Subscribe: theangryangel.co.uk
http://theangryangel.co.uk/index.php?/feeds/index.rss2
Added By: Feedage Forager Feedage Grade B rated
Language: English
Tags:
aerofs  boot  box  configuration  device  file  find  hyper  ldquo  mtd  rdquo  server  time  user  virtual machine  windows 
Rate this Feed
Rate this feedRate this feedRate this feedRate this feedRate this feed
Rate this feed 1 starRate this feed 2 starRate this feed 3 starRate this feed 4 starRate this feed 5 star

Comments (0)

Feed Details and Statistics Feed Statistics
Preview: theangryangel.co.uk

theangryangel.co.uk



amongst other things...



Published: Fri, 21 Aug 2015 17:10:05 +0100

Last Build Date: Fri, 21 Aug 2015 17:10:05 +0100

 



AeroFS Private Cloud Appliance on Hyper-V

Wed, 08 Apr 2015 12:47:57 +0100

Please be aware that the instructions differ significantly between AeroFS versions, due to AeroFS changing under the hood. Please be very careful that you check which version you are working with before following any instructions.

AeroFS 1.0.0-1.0.1

This was tested under AeroFS 1.0.1 and 1.0.0 and Hyper-V 2012 R2. It may not work for your environment. This is not a supported configuration. You’re on your own.

  • Sign up for the private cloud edition, and download the OVA file from the AeroFS if you don’t already have it.
  • Extract the vmdk from the OVA file using whatever tool you want. It’s just a tar. 7-Zip, for example.
  • Using Virtualbox convert the vmdk to a vhd vboxmanage clonehd aerofs-appliance-1.0.1-disk1.vmdk --format VHD aerofs-disk_1.vhd. This is the simplest way to do it without System Center.
  • Create a Hyper-V VM and attach the VHD. I chose to add a legacy network card with a statically assigned mac address. This was out of habit as older versions of Linux didn’t do well with randomly genereated mac addresses, and I didn’t go delving as to whether or not non-legacy cards were supported within the appliance.
  • On first boot and first boot only we’ll need to perform some magic as the default system runs irqbalance, which has some problems under Hyper-V, it seems.
  • Stop grub from auto booting, and edit the top entry by pressing e.
  • Add single to the end the kernel line. Press ctrl+x to boot. This boots us into single user mode.
  • Once booted, you will be logged in as root automatically. Edit /etc/default/irqbalance and disable it by setting enabled=0.
  • Reboot and configure the AeroFS appliance as indicated by the AeroFS documentation.

AeroFS 1.1.9

This was tested under AeroFS 1.1.19 and a Hyper-V 2012 R2 cluster. It may not work for your environment. This is not a supported configurion. You’re on your own.

For 1.1.9 AeroFS handily provide a VHD download and say that they support Hyper-V. Unfortunately for me the networking just flat out refused to work out of the box.

  • If you have an existing AeroFS take a backup - you’ll need this.
  • Download and apply the new VHD file.
  • Boot, and run through the on-screen text based setup - I needed to apply a static IP.
  • At this point the networking completely stopped working for me, if it works for you, then stop here.
  • Select reboot from the options menu.
  • On reboot you’ll see a grub screen, very quickly press E to edit the default selected boot option.
  • Append init=/bin/bash after $linux_append.
  • Press F10 or ctrl+x to boot.
  • This’ll drop you into a shell eventually.
  • If you ls /etc/systemd/network you should see 1 file, edit this and you’ll probably see that under the match stanza that Name=. The lack of any interface name basically means that setting doesn’t get applied at all. Change this to match your network interface name. If you’re not sure what your interface naem is exit your editor and run /bin/ip addr. For me it was eth0.
  • Save and reboot and you’ll find the box now pings correctly. Go ahead and restore your configuration and you’re golden.



Exchange server w3wp high memory/cpu

Wed, 08 Oct 2014 22:36:04 +0100

This post is largely for future me. I’m fed up with (re)writing/(re)discovering some of these queries. However, I also hope it can help other people. This post was written specifically whilst I was finishing up with an Exchange 2010 installation. However, should work verbatim with 2007 and some of the queries may require a little alteration for 2013. If you’re still on 2003. I’m sorry. So your Exchange server has a w3wp instance with high memory and cpu. If you’re on 2010, ensure that you’re on a patch level that covers the issue described in KB2800133. First step is to find out what the instance is running. Use task manager to show the full command line of the instance. Now check the Windows Event logs. Is there anything interesting? If not move on. Try recycling that AppPool instance. If that doesn’t help long term then we need to start analysing logs. If you’re not shipping your log files to a central location with something like logstash or nxlog, then logparser will be your friend. If you find that it’s the MSExchangePowerShellAppPool, there’s probably just a console open somewhere doing a lot of talking, or recently having done a lot of talking. It’ll sort itself out shortly. If it’s the MSExchangeSyncAppPool then the odds are likely good that you have a problem device. To figure out which, make sure that IIS is logging access. If it’s not, wait a day. Or at least a few hours if you can’t. Now, run the IIS logs through logparser with the following query - SELECT TOP 500 TO_TIMESTAMP(TO_DATE(date), TO_TIME(time)) as Time, cs-username as User, cs(user-agent) as DeviceID, TO_INT(EXTRACT_PREFIX(EXTRACT_SUFFIX(cs-uri-query, 0, '_RpcC'), 0, '_')) As RPCCount, sc-status as Status, sc-substatus as SubStatus, sc-bytes as Bytes, DIV(sc-bytes, 1024) AS KBytes, time-taken, DIV(time-taken, 1000) as Seconds, cs-uri-query FROM 'path\to\log\files\*.log' WHERE RPCCount >= 1500 AND cs-uri-query LIKE '%Cmd=Sync%' AND cs-uri-query LIKE '%Ty:Co%' ORDER BY Bytes DESC If you find a user frequently popping up to the top, it’s likely their device causing the problem. Disable their ActiveSync privileges, recycle the AppPool and see how things fair. Repeat as necessary. If you find it’s a specific user, but you cannot “fix” their device, throttle their device instead, using a throttling policy. If you find you’re not getting anywhere then start looking for unusually high number of requesting devices+users - SELECT TOP 500 cs-username AS User, cs(User-Agent) AS DeviceType, COUNT(*) as Hits FROM 'path\to\log\files\*.log' WHERE cs-uri-stem LIKE '%Microsoft-Server-ActiveSync%' GROUP BY User, DeviceType ORDER BY Hits, DeviceType DESC If it’s the MSExchangeOWAAppPool then you may have someone attempting to log into an account. It should be locking out if they’ve found a real account. SELECT TOP 500 c-ip AS IP, cs(User-Agent) AS DeviceType, COUNT(*) as Hits FROM 'path\to\log\files\*.log' WHERE cs-uri-stem LIKE '%/OWA%' GROUP BY IP, DeviceType ORDER BY Hits, DeviceType DESC If you’re still not getting anywhere, revisit the Windows Event Logs. Check that there’s nothing showing up in there that’s relevant. If there really isn’t anything then start cutting down the problem. Try to isolate your Exchange’s CAS from the internet temporarily. Does it quieten down? If not isolate them/it from the LAN. Does it quieten down? Start looking at the logs in different ways. [...]



Exchange 2013 Public Folders unavailable, but only over Outlook Anywhere

Tue, 05 Aug 2014 17:47:53 +0100

The important thing to remember is that in Exchange 2013 Public Folders don’t really exist like they used to. They’re basically mailboxes.

In this particular scenario Public Folders were accessible internally, but not via Outlook Anywhere (or Outlook RPC over HTTPS if you’re old).

This problem can manifests where the email address policy that applies to the Public Folder mailbox does not assign an email address that can be configured by autodiscover. i.e. publicfolder1@ad.contoso.com

The fix is to set the default address on the public folder to one where Autodiscover will work corrctly.

The easiest way to do this is either to manually set the primary SMTP address in the Active Directory attributes (email, and proxyaddresses), or alter your address list policies accordingly.

Now just wait for Outlook to pull the latest configuration. Or delete and recreate the profile if you’re in a bit of a hurry.

More details are available under KB2788136.




Powershell 4: Desired State Configuration - 'Native' Configuration Management for Windows!

Mon, 11 Nov 2013 13:47:50 +0000

In the run up to Windows 2012 R2 I’ve not been paying as close attention as I would normally, meaning that I seem to have missed out on an interesting new feature in powershell 4 called Desired State Configuration (or DSC). # Example configuration to ensure that Hyper-V feature is installed on hv01-hv03 # Basically a block that can be used to generate a file Configuration HyperVNodeCfg { Node ("hv01", "hv02", "hv03") { WindowsFeature HyperVFeature { Ensure = "Present" Name = "Hyper-V" } } } # Compile to MOF HyperVNodeCfg -OutputPath HyperVNodeCfg # Apply the MOF Start-DscConfiguration -Path HyperVNodeCfg -Wait -Verbose It ships with Windows 8.1 and Server 2012 R2 and allows you to: Install and remove server roles and features Manage the registry, files, directories and environment variables Start, stop, and manage processes and services Manage local groups and user accounts Install and manage packages (primarily msi packaged applications) Run PowerShell scripts Discover the configuration state on a given node Maintain the configuration state Operate in push, pull and manual mode If you’ve ever used Puppet the syntax will look familiar, however as far as I’m aware theres currently no ability (other than via custom modules) to include configurations from other files which could result in large blocks. Additionally, and importantly, DSC configuration blocks need to be compiled to a “MOF” file before they can be applied. Having looked at a MOF file, whilst readable I’d suggest that the configurations are stored under version control not the MOF files. Whilst I’m sure there is a good reason this it adds an extra step between version control and deployment that may result in less experienced admins not bothering with version control, and frequently rewriting their DSC configurations. I would have prefered to see a syntax checker and if compiling really is necessary having it compiled silently before being applied just to skip this step. What about System Center and Group Policy? System Center covers a multitude of products, most of which won’t be impacted by DSC. As for the rest I’m not clairvoyant, however I can only imagine some components of System Center realigning and simply getting better, not going away. DSC simply doesn’t fulfill all of the roles that Group Policy does, so I’d expect GPOs are here to stay. What about Puppet and Chef? Both of these tools have started making roads towards Windows CM and it would be a shame if they stopped. It appears that at least Opscode are adding compatibility to Chef and I hope that Puppetlabs follow this trend as well. As much as I like the addage of the Best Tool For The Job™ sometimes One Tool To Rule Them All™ needs to win for political or training reasons. Security? I’m interested to see how DSC can be leveraged in an attack. Other than the obvious improperly secured MOF files scenario I’m yet to look into push or pull mode and if/how DSCs are signed and transported, etc. and how they can be manipulated or how data can be retreived. For example can a similar/the same method that can be used to retreive credentials from a GPO preference also be used to retreive them from DSC? Without looking I don’t know, but it’s the start of a series of questions you should look at before deploying. Should you use it? As always, evaluate what you already use and see if powershell DSC is what you’re looking for. The powershell 4 requirement may be a problem for many. However, if the question is should I be using some form of configuration management, the answer is yes. It’s not only enterprises, MSPs, or cloud scale start ups that can benefit from configuration management. The thing that you need is for all of your operations staff to have buy-in. As soon as little bit[...]



Plantronics GameCom 780 under Ubuntu 13.10 & Debian Unstable

Fri, 18 Oct 2013 09:54:56 +0100

Plantronics GameCom 780 under Linux, when using it as an analogue device has always been touchy for me; 1% volume is unusably loud for me. However using it as a digital output has always been fine in my experience.

Under Ubuntu 13.10 (and Debian unstable as of the posting date) the digital device is missing out of the box.

The fix is to edit /usr/share/alsa/cards/USB-Audio.conf, find the “Plantronics GameCom 780” 999 entry (line 46 on my Debian unstable laptop and Ubuntu 13.10 desktop), under the USB-Audio.pcm.iec958_device stanza and comment it out. This entry tells alsa that this device does not have digital in/out, which in my experience is wrong and renders the device unusable.

See launchpad bug 1241449 for tracking this.

Normal sysadmin related bloggery will return shortly.




Stopping the SBS 2011 setup wizard

Sat, 24 Aug 2013 17:28:27 +0100

Assume somehow that you have a Windows SBS 2011 box that’s now running the setup wizard on boot - the only issue is that you’ve already setup the box previously.

Have no fear, the wizard simply replaces the explorer shell so the “fix” is nothing more than switching the default shell back to explorer.exe.

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell

Don’t ask why I needed to know this.




Cisco rv220w Review (SOHO gateway device)

Tue, 01 Jan 2013 16:30:12 +0000

Until a few months ago I had 2 internet connections at home - one for work purposes and one for everyone else in the house. With rising speeds on one of the lines, I decided to merge the 2 connections, but retain the separation of networks through VLAN'ing.

Whilst a Linux/BSD box is an option, I wanted something that I couldn’t fiddle with too much. I’m ultimately providing a service to my housemates, so it should Just Work™.

This meant I was immediately looking at higher end Drayteks, lower end Juniper and Cisco boxes, etc. I ultimately chose the Cisco rv220w because;

  • It wasn't prohibitively expensive
  • It's got decent throughput
  • I trust Cisco (more than some of the other manufacturers)
  • Low power
  • It had all the features I needed - 802.11n multi-SSID wireless, 802.1x & RADIUS support, VLANs, IPv6, QoS, VPN, SNMP
  • I didn't need to buy any additional cards or licenses to use the features
  • And it fulfilled the appliance requirement nicely.

I was half expecting to be disappointed - some of the Cisco SOHO devices I’ve used have frankly been shit. This little device is awesome. It’s slow to boot, but you can forgive it that - after all, how often do you reboot your routers? It comes with an awesome web GUI, so should I need to talk someone non-technical through something remotely, I can reasonably easily. It’s stable, and it’s damn quick. The only issue I’ve had is that the Xbox is being a little fussy over it - but it’s not something that’s bothering me enough to look into yet.

I’m yet to use the IPv6 functionality built in yet. I’m still using my Hurricane Electric tunnel on the work VLAN.

My only issues are;

  • There isn't any command line interface. However, this is a SOHO device so you probably should expect this.
  • It currently requires that all 4 LAN GbE interfaces must have any defined VLANs assigned as either tagged or untagged. Not the end of the world for me, frankly, but a small overlook in my opinion.

For a small business, small satellite office, or a home that needs a cheap but slightly more advanced appliance than a standard home router, I would highly recommend the Cisco rv220w.




Nerds + Christmas = Borderlands 2 References?

Fri, 21 Dec 2012 15:44:52 +0000

Programming will return to usual computer related bloggery shortly.

I’ve lived with 3 other guys, who I’ve known for a long time now, for several years. In that time frame we’re yet to have a major disagreement over anything. I know they say ‘if you can’t spot the crazy in the room, then you’re the crazy’, but I’m pretty sure it’s all good.

This Christmas I decided to surprise everyone with personalised gifts. Normally we do a house gift, but we honestly didn’t need anything. So I did what any sane mid-twenties nerd would do. Buy Nerf guns. The only hint I gave them when a large box arrived, was that it was to aid conflict resolution. Confused them no end.

Stage #1 complete. Stage #2 is personalisation. I did want to paint them, but honestly I’m not really capable of doing that well enough, so I started looking at other options. Since we’re all gamers, mostly, and we’d all played Borderlands 2 recently, what better than to make up and print personalised stats cards - like you’d get in-game? I spent an afternoon in Inkscape and came up with some in-jokes to put on them.

(image)

Now, I’m no artist, but I think they came out pretty well. As I mentioned they’re full of in-jokes, however if you’d like to reproduce these yourself the template is available here. You’ll need the following 2 fonts as well: “Compacta Bd Bt” and “Carnevalee Freakshow”.

I got them professionally printed on A5 280gsm silk paper and they look awesome. So if you’re stuck for a present idea, for your gamer kid, or adult who wants to be a kid, why not a Nerf gun, a stats card and some in-jokes?

If you do get yours professionally printed I highly recommend exporting from Inkscape as a PDF, and converting the text to paths. This way your printer doesn’t need to faff with fonts and you can ensure it comes out exactly as you want them.




The Danger of Overusing Virtual Machine Replicas

Fri, 15 Jun 2012 08:13:25 +0100

One of the most heralded features in Windows Server 2012 (previously known as Windows Server 8) is support in Hyper-V for virtual machine replicas. If you’re familiar with VMWare it’s similar to Site Recovery Manager, for Xen you’re probably looking at Remus, and Kemari for KVM (bear in mind that none of these products are necessarily exactly the same, but close enough).

Virtual Machine replication across sites is very attractive. You get a lot of flexibility with minimal effort. You don’t need to learn about making individual services you run on a given virtual machine highly available. However users don’t care about a server being highly available across multiple sites. They care about their email, their documents, the company database(s), etc. They care about the services.

With a single machine it’s entirely possible for it to get pwned, for an accidental misconfiguration, or any other number of things that causes a service to become unavailable. As has always been multiple servers providing a service helps negate some of these issues.

None of this should be new information, but with the allure of “new” toys (in Microsoft’s “free” virtualisation tech) it should not be forgotten. Having spoken to several clients, co-workers and peers in the Windows world I fear it’s a lesson that some admins may be forgetting.

TL;DR As with any technology, use virtual machine replication wisely and, most importantly, use it appropriately. Don’t forget about service/application level replication.




looqs Meebox / "Novatech 500GB Home Storage NAS"

Tue, 03 Apr 2012 18:58:55 +0100

A few weekends ago I picked up the looqs Meebox from Novatech. I would link to the looqs site, but as of the time of writing it’s currently unavailable because they’ve not renewed the domain (edit: this is now resolved). TL;DR: The meebox is cheap because it’s cheap. Runs an old Linux kernel, given time could probably get your own/other distros running, but I called it a day due to (lack of) hardware performance, the likelihood of not increasing its performance with custom “firmware”, and the fact that the vendor site wasn’t available to dismantle a firmware update file at the time. The Meebox is basically a fanless SOC design, in an attractive looking case, running Linux 2.6.15, with support for a maximum of 2 x 3.5" SATA hard disks (by default mine came with a single WD 500GB drive), a gigabit network port and 2 USB ports. SSH is easily enabled and the default admin user account has root privileges, and you get into a busybox shell. Physically it’s one of the better cases for something like this - it’s all metal and mine came in a gloss black. It wouldn’t look out of place underneath a TV or on top of a hifi stack. Unfortunately I’d pretty quickly determined that this wasn’t quite what I was hoping for. I had really hoped that this was going to be capable of gigabit speeds, but it’s just not. My next thought was that it could be made more useful by being a generic Debian box, rather than this concoction. I set about with the shell and had a good poke about. The good news is that it’s pretty open once you’re logged in. /proc/mtd reveals some useful stuff, along with everything else. I’ve popped the output of /proc/cpuinfo and /proc/mtd below. cat /proc/cpuinfo Processor : FA526id(wb) rev 1 (v4l) BogoMIPS : 230.19 -- snip -- Hardware : GeminiA Revision : 0000 Serial : 0000000000000000 cat /proc/mtd dev: size erasesize name mtd0: 00120000 00020000 "RedBoot" mtd1: 00200000 00020000 "Kernel" mtd2: 00600000 00020000 "Ramdisk" mtd3: 00600000 00020000 "Application" mtd4: 00020000 00020000 "VCTL" mtd5: 000a0000 00020000 "CurConf" mtd6: 00020000 00020000 "FIS directory" Poking at RedBoot (bootloader) didn’t yield much information. As far as I can tell it’s not configured to listen on the network at boot. If you dump out /dev/mtd5 you can see references to 192.168.10.1/24, but probing that gets you no where. A port scan whilst it’s booting and running yields nothing relating to RedBoot either, and sadly I did verify my crossover cable works. The mtd utilities also do not appear to be shipped with the device, but that’s a minor in convenience. The board does seem to have what is probably a JTAG header (which could be used with Redboot to replace kernel, etc.), but that’s moving out of my realm of knowledge. With the vendor site inaccessible I couldn’t get ahold of a copy of the latest “firmware” to dismantle, or to request any part of their build chain, and with that I decided to call it a day. As I’ve got an existing solution that performs just as well as the Meebox ever could I decided to stop. The effort I was about to expend on attempting to get a more generic distro running on the Meebox was just too hard to swallow. I’m pretty sure it’s based on a common design thats shared between other low-cost NAS solutions, however it currently doesn’t seem like anyone has gone much further with it than me, and honestly I can see why. There are other solutions out there that are a little more expensive, just as quiet (fanless) and better supported by the vendor. If you do get one of these to play with I would ur[...]