• Datastore inactive and device cannot be brought online

    If your shared storage or volumes go offline while VMs are running, but after recover these volumes and rescan adapter,
    datastores still stay in inactive state and you're seeing the following in the /var/log/vmkernel.log:

    ScsiDevice: 5192: eui.3f7999dba06450376c9ce9006ec1b4eb device :Open count > 0, cannot be brought online

    it may indicate that the virtual machine is stuck or specifically the world (process) for the virtual machine vCPU is still holding 
    up to the device. Since the datastore and the backed storage device/volume were not unmounted and detached properly, it could not be
    brought online again after recovery. At least not until we can kill the stuck VM. Here's the step to do that:
    1. Identify the inactive datastore and the device serial number behind it (which would be similar to the one shown in the vmkernel.log)
    2. Kill all related world (by id) to the device on the ESX host. Here's a sample script:

    for i in $(esxcli storage core device world list -d $DEVICE_SERIAL |awk {'print $2'} |tail -n +3)
    out=$(esxcli vm process kill --type=force --world-id=$i)
    if [[ $rc -eq 0 ]]; then
    echo "kill world id=$i successfully"
    # check for error
    echo $out |grep "Unable to find a virtual machine with the world ID" 1>/dev/null
    rc=$? # rc=0 means world id not found which is OK
    if [[ $rc -eq 1 ]]; then
    echo ERROR: "$out"

    3. Rescan adapter and the device/datastore would come back to normal after it completes
    Read more »
  • Troubleshooting Locked-out Accounts in a Windows 2008/R2 Domain

    One of my colleagues’ account was constantly being locked out. I suspected that he had used his account to run a service, or other automated task on a server and I needed to find out which one.

    As I’d previously used the Microsoft “Account Lockout and Management Tools”, I downloaded the latest version from here (http://www.microsoft.com/en-gb/download/details.aspx?id=18465). There are two useful utilities “LockoutStatus.exe”, which shows the state of a specific account on each domain controller (useful to identify which DC is locking out the account) and “eventcombMT.exe” which gathers the event logs from all the DC’s and parses them for specific events.

    Although the package runs on 2008 and later OS’ (you need to run it as an administrator, with read access to your domain controller event logs), it only searches for the Event IDs that were valid for Server 2003 and earlier.

    Luckily Microsoft has published the new Event IDs for Server 2008 and later (See: Description of security events in Windows Vista and in Windows Server 2008:http://support.microsoft.com/kb/947226), and the new event id I required was 4740 (“A user account was locked out”), but I also included 4625 (“An account failed to logon”).

    To search for account lockouts with the new event id in EventCombMT:

    1. On the Searches menu, point to Built In Searches, and then click Account Lockouts.
      All domain controllers for the domain appear in the Select To Search/Right Click To Addbox. Also, in the Event IDs box, you see that event IDs 529, 644, 675, 676, and 681 are added.
    2. In the Event IDs box, type a space, and then type 4740 4625 after the last event number.
    3. Click Search.

    Once the search has completed, you should be presented with the output folder (by default it is in C:\Temp) with two or more small text files with the events listed – these should help you identify which machines are causing the lockout.



    Read more »
  • Show Command Multiple Filtering

    Normally when we do show command we make use of the “|” to filter and put in keywords after like include, exclude, begin and section. As we all know “include” means show only that matches the string like for the example below.

    R1#sh run | inc CISCO
     neighbor CISCO peer-group

    We can do some multiple command filtering like the example below using the “include” keyword. Let’s say we want to see the interface name, then the description, the OSPF cost and if its configured with the “mpls ip” command.

    R1#sh run | inc interface |^ description |^ ip ospf cost |^ mpls ip
    interface FastEthernet0/0
    description towards LAN
    ip ospf cost 100
    mpls ip

    The trick is to use multiple “|” and then the regular expression “^”. Then put a space before the string because the configurations under the interface configuration if you do a “show run” has a space before the line. This also applies to the “exclude” keyword but who the heck uses “exclude” that much?




    Read more »
  • Using DISM to install Storage Drivers

    If you migrate Windows installations between storage adapters, you’re often left with the well known STOP 0x7B INACCESSIBLE_BOOT_DEVICE.

    This happens because Windows doesn’t yet have the required drivers installed, and/or set as boot-critical.

    The dism.exe tool allows us to install (boot-critical) drivers into an offline Windows “image”. Note that an offline Windows “image” is nothing special – a regular Windows install is a valid Windows “image”.

    After a STOP 0x7B, Windows Boot Manager usually sets up fallback boot into WinRE (Windows Recovery Environment). WinRE has a copy of the DISM tool, so you’re good to go. (Cancel the Startup Recovery assistant if you have to.)

    Example DISM command to use from the WinRE (or WinPE) Command Prompt:

    dism /image:d:\ /add-driver /driver:e:\ /recurse
    Read more »
  • 3750 interface bandwidth limiting

    I want to police customers traffic into 20mbps.

    Ingress policing
    Create policy map:

    policy-map shape-20
    class class-default
    police 20M 400000 exceed-action drop
    Assign policy map to interface:

    interface FastEthernet1/0/2
    service-policy input shape-20

    Egress policing
    Unfortunately, policy-map containing police action cannot be attached to interface in egress direction. So here is how i limit it to 20mbps:

    interface FastEthernet1/0/2
    srr-queue bandwidth limit 20
    srr-queue bandwidth shape 0 0 0 0

    Read more »
  • IPv4 CIDR Chart

    VLSM/CIDR Reference Table (IPv4 Subnetting Chart)
    Class Prefix  Subnet Mask  Subnets  Hosts / Usable IPs  Bits used
    C  /31  128  2 (ppp only)  7 / 1
     /30  64  4 (2)  6 / 2
     /29  32  8 (6)  5 / 3
     /28  16  16 (14)  4 / 4
     /27  8  32 (30)  3 / 5
     /26  4  64 (62)  2 / 6
     /25  2  128 (126)  1 / 7
     /24  0  256 (254)  0 / 8
    B  /23  128  512 (510)  7 / 9
     /22  64  1024 (1022)  6 / 10
     /21  32  2048 (2046)  5 / 11
     /20  16  4096 (4094)  4 / 12
     /19  8  8292 (8290)  3 / 13
     /18  4  16384 (16382)  2 / 14
     /17  2  32768 (32766)  1 / 15
     /16  0  65536 (65534)  0 / 16
    A  /15  128  131072 (- 2)  7 / 17
     /14  64  262144 (- 2)  6 / 18
     /13  32  524288 (- 2)  5 / 19
     /12  16  1048576 (- 2)  4 / 20
     /11  8  2097152 (- 2)  3 / 21
     /10  4  4194304 (- 2)  2 / 22
     /9  2  8388608 (- 2)  1 / 23
     /8  0  16777216 (- 2)  0 / 24
    Read more »
  • Adding RedHat DVD as Repository

    When we try out a new linux OS its always a pain to download and install all the software and  add packages we needs on that. Its even worse if you don?t have an unlimited connection. But actually most of the software we need is already there in the CD/DVD in which the operating system comes with. So how do we install from the DVD then rather than from the internet?
    For this you need to add the DVD as a repository so that rpm client picks up the rpm from the DVD and wont go to internet for it.
    The Procedure and Files to be modified is a bit different for each OS so i will cover Red Hat Linux in this post.
    In RHEL the repo list is maintained in the folder /etc/yum.repos.d/ . So lets create a new file in this directory , say lets call it rhel-cd.repo.
    The Contents of this file should be as follows:


    name=Red Hat Enterprise Linux $releasever - $basearch - CD

    First line ([rhel-cd]) should be an unique value ie no two repo file should have the same value or it will show a warning.

    Name can be anything it is for the user to identify it when its shown though the rpm interface.

    baseurl should point to the DVD mount point. For this we first identify the file repomd.xml. This file should be in the folder repodata. Thus we should include the folder path to the parent folder to repodata in the baseurl.
    Eg: In my DVD path to repomd.xml is /media/RHEL/Server/repodata/repomd.xml , then I include /media/RHEL/Server/ in the baseurl as file:///media/RHEL/Server/

    enabled should be 1 if the repo should be taken by rpm on searching for sources.

    gpgcheck can be enabled if you have the gpg file for the cd. Lets leave it disabled for now.

    Now save the file and close it. So the configuration for adding a new repo is done. If you have any more .repo files in the folder /etc/yum.repos.d/ then open those and disable ( by making enabled=0) those for now as rpm might choose them over cd repo and it will prompt for downloading from internet. After doing that also we need to clean the cache of yum so that it re-reads the repodata and caches again. This is essential as then only the changes made to .repo files get reflected. You can clean cache by the command

    yum clean all

    Now you can install new rpms from the DVD by using yum command.
    So try it out and tell me how it goes and tell me if it doesn?t work or if you need some help


    The content of this post is from http://blog.sriunplugged.com/linux/adding-redhat-dvd-as-repository/. Want to make sure i give credit to source.

    Read more »
  • Putty Auto Login Via Command Line

    So lets say you want to open a new PuTTY session to a certain IP Address and have it automatically enter your username for you.

    C:\putty.exe username@

    Now lets do the same thing but with a password too.

    C:\putty.exe username@ -pw password

    The two above are fine if you don’t need to use any of the provided settings you get from within PuTTY (e.g. Tunnels, Proxy’s, Color Schemes etc) but if you’re like me and you need to use Tunnels to tunnel into a server using a number of ports then the simplest way to do is this to create a new PuTTY session and then use the following parameters.

    C:\putty.exe -load “Session Name” -l username -pw password

    Read more »
  • IPSec VPN with Netgear FVS318v3

    First you have to set up your FVS318 router to accept the connections.

    1. Log on to your router and go to the “VPN Wizard” in the left hand menu.
    2. Just click “Next”…
    3. You have to set a name for your connection and a pre-shared key (PSK). Select “A remote VPN client” as connection type.
    4. You will get a confirmation screen next. Just click “Done”.

    Now your router is up to speed and you need to download the VPN client fromhttps://www.shrew.net/download
    Ones installed it’s time to set up your new connection.


    1. In the router admin page select “IKE Policies” in the left hand menu. The two pieces of information you are interested in is “Local ID” and “Remote ID”.
    2. Now start Shrew Soft VPN Access Manager and click “Add”.                                                                            
    3. Now enter your DynDNS, or static WAN address if you have one, in the “Host Name or IP Address” field.
    4. Set “Auto Configuration” to “disabled”.
    5. Set “Local Host” – “Address Method” to “Use an existing adapter and current address”.
    6. Now go to the “Name Resolution” tab. If you know the addresses to wins server and/or dns server on the remote network enter them here. If not uncheck the check boxes.                         
    7. Now go to the “Authentication” tab and set “Authentication Method” to “Mutual PSK”.
    8. “Local Identity” should be the field “Remote ID” on the routers “IKE Policies” page. “Identification Type” should be “Fully Qualified Domain Name”.                                                                                                                                
    9. On the “Remote Identity” tab the “Identification Type” should be “Fully Qualified Domain Name” and “FQDN String” should be the “Local ID” from the routers “IKE Policies” page.                                                                            
    10. Moving on to the “Credentials” tab fill in your PSK in the “Pre Shared Key” field. In this case “areallylamekey”.
    11. Then you go to main tab “Policy”.
    12. Uncheck the “Obtain Topology Automatically or Tunnel All” check box.
    13. Click the “Add” button.
    14. Type in your network. To route all the 192.168.0.x addresses over the VPN tunnel enter address and netmask If you have the same network address range at home and in your current location you can enter specific addresses or add an other topology entry that excludes those addresses.
    15. Then hit “Save” and you will return to the mane window.
    16. Dubbel click your connection and select “Connect”. That’s it!                     Your now up and running with your own secure IPSec tunnel to your home or office!


    The content of this post is from https://www.hackviking.com/2010/10/ipsec-vpn-with-netgear-fvs318v3/. Want to make sure i give credit to source.

    Read more »
  • Exchange 2003 to 2010 mail flow issue

    Durring the exchange 2010 install the routing group connector didn’t get created so we need to run the following command in the exchange management shell to create the routing group connector:

    “New-RoutingGroupConnector -Name “2010-2003” -SourceTransportServers “Ex2010Hub1.contoso.com” -TargetTransportServers “Ex2003BH1.contoso.com” -Cost 10 -Bidirectional $true -PublicFolderReferralsEnabled $true”

    You also want to make sure that your smtp virtual server on exchange 2003 and exchange 2010 is configured to work on port 25 or you will still have mail flow issues.

    After running the above command and verifying that your smtp settings your mail flow should now be working.

    Read more »