Monday, October 8, 2012

ESEUTIL, Unitrends UEB and my own stupidity

So I just recently got a copy of the Unitrends Enterprise Backup appliance for vmware installed and licensed over the weekend. Now me being me, I just had to try and dive in head first. Couldn't get a lot of things working, but I did get exchange backups working- which is a massive plus in my book.

So, verified the backup, and it cleared my exchange logs- yay! Talk about making me happy. Until a nagging voice at the back of my mind reminded me of recent experiences with backup exec (and the fact that there's no corresponding restore exec). A restore was needed! So I went through the process- but I wanted to restore only a single mailbox. Talk about a nail biter- as I'm going through the options, I created the restore share by selecting my mail db backup, selecting the option of "Next (Select Files/Items)" and...
Waiting. 16GB db plus about 30GB in log files- takes awhile. Cool thing is, this restores to a local samba share, which you then access from your exchange box.

Which is where the stupid on my part comes in- you'll see it soon.
So, I check the db and start trying to bring it to a clean shutdown state- (for those of you who don't know how to do this, check out this blog: ExchangeServerPro, excellent write up!) when I started running into trouble- my db checked the way I expected it to, my log files were good, however during the recovery phase...

Operation terminated with error -1032 (JET_errFileAccessDenied, Cannot access file, the file is locked or in use)

And it doesn't tell me which file. Of course, since I'm such a genius, I decide that it must mean the db is locked... nope, db's not locked.

Oh! right, the samba share is read-only! Why didn't I realize this sooner?
So I move the db to a directory I've got read/write access to, and it's all good, right?

Oh hell no.

Operation terminated with error -1032 (JET_errFileAccessDenied, Cannot access fi le, the file is locked or in use) exchange 2010

Now, I get a bit irritated and throw handle and process explorer (both from sysinternals, good stuff!) only to find out that db is never locked. In fact, the restore process gets to ~90% before failing without ever opening a log file or the db!


Well, turns out that the log directory needs to be read/write accessible too... something I would've figured out almost 10 minutes sooner had I just checked the event logs for the ESE errors...

So, while the samba mount is cool, it's not as useful as I had hoped. But it does make it easier to get at the files and use the standard microsoft tools for manipulating the files (powershell, robocopy, xcopy and all the rest)

Problem solved, files copying, face red with shame.
Hopefully this sheds a bit of light on the problem in case anyone else is as dense as I can be.

Friday, October 5, 2012

NFS in android- why isn't this built in?

This seems like such a no brainer- right now using fileshares with android devices tends to be fairly painful, even with utilities such as astro, es file explorer, etc.

Why? Because none of those let you actually mount filesystems.

You want to view/use a file on a network share, you have to copy it to your device, work on it and then copy it back. That's such a waste, especially considering how long linux has had access to smbmount, nfsmount and the like. And they are so easy to setup. I mean, incredibly easy. But yet for an android device, this is a nightmare of rooting, installing apps (not that I've got anything against CIFS manager mind you, except that you've got to root your device to use it, and it's got to be running CM7), and running a gauntlet of compatibility issues.

NFS/SMB read capabilities are right there at the OS level, literally compiling in NFS support for the kernel is a check box or switch during compile time, and it takes pretty much no effort to supply. Not giving us this ability means that device storage built into our devices is getting wasted needlessly. Filesharing is a common every day solution for a lot of things, and even in the home user market no less. Network attached storage is even an option now on some routers- so the technology is being made easily available.

By including this is in the stock android deployments, we could get much easier use from our devices, and it would be yet another step to making BYOD less of a headache for system's administrators- ie, the data your users are using is still locked on the fileserver, and not on their devices.

Sunday, September 9, 2012

Equallogic SAN + VMWare ESXi 5.0 == annoying at times

I know a lot of you will laugh at me for this, but I'm hoping at least a few people find this useful. If you've got monitoring setup correctly on your EQL boxes (and you are running at least 5.0.5 firmware), you might be getting emails like this:

ERROR event from storage array DABIGDISK
subsystem: MgmtExec
    event: 7.4.3
     time: Sat Sep  8 23:37:04 2012

iSCSI login to target ',' from initiator ',' failed for the following reason:
                Initiator tried to bypass the security phase but we cannot.

yup, sorry vmware, no biscuit.
It's an error, and it's kind of a stupid one, but it's not vmware's fault, it's actually a slight flaw (or duh, actually) on the equallogic side. There's two settings that need to be correctly configured, one of which is under Group Discovery -> iSCSI (refer to pic)

As you can see, it's a pretty simple check box. The other location is under VDS/VSS, in which case you simply don't give your vmware boxes permissions to use VDS/VSS unless you've already got the means in place to support it. 

Simple, stupid fix- and I was stupid enough to not even notice it until I actually ran into the headache tonight.

Thursday, August 16, 2012

Quick Update, yes I'm alive

Just posting a quick update- two of the projects I've been working on are completed, however (as usual) that's only opened the door to new problems, er... projects.

However, if you've got a moment, check this out! The team over at spiceworks has released version 6, with tons of new features. The next latest being worked on is iLO support, something I'm incredibly excited about!

Anyway, still alive, still busy.
Technically, still posting.

Sunday, May 6, 2012

The inherent dangers in prototyping

So I've been working on a few projects, one of which is requiring snmp functionality for a power/ups monitoring solution. One of the headaches I have is finding components- I've got digikey, mouser, newark, jameco and sparkfun... out of all of those, the only one that sensible names things is sparkfun, except that consistency in naming isn't something they're known for. But their site is incredibly easy to navigate, pictures and posts that relate to the items tends to be very useful. Not quite the same with digikey and mouser. I had ordered a ton of parts from digikey just a few days ago, and actually got two sets of headers that were completely wrong. I had misread the specifications, and assumed when I saw 2.54mm across to mean the same thing as 2.54mm spacing... boy was I wrong. One item will partially work, the other (a 2x10 2mm spacing female header) is about completely useless. And I've got 10 of them. And I made the mistake of telling the rather nice customer service lady that my order was fine, and I would be getting the parts used immediately.

Now I find that I've had to re-order three sets of parts, from two different houses (digikey and sparkfun this time) in order to have any hope of meeting my time frame. While I realize this isn't any fault of the distributors, it still doesn't make it easy to know that I've got to really squeeze my debug time in order to make sure I've got time to get it finished before my impending trip to alaska.

In case anyone's interested-
newark/element14 -
and jameco-

Sunday, April 22, 2012

Still alive

Just been hectic, as I had expected. Besides the monitoring system, I've been given a couple of new tasks- one of which is to learn a new voip system. I've got to say, I'm not too terribly interested in it, as I've not been really impressed with voip. While technically it's a real time encode/decode network system, everything I've seen and experienced has led me to believe that most solutions are just barely ready. While I will admit, it's a lot easier to setup and maintain than a pbx (I still have nightmares involving analog pbx's, and horrible voicemail configurations), it just doesn't hold any real interest for me. What I'd rather be working on is the two new storage devices that we've had commissioned, plus my company's impending move to a new location. With network connections to be migrated, new services to be configured and integrated, plus new employees to train, I'm fairly excited. Unfortunately, someone's decided that voip is my new responsibility, which strikes me as a bit strange, as I've been doing firewalls, virtualization, storage and design for years. I realize I'm going to have to do this to continue being employed, but it doesn't make me want to do it any more than if I wasn't getting paid for it.

Another thing I'm hoping for is that some of my work becomes postable- right now, I can vaguely talk about it, but I can't give real specifics, or pictures. I had hoped at one point to show off some of the stuff I'm working on just because of how cool it is. Maybe in the new few months, I'll have that permission. 

However, for now I've still got the usual- fires to put out, monitoring systems to maintain and build, network maintenance and storage. I want to add to that list, but so far the only thing to add is one of the things I truly don't like. Oh well, I'll do my best to try to update, but as usual... I'm swamped.

Wednesday, April 11, 2012

Custom designing monitoring hardware

I don't know how much use this will be, but...

Current project, and probably one of the definitely more interesting ones! I get to take an atmel atmega chip, and design a monitoring system around it. Considering the price of the chip, and how easily I can get boards made (I've got a stack of custom mistakes just sitting around waiting for me to figure out what to do with them), I decided to go the route of making my own arduino compatible board (note, only compatible... it's not technically an arduino).

First task I've gotten working is monitoring temperature, power, and lock status. So far so good. Then I found the Agentuino library... which is interesting to say the least. At the moment, it only really implements two functions, namely snmp_get and snmp_set. I'll be trying to get snmp_get_next working, which would probably end up being followed by snmp_get_bulk.

Why does this even matter? Well, this system is network attached for one thing. Currently it drops it's data via a post to a LAMP server- a simple php script picks up the data and stuffs it into a mysql db. pretty simple stuff. and it does it in less than 10K of rom space. I wish I could say the same for the snmp version, as it loads out at a minimum of 14K so far. I know most people are used to working in the megs and gigs realm of storage, but I started programming on systems that had less than 16K of ram, and stored their data on tapes... I find that reducing/optimizing code to fit in the smallest of space to be an almost elegant art form. And yes, I always hear that old obi-wan quote about "An elegant weapon, for a more civilized age" whenever I think about coding for space. I would've liked to have said I would be reducing the footprint further, but with having to add roughly 30 OIDs I don't think that's going to happen.

Considering I've got about 30K of space to work with, I'm hopeful to just get that far. Adding in the fact that I'm more than likely going to have to get at least get snmp_get_next working, I may have to opt for a far bigger chip than the atmega 328. I've seen some based on the atmega2560, which has about 256K of rom, versus the 32K I'm using now. I'll have to check out the price difference as well, but I don't think it will be enough to worry about. That alone should get me a hell of a lot more space for adding in new features.

As far as why I need to get snmp_get_next working? snmpwalk and most automated NSMs require snmp_get_next in order to walk to the MIB tree. For those of you who don't know, the MIB (Management Information Base) is a specific set of data points to be returned by the device in question. Considering how many MIBs there are right now, and the fact that anyone who puts snmp support in a device tailors their own, that's a lot of MIBs in this world. And they all work off of OIDs (Object IDentifiers). The OIDs let you request specific data, and the MIB tells you how to read that data. pretty simple, right? Well, like anything out there, it's been made convoluted enough to give me a headache.  There's a lot more information on the wiki about this, and described far better than I can.

Suffice it to say, I'm busy once again.

Saturday, April 7, 2012

SSD upgrade for my laptop plus ram...

I picked up a SanDisk Extreme 120GB SSD from Frys yesterday. Unfortunately, they didn't have what I originally wanted, which was a corsair 120GB for 100$ (99.99), so I wound up buying the next cheapest at $149... yeah, I got hosed and I know it. I also picked up 2 sticks of 4GB ram for my laptop as well, making it a pretty good upgrade round, or at least I think so anyway. 

So far so good, I guess. Although it was a royal pain to get the old system migrated to the new. I made the mistake of trying to clone it using Easeus Partition Manager, which in hindsight was a massive waste of time (about 9 hours, give or take). I wound up transferring the system over using windows backup and gparted. The system is windows 7 home premium, so I ended up going through the backup control panel, and creating a system image on a usb external disk. This only took about 45 minutes and was actually faster than restoring it. The restore took roughly an hour. Once I got the restore finished, I booted off the ssd to make sure I had gotten it to work, finally... booted without issue, and pretty quickly at that... but not the "amazing, blink of an eye, instant boot" that I'd been hearing about.

Now mind you, I'd already installed the ram as well. So, less than impressed, I picked up a utility called AS SSD Benchmark, which pretty much told me where part of the problem was. I needed to align this disk. That in itself was a bit of a pain, mostly time consuming. I'd gotten a usb install of gparted live working, and used that to manipulate my partitions. Now that meant a bit of thinking, especially since nothing likes to work on the first try. I had to move the 2nd and 3rd partitions at least 20MB further from the start of the disk to make room to align the first partition, which is a bit of a weird process. To align the partition, you move the partition at least 2MB further from the start of the disk- then you move it back to 1MB away from the start, for the first partition anyway. Then the second you place 1MB away from the first, and so on until you've placed your partitions.

Depending on the size and how much data is actually there, this can take forever. Considering I had 3 partitions, but only the third really had a lot of data this was only mind numbing and not completely painful. After 3 hours, it was finally finished- remember, each partition had to be moved twice!

After that was done, rebooted into windows... well, no that didn't work. I had destroyed my boot layout during all the partition restructuring. I had to use the windows system disk I created during the system image (and yes, you'll want to create one too... if you don't, you can't restore the image anyway, so it really behooves you to do so when it asks... you'll need a blank disk for it, I used a dvd-r, but I think you can probably get away with a cd-r) to go back in and fix the boot sector and mbr map. That literally took less time to fix than it did to load the disc. Final reboot, and into windows proper again.

Much much faster this time, just the aligning made a noticeable difference at this point. However, I wasn't done yet- I needed to kill off indexing on that drive as well as automatic defragmenting. Removing the index attribute took almost 20 minutes, which again... ugh. However, at this point I decided to do some testing once it was finished. Arduino 1.0 environment took roughly 4 seconds from double click to editor ready to take code. Massive improvement already! Outlook took forever, as for some reason it had trashed it's cache, but considering that was network speed and not local disk, there wasn't anything I could do about that.

Next was firefox 11... something I have started to dread since it's been dragging terribly lately. It loaded, but no real noticeable speed increase... so I decided to load one my my bookmark groups, which was ~30 tabs. That's usually good for me to go take care of a call of nature and grab something to drink. I literally had just set the laptop down to do just that, when I saw it had loaded most the pages and only had 2 or 3 tabs left. Roughly 30 seconds to load 30 tabs... not bad. At this point, I decided to check to see if TRIM had been enabled, and nicely enough it was. Simple enough command from an elevated cmd prompt "fsutil behavior query DisableDeleteNotify", and if it returns 0, then trim is enabled for your system. Whether your device supports it or not is something you'll have to make sure of with your manufacturer. Mine as far as I can tell does.

So, keeping the old drive and the backup on standby and we'll see how long this disk lasts and whether or not it keeps me happy. For almost $200, I think it's a fairly decent upgrade. Considering how much more responsive my laptop is, I think it will be worth the price, provided the drive doesn't fall into the early death that I hear several have already.

Thursday, March 29, 2012

And tonight it's small scale VCenter DB maintenance.

A customer of mine wanted to use VMWare VCenter 4.1 a while back, so I installed and configured it for them following their specifications. Of course, I monitor the living daylights out of it too. Tonight vpxd started failing repeatedly. A quick check into this shows that the DB is full. The error message in question is quite literally "CREATE DATABASE or ALTER DATABASE failed because the resulting cumulative database size would exceed your licensed limit of 4096 MB per database."

Now given that it's using SQL express instead of a full SQL install, that's pretty understandable. However, my joy stemmed from the fact that I couldn't run the stored procedures to clean it up (DB was literally too full), so I wound up having to clean the DB using a script from VMWare's help site, specifically the one found here. If you haven't already done so, you'll need to install Microsoft SQL Server Management Studio Express. It's fairly simple and straight forward. Once you're finished, you'll need to run the sql script you downloaded earlier. Make sure you are logged in with the right permissions, otherwise the script will fail repeatedly. Also, make sure you select the correct DB before running the script.

There is one gotcha with the script, you do need the change at least one parameter, possibly more depending on how much data you want to clear.

-- ######### USER CONFIGURABLE PARAMETERS ########################
-- Use one of these methods to specifiy the data cutoff date
--SET @CUTOFF_DATE = '2007/01/01'

-- Number of rows to delete per transaction

-- ######### END USER CONFIGURABLE PARAMETERS ####################

Make sure you change @DELETE_DATA to 1, otherwise this script won't do anything. I also had to change the cutoff date calculation to 30 due to the fact that I had a lot of activity in the last 3 months. And I do mean a lot- over 6 million entries.

I shouldn't have been surprised by this, but it came nearly 6 months sooner than I expected it to. Good luck with your own maintenance!

Tuesday, March 27, 2012

And once again, I've managed to wind up too busy...

I will try to keep this updated far better than I have in the past, however I've just gotten a ton of new responsibilities, so the chances of update is going down severely.

Thursday, March 22, 2012

Three new spiceworks related projects in the near future

Which will probably culminate in the creation of a new blog while I teach myself how to do this (and share whatever I manage to learn with everyone else)-

Project 1: create plugin that will pull data from custom monitoring database, and allow it to be displayed in spiceworks, either as a dashboard widget, or as custom attributes on each related items entry. preferably both, with the creation of a rack level object as well.

Project 2: create plugin that will handle ticket expiration and escalation. By putting a due date on the ticket, the plugin will scan every 15 minutes, checking each open ticket for expiration. at a configurable time remaining point, an email will be sent out to the ticket assignee reminding them to get back to the ticket. If no action is taken by the time the ticket expires, the ticket will be reassigned to the next higher level.

Project 3: create plugin that will manage ticket workflow. This still hasn't gotten a good definition yet, so it's in limbo. problem is, this is the one that's due first. Amazing how that works isn't it?

If you haven't used, seen or heard of Spiceworks yet, go check it out! it's a great piece of software, and can make managing your network much less of a headache. If you're already using other solutions, I'd still check it out anyway, as there's always the chance you might find something you like better, or a feature you want that doesn't exist in yours. Or vice versa, there's nothing wrong with competition!

Neat little trick I learned tonight

And it seems fairly stupid too-

For some reason, I couldn't replace the owner on a file using powershell directly. Doubting myself, I went and found a script someone else had written (powershell team blog), and that failed as well! The error given is "Set-Acl : The security identifier is not allowed to be the owner of this object.". Well that sucks. So I did some more digging, and came across a solution- apparently windows server 2008 will let you do this, if you use the UNC path for your filenames. Why that makes a difference, who knows.

Any why was any of that important? because like a dummy, I blew away a hyper-v virtual machine without realizing I wasn't done with it, and had to recover it using Piriform Recurva. Great product, but it didn't restore the ACL's correctly, and I couldn't reassign the ACL directly. So I had to copy them from a file that still had the correct ACL. Worked like a charm, and now I'm happy once again. Well, as happy as I get anyway.

Where did I get the idea? from Fixing IT. Thanks, I appreciate it.

Wednesday, March 21, 2012

Just another day of fiting 28 hours into 24...

So, new corporate tasks involving exchange and sharepoint (my two more favorite pieces of software... not) in addition to fixing that blasted fence. Just had a cable locate done and found out that not only could I not dig up the busted off fence posts in my yard (the prior owner poured the concrete plugs over and around the current cable tv and phone trunks... for the entire neighborhood), but I can't place new ones either. No worries, I figured out a solution... I think.

Sharepoint and exchange is just a planning project, made easier with some pointers and spreadsheets from microsoft. I should have both well in hand shortly. Unfortunately it's taking time from other projects I need to get done, such as the drive RMA's for my lab servers, and the rack level monitoring project. I did manage to learn a few things I need to complete that task earlier today however. No new updates on the embedded projects, I'm still wrestling with a gumstix, a few arduino nano's and one basic stamp project. hopefully one will bear fruit before I decide to throw in the towel.

Other than that, not much to update, it's all still in progress.

Tuesday, March 20, 2012

Raspberry PI and other embedded fun

So I'm kicking myself yet again. I obviously wasn't one of the first to get ahold of a revision b Raspberry Pi. Or rev a for that matter. So, I looked into other projects. I came across the beagleboard, which looks interesting but I don't think it'll be what I want. Plus, the price is pretty far out of my range at the moment. When I saw the raspberry, my first thought was that I could get it up and running and see if I could get android ported to it. I've found a couple projects that have done similar, at least to the same processor it's running, so I don't think it would be too hard.

Then that got me thinking- if they are able to provide this for $35, assembled and all, then there's got to be something to it. Meaning it's something I can do as well, so it's become yet another of my projects. While I've come across other projects, such as the C-stick, and the 2 inch cube based computers CuBox, I don't think I want those, especially not at $200-$700 a pop either. but, something that can handle being hooked up to an older tv or via hdmi would be very very nice, and that could handle something like either a bluetooth or usb keyboard & mouse would be even nicer. Add in ethernet (either wifi or wired), and it would be perfect for my needs.

So right now, the first thing I've got to do is locate a chip that's not a nightmare to work with (soldering BGA isn't anywhere near as much fun as people would like you to believe) and single chips that aren't in the $200 range. On the bright side, I've already got a board house that I can use dirt cheap.

And if all else fails, I can just get one of the above and get on with what life I have left...

Wow... things really get strange, eh?

Anyway, things have yet been in the air again. My second oldest daughter came down to visit me, and things finally calmed down enough with her visiting her family up north for me to even remember I have a blog.

I'll admit, I'm horrid about these things.

Anyway, doing some home work right now (damn wood fences... evil things), as well as additional network maintenance around the house. I've gotten several servers and a custom APS/UPS solution setup and I'm currently working on the monitoring and notification interfaces for it. I've even designed a custom pcb based on the arduino for the monitoring hardware. But now for today's topic-

After several years of supporting various server OS's, I finally found the time to install Windows Home Server. At the moment, I can't say I'm terribly impressed with it, especially given how crippled it is out of the box. I'm going to keep it around to see if there's anything I really like about it, besides it's use of Single Instance Storage.

Another first... well, first in years anyway. I installed and tried to run hyper-v when it was first made available with the community previews and such... and I hated it. By the time it had come to market, I was already used to using, scripting and monitoring vmware esx. I have just gotten an old server out of my company's racks and decided I would give it a good stress test. After being impressed that only two drives out of 16 had suffered any damage (one's dead, and one's having ECC errors) I decided to install win2k8 and hyper-v on it.

Just to see what's changed, mind you.

The weird thing is, I've been supporting it in a half ass way for years for other people, just solving issues second hand from descriptions of the problems. I can't say I've touched the software in years. So when I loaded the MMC for hyper-v today, I was pretty disgusted. It's every bit as clumsy as I remembered, and I'm going to have to learn the powershell scriptlets to use for it. One thing that had put me off in the beginning had to do with the inability to easily identify a vm from the command line- definitely a game ender in my eyes. We'll see in the coming weeks if that's changed or not.

Another thing that will be up and coming- a (hopefully new 1u twin) box for Xen studies. While I'm nowhere near conceited enough to believe I'm an expert in any of these fields, that doesn't keep me from wanting to know as much as humanly possible.