Thursday, 2 December 2010

How to fix VMware error fsck.ext3 Unable to resolve UUID with no data loss

It happened to me after a power failure, that damaged a server of our vmware farm. The resolution is presented below:

ESX 4.0 host fails to boot after power operation with the error: fsck.ext3: Unable to resolve UUID

Symptoms

  • After power-cycling or rebooting an ESX 4.x server, the following error message is produced during boot:

    fsck.ext3: Unable to resolve 'UUID=34d192db-17eb-442e-9613-c5c24c6fa9fa'


    And

    *** An error occurred during the file system check.
    *** Dropping you to a shell; the system will reboot 
    *** when you leave the shell.


     

  • After encountering this error, you are unable to boot into ESX or Troubleshooting mode.
  • The unresolvable EXT file systems or partitions most commonly later appear to have mount points such as /var, /opt and /tmp.

Resolution


 

This issue occurs when the boot-time file system check utility (FSCK) for EXT-3 file systems cannot resolve a file system (by UUID) defined in /etc/fstab.

Issues that can result in this may include:

  • The default roll-back option is left enabled when a subsequent upgrade is being performed.
  • The device not present during system boot.
  • The unresolvable EXT file systems appear to reside on disks/devices that are initialized later during system boot (e.g. the last LUN).

Note: If you are experiencing an outage with virtual machines down, consider resolving the situation in a timely manner through the reinstallation of VMware ESX. Troubleshooting may take more time than a reinstallation, which is in the order of approximately 20 minutes.

Otherwise refer to instructions below for submission of information to VMware Technical Support for technical analysis.

Further troubleshooting is available in the shell:

  • Confirm the UUIDs which were not resolvable, and remain so, by running fsck again without additional arguments. Information similar to the following is displayed:


    # fsck

    fsck 1.39 (29-May-2006)
    e2fsck 1.39 (29-May-2006)
    esx-root: clean, 32953/641280 files, 414801/1281175 blocks
    e2fsck 1.39 (29-May-2006)
    /dev/sdt1: clean, 35/140832 files, 25323/281596 blocks
    fsck.ext3: Unable to resolve 'UUID=34d192db-17eb-442e-9613-c5c24c6fa9fa'
    e2fsck 1.39 (29-May-2006)
    /dev/sdt6: clean, 31/250368 files, 27851/500220 blocks
    e2fsck 1.39 (29-May-2006)
    /dev/sdt7: clean, 22/250368 files, 16815/500220 blocks


     

  • Record the UUID or UUIDs which failed to resolve. You may take a screen shot of your System Management Interface, take a picture, or write the values down.
  • Confirm these same values in the /etc/fstab file.

    # cat /etc/fstab

    UUID=79815890-f11c-4907-80fe-d1cd6bf061f8 /        ext3    defaults                  1 1
    UUID=45460133-027b-40b6-8b4d-e52aaf4c417f /boot    ext3    defaults                  1 2
    None                    /dev/pts                   devpts  defaults                  0 0
    /dev/cdrom              /mnt/cdrom                 udf,iso9660 noauto,owner,kudzu,ro 0 0
    /dev/fd0                /mnt/floppy                auto    noauto,owner,kudzu        0 0
    None                    /proc                      proc    defaults                  0 0
    None                    /sys                       sysfs   defaults                  0 0
    UUID=34d192db-17eb-442e-9613-c5c24c6fa9fa
    /var/log ext3    defaults,errors=panic     1 2
    UUID=e32ec5f4-d795-414a-8d73-a2bb3ea86342 swap     swap    defaults                  0 0


    Note: Highlighted in blue is the mount point for the respective unresolvable UUID, in red.

  • Verify what UUIDs the system is currently aware of by running the following command:

    # ls -l /dev/disk/by-uuid

    total 0
    lrwxrwxrwx 1 root root 10 Nov  9 14:36 45460133-027b-40b6-8b4d-e52aaf4c417f -> ../../sdm1

    lrwxrwxrwx 1 root root 10 Nov  9 14:36 e32ec5f4-d795-414a-8d73-a2bb3ea86342 -> ../../sdr1
    lrwxrwxrwx 1 root root 10 Nov  9 14:36 34d192db-17eb-442e-9613-c5c24c6fa9fa -> ../../sdr2
    lrwxrwxrwx 1 root root 10 Nov  9 14:36 79815890-f11c-4907-80fe-d1cd6bf061f8 -> ../../sdr5

    Notes:

    • This output reveals the UUID-to-partition relationship for all discovered EXT partitions in the system. Affected mount points or content can be associated using the previous step.
    • It is possible in some environments that none of the known partitions reported by listing /dev/disk/by-uuid match the unresolved UUID. This is correctable; for additional instructions, proceed to the following sections and correct the content of the /etc/fstab file.


     

Solution

VMware is currently investigating further for a full root-cause and solution. Workarounds are available below.

If you are able to reproduce this issue while maintaining production via alternate servers, contact VMware Technical Support after completing the following:

  1. Log into the terminal of the affected ESX server.
  2. Remount the root partition in read-write mode:

    # mount / -o remount,rw


     

  3. Configure Serial Line Logging per the section Configuring the Service Console for VMware ESX 3.x and 4.x in KB article: Enabling serial-line logging for an ESX and ESXi host (1003900).
  4. Reboot the ESX server and log the results via your listening serial terminal.
  5. Contact VMware Technical Support and file a Support Request. For additional information, see Filing a Support Request (1021619).

Workarounds

Both recommended workarounds involve the modification of the /etc/fstab file. You may either:

  • Generate a new UUID for the affected file system(s) and update /etc/fstab to match the new value(s).
  • Update /etc/fstab to incorporate the correct UUID from the file system.

Applying a new UUID

Apply a new UUID to the EXT-3 file systems which fail to resolve and update the /etc/fstab file.

  1. Run tune2fs against each Linux partition on the suspected disk device. For example:

    # tune2fs -l /dev/sdr2 | grep UUID
    Filesystem UUID:          34d192db-17eb-442e-9613-c5c24c6fa9fa


    # tune2fs -U random /dev/sdr2
    tune2fs 1.39 (29-May-2006)

    # tune2fs -l /dev/sdr2 | grep UUID
    Filesystem UUID:          25a18c70-ffcb-4b15-9d2d-1cfab1754d86

  2. Update /etc/fstab with the updated UUID. From earlier steps, /dev/sdr2 partition was determined to be the /var/log mount point:


     

    1. Remount the root partition in read-write mode:

      # mount / -o remount,rw


       

    2. Open the /etc/fstab file for re-writing. For more information, see Editing configuration files in VMware ESX (1017022).
    3. Search for, and change, the original UUID to the newly-generated UUID from earlier steps, above.
    4. Save the file and remount the root partition in read-only mode:

      # mount / -o remount,ro

    5. Reboot the server using shutdown -r now.


 

You can read the full document at (check the "mount" syntax):

http://kb.vmware.com/selfservice/microsites/search.do?cmd=displayKC&docType=kc&externalId=1017162&sliceId=1&docTypeID=DT_KB_1_1&dialogID=127160699&stateId=0%200%20138435051

Wednesday, 24 November 2010

How to setup a NFS server to archive Cisco Mars logs


For the purpose of archive Cisco Mars logs using a NFS Server.
Now NFS is supported natively in Linux, and is what Cisco would recommend for your NFS storage, which is quite simple to set up....
NFS Setup for Linux

1) As root, create a directory for the archive data eg,..

mkdir -p /archive/MARSBox
chown -R nobody.nobody /archive
chmod -R 777 /archive



2) In the /etc/exports file, add the following...

/archive/MARSBox MARS_IP_Address (rw)



3) Restart the NFS Service...

/etc/init.d/nfs restart

But what if we want to do this with Windows? Well we can use Windows Services for UNIX (WSU). This allows an NFS mount to be created on a Windows file server.

Windows Services for UNIX Setup

This can be downloaded from
HERE current version is 3.5, filename SFU35SEL_EN.exe

1) Extract this to a folder on your windows box, and run SfuSetup.msi

2) Click NEXT to Continue

3) Enter values for the Username and Organization fields, and click NEXT

4) ACCEPT the agreement option, and Click NEXT

5) Select the CUSTOM Installation option, and NEXT
6) As a minimum, and for this example, you must select Entire Feature (including any subfeatures if any) will be installed on local hard drive, for the following components..
  • NFS (see note below)
  • Authentication tools for NFS
But, make sure you deselect Gateway for NFS, or else you will get this error below...

7) Verify that Change the default behaviour to case sensitive check box is NOT TICKED, then click NEXT.
8) The Username Mapping Panel appears. Verify that...
  • Local User Name Mapping Server
  • Network Information Service (NIS)

are selected, then click NEXT.

9) Enter the Windows Domain name, the NIS Domain and Server are optional, click NEXT.

10) Enter the desired location for the Windows Service for UNIX install, (Not MARS Archive Share), and click NEXT.

11) Click FINISH, and REBOOT.
Now you have successfully install the NFS Windows Component, we are now ready to define a share to used by the MARS appliance.
Define a NFS Share on Windows

1) In Windows Explorer, create a folder for MARS to Archive to.

2) Right-Click the folder, and select the NFS Sharing Tab.

3) Select Share this folder, and enter a share name. Encoding ANSI.
4) Select Allow Anonymous Access
5) Click on Permissions, and select ALL Machines, and No Access
6) Now click ADD, and type the IP Address of your MARS Box, with Read-Write, and ANSI Encoding.

7) Click OK, and Apply.
8) From a DOS Window, type the following, to modify the shared folder permissions so that Everyone has local filesystem access to the folder.

cd share
cacls share /E /G everyone:F


8) Under Administration Tools/Local Security Policy / Security Options

Double click.. Network Access: Let Everyone permissions apply to anonymous users, and select Enabled. Then click OK.


You have now completed the NFS configuration for the Windows Server.
Check your share issuing the command "showmount –e"
Before we configure MARS to Archive to the NFS share, there is one last thing that is recommended. This is to add the NFS Client, which is the MARS Box, to the hosts file
  • /etc/hosts on Linux
  • Windows\system32\drivers\etc on Windows
And also Add the MARS Appliance to your internal DNS.

 
CS-MARS Archive Configuration

1) Select Admin / System Maintenance / Data Archiving

2) In the Remote Host IP Field, enter the IP Address of your NFS Server

3) In the Remote Path Field, enter the export path on the NFS Server

(In Windows a forward slash is required to resolve the UNC Share name)


4) Archiving Protocol, NFS is the only option at the moment!

5) Remote Storage Capacity in Days - enter one of the following...
  • The maximum number of days for which you want the NFS server to retain data. The NFS Server keeps your data for the number of days previous to the current date.
  • The number of days that the NFS Server can maximally retain, ie the upward capacity of the archive server.
6) Click START, to enable your MARS Archiving

If everything has gone to plan, you should receive a message back of DONE Status OK.



If you see an error message such as "Invalid remote IP or path", your NFS Server may not be correctly configured. I`d check the remote path is correct in the first instance.

In a Windows environment, we can also enable logging of NFS events...

1) Programs/ Windows Services for UNIX/ Services for UNIX Administration

2) Select Server for NFS


3) Under Logging, tick all the boxes, and specify a folder where you want to place the log file.

4) Click Apply to save changes.

Thats the Archiving all set up.

Wednesday, 27 October 2010

How to Backup the DHCP Database (on Win2K3) and Restore to another Server (also running Win2K3)


 

To move a DHCP database and configuration from a server that is running Windows Server 2003 to another server that is running Windows Server 2003:

  • Log on to the source DHCP server by using an account that is a member of the local Administrators group.
  • Click Start, click Run, type cmd in the Open box, and then click OK.
  • Type netsh dhcp server export C:\dhcp.txt all, and then press ENTER.


 

Install the DHCP server service on the server that is running Windows Server 2003

To install the DHCP Server service on an existing Windows Server 2003-based computer:

  • Click Start, click Control Panel, and then double-click Add or Remove Programs.
  • Click Add/Remove Windows Components.
  • In the Windows Component Wizard, click Networking Services in the Components box, and then click Details.
  • Click to select the Dynamic Host Configuration Protocol (DHCP) check box if it is not already selected, and then click OK.
  • In the Windows Components Wizard, click Next to install the selected components. Insert the Windows Server 2003 CD into your computer CD drive or DVD drive if you are prompted to do this. Setup copies the DHCP server and tool files to your computer.
  • When Setup is complete, click Finish.


 

Import the DHCP database

  • Log on as a user who is an explicit member of the local Administrators group. A user account in a group that is a member of the local Administrators group will not work. If a local Administrators account does not exist for the domain controller, restart the computer in Directory Services Restore Mode, and use the administrator account to import the database as described later in this section.
  • Copy the exported DHCP database file to the local hard disk of the Windows Server 2003-based computer.

Verify that the DHCP service is started on the Windows Server 2003-based computer.

  • Click Start, click Run, type cmd in the Open box, and then click OK.
  • At the command prompt, type netsh dhcp server import c:\dhcp.txt all, and then press ENTER, where c:\dhcp.txt is the full path and file name of the database file that you copied to the server.


 

Authorize the new DHCP server

  • Click Start, point to All Programs, point to Administrative Tools, and then click DHCP.
  • In the console tree of the DHCP snap-in, expand the new DHCP server. If there is a red arrow in the lower-right corner of the server object, the server has not yet been authorized.
  • Right-click the server objects, and then click Authorize.
  • After several moments, right-click the server again, and then click Refresh. A green arrow indicates that the DHCP server is authorized.

Friday, 24 September 2010

sendmail and sm-client very slow to start

After changing the IP address of a server, at the time of booting up sendmail and sm-client took a very long time (about 5 minutes each) to start.


 

Usually when sendmail is sluggish starting - it's because it can't figure out hostname details.

# cat /etc/hosts

127.0.0.1 localhost.localdomain localhost


 

above needs to be the very first line of /etc/hosts

if you are accepting email for a domain then it would help if you have

the fully qualified domain name set in /etc/sysconfig/network and that

name resolves via dns or at least is listed with an ip address

in /etc/hosts...

i.e.


 

# hostname

linuxserver.mydomain.com


 

# cat /etc/sysconfig/network

NETWORKING=yes

HOSTNAME=linuxserver.mydomain.com


 

# cat /etc/hosts

# Do not remove the following line, or various programs

# that require network functionality will fail.

127.0.0.1 localhost.localdomain localhost

192.168.0.1 linuxserver.mydomain.com linuxserver

# host linuxserver.mydomain.com

linuxserver.mydomain.com has address 192.168.0.1


 

# cat /etc/mail/local-host-names

mydomain.com

linuxserver.mydomain.com

www.mydomain.com

localhost

localhost.localdomain


 

That's it !

Tuesday, 21 September 2010

Linux LVM tips


 

LVM Tools

LVM Tool

Description

pvcreate

Create physical volume from a hard drive

vgcreate

Create logical volume group from one or more physical volumes

vgextend

Add a physical volume to an existing volume group

vgreduce

Remove a physical volume from a volume group

lvcreate

Create a logical volume from available space in the volume group

lvextend

Extend the size of a logical volume from free physical extents in the logical volume group

lvremove

Remove a logical volume from a logical volume group, after unmounting it

vgdisplay

Show properties of existing volume group

lvdisplay

Show properties of existing logical volumes

pvscan

Show properties of existing physical volumes

Operations on Logical Volumes

Among typical operations:

A Walkthrough of the LVM for Linux

Adding a disk to the Volume Group

Next, we'll add /dev/hda6 to the Volume Group. Just type vgextend vg01 /dev/hda6 and you're done! You can check this out by using vgdisplay -v vg01. Note that there are now a lot more PEs available!

Moving Creating a striped Logical Volume

Note that LVM created your whole Logical Volume on one Physical Volume within the Volume Group. You can also stripe an LV across two Physical Volumes with the -i flag in lvcreate. We'll create a new LV, lv02, striped across hda5 and hda6. Type lvcreate -l4 -nlv02 -i2 vg01 /dev/hda5 /dev/hda6. Specifying the PV on the command line tells LVM which PEs to use, while the -i2 command tells it to stripe it across the two.

You now have an LV striped across two PVs!

Moving data within a Volume Group

Up to now, PEs and LEs were pretty much interchangable. They are the same size and are mapped automatically by LVM. This does not have to be the case, though. In fact, you can move an entire LV from one PV to another, even while the disk is mounted and in use! This will impact your performance, but it can prove useful.

Let's move lv01 to hda6 from hda5. Type pvmove -n/dev/vg01/lv01 /dev/hda5 /dev/hda6. This will move all LEs used by lv01 mapped to PEs on /dev/hda5 to new PEs on /dev/hda6. Effectively, this migrates data from hda5 to hda6. It takes a while, but when it's done, take a look with lvdisplay -v /dev/vg01/lv01 and notice that it now resides entirely on /dev/hda6!

Removing a Logical Volume from a Volume Group

Let's say we no longer need lv02. We can remove it and place its PEs back in the empty pool for the Volume Group. First, unmounting its filesystem. Next, deactivate it with lvchange -a n /dev/vg01/lv02. Finally, delete it by typing lvremove /dev/vg01/lv02. Look at the Volume Group and notice that the PEs are now unused.

Removing a disk from the Volume Group

You can also remove a disk from a volume group. We aren't using hda5 anymore, so we can remove it from the Volume Group. Just type vgreduce vg01 /dev/hda5 and it's gone!

A file system on logical volume may be extended. Also more space may be added to a VG by adding new partitions or devices  with the command: vgextend. For example:

lvextend -L +4G /dev/VolGroup00/LogVol04

The command pvmove can be used in several ways to move any LV elsewhere. There are also many more commands to rename, remove, split, merge, activate, deactivate and get extended information about current PV's, VG's and LV's.

Here is a typical du map of a server with volume manager installed. As you can see all partitions except /boot partition are referred vi path /dev/mapper/VolGroup00-LogVolxx where xx is two digit number:

                

Filesystem 1K-blocks Used Available Use% Mounted on

/dev/mapper/VolGroup00-LogVol00

4128448 316304 3602432 9% /

/dev/sda3 194449 22382 162027 13% /boot

none 2020484 0 2020484 0% /dev/shm

/dev/mapper/VolGroup00-LogVol05

4128448 42012 3876724 2% /home

/dev/mapper/VolGroup00-LogVol03

4128448 41640 3877096 2% /tmp

/dev/mapper/VolGroup00-LogVol02

8256952 3189944 4647580 41% /usr

/dev/mapper/VolGroup00-LogVol04

8256952 174232 7663344 3% /var

/dev/hde 594366 594366 0 100% /media/cdrecorder

                

Resiliency to renumbering of physical hard disks

LVM identifies PVs by UUID, not by device name.

Each disk (PV) is labeled with a UUID, which uniquely identifies it to the system. 'vgscan' identifies this after a new disk is added that changes your drive numbering. Most distros run vgscan in the lvm startup scripts to cope with this on reboot after a hardware addition. If you're doing a hot-add, you'll have to run this by hand I think. On the other hand, if your vg is activated and being used, the renumbering should not affect it at all. It's only the activation that needs the identifier, and the worst case scenario is that the activation will fail without a vgscan with a complaint about a missing PV.

The failure or removal of a drive that LVM is currently using will cause problems with current use and future activations of the VG that was using it.

How to get information about free space

vgdisplay shows logical volumes one by one and provides the information about free disk space on each:

vgdisplay volume_group_one | grep "Total PE"

How to create a new volume

# vgcreate vg01 /dev/hda2 /dev/hda10
  Volume group "vg01" successfully created

How to create and mount a partition

  1. # lvcreate -L 5G -n data vg02
      Logical volume "data" created

     

  2. # mkfs -t ext3 /dev/vg02/data
     

  3. # mkdir /data
    # mount /dev/vg02/data /data/

  4. # df -h /data
    Filesystem            Size  Used Avail Use% Mounted on
    /dev/mapper/test--volume-data
                          50.0G   33M  5.0G   1% /data

  5. Add it to /etc/fstab

How to extend the partition

If one wishes to use all the free physical extents on the volume group one can achieve this using the lvm
lvextend command :

lvm lvextend -L +4G /dev/VolGroup00/LogVol04 # extend /var

ext2online /dev/VolGroup00/LogVol04

Option -l operates with free extents . This adds the 7153 free extents to the logical volume:

# lvm lvextend -l+7153 /dev/TestVG/TestLV

Extending logical volume TestLV to 30.28 GB

Logical volume TestLV successfully resized

 "lvextend -L +54 /dev/vg01/lvol10 /dev/sdk3" tries to extend the size of that logical volume by 54MB on physical volume /dev/sdk3. This is only possible if /dev/sdk3 is a member of volume group vg01.

Then the pvcreate command is used to create the new physical volume using the new partition, and the pvs again to verify the new physical volume. See  redhat.com Knowledgebase

How to remove LVM partionon

Use lvremove to Remove a logical volume from a logical volume group, after unmounting it

syntax:

lvremove [-A/--autobackup y/n] [-d/--debug] [-f/--force] [-h/-?/--help] [-t/--test] [-v/--verbose] LogicalVolumePath [LogicalVolumePath...]

lvremove removes one or more logical volumes. Confirmation will be requested before deactivating any active logical volume prior to removal. Logical volumes cannot be deactivated or removed while they are open (e.g. if they contain a mounted filesystem).
 

Options.

-f, --force
Remove active logical volumes without confirmation.


EXAMPLES
Remove the active logical volume lvol1 in volume group vg00 without
asking for confirmation:

lvremove -f vg00/lvol1

Remove all logical volumes in volume group vg00:

lvremove vg00


 

TIPS:

Missing drives in a volume group have caused me a lot of problems. If you just want to excommunicate the drive from your vg, the following works:


 

vgreduce --removemissing vg00


 


 

# pvscan

Couldn't find device with uuid 'pQMQJ3-Rq3M-kQD9-M6DB-UWLi-Dyk4-3pWoa7'.

Couldn't find device with uuid 'pQMQJ3-Rq3M-kQD9-M6DB-UWLi-Dyk4-3pWoa7'.

PV unknown device VG milan lvm2 [30.00 GB / 29.90 GB free]

PV /dev/sdg VG milan lvm2 [30.00 GB / 29.90 GB free]


 

# vgscan

Reading all physical volumes. This may take a while...

Couldn't find device with uuid 'pQMQJ3-Rq3M-kQD9-M6DB-UWLi-Dyk4-3pWoa7'.

Couldn't find all physical volumes for volume group milan.

Couldn't find device with uuid 'pQMQJ3-Rq3M-kQD9-M6DB-UWLi-Dyk4-3pWoa7'.

Couldn't find all physical volumes for volume group milan.

Volume group "milan" not found


 

# lvscan

Couldn't find device with uuid 'pQMQJ3-Rq3M-kQD9-M6DB-UWLi-Dyk4-3pWoa7'.

Couldn't find all physical volumes for volume group milan.

Couldn't find device with uuid 'pQMQJ3-Rq3M-kQD9-M6DB-UWLi-Dyk4-3pWoa7'.

Couldn't find all physical volumes for volume group milan.

Volume group "milan" not found


 


 

LINKS:


 

More information about LVM at http://www.softpanorama.org/Commercial_linuxes/logical_volume_manager.shtml

Wednesday, 15 September 2010

How to restore a pending request in IIS 6.0 if it was deleted

To install a Web server certificate that lacks a pending certificate request:


1. Click Start >  point to Run >  type cmd > click OK.


2. Navigate to the directory where Certutil.exe is stored;  by default, this is %windir%\system32.


3. Type the following command at the command prompt: certutil -addstore my certnew.cer 

 
 

where certnew.cer is the name of the certificate you received from the certification authority (CA).

 
 

You should see the following message:

 
 

CertUtil: -addstore command completed successfully.


4. Navigate to the directory where you stored the certificate you received from the CA. Double click the saved certificate.


5. Click the Details tab and select <All> in the Show drop-down list.


6. In the Field list, select Thumbprint to display its value in the view pane.


7. Select the Thumbprint value in the view pane and then click CTRL+C.


8. Return to the command prompt window and type the following command: certutil -repairstore my "thumbprint"


where thumbprint is the value of the Thumbprint field. Be sure to type the double quotes as part of the command.

 
 

If the command is successful, the following message is displayed: "Encryption test passed CertUtil: = repairstore command completed successfully." 

 
 

Install the server certificate on your Web server.

 
 

IMPORTANT:

 
 

If the certutil command does not complete successfully, the following error message is displayed:

 
 

"Certutil: -repairstore command FAILED: 0x80090011 (-2146893807) Certutil: Object was not found."

 
 

This message indicates that the private key for the certificate does not exist in the certificate store. You cannot install the certificate you obtained from the CA. Instead, you must generate a new certificate request, obtain the new certificate, and install that new certificate on your Web server.


IIS stores the private key for a certificate as the pending request. Deleting the pending request deletes the association of the private key with IIS, but the private key still exists in the certificate store.

 
 

To install the certificate without having the pending request available, you can use version 5.2.3718.0 of the Certutil.exe command-line tool that is available through the Certificate Services MMC snap-in in Windows Server 2003.

How-to enable web access in ESX 4 vSphere

If you need to access your ESX 4.0 server through your web browser via HTTPS, you might not succeed at first try. You will receive an error "503 Service unavailable". So what to do?


 


01.) You first I check for the service if it's running or not. Go to the console and log in. Then type in following command to see if the service is running : (it's case sensitive)

service vmware-webAccess status

02.) Start the service:  service vmware-webAccess start

It seems that this service is disabled by default. Then, if you need to have web access enabled every time your start your ESX Server, then you can do it by executing folowing command:

chkconfig --level 345 vmware-webAccess on

or simply: chkconfig vmware-webAccess on



Changing the IP address, default gateway, and hostname of the Service Console in ESX


 

This article provides steps to change the Service Console IP address, gateway address, and hostname on an ESX 3.x and 4.x host

Changing settings from the physical or remote console connection

 
 

Changing the IP for the Service Console must be done from the physical console or through a remote console session. If you make changes through a network connection such as SSH, network connectivity to the Service Console disconnects because the Service Console's network interface changes.

  1. Run the following command to set the IP address:

    [root@server root]# esxcfg-vswif -i <a.b.c.d> -n <w.x.y.z> vswif0 , where <a.b.c.d> is the IP address and <w.x.y.z> is the subnet mask.

    Note: In this example,
    v
    swif0 is the Service Console adapter that is the interface to which you are applying the IP address change.

  2. Open the /etc/hosts file with a text editor and modify it so that it reflects the correct IP address and hostname.
  3. To change the default gateway address and the hostname, edit the /etc/sysconfig/network file and change the GATEWAY and HOSTNAME parameters to the proper values.
  4. For the changes to take place, reboot the host or restart the network service with the command:

    [root@server root]# service network restart


    Note: This command breaks any current network connections to the Service Console.

Changing the hostname without rebooting

To dynamically change the hostname, run the command:

 
 

[root@server root]# hostname newname

Note: This command creates a temporary hostname change. This change is lost when the system is rebooted.

 
 

Changing the DNS server settings

 
 

To change the DNS server settings, update the nameserver IPs and search domain the /etc/resolv.conf file.

 
 

Changing settings in VMware vSphere or Infrastructure Client

 
 

To change the hostname, domain, DNS servers, and default gateway in VMware vSphere or Infrastructure (VI) Client:

  1. Highlight the ESX host and click the Configuration tab.
  2. Click DNS and Routing.
  3. Click Properties.
  4. To change the hostname, domain, and DNS servers, click the DNS Configuration tab and enter the appropriate values.

    Note: Disable VMware High Availability if you do not want virtual machines to failover during the hostname IP change.

  5. To change the default gateway, click the Routing tab and enter the appropriate value.
  6. Reboot the ESX host for the changes to take effect.
  7. Reconnect the ESX host to vCenter Server with the new IP address.

Thursday, 9 September 2010

How to fix: This file is invalid for use as the following: Security Certificate

Solution:

This file is invalid for use as the following: Security Certificate



This is not an error, it simply means you cannot open the file.

I've got the file with .txt extension and changed it to .cer, but that message appeared when I double click on it.

To view the certificates in the file, change the file extension from .cer to .p7b

Now, when you open the file and open the branch on the left of the window you will see 'Certificates'.
By clicking on 'Certificates' you will see all the certificates contained in the single .cer format file.

You can right click on every single .cer file and export it.

If you want to install it, you might use the .p7b file instead of the single .cer file as this could be a cross certificate.

Generate Certificate Signing Request in Microsoft IIS 6.0 without removing the current certificate

Problem

Change CSR information without losing the current certificate
Generate CSR without overwriting the current certificate
Create renewal CSR with changes

Resolution

This article describes how you can create a new Certificate Signing Request (CSR) or generate a Renewal Request without having to remove the existing certificate from your web site.

 
 

To Generate Certificate Signing Request in Microsoft IIS 6.0 without removing the current certificate, requires you to do the following: 

 
 

A. Generate a temporary web site.

 
 

NOTE:  When you create the temporary web site, you do not need to assign an IP address and port number. You only have to give it read and write permissions and create a temporary folder in your hard drive and save it there.


B. Generate the pending request and CSR on the Temporary web site.

C. After receiving the certificate, install the certificate to the Temporary web site.

D. On the actual web site, replace the certificate with the newly installed certificate.

 
 

Instructions for 'work around': 

 
 

1. In IIS right click the Default Web Site and click on New --> Web Site

 
 

2. Create a new site. You can give it a temporary name. 

 
 

3. Right click on this new site and go to Properties --> Directory Security --> Server certificate

 
 

4. Select Create a new certificate and follow the wizard to create a new CSR

 
 

5. Backup the Private Key file. Very important: if no backup is made and the Private Key is lost, the certificate issued will not work.

 
 

Although a new csr was generated, you are still required to go through the normal renewal process with that new csr. 

 
 

6. When you receive the certificate back, right click on this temporary site and go to Properties --> Directory --> Security --> Server certificate and follow the wizard to process the pending request.

 
 

7. Once the certificate has been installed, go to the correct website and right click Properties --> Directory Security --> Server certificate.

 
 

8. Select the option Replace the current certificate

 
 

9. You will then be able to select the certificate that you have just installed. 

 
 

10. Once installed we strongly advise you to make a backup of your certificate with its corresponding private key. 

11. You can now delete the temporary site that you created previously. 

 
 

The official Microsoft article explaining this process can be found at Microsoft Knowledge Base Article: "How To Renew or Create New Certificate Signing Request While Another Certificate Is Currently Installed" utilizing this URL: http://support.microsoft.com/kb/295281


 

Thursday, 15 July 2010

How to install service packs in a cluster

You can install Windows service packs on Windows Server Failover Cluster nodes using the following procedure. Always install the same service packs or hotfixes to each node. Use this procedure to install the service packs unless otherwise directed by a particular service pack version.

  1. Check the System event log for errors and ensure proper system operation.
  2. Make sure you have a current backup and updated emergency repair disk for each system. In the event of corrupt files, power outage, or incompatibility, it may be necessary to revert back to the state of the system prior to attempting to install the service pack.
  3. Open Cluster Administrator, right-click Node A, and then click Pause Node.
  4. Expand Node A, and then click Active Groups. In the left pane, right-click the groups, and then click Move Group to move all groups to Node B.
  5. Install the service pack on Node A, and then restart the computer.
  6. Check the System event log for errors. If you find any errors, troubleshoot them before continuing this process.
  7. In Cluster Administrator, right-click Node A, and then click Resume Node.
  8. In Cluster Administrator, right-click Node B, and then click Pause Node.
  9. Right-click Node B, and then click Move Group for all groups owned by Node B to move all groups to Node A.
  10. Install the service pack on Node B, and then restart the computer.
  11. Check the system event log for errors. If you find any errors, troubleshoot them before continuing this process.
  12. In Cluster Administrator, right-click Node B, and then click Resume Node.
  13. Right-click each group, click Move Group, and then move the groups back to their preferred owner.


 

APPLIES TO

  • Windows Server 2008 Enterprise
  • Windows Server 2008 Datacenter
  • Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
  • Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows NT Server 4.0 Enterprise Edition
  • Windows Server 2008 R2 Datacenter
  • Windows Server 2008 R2 Enterprise


 

Find the original article at:

http://support.microsoft.com/default.aspx?scid=kb;en-us;174799


 


 

Wednesday, 30 June 2010

Create a NFS share for VM ISO files with Windows 2003 Server R2

If your ESX servers are not connected to network storage or if you do not have enough available space on your SAN to dedicate a sub folder of a VMFS volume for ISO files, then you can use a NFS network share to centrally store these images. Creating the NFS share can be done with many server operating systems, but did you know that Windows Server 2003 R2 has native NFS?

VMware-land.com has many "how to" VMware Tips for ESX, and the following is the instructions found there for creating a Windows 2003 R2 NFS share:

  1. On the Windows 2003 Server make sure "Microsoft Services for NFS" in installed. If not you need to add it under Add/Remove Programs, Windows
    Components, Other Network File and Print Services
  2. Next go to folder you want to share and right-click on it and select Properties
  3. Click on the NFS Sharing tab and select "Share this Folder"
  4. Enter a Share Name, check "Anonymous Access" and make sure the UID and GID are both -2
  5. In VirtualCenter, select your ESX server and click the "Configuration" tab and then select "Storage"
  6. Click on "Add Storage" and select "Network File System" as the storage type
  7. Enter the Windows Server name, the folder (share) name and a descriptive Datastore Name
  8. Once it finishes the configuration you can now map your VM's CD-ROM devices to this new VMFS volume

Repeat steps 5 through 8 for each of your ESX servers to make the same ISO files available to all ESX hosts.

These instructions assume that you have already configured the VMkernel port group on a vSwitch for each ESX host. For instructions and information about configuring the VMKernel for NAS/NFS storage check the Storage Chapter of the ESX Server 3 Configuration Guide.

Of course, you can use the NFS share for more than just ISO file storage too. This is a good repository for patches and scripts that need to be used on all hosts. NFS also makes a good target for VM image backups too. Use some imagination and install the free VMware server on your 2003 R2 box and you have a low budget DR platform. Oh yeah, I shouldn't forget to mention you can even run ESX VMs from NFS!

Important Notes:

  • ESX version 3.x only supports NFS version 3 over TCP/IP.
  • Best practice for TCP/IP storage is to use a dedicated subnet. This will usually require creating separate Service Console and VMKernel port groups on a dedicated vSwitch.
  • On the Windows 2003 R2 server be sure to configure the shared folder so that the file permissions allow anonymous full control. You can make the share read only when adding the storage in ESX.
  • Be sure to remember to punch a hole in the ESX firewall for NFS. On the Configuration tab, go to the Security Profile settings and add the NFS Client so it appears in the allowed outbound connections.


 

You can also create a NFS share from the Windows command line with the following command

C:\>nfsshare [SHARENAME]=[path to folder, e:\foldername] -o rw -o root anon=yes anonuid=-2 anonguid=-2

You then need to manually add the Anonymous Access user account on the Security tab and set to "full control". (I bet you can do this from the cmd line too, but I do not have that command right now)


 

Thursday, 17 June 2010

How to Modify the All Users Startup Menu in Windows 2008, Vista and Windows 7

How to Modify the All Users Startup Menu


As you no doubt know, Windows Vista, Windows 7, Windows Server 2008 and Windows Server 2008 R2 have modified the locations for user profiles. They are no longer in %SystemDrive%\Documents and Settings and exist in the %ProgramData%\Users folder.

However, to modify the All Users profile to add a shortcut to the Startup menu you actually need to access the %ProgramData%\Microsoft\Windows\Start Menu\Programs\Startup folder.

Tuesday, 1 June 2010

Cannot open Virtual Machine Console


Original document located at vmware KB:
http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=749640

Details


  • When you try to connect to a virtual machine console from VirtualCenter, you see one or more of these errors:
    • Error connecting: Login (username/password) incorrect
    • Error connecting: Host address lookup for server <SERVER> failed: The requested name is valid and was found in the database, but it does not have the correct associated data being resolved for Do you want to try again?
    • Error connecting: cannot connect to host <host>: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond. Do you want to try again?
    • Error connecting: You need execute access in order to connect with the VMware console. Access denied for config file.
    • Unable to connect to MKS: failed to connect to server IP:903. For more information, see
      Troubleshooting the firewall policy on an ESX Server (1003634).
      ESX 4.0 hosts lose network connectivity when multiple service console interfaces are configured on subnets that use DHCP IP addresses (1010828).
  • You cannot open a remote console to a virtual machine.
  • Virtual machine console is black (blank).
  • The VMware Infrastructure (VI) Client console tab session may time out or disconnect while in use.
  • Migration of virtual machines using vMotion fails.
  • This issue may affect a single ESX  host. If the virtual machines are moved to another ESX host, you may be able to connect to the console without error.
  • This issue may occur if you try to connect to the console using VMware Infrastructure (VI) Client connected directly to the ESX host or to vCenter Server.

Solution



If your network is configured such that a firewall exists between the ESX host and the client running the workstation running VI Client, you might not be able to open a virtual machine console. To connect to a virtual machine console from VI Client, port 903 needs to be open in any firewall between the the workstation running VI Client and the ESX host. This
applies even if VI Client is connected to VirtualCenter and not directly to ESX host.


Note: Before performing the steps in this article:
  • For more information on restarting the Management agents, see Restarting the Management agents on an ESX Server (1003490).
  • For more information on editing configuration files, see Editing configuration files in VMware ESX (1017022).


To troubleshoot this issue:
(Just issuing step 1 worked for me !)

  1. Log in to the VirtualCenter Server directly through Terminal Services or a Remote KVM and attempt a connection from VI Client from this system. If this method works, the firewall is likely preventing the console from working. Configure your firewall to allow communications on port 903 between the ESX host and the workstation running VI Client.

    If port 903 is not open or cannot be opened in your environment, enable the vmauthd proxy. This forces remote console communication to be sent on port 902 on the Service Console, instead of 903.

    Note: By enabling this setting there may be degradation in performance communicating to the ESX host service console, if remote consoles are heavily utilized.

    To enable the proxy:
    1. Log in to the ESX host's service console as root.
    2. Open /etc/vmware/config with a text editor. 
    3. Add the following line:
      vmauthd.server.alwaysProxy = "TRUE"
    4. Issue the following command to restart xinetd:
      service xinetd restart
  2. Verify the ESX firewall policy.  For more information, see
  3. Verify that the ESX host and the workstation running VI Client are correctly synced to an NTP service. This is required to satisfy SSL handshaking between VI Client and ESX. For more information, see Verifying time synchronization across environment (1003736).

  4. DNS problems are a common cause of virtual machine console problems. Verify name resolution in your environment. For more information, see:

  • After verifying DNS, open a command prompt on the VI Client machine and perform the following:
    ipconfig /flushdns
    ipconfig /registerdns
  • Verify /var partition is not full.
  • Verify that the permissions for the virtual machine's .vmx file are set correctly. To set the permissions, run the command:
    chmod 755 </full/path/to/virtual machine.vmx>
  • If your ESX host has more than one service console configured, verify that they are not on the same network.
  • Check if the Service Console IP is routing traffic to the workstation running the vCenter. For more information on configuring the Service Console Gateway, see Changing the IP address, default gateway, and hostname of the Service Console in ESX (4309499).

Friday, 14 May 2010

How to delete old files in Linux

In order to delete OLD files older than XX days, execute following command on your Linux box, where /opt/app/logs is the directory where files are located:

find /opt/app/logs -mtime +XX -exec rm {} \;

For example, to delete files older than 90 days:

find /opt/app/logs -mtime +90 -exec rm {} \;

If the same directory has multiple type of files, and want to delete ONLY those with .log extension:

find /opt/app/logs -name '*.log' -mtime +90 -exec rm {} \;

If you want to see the files to be deleted, run the same command removing "-exec rm {} \;"

Tuesday, 20 April 2010

MOUNT USB STICK WITH READ AND WRITE PERMISSIONS FOR A USER

Important: As most up-to-date Linux Distributions support Hotplug for USB removable media you might want to try to plug your USB stick to the system and see if it gets detected and mounted automatically.


If you just mount the usb stick without special options it is only read/writable for root.

To read/write enable the stick for a different user use the following:

mount /dev/sda1 /mnt/usbstick/ -o uid=500


User ID 500 is on many systems the default ID for your first user. You might want to switch it to another user (take a look at the ID in /etc/passwd) or set permissions for a group. For a group use "gid" instead of "uid".

It also might be handy to add a line like the following to your /etc/fstab file (where you can specify some default mount information):

/dev/sda1 /mnt/usbstick vfat noauto,users,exec,rw,umask=000 0 0


This allows the members of the group "users" to mount the device /dev/sda1 (which represents the usb stick on my system) with read and write access. Another advantage of this line in your /etc/fstab is that for some graphical environments (e.g. KDE) read the file at startup and present you a corresponding icon to mount and unmount the device automatically on your desktop.

Tuesday, 13 April 2010

Some vbs scripts to create shortcuts in your Windows

Create any or all of the examples and execute it from either the command prompt or Start / Run using:

wscript xyz.vbs

Note: These scripts were all tested on Windows 7, Windows 2008 and 2003. They should run fine on earlier versions of Windows (XP, Vista, 2000, etc.) as well.

Although most of these examples will create shortcuts to Windows Explorer (the last one is a shortcut to the Command Prompt), they are being placed in different locations. Of course you could modify the examples to launch any program of your choosing. Additionally you could combine them into one script that could be launched the first time you logon.

For easy reference I highlighted the values you may want to change to tailor the script to your needs.

Windows 7, Vista and Windows 2008 Server note: You will probably have to execute these with administrative rights. One way to do this is to launch a command prompt (the old fashioned way - Start [All] Programs / Accessories / Command Prompt) using right-click and selecting "Run As Administrator."


Example 1 - Shortcut to Windows Explorer in the "All Users" Desktop folder. I named the script Explorer_Shortcut_on_AU_Desktop.vbs.

set WshShell = WScript.CreateObject("WScript.Shell" )
strDesktop = WshShell.SpecialFolders("AllUsersDesktop" )
set oShellLink = WshShell.CreateShortcut(strDesktop & "\Windows Explorer.lnk" )
oShellLink.TargetPath = "%SYSTEMROOT%\explorer.exe"
oShellLink.WindowStyle = 1
oShellLink.IconLocation = "%SystemRoot%\explorer.exe"
oShellLink.Description = "Windows Explorer"
oShellLink.WorkingDirectory = "%HOMEPATH%"
oShellLink.Save

Example 2 - Shortcut to Windows Explorer in the "All Users" Start Menu folder. I named the script Explorer_Shortcut_in_AU_Startmenu.vbs.

set WshShell = WScript.CreateObject("WScript.Shell" )
strStartMenu = WshShell.SpecialFolders("AllUsersStartmenu" )
set oShellLink = WshShell.CreateShortcut(strStartMenu & "\Windows Explorer.lnk" )
oShellLink.TargetPath = "%SYSTEMROOT%\explorer.exe"
oShellLink.WindowStyle = 1
oShellLink.IconLocation = "%SystemRoot%\explorer.exe"
oShellLink.Description = "Windows Explorer"
oShellLink.WorkingDirectory = "%HOMEPATH%"
oShellLink.Save

Example 3 - Shortcut to Windows Explorer in the "All Users" Startup folder. I named the script Explorer_Shortcut_in_AU_Startup.vbs. This will cause one instance of Windows Explorer to launch during logon. If you're like me you will be using it anyway, so why not have it open automatically.

set WshShell = WScript.CreateObject("WScript.Shell" )
strStartup = WshShell.SpecialFolders("AllUsersStartmenu" )
set oShellLink = WshShell.CreateShortcut(strStartup & "\programs\startup\Windows Explorer.lnk" )
oShellLink.TargetPath = "%SYSTEMROOT%\explorer.exe"
oShellLink.WindowStyle = 1
oShellLink.IconLocation = "%SystemRoot%\explorer.exe"
oShellLink.Description = "Windows Explorer"
oShellLink.WorkingDirectory = "%HOMEPATH%"
oShellLink.Save

Example 4 - Shortcut to Windows Explorer in the "Current User" Quick Launch toolbar. I named the script Explorer_Shortcut_in_CU_QuickLaunch.vbs.

set WshShell = WScript.CreateObject("WScript.Shell" )
strStartup = WshShell.SpecialFolders("AppData" )
set oShellLink = WshShell.CreateShortcut(strStartup & "\Microsoft\Internet Explorer\Quick Launch\Windows Explorer.lnk" )
oShellLink.TargetPath = "%SYSTEMROOT%\explorer.exe"
oShellLink.WindowStyle = 1
oShellLink.IconLocation = "%SystemRoot%\explorer.exe"
oShellLink.Description = "Windows Explorer"
oShellLink.WorkingDirectory = "%HOMEPATH%"
oShellLink.Save

Example 5 - Shortcut to Command Prompt in the Quick Launch toolbar for you, the current user. I named the script CMD_Shortcut_in_CU_QuickLaunch.vbs.

set WshShell = WScript.CreateObject("WScript.Shell" )
strStartup = WshShell.SpecialFolders("AppData" )
set oShellLink = WshShell.CreateShortcut(strStartup & "\Microsoft\Internet Explorer\Quick Launch\Command Prompt.lnk" )
oShellLink.TargetPath = "%SYSTEMROOT%\system32\cmd.exe"
oShellLink.WindowStyle = 1
oShellLink.Hotkey = "Ctrl+Alt+C"
oShellLink.IconLocation = "%SystemRoot%\system32\cmd.exe"
oShellLink.Description = "Windows Command Prompt"
oShellLink.WorkingDirectory = "%HOMEPATH%"
oShellLink.Save