Openfiler Kernel 2.6.29.6-0.13.smp.gcc3.4.x86_64
Dec 10th
With the latest version of the Openfiler Kernel Linux <hostname> 2.6.29.6-0.13.smp.gcc3.4.x86_64 #1 SMP Fri Nov 20 15:47:20 GMT 2009 x86_64 x86_64 x86_64 GNU/Linux the network udev rules get rewritten for some reason. So be sure to have some way to physically access the machine if for some reason you are not able to remote into it after rebooting the server. I noticed this as I currently have a server with multiple ports that would respond to some machines but not all. Digging around I found that the network ports had gotten remapped. So to fix this take note of which port is assigned before you upgrade. After you upgrade the system, be sure to edit the udev rules for the network ports located in:
/etc/udev/rules.d/70-persistent-net.rules
Exchange 2010RC to 2010RTM Upgrade
Dec 10th
As Microsoft published prior to the Exchange 2010 RTM release, that people who installed the RC would be able to upgrade to the RTM with their currently running system. I tested this out recently with my test system, and it was as simple as they said. I’ll post some screen shots below, but it is pretty much as simple as double click and go. As a side note though, you should make sure to have all of the EMC and EMS closed. Best to close everything running on the desktop if possible I suppose. Then just run the setup.exe. If you are going to install this off of a network, it would probably be better to place the files as close as you could to the server you are upgrading.
Select the language option that you want to upgrade.
Previously I installed from the DVD so I only updated the DVD languages. Then press the Install Microsoft Exchange Server Upgrade to start the upgrade process.
Press Next to get started.
The system will then do some readiness checks.
If not, you will get an error like this.
Press the Upgrade button once all the checks have passed.
Exchange will then go off upgrading the system automatically.
The upgrade process is done.
It’s pretty straight forward. I have my test environment broken up, so in this upgrade I only updated the Mailbox role which took about 8 minutes. Your times will vary depending on how your servers are configured. For a fairly basic setup, it was simple painless and straight forward.
Install VMware tools for Gentoo
Dec 10th
Just as a note to myself and whomeever it may help. Whenever you update your kernel in Gentoo you also need to make sure that you upgrade the vmware tools as well. After recompiling and booting with the new kernel run the following command to update the vmware services.
emerge -v app-emulation/open-vm-tools
As an update to this, I had some problems getting this working since the last few updates (As of December 10th, 2009). Have found a way to get it to work again though.
Emerge the additional modules that are needed with:
emerge -v app-emulation/vmware-modules
Then rename (or delete) the *.la files in the following directory:
cd /etc/vmware-tools/plugins/common ls -l *.la -rwxr-xr-x 1 root root 1093 Dec 9 11:17 libhgfsServer.la -rwxr-xr-x 1 root root 1108 Dec 9 11:17 libvix.la
This last part I found is a bug for right now so hopefully it should be addressed in the future.
VMware Last Resort System Recovery
Dec 4th
This might not be the best way to go about restoring your system. But for me my iSCSI disk decided to do something crazy and after restarting it, my servers were not able to start up again. Basically I had to re-add the host system to my VMware servers for it to start again, as I was getting a configuration error.
- First remove the troubled server from your servers list. Becareful to Remove from Inventory and not Delete from disk.
- SSH into your VMware server and go to the /vmfs/volumes directory and then into the path where your troubled VMDK is residing.
- I like to have the directory name the same as my machine name, so I move the directory to a different name before readding the system otherwise /vmfs/volumes/<storename>/domainad readded will become /vmfs/volumes/<storename>/domainad_1 or something weird like that.
- Start by adding a new virtual machine and select custom.
- Type in the machine name. Again I like to keep things clean so I use the previous system name.
machinename
- Select the datastore where the problem system resides.
Select datastore where troubled system is.
- From here on you need to make sure that you select the same settings as you had before otherwise the system will not start up.
Machine Version Type
OS Type
CPU Count
Memory Amount
NIC Card
Selecting the disk type is really important. I picked the wrong one initially and the OS would crash as soon as it started loading what I assume was the disk drivers.
Disk Controller Type
- From here it is important that you select the Use an existing virtual disk option to restore your system back to working order.
Use an exisiting virtual disk
Select the original VMDK from the datastore
- Complete the configuration and go back to the terminal window. Again in keeping everything clean, you need to move the VMDK that you just reconfigured to the proper directory. Otherwise you will have a system taking up two directories.
- From the old directory, you only need to move the <servername>.vmdk and the <servername-(type)>.vmdk to the newly created directory.
- After moving the virtual disks over, edit the <servername>.vmx file and change the (depending on disk count) scsi0:0.fileName from the oldpath to the newpath.
- Save the changes and exit out of the terminal.
- With luck, you can start up your server again and should have no problems getting it to start.
I initially got the idea from the VMware KB article located here.
How to “undelete” Outlook Mail
Dec 4th
There is a way via installing an additional Microsoft plugin to undelete hard deleted mail (ie. Shift + Del) from Outlook.
It can be found in the Microsoft KB246153 article. It is fairly straight forward, even a little too much as after installing it I couldn’t tell if it installed correctly. After you run it, start or restart outlook and then to start using it, all you need to do is right click on the folder and run the “Deleted Items Recovery” either from right clicking or going to Tools > Deleted Items Recovery.
Should you need to be trying to recover mails that were hard deleted you might heave a chance to get them back here before the server wipes them permanently. It also save the hassle if having to go to archive or backup to try and retrieve the missing file.
Symantec Endpoint Protection Manager Server Change
Dec 4th
…is a huge pain. When it works, it works. But more often than not for some reason I have a problem with the server going wrong doing something which more often than not involves me having to reinstall the server. Because of this all the clients loose their connectivity. Even better there is no real “simple” solution to this.
Probably the best thing to do, as per Symantec’s website is to backup all the pertinent information. Which can be found here. However, sometimes this isn’t even enough. One thing to do first after trying to reinstall the system, is to change the DomainID. Do this by:
- Opening the Symantec Endpoint Protection Manager Console
- Click on Admin
- Click on Add Domain
- Enter the domain name (use default2 or something and rename to default when deleting the new “old” default)
- Company and contact list are optional.
- Most important enter the previous Domain ID that you were using before reinstalling the SEPM services.
Symantec Endpoint Manager
Hopefully if all goes well, then you should see all your clients in the Clients area and everything should return back to normal.
However, for me that wasn’t the case. For some reason my database became corrupt and wouldn’t let me revert back to the old ID. So I had to install a new database with the previous DomainID. But my clients would not join after doing this. Of course as its a new database and everything is empty, only the DomainID was the same. Which means you need to replace the sylink.xml file on every computer that was connecting to the managing server. The appropriate sylink.xml file can be found in the following directory:
x64 machine – C:\Program Files (x86)\Symantec\sepm\data\outbox\agent
x86 machine – C:\Program Files\Symantec\sepm\data\outbox\agent
There will be directories with a long string of numbers and random letters. You need to go into each one and view the Profile.xml and the very top of the file will be the <GroupInfo Description=”<yournamehere>”…> After finding the appropriate folder/group that you want to reset to the clients, use the sylink.xml file in this directory to replace on that computer. If you are in the same room, you can go to each computer, load an Admistrator level command prompt and go to the directory:
%PROGRAMFILESDIR%\Symantec\Symantec Endpoint Protection
To replace the sylink.xml However, if the SEP client is running you cannot just copy the file here. You will get an access violation error telling you that the file is in use.
Sylink.xml Copy Error
To successfully change the file, At the command prompt where SEP resides run:
smc -stop
copy over the sylink.xml file
smc -reload
smc -start
Almost immediately, you should see the green dot appear that the client is connected again to the server. Problem solved.
However, doing this for more than a hand few of machines is less than ideal. You can use the Symantec “Syslink Replacer” to do this remotely. (This is a support tool from them, so actually the the link has no file you need to ask Symantec as it might get taken down.) There is a PDF description also included with this. So, I won’t go to much into the basics on how to use it. But it does what you just did above automatically and remotely. What I can say, is that you need to make sure that you have all the proper remote ports open (Port TCP139&445). Also, the “Remote Registry Service” also needs to be initiated as well for this tool to work properly. Otherwise the client will fail and the sylink.xml file will not be replaced. By default, it starts automatically in XP, but in Vista and Win7 it does not. I am sure there are lots of ways to do this, but for this time I just started the service remotely by using RCF+ windows gadget. A small desktop gadget for Vista/Win7 that will let you do lots of things from your desktop over your AD network.
Hope this might help anyone who has ever had a SEPM go south on them.
Symantec Endpoint Protection Communication Ports
Nov 20th
When setting up the firewalls on the servers for use with Symantec Endpoint Protection, it was a bit hard to find the ports that were needed from the Symantec Website. So, I just copied them here for easy reference.
The Symantec Endpoint Protection Manager (SEPM) use two web servers: Internet Information Services (IIS) and Tomcat. IIS uses port 80 (or 8014) and 443 – Tomcat uses port 9090 and 8443. The communication between IIS and Tomcat uses the HTTP protocol. IIS uses port 9090 to talk to Tomcat, Tomcat uses port 80 to talk to IIS. |
You can find the original link here.
A (kind of) Mac Tablet
Nov 19th
Well as with all the news and buzz about highly sought after Mac Tablet, I found something that is kind of like it. I say kind of very loosely as it seems nice. I can’t say much since I’ve never tried it. But I do like the concept. It is by a company called Axiotron. If you can’t wait for the official one from Apple. I guess this is a pretty close 2nd runner up. Overall the value added functions like a built in camera and GPS are pretty nice. It’s also got a CD/DVD drive as well. I thought it looked pretty neat. Here is a picture of it:
Axiotron Modbook
You can read more on their comparison page. I thought this would be something neat to get until I looked a bit closer. As Apple really doesn’t like people selling Mac clones, at all, I wondered how this works. Basically you’re modding your current MacBook that you have/buy modified. Hence the name ModBook. So, I suppose Apple doesn’t mind as you already bought their hardware. I thought it was quite interesting as well, until I saw that it was just a modified MacBook. The fact that it’s almost ~3cm (~1in+) tall and that it weights 2.4kg (5.3lbs) is a bit of a downer though. I wanted to try out something like this. It seems a bit too thick and heavy to carry around to wield easily for a tablet PC. Still would like to give out a test though.
But the best part is, among from what i said earlier is that you can buy it now. No need to wait. You can see the distributor page on their website as well to order one online. How about that?
Exchange 2010 and Office 2010 Beta
Nov 18th
Wow how great! All the new software for 2010 from Microsoft is finally coming out.
Exchange 2010 went RTM about a month back and now it is finally out for download and use.
Also at the same time, it seems that Microsoft also took this chance to release their beta of upcoming Office 2010 as well.
Take a look at the Microsoft TechNet site for more information and a free trial download.
Windows Server Time Services
Nov 18th
One thing that I think no one cares a great deal about is if their clock is off by a minute or two. Unfortunately, when running computers they do. Even a slight variation in the time can mean a difference from your computers talking to each other to rejecting each other due to security policy violations. In this case because there is a clock skew. So just wanted to write on how to setup an authoritative time server in your Windows AD environment. AD is pretty picky about the time and its the easiest place to setup the authoritative time server for your domain, as all your domain joined PCs will sync pretty quickly if the AD server makes a time shift. This will work on any version of Windows Server Domain Controllers (2000/2003/2008) that I know of. You can even do it on XP, Vista, Win7, but on the desktop there is an extra tab to modify the time server source directly. Also when you join a computer to a domain it will pull the time from the domain controller.
Configuring the Windows Time service to use an external time source
To configure an internal time server to synchronize with an external time source, follow these steps:
- Change the server type to NTP. To do this, follow these steps:
- Click Start, click Run, type regedit, and then click OK.
- Locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters\Type
Change type to NTP
- In the right pane, right-click Type, and then click Modify.
- In Edit Value, type NTP in the Value data box, and then click OK.
- Your modified value should look as such:
Changed to NTP Type
- Set AnnounceFlags to 5. To do this, follow these steps:
- Locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config\AnnounceFlags
Change the AnnounceFlags Value
- In the right pane, right-click AnnounceFlags, and then click Modify.
- In Edit DWORD Value, type 5 in the Value data box, and then click OK.
- The modified value should look as such:
Changed AnnouncedFlags Value
- Locate and then click the following registry subkey:
- Enable NTPServer. To do this, follow these steps:
- Locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpServer
Enable the NTP Server
- In the right pane, right-click Enabled, and then click Modify.
- In Edit DWORD Value, type 1 in the Value data box, and then click OK.
- Your changed value should look as such:
Enabled NTP Server
- Locate and then click the following registry subkey:
- Specify the time sources. To do this, follow these steps:
- Locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters
- In the right pane, right-click NtpServer, and then click Modify.
- In Edit Value, type Peers in the Value data box, and then click OK.
Modifying the NTP Servers List
Note Peers is a placeholder for a space-delimited list of peers from which your computer obtains time stamps. Each DNS name that is listed must be unique. You must append ,0×1 to the end of each DNS name. If you do not append ,0×1 to the end of each DNS name, the changes made in step 5 will not take effect. You can add additional NTP servers with a single character “space” between the ‘,0×1′ and the next server. Look at my screenshot below for a visual explanation. I recommend setting three as this is usually the standard for NTP. You can go to the NTP Pool website here to find what servers work best for you. Closer to you is always better. In my case, I used the Japan pool.
Modified NTP Server Source List
- Locate and then click the following registry subkey:
- Select the poll interval. To do this, follow these steps:
- Locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpClient\SpecialPollInterval
- In the right pane, right-click SpecialPollInterval, and then click Modify.
- In Edit DWORD Value, type TimeInSeconds in the Value data box, and then click OK.
Change the default polling period
Note TimeInSeconds is a placeholder for the number of seconds that you want between each poll. A recommended value is 900 Decimal. This value configures the Time Server to poll every 15 minutes. This will tell your domain controller to communicate with the NTP pool servers that you just set to make sure that it is within the correct time boundaries.
Modified Poll Interval Time
- Locate and then click the following registry subkey:
- Configure the time correction settings. To do this, follow these steps:
- Locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config\MaxPosPhaseCorrection
- In the right pane, right-click MaxPosPhaseCorrection, and then click Modify.
- In Edit DWORD Value, click to select Decimal in the Base box.
- In Edit DWORD Value, type TimeInSeconds in the Value data box, and then click OK.
Note TimeInSeconds is a placeholder for a reasonable value, such as 1 hour (3600) or 30 minutes (1800). The value that you select will depend upon the poll interval, network condition, and external time source.
- Locate and then click the following registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config\MaxNegPhaseCorrection
- In the right pane, right-click MaxNegPhaseCorrection, and then click Modify.
- In Edit DWORD Value, click to select Decimal in the Base box.
- In Edit DWORD Value, type TimeInSeconds in the Value data box, and then click OK.
Modify the Correction Time
Note TimeInSeconds is a placeholder for a reasonable value, I usually use double what I set the poll interval to. In this case 30 minutes or 1800 seconds. The value that you select will depend upon the poll interval, network condition, and external time source.
Modified Phase Correction Time
- Locate and then click the following registry subkey:
- Quit the registry editor.
- At the command prompt, type the following command to restart the Windows Time service, and then press ENTER:
net stop w32time && net start w32time
Restart the Time Services
- The time then almost immediately updated to the correct time as you can see in the next two pictures of the corrected time and also in the event log (eventvwr.msc)
Updated to correct time
Event Log of Time Services
I hope that this helps anyone who is trying to setup an authoritative time server in their Windows Domain network. It’s not really hard. Just make sure if you are changing multiple machines that the time you are modifying isn’t terribly huge. (ie. half a day or something.) If you change one AD machine and the clock jumps forward or back half a day (probably due to a time zone setting) the other servers will loose trust between the other machines. Authentication processes will stop working and whatever else is based on those servers trusting each other. A snowball of problems so just might want to keep that in mind.
This process was taken from the Microsoft article source KB816042.
Recent Comments