Backtrack:  
 
showing all posts
 
by lunarg on September 18th 2019, at 12:02
When adding a new disk to a live system (e.g. a linux VM), the new disk may not always show up. Additionally, when resizing a disk through the hypervisor, the VM may not always immediately have the new size available for use. Luckily, you can trigger a rescan of the SCSI bus through the sysfs system.

For this to work, you'll need to have shell and root access to the server/VM.

Modern linux kernels automatically detect the addition of a disk, but in case it doesn't, you can trigger a rescan of a specific (virtual) SCSI controller:

echo "- - -" > /sys/class/scsi_host/hostX/scan

Replace hostX with the number of the SCSI controller, where host0 is the first, host1 is the second, et  ...
by lunarg on September 13th 2019, at 10:55
To quickly block traffic from/to a specific IPv4 address using iptables, you can use the commands below.

Warning!
Do not use these commands when you are already running an iptables-based firewall as this may result in unexpected results.

Block incoming traffic from a specific IP:

iptables -A INPUT -s 1.2.3.4 -j DROP

Block outgoing traffic (i.e. traffic initiated from the host itself) to a specific IP:

iptables -A OUTPUT -d 1.2.3.4 -j DROP

To block outgoing traffic to a specific port and protocol, you can also do something like this (the example below blocks DNS and HTTP):

/sbin/iptables -A OUTPUT -p tcp --dport 80 -d 1.2.3.4 -j DROP/sbin/iptables -A OUTPUT -p udp --dport 53 -d 1.2.3.4  ...
by lunarg on September 9th 2019, at 16:54
On VCSA, the database is stored on a separate disk. It could happen that this disk runs out of room, causing Vcenter to no longer function properly. One way to resolve this is by running database clean up as mentioned in KB 2110031. However, if this is not possible, or you don't want to clear out the data, you can also resize the disk.

For this to work, you'll need root access and access to the bash-shell, either on the console or through SSH.

Before resizing, identify the physical disk to be resized. For VCSA 6.5 and 6.7, this should normally be Disk 8 (device node in linux = /dev/sdh), but your setup may vary, so it's best to double-check this.

In VCSA 6.5 and 6.7, the database is locat  ...
by lunarg on September 9th 2019, at 12:45
Handling snapshots (creating, deleting, restoring) is rather intuitive when you already have some experience with PowerCLI. As a reference, here are some one-liners. As always with Powershell, there's more than one way to achieve a goal... The examples used here assume a VM named "SRV01". Adjust as needed.

Create a snapshot:

Get-VM SRV01 | New-Snapshot -Name "My snapshot"

Remove all snapshots (disabling confirmation request in the process):

Get-VM SRV01 | Get-Snapshot | Remove-Snapshot -Confirm:$false

To handle a specific snapshot, you could do something like this:

$vm = Get-VM SRV01$snap = Get-Snapshot -VM $vm -Name "My snapshot"# do something with the sn  ...
by lunarg on September 5th 2019, at 16:43
For users which really want to prevent Windows 10 from automatically installing updates, here are some methods to disable automatic updates. Depending on which method you use, you will still be able to manually check and install updates, or not be able to install updates at all...

Note that the methods leverage group policies, which is not supported on Windows 10 "Home/Essential" editions. A minimum of Windows 10 Pro or better is needed.

Caution
It is generally not recommended to disable automatic updates. Doing so (and not subsequently regularly installing the updates yourself) increases the risk of data loss and/or stealing due to potentional vulnerabilities in Windows 10.

The  ...
by lunarg on August 29th 2019, at 11:29
There's an easy method for extracting hard disk S.M.A.R.T. testing logs using the CLI. This is useful if you require support on Synology and need an easier method to get the data (other than creating screenshots from your web-browser), and if more detailed data is needed.

Before getting the logs from the CLI, first run an extended SMART analysis from the DSM. This will take a while (usually several hours). Running the analysis on multiple disks is possible and can be done concurrently, but it needs to be initiated manually for each disk.

Once tests have completed, log onto the CLI (using your favourite SSH client, such as PuTTY) using the "admin" or "root" account.

As   ...
by lunarg on July 23rd 2019, at 09:54
To quickly generate a self-signed certificate, follow the steps below. Note that self-signed certificates should be avoided in production environments.

Generate the private key (here, 1024-bit is used, but you can change that to lower/higher):

openssl genrsa –out ca.key 1024

Generate the certificate signing request:

openssl req –new –key ca.key –out ca.csr

You will be asked for information to include in the signing request:

Country name (2 letters)

State or province

Full locality name (city)

Organization name

Department / organizational unit

Common name (or distinguished name): should be set to the FQDN of your server

E-mail address: set to a local contact (usually the sy  ...
by lunarg on June 7th 2019, at 11:22

If you need to rename all folders and files to lowercase on a case-sensitive filesystem (e.g. ext4 on linux), you can use the following at the bash prompt:

If rename is available (if you have Perl installed, then it usually is):

find . -depth -exec rename 's/(.*)\/([^\/]*)/$1\/\L$2/' {} \;

If you can't use rename, try this:

for SRC in `find my_root_dir -depth`
do
    DST=`dirname "${SRC}"`/`basename "${SRC}" | tr '[A-Z]' '[a-z]'`
    if [ "${SRC}" != "${DST}" ]
    then
        [ ! -e "${DST}" ] && mv -T "${SRC}" "${DST}" || echo "${SRC} was not renamed"
    fi
done
by lunarg on May 13th 2019, at 13:48
It may happen (on badly configured SQL Servers) that the event log for maintenance plans fills up your storage and that it is no longer possible (because the volume is full) to use a task to clear the history. In that case, you can use the script attached to manually clear out the data.

The maintenance plan history is stored in the system database MSDB. If maintenance plans are defined and there's no task to occassionally clear the history, it will continue to fill up the database (and the volume it is on). If there's insufficient disk space, manually running the clean up task will fail because it will temporarily require additional space. The attached script drops some specific constraints  ...
by lunarg on May 2nd 2019, at 13:50

Attached is Microsoft's latest password guidance document.

With the application of the guidelines in this document, you should be able to get better overal security without compromising too much of the user-friendly experience.

by lunarg on April 24th 2019, at 13:47
Sometimes, when working on servers, you may need an USB stick to get some data over quickly. If you're working remotely on servers in a datacenter somewhere, this may not be easy. Fortunately, the remote management tools such as HPE's iLO or Dell's iDRAC provide the ability to connect virtual removable media, allowing you to map an image file as a "virtual USB stick". Although this is very neat, it still leaves you with one issue: how to get your files on such a removable media image. There are several useful tools which allow you to quickly create an USB image but one such method can also be achieved on linux systems with some of the native tools present.

The easiest method would  ...
by lunarg on March 25th 2019, at 13:33
You can reset the root password of any (recent) VMWare appliance, such as the vCenter Server Appliance (VCSA), or Platform Services Controller (PSC) by following the procedure outlined here. Note that you will need to have physical or console access to perform the reset. The reset also requires a restart of the appliance so you'll need to schedule downtime for it.

First of, take a snapshot or backup of the virtual appliance before proceeding. In case the reset should fail, you'll always have a backup to go back to.

Restart the appliance. Right after the BIOS screen, the PhotonOS splash screen will appear for a few seconds.

During this time, press e to enter the GNU GRUB edit menu, allowin  ...
by lunarg on March 25th 2019, at 12:15
You can change the default shell (used when logging on with VMRC or through SSH). By default, this is set to the appliance shell, providing limited functionality. If you rather have BASH as the default shell, you can switch this.

Log on through SSH or VMRC with the root account.

If shell access hasn't been activated yet, run this first:

shell.set --enabled true

If you are running the appliance shell, type shell to launch the BASH shell.

In the BASH shell, at the prompt, type the following to change the default shell to BASH (instead of the appliance shell):

chsh -s /bin/bash root

You'll need to log out for the changes to take effect. The next time you log in, you will log on directly   ...
by lunarg on March 21st 2019, at 12:24
The quickest way to enable auto-logon on Ubuntu 16.04+ and Debian (which are using systemd for management of their services) is by creating an override for the getty service, specifically for tty1 (or another tty if you prefer).

First, determine which tty you wish to have the auto-logon on. These are the terminals linked to the Alt+Fn keys, so tty1 = Alt+F1, tty2 = Alt+F2. The default is always tty1.

Next, create an override by typing:

sudo systemctl edit getty@tty1.service

This will open up a text editor where you can adjust the parameters like so:

[Service]ExecStart=ExecStart=-/sbin/agetty --noissue --autologin myusername %I $TERMType=idle

Replace myusername with the account you wish  ...
by lunarg on March 18th 2019, at 12:45
If you wish to use TLS, or are using TLS authentication in a Office 365 Hybrid environment, and have manually changed or renewed the SSL certificate, you may still get errors about unable to initiate the TLS session (STARTTLS), even though the SSL certificate has been correctly renewed. Just setting the SSL certificate to be used with SMTP is not enough to make TLS work correctly. You also need to (re-)configure the TLS certificate name on your receive connectors.

As stated by the manual:

TlsCertificateName
The TlsCertificateName parameter specifies the X.509 certificate to use with TLS sessions and secure mail. Valid input for this parameter is [I]Issuer[S]Subject. The Issuer value is fou  ...
by lunarg on March 13th 2019, at 13:49

Currently, it is not possible to configure the DNS suffix (search domain) for SSL VPN and IPSEC tunnels through the GUI, but it can be configured using the CLI.

For SSLVPN:

config vpn ssl settings
set dns-suffix example.com example.org
end

For IPSEC:

config vpn ipsec phase1-interface
set domain example.com
end

Changes are effective immediately. After configuring the setting, users will be able to resolve names using single names instead of FQDN.

by lunarg on February 8th 2019, at 10:04

An excellent TechNet-article explained how rules are evaluated in Windows Firewall, specifically in what order and which rules take precedence over others.

https://social.technet.microsoft.com/wiki/contents/articles/13894.troubleshooting-windows-firewall-with-advanced-security-in-windows-server-2012.aspx#Rules_are_evaluated_in_a_specific_order

by lunarg on February 8th 2019, at 10:02

If for some reason the deployment of the VMWare vConverter agent fails, you can also copy the installer to the machine you wish to P2V and manually install it.

On the machine VMWare vConverter is installed, navigate to the location where it's installed (by default: C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone), and look for the file VMware-Converter-Agent.exe. Copy over this file over to the target machine and run it to install the agent. Accept the defaults, including the TCP-port (unless your setup requires you to change it). Once finished, a service will have been installed and you will be able to connect to it using vConverter.

by lunarg on February 2nd 2019, at 15:44
You can disable password expiration from the command-line when logging on using SSH or by enabling the Bash shell. Note that you will need root privileges (i.e. root account) to make this change.

If shell access is not enabled, you need to enable it first:

Log on to the appliance management portal: https://ip-or-fqdn:5480/.

In the Navigator, click on Access. On the right side (Access Settings), click on the Edit button.

Tick the box next to Enable SSH Login for remote access, or if you rather prefer making the change through the VMRC, check the box Enable BASH Shell. Then click OK. The change is effective immediately.

Log on to the shell using either SSH (using PuTTY or another applicat  ...
by lunarg on January 29th 2019, at 12:03

Found this article online about how vSphere virtualizes NUMA and how this is relevant to the configuration of vCPUs in your VMs:

https://www.opvizor.com/decoupling-of-cores-per-socket-from-virtual-numa-topology-in-vsphere-6-5

 
showing all posts