Thursday, August 26, 2010

Silent Internet Explorer 8 installation

Here's the script I wrote to silently install IE8.

The simple command line to use would be : "IE8-WindowsXP-x86-ENU.exe /passive /norestart" (for Internet Explorer Setup Options look here) but we want the script to do more and to automatically detect Windows OS version.

Start by download all these files from microsoft.com and put them in the very same directory:

  • IE8-WindowsXP-x86-enu.exe for XP 32 bits
  • IE8-WindowsVista-x86-ENU.exe for Vista 32 bits and Windows Server 2008 32 bits
  • IE8-WindowsVista-x64-ENU.exe for Vista 64 bits and Windows Server 2008 64 bits
  • IE8-WindowsServer2003-x86-ENU.exe for Win 2003 32 bits SP2
  • IE8-WindowsServer2003-x64-enu.exe for Windows 2003 64 bits and Windows XP Pro 64 bits

VMFS3 metadata files

Known extensions for metadata files on the VMFS3 volumes:
  • .fdc.sf - file descriptor system file
  • .sbc.sf - sub-block system file
  • .fbb.sf - file block system file
  • .pbc.sf - pointer block system file
  • .vh.sf - volume header system file
Here's an example of sizing for this files:

-r-------- 1 root root 480K Jul 21 15:31 .fbb.sf
-r-------- 1 root root 60M Jul 21 15:31 .fdc.sf
-r-------- 1 root root 244M Jul 21 15:31 .pbc.sf
-r-------- 1 root root 248M Jul 21 15:31 .sbc.sf
-r-------- 1 root root 4.0M Jul 21 15:31 .vh.sf

VMWare states that this files shoud not be deleted.

Friday, August 20, 2010

Event ID 1028 and CITRIX through a firewall

Today I have faced a problem with our CITRIX farm. Connecting to the CITRIX web interface on http://citrixserver/Citrix/MetaFrame/auth/login.aspx nothing happened during the authentication process for our users and on the citrix application server a error event 1028 was recorded :

Event Type: Warning
Event Source: TermService
Event Category: None
Event ID: 1028
Date: 20/08/2010
Time: 15:56:39
User: N/A
Computer: servername
Description:
The terminal server client servername has been disconnected because its license could not be renewed. The license server was contacted to get Windows Server 2003 - Terminal Server Per Device CAL Token. license for this client.

I quickly discovered that our security administrator had changed firewall rules between our site and the remote Licensing server. Packets to port 445 were discarded by the firewall.

So, in order to request Terminal Services client access licenses (TS CALs), you must get this kind of traffic allowed. Port 445 is for directory access, and you need that port open for user authentication. No way you can do without as far as I know.

Intel Buys Cyber McAfee For $7.68 Billion In Cash

Yesterday Intel has bought McAfee... if you want to understand what's going on beyond the curtains read here, here and here.

Wednesday, August 18, 2010

DOS string manipulation

I have just found this very interesting post on basic and advanced string manipulation in batch files. It really is not to miss if you want to become a command line master!

It explains how to:


Improved batch for DSFR monitoring

For those of you who have followed my post on DFSR monitoring, here's a better version of the batch file. I used DIRUSE.EXE to get some information I previously calculated with for loops...

Here's the code:

@echo off
setLocal EnableDelayedExpansion
cls
echo Date Time Hidden_MB_1 Hidden_MB_2 Conflict_MB_1 Conflict_MB_2 Conflict_#_1 Conflict_#_2 Staging_MB_1 Staging_MB_2 DiskFree_F_1 DiskFree_F_2 > c:\supervi.txt
set member1=your_DFSR_member_1
set member2=your_DFSR_member_2
set diskvolume=f$

:beginning

for /f "delims=" %%a in ('diruse \\%member1%\%diskvolume% /M /S ^| find "System Volume Information\DFSR" ^| find /V "DFSR\"') do @set value1a=%%a
set dfsr_hidden_size_1a=%value1a:~3,13%

for /f "delims=" %%a in ('diruse \\%member2%\%diskvolume% /M /S ^| find "System Volume Information\DFSR" ^| find /V "DFSR\"') do @set value1b=%%a
set dfsr_hidden_size_1b=%value1b:~3,13%

for /f "delims=" %%a in ('diruse \\%member1%\%diskvolume% /M /S ^| find "ConflictAndDeleted" ^| find /V "ConflictAndDeleted\"') do @set value2a=%%a
set dfsr_conflict_size_2a=%value2a:~3,13%

for /f "delims=" %%a in ('diruse \\%member2%\%diskvolume% /M /S ^| find "ConflictAndDeleted" ^| find /V "ConflictAndDeleted\"') do @set value2b=%%a
set dfsr_conflict_size_2b=%value2b:~3,13%

set /a how_many3a=0
set Fldr3a=\\%member1%\%diskvolume%\data_to_replicate\DfsrPrivate\ConflictAndDeleted
FOR /R "%Fldr3a%" %%I IN (*) DO set /a how_many3a=!how_many3a!+1

set /a how_many3b=0
set Fldr3b=\\%member2%\%diskvolume%\data_to_replicate\DfsrPrivate\ConflictAndDeleted
FOR /R "%Fldr3b%" %%I IN (*) DO set /a how_many3b=!how_many3b!+1

for /f "delims=" %%a in ('dir /s \\%member1%\%diskvolume%\data_to_replicate\dfsrprivate\staging ^| find "File(s)"') do @set value4a=%%a
set dfsr_staging_4a=%value4a:~24,16%

for /f "delims=" %%a in ('dir /s \\%member2%\%diskvolume%\data_to_replicate\dfsrprivate\staging ^| find "File(s)"') do @set value4b=%%a
set dfsr_staging_4b=%value4b:~24,16%

FOR /F "tokens=*" %%A IN ('dir \\%member1%\%diskvolume% ^| FIND "bytes free"') DO SET freedisk_f_1=%%A
FOR /F "tokens=*" %%A IN ('dir \\%member2%\%diskvolume% ^| FIND "bytes free"') DO SET freedisk_f_2=%%A

echo %date% %time% %dfsr_hidden_size_1a% %dfsr_hidden_size_1b% %dfsr_conflict_size_2a% %dfsr_conflict_size_2b% !how_many3a! !how_many3b! %dfsr_staging_4a% %dfsr_staging_4b% %freedisk_f_1% %freedisk_f_2% >> c:\supervi.txt

rem sleep 300

goto beginning

Monitoring DFSR

I have developped the following batch file to monitor disk space utilization in a Windows 2003 R2 DFSR environment. I think it can also be used in a Windows 2008 R2 environment.

DFSR Staging folders and Conflict and Deleted Folders are monitored as well as disk space on concerned hard drives. DFSR hidden folder is the folder containing the SimilarityTable database, which could grow up under some circunstances.

You just have to replace hostname1 and hostname2 with the name of the members of your DFSR Replication Group. And replace also the location of

Monday, August 16, 2010

DFSR R2 and event id 2104

Today my DFS-R volume is returning error 2104 every 1 hour in the DFS Replication event log.

Here's the content of the error event:

The DFS Replication service failed to recover from an internal database error on volume F:. Replication has been stopped for all replicated folders on this volume.

Additional Information:
Error: 9214 (Internal database error (-1414))
Volume: A9REC15F-ED9F-11DB-A78E-0019B44441DC
Database: F:\System Volume Information\DFSR

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.



My configuration is Windows 2003 R2 with DFSR full mesh topology on two nodes. The replicated folder is : f:\data_to_replicate. Shadow Copies for volume F: are activated. Storage area for the Shadow Copies is on volume G:. The DFSR is very highly accessed and many very small files are continuously modified.

I have run a DFS Replication Health Report and here's what I got on the problematic DFS member:

  • A database problem is blocking replication on volume F:.
  • DFS Replication unable to replicate files for replicated folder data_to_replicate due to insufficent disk space.
  • Cannot access DFS Replication performance counters.
  • Cannot access DFS Replication performance counters.
  • Cannot access the local WMI repository.
  • One or more replicated folders have sharing violations.
The detailed error description is the following : “The DFS Replication service was unable to recover from an internal database error on volume F:. Replication has stopped for all replicated folders on this volume until the database is automatically rebuilt. If the database is rebuilt successfully, replication will resume after the rebuilding is complete. If the database cannot be rebuilt, a separate event is generated. If you are seeing this error more than two times in seven days, we recommend that you run Chkdsk on the volume that contains the database. Event ID: 2104”

I have had a look to F:\System Volume Information\DFSR and found that SimilarityTable_1 has taken all the available space on our Data Drive and is 8 GB.



So, to resume, the disk space situation is as follow:
  • Server001:Disk F: is full (because of SimilarityTable_1 file taking 8GB).
  • Server002:Disk F: is ok with more than 1GB available.
Looking on http://www.microsoft.com/technet, I have found that the user action proposed by Microsoft tech guys is: “The system will attempt to rebuild the database automatically. However, you should ensure there is sufficient disk space on the volume for database maintenance and check the NTFS log for volume errors, which can help you troubleshoot possible hardware failures. If the database cannot be rebuilt, a separate event is generated. If you see this error frequently, you should run Chkdsk on the volume that contains the database to verify that the problem is not disk-related.”

So, in two words, the solution is simple: wait for the temporary SimilarityTable to be emptied and, if you can, free up some space on the full volume to speed up this job. In my case I had a few big files to delete on the F: volume and after two hours everything went back to normal.

If in the mean time your Conflict and Deleted folders has grown up, as in my case, perform a manual clean-up of it. A manual clean-up will permit you to select which files you want to keep. Delete all the rest once you are sure you have on each member the last version of the desired files.

As Microsoft states, DFS Replication uses a "last-writer wins" method for determining which version of a file to keep when a file is modified on two or more members. The losing file is stored in the Conflict and Deleted folder on the member that resolves the conflict. This member might not be the member where the changes originated.

Under this link you will find a good post explaining how to purge the Clnflict and Deleted folder. In a situation where the DFSR is in an error state, go straight to the second scenario:
  • Stop the DFSR service on every member.
  • Delete the contents of the ConflictAndDeleted folder manually (with explorer.exe or DEL) on every member.
  • Delete the ConflictAndDeletedManifest.xml file on every member.
  • Start the DFSR service back upon every member.
  • Wait a few minutes to be sure that replication starts correctly.
Just as a note, remember to properly set Staging Folders size in order to appropriately answer demand. Disks hosting DFSR folders must never fill up!

For tips on configuring and optimizing quota size and information on the consequences of having too small staging folders, refer to this.

Thursday, August 12, 2010

DCOM Error 10016 Solved

I have recently installed a SharePoint 2010 Farm and I have come across and fixed the DCOM error 10016, which shows up in the system log.



Here's the detailed error description:

=====================================
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{61738644-F196-11D0-9953-00C04FD919C1}
to the user SERVERNAME\xxxuser (S-1-5-20). This security permission can be modified using the Component Services administrative tool.
=====================================

To me, this error is related to an IIS misconfiguration more than to a SharePoint error.

61738644-F196-11D0-9953-00C04FD919C1 is in fact the key for the service “IIS WAMREG Admin Service”. You can check this looking in HKCR.

A simple solution under Windows 2003 and Windows 2008 is to run dcomcnfg and give the service account (which is indicated in the event log error) rights to Launch and Activate IIS WAMREG Admin Service.


To do so:
  • Click Start
  • Click Run
  • Type "dcomcnfg" and click ok
  • Expand Component Services / Computers / My Computer / DCOM Config
  • Scroll down and find IIS WAMREG admin Service.
  • Right click on it
  • Click the Security tab
  • Click Edit under Launch and Activation Permissions
  • Click the Add... button.
  • Enter the name of the Service Account for your Configuration Service
  • Click OK
  • In the Permission for your username, check these boxes: allow Local Launch and allow Local Activation rights.
  • Click OK
  • Click OK once again

Unfortunately, if you are working (as I was) in a Windows 2008 R2 environment, the solution is a bit harder, because, as I could discover, I had first to unlock the Launch and Activation Permission windows, which was greyed out due to lack of permissions.


Under Windows 2008 R2 the permission for this service for the Administrator accout is limitied to "Read". So:
  • Start Regedit (Click on Start/Run/Regedit)
  • Type F3
  • Search for the string 61738644-F196-11D0-9953-00C04FD919C1
  • Then right click on the key
  • Click Advanced in the Permissions dialog of this key
  • Select the Owner tab.
  • Change the owner of the key to the administrators group for example
  • Set full control to the administrators group. (Remember not to make ANY modification to the permissions for the TrustedInstaller!!)

You should no longer see the annoying DCOM 1006 errors in your System Event log!

HTH

Rack it the good way!

I have just found this simple post with suggestions on how to fill a server room rack: Always Fill a Rack From the Bottom Up

In any case this is what you want to evite:



A server rack buying guide can be found here.

http://www.emdadblog.blogspot.com/

http://www.emdadblog.blogspot.com/

Sites and blogs that link to me, I will link back

I'm going to link every site and blog that link to my blog. So, if you have placed a link of my blog on your blog, let me know and I will place a link for your blog/site too.

How to get Group Membership with DSQuery/DSGet

Recently I’ve been asked to put in place a batch script which could produce a recursive text report of all the members in one or more Active Directory groups.

Dsquery and Dsget are very useful commands for this kind of interaction with the Active Directory, and the can be used togheter on the same lcommand line. It is in fact possible to pipe Dsquery output to Dsget this way:

dsquery group –name *samplegroupname* | dsget group -members >> group_membership.txt

The problem with this is that if you want to redirect the output of this command to a text file you will get a list of group members but not the name of the groups they belong to.

So, the solution is to use a "for" cycle in a batch file. The group name is written to the text file before writing the group members names. Here's the batch file:

===========================
@echo off

if exist group_membership.txt del group_membership.txt

dsquery group >temp_groups.txt

for /f “tokens=*” %%g in (temp_groups.txt) do @echo %%g >> group_membership.txt && echo Members in this group: >> group_membership.txt && dsget group %%g -members >> group_membership.txt && echo **************************************** >> group_membership.txt

notepad group_membership.txt

===========================

The output of the batch file is automatically opened in Notepad. Just remember to put all the "for" cycle on one line only!

Thursday, August 5, 2010

Despicable me

The Minion IT administrator!!!

Source is here...

Windows and SSH, so disappointing

Why none of the Windows operating systems come with a SSH Server? This is the question I am asking myself today. Even Windows 2008 R2 has no SSH support, which is very strange and disappointing because Secure Shell is a standard network protocol since 1995.

So, still today, the administrator is forced to fall back on open-source software such as OpenSSH, which is a very complicated solution for a quite simple task.

There are today many SSH Server options available for Windows Server 2008:

* OpenSSH
* Van Dyke – vShell 3.0 Server (commercial)
* FreeSSHd
* WinSSHd (commercial)
* Kpym Telnet/SSH Server

Some of them are easier to install and configure, but the level of integration with Windows stays very low.

FreeSSHd is to me the easiest solution at now. Some others are somewhat complicated to manage, such as OpenSSH.
You can find a good tutorial explaining how to setup remote administration of Windows Server Core with OpenSSH here.

Other useful links:
PuTTY Download Page
Stupid SSH Tricks: Some Essentials

Powershell and NMAP

This is a Powershell function which is very useful to check that your servers have an HP Management interface listening on on port 2381. The Powershell script uses NMAP to effectively scan the remote system and output back the complete http link to the service.

You can also use this script againts a list of hosts. And, of course, this function can be used againts any known open port on the remote system.

#*===================================
#* Function: NMAP_Port_2301
#* Arguments: $Comp
#* Output: $hp_management_info
#* Purpose: Retrieve the service information for the
#* HP Management Interface. Port 2381 is the port
#* for the website and 2301 for the effective connection.
#*
#*===================================
function NMAP_Port_2301
{
write-debug "Entering NMAP_Port_2301"
$global:hp_management_info = $null
$global:hp_management_site = $null
$global:nmap_hp_management_2301 = $null
$global:nmap_hp_management_2301 = nmap -p 2301 -sV $Comp
$global:hp_management_info = $global:nmap_hp_management_2301.SyncRoot[4]
if($global:hp_management_info -match "open")
{
$global:hp_management_site = "https://" + $Comp + ":2381"
}
else
{
$global:hp_management_info = $null
$global:hp_management_site = $null
}
write-debug "EXIT"
}

NMAP_Port_2301 $Comp

NMAP (Network MAPper) is a securityscanner that sends specially crafted packets to the target host and then analyzes the responses. You can download it from here.

Wednesday, August 4, 2010

Google Audio CAPTCHA flaw exploited by hackers

Very funny flaw in Google, just type 10 times google and go through their captcha unseen....
Google Audio CAPTCHA flaw exploited by hackers

Windows 2008 KMS Model

Here's the procedure I have followed to put in place a KMS activation model for our infrastructure.

Start by preparing a server for key registration. Then, on the new KMS server, type this command at the command prompt:

cscript C:\windows\system32\slmgr.vbs /ipk

Restart the licensing services via the following command:

net stop slsvc && net start slsvc

SLSVC is the Microsoft Software Licensing Service.

It is very important to check now your DNS to make sure the KMS is listed there.

To do so, you can use the following command:

nslookup -type=srv _vlmcs._tcp

You should get a answer like this:

_vlmcs._tcp.yourdomainname SRV service location:
priority = 0
weight = 0
port = 1688
svr hostname = kmsserver.yourdomainname
kmsserver.yourdomainname internet address = x.x.x.x

Or you can acces your DNS management console, click on your DNS domain, expand "Forward Lookup Zones", then "_tcp" and make sure you can find a service record named _VLMCS on port 1688 redirecting you to the KMS server.


Then, to check KMS Server status, RDP into it and run:

cscript %windir%/system32/slmgr.vbs /dlv

At this time new Windows 2008 clients should automatically get a license a few days after installation. Or you can force them to ask for a license at any moment with:

cscript %windir%/system32/slmgr.vbs /ato

This command will force clients to query the DNS server for the record of the KMS Server.

Last, to troubleshoot any client connection issue to KSM Host, the two following commands are very useful:

cscript %windir%/system32/slmgr.vbs /ckms 
cscript %windir%/system32/slmgr.vbs /smks kmsserver.yourdomainname

Remember to make sure that communication on port 1688 is open on any firewall between your clients and your company KMS server.

Tuesday, August 3, 2010

Ok, so now let's test Twitter tweeting....

If I am right with the previous post, I should be able to see this post on Twitter...

And it works:

I start to like this.

Twitter, what for?

I just registered on Twitter, spent five minutes trying to understand what it is useful for... and still found nothing... Internet is becoming more and more intruiguing and, unless you have a daily habit of tasting new trends/sites/technologies, it can make you feel so outdated....

Oh, so I have found! Just go to http://feedburner.com, login with your blogger account and click on Publicize. There you have a Socialize item that let you add Twitter to the Feedburner feed of your Blogger blog....

DFSR replication report

Under Windows 2003/2008, to generate a diagnostic report for DFSR Replication, follow this easy steps:

Click Start, point to Administrative Tools, and then click DFS Management:


In the console tree, under the Replication node, right-click the replication group that you want to create a diagnostic report for, and then click Create Diagnostic Report:


Follow the instructions in the Diagnostic Report Wizard, as in the pics below:




Wait for the report to be generated:

... and here's the nice graphical output to show to your boss:


A few notes from Technet:
  • To create a diagnostic report, you must be a member of the local Administrators group on each server that you prepare a report for.
  • The amount of time necessary to generate a diagnostic report will vary based on a number of factors, including: DFS Replication health; the number of replicated folders; available server resources (for example, CPU, memory, and so forth); WAN availability (connectivity, bandwidth, and latency); and the chosen reporting options (backlog and file system enumeration). Because of the potential delay in creating diagnostic reports, we recommend creating diagnostic reports for no more than 50 servers at a time.

Monday, August 2, 2010

System admin favorite tools

Hi there, I stopped for a moment thinking to all the tools that I use for my everyday sysadmin work. There are many. So many that sometimes I wonder how much time it took me to get to know them, to try and see if they did what I expected and, finally, to learn every single option and switch by heart in order to work faster.
Here's are (IMHO) the best, the ones I suggest to every sysadmin to learn and never forget:
  • process explorer => for Windows, graphical +++
  • process monitor => for Windows, very useful for deep debugging, but causes heavy CPU utilisation...
  • putty => this free and open source terminaal emulator should be preinstalled everywhere
  • psexec => nothing better to run command line command on remote servers, but output very difficult to manage, so learn 2>&1. to redirect standard error to standard output
  • netstat => learn to use te -o and -b switches to get information on owning processes, which is very useful to correlate cpu activity to network activity
  • tcpdump => on unix, keep an eye on network interfaces and never miss the packets you are looking for
  • runas => mainly used in Windows to rise your user level to local administrator
  • compmgmt => much faster then going through the windows start menu and finding the computer management icon !
  • dsquery => talk to active directory like a pro
  • dsmod => same as above...
  • powershell => of course!!!
  • IOmeter => useful to test IO performance on your harddrives
  • ping => icmp, the pillar of network connectivity troubleshooting, everything starts here
  • multiping => application to recursively ping many hosts at the time, can be useful when mass deploying
  • robocopy=> nothing better to be sure your files get copied
  • systeminfo => quick info on your windows systems, locally and remotely
  • uptime => server ruinning time
  • filezilla => go, download those huge files!
  • nmap => does almost everything, very complex, I often use -sS, -A, -O, -R switches
  • dameware => get in touch with remote windows systems when rdp is not there (like in Windows 2000)
  • windbg => welcome to the jungle ! This is the best tool for real windows debugging, for real windows sysadmins! !Poolused, !vm, !poolfind, !pool, .formats, !process, !thread are my best friends in thought times, when paged or non paged pools are short of resources and my servers start doing fancy things as BSOD and everything...
  • vncviewer => same as dameware, somewhat
  • psloglist => show local and remote windows event logs without moving your mouse
  • net sessions => show sessions
  • net files => show network open files
  • net use => map networkd drives
  • vi => unix snadard for text editing, not very much user friendly at the beginning
  • chmod => go modify access rights
  • chown => go take ownership
  • pslist => show running processes ...
  • pskill => ... and kill them
  • netsh => windows beautiful tool especially for resetting winsock
They allow me to do almost anything and make my everyday life much easier administering my mixed environment servers.

Please comment and tell me what you use. I'll be glad to learn or share!

WSS - File locked for editing

Microsoft SharePoint, aka WSS 3.0, is a very common working tool today... but sometimes it happen that Windows does not completely close a Office application such as Word or Excel and a file residing on WSS is marked locked for editing when accessed by other users.

What it is important to know is that there are two types of locks in WSS: short term Locking and long term locking.

Long term check out: This is the explicit check out. This holds a lock on the document whether you have it open for edit or not.

Short term check out: You get this feature implicitly. If you open a document for editing, you get a short term lock on the document to prevent other people from editing the doc while you are.

The Office client applications refresh this lock periodically as long as you keep the document open. Once you close the document, your short term check out is released. The duration of the short term lock message is three minutes.

If the application is terminated before it releases a document, after 10 minutes WSS will release the document. This is the default behaviour under Windows.

If you need to quickly delete the lock, then the first solution is to ask the owning user to verify that he has properly closed the application (as Excel or Word), and double check that in Task Manager there are no pending Excel or Winword processes keeping the file locked. Kill them if any.

Should this solution not help you, you can directly update the file lock in SQL on the Sharepoint Database

First open SQL Server Management Studio and connect to the database server hosting the WSS database. Connect to the Sharepoint content and versioning database (WSS_Content_*)

It is now necessary to modify the contents of the Alldocs table.
The AllDocs Table stores data for all documents in the content database.

So, let's run a query against the Alldocs table:

Select * From Alldocs Where LeafName like '%filename%'

Then perform a sql update on the needed file:

Update Alldocs set CheckoutUserID = null, NextToLastTimeModified = null where LeafName = 'filename'

Now the lock has been deleted and the file should be happily accessible!

Windows Server 2008 R2 SP1 Beta is available

This July 2010, Microsoft has finally released the Beta version of its Service Pack 1 for Windows 2008 R2. It appears that the main new features are Hyper-V oriented, as far as I could understand on Technet:
  • Dynamic Memory – the new feature that allows Hyper-V to dynamically change the amount of memory assigned to a virtual machine at run time, to get higher consolidation ratios.
  • RemoteFX – provides support for rich graphics (Silverlight, 3D, etc…) when using Hyper-V to host desktop virtual machines. A good explanatory video about RemoteFX is the one of Michael Kleef.
You can register to download and evaluate the beta here: http://www.microsoft.com/windowsserver2008/en/us/trial-software.aspx

The Microsoft documentation for this Service Pack can be found here.

Quickly debugging dhcpd under linux

If you encounter any problem delivering IP addresses to clients, start by restarting the dhcp daemon on the Linux box:

service dhcpd restart

The following step is making sure that the dhcp daemon is running. Issuing a ps aux command and grepping it for dhcp is the easiest way to do this. If the dhcp service is running, an output like the following one should be returned:

root 16971 0.0 0.0 2632 880 ? Ss 09:35 0:00 /usr/sbin/dhcpd

Also, remember to check the DHCP log file, which can be useful diagnosing whether leases have been handed out and for how long:

/var/lib/dhcpd/dhcpd.leases

Tcpdump can be run on server side on port 67 and 68:

tcpdump -vv -n port 67 or port 68

Ports 67 and 68 are specifically for DHCP traffic - 67 for requests and 68 for responses.

If no traffic occurs, then the request isn't going through the server, which means something may be wrong with the network in between... so go and double check with your network administrator and, remember, DHCP broadcast is not routable, so, meybe, an ip-helper might be useful in some occasions.

For instance, the ip helper-address interface subcommand tells the CISCO router to forward UDP broadcasts, including BootP, received on this interface

Back to the Linux box, if the dhcp daemon gives you a red [FAILED] message, then check your /var/log/messages logfile for syntax error in your dhcp.donf configuration file:

cat /var/log/messages

HTH!
Related Posts Plugin for WordPress, Blogger...