Monday, January 31, 2011

Server renaming day: notes from the field

Today I have renamed five Windows 2008 R2 production servers. There were two DFS-N servers and three Trend ServerProtect Antivirus 5.8 servers. These are my notes from the field, shoud someone ever need this information.
  • DFS-N: Distributed File Systems servers can be renamed without problems. The only action I had to perform on one of my two DFS-N servers was to remove all the existing namespaces and then rediscover them. The discovery is an easy process. Just right click the 'Namespaces' tag, select 'Add namespaces to display', select the server that contains your server-based namespaces, select them all and click ok. That's all. Pretty straightforward. The other DFS-N server automatically refreshed the view of the namespaces. I don't know to what the different behavior is due, since these servers are clones with identical parameters... 
  • Trend ServerProtect 5.8: the Trend antivirus servers (and scan servers for NetApp) renaming process was almost hassle-free. The two scan servers for NetApp automatically refreshed their parameters in the console and registered themselves with their new hostnames. On the contrary, the Trend Console server gave me some problems. In fact, while the Management Console kept running, the Trend client did not update its own record in the Console. No way to correct its parameters in the registry (these are hardcoded in a binary key in the registry). So I had to uninstall the Trend client from the Control Panel then re-add it again through the 'Install new SPNT' menu. 
In general, Windows 2008 R2 renaming is a very easy process. Happily enough, no corrections have to be manually made in the registry or anywhere else! So I survived this server renaming day! I hope these notes from the field will be helpful for someone.

Friday, January 28, 2011

My 6 first-day tips for Windows 7

After many years spent using Windows XP, the time had come for big change. So yesterday I decided to go for the update of my personal computer to Windows 7 (yes, I wisely skipped Windows Vista...). The installation of Windows 7 Ultimate version, 64 bits, proceded very easily. Most of the hardware got automatically discovered and installed. I can tell I have never faced such ease in any other Windows platform earlier.

After just one day, I discovered, unsurprisingly, that in Seven many things have positively changed since old good slow Windows XP. Nonetheless it took me just one day to see that there were things in Windows XP that I was missing and that I absolutely wanted back for my Windows 7, as well as useful things in Windows 7 that there were present but hidden.

That’s why I decided to jot down a blog post with my quick list of best first-day Windows 7 tips and hacks for people coming from XP that you could apply to your Windows 7 installation to improve its usability and feel less disoriented.

Registry key to connect Windows 2008 to WSUS

I wanted to share here the settings that will allow you to configure your new Windows 2008 R2 servers to use your custom Microsoft Software Update Services (WSUS) instead of the external Microsoft Windows Update Internet site.

There are actually two registry keys that are used when specifying a WSUS server.

Both of these keys are located under: 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\.

The first registry key is 'WUServer'. This registry key holds a string value which should be entered as the WSUS server URL (example: http://wsusserver).

The second registry key that you will have to add is also a string value named 'WUStatusServer'. This will tell your Windows 2008 box that it must report its status to your WSUS server.

The WUStatusServer key usually holds the exact same value as the WUServer key (example: http://wsusserver) because one WSUS server permorms both functions: updating an monitoring.

Adding these keys manually to one host at the time could be quite long and frustrating, so, if you are not willing to use a Group Policy (GPO), just copy the following registry file to a text file, rename it to wsus_windows_2008_config.reg, copy it to the server you want to link to your WSUS server and double click on it. This will have the two keys added to the registry of your server.

Once you have done this, restart your Windows 2008 server and then, once it comes up again, run 'wuauclt /detectnow'. Windows Update should then automatically start and check for updates.

Here's the content of wsus_windows_2008_config.reg:

  1. Windows Registry Editor Version 5.00  
  2.   
  3. [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate]  
  4. "WUServer"="http://wsusserver"  
  5. "WUStatusServer"="http://wsusserver"  
  6. "TargetGroupEnabled"=dword:00000001  
  7. "TargetGroup"="Win_2008_Servers"  
  8.   
  9. [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU]  
  10. "NoAutoRebootWithLoggedOnUsers"=dword:00000001  
  11. "NoAutoUpdate"=dword:00000000  
  12. "AUOptions"=dword:00000003  
  13. "ScheduledInstallDay"=dword:00000000  
  14. "ScheduledInstallTime"=dword:00000003  
  15. "RescheduleWaitTimeEnabled"=dword:00000001  
  16. "RescheduleWaitTime"=dword:00000002  
  17. "UseWUServer"=dword:00000001  
I hope this will help you.

Sunday, January 23, 2011

Multidimensional arrays in Powershell

Today I want to talk a little about multidimensional arrays in Windows Powershell. Multidimensional arrays are one of the complex data types supported by Powershell. They can be used to dynamically store information in a volatile table without having it written to a real database in a file on the disk.

In that sense multidimensional arrays extend a lot the functionalities of simple arrays, which are oriented to storing just series of polymorphic values such as:
  • Strings: ‘Apples’, ‘Peaches’, ‘Oranges’, ‘Apricots’
  • Integers: 1,2,3,4,5
  • ... or a mix of any kind of value: ‘Sergio’,’Leone’,’January’,3,1929,’Rome’

In fact you can imagine a multidimensional array like a table, with columns and rows, where each cell has its own index (i.e. [7,5]).

To make things clear, let’s set-up a multidimensional array and let’s see how it can be used, for instance, to manage our employees coming and going.

Monday, January 17, 2011

ESXi hidden console is no more hidden

First some history. As you probably know, in ESXi 3.x (released on december 2007) the Red Hat service console had been removed and replaced by a small Linux version. In this old ESXi version the only way to access the hidden service console (or "Tech Support Mode" as they called it at VmWare) was to use this sneaky unsupported method :
  • You had to physically move to your server room and sit at the console of the server. There was no way to access this console via a remote tool.
  • Once you were on the server console you had to press Alt-F1 to see the console log.
  • At that point there was no prompt apparently available for you to pass commands to the server. Furthermore if you typed something, it would not appear on the screen.
  • The only thing that you could do was to enter the magic command "unsupported" and then press enter. Again, this would not appear on the screen but nontheless it would activate the aforementioned “Tech Support Mode".
Once you had activated the "Tech Support Mode" you could log in with you ESXi 3.x server root password and, for instance, enable SSH by editing your inetd.conf configuration file. The procedure for activating SSH was quite simple but very well undocumented at the time:
  • Edit the inetd.conf file by typing "vi /etc/inetd.conf"
  • Remove the # in front of the SSH line
  • Reboot your ESXi server (or kill the inetd process and start it again)
With the new vSphere 4.1, the ESXi “hidden” "Tech support mode" (which is now abbreviated as "TSM") has been finally made public by VmWare, and this is a great news. Now I can stay at my desk with my cup of black coffee and enjoy sending remote commands to my ESXi without having that strange feeling of sneaking inside my own systems...

So, back to the present. You can today enable access the ESXi tiny service console and to SSH straight from the Direct Console User Interface (DCUI). Just:

  • Press F2

  • Enter your root password

  • Go to Troubleshooting Options

  • Enable either Remote Tech Support (SSH) or Local Tech Support.

Optionally, if you want to configure the TimeOut for TSM:
  • Select Modify Tech Support timeout and press Enter.
  • Enter the desired TimeOut value in minutes and press Enter. I suggest putting 10 minutes in here.

  • Press Esc three times to return to the main DCUI screen.
Note that the TimeOut setting won't terminate existing sessions. This setting will just tell the system to let people remotely connect for i.e. 10 minutes than will close the door. If you are already logged inside the system it will not halt your session.

Hope this helps!

 VMware ESXi: Planning, Implementation, and Security Mastering VMware vSphere 4 (Computer/Tech)

Removing ghost NICs after P2V

Sometimes after a P2V conversion or after recreating a VM and re-attaching the original hard drive, the drivers for the old physical NIC are still present and the physical NIC is still considered by Windows as a device on the machine.

The problem with that is that the original NIC will be ‘hidden’ somewhere in the system configuration and you'll be unable to assign the IP address to the new NIC because it is still bound to the old NIC.

In this situation Windows will come up with its annoying popup error message:

"The IP address x.x.x.x you have entered for this network adapter is already assigned to another adapter."

Tuesday, January 11, 2011

Stopping MySQL database server : mysqld failed!

Today, after copying the content of /var/lib/mysql (which is where my database is stored) from one virtual machine to another, I was unable to restart mysqld. The error was:
  1. dbserver1:/var/log# /etc/init.d/mysql restart  
  2. Stopping MySQL database server: mysqld failed!  
  3. Starting MySQL database server: mysqld already running.  
  4. /usr/bin/mysqladmin: connect to server at 'localhost' failed  
  5. error: 'Access denied for user 'debian-sys-maint'@'localhost' (using password: YES)'  
  6. dbserver1:/var/log#  
I was quite surprised then I realized that the "access denied" error was pointing me to a problem with the password of the special MySQL user "debian-sys-maint". After a few investigations I finally got the root cause of the problem: during the installation MySQL generates a random password for "debian-sys-maint" and stores its credentials inside /etc/mysql/debian.cnf as well as inside the "users" table in the database itself. When I copied the database form one VM to another the two passwords (the one on the local debian.cnf and the one in the original database) were not matching anymore.

So, for the solution, find your "debian-sys-maint" password in /etc/mysql/debian.cnf:
  1. cat /etc/mysql/debian.cnf  | grep password
Then connect to MySQL with root:
  1. mysql -u root -p<your_root_password>
Use now the following SQL command to recreate the user (but replace <password> with your debian-sys-maint password!):
  1. GRANT ALL PRIVILEGES ON *.* TO 'debian-sys-maint'@'localhost' IDENTIFIED BY '<password>' WITH GRANT OPTION;  
Now the passwords in MySQL db and in debian.cnf are matching and MySQL should start correctly.

For more information about MySQL I heartedly suggest to check Planet MySQL @ http://planet.mysql.com/

Hope this helps!

Related Posts Plugin for WordPress, Blogger...