Author Archives: SeanLaBrie

Configure Stacking and update firmware on Dell 55xx Series Switches

Leave a reply

Here is a quick and dirty guide to getting a Dell 55xx switch stack up and running and get the firmware updated across the stack.

  1. First download the most recent firmware and a TFTP server, then start the TFTP server and extract the firmware files into the TFTP server’s directory.
  2. Plug in your HDMI stack cables into each switch(configure in such a way that they switches form a circle)
  3. Once the HDMI cables are plugged in, plug in to the console and power up the first switch. You’ll have to use hyper terminal, putty, teraterm, or some other console tool to run the initial wizard. Please set the IP address of the switch and when it’s completed you can power up the second(and 3rd,4th, etc) in the stack.
  4. Set the Master switch by using the following command: stack master unit 1
  5. Upload the firmware to each unit in the stack with the following command: copy tftp://z.z.z.z/powerconnect_55xx-yyyy.ros unit://*/image replacing the z.z.z.z and yyyy values with the IP address of the TFTP server and the version of the firmware you downloaded.
  6. Upload the boot code to each unit in the stack with the following command: copy tftp://z.z.z.z/powerconnect_55xx_boot-yyyyy.rfb unit://*/boot replacing the z.z.z.z and yyyyy values with the IP address of the TFTP server and the version of the firmware you downloaded.
  7. After the boot files and firmware have been uploaded you can issue the following command to check with image location it was placed in: show bootvar
  8. Finally once you know which image location it’s in, you can issue this command to boot from that firmware: boot system image-2 all, assuming your firmware was placed in image location 2 in the “show bootvar” output.

Install a Certificate for Remote Desktop Services or Terminal Services on a Terminal Server

3 Replies

You’ll need a .pfx certificate in this guide, so once you have your certificate and any intermediates that need to be installed, export the certificate and include the entire chain the export, assign a password and then save the .pfx somewhere where you can access it from the terminal server.

On the Terminal Server in Question:

  1. Click “Start” and then “Run”.
  2. Enter “mmc” and then click “OK”.
  3. Click on the “File” menu and then select “Add/Remove Snap-in…”.
  4. Click “Certificates” and then click “Add >”, when prompted choose option “Computer Account” and then click “Next >”.
  5. Select “Local Computer” and then click “Finish”.
  6. Click “OK” to complete the add snap-in wizard and then expand “Certificates (Local Server)”.
  7. Right click on the “Personal” folder and then select “All Tasks”, then “Import…”.
  8. Click “Next >” and then locate the .pfx you’ve saved earlier. Click “Next >”
  9. Enter your password, and then click “Next >”, click “Next >”, click “Finish”.
  10. Now open “Remote Desktop Session Host Configuration”.
  11. Right click on “RDP-tcp” in the center of the window and select “Properties”.
  12. On the “General” tab, click the “Select” button, Select your certificate, and then click “OK”.
  13. Click “OK” one more time, and then all future connections will be secured by the certificate.

 

Outlook 2010/2007 stuck in disconnected state for one user

Leave a reply

Ran into a problem today with an Outlook 2010 client that would not leave the “disconnected” state. I restarted the computer, verified the mailbox was still active in Exchange 2003, and verified that this problem was not effecting other users, even ones on the same PC. I tried to create a new outlook profile, but during the setup I kept getting the same error:

“Microsoft Exchange Server reported error: The server is
not available. Contact your administrator if this condition persists”

It appears that just this one user cannot connect to exchange, the way that we solved this problem was by increasing the maximum number of connections that each user can make to Exchange 2003. Follow these steps on your Exchange server:

  1. Open Regedit
  2. Navigate to HKLM\CurrentControlSet\Services\MicrosoftExchangeIS\ParametersSystem
  3. Create a new DWORD called “Maximum Allowed Sessions Per User” and set it to decimal 64.
  4. Restart the “Microsoft Exchange Information Store” service
  5. Attempt to reconnect with the user’s outlook.

Hopefully this took care of your problem user.

 

Analyzing Dump Files using WinDbg on Windows 7

Leave a reply

I Figured I’d toss this information up here because every time I get a new computer I end up spending an hour of my life figuring this out again, it’s not overly complicated, but why spend any more time than I have to right?

  1. Okay, well first things first, we need to download and obtain the Windows 7 SDK from here.
  2. Start an installation, and when prompted, choose custom.
  3. Install only the Debugging Tools for Windows components
  4. Launch the Windbg.exe tool and enter the following command to set your symbol locations: .sympath SRV*C:\symbols*http://msdl.microsoft.com/download/symbols
  5. Go to the File Menu, click “Save Workspace”
  6. Create a new System Environment Variable to remember that location for the future:  _NT_SYMBOL_PATH = symsrv*symsrv.dll*c:\symbols*http://msdl.microsoft.com/download/symbols
  7. Now you can start to analyze Crash dump files by clicking on File and then Open Crash Dump.

Download SBS, Small Business Server 2011 Volume License Media

Leave a reply

I recently ran into an issue where I was expecting to be able to download the Open/Volume License Media for SBS 2011 and was surprised to find out that Microsoft does not allow you to download it, they force you to have the physical media sent to you via the mail.

I’m happy to announce that if you just head over and download the trial media, that the Volume License key works and you can use the Trial media, and Volume key to get your SBS 2011 server up and running. You can download the trial media for SBS here.

Windows 7 refuses to enable Offline Files, Sync Center will not stay enabled

11 Replies

I just had a super headache of a problem, I had Windows 7 laptops that would not, for the life of me, keep sync center enabled. I’d enable it, and then after a reboot it would be disabled again, nothing in the logs, just disabled. I got creative and forced it to be enabled via a GPO, but still! After a reboot it would be disabled.

I read a bunch of KB articles, and the final result was a combination of Oplocks and re-initalizing the offline files cache. Here is what I did, and I’m happy to report that it’s worked on more than one computer having the same issue:

Enable Opportunistic Locking

  1. Open Regedit
  2. Navigate to HKEY_Local_Machine\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\
  3. Create a new REG_DWORD titled “EnableOplocks” and set it to “1”
  4. Navigate to HKEY_Local_Machine\SYSTEM\CurrentControlSet\Services\MRXsmb\Parameters\
  5. NOTE: Create a new key “Parameters” if it does not exist under MRXsmb
  6. Create a new REG_DWORD titled “OplocksDisabled” and set it to “0”
  7. Reboot the computer

Reinitialize the Offline Files Cache

  1. Open Regedit
  2. Navigate to HKEY_Local_Machine\Software\Microsoft\Windows\CurrentVersion\NetCache
  3. Create a new REG_DWORD titled “FormatDatabase” and set it to “1”
  4. Reboot

You should now be able to enable offline files (If not already being enforced by a GPO) and it will ask you to reboot, afterwards it should remain enabled.

 

Apply Internet Explorer Settings with Group Policy without preventing users from making additional changes

Leave a reply

Let’s say you want to roll out some default settings to IE, but you don’t want to prevent users from making additional changes. In the past I’ve seen this done through the Site to Zone Assignment List GPO but you end up with users who can’t modify those settings once they are set at the GPO level. The problem is this: say you’ve got a partial list of websites that should be placed in Trusted sites, but you don’t have the full list and you know users are going to need to add additional sites ad hoc.

Here is the better way to configure these settings:

  1. Open Group Policy Management Console, and Create a new GPO
  2. Expand User Configuration, Policies, Windows Settings, and Internet Explorer Maintenance, and finally Security
  3. Double click on “Security Zones and Content Rating”
  4. If and when the “Internet Explorer Enhanced Security Configuration” warning appears click on “Continue”
  5. Change the “Security and Privacy Settings” section to “Import the current security zones and privacy settings” and then click the “Modify Settings” button
  6. Make all of the appropriate changes for your environment and then press OK. These will now be the default settings for any users whom this GPO effects.

To be clear, I’ve not tested to see if these settings will re-apply if they are removed by the users, but my hunch is that if the users tries to remove any of these settings, they will be reapplied the next time the GPO is processed.

Setup and Install the EqualLogic Multipathing Agent for VMWare ESXi 5

Leave a reply

In a past post I went into how to configure iSCSI over a LAG to give you some path redundancy over a single VMK IP. You can read about that here. For multiple reasons this is not the best way to configure Multipathing, so here is a write up on the proper way to setup the Multipathing Plugin on a VMWare ESXi 5 server (I’ve also included steps to undo what may have been setup in the past).

Prerequisites

  1. Download and install winSCP from here.
  2. Download the EqualLogic Multipathing Agent for VMWare.
  3. Download, Install, and Configure the VMWare Management Agent (vMA), read about how to do that here.
  4. Optionally, Install VMware Update Manager, which can be used to install the MEM in the event that the setup.pl --install script does not work.

Cleaning Up

If you’ve already had iSCSI configured on this host, it’s time to make note of a few things and then clean up before we get the EqualLogic MEM installed.

  1. Make note of all IPs that are being used by a host for iSCSI
  2. Make note of which NICs are being used by the vSwitch setup for iSCSI
  3. Delete the VM Kernel ports that are attached to the iSCSI vSwitch
  4. Delete the iSCSI vSwitch

Disable iSCSI on the Host

  1. Connect to the vMA using putty, and then attach to your host using the following command: vifptarget -s <host's FQDN>
  2. For ESXi 4.x enter the following command: esxcfg-swiscsi –d
  3. for ESXi 5 enter the following command: esxcli iscsi software set -e false
  4. Reboot the Host

Enable iSCSI on the Host

  1. For ESXi 4.x enter the following command: esxcfg-swiscsi –e
  2. for ESXi 5.0 enter the following command: esxcli iscsi software set -e true</li>

Remove the old VMK bindings from the iSCSI HBA

For each of the VM Kernel ports that you made note of before, run the following command where <vmk_interface> is your vmk port such as vmk1, vmk2, and <vmhba_device> is your vmhba adapter for iSCSI such as vmhba38:

  1. For ESXi 4.x: esxcli swiscsi nic remove –n <vmk_interface> –d <vmhba_device>
  2. for ESXi 5: esxcli iscsi networkportal remove -n <vmk_interface> -A <vmhba_device>

Installing the EqualLogic Multipathing Agent

Now that our host is fresh and so clean clean, well in terms of iSCSI anyway, it’s time to start configuring the Multipathing Extension Module.

Move the Setup Script and Bundle to the vMA

  1. Connect to your vMA using winSCP, it should drop you into the home directory for the user ‘vi-admin’
  2. Find and locate the files that were extracted from the zip file you downloaded from Equal Logic, you are looking for “setup.pl” and “dell-eql-mem-esx5-X-X.X.XXXXXX.zip” the version of the .zip file will depend on whether or not you’re installing it on ESXi 4.x or ESXi 5, just make sure you copy the right file name.
  3. Once you’ve moved both files to the vMA, right click on the “setup.pl” file from within winSCP, select “properties”. Under the “Permissions” section of the setup.pl change the “Octal” value to “0777”, this will allow you to execute the script.
  4. Close WinSCP.

Configuring the MEM

  1. Connect to your vMA using ssh.
  2. You should automatically be logged into the home directory of the ‘vi-admin’ user, verify this by running a ls, and making sure you see the two files you uploaded.
  3. enter the following command to get started: ./setup.pl --configure --server=<esxi server's FQDN>
  4. Follow the bouncing ball once the script gets started, it’s going to ask you for a username and password for the host, it’s also going to ask you to name the new virtual switch, it’s going to ask you what nics to use, list each one with a space in between them, it will also ask you for an IP for each VMK port it creates, and it will ask for the IP of the Group IP you want to connect to, and a few other questions as well such as subnet mask and mtu size, whether or not to use chap, use the information you collected above and the configuration of the Array to answer the questions, and when the script completes you should see the new vSwitch and VMK ports in your configuration.

Installing the Bundle

  1. While still logged into your vMA run the following command: ./setup.pl –install –server=<esxi server’s FQDN>
  2. If you receive an error about being unable to install it, try disabling Admission Control on your HA cluster and re-running the command.

If for some reason you are unable to get the setup.pl –install command to work properly you can use the vmware Update Manager to install the Bundle.

  1. Install and configure vUM, according to VMware instructions.
  2. Import the MEM offline bundle into the vUM package repository by selecting the “Import Patches” option and browsing to the dell-eql-mem-esxn-version.zip.
  3. Create a baseline containing the MEM bundle. Be sure to choose a “Host Extension” type for the baseline.
  4. Optionally add the new baseline to a baseline group.
  5. Attach the baseline or baseline group to one or more hosts.
  6. Scan and remediate to install the MEM on the desired hosts. Update Manager will put the hosts in maintenance mode and reboot if necessary as part of the installation process.
  7. If you get the error: fault.com.vmware.vcIntegrity.NoEntities.summary disable Addmission control and then try to remediate again.

Verifying that everything is working properly

  1. Once both the the –configure and the –install commands have been run you can run the follow command to make sure everything is working properly: ./setup.pl --query --server=<esxi server's FQDN>

 

It’s a little bit more work than the LAG setup, but this is the proper way to get a full and complete Equal Logic Multipathing setup installed and working.

 

Exchange 2010 delivering error message “POP3 ERR Command is not valid in this state” when older pop clients attempt to connect.

4 Replies

We ran into an issue today where an older application that we use couldn’t log into our new exchange server when trying to pop mail. (why are we trying to pop when we have Exchange? that’s another story for another day). The Error we kept getting was “ERR Command is not valid in this state”. It’s a pretty simple fix, we just need to enable plain text login for this older application.

  1. Log into your Exchange 2010 CAS server
  2. Open the Exchange Management Shell
  3. Issue command Set-PopSettings -LoginType PlainTextLogin
  4. Restart the Exchange POP Service

That’s it. Give the application another go and you should be able to start POPing mail.

 

420 4.2.0 RESOLVER.ADR.Ambiguous; ambiguous address in the Exchange 2010 Submission Queue

2 Replies

I ran into a problem this week where a user was sending email to an external email address and the message would leave outlook, but never arrive. Interestingly this user also could not send email to another internal user who was configured for forward to this same external address(via a contact in Active Directory). Other users were able to send messages both to the internal user (and have them forward) as well as directly to the external email address without issue.

I did some google-ing on the 420 4.2.0 RESOLVER.ADR.Ambiguous; ambiguous address and kept coming up with results that wanted me to check for duplicate proxy addresses in exchange. See this article for how to figure that out: here. After searching I was unable to find the duplicate entry, so I moved on.

What I ended up doing was deleting the external contact, re-creating it, re-set up forwarding for the internal user in question and then tested again. As soon as that contact was deleted the submission queue started to empty, and inital user who reported the problem was now able to send to both addresses, just like the other internal users.

Not an elgant fix, but I figured I’d share it anyway due to the low number of results that I found on google when searching for a resolution.