Migrate Debian 6+ to another server with minimal downtime

Posted on March 13, 2015 by blogger

Recently I had to migrate services from a running Debian server to another one, with minimal downtime of services.
I usually do this to P2V or V2V Linux systems, as this allows me to resize the new virtual machine to meet the services requirements (adjust disk size, inodes, partitionning, etc.).
I have done this several times in the past on systems with Grub 1 but this is the first time with Grub 2, so I thought I’d share my process.

Continue reading

Posted in Computer, Linux | Leave a comment

SNOM phones and presence monitoring

Posted on January 31, 2015 by blogger

If you have issues with your SNOM phones and presence monitoring (the little LEDs that display when another extension is ringing or busy), then maybe this will help.

We had this problem at work. When we checked the SIP traces, we could see our server was sending SIP NOTIFY packets to tell the phone “hey your collegue phone is ringing!”, but the phone:
– (very old firmware) either answered with a 200 OK but did not blink the LED;
– (latest firmware) or it answered a 481 Call/Transaction Does Not Exist and still did not blink the LED.

Continue reading

Posted in Computer, VoIP | Leave a comment

Nagios and LSI RAID cards

Posted on January 27, 2015 by blogger

To monitor the status of a LSI RAID card, say for example a Dell PERC card, you will need to install NRPE, sudo, mpt-status and check_mpt.sh .

Install sudo and NRPE via your package manager. You can grab mpt-status via apt if you use Debian/Ubuntu or here if you use CentOS.  You can grab check_mpt.sh here.

Continue reading

Posted in Computer, Linux | Leave a comment

VMware and Windows poor TCP performance

Posted on October 23, 2014 by blogger

I have had a strange issue lately with Windows servers on VMware vSphere 5.1 hosts. Throughput of TCP connections between some virtual machines were very very slow, barely 10 mbit/s .

The behavior was easily reproducible : just start an iperf connection between a Windows Server 2008 and a Windows 2012 server, and you get 10 mbit/s .

Continue reading

Posted in Computer, Microsoft, Virtualization, VMware | Leave a comment

Using Windows domain resources while VPN is active with different credentials

Posted on October 23, 2014 by blogger

If you are frustrated to get your Domain account locked while you are logged on a VPN with different credentials than your Domain credentials, then this is for you.

Edit the file %userprofile%\AppData\Roaming\Microsoft\Network\Connections\Pbk\rasphone.pbk with your favorite text editor.
All the VPN connections managed by Windows are defined in that file.
Search the string UseRasCredentials=1 and replace it with UseRasCredentials=0 for each VPN connection that gets you locked out (or just replace all of them if you are lazy).
Save the file.
Start one of the VPN connections you just changed and see you are not locked out of your domain anymore.

:-)

Posted in Computer, Microsoft, Networking | Leave a comment

Exim GnuTLS Diffie-Hellman errors

Posted on June 21, 2014 by blogger

I have been getting increasing number of errors in my Exim log related to GnuTLS Diffie-Hellman prime number. That prime number being too small causes Exim to abort the connection and initiate a new one to send the email over an unencrypted session.

The exact error message is: TLS error on connection to foobar.example.com [x.x.x.x] (gnutls_handshake): The Diffie-Hellman prime sent by the server is not acceptable (not long enough).

Continue reading

Posted in Computer, Linux, Networking | Tagged , , | Leave a comment

rsyslogd auto-configuration

Posted on June 15, 2014 by blogger

To have rsyslogd automatically create directories and files with whatever you send at it, just put this in your rsyslog.conf file (or a .conf file in /etc/rsyslog.d):

# provide UDP syslog reception
$ModLoad imudp
$UDPServerRun 514

$template DynFile,"/var/log/syslogs/%fromhost-ip%-%fromhost%/%$YEAR%-%$MONTH%-%syslogfacility-text%"

# log everything from remote servers to one file per host+month+facility
if $inputname == 'imudp' or $inputname == 'imtcp' then ?DynFile

# stop logging from remote servers
if $inputname == 'imudp' or $inputname == 'imtcp' then ~

All directories and files are created under /var/log/syslogs, one directory per ip-hostname pair, and one file per facility per month.

You can also add this in your /etc/cron.monthly folder so that old files are compressed on a regular basis:

root 52 7 1 * * /usr/bin/find /var/log/syslogs -type f -mtime +31 | xargs nice -n19 gzip --fast

A better solution would be a logstash setup with Kibana or a Synology NAS, but this is always useful anyway :)

Posted in Computer, Linux | Tagged , , , | Leave a comment

Active Directory export script to import into SME Server

Posted on March 9, 2014 by blogger

I had to migrate users from an Active Directory/Exchange combo to a SME server for temporary disaster recovery event. Here’s the script I wrote to create the export and recreate the users and their aliases in the SME server.

The export was done before the disaster of course :)

Continue reading

Posted in Computer, Exchange, Linux, Microsoft | Tagged , , , | Leave a comment

VMware vCSA 5.1 password expiration

Posted on February 21, 2014 by blogger

A few months ago, I was unable to login on my vCSA. At that time, I thought it ws a glitch, I rebooted (didn’t fix the issue) and changed the password of the users, which fixed the issue.

Recently, I had the same issue. I concluded it could not be a glitch anymore and decided to search for root cause.

The reason given by Veeam was “username or password incorrect”, which was wrong. On the other hand, vSphere Web Client gave another error, much more helpful : “account locked out”.

While an account can become locked if there are too many login tentatives, this wasn’t it. You can check the number of tries with the command “pam_tally –user <user>” and reset the count to zero with “pam_tally –user <user> –reset”.

I changed the password for one of the accounts and I could login again. So I checked if there was a password expiration policy on vCSA, and there is! You see and can change individual settings with the command chage, or you can change default settings by editing the file /etc/login.defs .

I found this link most helpful .

Posted in Computer, Linux, Virtualization, VMware | Tagged , , , | Leave a comment

Nagios and Exim queue size

Posted on February 14, 2014 by blogger

A simple script to check Exim queue size for Nagios NRPE:

#!/bin/bash
#arg1 = warning count
#arg2 = critical count
if [ -z "$1" ] || [ -z "$2" ]
then
        echo "Usage: ${0} warningcount criticalcount"
else
        if [ "$1" -ge "$2" ] || [ "$1" -le "0" ] || [ "$2" -le "0" ]
        then
                echo "Error: incorrect values."
        else
                queuesize=$(/usr/sbin/exim4 -bpc)
                if [ "$queuesize" -gt "$2" ]
                then
                        echo "CRITICAL - exim queue size: $queuesize"
                        exit 2
                elif [ "$queuesize" -gt "$1" ]
                then
                        echo "WARNING - exim queue size: $queuesize"
                        exit 1
                else
                        echo "OK - exim queuesize: $queuesize"
                        exit 0
                fi
        fi
fi
Posted in Computer, Linux | Tagged , , , , | Leave a comment