Ramblings From The Litter Tray of Life

Archive for the ‘IT’ Category

HP Proliant MicroServer

Posted by graycat on 20 June 2011

HP have not long ago released a new tiny Proliant server named the HP Proliant MicroServer. This machine is about the same size as a basketball and has a dual core processor wit up to 8Gb of RAM. It also has a hdd bay for up to 4 disks and provides RAID 0 or 1 natively however you can add a controller card to get full RAID5 etc if required. Other than the size one of the most astonishing things about this machine is the price – base unit (1Gb RAM + 1 x 250Gb HDD) is less than £200 …….. And there’s a £100 cash back offer going on at the moment!

I originally got one of these in to see if it would be able to work as a test server for either myself of one of my team. Short answer – yes, kinda.

The box itself is really easy to work on and I maxed out the RAM and HDDs pretty easily though I did have to install a CD drive as it doesn’t come with one as standard. the hardware is really easy to work on as you would expect with a HP Proliant server. As I intended to use this to test virtual machines, I installed a 4Gb USB stick I had spare directly onto the motherboard (very neat BTW) and had a 10k RPM hdd installed in slot #1 to host the vmdk files.

Installing VMware ESXi 4.1 was easy as pie – download and burn to CD, boot from CD and select where you wish to install the program (ie: the USB stick) …. then just leave it to get on with it. it really is as simple as that.

With ESXi installed, the 10k drive in slot 1 I added two 250Gb HDDs into two free slots and added them into ESXi. This was as simple as ever as you would expect from VMware as it is the same base product I’m using in our clusters.

Creating a few test machines and generally building networks was simple and snappy but towards the top end the server did start to struggle. The bottleneck is definitely the small CPU bout unless you’re planning to run 6+ virtual guests then you should be ok. Probably even more if you’re careful with hardware subscription.

If you’re looking for a cheap but solid rig to test a few different virtual guests then this will definitely suffice. You can even keep the costs down by buying non-HP parts (RAM, HDDs etc) if you’re not worried about hardware support.

I would even rate this server so far as to say that if you need a small server for a tiny office of only a few people then this would definitely suffice. Windows Server 2008 would definitely run well with the 8Gb or RAM and with four drive bays you can get a very useful amount of space. I would be tempted to go further and install ESXi on the hardware and then add a few separate Windows Server installs to separate out the roles however i’m still working on the details of this plan.

Posted in IT | Tagged: , , | Leave a Comment »

New Test Lab

Posted by graycat on 20 June 2011

The time has come for me to upgrade my previous testing kit and create a dedicate area diverse of the production network. Presently I’m using virtual machines on one of our VMware clusters are the sites to test WinXP, Win7 and various software packages or settings on Server 03/08. Whilst this is great for that it is part of the production network and in some cases the domain too which is starting to make me uncomfortable so time for a new setup.

I want to test slightly more than the existing Windows kit going forward and need to get involved with VMware clusters including HA, DRS, DPM and their underlying configuration.

Traditionally you would have to have a lot of expensive physical kit to create this and whilst I’m not destitute that would be outside if my budget. That was until I ran across a VMWorld Best in Show winner – the vTARDIS. [link: vinf.net]

Basically the vTARDIS is a HP ML110 (I think!) running ESXi which then has many further virtualised ESXi hosts clustered on it with even further virtual guests running off of those! Now he’s not quite avoiding the laws of physics by running this all on a low powered HP server as you’ll see from his website however he is using some very intelligent over subscription of resources along with a few more tricks. I’m not going to go into them here as it’s his baby, not mine.

After seeing this and a few other articles on virtualising ESXi I’ve decided that that’s the route for me. Along the way I’ve also evaluated another bit of kit for one of my other admins who’s requirements aren’t as high as mine. All of which will be posting about as I progress.

Posted in IT | Tagged: , , | Leave a Comment »

A Quick Method of Recovering Deleted User Accounts

Posted by graycat on 15 May 2011

Now I’m sure it’s all happened to us before that an active user account has been deleted by accident at some point. Sometimes it’s due to inactivity or an admin taking their eye off the ball at the wrong moment. Regardless though, it happens and you’ve got to get it back.

The worst case scenario is that the account was actually in use at the time and you have to get that user back and working RTFN. This isn’t so tough if you’re in a contingious network where AD, server OS and Exchange versions all match up. If not, it’s a bit trickier.

Here’s how I do it:

1. Download a copy of ADRestore and install it on the relevant machine.

ADRestore is a fantastic little app that is provided “as is” by one of Microsoft’s MVP. It works really well at enumerating usually hidden objects in AD and allowing basic restoration of them.

2. Point ADRestore at your DC of choice and enumerate objects.

This will hopefully find your deleted account for you. It works due to the method that AD deals with deleting an object. Namely that the object is marked for deletion but only actually deleted during it’s scheduled maintenance run. Until then the object is simply hidden so can be reset.

3. Once you’ve restored the account back into AD you’ll need to reset the account’s password and enable it.

4. Reconnect the mailbox

If you’re using Exchange 2000/2003 then you can easily see the orphaned mailbox within the store and reconnect it via a right-click. However, if you’re using Exchange 2007/2010 you may find that the mailbox does not display under the “disconnected mailbox” section. This is again reliant on scheduled maintenance runs however if you’re in a rush you can run the following PowerShell command:

Clean-MailboxDatabase “Database Name”

Though if you have a few mailbox databases on the server, you may need to run Get-MailBoxDatabase to get the full name of the target db.

At this point you can right-click the disconnected database and reconnect it to the recovered mailbox.

5. Reset the group memberships.

Due to the tombstone process removing all group membership, you’re going to have to go back into the account and add them back in.

6. Check it all works.

I usually grant myself Full Access to the mailbox and check it through OWA just to make sure the e-mail is up and running. Send a few messages back and forth is always a good idea. You can also try running a CLI or shortcut as the recovered user to make sure it has indeed come back as required. After that all you’ve got to do is wait for replication to take place.

Posted in IT, Windows | Tagged: , , , | Leave a Comment »

Entourage 2008 and Exchange 2007

Posted by graycat on 8 September 2010

Some of you may be like me as in completely OS and vendor neutral (ok as far as can be expected) and use both Microsoft and other software vendors. If you use a Mac then you will most likely be aware of Office 2008:Mac from Microsoft. Which, credit where credit is due, is not a bad suite of software. I particularly like Entourage which I rate higher than most version of Outlook for usability and basic functionality for a base user.

However recently I’ve run into a problem. What occurred after an Exchange upgrade from 2003 to 2007 was that Entourage would not connect properly. Initially this was annoying then frustrating and then a blessing in disguise as I work too much and needed down time.

Recently though I’ve had to do some travelling for work and needed both my Mac and a local copy of my e-mails. Mac’s inbuilt e-mail program just wasn’t cutting it so it was time to sort out Entourage.

A lot of research points towards the lack of WebDAV in Exchange 2007 out of the box as being the culprit and to be honest it is. Microsoft has changed a lot of the back end and IIS configuration of Exchange in 2007 and a lot of things just plain aren’t there by default.

Now you can add WebDAV back in pretty easily as well as setup the sub-folders that are no longer in IIS but to my mind this was a last resort really. I mean, why have a new bit of tech only to hobble it by adding old bits back in? Ok, it’s not exactly killing Exchange by putting those bits back in but the thought still stood.

After a lot more research I ran across a page on the Microsoft Mactopia site (who comes up with these names? Seriously.) which discussed Entourage working with the new web services in Exchange 2007. A quick review and a download later and I had the addon. The install is very quick and easy as you would expect with Entourage asking to import settings as per a new build. Supplying my e-mail details and it was away but would it connect?

Simple answer is yes it does and it just works.

So that was it. In a nutshell to get Entourage to work with a vaguely standard Exchange 2007 or even a secured one, first download the addon for Entourage Web Services and you’ll be good to go.

If only everything else was as simple as that when you know how, huh?

Posted in IT | Tagged: , , , , , , | Leave a Comment »

VMware ESX 3.5 and 64 bit OSs

Posted by graycat on 25 June 2010

Quite a few people out there make use of the excellent server virtualisation software produced by VMware so I thought I’d lay this tip out there for 64bit OSs.

It seems that VMware ESX 3.5 will not recognise your host server as being 64 bit compliant until you enable the right flags within the CPUs. In my case where I’m using a HP DL380 G5 which is 64 bit compliant then you have to enable Intel’s Virtual Threading (VT for short).

To do this, shutdown all of the hosted VMs and place the host into maintenance mode before shutting it down fully. Then boot back into the host BIOS (hit F9 after the HP splash screen). Once in the BIOS settings go down to “Advanced Options” and select Intel’s Virtual Technology / Threading. Exit out and here is the key point – you must full shut the server down.

This means all power cables out and left for a good 60 seconds at least! Miss this step out and you won’t get anywhere fast.

Once VT has been enabled spool the VM back up and create 64 bit virtual machines to your hearts content.

Extra tips:

  • I’ve heard that any VM created prior to this change will not register the change in CPU so will have to be created again.
  • Paravirtualisation should also be turned off. Whilst this should only affect the *nix kernels there have been reports of it messing with Windows OSs if set prior to initial build.
  • Anything prior to a G5 will most likely not be x64 compatible so no dice.

Posted in IT | Tagged: , , , , , , , | Leave a Comment »

McAfee woes

Posted by graycat on 18 June 2010

Like a lot of people out there we use McAfee and ePolicy for our corporate anti-virus, anti-malware etc. Most of the time this is a bit of a “set and forget” application but sometimes it throws you a curve ball.

Like this morning for instance.

I was just in the middle of a hurried (and harried!) discussion regarding an Exchange upgrade we’re having to undertake earlier then planned (more on that some other time) when the first signs of a problem dribbled in. Well by dribbled in I mean that my IM went off with messages from multiple sites and my phone burst into life. You know, the usual kind of thing.

The initial problem was that people couldn’t access shared drives which then progressed to not being able to access local drives including My Documents. After a bit of research it turns out that McAfee was blocking explorer.exe as a spoofed process!

Needless to say this went straight into the “Not Cool” category and we started working on it. As suspected, we hadn’t made any changes overnight to our ePolicy setup or rules but the issue was definitely being enforced by something. Further investigation turned up that the rules on the clients weren’t the same as those on the server. A bit of double checking and tick/unticking of settings and the rules were back where they should be and ready to roll.

After a brief period where the rules replicated to all repositories and yet more PCs were reported as affected, we were ready to beat it all back into shape. A short reboot later and most affected machines were back on the straight and narrow.

Those that didn’t want to play were quickly logged on to by an admin and the McAfee apps launch via cmd. It was interesting to find out that mcconsole.exe is the McAfee Console and you can force updates from the cli using mcupdate.exe – yes, things are actually named logically it seems!

Anyway after that was solved it’s back to my main stress of the moment – how to upgrade a multi-site, multi-version Exchange infrastructure with as little headaches as possible. Looks our for more posts on this in the coming weeks!

Posted in IT, Real Life | Tagged: , , , , | Leave a Comment »

WSUS 3.0 SP2 Problems

Posted by graycat on 11 June 2010

Like any responisble admin, I like to keep my machines up to date and patched as far as I can. Unlike some though I don’t like running right on the bleeding edge of the latest versions as I prize stability over new functions. A stable environment = more productive users = more money to the company to pay for my caffeine habit!

For our Windows machines this revolves around the free Microsoft offering of WSUS. In fact multiple WSUS installations in my case as we’re spread across many sites and not all have great internet links. To cover this I have one WSUS server installed in the head office which acts as the “master” and all the others act as “downstream” servers pulling the updates and rules from the master. This works really well and is almost set-and-forget reliable.

Well, until an update to WSUS itself sneaks though that is!

A few weeks ago whilst I was on annual leave our master WSUS server picked up and update to SP2. Unfortunately whilst it tried to install it, it failed miserably. Part of the automated tidy up after this failed upgrade was to remove WSUS. In its entirety!

Fortunately this was spotted pretty shortly after and WSUS SP1 was reinstalled however whilst the updates and DB remained it had lost all rules and groups.

After reviewing the damage and the release notes, I decided to rip it out and install the SP2 version from fresh as this seems to be the only reliable way of upgrading. I have heard that you can use the Installation CleanUp utility to remove the aborted WSUS upgrades and then just install SP2 over the top but decided to go with the full method instead.

Oh and as a backup to manual checks I’m implementing some more detailed checks from nagios for these servers just to be on the safe side!

Posted in IT, Real Life | Leave a Comment »

Progression of storage

Posted by graycat on 30 May 2010

Now I’m not sure if I’ve mentioned this previously but I run a MacBook as my personal machine. This is one of the last black ones and originally came with 160Gb hard drive I think. However I soon upgraded this to a 500Gb one.

Yep, that’s a whopping half a terabyte.

That’s bigger than a lot of servers a few years ago! In a laptop!

So this huge amount of storage should last me forever or damn close, right? Ummm not really it turns out. After a quick trip to the local computer store I’m now a proud owner of my second WD external hard drive and this one is a huge 1Tb. Ok, I know that’s not really huge when you look at the 1.5Tb and even 2Tb single drives that are on the market at present but it did get me thinking.

I now have sat on my desk the following: a 1Tb WD Essentials, a 500Gb WD MyBook, a 250Gb WD Passport and a 500Gb WD internal drive. That makes for a 2.25Tb of storage …… and that’s not counting fun things like iPhones or USB and SD sticks.

To put it into perspective the first server I purchased when I started in IT was only 120Gb or so and that was using a six drive bay chassis. Of course the latest and greatest servers have many terabytes of storage without even getting into the SAN arena.

If you had told me five or ten years ago that I’d have over two thousand gigabytes of storage on my desk at home I would have been very interested in what you had been drinking!

It really makes me wonder what we’re going to have on our desks in five or ten years ……. and what we’re going to be storing on it!!

Posted in IT, Real Life | 1 Comment »

Installing APC Shutdown Agent on ESX 3.5

Posted by graycat on 7 May 2010

If you’ve got a VMware host then you’ll be running it on some kind of UPS …… I hope! Personally we use the various APC offerings and need to make sure the host and virtual machines are all covered in case of a poweroutage.

Handily enough, APC have provided a single server licensed application that you can install on the host and have it deal with the UPS and shutting down / starting the virtual machines back up. Here’s how I did it:

Firstly download the application from APC and upload it onto your VMWare host. I’ve got a folder on the host for iso images so just dropped it in there using the VMWare Infrastructure Client to do so. Once I’d done this I did connected to the host via ssh and located the directory and copied the install tar file over to /downloads
find / -name ISOs
cp /vmfs/volumes/4798efa5-f7531804-98d6-001b789b7576/ISOs/pcns224esx.tar.gz /downloads/

Now that’s all done I had to reset the file permissions
cd /downloads/
chmod 777 pcns224esx.tar.gz

unzip and then untar the tarball as follows
gunzip pcns224esx.tar.gz
tar -xf pcns224esx.tar

You will then have a bunch of files looking like this:

[Admin@vmhost01 downloads]$ ls -la
total 65432
drwxr-xr-x 2 root root 4096 Apr 30 09:52 .
drwxr-xr-x 21 root root 4096 Mar 20 13:32 ..
-rw-r–r– 1 root root 60691 Oct 8 2009 install.htm
-rwxr-xr-x 1 root root 33214 Oct 8 2009 install.sh
-rw-r–r– 1 root root 31451007 Oct 8 2009 jre1.5.0_18_linux.tar.gz
-rwxrwxrwx 1 root root 33454080 Apr 30 09:46 pcns224esx.tar
-rw-r–r– 1 root root 1868101 Apr 30 09:52 pcns224.tar.gz
-rw-r–r– 1 root root 24647 Oct 8 2009 relnotes.htm
-rw-r–r– 1 root root 1132 Oct 8 2009 silentInstall.sample

Run the install script
./install.sh

You’ll then be faced with an EULA to agree to and a bunch of configuration questions which will probably look a bit like this:
Do you agree to the above license terms? [yes or no]
yes

Please enter the PCNS instance number [1|2|3] or press enter to use default value of 1:

1 PCNS instance(s) will be installed.

Please enter the installation directory or press enter to install to the default directory (/opt/APC/owerChute):

Are you sure you want to install PCNS to /opt/APC/PowerChute [Yes|No]?
yes
Creating /opt/APC directory …
PCNS will be installed to /opt/APC/PowerChute
Copying the installation files …
Extracting PCNS files …
PCNS is extracted to /opt/APC/PowerChute

Please enter java directory if you want to use your system java (example:/usr/local/bin/jre/jre1.5.0_8) or press enter to install the bundled Java:

Copying jre to /opt/APC/PowerChute/jre …
Extracting jre to /opt/APC/PowerChute/jre …

java version “1.5.0_18”
Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_18-b02)
Java HotSpot(TM) Client VM (build 1.5.0_18-b02, mixed mode, sharing)

JAVA_DIR=/opt/APC/PowerChute/jre/jre1.5.0_18

Configuring startup files …
Startup script=/etc/rc.d/init.d/PowerChute
Updating Linux symbolic link …
Configuring uninstall script …

Completed.
Please run the PCNSConfig.sh script located within the PCNS installation directory to complete the intallation.

Once you’ve followed that all the way through (it doesn’t take that long, honest!) you’ll be on to installing the PCNS side of things. This is hiding under /opt/APC/PowerChute/group1/PCNSConfig.sh in case you can’t find it. Run that script and follow the wizard to finish the install like this:
[root@vmhost01 group1]# ./PCNSConfig.sh

————————————————–
PowerChute Network Shutdown Configuration Utility
————————————————–

Press Ctrl + C at anytime to abort.

Configuring PowerChute Network Shutdown …

[1]: Configure for a single UPS device
[2]: Configure for a parallel Silcon UPS / Smart-UPS VT / Gala
[3]: Configure for multiple Smart-UPS or Galaxy devices
[4]: Configure for multiple Symmetra devices

Please select the appropriate configuration type (1) [ 1 – 4 ]

Management Card IP: 192.168.48.137
Management Card Port # (80):
Administrator User Name: apc
Administrator Password:
Authentication Phrase (default):

Setting Summary:

Management Card IP: 192.168.48.137
Management Card Port #: 80
Administrator User Name: apc
Administrator Password: [ MASKED ]
Authentication Phrase (default): [ MASKED ]

Do you wish to register these settings [ Yes | No | Abort ]? y

Registering PowerChute Network Shutdown with the management ca
PowerChute Network Shutdown registration completed successfull

Do you wish to start the PowerChute Network Shutdown service [
PowerChute Network Shutdown service started.

Configuration completed.

At this point you’ve just got to configure the VMWare side of things so it can shutdown the hosts properly in case of a power outage. This is actually the easiest bit.

1. Go to the vCenter Server, and for each ESXi host, select “Virtual Machine Startup/Shutdown”.
2. Change the Virtual Machine Shutdown setting from “Turn off” to “Guest Shutdown”.
3. Specify the shutdown order, by arranging guest VMs in “Startup Order”. (Shutdown order is the reverse of startup order).
4. Click OK to accept the changes.
5. Change the “Any Order” option to “Manual Startup” for all the VMs.
6. Change the “Startup” settings to “Disabled” for all the VMs.

And whilst you’re at it you may was well sort the startups out as well:
1. Go to the vCenter Server, and for each ESXi host, select “Virtual Machine Startup/Shutdown”.
2. Move all guest VMs to “Manual Startup” from “Any Order”
3. Change the “Startup” settings to “Disabled” for all VMs.
4. Click OK to accept the changes.

Now just go and unplug the UPS from the mains to test …….. ONLY JOKING!!!!

Posted in IT | Leave a Comment »