|
|
The NetGuy is proud to announce the creation of NetGuy.org! (http://www.netguy.org)
NetGuy.org uses WordPress.
NetGuy.org is dedicated to discussion around technology topics that are specific to the writer’s environment. That includes Linux (CentOS & RedHat specifically, but not exclusively), VMWare, Citrix, Microsoft Windows, Microsoft Office, MySQL, network infrastructure, Perl, etc.
Also visit our supporting sites: StevenStinks.com, Luser650.com and GalwayLand.
The NetGuy Management Team
Great article for quick and dirty setup of haproxy on CentOS 7 (RHEL 7)
https://www.server-world.info/en/note?os=CentOS_7&p=haproxy
And a similar article for LVS (iplvadm)
https://www.server-world.info/en/note?os=CentOS_7&p=lvs
To cement the iplvadm config:
# This worked the first time, but not the second. Needed to use zone ‘internal’
firewall-cmd –zone=private –add-interface=ens9
# add the line NM_CONTROLLED=no
vi /etc/sysconfig/network-scripts/ifcfg-Wired_connection_1
service network restart
# then… And make it permanent
firewall-cmd –zone=public –add-masquerade
firewall-cmd –permanent –zone=public –add-masquerade
firewall-cmd –permanent –zone=internal –add-interface=ens9
I found this to be helpful in setting up keepalived
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Load_Balancer_Administration/ch-initial-setup-VSA.html
I find on new installs of Linux there is a delay of about 20 seconds when using SSH to connect to the new install. I have found different suggestions for the fix and tehse are my experiences:
This article (https://rbgeek.wordpress.com/2012/05/25/how-to-fix-delay-in-ssh-login/) suggests setting ‘UseDNS’ to no on the new ssh server (in sshd_config, then restart sshd), but I have not found this to work.
To further diagnose, you can use ‘-vvv’ on the ssh client to see where the delay is. In my most recent test, the following message appeared several times (with a delay between each), which accounts for the overall delay:
debug1: Unspecified GSS failure. Minor code may provide more information
Cannot determine realm for numeric host address
Based on that, the proper fix for me was to set the following in sshd_config:
GSSAPIAuthentication no
Hope this helps others!
Determining VMware Software Version and Build Number
I am just writing an observation report about a virtual infrastructure based upon VMware ESX and was wondering which version the customer is running Virtual Center at the moment. After asking my vExpert colleagues 😎 they pointed me to the help menu and the about VMware Infrastructure item in the virtual infrastructure client. It nicely shows me what software is running as Virtual Center in build numbers.
After googling around the big library they call internet I found a nice knowledge base article from VMware explaining how to get version and build numbers. You can also use a command to get the version number of VMware vCenter Server by using:
To identify which version of VirtualCenter Server you are running, type (including the quotes):
“C:\Program Files\VMware\VMware VirtualCenter\vpxd.exe” –v
It still keeps showing me build numbers too, not what I need. The customer just wants to know which update they are at in terms of readable stuff like Update 1 or Update 2 and so on. Not a build number like 16458932279.
So I compiled a list of build numbers and updates from the patch notes for VMware ESX and VMware vCenter Server.
vSphere Client 6.0.0 u2 | Build 3562874
vSphere Client 5.5.0 u2 | Build 2067769
vSphere Client 5.5.0 | Build 1474107
vSphere Client 5.1.0 | Build 941893
vCenter Server 6.0.0 u2 | Build 3634793
vCenter Server 5.5.0 u2 | Build 2183111
vCenter Server 5.5.0 u1a | Build 1750787
vCenter Server 5.5.0 | Build 1476327
vCenter Server 5.1.0 u1a | Build 1123961
vCenter Server 5.1.0 | Build 947673
vCenter Server 4.1.0 u1 | Build 345043
vCenter Server 4.1.0 | Build 258902
vCenter Server 4.0.0 u3 | Build 385281
vCenter Server 4.0.0 u2 | Build 258672
vCenter Server 4.0.0 u1 | Build 208111
vCenter Server 4.0.0 | 05 May 2009 | Build 162902
VMWare ESXi Server 6.0.0 u2 | Build 3620759
VMWare ESXi Server 5.5.0 u2 | Build 2068190
VMWare ESXi Server 5.5.0 (w/ Heartbleed) | Build 1746018
VMWare ESXi Server 5.5.0 (w/ patches) | Build 1474528
VMWare ESXi Server 5.5.0 | 1331820
VMWare ESXi Server 4.1.0 u1 (w/ patch ESXi410-201107001) | Build 433742
VMware ESXi Server 4.1.0 u1 | Build 348481
VMware ESXi Server 4.0.0 u3 | Build 398348
VMware ESXi Server 4.0.0 u2 | Build 261974
VMware ESX Server 4.1.0 u1 | Build 348481
VMware ESX Server 4.0.0 u3 | Build 398348
VMware ESX Server 4.0.0 u2 | Build 261974
VMware ESX Server 4.0.0 u1 | Build 208167
VMware ESX Server 4.0 | 21 May 2009 | Build 164009
VirtualCenter 2.5 Server Update 4 | 23 Feb 2009 | Build 147633 (English version)
VirtualCenter 2.5 Server Update 3 | 03 Oct 2008 | Build 119598 (English version)
VirtualCenter 2.5 Server Update 2 | 25 July 2008 | Build 104217 (English version)
VirtualCenter 2.5 Server Update 1 | 10 Apr 2008 | Build 84767 (English version)
VirtualCenter 2.5 Server | 12/10/2007 | Build 64201
VMware ESX Server 3.5 Update 4 | 30 Mar 2009 | Build 153875
VMware ESX Server 3.5 Update 3 | 06 Nov 2008 | Build 123630
VMware ESX Server 3.5 Update 2 | 13 Aug 2008 | Build 110268
VMware ESX Server 3.5 Update 1 | 10 Apr 2008 | Build 82663
VMware ESX Server 3.5 | 02/20/2008 | Build 64607
Hope it helps out for easy reference.
Performing a cold reset on an HP LaserJet P3005 is a little different than other printers. Normally you just hold a specific button before truning on the power and you get the appropriate menu. In this case, you press the button AFTER turning on the power. This is important!
HP LaserJet P3005 Cold Reset
To perform a factory / hard / cold reset on a HP LaserJet P3000 Series printer wasn’t that straight forward in my eyes. Although in the menus there was an option for Reset Factory Defaults, this did very little in erasing the configuration and returning the printer to a default state. After reading through a few manuals I found the following performed what HP call a Cold Reset.
Cold reset
A cold reset unlocks menus that have been previously locked and sets all control panel menu items(including EIO settings) back to the factory defaults. However, it does not clear the values in the SERVICE menu (such as the serial number and page counts).
NOTE: Before performing a cold reset, print a menu map and a configuration page. Use the information on the configuration page to reset any customer-set device configuration values that the cold reset procedure changes.
- Turn the device off.
- Turn the device on. When the memory count begins, press and hold the green Check button. Continue holding down the Check button until all three device control-panel lights flash once and then remain on. This might take up to 10 seconds.
- After the message SELECT LANGUAGE appears on the display, press the up or down button until COLD RESET is highlighted.
- Press check button. The device performs a cold reset and then continues its power-on sequence.
- Check all I/O settings and reset any customer-set device configuration values.
I’m not a Ciso guy and don’t do this all the time, so once I got the right commands I decided to write them down!
Basically, we have a VoIP tagged VLAN that needs to run on top of the Default VLAN. Assuming a Catalyst 2960-S 24 port switch, here are the commands:
enable
config terminal
interface range GigabitEthernet 1/0/1 – 28
switchport mode trunk
switchport nonegotiate
exit
exit
copy running-config startup-config
Now the VoIP VLAN (tag 7) will run on all the ports. Actually, all tags will run on all the ports 🙂
Resubmitting a cancelled data migration job in CA ARCserve Backup
We use a staging area for our daily backups and transfer the weeklies to tape (actually disks). One week we had a tape that was not properly erased to the backup filled it up during the migration process and then was waiting for a new, blank tape. What we wanted was for the migration job to just start over since we didn’t want to have two tapes. There does not appear to be a way in the GUI to do this.
Enter the ‘tapecopy’ command (located here on our system: “C:\Program Files (x86)\CA\ARCserve Backup”). This command will copy one tape to another. The issue we had was that the Staging Area appears as one tape with many sessions, so we had to use specific session numbers. This took a bit of doing.
Here’s the command:
tapecopy -sSTGGROUP -dBUGROUP -t”6/10/13 11:30 PM” -n2222 -c”Blank Media” -b
-s – Source group
-d – Destination group
-t – Source tape. This is tricky since all backups in the staging area are technically on one virtual ‘tape’
-n – That’s why we need the starting ‘Session number’. This will back up from this session number until the end
-c – The destination tape name in the destination group. If you just erased it it will be caled “Blank Media”, but that’s also what it will be called permanently, so a remane would be in order…
-b – Only use blank media (*depricated*)
We decided some time ago to make our Windows Print Server a 64-bit system (Windows Server 2008 R2). By going with the highest level system (at the time) we should be assured of backwards compatibility. The issue arose with adding 32-bit (x86) drivers to the shared printers (although it seemed impossible to add 64-bit drivers to a 32-bit print server!).
We learned the hard way that you have to be careful when choosing drivers. We are an HP shop, but HP drivers just didn’t suit our needs. The best option is to use the drivers that come with Windows, which are simple, clean and stable. And NEVER use the HP Universal driver! That totally screwed our Citrix environment!
If you download driver packs from HP then adding the 32-bit drivers isn’t difficult: You just point the installer to the right folder. I found lots of on-line notes about this, but nothing worked…
Here’s what we did:
– Have a 32-bit Windows 7 station available and keep the updates in sync with the Print Server. You want the drivers to be the same version!
– Install the printer on the Print Server and share it, whatever.
– Install a printer on the Windows 7 station with the same driver just to make sure it’s available.
– Go to the Sharing tab of the printer (from Print Management on the Print Server) and select Additional Drivers
– Check ‘x86’ and you should be prompted for the file location
– Go to \\\c$\Windows\System32\DriverStore\FileRepository
Here’s where it gets a bit tricky – you need to find the right inf folder. There are only five for HP (‘prnhp00x’ – printer – HP), but you can open them in notepad and find the one with your model.
That’s it! This has worked for the dozen or so different HP models we have.
We have replaced a number of HP printer JetDirect system boards over the years. One issue it took us a while to notice is that the serial number of the new board is ‘XXXXXXXXXX’. This is probably supposed to be changed by the service technician, but what are you going to do… This caused issues with reporting and monitoring since there was no longer any consistent way of tracking the hardware. The MAC address changes as well and the IP address can change based on our environment.
Using Printer Control Language (PCL)
You can check your serial number like this (from Linux):
snmpget -v 1 -c <community> <ip address> SNMPv2-SMI::mib-2.43.5.1.1.17.1
Result:
SNMPv2-SMI::mib-2.43.5.1.1.17.1 = STRING: "XXXXXXXXXX"
Using this Perl script, you can change the serial number to whatever you want (like what it was before the repair!):
#!/usr/bin/perl
#
# hpsetsernum.pl
#
# Connects to a JetDirect equipped HP printer and uses
# HP's control language to set the serial number.
# Takes an IP address and "SERIAL NUMBER" on the
# command line.
#
use strict;
use warnings;
unless (@ARGV) { print "usage: $0 <ip address> <SERIAL_NUMBER>\n" ; exit }
my $ipaddr = $ARGV[0];
my $sernum = $ARGV[1];
chomp $ipaddr;
use IO::Socket;
my $socket = IO::Socket::INET->new(
PeerAddr => $ipaddr,
PeerPort => "9100",
Proto => "tcp",
Type => SOCK_STREAM
) or die "Could not connect to $ipaddr: $!";
my $data = <<EOJ
\e%-12345X\@PJL SET SERVICEMODE=HPBOISEID
\e%-12345X\@PJL SET SERIALNUMBER=$sernum
\e%-12345X\@PJL SET SERVICEMODE=EXIT
\e%-12345X
EOJ
;
print $socket $data;
Changing page count (again, useful when a new system board is installed) is the same process but uses the ‘PAGES’ command instead of ‘SERIALNUMBER’.
If you have a failed node in an ExtremeNetworks Summit virtual stack, there are some steps that must be followed in order to replace the node with new hardware.
- First, make sure sure your new node is the same firmware as the stack. It doesn’t have to be the latest, but it should match.
- Remove the failed switch and install the new switch in the stack
- Issue the command ‘disable stacking’ on the new switch and reboot
- Console into the master node and issue these two commands:
- ‘synchronize stacking node-address (MAC of the switch your adding to the stack)’
- ‘conf stacking node-address (MAC of the switch you are adding to the stack) slot-number (The next available slot #)’
- Return to the new switch being added and issue a reboot, but only on the new switch.
- When the switch is rebooted and back online, the switch will be added to the stack and ready to go.
- On the master, verify by issuing the ‘show slot’ command.
NOTE: I just tried these instructions and they didn’t work: The failed ‘node’ would not come on-line (it continued to say ‘Disabled’ when I did a ‘show stack’). I finally issued an ‘enable stacking node-address ‘ and rebooted that node. Then it worked fine.
NOTE 2: Another useful command so you don’t have to switch back and forth between nodes:
reboot node-address <address of node to be rebooted>
Keywords:
Replace Node in Extreme Networks Summit Stack
I received the following message while trying to use vcbmounter to backup a VM:
Cannot create a quiesced snapshot because the create snapshot operation exceeded the time limit for holding off I/O in the frozen virtual machine.
It’s a vSphere 5.1 infrastructure but happens to be on a ESX 4.1 host. This has worked before and still works fine on other VMs. I was able to make a backup on this VM as long as it was powered off, but that’s not ideal.
The final solution for me was to make a change to the VMWare Tools. I ‘re-configured’ them and in the advanced options I set “Volume Shadow Copy Services Support” to “This feature will not be available”.
This probably isn’t the best solution, but it worked…
I noticed an issue recently when I wasn’t getting sendmail analysis messages form my mail relay. I did some checking and the mail was being flagged as SPAM because the body contained lists of various e-mail address and domains that were listed in relay black lists! I did not realize that the body was subject to such tests. But that’s OK, we have the ‘whitelist_to’ option like so (in /etc/mail/spamassassin/local.cf):
whitelist_to <specific e-mail you want to whitelist>
This is fine, but the default score to subtract is ‘6’, which was no where near enough. I did some research to see about changing that default score, and it is possible. But you run the risk of having your changes overwritten in future updates. The score change would be done here on the USER_IN_WHITELIST_TO line (or wherever is appropriate for you):
/var/lib/spamassassin/3.003002/updates_spamassassin_org/50_scores.cf
When checking this entry I notice two entries below that had -20 and -100 scores:
# not really false positives but the user wants spam!
score USER_IN_WHITELIST_TO -6.000
score USER_IN_MORE_SPAM_TO -20.000
score USER_IN_ALL_SPAM_TO -100.000
So, if you want to increase the likelihood if getting the messages you can use one of the following less common entries in your local.cf:
more_spam_to <specific e-mail you want to whitelist>
all_spam_to <specific e-mail you want to whitelist>
Obviously you need to be sure of what you are doing! And don’t forget to restart your services.
The issue for programmatically setting FireFox as the default browser came from our Citrix environment. We were using Internet Explorer 8 and did not have the ability to update to IE 9 to satisfy some specific browsing compatibility needs. Being able to do this programmatically is a must, and the manual ‘registry’ options just didn’t seem appropriate considering the number of changes that needed to be made.
Basic searching led to the following command:
firefox.exe -silent -setDefaultBrowser
This command option, however, appears to have been removed at some point and no longer works.
Finally I found this command:
"%ProgramFiles%\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppUser
So far, this appears to have done the trick!
There is a nice command that cleans up after a Windows 7 SP1 installation:
DISM /online /cleanup-Image /spsuperseded
Follow the suggestions listed below for a possible fix:
Method 1: I would suggest you to scan your computer with Microsoft Safety Scanner, which would help us to get rid of viruses, spyware, and other malicious software.
The Microsoft Safety Scanner is a free downloadable security tool that provides on-demand scanning and helps remove viruses, spyware, and other malicious software. It works with your existing antivirus software.
http://www.microsoft.com/security/scanner/en-us/default.aspx
Note: The Microsoft Safety Scanner expires 10 days after being downloaded. To rerun a scan with the latest anti-malware definitions, download and run the Microsoft Safety Scanner again.
Important: While scanning the hard drive if any bad sectors are found, the scanner tries to repair that sector, any data available on that might be lost.
Method 2: Create a new user account and check if you’re able to change the User Account Control (UAC) settings in the newly created account.
Create a user account
http://windows.microsoft.com/en-us/Windows-vista/Create-a-user-account
If the issue does not persist in the new user account, it could indicate that your old user account is corrupted.
Access the link below and follow the steps to repair the corrupt user profile:
Fix a corrupted user profile
http://windows.microsoft.com/en-US/Windows-vista/Fix-a-corrupted-user-profile
I found this article while searching for an answer to why some computers that were used every day would suddenly lose their trust relationship to the domain. This is a common problem for computers that are off for months at a time, but not for computers that are used frequently. I have yet to actually try this, but the logic is sound. -JDS
Posted on 4/13/2012 by Dan Peterson (from his own site)
If you Google “the trust relationship between this workstation and the primary domain failed”, you get plenty of information from support blogs and Microsoft articles; however, most of them ask you to rejoin your machine to the domain. That’s not always possible.
What’s the problem and how did I get here?
The underlying problem when you see this error is that the machine you are trying to access can no longer communicate securely with the Active Directory domain to which it is joined. The machine’s private secret is not set to the same value stored in the domain controller. You can think of this secret as a password but really it’s some bits of cryptographic data called a Kerberos keytab stored in the local security authority. When you try to access this machine using a domain account, it fails to verify the Kerberos ticket you receive from Active Directory against the private secret that it stores locally. I think you can also come across this error if for some reason the system time on the machine is out of sync with the system time on the domain controller. This solution also fixes that problem.
This problem can be caused by various circumstances, but I most commonly run into it when I reset a virtual machine to a system snapshot that I made months or even years before. When the machine is reset, it is missing all of the automatic password changes that it executed against the domain controller during the intervening months. The password changes are required to maintain the security integrity of the domain.
The standard fix
Support blogs and Microsoft will generally tell you to rejoin the domain to restore the trust relationship. Another option they will give is to delete the computer object and recreate it without a password and rejoin.
Microsoft support article on the topic: http://support.microsoft.com/kb/162797
I’m not a fan of any of these options. This seems heavy handed and sometimes they aren’t even possible.
Recently, when I ran into this problem, the virtual machine that reset was an enterprise certificate authority joined to my test domain. Well, guess what, Microsoft will not allow you to rename or unjoin a computer that is a certificate authority—the button in the computer property page is grayed out. There may be another way to unjoin but I wasn’t going to waste time on it when it isn’t even necessary.
A better fix
Just change your computer password using netdom.exe!
netdom.exe resetpwd /s:<server> /ud:<user> /pd:*
<server> = a domain controller in the joined domain
<user> = DOMAIN\User format with rights to change the computer password
Here are the full steps:
- You need to be able to get onto the machine. I normally just log in with the local Administrator account by typing, “.\Administrator” in the logon window. I hope you remember the password. If you’re creative and resourceful you can hack your way in without the password. Another option is to unplug the machine from the network and log in with domain user. You will be able to do disconnected authentication, but in the case of a reset machine, remember that you may have to use an old password. Your domain user’s cached credential has the same problem as the machine’s private secret.
- You need to make sure you have netdom.exe. Where you get netdom.exe depends on what version of Windows you’re running. Windows Server 2008 and Windows Server 2008 R2 ship with netdom.exe you just have to enable the Active Directory Domain Services role. On Windows Vista and Windows 7 you can get it from the Remote Server Administration Tools (RSAT). Google can help you get them. For other platforms see this link: http://technet.microsoft.com/en-us/library/ee649281(WS.10).aspx”
- Extra steps if the machine is a domain controller. If the broken machine is a domain controller it is a little bit more complicated, but still possible to fix the problem. I haven’t done this for a while, but I think this works:
- Turn off the Kerberos Key Distribution Center service. You can do this in the Services MMC snap-in. Set the startup type to Manual. Reboot.
- Remove the Kerberos ticket cache. A reboot will do this for you, or you can remove them using KerbTray.exe. You can get that tool here: http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=17657
- Post change steps. Do these in conjunction with 5 below. Turn the Kerberos Key Distribution Center Service back on before rebooting. You should reboot the domain controller and then force replication in the Active Directory Sites and Services MMC snap-in.
- Run netdom.exe to change the password.
- Open an administrative command prompt. On Windows platforms with UAC enabled, you will need to right-click on cmd.exe and select “run as Administrator”.
- Type the following command: netdom.exe resetpwd /s:<server> /ud:<user> /pd:*
- Reboot the machine.
Here is more information on netdom.exe: http://support.microsoft.com/kb/325850
via DON’T REJOIN TO FIX: The trust relationship between this workstation and the primary domain failed – The Implbits team blog.
Getting this to work took quite some time – mostly because the articles I have found on the subject are wrong or contain errors making them useless. Is that deliberate? It almost felt that way!
The basic structure isn’t difficult, but it is critical to get the right files in the right places. These instructions have been ripped from a number of different web sites, but have been fixed so they actually work!
The system in question is RedHat 5.6 with Sendmail 8.13.8. I also did this on CentOS 6.2 x64 with Sendmail 8.14.4 in testing. I am assuming a functioning Sendmail system.
1. Install openssl-perl:
yum -y install openssl-perl
2. You need to edit the CA.pl file. This was a common area of errors since the instructions for the edit were WRONG. Rather than screwing around with diff files, you just need to make the following changes (copying the existing /etc/pki/tls/misc/CA.pl to /etc/pki/tls/misc/CA1.pl)
Now edit CA1.pl and find:
system ("$REQ -new -x509 -keyout newkey.pem -out newcert.pem $DAYS");
and make it
system ("$REQ -new -x509 -nodes -keyout newkey.pem -out newcert.pem $DAYS");
then find
system ("$REQ -new -keyout newkey.pem -out newreq.pem $DAYS");
and make it
system ("$REQ -new -nodes -keyout newkey.pem -out newreq.pem $DAYS");
I also changed the $CADAYS variable to ‘3650’ (10 years). YMMV
3. Create the Certificate Authority (CA)
./CA1.pl -newca
DO NOT ENTER A FILE NAME! Answer the questions as appropriate, but don’t use any ‘extra’ information.
4. Now create your request
./CA1.pl -newreq
Answer the questions as appropriate, and again, don’t give any ‘extra’ info.
5. Now ‘sign’ the Certificate Request with the CA you created earlier
./CA1.pl -sign
For some reason, no matter what I enter for the $DAYS variable, the cert is only ever good for one year. I have tried many variations and commands, but have not been able to get by this. The CA is still good fro 10 years.
6. Create a certificates directory
mkdir /etc/mail/certs
7. Copy the relevant files to the certs directory (This is another place I have found errors in other documentation)
cp /etc/pki/CA/cacert.pem /etc/mail/certs/CAcert.pem
cp /etc/pki/tls/misc/newkey.pem /etc/mail/certs/MYkey.pem
cp /etc/pki/tls/misc/newcert.pem /etc/mail/certs/MYcert.pem
8. Sendmail is very picky about permissions, so set them on the certs folder and files
chmod -R 600 /etc/mail/certs
9. Edit your sendmail.mc file to include the following:
define(`confCACERT_PATH', `/etc/mail/certs')dnl
define(`confCACERT', `/etc/mail/certs/CAcert.pem')dnl
define(`confSERVER_CERT', `/etc/mail/certs/MYcert.pem')dnl
define(`confSERVER_KEY', `/etc/mail/certs/MYkey.pem')dnl
define(`confCLIENT_CERT', `/etc/mail/certs/MYcert.pem')dnl
define(`confCLIENT_KEY', `/etc/mail/certs/MYkey.pem')dnl
Then recompile your sendmail.cf
10. If you are using the packages this shouldn’t be a problem, but you may also check to make sure STARTTLS is compiled into Sendmail. Run this:
sendmail -bt -d0.8 < /dev/null
And look for this:
Compiled with: DNSMAP HESIOD HES_GETMAILHOST LDAPMAP LOG MAP_REGEX
MATCHGECOS MILTER MIME7TO8 MIME8TO7 NAMED_BIND NETINET NETINET6
NETUNIX NEWDB NIS PIPELINING SASLv2 SCANF SOCKETMAP STARTTLS
TCPWRAPPERS USERDB USE_LDAP_INIT
11. Send a HUP to Sendmail:
kill -HUP `head -1 /var/run/sendmail.pid`
If everything is correct, you may not see anything in the logs. But if you:
telnet localhost 25
and issue a proper ‘EHLO’, you should see this:
250-STARTTLS
The purpose of this document is to fix syntax errors is other documents I have found. The resulting errors are just to vague to get any real help. Hopefully this will help others avoid the hours of searching I had to go through!
I have had trouble completely removing an iSCSI target from a Windows 2003 (not R2) server without rebooting. Of course if you remove the initiator and persistent targets it won’t reconnect, but how do you remove the drive letter without rebooting?
After a bit of research (and not finding the right answer…) I came up with this:
First use the iSCSI initiator to remove the Target and Persistent Target. Also remove the server from Discovery if you are done with it.
The from a command prompt, use the DISKPART utility:
diskpart
list volume (to find the volume you want to remove)
select volume 5 (assuming it’s volume 5 you want to remove)
remove (removes the drive letter)
This seemed to work anyway, but the volume is still ‘attached’ until reboot. You just don’t have the drive letter any more.
It took forever, but I finally got the name fixed as displayed in the iLO interface on an HP DL360 G4p. Lots of people made suggestions, but most relied on iLO 2 or better, but this server only has iLO 1.
The first problem was that the iLO interface was showing the old server’s name – this hardware was recycled into a new purpose. I did a reset of iLO and that at least got me back to ‘host is unnamed’.
Then there was the issue of the OS: The previous OS was Windows Server 2003 (with full HP software), but I wanted CentOS 6 x64. Unfortunately HP doesn’t supply a PSP for this hardware/OS combination, and the RedHat 5 PSP would not install. Luckily the PSP from the DL360 G5 page for RedHat 6 did install! I’m not sure what I may be missing, but everything seems to work.
OK, so the hardware is OK, the OS is installed, the PSP seems good to go, but the name still isn’t showing in iLO.
I found lots of suggestions and most of them were wrong. Most people suggested setting the ‘iLO Subsystem Name’, but that is not the same thing. Just as many people suggested the various scripts and commands, but they failed to realize that the name can apparently only be changed using this method with iLO 2 or better.
A few people said very clearly that if it’s not correct, then the agents are not installed! Who knew! In the end, it was the agents, but I didn’t realize a restart was necessary. Once the agents are installed, do a restart of the ‘hp-snmp-agents’ and it should pull the ‘hostname’ as the iLO server name. I tested this by changing the hostname (with the hostname command) and restarting the ‘hp-snmp-agents’ – voila!
Keywords:
change server name on ilo
OK, the first thing you will say is “Why are you using BB?” We like it. Leave us alone. 🙂
The latest version we can find for Linux is 1.9i, which I believe to have been released in 2005 (you can still download it here). But to get it working on the newer OS’s, there are some changes that need to be made. Here are the steps I took to get BigBrother 1.9i working on CentOS 6 x64. Most of the steps are in the instructions, but I included the whole process here.
- Get the archive and extract it, then extract the Client archive it contains (to /usr/local/src)
- Create the BigBrother user (‘bb’ – ‘adduser bb’)
- Set ownership of the folder (‘chown -R bb:bb bbc1.9i-btf/’)
- At this point I link the folder to /usr/local/bb. For some reason I find this easier, even though a new version will never be released…
- Set this as bb’s Home Directory in /etc/passwd (‘/usr/local/bb’)
- Change to the bb/install folder and run ‘./bbconfig’
- Follow the prompts
- As instructed, do a ‘cd /usr/local/bb/src; make; make install’
- Edit the etc/bb-hosts file to indicate your Big Brother server and your local server
- I don’t know if I found it somewhere or wrote it, but here is an init script for starting and stopping BB: bb init script
Keywords:
big brother on redhat
how to install big brother on centos
Continue reading Install BigBrother on RedHat/CentOS
|
|
