><br /><span style="font-family: "Courier New", Courier, monospace; font-size: x-small;">Computer: DC00</span><br /><span style="font-family: "Courier New", Courier, monospace; font-size: x-small;">Description:</span><br /><span style="font-family: "Courier New", Courier, monospace; font-size: x-small;">There are multiple accounts with name host/devap01.abc.local of type DS_SERVICE_PRINCIPAL_NAME.</span><br /><span style="font-family: "Courier New", Courier, monospace; font-size: x-small;">For more information, see Help and Support Center at <a href="http://go.microsoft.com/fwlink/events.asp">http://go.microsoft.com/fwlink/events.asp</a>.</span><br /><br /><span style="font-family: Arial, Helvetica, sans-serif;">Refer to this Micrsoft KB article to reslove this issue.</span><br /><a href="http://support.microsoft.com/kb/321044"><span style="font-family: Arial, Helvetica, sans-serif;">http://support.microsoft.com/kb/321044</span></a><br /><br /><span style="font-family: Arial, Helvetica, sans-serif;">Ad tools required are ldp.exe and adsi.msc.</span>computingbeenoreply@blogger.com0tag:blogger.com,1999:blog-244846930259564739.post-23824164145189364892011-09-02T10:28:00.000-04:002011-09-02T10:28:56.811-04:00NetApp Virtual Storage Console Plugin and Windows 7 64-bit<span style="font-family: Arial, Helvetica, sans-serif;">NetApp Virtual Storage Console - VSC - in vCenter would not load unless you install 32-bit version of JRE for Java. As it turns out, Virtual Infrastructure Client uses 32-bit Internet Explorer to display pages inside Windows frames. So if you have installed 64-bit of Java, you would also need to download and install 32-bit of Java. Latest version 1.7 as of the time this post was written works with NetApp VSC version 2.0.1.</span><br /><br /><span style="font-family: Arial, Helvetica, sans-serif;">Hope this helps someone out there struggling to make VSC work on a 64-bit Windows 7 machine.</span><br /><br /><span style="font-family: Arial, Helvetica, sans-serif;">Cheers!</span>computingbeenoreply@blogger.com3tag:blogger.com,1999:blog-244846930259564739.post-60831582800223906892011-08-01T22:51:00.009-04:002011-08-01T22:51:00.627-04:00Change TCP Port Range for DCOM with WMI<span style="font-family: Arial, Helvetica, sans-serif;">WMI - Windows Management Instrumentation - is used by many different type of applications for different purposes but most recently our team used it for an application to monitor file integrity on servers for PCI compliance requirement. The software we used for file integrity monitoring is called nCircle File Integrity Monitor (nFIM) from nCircle. As a security measure we decided to use non-default range of ports for WMI and DCOM. I was tasked to make WMI work with dynamic ports since nFIM utilizes DCOM to connect to a range of TCP ports. Here is how we made it work for each server.</span><br /><br /><span style="font-family: Arial;">1. Log on to the server in question</span><br /><span style="font-family: Arial;">2. Go to Administrative Tools</span><br /><span style="font-family: Arial;">3. Click on Component Services</span><br /><span style="font-family: Arial;">4. Expand Component Services tree until My Computer</span><br /><span style="font-family: Arial;">5. Right click my computer and go the tab shown in the image below</span> <br /><table cellpadding="0" cellspacing="0" class="tr-caption-container" style="float: left; margin-right: 1em; text-align: left;"><tbody><tr><td style="text-align: center;"><a href="http://4.bp.blogspot.com/-FhVbC6DJu3I/Th-z1qJclxI/AAAAAAAAAGM/-oBaZ1CJnHk/s1600/WMI-DCOM-TCP-IP-Port-Range-Component-Services.png" imageanchor="1" style="clear: left; cssfloat: left; margin-bottom: 1em; margin-left: auto; margin-right: auto;"><span style="font-family: Arial, Helvetica, sans-serif; font-size: x-small;"><img border="0" height="300" m$="true" src="http://4.bp.blogspot.com/-FhVbC6DJu3I/Th-z1qJclxI/AAAAAAAAAGM/-oBaZ1CJnHk/s400/WMI-DCOM-TCP-IP-Port-Range-Component-Services.png" width="400" /></span></a></td></tr><tr><td class="tr-caption" style="text-align: center;"><span style="font-family: Arial, Helvetica, sans-serif; font-size: x-small;">Click on image for full view</span></td></tr></tbody></table><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><span style="font-family: Arial;">You can further narrow down the security for DCOM by specifying trusted endpoints as shown in the image below.</span><br /><table cellpadding="0" cellspacing="0" class="tr-caption-container" style="float: left; margin-right: 1em; text-align: left;"><tbody><tr><td style="text-align: center;"><a href="http://2.bp.blogspot.com/-Gzts1T1UHYg/Th-1ajXB3rI/AAAAAAAAAGQ/0t2HrHzDEdI/s1600/WMI-DCOM-TCP-IP-Endpoint-Component-Services.png" imageanchor="1" style="clear: left; cssfloat: left; margin-bottom: 1em; margin-left: auto; margin-right: auto;"><img border="0" height="290" m$="true" src="http://2.bp.blogspot.com/-Gzts1T1UHYg/Th-1ajXB3rI/AAAAAAAAAGQ/0t2HrHzDEdI/s400/WMI-DCOM-TCP-IP-Endpoint-Component-Services.png" width="400" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;"><span style="font-family: Arial, Helvetica, sans-serif; font-size: x-small;">Click on image for full view</span></td></tr></tbody></table>computingbeenoreply@blogger.com6tag:blogger.com,1999:blog-244846930259564739.post-91732246350875533672011-07-28T22:52:00.001-04:002011-07-28T22:52:00.820-04:00Quick Nortel MLT (Link Aggregation) Reference<span style="font-family: Arial, Helvetica, sans-serif;">These excerpts and images were taken from Nortel Reference Manual for Passport 8600. These notes are very helpful for those who are configuring a LAG (MLT) on a Nortel Switch for the first time.</span><br /><br /><br /><table cellpadding="0" cellspacing="0" class="tr-caption-container" style="float: left; margin-right: 1em; text-align: left;"><tbody><tr><td style="text-align: center;"><a href="http://2.bp.blogspot.com/-3um8ggmfngg/Th--5mQ1eWI/AAAAAAAAAGU/Ssr4MD8Mnhs/s1600/IEEE-LACP-vs-Nortel-MLT-with-LACP.png" imageanchor="1" style="clear: left; cssfloat: left; margin-bottom: 1em; margin-left: auto; margin-right: auto;"><img border="0" height="292" m$="true" src="http://2.bp.blogspot.com/-3um8ggmfngg/Th--5mQ1eWI/AAAAAAAAAGU/Ssr4MD8Mnhs/s400/IEEE-LACP-vs-Nortel-MLT-with-LACP.png" width="400" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;"><span style="font-family: Arial, Helvetica, sans-serif;">Click image for full view</span></td></tr></tbody></table><br /><span style="font-family: Arial, Helvetica, sans-serif;"><em>IEEE 802.3ad-based link aggregation, through the Link Aggregation Control Protocol (LACP), supports a dynamic link aggregation function as they become available to a trunk group. LACP dynamically detects when links can be aggregated into a link aggregation group (LAG) and does so as links become available. LACP also provides link integrity checking at Layer 2 for all links within the LAG.</em></span><br /><span style="font-family: Arial, Helvetica, sans-serif;"></span><br /><br /><br /><br /><span style="background-color: white; color: #6fa8dc; font-family: Arial, Helvetica, sans-serif;"><strong>Supported Link Aggregation Types:</strong></span><br /><span style="font-family: Arial, Helvetica, sans-serif;">- MLT with LACP</span><br /><span style="font-family: Arial, Helvetica, sans-serif;">- MLT : statically configured link bundling</span><br /><span style="font-family: Arial, Helvetica, sans-serif;">- SMLT</span><br /><br /><span style="font-family: Arial, Helvetica, sans-serif;">Virtual LACP (VLACP) is a Nortel modification that provides end-to-end</span><br /><span style="font-family: Arial, Helvetica, sans-serif;">failure detection. VLACP is not a link aggregation protocol; You can run VLACP on single ports or on ports that are part of a MLT.</span><br /><br /><span style="font-family: Arial, Helvetica, sans-serif;">MLT provides module redundancy via Distributed MultiLink Trunking (DMLT). DMLT allows you to aggregate similar ports from different modules.</span><br /><span style="color: #6aa84f; font-family: Arial, Helvetica, sans-serif;">- Nortel recommends that LACP not be configured on the IST MLT.</span><br /><span style="color: #6aa84f; font-family: Arial, Helvetica, sans-serif;">- Nortel recommends that you do not configure VLACP on LACP-enabled ports. VLACP does not operate properly with LACP. You can configure VLACP with any SMLT configuration.</span><br /><span style="color: #6aa84f; font-family: Arial, Helvetica, sans-serif;">- Nortel recommends always using DMLT when possible.</span><br /><br /><span style="color: #6fa8dc; font-family: Arial, Helvetica, sans-serif;"><strong>MLT and MLT with LACP configuration rules:</strong></span><br /><span style="font-family: Arial, Helvetica, sans-serif;">• MLT is supported on 10BASE-T, 100BASE-TX, 100Base-FX, Gigabit Ethernet, and 10 Gigabit Ethernet module ports.</span><br /><span style="font-family: Arial, Helvetica, sans-serif;">• All MultiLink trunk ports must have the same speed and duplex settings, even when auto-negotiation is set.</span><br /><span style="font-family: Arial, Helvetica, sans-serif;">• The media type of MLT ports can be different; a mix of copper and fiber are allowed.</span><br /><span style="font-family: Arial, Helvetica, sans-serif;">• All MultiLink trunk ports must be in the same STG unless the port is tagged. Tagging allows ports to belong to multiple STGs, as well as multiple VLANs.</span><br /><span style="font-family: Arial, Helvetica, sans-serif;">• MLT is compatible with Spanning Tree Protocol (STP), Multiple Spanning Tree Protocol (MSTP) (IEEE 802.1s), and Rapid Spanning Tree Protocol (RSTP) (IEEE 802.1w).</span><br /><span style="font-family: Arial, Helvetica, sans-serif;">• Tagging (IEEE 802.1Q) is supported on a MultiLink trunk.</span><br /><span style="font-family: Arial, Helvetica, sans-serif;">• MLT ports can span modules, providing module redundancy.</span><br /><span style="font-family: Arial, Helvetica, sans-serif;">• Apply filters individually to each port in a MultiLink trunk.</span><br /><span style="font-family: Arial, Helvetica, sans-serif;"><em>If identical BPDUs are received on all ports, the MultiLink trunk mode is forwarding. You can disable the Nortel STP (ntstg <enable disable="">) if you do not want to receive BPDUs on all ports.</em></span><br /><br /><span style="color: #6fa8dc; font-family: Arial, Helvetica, sans-serif;"><strong>LAG rules:</strong></span><br /><span style="font-family: Arial, Helvetica, sans-serif;">• All LAG ports operate in full-duplex mode.</span><br /><span style="font-family: Arial, Helvetica, sans-serif;">• All LAG ports operate at the same data rate.</span><br /><span style="font-family: Arial, Helvetica, sans-serif;">• Assign all LAG ports in the same VLANs.</span><br /><span style="font-family: Arial, Helvetica, sans-serif;">• Link aggregation is compatible with the STP, MSTP, and RSTP.</span><br /><span style="font-family: Arial, Helvetica, sans-serif;">• Assign all ports in an LAG to the same STP groups.</span><br /><span style="font-family: Arial, Helvetica, sans-serif;">• Ports in an LAG can exist on different modules.</span><br /><span style="font-family: Arial, Helvetica, sans-serif;">• For Gigabit and 10 Gigabit ports, you can use link aggregation groups 1 to 31.</span><br /><span style="font-family: Arial, Helvetica, sans-serif;">• For Fast Ethernet ports, you can use link aggregation groups 1 to 7 only.</span><br /><span style="font-family: Arial, Helvetica, sans-serif;">• Each LAG supports a maximum of eight active links.</span><br /><span style="font-family: Arial, Helvetica, sans-serif;">• Each LAG supports a maximum of eight standby links.</span><br /><span style="font-family: Arial, Helvetica, sans-serif;">• After a MultiLink trunk is configured with LACP, you cannot add or delete ports or VLANs manually without first disabling LACP.</span><br /><br /><span style="font-family: Arial, Helvetica, sans-serif;">SMLT is an option that improves Layer 2 and Layer 3 resiliency. These SMLT switches form a Switch Cluster and are referred to as an IST Core Switch pair</span><br /><span style="font-family: Arial, Helvetica, sans-serif;">Switch Clusters are always formed as a pair, but pairs of clusters can be combined in either a square of full-mesh fashion to increase the size and port density of the Switch Cluster.</span><br /><span style="font-family: Arial, Helvetica, sans-serif;"><em>When configured in a Layer 3 or routed topology, the configuration is referenced as Routed SMLT (RSMLT).</em></span><br /><br /><ul><li><span style="font-family: Arial, Helvetica, sans-serif;">Before you reboot a switch that is the LACP master, you must configure the LACP system ID globally to prevent an RSMLT failure.</span></li><li><span style="font-family: Arial, Helvetica, sans-serif;">A properly designed SMLT network inherently does not have any logical loops.</span></li><li><span style="font-family: Arial, Helvetica, sans-serif;">SMLT solves the spanning tree problem by combining two aggregation switches into one logical MLT entity, thus making it transparent to any type of edge switch. In the process, it provides quick convergence, while load sharing across all available trunks.</span></li></ul><span style="color: #6fa8dc; font-family: Arial, Helvetica, sans-serif;"><strong>Single Port SMLT rules:</strong></span><br /><span style="font-family: Arial, Helvetica, sans-serif;">• The dual-homed device that connects to the aggregation switches must support MLT.</span><br /><span style="font-family: Arial, Helvetica, sans-serif;">• Single-port SMLT is supported on Ethernet ports.</span><br /><span style="font-family: Arial, Helvetica, sans-serif;">• Each single-port SMLT is assigned an SMLT ID from 1 to 512.</span><br /><span style="font-family: Arial, Helvetica, sans-serif;">• You can designate Single Port SMLT ports as Access or Trunk (IEEE 802.1Q tagged or not); changing the type does not affect behavior.</span><br /><span style="font-family: Arial, Helvetica, sans-serif;">• You cannot change a Single Port split MultiLink trunk to an MLT-based split MultiLink trunk by adding additional ports. You must delete the single port split MultiLink trunk and reconfigure the port as SMLT/MLT.</span><br /><span style="font-family: Arial, Helvetica, sans-serif;">• You cannot change an MLT-based split MultiLink trunk into a single port split MultiLink trunk by deleting all ports except one. You must remove the SMLT/MLT and reconfigure the port as Single Port SMLT.</span><br /><span style="font-family: Arial, Helvetica, sans-serif;">• You cannot configure a port as an MLT-based SMLT and as single-port SMLT at the same time.</span><br /><span style="font-family: Arial, Helvetica, sans-serif;">• Two or more aggregation switches can have single port Split MultiLink trunk with the same IDs. You can have as many single port Split MultiLink trunk as there are a available ports on the switch.</span><br /><span style="font-family: Arial, Helvetica, sans-serif;">• LACP is supported on single port SMLT.</span><br /><br /><span style="color: red; font-family: Arial, Helvetica, sans-serif;"><em>Simple Loop Prevention Protocol (SLPP) is used to prevent loops in a SMLT network. SLPP is focused on SMLT networks but works with other configurations. Nortel recommends that you always use SLPP in any SMLT environment. SLPP requires the use of 4.0.x code or higher.</em></span><br /><br /><span style="color: #6fa8dc; font-family: Arial, Helvetica, sans-serif;"><strong>MLT with LACP configuration considerations</strong></span><br /><span style="font-family: Arial, Helvetica, sans-serif;">When you configure standard-based link aggregation, you must enable the aggregation parameter. After you enable the aggregation parameter, the LACP aggregator is mapped one-to-one to the specified MultiLink trunk.</span><br /><br /><span style="font-family: Arial, Helvetica, sans-serif;">Perform the following steps to configure an LAG:</span><br /><span style="font-family: Arial, Helvetica, sans-serif;">1. Assign a numeric key to the ports you want to include in the LAG.</span><br /><span style="font-family: Arial, Helvetica, sans-serif;">2. Configure port aggregation to true.</span><br /><span style="font-family: Arial, Helvetica, sans-serif;">3. Enable LACP on the port.</span><br /><span style="font-family: Arial, Helvetica, sans-serif;">4. Create an MultiLink trunk and assign the same key as in step 1 to it. The MultiLink trunk/LAG only aggregates ports whose key matches its own. The newly created MultiLink trunk or LAG adopts the VLAN membership of its member ports when the first port is attached to the aggregator associated with this LAG. When a port detaches from an aggregator, the associated LAG port deletes the member from its list. After a MultiLink trunk is configured with LACP, you cannot add or delete ports or VLANs manually without first disabling LACP. To enable tagging on ports belonging to a LAG, disable LACP on the port and then enable tagging and LACP on the port.</span><br /><br /><span style="font-family: Arial, Helvetica, sans-serif;"><strong><span style="color: #6fa8dc;">MLT with LACP and SMLT configuration considerations</span></strong> </span><br /><div></div><span style="font-family: Arial, Helvetica, sans-serif;">Split MultiLinkTrunks (SMLT) can be configured with MLT or MLT with LACP. Follow these guidelines when you configure SMLT with LACP:</span><br /><span style="font-family: Arial, Helvetica, sans-serif;">• When you set the LACP system ID for SMLT, configure the same LACP SMLT system ID on both aggregation switches to avoid the loss of data. Nortel recommends that you configure the LACP SMLT system ID to be the base MAC address of one of the aggregate switches, and that you include the SMLT-ID. Ensure that the same System ID is configured on both of the SMLT core aggregation switches.</span><br /><span style="font-family: Arial, Helvetica, sans-serif;">• If you use LACP in an SMLT square configuration, the LACP ports must have the same keys for that SMLT LAG; otherwise, the aggregation can fail if a switch fails.</span><br /><span style="font-family: Arial, Helvetica, sans-serif;">• If an SMLT aggregation switch has LACP enabled on some of its MultiLink trunks, do not change the LACP system priority. If some ports do not enter the desired MultiLink trunk after a dynamic configuration change, enter the following CLI command:</span><br /><span style="color: #6aa84f; font-family: "Courier New", Courier, monospace;">config mlt <mlt-id>lacp clear-link-aggrgate</span><br /><span style="font-family: Arial, Helvetica, sans-serif;">• When you configure SMLT links, Nortel recommends that you set the multicast packets-per-second value to 6000 pps.</span><br /><span style="font-family: Arial, Helvetica, sans-serif;">• Nortel recommends that you do not enable LACP on interswitch trunks to avoid unnecessary processing. Use VLACP if a failure detection mechanism is required when there is an optical network between the SMLT core switches.</span><br /><br /> <table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="float: left; margin-right: 1em; text-align: left;"><tbody><tr><td style="text-align: center;"><a href="http://4.bp.blogspot.com/-zQhNpTxgpnU/Th-_mPxUC-I/AAAAAAAAAGc/DQi61Ngc4lk/s1600/Nortel-MLT-Link-Aggregation-Sublayer-Details.png" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" height="345" m$="true" src="http://4.bp.blogspot.com/-zQhNpTxgpnU/Th-_mPxUC-I/AAAAAAAAAGc/DQi61Ngc4lk/s400/Nortel-MLT-Link-Aggregation-Sublayer-Details.png" width="400" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;"><span style="font-family: Arial, Helvetica, sans-serif;">Click image for full view</span></td></tr></tbody></table> <br /><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="float: left; margin-right: 1em; text-align: left;"><tbody><tr><td style="text-align: center;"><a href="http://1.bp.blogspot.com/-O0brASFEkms/Th-_TYBlQzI/AAAAAAAAAGY/Id3FwkftI2I/s1600/Traffic-Distribution-Nortel-MLT-Trunk.png" imageanchor="1" style="clear: left; cssfloat: left; margin-bottom: 1em; margin-left: auto; margin-right: auto;"><img border="0" height="243" m$="true" src="http://1.bp.blogspot.com/-O0brASFEkms/Th-_TYBlQzI/AAAAAAAAAGY/Id3FwkftI2I/s400/Traffic-Distribution-Nortel-MLT-Trunk.png" width="400" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;"><span style="font-family: Arial, Helvetica, sans-serif; font-size: x-small;">Click image for full view</span><br /><br /><br /></td></tr></tbody></table>computingbeenoreply@blogger.com1tag:blogger.com,1999:blog-244846930259564739.post-35069537678542888212011-07-24T02:09:00.000-04:002011-07-24T02:09:06.245-04:00Cisco Nexus 1000v Gotchas!<span style="color: #3d85c6; font-family: Arial, Helvetica, sans-serif;"><strong><em>Have you deployed the new Cisco N1KV yet or thinking about doing it?</em></strong></span><br /><br /><span style="font-family: Arial;">There are many online tutorials and of course Cisco documentation is great and very useful as always for installing and setting up Nexus 1000v distributed virtual switch. However, nothing beats first hand experience of testing, playing and implementing a new technology in production environment. That's why I though I should share some of the important points and guidelines from my experience for installing N1KV in our VMWare environment. It was a hassle to get it right but once done it turned out to be the next greatest thing in virtual Networking for us.</span><br /><br /><span style="font-family: Arial;">1. <strong><span style="color: #38761d;">VLANs:</span></strong> As you probably read it, you need several new private VLANS (Control, Packet, and Management) for N1KV and these have to exists on the system uplink. However, you also need to put vCenter and vMotion VLANs on the system uplink port-profile as well. To do so, do the following:</span><br /><br /><span style="font-family: "Courier New", Courier, monospace;">N1KV84(config)#port-profile type ethernet system-uplink</span><br /><span style="font-family: "Courier New", Courier, monospace;">N1KV84(config)#switchport mode trunk</span> <br /><span style="font-family: "Courier New", Courier, monospace;"></span><br /><span style="font-family: "Courier New", Courier, monospace;">N1KV84(config)#switchport trunk allowed vlan 111,113,249,261-262</span><br /><br /><span style="font-family: Arial, Helvetica, sans-serif;">Here,</span><br /><br /><span style="font-family: Arial, Helvetica, sans-serif;">VLAN-111 is vCenter Management VLAN</span><br /><span style="font-family: Arial, Helvetica, sans-serif;">VLAN-113 is vMotion VLAN</span><br /><span style="font-family: Arial, Helvetica, sans-serif;">VLAN-249 is for Nexus 1000v Management IP (<em>This VLAN can be same as for vCenter but we chose it to be different since we have dedicated management VLAN in our environment.)</em></span><br /><span style="font-family: Arial, Helvetica, sans-serif;">VLAN-261 Control</span><br /><span style="font-family: Arial, Helvetica, sans-serif;">VLAN-262 Packet</span><br /><span style="font-family: Arial;"></span> <br /><span style="font-family: Arial;"><strong><span style="color: #38761d;">2.</span></strong> <strong><span style="color: #38761d;">How many N1KV dvSwitches do I need for my VMware environment?</span></strong></span><br /><span style="font-family: Arial;">First of all you should know that you need 2 VSM - Virtual Supervisor Module - virtual machines (VMs) per N1KV. </span><span style="font-family: Arial;">This will vary from environment to environment but for our environment, we created 2 N1KV swtiches across two datacenters with each datacenter hosting 3-4 clusters. </span><br /><span style="font-family: Arial;">Also, our datacenters are separated at physical boundaries so it made more sense for us to have 2 dvSwitches. Otherwise if we chose 1 per cluster, we will be creating 16 VSM - Virtual Supervisor Engine - VMs which I think is an overkill.</span><br /><br /><span style="font-family: Arial;"><span style="color: #38761d;"><strong>3.</strong></span> <span style="color: #38761d;"><strong>NLB - Network Load Balancing: </strong></span></span><br /><span style="font-family: Arial, Helvetica, sans-serif;">If you currently have Windows Network Load Balancing in your VMware environment, you will have to disable IGMP snooping in Nexus 1000v on VLANs to which NLB VIP (Virtual IP) is bound or to which vNIC (port group) NLB enabled VMs are connected. <em>Further, remember that only multicast and IGMP-mulitcast are supported on Nexus 1000v distributed virtual switch. Unicast is not supported on Nexus 1000v.</em></span><br /><br /><span style="font-family: Arial;"><strong><span style="color: #38761d;">4. LACP (No static LAGs):</span></strong> You can't create static LAG- Link Aggregation - between a physical switch (or stack) and Nexus 1000v to achieve higher bandwidth and port redundancy. To achieve more than 1 Gbps speed, you must enable LACP feature in Nexus using following command:</span><br /><br /><span style="font-family: "Courier New", Courier, monospace;"> N1KV84(config)# feature lacp</span><br /><br /><span style="font-family: Arial, Helvetica, sans-serif;">Then configure / activate LACP on ethernet port-profile like this:</span><br /><br /><span style="font-family: Courier New;"> N1KV84(config)#port-profile type ethernet system-uplink</span><span style="font-family: "Courier New", Courier, monospace;"> N1KV84(config)#vmware port-group</span><span style="font-family: "Courier New", Courier, monospace;"><br /></span><span style="font-family: "Courier New", Courier, monospace;"> N1KV84(config)#channel-group auto mode active</span><br /><br /><span style="font-family: Arial, Helvetica, sans-serif;">Make sure LACP is also enabled on physical switch / stack as passive on ports connected to Nexus 1000v.</span><br /><span style="font-family: Courier New;"></span> <br /><span style="font-family: Arial;"><strong><span style="color: #38761d;">5. Persistent Connections across Host (Server) reboots:</span></strong> </span><br /><span style="font-family: Arial;">To make sure that upstream connectivity stay intact during normal reboots or server failures, you need to define certain VLANs as system VLANs for uplinks configured as trunks. These include:</span> <br /><span style="font-family: Arial;"></span> <br /><span style="font-family: Arial;"> </span><span style="font-family: Arial, Helvetica, sans-serif;">A. vMotion, vCenter, Control, Packet, and Management for system uplink</span> <br /><span style="font-family: Arial;"></span> <br /><span style="font-family: Arial;"> <span style="font-family: "Courier New", Courier, monospace;">N1KV84(config)#port-profile type ethernet system-uplink</span> </span><span style="font-family: "Courier New", Courier, monospace;"> N1KV84(config)#system vlan 111,113,249,261-262</span> <br /><span style="font-family: "Courier New", Courier, monospace;"> N1KV84(config)#vmware port-group</span><br /><br /> <br /><span style="font-family: Courier New;"> </span><span style="font-family: Arial, Helvetica, sans-serif;">B. Storage VLAN on storage uplink(s) for iSCSI or NFS</span> <br /> <br /><span style="font-family: Arial;"><span style="font-family: "Courier New", Courier, monospace;"> N1KV84(config)#port-profile type ethernet storage-uplink-iscsi</span> </span> <br /><span style="font-family: "Courier New", Courier, monospace;"> N1KV84(config)#vmware port-group</span><br /><span style="font-family: "Courier New", Courier, monospace;"> N1KV84(config)#switchport mode access</span><br /><span style="font-family: "Courier New", Courier, monospace;"> N1KV84(config)#switchport access vlan 321</span><br /><span style="font-family: "Courier New", Courier, monospace;"> N1KV84(config)#mtu 9000</span><br /><span style="font-family: "Courier New", Courier, monospace;"> N1KV84(config)#no shutdown</span><br /><span style="font-family: "Courier New", Courier, monospace;"> N1KV84(config)#system vlan 321</span> <br /><span style="font-family: Courier New;"></span> <br /><span style="font-family: "Courier New", Courier, monospace;"> N1KV84(config)#port-profile type ethernet storage-uplink-nfs</span> <br /><span style="font-family: "Courier New", Courier, monospace;"> N1KV84(config)#vmware port-group</span><br /><span style="font-family: "Courier New", Courier, monospace;"> N1KV84(config)#switchport mode access</span><br /><span style="font-family: "Courier New", Courier, monospace;"> N1KV84(config)#switchport access vlan 320</span><br /><span style="font-family: "Courier New", Courier, monospace;"> N1KV84(config)#mtu 9000</span><br /><span style="font-family: "Courier New", Courier, monospace;"> N1KV84(config)#channel-group auto mode active</span><br /><span style="font-family: "Courier New", Courier, monospace;"> N1KV84(config)#no shutdown</span><br /><span style="font-family: "Courier New", Courier, monospace;"> N1KV84(config)#system vlan 320</span><br /><span style="font-family: "Courier New", Courier, monospace;"> N1KV84(config)#max-ports 32</span><br /><span style="font-family: "Courier New", Courier, monospace;"> N1KV84(config)#state enabled</span> <br /> <br /> C. Any VLAN(s) used for for data uplinks <br /> <br /> D. You don't need to define system vlans for access ports. <br /> <br /><span style="font-family: Arial;"><strong><span style="color: #38761d;">6. </span><span style="color: #38761d;"><span style="color: #38761d;">VSM</span> Management IP Address</span></strong> - Make sure you assign the same management IP address during the installation of both VSMs.</span> <br /><span style="font-family: Arial;"></span> <br /><span style="font-family: Arial;"><strong><span style="color: #38761d;">7. L2/L3 (Layer 2 or Layer 3)</span></strong> - During the setup you will be asked to configure N1KV for L2 or L3 mode. If your upstream physical switch to which Nexus 1000v will directly connect is running as L2 mode (no routing) then you should configure N1KV in L2 mode otherwise if upstream switch is running in Layer 3 mode (switching as well as routing) then configure Nexus in L3 mode. Our was L2.</span><br /><br /><span style="font-family: Arial;">8. Finally, start with latest version of Nexus 1000v because earlier releases are buggy. If because of you ESX/ESXi version you can't install latest version then read the release notes and install any patches available.</span><br /><br /><span style="font-family: Arial;">Hope after reading this post your experience with N1KV won't be as rocky as mine. :-)</span>computingbeenoreply@blogger.com4tag:blogger.com,1999:blog-244846930259564739.post-15896732329406998432011-07-23T01:14:00.002-04:002011-07-23T01:14:00.927-04:00How to disable IGMP snooping on Nexus 1000v when using Microsoft NLB in IGMP multicast mode?<span style="font-family: Arial, Helvetica, sans-serif;">If you have Cisco Nexus 1000v distributed virtual switch in your VMware virtual environment and you have virtual machines (VMs) running Microsoft NLB (Network Load Balancing) in IGMP multicast mode, then you will need to disable IGMP snooping on N1KV to allow multicast traffic to pass through on the VLAN for those NLB VMs. By default IGMP snooping is enabled on all VLANs in Cisco Nexus 1000v, which is a good thing. </span><br /><br /><span style="font-family: Arial, Helvetica, sans-serif;">Here is the command to disable IGMP snooping on N1KV on let's say VLAN 100.</span><br /><br /><span style="font-family: "Courier New", Courier, monospace;">N1KV#config t</span><br /><span style="font-family: "Courier New", Courier, monospace;">N1KV(config)#vlan 100</span><br /><span style="font-family: "Courier New", Courier, monospace;">N1KV84(config-vlan)# no ip igmp snooping</span><br /><span style="font-family: Courier New;">N1KV84(config-vlan)#copy run start</span><br /><span style="font-family: Courier New;">N1KV84(config-vlan)#exit</span><br /><br /><em>Note: Nexus 1000v doesn't support MS NLB in Unicast mode.</em>computingbeenoreply@blogger.com1tag:blogger.com,1999:blog-244846930259564739.post-81291311327870536182011-07-22T22:25:00.001-04:002011-07-22T22:25:00.910-04:00Dell OpenManage 6.3 on ESXi 4.1<span style="font-family: Arial, Helvetica, sans-serif;">You will need to set following advance option and reboot ESXi host after installing OpenManage 6.3.</span><br /><br /><span style="font-family: "Courier New", Courier, monospace;">UserVars.CIMoemProviderEnabled to 1</span><br /><br /><table cellpadding="0" cellspacing="0" class="tr-caption-container" style="float: left; margin-right: 1em; text-align: left;"><tbody><tr><td style="text-align: center;"><a href="http://4.bp.blogspot.com/-9nR8UcMWmRI/TiD3Hl8UiRI/AAAAAAAAAGg/MUPSNBwuFuU/s1600/OpenManage-ESXi.PNG" imageanchor="1" style="clear: left; cssfloat: left; margin-bottom: 1em; margin-left: auto; margin-right: auto;"><img border="0" height="265" m$="true" src="http://4.bp.blogspot.com/-9nR8UcMWmRI/TiD3Hl8UiRI/AAAAAAAAAGg/MUPSNBwuFuU/s320/OpenManage-ESXi.PNG" width="320" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;"><span style="font-family: Arial, Helvetica, sans-serif;">click image for full view</span></td></tr></tbody></table>computingbeenoreply@blogger.com0tag:blogger.com,1999:blog-244846930259564739.post-19802041879557262182011-07-15T23:50:00.001-04:002011-07-15T23:50:00.127-04:00NetApp 3140 FilerView Not Working with Java 1.6 and SSL (HTTPS) - Workaround<span style="font-family: Arial, Helvetica, sans-serif;">Recently got my new NetApp 3140 FAS series unit running Data ONTAP 8.0.1. I wanted to see different ways to manage it (i.e. CLI, NSM, and Browser). It turned out everything worked with web management except any Java applets with SSL on HTTPs. It turned out that Java 6 JRE didn't like the code since FilerView applets are written using Java 1.4 JRE classes. After some trial and error with trying JRE 1.6.x, 1.5.x I finally got it working with Java 1.4 JRE. Here is the exception stack trace that JRE 1.6 kept throwing because it couldn't load the right library due to not able to process SSL library correctly.</span><br /><br /><span style="font-family: "Courier New", Courier, monospace;">Java Plug-in 1.6.0_07</span><br /><span style="font-family: "Courier New", Courier, monospace;">Using JRE version 1.6.0_07 Java HotSpot(TM) Client VM</span><br /><span style="font-family: "Courier New", Courier, monospace;">User home directory = C:\Documents and Settings\</span><br /><span style="font-family: "Courier New", Courier, monospace;">----------------------------------------------------</span><br /><span style="font-family: "Courier New", Courier, monospace;">c: clear console window</span><br /><span style="font-family: "Courier New", Courier, monospace;">f: finalize objects on finalization queue</span><br /><span style="font-family: "Courier New", Courier, monospace;">g: garbage collect</span><br /><span style="font-family: "Courier New", Courier, monospace;">h: display this help message</span><br /><span style="font-family: "Courier New", Courier, monospace;">l: dump classloader list</span><br /><span style="font-family: "Courier New", Courier, monospace;">m: print memory usage</span><br /><span style="font-family: "Courier New", Courier, monospace;">o: trigger logging</span><br /><span style="font-family: "Courier New", Courier, monospace;">p: reload proxy configuration</span><br /><span style="font-family: "Courier New", Courier, monospace;">q: hide console</span><br /><span style="font-family: "Courier New", Courier, monospace;">r: reload policy configuration</span><br /><span style="font-family: "Courier New", Courier, monospace;">s: dump system and deployment properties</span><br /><span style="font-family: "Courier New", Courier, monospace;">t: dump thread list</span><br /><span style="font-family: "Courier New", Courier, monospace;">v: dump thread stack</span><br /><span style="font-family: "Courier New", Courier, monospace;">x: clear classloader cache</span><br /><span style="font-family: "Courier New", Courier, monospace;">0-5: set trace level to <n></span><br /><span style="font-family: "Courier New", Courier, monospace;">----------------------------------------------------</span><br /><span style="font-family: "Courier New", Courier, monospace;">load: class com.netapp.meter.HealthMonitor not found.</span><br /><span style="font-family: "Courier New", Courier, monospace;">java.lang.ClassNotFoundException: com.netapp.meter.HealthMonitor</span><br /><span style="font-family: "Courier New", Courier, monospace;">at sun.applet.AppletClassLoader.findClass(Unknown Source)</span><br /><span style="font-family: "Courier New", Courier, monospace;">at java.lang.ClassLoader.loadClass(Unknown Source)</span><br /><span style="font-family: "Courier New", Courier, monospace;">at sun.applet.AppletClassLoader.loadClass(Unknown Source)</span><br /><span style="font-family: "Courier New", Courier, monospace;">at java.lang.ClassLoader.loadClass(Unknown Source)</span><br /><span style="font-family: "Courier New", Courier, monospace;">at sun.applet.AppletClassLoader.loadCode(Unknown Source)</span><br /><span style="font-family: "Courier New", Courier, monospace;">at sun.applet.AppletPanel.createApplet(Unknown Source)</span><br /><span style="font-family: "Courier New", Courier, monospace;">at sun.plugin.AppletViewer.createApplet(Unknown Source)</span><br /><span style="font-family: "Courier New", Courier, monospace;">at sun.applet.AppletPanel.runLoader(Unknown Source)</span><br /><span style="font-family: "Courier New", Courier, monospace;">at sun.applet.AppletPanel.run(Unknown Source)</span><br /><span style="font-family: "Courier New", Courier, monospace;">at java.lang.Thread.run(Unknown Source)</span><br /> <br /><span style="font-family: Arial, Helvetica, sans-serif;">Here is the screenshot of error message in Internet Explorer.</span> <br /><br /><table cellpadding="0" cellspacing="0" class="tr-caption-container" style="float: left; margin-right: 1em; text-align: left;"><tbody><tr><td style="text-align: center;"><a href="http://3.bp.blogspot.com/-PaFPdGrC2Fs/Th-teMOny_I/AAAAAAAAAGI/CMpVmHz-q9M/s1600/NetApp-FilerView-Java_1.6-SSL-HTTPs-Error.png" imageanchor="1" style="clear: left; cssfloat: left; margin-bottom: 1em; margin-left: auto; margin-right: auto;"><img border="0" height="245" m$="true" src="http://3.bp.blogspot.com/-PaFPdGrC2Fs/Th-teMOny_I/AAAAAAAAAGI/CMpVmHz-q9M/s400/NetApp-FilerView-Java_1.6-SSL-HTTPs-Error.png" width="400" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">Click on image for full size view</td></tr></tbody></table> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /><span style="font-family: Arial, Helvetica, sans-serif;">So in my opinion CLI is the best way to manage all your NetApp filers but if you are not command-line savvy and want to use browser, make sure you install Java 1.4 on your system where you will be accessing NetApp FilerView. I hope NetApp will fix this in later releases of Data OnTAP.</span>computingbeenoreply@blogger.com5