RetrieveStorageInfo request is ignored because the VM is in an invalid state: bad config = false

RetrieveStorageInfo request is ignored because the VM is in an invalid state: bad config = false could be produced as a possible error when the VMX file is invalid. During different activities that the ESX system is doing and during this activity the ISCSI disks are lost or something get in the way where a snaphot or some other process gets funked up. Can leave items in your VMX file that are invalid. When you recover from a loss you may find a system in a “Unknown” state.

Look throught your VMX file for odd spaces or items that may have invalid data in it.

Then re-attach the VM and see if it will showup correctly in your Vcenter server.

How-to : Pass a username and password to Windows shutdown.exe command.

Here was my scenario I found myself in not to long ago. I have an Active Directory domain with a server outside of the domain in it’s own workgroup. It used different credentials for the administrator account then what the domain uses. One day it stopped responding to RDP and several control programs we have on it so we needed to do a reboot.

No problems right? just type in the command below:

shutdown /r /t 3 /m \\ServerName

 

Not so right, right off the bat we get  ServerName: Access is denied.(5)

That’s right we do not have permissions “Yet”… But how do we send permissions to shutdown.exe ? If you do a shutdown /? you will find no switches for username and password but there is a way around this.

We will connect to the servers IPC$ and authenticate then we will run our command. Here is what you do:

First lets make a connection and authenticate by running the following cmd:

NET USE \\MyServer\IPC$ mypassword /USER:myuser

 

If successful then we are now ready to run the shutdown cmd in the same window:

shutdown /r /t 3 /m \\ServerName

Wait a few seconds and and you should get back your prompt which tells you the command was sent successfully. You now have authenticated and sent the shutdown cmd to a remote server using different permissions.

I hope this helps someone out there

Enjoy

Cubert

How-to : Setup GoDaddy SSL on Tomcat using a Public Certificate

Hello again,

Today I will be walking you through the process of setting up your Tomcat installation to use a public SSL certificate. I will be using examples from my Ubuntu 11 box but this will work with any linux based Tomcat install.  We should have you up and running in just a few minutes, here is what we are going to be doing.

  • ·     Enable and initialize an empty keystore
  • ·     Generate a certificate signing request (CSR)
  • ·     Add a root certificate authority (CA) to your keystore
  • ·     Import the generated certificate for use in Tomcat

To create and configure a public certificate for your Tomcat installation:

 

  1. Open a SSH Terminal to the server.
  2. In Terminal, navigate to the Tomcat directory by typing the following command:

    cd /var/lib/tomcat/

  3.  Type the following command to generate the keystore:

    sudo keytool -genkey -alias Tomcat -keysize 2048 -keyalg RSA –keystore /var/lib/tomcat/.mykeystore

  4. Fill in the appropriate information when prompted. Type a new keystore password and when the prompt asks for a first and last name, it is requesting the Fully Qualified Domain Name (FDQN). All other information is not as important as the first and last name as this will define the URL the SSL is good for.
  5. Let’s now generate a certificate signing request by typing the following command:

    sudo keytool -certreq -alias tomcat -keystore /var/lib/tomcat/.mykeystore -file godaddy-ssl-cert.req

  6. Copy the entire text from the .req file and paste it in the Cert request window for GoDaddy SSL request form on the Godaddy.com website. Once approved GoDaddy will provide a download zip file that includes your new SSL certificate and the GoDaddy RootCA cert. We will be installing both certs in to the keystore. You will need to copy these certificates up to your Ubuntu (Linux) system.
  7. Import the CA’s root certificate using the following command: (Replace the file location with the location you placed your new certificates from GoDaddy)

    sudo keytool -import -trustcacerts -alias rootCA –file /home/myuser/gd_bundle.crt -keystore /var/lib/tomcat/.mykeystore

  8.  Import your certificate signed by GoDaddy by typing the following command: (Replace myFQDN.crt with the file name and location of the new GoDaddy certificate)

    sudo keytool -import -alias tomcat -keystore /var/lib/tomcat/.mykeystore -trustcacerts -file /home/myuser/myFQDN.crt

  9. Lastly we will  edit the /var/lib/tomcat/conf/server.xml file. Point the “keystoreFile” attribute to the location of the keystore, and include the “keystorePass” containing the password to your keystore.This is the part of the file that you should modify:  <Connector port=”8443″ protocol=”HTTP/1.1″ SSLEnabled=”true”              
                   maxThreads=”150″ scheme=”https” secure=”true”
                  
                  
    clientAuth=”false” sslProtocol=”TLS”             
                   keystoreFile=”/var/lib/tomcat/.mykeystor
             
                   keystorePass=”your keystore password” />

 

The instructions below can be followed to update a certificate, assuming you will be using the same keystore.

How-To clear the Tomcat alias:

 

1.   Open a SSH terminal session to Ubuntu.

2.   Create a backup of the previous alias by typing the following command:

    sudo keytool -export -alias Tomcat -keystore /var/lib/tomcat/.mykeystore -file MyBackup.cer

3.    After a successful backup, type the following command to clear out the Tomcat alias:

    sudo keytool -delete -alias Tomcat -keystore /var/lib/tomcat/.mykeystore


You should now be able to run the commands to create and import a new certificate.


I hope this makes quick work for somone out there..

Enjoy

Cubert 


How-to: Setup Ubuntu and PHP to use MSSQL Microsoft SQL Server

It is easier to get PHP on Ubuntu to connect to MSSQL than it is to get PHP on Windows.

 

I would not normally believe such a thing until I tried to setup a pre-existing install of PHP on Windows missing any MSSQL extensions. Looking through Google to find information was less than quick and I found myself wanting to go back to my old faithful Ubuntu server, but how?

Here are my 10 quick steps to get PHP seeing MSSQL:

There are some basic software we will need to grab using apt-get, then we will install them and modify the php.ini file to update the new extension. I will go over the process below on how to install and in what order but before we do that I will give you a brief description of what we are doing.

We will need to get the source for PHP, we will also need the PHP Development packages. We will be installing FreeTDS and then editing our php.ini file. Lastly restarting Apache to complete the process.

For the rest of this we will assume you have ( sudo su -) so you do not need to sudo each cmd, but if not then add sudo where it applies. We are also assuming you already have a working php system and only need to add MSSQL functionality.

  1. apt-get source php5 – This will install the PHP source in the the current directory that you are in.
  2. cd php5-5.3.2/ext/mssql – This will place you in the PHP source directory for MSSQL. You may need to edit the directory path as 5.3.2 was the version as of this document and may not be the same version you are installing.
  3. apt-get install freetds-dev – This installs the extra libraries we will need for MSSQL
  4. apt-get install php5-dev – This installs the application (phpize) which we will use next to help build the MSSQL extension.
  5. phpize  – Run this while inside the (/ext/mssql ) directory
  6. ./configure –with-mssql – This creates the MakeFile we will need to build the extension from source.
  7. make – This cmd builds the extension.
  8. cd modules – move in to the module directory.
  9. cp mssql.so /usr/lib/php5/20090626   – Here you will need to pay close attention to the last directory here. This will very based on your version so change the numbers to fit what you have in your (/usr/lib/php5) directory.
  10. vi /etc/php5/apache2/php.ini – We want to go down to where you will find (Dynamic Extensions) and add on a new line the following -> extension = mssql.so then save and close the vi session ( Esc : wq)

You are all done, just restart Apache and test your mssql_connect

Restart Apache:

/etc/init.d/apache2 restart

Enjoy

Cubert

W32Time Error : No valid response has been received from manually configured peer time.windows.com

Time, I don’t need no stinking time!!

You won’t here Windows saying that, Microsoft relies on time for Active Directory to work correctly so if you start to drift you will see access errors. Have you seen the following eventlog in your system logs resently?

The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 60 minutes. NtpClient has no source of accurate time.
 
 Or maybe this one?
Time Provider NtpClient: No valid response has been received from manually configured peer time.windows.com after 8 attempts to contact it. This peer will be discarded as a time source and NtpClient will attempt to discover a new peer with this DNS name.
 
 This is a sure sign that your having issues getting and setting time correctly. By default the setting for w32tm is to get it’s time from time.windows.com. There are many  people out there having trouble getting time from that source since the DST change. So how do you fix it?  You can use the w32tm /config options to change the time server you are using. This will then allow Windows to get time from a more reliable source.

In a DOS shell run the following lines.

w32tm /config /manualpeerlist:pool.ntp.org,0x8 /syncfromflags:MANUAL
net stop w32time
net start w32time
w32tm /resync

This will set the new time server as pool.ntp.org and then force a resync of the time across the domain.

Enjoy

Cubert

Increasing MS Exchange 2010 message size limits

There’s a few places you must go to change this and that is in global settings under Organization Configurations as well as the HUB Transport connectors under Server Configuration.

To modify the global settings go to the following menu areas inside you Exchange Management Console. 

Organization Configuration->Hub Transport->Global Settings tab->Properties of Transport Settings

 

Here you can adjust your transport send/receive limits by editing the properties.

Then you must modify the connectors found inside the Send Connectors tab 

Organization Configuration->Hub Transport->Send Connectors tab->Properties of Default Send

 

Then you can adjust your send connectors default maximum message size under Server Configuration 

Receive Connector Server Configuration->Hub Transport->Receive Connectors Pane->Properties of Default

Here you can adjust your receive connectors default maximum message sizes. After the settings have been changed you will want to either restart your server or reload all exchange services (which ever is easier for you).

Kaseya Agent Procedure -> Alert if Privileged Account are changed in Active Directory

Out of the skunkworks here at Squidworks comes a new Kaseya Agent Procedure. This procedure (Script) pulls all members of privileged accounts groups like Domain Admins, Enterprise Admins and Schema Admins and stores it to the GETFILE location on your K-Server. Also viewable using LiveConnect -> Agent Data -> GetFile Tab.  You can add and remove groups from the VBScript to match your needs. The nice thing about this script is it finds out what your Forest is and queries the domains inside. You do not need to edit script for every domain in your customer base. This 1 script will query any domain it is pointed at, with out knowing what the domain name is! (Sweet) This makes it a great tool to deploy across all customers as it requires no edits to run on any domain.

The script should be scheduled to run every day, each time it is run it copies a new file up to the GETFILE area and does a compare of the 2 files. If they are not exactly the same it will send an alert that a change has happened.

You then need to watch for this alert to happen and alarm on it. To do this you will goto your Monitor tab in Kaseya. In the main menu under Agent Monitoring select Alerts. In the main window under alerts you will find a drop down selection box called “Select Alert Function“. In this drop down list locate and select “Get Files” then select the AD server you are running the script on and set it to Alarm and email you upon change.

That’s It. It will check your accounts and if a change takes place it then alerts you that a change has happened to which you can investigate. This works great if you need to keep people out of these privileged accounts groups. 

AD Admin Audit Kaseya Script Zip

Enjoy

Cubert

Event 10009 (Error) DCOM was unable to communicate with the computer computer name using any of the configured protocols.

If DNS resolves a users system and that system is no longer at that IP then you may see a Event ID 10009 in the systems event logs. Check DNS for duplicate entries first…  If you have the same computer name in DNS twice with 1 IP being correct and IP not, remove the wrong IP address.

This was a recurring error regarding a particular laptop on our network. This computer had not actually been on the network in months, but the error was showing up every thirty minutes in ten-error bursts.

What I eventually realized was that a laptop was not on the network but a Iphone had taken the IP address that was last associated with the laptop. However, nothing in DHCP showed anything out of order.

Finally I took a look in DNS, and sure enough there was an entry for that laptop associated with the IP address of the Iphone.

Seemingly, DCOM saw something at that IP address and was trying to communicate with it as if it were the laptop. Once I had deleted the laptop from the DNS the error was no longer appearing.

If you are seeing DCOM related to a computer that is NOT currently on the network, this might offer a fix.

I hope this helps someone out there

Cubert

How-to: Exchange 2010 Using GoDaddy UCC Certificates For Multiple Sub Domains

When using GoDaddy UCC certificate with Exchange 2010 there are some termoil on how best to do it. Here is my quick how to on using the UCC Certificates with Exchange 2010.

You shoul edit the powershell command below to reflect your domain name and sub names. Remove all Squidworks.net from the command and insert your domain and sub domain names.

Set-Content -path “c:\temp\squidworks_net.csr” -Value (New-ExchangeCertificate -GenerateRequest -KeySize 2048 -SubjectName “c=us, s=Florida, l=Melbourne, o=Squidworks, ou=IT, cn=squidworks.net” -DomainName mail.squidworks.net, autodiscover.squidworks.net, mail -PrivateKeyExportable $True)

Now we need to run the command in the Exchange Management Shell:

  1. Login to your Exchange 2010 server
  2. Click Start > Programs > Microsoft Exchange Server 2010 > Exchange Management Shell
  3. Paste the New-ExchangeCertificate command into the Exchange Management Shell and press Enter
  4. Your CSR file will appear in c:\temp.

    You can copy that text by opening this file with notepad, and then highlighting the entire body of text, including the Begin and End Certificate Request tags then pasting the text in the CSR area inside of GoDaddy’s Cert request process.

Once Godaddy issues the new cert we will need to import that back in to Exchange.  To Import the file you will need to copy the crt file from GoDaddy to your Exchange server then run the following command in the Exchange Power Shell.

Import-ExchangeCertificate -FileData ([Byte[]]$(Get-Content -Path c:\temp\squidworks.net.crt -Encoding byte -ReadCount 0)) | Enable-ExchangeCertificate -Services “IIS”

In this command we are registering it for the IIS services, afterwards we will go in and modify it replacing the current cert with this one. To do this we open the Exchange Console selecting Server Configuration. In this view we should see the new certification in the “Exchange Certification Tab”. Select this new cert and in the far right panel select “Assign Services to Certificate” Then follow the wizard and select the IMAP,POP and SMTP services. I should ask you once you select finish if you want to replace cert 1 with cert 2. Look at the dates and make sure it is the correct expire date.

Afterwards pull up your exchange server using SSL (https://) and see if your new GoDaddy Cert is being used.

Your all done..

Enjoy

Cubert