Subscribe: theangryangel.co.uk
Language: English
Tags:
aerofs  boot  box  configuration  device  file  find  hyper  ldquo  mtd  rdquo  server  time  user  virtual machine  windows
Rate this Feed

Feed Details and Statistics
Preview: theangryangel.co.uk

# theangryangel.co.uk

## amongst other things...

Published: Fri, 21 Aug 2015 17:10:05 +0100

Last Build Date: Fri, 21 Aug 2015 17:10:05 +0100

AeroFS Private Cloud Appliance on Hyper-V

Wed, 08 Apr 2015 12:47:57 +0100

Please be aware that the instructions differ significantly between AeroFS versions, due to AeroFS changing under the hood. Please be very careful that you check which version you are working with before following any instructions.

## AeroFS 1.0.0-1.0.1

This was tested under AeroFS 1.0.1 and 1.0.0 and Hyper-V 2012 R2. It may not work for your environment. This is not a supported configuration. You’re on your own.

• Extract the vmdk from the OVA file using whatever tool you want. It’s just a tar. 7-Zip, for example.
• Using Virtualbox convert the vmdk to a vhd vboxmanage clonehd aerofs-appliance-1.0.1-disk1.vmdk --format VHD aerofs-disk_1.vhd. This is the simplest way to do it without System Center.
• Create a Hyper-V VM and attach the VHD. I chose to add a legacy network card with a statically assigned mac address. This was out of habit as older versions of Linux didn’t do well with randomly genereated mac addresses, and I didn’t go delving as to whether or not non-legacy cards were supported within the appliance.
• On first boot and first boot only we’ll need to perform some magic as the default system runs irqbalance, which has some problems under Hyper-V, it seems.
• Stop grub from auto booting, and edit the top entry by pressing e.
• Add single to the end the kernel line. Press ctrl+x to boot. This boots us into single user mode.
• Once booted, you will be logged in as root automatically. Edit /etc/default/irqbalance and disable it by setting enabled=0.
• Reboot and configure the AeroFS appliance as indicated by the AeroFS documentation.

## AeroFS 1.1.9

This was tested under AeroFS 1.1.19 and a Hyper-V 2012 R2 cluster. It may not work for your environment. This is not a supported configurion. You’re on your own.

For 1.1.9 AeroFS handily provide a VHD download and say that they support Hyper-V. Unfortunately for me the networking just flat out refused to work out of the box.

• If you have an existing AeroFS take a backup - you’ll need this.
• Boot, and run through the on-screen text based setup - I needed to apply a static IP.
• At this point the networking completely stopped working for me, if it works for you, then stop here.
• Select reboot from the options menu.
• On reboot you’ll see a grub screen, very quickly press E to edit the default selected boot option.
• Append init=/bin/bash after \$linux_append.
• Press F10 or ctrl+x to boot.
• This’ll drop you into a shell eventually.
• If you ls /etc/systemd/network you should see 1 file, edit this and you’ll probably see that under the match stanza that Name=. The lack of any interface name basically means that setting doesn’t get applied at all. Change this to match your network interface name. If you’re not sure what your interface naem is exit your editor and run /bin/ip addr. For me it was eth0.
• Save and reboot and you’ll find the box now pings correctly. Go ahead and restore your configuration and you’re golden.

Exchange server w3wp high memory/cpu

Wed, 08 Oct 2014 22:36:04 +0100

This post is largely for future me. I’m fed up with (re)writing/(re)discovering some of these queries. However, I also hope it can help other people. This post was written specifically whilst I was finishing up with an Exchange 2010 installation. However, should work verbatim with 2007 and some of the queries may require a little alteration for 2013. If you’re still on 2003. I’m sorry. So your Exchange server has a w3wp instance with high memory and cpu. If you’re on 2010, ensure that you’re on a patch level that covers the issue described in KB2800133. First step is to find out what the instance is running. Use task manager to show the full command line of the instance. Now check the Windows Event logs. Is there anything interesting? If not move on. Try recycling that AppPool instance. If that doesn’t help long term then we need to start analysing logs. If you’re not shipping your log files to a central location with something like logstash or nxlog, then logparser will be your friend. If you find that it’s the MSExchangePowerShellAppPool, there’s probably just a console open somewhere doing a lot of talking, or recently having done a lot of talking. It’ll sort itself out shortly. If it’s the MSExchangeSyncAppPool then the odds are likely good that you have a problem device. To figure out which, make sure that IIS is logging access. If it’s not, wait a day. Or at least a few hours if you can’t. Now, run the IIS logs through logparser with the following query - SELECT TOP 500 TO_TIMESTAMP(TO_DATE(date), TO_TIME(time)) as Time, cs-username as User, cs(user-agent) as DeviceID, TO_INT(EXTRACT_PREFIX(EXTRACT_SUFFIX(cs-uri-query, 0, '_RpcC'), 0, '_')) As RPCCount, sc-status as Status, sc-substatus as SubStatus, sc-bytes as Bytes, DIV(sc-bytes, 1024) AS KBytes, time-taken, DIV(time-taken, 1000) as Seconds, cs-uri-query FROM 'path\to\log\files\*.log' WHERE RPCCount >= 1500 AND cs-uri-query LIKE '%Cmd=Sync%' AND cs-uri-query LIKE '%Ty:Co%' ORDER BY Bytes DESC If you find a user frequently popping up to the top, it’s likely their device causing the problem. Disable their ActiveSync privileges, recycle the AppPool and see how things fair. Repeat as necessary. If you find it’s a specific user, but you cannot “fix” their device, throttle their device instead, using a throttling policy. If you find you’re not getting anywhere then start looking for unusually high number of requesting devices+users - SELECT TOP 500 cs-username AS User, cs(User-Agent) AS DeviceType, COUNT(*) as Hits FROM 'path\to\log\files\*.log' WHERE cs-uri-stem LIKE '%Microsoft-Server-ActiveSync%' GROUP BY User, DeviceType ORDER BY Hits, DeviceType DESC If it’s the MSExchangeOWAAppPool then you may have someone attempting to log into an account. It should be locking out if they’ve found a real account. SELECT TOP 500 c-ip AS IP, cs(User-Agent) AS DeviceType, COUNT(*) as Hits FROM 'path\to\log\files\*.log' WHERE cs-uri-stem LIKE '%/OWA%' GROUP BY IP, DeviceType ORDER BY Hits, DeviceType DESC If you’re still not getting anywhere, revisit the Windows Event Logs. Check that there’s nothing showing up in there that’s relevant. If there really isn’t anything then start cutting down the problem. Try to isolate your Exchange’s CAS from the internet temporarily. Does it quieten down? If not isolate them/it from the LAN. Does it quieten down? Start looking at the logs in different ways. [...]

Exchange 2013 Public Folders unavailable, but only over Outlook Anywhere

Tue, 05 Aug 2014 17:47:53 +0100

The important thing to remember is that in Exchange 2013 Public Folders don’t really exist like they used to. They’re basically mailboxes.

In this particular scenario Public Folders were accessible internally, but not via Outlook Anywhere (or Outlook RPC over HTTPS if you’re old).

This problem can manifests where the email address policy that applies to the Public Folder mailbox does not assign an email address that can be configured by autodiscover. i.e. publicfolder1@ad.contoso.com

The fix is to set the default address on the public folder to one where Autodiscover will work corrctly.

The easiest way to do this is either to manually set the primary SMTP address in the Active Directory attributes (email, and proxyaddresses), or alter your address list policies accordingly.

Now just wait for Outlook to pull the latest configuration. Or delete and recreate the profile if you’re in a bit of a hurry.

More details are available under KB2788136.

Powershell 4: Desired State Configuration - 'Native' Configuration Management for Windows!

Mon, 11 Nov 2013 13:47:50 +0000

Plantronics GameCom 780 under Ubuntu 13.10 & Debian Unstable

Fri, 18 Oct 2013 09:54:56 +0100

Plantronics GameCom 780 under Linux, when using it as an analogue device has always been touchy for me; 1% volume is unusably loud for me. However using it as a digital output has always been fine in my experience.

Under Ubuntu 13.10 (and Debian unstable as of the posting date) the digital device is missing out of the box.

The fix is to edit /usr/share/alsa/cards/USB-Audio.conf, find the “Plantronics GameCom 780” 999 entry (line 46 on my Debian unstable laptop and Ubuntu 13.10 desktop), under the USB-Audio.pcm.iec958_device stanza and comment it out. This entry tells alsa that this device does not have digital in/out, which in my experience is wrong and renders the device unusable.

See launchpad bug 1241449 for tracking this.

Normal sysadmin related bloggery will return shortly.

Stopping the SBS 2011 setup wizard

Sat, 24 Aug 2013 17:28:27 +0100

Assume somehow that you have a Windows SBS 2011 box that’s now running the setup wizard on boot - the only issue is that you’ve already setup the box previously.

Have no fear, the wizard simply replaces the explorer shell so the “fix” is nothing more than switching the default shell back to explorer.exe.

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell

Don’t ask why I needed to know this.

Cisco rv220w Review (SOHO gateway device)

Tue, 01 Jan 2013 16:30:12 +0000

Until a few months ago I had 2 internet connections at home - one for work purposes and one for everyone else in the house. With rising speeds on one of the lines, I decided to merge the 2 connections, but retain the separation of networks through VLAN'ing.

Whilst a Linux/BSD box is an option, I wanted something that I couldn’t fiddle with too much. I’m ultimately providing a service to my housemates, so it should Just Work™.

This meant I was immediately looking at higher end Drayteks, lower end Juniper and Cisco boxes, etc. I ultimately chose the Cisco rv220w because;

• It wasn't prohibitively expensive
• It's got decent throughput
• I trust Cisco (more than some of the other manufacturers)
• Low power
• It had all the features I needed - 802.11n multi-SSID wireless, 802.1x & RADIUS support, VLANs, IPv6, QoS, VPN, SNMP
• And it fulfilled the appliance requirement nicely.

I was half expecting to be disappointed - some of the Cisco SOHO devices I’ve used have frankly been shit. This little device is awesome. It’s slow to boot, but you can forgive it that - after all, how often do you reboot your routers? It comes with an awesome web GUI, so should I need to talk someone non-technical through something remotely, I can reasonably easily. It’s stable, and it’s damn quick. The only issue I’ve had is that the Xbox is being a little fussy over it - but it’s not something that’s bothering me enough to look into yet.

I’m yet to use the IPv6 functionality built in yet. I’m still using my Hurricane Electric tunnel on the work VLAN.

My only issues are;

• There isn't any command line interface. However, this is a SOHO device so you probably should expect this.
• It currently requires that all 4 LAN GbE interfaces must have any defined VLANs assigned as either tagged or untagged. Not the end of the world for me, frankly, but a small overlook in my opinion.

For a small business, small satellite office, or a home that needs a cheap but slightly more advanced appliance than a standard home router, I would highly recommend the Cisco rv220w.

Nerds + Christmas = Borderlands 2 References?

Fri, 21 Dec 2012 15:44:52 +0000

I’ve lived with 3 other guys, who I’ve known for a long time now, for several years. In that time frame we’re yet to have a major disagreement over anything. I know they say ‘if you can’t spot the crazy in the room, then you’re the crazy’, but I’m pretty sure it’s all good.

This Christmas I decided to surprise everyone with personalised gifts. Normally we do a house gift, but we honestly didn’t need anything. So I did what any sane mid-twenties nerd would do. Buy Nerf guns. The only hint I gave them when a large box arrived, was that it was to aid conflict resolution. Confused them no end.

Stage #1 complete. Stage #2 is personalisation. I did want to paint them, but honestly I’m not really capable of doing that well enough, so I started looking at other options. Since we’re all gamers, mostly, and we’d all played Borderlands 2 recently, what better than to make up and print personalised stats cards - like you’d get in-game? I spent an afternoon in Inkscape and came up with some in-jokes to put on them.

(image)

Now, I’m no artist, but I think they came out pretty well. As I mentioned they’re full of in-jokes, however if you’d like to reproduce these yourself the template is available here. You’ll need the following 2 fonts as well: “Compacta Bd Bt” and “Carnevalee Freakshow”.

I got them professionally printed on A5 280gsm silk paper and they look awesome. So if you’re stuck for a present idea, for your gamer kid, or adult who wants to be a kid, why not a Nerf gun, a stats card and some in-jokes?

If you do get yours professionally printed I highly recommend exporting from Inkscape as a PDF, and converting the text to paths. This way your printer doesn’t need to faff with fonts and you can ensure it comes out exactly as you want them.

The Danger of Overusing Virtual Machine Replicas

Fri, 15 Jun 2012 08:13:25 +0100

One of the most heralded features in Windows Server 2012 (previously known as Windows Server 8) is support in Hyper-V for virtual machine replicas. If you’re familiar with VMWare it’s similar to Site Recovery Manager, for Xen you’re probably looking at Remus, and Kemari for KVM (bear in mind that none of these products are necessarily exactly the same, but close enough).

Virtual Machine replication across sites is very attractive. You get a lot of flexibility with minimal effort. You don’t need to learn about making individual services you run on a given virtual machine highly available. However users don’t care about a server being highly available across multiple sites. They care about their email, their documents, the company database(s), etc. They care about the services.

With a single machine it’s entirely possible for it to get pwned, for an accidental misconfiguration, or any other number of things that causes a service to become unavailable. As has always been multiple servers providing a service helps negate some of these issues.

None of this should be new information, but with the allure of “new” toys (in Microsoft’s “free” virtualisation tech) it should not be forgotten. Having spoken to several clients, co-workers and peers in the Windows world I fear it’s a lesson that some admins may be forgetting.

TL;DR As with any technology, use virtual machine replication wisely and, most importantly, use it appropriately. Don’t forget about service/application level replication.

looqs Meebox / "Novatech 500GB Home Storage NAS"

Tue, 03 Apr 2012 18:58:55 +0100