rebelpeon.com

Category: computers

  • VI3, NFS and Windows VMs

    See the second update for the correct way of setting this up 🙂

    You may be like me, and have a test lab running VI3.  You may also only be running Microsoft VMs for whatever reason.  I happen to be because that’s all I deal with as I work for a MS Consulting company.  Anyways, whenever I wanted to create a new machine I needed to have the ISO copied out to the ESX storage device.  This was always a pain because I’d have to use WinSCP or Filezilla to copy it from a host virtual machine to the storage device.  Plus there was the fact that I was now using 2x the space on the storage device because it’s accessible to ESX and it’s stored in a VM.  Lame.

    With VI3 you can use NFS shares as storage devices.  Downside is, is that by default Windows only uses CIFS (or SMB) sharing.  However, with Windows 2003 R2 (you may be able to do it in Win2k3 too) you can install the Unix NFS tools which allows for the creation of NFS shares.

    From the Windows machine you want the NFS share(s) located on, you need to open Add/Remove Programs from the Control Panel and then Add the following Windows components.  Under Other Network File and Print Services select to install all of the Microsoft Services for NFS.  I don’t think if you need all of them, but it’s working with them all (feel free to leave feedback if you play).

    After you install those, it will require a reboot.  Once you’re back up, open up the Microsoft Services for NFS in the Administrator Tools.  Right click on the root (Microsoft Services for NFS) and select the user name mapping you want.  I set mine to AD lookup, but I’m using anonymous read only access on the share anyways.

    If the CIFS share has already been created, you will need to create the NFS share from the command line.  This can be done with the following command:  nfsshare -o anon=yes

    =drive:path.  Obviously replace

    with the name you like and drive:path with the location for the share. 

    If the CIFS share hasn’t already been created, then you will see a NFS Sharing tab when you attempt to create the share.

    Once the share has been created, within your VirtualCenter client (or host based VI Client), select the host, go to configuration tab, and then Storage (SCSI, SAN, and NFS).  Select Add Storage and select the Network File System option.  Enter the info for the server you just set this up on and the folder (/

    ).  Now you have a mounted storage device for your share.  Yay!

    As mentioned before, this NFS mount point can be a virtual machine on the host.  I haven’t restarted the host yet, so I’m not sure how nicely it plays with that though.

    Resources used for this:
    http://levelsofdetail.kendeeter.com/2007/01/setting_up_an_nfs_server_on_wi.html
    http://support.microsoft.com/kb/324089

    **Update**

    Ugh, so just doing the above doesn’t work.  At least it didn’t list the contents of the iso directory.  No good.  Further research comes up with one possible solution, but it’s ugly.

    Add anonymous login read access to the share and ntfs permissions on the share.  This seems to work, but I’m not really a fan of it.  For some reason, user mapping doesn’t seem to be working.  You should be able to do user mapping by grabbing the /etc/passwd and /etc/group files from your VI3 host and then importing them into the Microsoft Services for NFS User Name Mapping section (right click and define the location for these two files). 

    I’ve mapped the local admin to the root account.  I get no love though as soon as I disable anonymous access on the NFS share.  Boo.  What really makes me angry is that I want to host templates on this Windows NFS share.  That would require me to enable read/write access to the anonymous user.  Needless to say, something I’m really not comfortable with.  Maybe I can fix this stupid user mapping issue, and then I won’t have to worry.

    Oh yeah, be sure to enable the NFS client firewall rule on your host…

    **Update #2**  This is the way to get this setup
    Alright, I’m retarded as to why I couldn’t get this figured out.  The real steps to get this going:

    1. Enable NFS Client through the firewall in VI3.  This is done from the host level, configuration, security profile.
    2. Install Microsoft Services for NFS.  From Add/Remove Programs in the Control Panel open up Windows Components and add all of the Microsoft Services for NFS found under Other Network File and Print Services.  Yes, you need them all.
    3. Reboot if required.
    4. Using WinSCP or Filezilla, get the /etc/passwd file from your VI3 host.
    5. Open up the Microsoft Services for NFS in the Administrator Tools.  Do not right click on the root (Microsoft Services for NFS) and delete the user name mapping server.  Be sure it is set to localhost.  Don’t worry about setting the domain unless you want to do additional user name mapping.
    6. Right click on User Name Mapping and select the Use Password and Group files and point to the path of the passwd file.
    7. Right click on User Maps under User Name Mapping and select create maps.
      • On the windows account side, change to the local host (if it’s not already selected) and click the List Windows Users button.
      • On the Unix account side, click the List Unix Users button.
      • Select the local Administrator on the Windows side and the root account on the Unix side.  ESX does everything as root, so don’t worry about selecting multiple mappings. (You can definitely map to a domain account, but DO NOT map to the domain admin account as this is usually disabled.)
    8. Create the NFS shares.  Ensure that the user you mapped to on the windows side (local Administrator) has the required (Windows) Share and NTFS permissions.
      • Right click on a folder and go to Sharing and Security.  Go to the NFS Sharing tab and select Share this folder and give it a name.  DO NOT allow anonymous access.  Instead select the permissions button.  Give the access required and be sure to check “Allow Root Access”.  As mentioned before, ESX does everything as root, so this box must be checked.
    9. Within VirtualCenter client (or host based VI Client) select the host, go to the configuration and then storage.  Select Add Storage and select the Network File System option.  Enter the info for the server you just set this up on and the folder (/).  Now you have a mounted storage device for your share.  Yay!
    10. Verify the storage device by double clicking on it.  If you can view stuff in the folder on windows, you will be able to view it on the ESX host.

  • Windows 2008 Role Services for MOSS 2007 Part 2

    Make sure your Database Access account is an admin on the central administration server, otherwise you’ll get access denied errors when trying to create new web applications.  This is because the db access account won’t have the ability to edit the metabase.  Oh, and this bubble up by MOSS saying that you, the logged in user doesn’t have access, which is completely inaccurate, especially since I was a Farm Administrator.  In addition you’ll see the error message listed below in the Application event logs.

    Log Name:    Application
    Source:      ASP.NET 2.0.50727.0
    Date:      3/18/2008 10:58:42 AM
    Event ID:    1309
    Task Category: Web Event
    Level:      Warning
    Keywords:    Classic
    User:      N/A
    Computer:   

    Description:
    Event code: 3005
    Event message: An unhandled exception has occurred.
    Event time: 3/18/2008 10:58:42 AM
    Event time (UTC): 3/18/2008 3:58:42 PM
    Event ID: c59d97a1bbf8405cba1d837292259be4
    Event sequence: 4767
    Event occurrence: 8
    Event detail code: 0
    Application information:
      Application domain: /LM/W3SVC/236168797/ROOT-1-128503227503346172
      Trust level: WSS_Minimal
      Application Virtual Path: /
      Application Path: C:inetpubwwwrootwssVirtualDirectories37466
      Machine name:


    Process information:
      Process ID: 3720
      Process name: w3wp.exe
      Account name:


    Exception information:
      Exception type: COMException
      Exception message: Access is denied.

    Request information:
      Request URL: http://

    :24055/_admin/extendvs.aspx
      Request path: /_admin/extendvs.aspx
      User host address: fe80::e48a:75aa:9034:9106WSS_Minimal
      User:

      Is authenticated: True
      Authentication Type: NTLM
      Thread account name:

    Thread information:
      Thread ID: 9
      Thread account name:

      Is impersonating: False
      Stack trace:  at Microsoft.SharePoint.Utilities.SPUtility.HandleAccessDenied(Exception ex)
      at Microsoft.SharePoint.ApplicationRuntime.SPRequestModule.HandleAccessDenied(Exception ex)
      at Microsoft.SharePoint.ApplicationRuntime.BaseApplication.Application_Error(HttpApplication app)
      at Microsoft.SharePoint.ApplicationRuntime.SPRequestModule.ErrorAppHandler(Object oSender, EventArgs ea)
      at System.Web.HttpApplication.RaiseOnError()

    I hate having service accounts admins on boxes.

  • Windows 2008 Role Services for MOSS 2007

    After trying to install MOSS 2007 on a new Windows 2008 box, I almost went completely bonkers.  No place in the installation documentation does it tell you what Role Services need to be installed for MOSS to successfully install and run.  Initially MOSS 2007 wouldn’t even install because I didn’t have the IIS6 metabase compatability installed.  However, just because it’s installed, doesn’t mean it actually runs.  I then started installing additional role services to see if I could get it to work.  Needless to say, even after installing all of services, my MOSS installation didn’t work.  Turns out you need to have the services installed prior to actually installing MOSS.  Otherwise the page will never render, and you’ll get a 5MB binary download instead of the actual application.

    However, after I knew what I was looking at (reinstalling MOSS again after all the services were installed), I decided to start whittle down the actual services I need.  Instead of doing it by hand, I finally found a website that listed what’s needed.  I’d like to give Bill Baer’s site a shoutout as to where I found this information.

    Web Server

    • Common HTTP Features
    • Static Content
    • Default Document
    • Directory Browsing
    • HTTP Errors

    Application Development

    • ASP.NET
    • .NET Extensibility
    • ISAPI Extensions
    • ISAPI Filters

    Health and Diagnostics

    • HTTP Logging
    • Logging Tools
    • Request Monitor
    • Tracing

    Security

    • Basic Authentication
    • Windows Authentication
    • Digest Authentication
    • Request Filtering

    Performance

    • Static Content Compression
    • Dynamic Content Compression

    Management Tools

    • IIS Management Console

    IIS 6 Management Compatibility

    • IIS 6 Metabase Compatibility

  • ESX 3.5 Upgrade Woes

    I really want to upgrade to ESX 3.5.  However, I’m not having that much luck with it.  I’ve tried 2x now, and have had the exact same experience.  So, I do the upgrade from 3.0.2 to 3.5.0.  However, after the upgrade, not all of my VMs function.  Some of them work just fine.  However, others are sitting at the command prompt saying that no OS has been found.  It’s weird because the drives are attached and recognized, but it doesn’t like to boot from them.  It’s like it can’t find the MBR. 

    Things I’ve tried to fix this:

    • Analyze the differences in the VMX and VMDK files between the machines that are working and aren’t.  This hasn’t given me much as there isn’t any difference.  The only difference I noticed was in the VMDK files.  The ones that booted correctly listed the “ddb.toolsVersion”.  The ones that hadn’t booted listed it as “0”.  Sadly, changing this didn’t fix anything.
    • Mount the non-functioning disks on working VMs.  By doing this I was able to view the contents of the disks just fine.  And amazingly, sometimes after doing that, the original VM actually booted.  However, they are very flakey and sometime revert back.  There is a lot of chkdsks going on on bootups too. Nothing is ever found, but it seems to always run.

    I really don’t know what to do at this point.  I know that I can downgrade again to 3.0.2 and it will work fine.  The machines will boot right up without issues.  However, to downgrade, that means I have to recreate all of my Virtual Machines again.  Not completely awful, but time consuming.  I may try to do a full install instead of any upgrade too, see if that works.  Any other ideas?

    I’d really like to move to 3.5 as it has some nice features.  Plus I’ll be sitting the VCP class soon, which will be on 3.5.

  • SQL 2005 and Windows 2008

    Having troubles running SQL Server Manager on your shiny new Windows 2008 installation?  Make sure you right click and do a “Run as administrator” on it.  Took me awhile to figure this one out.  Otherwise you’ll just get the error “Login failed for user domainuser.  (Microsoft SQL Server, Error: 18456)” even if you’re a member of the local administrators on the SQL box.

    Yet another instance of where UAC sucks.

  • Windows 2008 How-To Guides

    Microsoft released a bunch of how-to guides for various things new to Windows 2008.  You can grab them all from the MS Download page.

    Things I would definitely check out are:

    • Deploying SSTP Remote Access Step by Step Guide.doc
    • Server_Core_Installation_Option_of_Windows_Server_2008_Step-By-Step_Guide.doc
    • Windows Server 2008 TS Gateway Server Step-By-Step Setup Guide.doc

  • Exchange 2007 after Windows 2008 Upgrade Part 3

    After having issues with a potential bug on Feb the 29th, I’ve finally gotten things straightened out. 

    Today I attempted to move the mailboxes again, but received the same error message.

    Summary: 1 item(s). 0 succeeded, 1 failed.
    Elapsed time: 00:00:08

    User’s Mailbox
    Failed

    Error:
    The address list service on the server ‘servername.fqdn’ is not running. The Exchange server address list service failed to respond. This could be because of an address list or email address policy configuration error.

    The Exchange server address list service failed to respond. This could be because of an address list or email address policy configuration error.

    Exchange Management Shell command attempted:
    ‘fqdn/Managed Users/User’ | move-mailbox -BadItemLimit ‘10’ -TargetDatabase ‘servernameFirst Storage GroupMailbox Database’

    Elapsed Time: 00:00:08

    It turns out that all I needed to do was restart the System Attendant service on the machine I was trying to move the mailboxes to.  After I did that, everything moved successfully.  I then attempted to hit OWA on the new machine and it was successful!  So I finished moving all the mailboxes over, changed ISA to point to the new server name, imported the right certificate and I’m good to go.  Almost 5 days of downtime, but no email lost, yay!

    Now I just need to decommission the old Exchange box and give the new one more RAM.  Not a bad few days work.

  • Exchange 2007 after Windows 2008 Upgrade Part 2

    Well, I’ve got the new Exchange box up and running.  However, I can’t move the mailbox from one machine to the other.  Thankfully, I’m not the only one having this problem today.  It appears as though because it is the 29th of February (leap year), there is a bug in Exchange 2007 preventing certain things from completing.  There’s a nice TechNet thread on it, and it appears by setting your date to tomorrow fixes it.  I think I’ll just wait to move the mailboxes till tomorrow or later then 🙂

  • Exchange 2007 after Windows 2008 Upgrade

    I know it has been well documented that you cannot upgrade Windows 2003 to Windows 2008 with Exchange 2007 installed and expect Exchange 2007 to keep functioning.  However, let’s say you may have accidentally done the upgrade on a standalone Exchange 2007 box you have, you know, just in case it were to happen (like it did to me).

    Prior to doing the upgrade, you’ll notice a few things.  First of all, you’ll be prompted that you need to uninstall Powershell.  However, no where does the compatibility checker say anything about needing to uninstall Exchange 2007 prior to upgrading.  I found this hilarious (in a sad, pissed off way) because I had tried to upgrade my WSUS virtual machine first, and it had told me that I would need to uninstall Powershell and WSUS prior to upgrading.  I’m so glad that I wasn’t told anything about Exchange in a similar fashion.  Ugh.  By the way, I was running Exchange 2007 with SP1 prior to the upgrade…of death!

    The first stumbling block, which should have caused me to stop the upgrade process, was uninstalling Powershell.  Since I had installed it prior to installing SP2, uninstalling it becomes a pain.  This is because Powershell is a windows update and if you install a service pack you can’t uninstall any updates prior to the service pack.  Lovely.  Well, in another unsupported way you can uninstall it.  You have to browse to %windir%$ntuninstallkb926139$spuninstall and run the spuninstall.exe.  Now, this may or may not be on your machine anymore either.  On some of my virtual machines it was there, but on my Exchange server it was not, so I copied it over and ran it.

    Ok, so now I can upgrade, yay!  Windows does its thing and upgrades everything and restarts successfully.  I was actually fairly impressed when it booted up.  It looked like it actually worked.  However, then I went into the services snap-in.  I usually do this with this machine because it is slightly RAM starved and sometimes all the Exchange services don’t start.  Sure enough, they hadn’t all started.  So I went through and tried to start them all.  All started but the information store and the system attendant service because of a dependent service.  Crap, of course it’s the important ones.

    Well, first thing I tried was to reinstall Exchange 2007 SP1, just to see if that would work.  Of course this required me to reinstall Powershell, since that’s a pre-req.  No big deal, installed that easily.  Then when I tried to actually install SP1 it just bombed saying it couldn’t upgrade.  Looking through the eventlogs it was because it was trying to spin up those two services.  Great.

    Well, doing some quick registry editing, I found that the service it was dependent on was NtlmSsp.  Needless to say, this service does not exist on Windows 2008, hence the issue.  Two seconds later, I removed that dependency from within the registry and restarted the machine.  The machine reboots, and low and behold all of the services start.  And all the email that was in the queue on my Edge Transport machine left the queue and made it into Exchange.  Downside is that I was doing this all remotely and OWA still didn’t work.

    Honestly, I wasn’t that worried about OWA.  I mean, as long as I can get my emails back and then do the correct upgrade (aka, no upgrade at all) I’d be a happy camper.  Heck, even after installing Powershell back on it, I was able to open up Exchange System Manager.  Really, if I didn’t know all about the services and didn’t use OWA, I would’ve never known it wasn’t working.  Oh, well, maybe the exceedingly high CPU utilization, but oh well.

    When I got home, I had to test to see if I would be able to access my email.  Sure enough, Outlook worked like a charm.  I received all the queued email that had been sitting there for a day, and I was even able to send an email.  Pure craziness. 

    What makes this even better is that the Exchange team actually decided (well, they actually went into it knowing what they were getting into) to try this same thing too.  However, they weren’t able to get things working.  I think the large mess-up was re-installing SP1.  I’m glad I didn’t decide to go down that path, especially since mine worked.  Needless to say I’m working on building a new VM with Windows 2008 and then going to add it t the ORG and move the mailboxes over to the new one.  However, in the meantime, at least my email is functioning 🙂

    I’ll be sure to post again on if I ran into any more issues with the mailbox move.  Worst case I suppose I could just do an ExMerge (actually Export-Mailbox for 2007) on the mailboxes or dump the email out of outlook to a PST.  I’d rather not do that, but if that’s what it takes…

  • DAS vs NAS vs SAN

    Something that is making me very angry with the current project I’m on is the difference between DAS, NAS, and SAN technologies.  The worst is that I’m working with these people on a specific thing not related to storage infrastructure, but instead development architecture and the people that are dealing with the storage infrastructure are the people that don’t know what the hell their talking about.  In particular, the hosting provider that does all of the storage infrastructure work for us doesn’t know what the differences are.  Oh, and don’t get me started on a VMware paper that we had that didn’t know the difference either.  It just drives me nuts. 

    For those of you keeping score, I’m going to outline this out.

    DAS = Direct Attached Storage.  These are disks that are physically located in your host machine.

    NAS = Network Attached Storage.  NAS is file based.  For example a CIFS or NFS share.  This is typically TCP/IP based access.  The NAS device “owns” the data on it.  That is, the NAS device administers the data.  For example, you connect to a NAS device from a windows machine by accessing servernameshare.

    SAN = Storage Area Network.  SAN is block based.  This is when LUNs (logical unit numbers) are involved on a host.  The host “owns” the data.  The host is in charge of the partition, formating, and access to the LUN.  You can access a SAN via two protocols: iSCSI (TCP/IP) and/or Fiber Channel (FC). 

    I’m so sick of seeing people talk about iSCSI NAS.  There’s no such thing because in a NAS scenario you are sending CIFS or NFS protocols over TCP/IP while in a SAN solution you’re sending SCSI protocols over TCP/IP.  Huge difference.

    And yes, you can have a device that serves both NAS and SAN from one filer.  This is called Unified Storage.  All NetApp devices can do this.

    Are we clear now?!