Sunday, February 12, 2012

Synching a Windows AD domain with an external time source

Having your time set up correctly is of crucial importance to the well-being of your Active Directory infrastructure.  In every setup I do I ensure that my PDC Emulator FSMO holder synchs with an NTP server on the internet.  Unless there are specific customer requirements I use as my external source.  Here is how to configure your PDC Emulator to sync (all commands entered from an Administrative Command Prompt):

  1. Ensure that your firewall allows outbound NTP traffic from your PDC emulator
  2. Run w32tm /config / /syncfromflags:MANUAL /update
  3. Restart the time service: net stop w32time && net start w32time
  4. Force a synchronization with the newly added source: w32tm /resync
  5. Verify the source: w32tm /query /source

The rest of your domain clients should automatically synchronise with your PDC emulator.  If this has been changed for whatever reason you can re-instate it with the following commands:

  1. w32tm /config /update /syncfromflags:DOMHIER
  2. net stop w32time && net start w32time
  3. w32tm /query /status

The above will go a long way to giving you a proper time-setup, and should be sufficient and accurate enough for most organisations

Saturday, February 11, 2012

Allowing NetApp SnapMirror through a firewall

During a recent NetApp Snapmirror implementation we had a tremendous time getting SnapMirror to work.  After much troubleshooting we discovered that it was due to ACL’s on the customer switches.  After a bit of digging I discovered NetApp Technical Report 3326, which details the firewall configuration required.  It’s a bit TL;DR, so I’ve condensed it for you.
TCP Ports used by NetApp SnapMirror
  • TCP 10566 (Source System binds on this port)
  • TCP 10569 (Source system listens on this port)
  • TCP 10565 (If using multipath, this is what the destination System listens on)
  • TCP 10565, 10567, 10568 (Destination System listens on these ports)
  • Just open TCP 10565 – 10569 bi-directional and be done with it (if you can get away with it)
So, dear Network Mechanics, ensure that the above is allowed through your switch ACL’s and firewalls and make a storage admin happy!

Friday, February 10, 2012

Exchange 2010 Pre-Install Requirements

Lately I have found myself doing quite a few Exchange 2010 installations, and every single time the pre-install requirements trips me up.  Not really a show-stopper but it gets old quickly having to exit out of the installer, do something, start the installer and then have it error out on the very next step.  So without further ado – here is a list of things that needs doing to ensure Exchange 2010 installs smoothly

  1. Target server needs to be running either
    • Windows Server 2008 R2 64-bit with SP2
    • Windows Server 2008 64-bit R2
  2. Install the Microsoft Filter Pack (only if you’re going to host the Hub Transport or Mailbox Server roles).  The filter pack is available here
  3. Run the following from an elevated PowerShell console: Import-Module ServerManager
  4. Run the following from an elevated PowerShell console: Add-WindowsFeature NET-Framework,RSAT-ADDS,Web-Server,Web-Basic-Auth,Web-Windows-Auth,Web-Metabase,Web-Net-Ext,Web-Lgcy-Mgmt-Console,WAS-Process-Model,RSAT-Web-Server,Web-ISAPI-Ext,Web-Digest-Auth,Web-Dyn-Compression,NET-HTTP-Activation,RPC-Over-HTTP-Proxy –Restart
  5. Run the following from an elevated PowerShell console: Set-Service NetTcpPortSharing -StartupType Automatic
  6. Install latest patches and service packs via Windows Update
  7. Proceed with the Exchange 2010 installation

If you want to go straight to the source, here is the Microsoft Technet article

Thursday, February 9, 2012

NetApp Command Line Cheat-Sheet

I recently had the opportunity to work on a NetApp storage implementation project.  As always I really wanted to get my hands dirty, so I tried to learn as much about their CLI as possible.  It also helps when the NetApp System Manager GUI has got crazy bugs like Bug ID 548923, which prevents you from doing any FC related configs.  Anyhow, here is a list of commands which should get you up and running in no time.  I compiled this from a couple of web sources.

The Basics

setup (Re-Run initial setup)
halt (Reboots controller into bootrom)
reboot (Reboots the connected controller)
sysconfig -a (Dumps the system configuration)
storage show disk (shows physical information about disks)
passwd (Changes the password for the current user)
sasadmin shelf (shows a graphical layout of your shelves with occupied disk slots)
options trusted.hosts x.x.x.x or x.x.x.x/nn (hosts that are allowed telnet, http, https and ssh admin access. x.x.x.x = ip address, /nn is network bits)
options trusted.hosts * (Allows all hosts to the above command)

Press DEL at boot up during memory test followed by boot_diags and select all
priv set diags (Enter diagnostics CLI mode from the Ontap CLI)
priv set (Return to normal CLI mode from diagnostics mode)

software list (Lists software in the /etc/software directory)
software delete (Deletes software in the /etc/software directory)
software update -r (Install software. The -r prevents it rebooting afterwards)

aggr create aggregate_name (Creates an Aggregate)
aggr destroy aggregate_name (deletes an Aggregate)
aggr offline aggregate_name (takes an Aggregate offline)
aggr online aggregate_name (brings an Aggregate online)
aggr status (shows status of all aggregates)
aggr status aggregate_name (show status of a specific Aggregate)
aggr show_space aggregate_name (shows specific aggregate space information)

vol create volume_name (Creates a volume)
vol status (gives the status of all volumes)

snap create volume_name snapshot_name (create a snapshot)
snap list volume_name (List snapshots for a volume)
snap delete volume_name snapshot_name (delete a snapshot on a volume)
snap delete -a volume_name (Deletes all snapshots for a volume)
snap restore -s snapshot_name volume_name (Restores a snapshot on the specified volume name)
options cifs.show_snapshot on (Sets snapshot directory to be browse-able via CIFS)
options nfs.hide_snapshot off (Sets snapshot directory to be visible via NFS)

options snapmirror.enable on (turns on SnapMirror. Replace on with off to toggle)
vol restrict volume_name (Performed on the Destination. Makes the destination volume read only which must be done for volume based replication)
snapmirror initialize -S srcfiler:source_volume dstfiler:destination_volume (Performed on the destination. This is for full volume mirror. For example snapmirror initialize -S filer1:vol1 filer2:vol2)
snapmirror status (Shows the status of snapmirror and replicated volumes or qtree’s)
snapmirror status -l (Shows much more detail that the command above, i.e. snapshot name, bytes transferred, progress, etc)
snapmirror quiesce volume_name (Performed on Destination. Pauses the SnapMirror Replication. If you are removing the snapmirror relationship this is the first step.)
snapmirror break volume_name (Performed on Destination. Breaks or disengages the SnapMirror Replication. If you are removing the snapmirror relationship this is the second step followed by deleting the snapshot)
snapmirror resync volume_name (Performed on Destination. When data is out of date, for example working off DR site and wanting to resync back to primary, only performed when SnapMirror relationship is broken)
snapmirror update -S srcfiler:volume_name dstfiler:volume_name (Performed on Destination. Forces a new snapshot on the source and performs a replication, only if an initial replication baseline has been already done)
snapmirror release volume_name dstfiler:volume_name (Performed on Destination. Removes a snapmirror destination)

cf enable (enable cluster)
cf disable (disable cluster)
cf takeover (take over resources from other controller)
cf giveback (give back controller resources after a take over)

options on (Turns Autosupport on, toggle with off)

Hot Spares
vol status -r (Gives list of spare disks)

disk show (Show disk information)
disk show -n (Show unowned disks)

lun setup (runs the cli lun setup wizard)
lun create -s 10g -t windows_2008 -o noreserve /vol/vol1/lun1 (creates a lun of 10GB with type Windows 2008, sets no reservation and places it in the following volume or qtree)
lun offline lun_path (takes a lun offline)
lun online lun_path (brings a lun online)
lun show -v (Verbose listing of luns)

Fiber FCP
fcadmin config -t target 0a (Changes adapter from initiator to target)
fcadmin config (lists adapter state)
fcadmin start (Start the FCP service)
fcadmin stop (Stop the FCP service)
fcp show adapters (Displays adapter type, status, FC Nodename, FC Portname and slot number)
fcp nodename (Displays fiber channel nodename)
fcp show initiators (Show fiber channel initiators)
fcp wwpn-alias set alias_name (Set a fiber channel alias name for the controller)
fcp wwpn-alias remove -a alias_name (Remove a fiber channel alias name for the controller)
igroup show (Displays initiator groups with WWN’s)

cifs setup (cifs setup wizard)
cifs restart (restarts cifs)
cifs shares (displays cifs shares)
cifs status (show status of cifs)
cifs domain info (Lists information about the filers connected Windows Domain)
cifs testdc ip_address (Test a specific Windows Domain Controller for connectivity)
cifs prefdc (Displays configured preferred Windows Domain Controllers)
cifs prefdc add domain address_list (Adds a preferred dc for a specific domain i.e. cifs prefdc add netapplab.local
cifs prefdc delete domain (Delete a preferred Windows Domain Controller)
vscan on (Turns virus scanning on)
vscan off (Turns virus scanning off)
vscan reset (Resets virus scanning)

HTTP Admin
options httpd.admin.enable on (enables web admin)

SIS (Deduplication)
sis status (Shows SIS status)
sis config (Shows SIS config)
sis on /vol/vol1 (Turns on deduplication on vol1)
sis start -s /vol/vol1 (Runs deduplication manually on vol1)
sis status -l /vol/vol1 (Displays deduplication status on vol1)
df -s vol1 (View space savings with deduplication)
sis stop /vol/vol1 (Stops deduplication on vol1)
sis off /vol/vol1 (Disables deduplication on vol1)

dns flush (Flushes the DNS cache)
/etc/resolv.conf (edit this file to change your dns servers)