-
Datastore inactive and device cannot be brought online
No comments yetPosted in VMWareJun 28, 2015
If your shared storage or volumes go offline while VMs are running, but after recover these volumes and rescan adapter, datastores still stay in inactive state and you're seeing the following in the /var/log/vmkernel.log:
ScsiDevice: 5192: eui.3f7999dba06450376c9ce9006ec1b4eb device :Open count > 0, cannot be brought online
it may indicate that the virtual machine is stuck or specifically the world (process) for the virtual machine vCPU is still holding up to the device. Since the datastore and the backed storage device/volume were not unmounted and detached properly, it could not be brought online again after recovery. At least not until we can kill the stuck VM. Here's the step to do that:
1. Identify the inactive datastore and the device serial number behind it (which would be similar to the one shown in the vmkernel.log) 2. Kill all related world (by id) to the device on the ESX host. Here's a sample script:
DEVICE_SERIAL=eui.3f7999dba06450376c9ce9006ec1b4eb
for i in $(esxcli storage core device world list -d $DEVICE_SERIAL |awk {'print $2'} |tail -n +3)
do
out=$(esxcli vm process kill --type=force --world-id=$i)
rc=$?
if [[ $rc -eq 0 ]]; then
echo "kill world id=$i successfully"
fi
# check for error
echo $out |grep "Unable to find a virtual machine with the world ID" 1>/dev/null
rc=$? # rc=0 means world id not found which is OK
if [[ $rc -eq 1 ]]; then
echo ERROR: "$out"
fi
done
3. Rescan adapter and the device/datastore would come back to normal after it completes
Source: http://importstack.blogspot.com/2014/10/datastore-inactive-and-device-cannot-be.html
-
Troubleshooting Locked-out Accounts in a Windows 2008/R2 Domain
No comments yetPosted in WindowsMar 28, 2014
One of my colleagues’ account was constantly being locked out. I suspected that he had used his account to run a service, or other automated task on a server and I needed to find out which one.
As I’d previously used the Microsoft “Account Lockout and Management Tools”, I downloaded the latest version from here (http://www.microsoft.com/en-gb/download/details.aspx?id=18465). There are two useful utilities “LockoutStatus.exe”, which shows the state of a specific account on each domain controller (useful to identify which DC is locking out the account) and “eventcombMT.exe” which gathers the event logs from all the DC’s and parses them for specific events.
Although the package runs on 2008 and later OS’ (you need to run it as an administrator, with read access to your domain controller event logs), it only searches for the Event IDs that were valid for Server 2003 and earlier.
Luckily Microsoft has published the new Event IDs for Server 2008 and later (See: Description of security events in Windows Vista and in Windows Server 2008:http://support.microsoft.com/kb/947226), and the new event id I required was 4740 (“A user account was locked out”), but I also included 4625 (“An account failed to logon”).
To search for account lockouts with the new event id in EventCombMT:
- On the Searches menu, point to Built In Searches, and then click Account Lockouts.
All domain controllers for the domain appear in the Select To Search/Right Click To Addbox. Also, in the Event IDs box, you see that event IDs 529, 644, 675, 676, and 681 are added. - In the Event IDs box, type a space, and then type 4740 4625 after the last event number.
- Click Search.
Once the search has completed, you should be presented with the output folder (by default it is in C:\Temp) with two or more small text files with the events listed – these should help you identify which machines are causing the lockout.
source:
http://3rdlinesupport.wordpress.com/2012/11/03/troubleshooting-locked-out-accounts-in-a-windows-2008r2-domain/ - On the Searches menu, point to Built In Searches, and then click Account Lockouts.
-
Show Command Multiple Filtering
No comments yetPosted in NetworkMar 27, 2014
Normally when we do show command we make use of the “|” to filter and put in keywords after like include, exclude, begin and section. As we all know “include” means show only that matches the string like for the example below.
R1#sh run | inc CISCO neighbor CISCO peer-group
We can do some multiple command filtering like the example below using the “include” keyword. Let’s say we want to see the interface name, then the description, the OSPF cost and if its configured with the “mpls ip” command.
R1#sh run | inc interface |^ description |^ ip ospf cost |^ mpls ip interface FastEthernet0/0 description towards LAN ip ospf cost 100 mpls ip
The trick is to use multiple “|” and then the regular expression “^”. Then put a space before the string because the configurations under the interface configuration if you do a “show run” has a space before the line. This also applies to the “exclude” keyword but who the heck uses “exclude” that much?
Source:
http://ciscodreamer.blogspot.com/2009/08/multiple-command-filtering.html
-
Using DISM to install Storage Drivers
No comments yetPosted in UncategorizedAug 3, 2013
If you migrate Windows installations between storage adapters, you’re often left with the well known STOP 0x7B
INACCESSIBLE_BOOT_DEVICE
.This happens because Windows doesn’t yet have the required drivers installed, and/or set as boot-critical.
The dism.exe tool allows us to install (boot-critical) drivers into an offline Windows “image”. Note that an offline Windows “image” is nothing special – a regular Windows install is a valid Windows “image”.
After a STOP 0x7B, Windows Boot Manager usually sets up fallback boot into WinRE (Windows Recovery Environment). WinRE has a copy of the DISM tool, so you’re good to go. (Cancel the Startup Recovery assistant if you have to.)
Example DISM command to use from the WinRE (or WinPE) Command Prompt:
dism /image:d:\ /add-driver /driver:e:\ /recurse
-
3750 interface bandwidth limiting
No comments yetPosted in NetworkJul 20, 2013
I want to police customers traffic into 20mbps.
Ingress policing
Create policy map:policy-map shape-20
class class-default
police 20M 400000 exceed-action drop
Assign policy map to interface:interface FastEthernet1/0/2
service-policy input shape-20Egress policing
Unfortunately, policy-map containing police action cannot be attached to interface in egress direction. So here is how i limit it to 20mbps:interface FastEthernet1/0/2
srr-queue bandwidth limit 20
srr-queue bandwidth shape 0 0 0 0 -
IPv4 CIDR Chart
No comments yetPosted in UncategorizedMar 15, 2013
VLSM/CIDR Reference Table (IPv4 Subnetting Chart) Class Prefix Subnet Mask Subnets Hosts / Usable IPs Bits used C /31 255.255.255.254 128 2 (ppp only) 7 / 1 /30 255.255.255.252 64 4 (2) 6 / 2 /29 255.255.255.248 32 8 (6) 5 / 3 /28 255.255.255.240 16 16 (14) 4 / 4 /27 255.255.255.224 8 32 (30) 3 / 5 /26 255.255.255.192 4 64 (62) 2 / 6 /25 255.255.255.128 2 128 (126) 1 / 7 /24 255.255.255.0 0 256 (254) 0 / 8 B /23 255.255.254.0 128 512 (510) 7 / 9 /22 255.255.252.0 64 1024 (1022) 6 / 10 /21 255.255.248.0 32 2048 (2046) 5 / 11 /20 255.255.240.0 16 4096 (4094) 4 / 12 /19 255.255.224.0 8 8292 (8290) 3 / 13 /18 255.255.192.0 4 16384 (16382) 2 / 14 /17 255.255.128.0 2 32768 (32766) 1 / 15 /16 255.255.0.0 0 65536 (65534) 0 / 16 A /15 255.254.0.0 128 131072 (- 2) 7 / 17 /14 255.252.0.0 64 262144 (- 2) 6 / 18 /13 255.248.0.0 32 524288 (- 2) 5 / 19 /12 255.240.0.0 16 1048576 (- 2) 4 / 20 /11 255.224.0.0 8 2097152 (- 2) 3 / 21 /10 255.192.0.0 4 4194304 (- 2) 2 / 22 /9 255.128.0.0 2 8388608 (- 2) 1 / 23 /8 255.0.0.0 0 16777216 (- 2) 0 / 24 -
Adding RedHat DVD as Repository
No comments yetPosted in LinuxMar 29, 2012
When we try out a new linux OS its always a pain to download and install all the software and add packages we needs on that. Its even worse if you don?t have an unlimited connection. But actually most of the software we need is already there in the CD/DVD in which the operating system comes with. So how do we install from the DVD then rather than from the internet?
For this you need to add the DVD as a repository so that rpm client picks up the rpm from the DVD and wont go to internet for it.
The Procedure and Files to be modified is a bit different for each OS so i will cover Red Hat Linux in this post.
In RHEL the repo list is maintained in the folder /etc/yum.repos.d/ . So lets create a new file in this directory , say lets call it rhel-cd.repo.
The Contents of this file should be as follows:[rhel-cd] name=Red Hat Enterprise Linux $releasever - $basearch - CD baseurl=file:///media/RHEL/Server/ enabled=1 gpgcheck=0
First line ([rhel-cd]) should be an unique value ie no two repo file should have the same value or it will show a warning.
Name can be anything it is for the user to identify it when its shown though the rpm interface.
baseurl should point to the DVD mount point. For this we first identify the file repomd.xml. This file should be in the folder repodata. Thus we should include the folder path to the parent folder to repodata in the baseurl.
Eg: In my DVD path to repomd.xml is /media/RHEL/Server/repodata/repomd.xml , then I include /media/RHEL/Server/ in the baseurl as file:///media/RHEL/Server/enabled should be 1 if the repo should be taken by rpm on searching for sources.
gpgcheck can be enabled if you have the gpg file for the cd. Lets leave it disabled for now.
Now save the file and close it. So the configuration for adding a new repo is done. If you have any more .repo files in the folder /etc/yum.repos.d/ then open those and disable ( by making enabled=0) those for now as rpm might choose them over cd repo and it will prompt for downloading from internet. After doing that also we need to clean the cache of yum so that it re-reads the repodata and caches again. This is essential as then only the changes made to .repo files get reflected. You can clean cache by the command
yum clean all
Now you can install new rpms from the DVD by using yum command.
So try it out and tell me how it goes and tell me if it doesn?t work or if you need some helpThe content of this post is from http://blog.sriunplugged.com/linux/adding-redhat-dvd-as-repository/. Want to make sure i give credit to source.
-
Putty Auto Login Via Command Line
No comments yetPosted in UncategorizedMar 14, 2012
So lets say you want to open a new PuTTY session to a certain IP Address and have it automatically enter your username for you.
C:\putty.exe username@192.168.0.1
Now lets do the same thing but with a password too.
C:\putty.exe username@192.168.0.1 -pw password
The two above are fine if you don’t need to use any of the provided settings you get from within PuTTY (e.g. Tunnels, Proxy’s, Color Schemes etc) but if you’re like me and you need to use Tunnels to tunnel into a server using a number of ports then the simplest way to do is this to create a new PuTTY session and then use the following parameters.
C:\putty.exe -load “Session Name” -l username -pw password
-
IPSec VPN with Netgear FVS318v3
No comments yetPosted in NetworkFeb 8, 2012
First you have to set up your FVS318 router to accept the connections.
- Log on to your router and go to the “VPN Wizard” in the left hand menu.
- Just click “Next”…
- You have to set a name for your connection and a pre-shared key (PSK). Select “A remote VPN client” as connection type.
- You will get a confirmation screen next. Just click “Done”.
Now your router is up to speed and you need to download the VPN client fromhttps://www.shrew.net/download
Ones installed it’s time to set up your new connection.- In the router admin page select “IKE Policies” in the left hand menu. The two pieces of information you are interested in is “Local ID” and “Remote ID”.
- Now start Shrew Soft VPN Access Manager and click “Add”.
- Now enter your DynDNS, or static WAN address if you have one, in the “Host Name or IP Address” field.
- Set “Auto Configuration” to “disabled”.
- Set “Local Host” – “Address Method” to “Use an existing adapter and current address”.
- Now go to the “Name Resolution” tab. If you know the addresses to wins server and/or dns server on the remote network enter them here. If not uncheck the check boxes.
- Now go to the “Authentication” tab and set “Authentication Method” to “Mutual PSK”.
- “Local Identity” should be the field “Remote ID” on the routers “IKE Policies” page. “Identification Type” should be “Fully Qualified Domain Name”.
- On the “Remote Identity” tab the “Identification Type” should be “Fully Qualified Domain Name” and “FQDN String” should be the “Local ID” from the routers “IKE Policies” page.
- Moving on to the “Credentials” tab fill in your PSK in the “Pre Shared Key” field. In this case “areallylamekey”.
- Then you go to main tab “Policy”.
- Uncheck the “Obtain Topology Automatically or Tunnel All” check box.
- Click the “Add” button.
- Type in your network. To route all the 192.168.0.x addresses over the VPN tunnel enter address 192.168.0.0 and netmask 255.255.255.0. If you have the same network address range at home and in your current location you can enter specific addresses or add an other topology entry that excludes those addresses.
- Then hit “Save” and you will return to the mane window.
- Dubbel click your connection and select “Connect”. That’s it!
Your now up and running with your own secure IPSec tunnel to your home or office!
The content of this post is from https://www.hackviking.com/2010/10/ipsec-vpn-with-netgear-fvs318v3/. Want to make sure i give credit to source.
-
Exchange 2003 to 2010 mail flow issue
No comments yetPosted in Exchange 2010Feb 8, 2012
Durring the exchange 2010 install the routing group connector didn’t get created so we need to run the following command in the exchange management shell to create the routing group connector:
“New-RoutingGroupConnector -Name “2010-2003” -SourceTransportServers “Ex2010Hub1.contoso.com” -TargetTransportServers “Ex2003BH1.contoso.com” -Cost 10 -Bidirectional $true -PublicFolderReferralsEnabled $true”
You also want to make sure that your smtp virtual server on exchange 2003 and exchange 2010 is configured to work on port 25 or you will still have mail flow issues.
After running the above command and verifying that your smtp settings your mail flow should now be working.