Ramblings From The Litter Tray of Life

Archive for June, 2010

VMware ESX 3.5 and 64 bit OSs

Posted by graycat on 25 June 2010

Quite a few people out there make use of the excellent server virtualisation software produced by VMware so I thought I’d lay this tip out there for 64bit OSs.

It seems that VMware ESX 3.5 will not recognise your host server as being 64 bit compliant until you enable the right flags within the CPUs. In my case where I’m using a HP DL380 G5 which is 64 bit compliant then you have to enable Intel’s Virtual Threading (VT for short).

To do this, shutdown all of the hosted VMs and place the host into maintenance mode before shutting it down fully. Then boot back into the host BIOS (hit F9 after the HP splash screen). Once in the BIOS settings go down to “Advanced Options” and select Intel’s Virtual Technology / Threading. Exit out and here is the key point – you must full shut the server down.

This means all power cables out and left for a good 60 seconds at least! Miss this step out and you won’t get anywhere fast.

Once VT has been enabled spool the VM back up and create 64 bit virtual machines to your hearts content.

Extra tips:

  • I’ve heard that any VM created prior to this change will not register the change in CPU so will have to be created again.
  • Paravirtualisation should also be turned off. Whilst this should only affect the *nix kernels there have been reports of it messing with Windows OSs if set prior to initial build.
  • Anything prior to a G5 will most likely not be x64 compatible so no dice.

Posted in IT | Tagged: , , , , , , , | Leave a Comment »

McAfee woes

Posted by graycat on 18 June 2010

Like a lot of people out there we use McAfee and ePolicy for our corporate anti-virus, anti-malware etc. Most of the time this is a bit of a “set and forget” application but sometimes it throws you a curve ball.

Like this morning for instance.

I was just in the middle of a hurried (and harried!) discussion regarding an Exchange upgrade we’re having to undertake earlier then planned (more on that some other time) when the first signs of a problem dribbled in. Well by dribbled in I mean that my IM went off with messages from multiple sites and my phone burst into life. You know, the usual kind of thing.

The initial problem was that people couldn’t access shared drives which then progressed to not being able to access local drives including My Documents. After a bit of research it turns out that McAfee was blocking explorer.exe as a spoofed process!

Needless to say this went straight into the “Not Cool” category and we started working on it. As suspected, we hadn’t made any changes overnight to our ePolicy setup or rules but the issue was definitely being enforced by something. Further investigation turned up that the rules on the clients weren’t the same as those on the server. A bit of double checking and tick/unticking of settings and the rules were back where they should be and ready to roll.

After a brief period where the rules replicated to all repositories and yet more PCs were reported as affected, we were ready to beat it all back into shape. A short reboot later and most affected machines were back on the straight and narrow.

Those that didn’t want to play were quickly logged on to by an admin and the McAfee apps launch via cmd. It was interesting to find out that mcconsole.exe is the McAfee Console and you can force updates from the cli using mcupdate.exe – yes, things are actually named logically it seems!

Anyway after that was solved it’s back to my main stress of the moment – how to upgrade a multi-site, multi-version Exchange infrastructure with as little headaches as possible. Looks our for more posts on this in the coming weeks!

Posted in IT, Real Life | Tagged: , , , , | Leave a Comment »

WSUS 3.0 SP2 Problems

Posted by graycat on 11 June 2010

Like any responisble admin, I like to keep my machines up to date and patched as far as I can. Unlike some though I don’t like running right on the bleeding edge of the latest versions as I prize stability over new functions. A stable environment = more productive users = more money to the company to pay for my caffeine habit!

For our Windows machines this revolves around the free Microsoft offering of WSUS. In fact multiple WSUS installations in my case as we’re spread across many sites and not all have great internet links. To cover this I have one WSUS server installed in the head office which acts as the “master” and all the others act as “downstream” servers pulling the updates and rules from the master. This works really well and is almost set-and-forget reliable.

Well, until an update to WSUS itself sneaks though that is!

A few weeks ago whilst I was on annual leave our master WSUS server picked up and update to SP2. Unfortunately whilst it tried to install it, it failed miserably. Part of the automated tidy up after this failed upgrade was to remove WSUS. In its entirety!

Fortunately this was spotted pretty shortly after and WSUS SP1 was reinstalled however whilst the updates and DB remained it had lost all rules and groups.

After reviewing the damage and the release notes, I decided to rip it out and install the SP2 version from fresh as this seems to be the only reliable way of upgrading. I have heard that you can use the Installation CleanUp utility to remove the aborted WSUS upgrades and then just install SP2 over the top but decided to go with the full method instead.

Oh and as a backup to manual checks I’m implementing some more detailed checks from nagios for these servers just to be on the safe side!

Posted in IT, Real Life | Leave a Comment »