I have had a strange issue lately with Windows servers on VMware vSphere 5.1 hosts. Throughput of TCP connections between some virtual machines were very very slow, barely 10 mbit/s .
The behavior was easily reproducible : just start an iperf connection between a Windows Server 2008 and a Windows 2012 server, and you get 10 mbit/s .
If you are frustrated to get your Domain account locked while you are logged on a VPN with different credentials than your Domain credentials, then this is for you.
Edit the file %userprofile%\AppData\Roaming\Microsoft\Network\Connections\Pbk\rasphone.pbk with your favorite text editor.
All the VPN connections managed by Windows are defined in that file.
Search the string UseRasCredentials=1 and replace it with UseRasCredentials=0 for each VPN connection that gets you locked out (or just replace all of them if you are lazy).
Save the file.
Start one of the VPN connections you just changed and see you are not locked out of your domain anymore.
:-)
I have been getting increasing number of errors in my Exim log related to GnuTLS Diffie-Hellman prime number. That prime number being too small causes Exim to abort the connection and initiate a new one to send the email over an unencrypted session.
The exact error message is: TLS error on connection to foobar.example.com [x.x.x.x] (gnutls_handshake): The Diffie-Hellman prime sent by the server is not acceptable (not long enough).
To have rsyslogd automatically create directories and files with whatever you send at it, just put this in your rsyslog.conf file (or a .conf file in /etc/rsyslog.d):
# provide UDP syslog reception $ModLoad imudp $UDPServerRun 514 $template DynFile,"/var/log/syslogs/%fromhost-ip%-%fromhost%/%$YEAR%-%$MONTH%-%syslogfacility-text%" # log everything from remote servers to one file per host+month+facility if $inputname == 'imudp' or $inputname == 'imtcp' then ?DynFile # stop logging from remote servers if $inputname == 'imudp' or $inputname == 'imtcp' then ~
All directories and files are created under /var/log/syslogs, one directory per ip-hostname pair, and one file per facility per month.
You can also add this in your /etc/cron.monthly folder so that old files are compressed on a regular basis:
root 52 7 1 * * /usr/bin/find /var/log/syslogs -type f -mtime +31 | xargs nice -n19 gzip --fast
A better solution would be a logstash setup with Kibana or a Synology NAS, but this is always useful anyway :)
I had to migrate users from an Active Directory/Exchange combo to a SME server for temporary disaster recovery event. Here’s the script I wrote to create the export and recreate the users and their aliases in the SME server.
The export was done before the disaster of course :)
A few months ago, I was unable to login on my vCSA. At that time, I thought it ws a glitch, I rebooted (didn’t fix the issue) and changed the password of the users, which fixed the issue.
Recently, I had the same issue. I concluded it could not be a glitch anymore and decided to search for root cause.
The reason given by Veeam was “username or password incorrect”, which was wrong. On the other hand, vSphere Web Client gave another error, much more helpful : “account locked out”.
While an account can become locked if there are too many login tentatives, this wasn’t it. You can check the number of tries with the command “pam_tally –user <user>” and reset the count to zero with “pam_tally –user <user> –reset”.
I changed the password for one of the accounts and I could login again. So I checked if there was a password expiration policy on vCSA, and there is! You see and can change individual settings with the command chage, or you can change default settings by editing the file /etc/login.defs .
I found this link most helpful .
A simple script to check Exim queue size for Nagios NRPE:
#!/bin/bash
#arg1 = warning count
#arg2 = critical count
if [ -z "$1" ] || [ -z "$2" ]
then
echo "Usage: ${0} warningcount criticalcount"
else
if [ "$1" -ge "$2" ] || [ "$1" -le "0" ] || [ "$2" -le "0" ]
then
echo "Error: incorrect values."
else
queuesize=$(/usr/sbin/exim4 -bpc)
if [ "$queuesize" -gt "$2" ]
then
echo "CRITICAL - exim queue size: $queuesize"
exit 2
elif [ "$queuesize" -gt "$1" ]
then
echo "WARNING - exim queue size: $queuesize"
exit 1
else
echo "OK - exim queuesize: $queuesize"
exit 0
fi
fi
fi
On two recent Supermicro servers, typing reboot actually shuts down the server. Thanks to Google and this blogpost, major.io/2013/06/03/supermicro-x9scix9sca-server-does-a-shutdown-rather-than-a-reboot/ no longer have this issue.
Short story: just blacklist the module named “mei” and you’re good.
If you want to boot with DHCP/PXE/TFTP method and your DHCP is handled by a Mikrotik router and your TFTP server is on another server, then you need to set the next-server and boot-file-name parameters in the network definition.
Do not try to set DHCP options (codes 66 and 67) and assign them to the network definition, it will not work. The same applies to the NTP servers option.
So, do not do this:
/ip dhcp-server option add code=42 name=ntp value=193.190.198.10 add code=66 name=next-server value=172.16.20.9 add code=67 name=boot-file value=pxelinux.0
But instead, do this:
/ip dhcp-server network add address=192.168.0.0/24 boot-file-name=pxelinux.0 comment=dhcp-lan dhcp-option="" dns-server=192.168.0.1 gateway=192.168.0.1 netmask=25 next-server=192.168.0.2 ntp-server=192.168.0.2
It seems that if there is an option present in the network definition (even if it is not set), then setting an option with the proper code is useless.
Good to know.
I had to configure a bunch of ESXi 5.1 servers with LSI 9240-4i hardware RAID controllers the other day. This RAID controller is perfectly supported in ESXi 5.1 but it lacks the monitoring features.
To have these, you need to install first the LSI SMIS package on your ESXi hosts. With this, the ESXi server acts as a proxy to query the RAID controller from the network. Then you need a Windows computer running LSI MegaRaid Storage Manager (MSM) software.
But that is not enough. With just that, you will not be able to connect to the ESXi server. You will be able to detect a server but it will have a 0.0.0.0 IP address. And if you try to connect to it, you will get a “unable to connect to CIMOM server” error.
This has to do with MSM using multicast and ESXi only answering to unicast packets.
Fortunately, some guy found out a workaround which consists of running a multicast to unicast proxy (written in PHP, LOL). The full explanation to use it is right here: www.tinkertry.com/esxi-5-1-can-run-lsi-megaraid-in-a-vm/ .
Optionally, you can run the multicast to unicast proxy as a Windows service with the help of NSSM, as indicated right here: kb.stonegroup.co.uk/index.php?View=entry&EntryID=199 .
And voilà, now you are able to monitor the controller from MSM and configure things like Patrol Read. Enjoy!