Τρίτη, 11 Νοεμβρίου 2014

Problem with Hyper-V VSS daemon after upgrading CentOS 6.5 to the latest 6.6

Hello folks,

Before some days CentOS team released a new version for CentOS the 6.6. After some upgrades and lab tests in the infrastructure I found some problems with the backing up procedure from the DPM. 

To be more specific when you try to take a backup from a CentOS 6.6 upgraded image from CentOS 6.5 with Hyper-V Backup Essentials installed (the module/package which is responsible for the Online VSS backup on Linux VMs) you are getting freeze the VM with kernel panic errors on the /var/log/messages file, so the only thing you can do is to hard reset your VM. To avoid all this thing please follow the below instructions:

1. You have to remove your integration services so you can install again the new released package for CentOS 6.6 (hyperv-daemons) which includes the Online backup ability without any problem
 rpm -e microsoft-hyper-v kmod-microsoft-hyper-v 
When uninstall complete please reboot your VM.

2. After the reboot please login on your VM and install the hyperv-daemons package (if you are not root run it with sudo in front of the command below)
 yum install hyperv-daemons 
When install complete please reboot your VM.

Even after the above instructions completed and the VM is working fine, when you try to backup your VM you will get some errors on your remote console of hang_task_timeout_secs and inside the /var/log/messages file that the Hyper-V VSS: VSS: freeze of /boot: Permission denied. After a contact with Microsoft and some other on Technet the workaround is below. These problems occurs because of the SELINUX is not disable and be more specific it doesn't allow the hyper-v vss daemon to run. To workaround it please do the following:

1. Disable SELINUX

 vi /etc/selinux/config
 disable SELINUX
 ESC
 :wq
 reboot

2. If you are having strictly policy and for some reason you are using the SELINUX firewall module, run the following command in order to give rights on the hyper-v vss daemon to run on your CentOS

 semanage permissive -a hypervvssd_t 
If you get an error "command not found" is because you have to install the python policy core utilities that SELINUX uses. Run the following command
 yum install policycoreutils-python 

These things above have been tested on Windows Server Hyper-V 2012 R2 and DPM 2012 R2 UR3 and works without any problem (for now) :) Please, bofore do anything on your production Virtual Machines please test it on your infrastructure too because some things might not be the same or not fitting with the guide above.

Have a nice day.

Πέμπτη, 18 Σεπτεμβρίου 2014

How to change the webgui password of user in pfSense from a console/ssh session

So hello folks, for a couple of days I was digging arround to find a solution for this thing.
First you have to download the change admin script to your /etc/phpshellsessions with the following command:
# fetch -o /etc/phpshellsessions/ https://raw.githubusercontent.com/pfsense/pfsense/c07e853bb4a67a3b728b7546b36801eaef770c19/etc/phpshellsessions/changepassword

And then you run the the following:
# pfSsh.php playback changepassword <username> 

It will ask you the new password and to confirm the new password for the user. After you complete the above you can try log in the webgui with the new password.

Have a nice day.

Παρασκευή, 12 Σεπτεμβρίου 2014

How to remove a library object "VM Template" of a VHD(X) from SCVMM 2012 R2 after you getting error ID: 848

Hello folks again,

Today I wanted to delete a VM Template from the Library server but after deleting the VM Template I took an error with the ID: 848.

Basically the correct way to do this is to go in your Library Server (through SCVMM console), Delete the VM Template that you want and then from the Library Share you delete the vhd/vhdx file without problem. But sometimes, maybe you will get this error:


The workaround to delete the dependency between the VM Template and the vhd/vhdx file is to open an SCVMM Powershell console (if you open it from the button inside the SCVMM console it will ask for administrator user credentials, so you must login with a user that has administrator previleges) and execute the below two (2) simple powershell commands:


The first command is to save the template ID on the varialbe $temp1 and the second is the Remove-SCVMTemplate which actually removes the Template that you add it on the first command. It's better to do it like this because, if you want to mass delete some Temporary templates (that have stack on your SCVMM dependencies). So if you change the command with something like this "Temporary *" you will delete all the Temporary dependencies.

P.S. Inside the double quotes you write the Temporary template with the ID exact as the error above shows it. After doing this try to Delete again from the Library share the vhd/vhdx you want.

If you need any advice or edit something please leave a comment. Thank you!

Πέμπτη, 26 Ιουνίου 2014

Windows Server 2012/2012 R2 Hyper-V Replica between two different domains (stand alone and cluster)

Hello folks,

Our scenario is about Hyper-V Replica between two different domains, one with the stand alone Hyper-V 2012 Nodes (primary site) and the other with a Clustered Infrastructure of Hyper-V 2012 R2 (repilica site).

After a lot of trial and error with some configurations for this scenario i ended to the following config.

First of all this config is based on Certificates and not Kerberos because of the different domains between the Hyper-V nodes. Bellow you will find the steps to make it work, let's start.

1. We must create the Hyper-V Replica Broker (on the Replica site, where our cluster nodes exhists):
  1. Open the Failover Cluster
  2. Configure Role
  3. Select Hyper-V Replica Broker and hit "Next"
  4.  Add the Name of the replica broker e.g replicabroker (Note: this will be translated as an fqdn and also will be add on the domain controller the a record replicabroker.domain.local)
  5. Add the IP for the Replica Broker (you have to add one unused IP from your local/public network (of course must be an ip from the same network as hosts and generally a routable IP) this will be a Virtual IP for the Host so you don't need to add another network interface)
  6. Then click "Finish"
2. We must open the Inbound Replica Broker rule on the Advanced Firewall of all Hyper-V nodes (the rule has been automatically created and named as: Hyper-V Replica HTTPS Listener (TCP-In))
3. We must create the certificates and the CAs, to do that we will use the makecert.exe tool. This tool you can download it if you don't have it from here.
4. After you install and locate the makecert.exe utility copy & paste it to the Primary site on the Primary server node you want to enable replication.
5. Run the following command from an elevated command prompt (cmd) on the primary server. This commands creates a self-signed root authority certificate. Also installs a Certificate in the root store of the local machine and is saved as a file locally to the current directory:
  1.  In primary server run this:
     1. makecert -pe -n "CN=PrimaryRootCA" -ss root -sr LocalMachine -sky signature -r "PrimaryRootCA.cer" and hit enter
     2. makecert -pe -n "CN=<fqdn.of.the.primary.server>" -ss my -sr LocalMachine -sky exchange -eku 1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2 -in "PrimaryRootCA" -is root -ir LocalMachine -sp "Microsoft RSA SChannel Cryptographic Provider" -sy 12 <PrimaryServerName>.cer (this will have to do it as times as the stand alone Hyper-V nodes we need to enable replication, the only thing we must change is the <fqdn> and the <PrimaryServerName>).
     3. We run one more time the upper command with the difference instead of the <fqdn> will add *.domain.local and in the <PrimaryServerName> you add something to remembers you that is for the replica site so lets say it ReplicaSite.cer.
6. We need to export the replica site certificate that we created in step 5.1.3 so we open the MMC -> Add/Remove Snap-In -> Add Certificate -> Computer Account -> Next,Next & Finish
7. We go to Personal -> Certificates and with right-click Export the ReplicaSite Certificate. We proceed with Export including the key and the file will be as .pfx also you have to give a password for the certificate.
8. After this we copy and paste this exported certificate the certificate of the CA that we have been created at step 5.1.1 (this will be located on the current directory that you run the cmd commands) on all Hyper-V Cluster nodes of the Replica Site (a good directory is C:\).
9. We open an elevated command prompt (cmd) and we run the certutil: certutil -addstore -f Root "C:\PrimaryRootCA.cer" (this will have to do it on every Hyper-V cluster node in the Replica Site).
10. After this we have to import the ReplicaSite certificate that we have exported as .pfx from the Primary Site to the Hyper-V Cluster nodes (again we must do it on every Hyper-V Cluster node in our Replica Site). To do this we open MMC -> Add/Remove Snap-In -> Add Certificates -> Computer Account -> Next, Next & Finish
11. Then we navigate to Personal -> Certificates -> Right-click and Import -> You must give the password that you have setup on the step 7.
12. Before we proceed with the replica configuration we have to disable the Revocation Check. This we have to do it on every Hyper-V server (primary site (stand alone nodes) and replica site (cluster nodes). To do this we must run this two commands bellow from an elevated command prompt (cmd):
  1. reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization\FailoverReplication" /v DisableCertRevocationCheck /d 1 /t REG_DWORD /f
  2. reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization\Replication" /v DisableCertRevocationCheck /d 1 /t REG_DWORD /f
13. After we have finished with the Import of the CA certificate and the ReplicaSite certificate and also with the disable of the Revocation Check we must select it to the Replica Broker configuration. To do this follow the steps bellow:
  1. Open The Failover Cluster and Navigate to Roles
  2. Right-click on the replica broker and select "Replication Settings"
  3. Check the "Enable this Cluster as a Replica Server"
  4. Check the "Use certificate-based Authentication (HTTPS)"
  5. Specify the port on 443 (leave it as it is)
  6. Now you must select the ReplicaSite Certificate that we have created and imported it to the Hyper-V Cluster nodes
  7. Specify the Cluster Storage directory
  8. And click OK
14. Now you have to Enable Replication in a VM on the Primary Server
15. To do this following the instruction bellow:
  1. Right-Click on the VM you want to replicate and  select Enable Replication
  2. Just hit "Next" on the first page with the description "Before You Begin"
  3. Specify the Replica Server, you must add the FQDN for the replica site (just to mention, all the Hyper-V nodes and the Replica Broker must have access to Internet and have FQDNs in the public dns servers of your Infrastructure so thay can "communicate" also they must have open the port 443 on the local firewall or if you use a dedicated appliance and NAT you must do the Network config there too) for me the FQDN is replicabroker.domain.local and hit "Next"
  4. After the Verification of the Replica we must specify the Connection Parameters. The only thing in that page that we must change (of course based on our scenario) is the Certificate, so we must select the Certificate with FQDN that we have been created based on the current server.
  5. "Next" on the Replication VHD (except we have 2 vhds and we want to replicate only one of them)
  6. In the Configure Recovery History you can configure whatever you want on your scenario and "Next"
  7. Initial Replication again whatever you want to do on your scenario "Next"
  8. "Finish" if all of the above is setup correct you must see the Enable Replication pop-up window and after a second (based on your network) you must see in the Hyper-V Manager on the Status, the percentage of the Replication.
That's it guys. If you need any advice or to edit something please leave a comment. Thank you a lot.


Τρίτη, 26 Νοεμβρίου 2013

How to disable IPv6 from MS Exchange 2010/2013 server - Gmail issue

Hello folks,

After an upgrade of SPF in Gmail servers, seems that Gmail is blocking e-mails with dynamic IPv6 addresses which have not PTR records in the RDNS. Because of that Gmail is also checking for every IPv6 address that is containing in the e-mail headers and not only the IP that is assigned on this server (the IP of the server that sending the e-mail to the Gmail's mail exchanges (MX)).

The solution is to completely disable the IPv6 addresses on the Edge servers (MX) of your Exchange Infrastracture. See below:

1. Regedit and go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TCPIP6\Parameters\ 
      a) Edit or Create a DWORD (32-bit) with the name "DisabledComponents"
      b) By default the value is 0x00000000 (0), you have to Right click and modify this value with the Hexademical 0xffffffff (you have to erase the 0 and write only the "ffffffff"), in Decimal it is the "4294967295" value.

2. You have to Restart your servers (edge exchange servers).

3. If you want to verify that you have set it up correctly just open a cmd and run this:
      a) C:\> reg query HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TCPIP6\Parameters /v DisabledComponents
      b) The output you must take is this: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TCPIP6\Parameters DisabledComponents    REG_DWORD    0xffffffff

That's all. Have a nice day.

Πέμπτη, 5 Σεπτεμβρίου 2013

How to Upgrade Microsoft LIS (Linux Integration Services) on CentOS 6.2/6.3

Linux Integration Services are responsible for making linux Guest OS working operational on Windows Server Hyper-V 2008 and 2008 R2. They make work properly a lot of things such as Networking, Cluster (heartbeat failovers), Time out failovers, Storage migrations and QSMs (Quick Storage Migrations) etc.

In this tutorial i will saw you how to upgrade LIS (Linux Integration Services) on CentOS 6.2 or 6.3 (not 6.4 or 6.5 because they already have the latest LIS).

1. First of all you have to find first your exhisting LIS that you have installed because before the upgrade you have to uninstall the exhistings.
# rpm -qa | grep microsoft 
you will take an output like this (differences may causes because of different versions on LIS):
microsoft-hyper-v-rhel6-43.1 
kmod-microsoft-hyper-v-rhel6-43.1

2. Next you have to uninstall this packages:
# rpm -e microsoft-hyper-v-rhel6-43.1 kmod-microsoft-hyper-v-rhel6-43.1

3. After the uninstall completed you have to shutdown the VM
# shutdown -h now

4. Then you have to mount the ISO with the 3.4 LIS (you can find the ISO here!)
a) Open Hyper-V manager: Click Start, point to Administrative Tools, and then click Hyper-V Manager
b) Mount the ISO to the IDE Controller of your Virtual Machine

5. Start Virtual Machine: Right click -> Start

6. Login as root

7. Now you have to mount the ISO
# mount /dev/cdrom /media

8. Next you have to change directory to start the installation
# cd /media/RHEL6012 or cd /media/RHEL63 (depends on the version of CentOS that you have installed)

9. Run the installation script
# ./install.sh

10. If everything completed without an error reboot the VM
# shutdown -r now

Check that everything works properly:

11. # ping google.com (first of all to see that everything in network adapters works properly because in previous versions of LIS we have see that we lose the config of the Network Adapters in unexpected shutdowns or failovers through the cluster

12. # /sbin/modinfo hv_vmbus (with this command we must take as an output something like this)
filename:       /lib/modules/2.6.32-220.el6.x86_64/weak-updates/microsoft-hyper-v/hv_vmbus.ko
version:        3.4
license:        GPL
srcversion:     2865A5C1D4FDEDEDDDB3296
alias:          acpi*:VMBus:*
alias:          acpi*:VMBUS:*
depends:
vermagic:       2.6.32-71.el6.x86_64 SMP mod_unload modversions


13. # /sbin/lsmod | grep hv (also a check if you have a look alike output like the above)
hv_utils                6085  0
hv_netvsc              23141  0
hv_timesource           1079  0 [permanent]
hv_storvsc             10372  2
hv_vmbus               93781  5 hid_hyperv,hv_utils,hv_netvsc,hv_timesource,hv_storvsc


If all of the above are ok then your upgrade to 3.4 Linux Integration Services gone well.

For informations/questions/or anything you want leave comments.

See you folks.

 

Δευτέρα, 11 Ιουνίου 2012

Συμμετοχή στο 2ο openSUSE Collaboration Summer Camp

Ζεσταθήκατε;

Ήρθε η ώρα να κανονίσετε τις καλοκαιρινές σας εξορμήσεις!
Το 2ο openSUSE Collaboration Summer Camp πλησιάζει και φέτος στο γνωστό μέρος (ξενοδοχείο Grand Platon στην παραλία Κατερίνης) στις 20-22 Ιουλίου 2012!

Όπως και πέρσι θα μαζευτούμε στην πισίνα και θα συνδυάσουμε μπάνια και μπύρες με παρουσιάσεις και workshops (μην ξεχάσετε να φέρετε τα laptop σας!)

Η εκδήλωση δεν αφορά σε καμία περίπωση μόνο χρήστες του openSUSE!
Σκοπός είναι η συνεργασία μεταξύ ανθρώπων που απολαμβάνουν να προσφέρουν στο Ε.Λ/Λ.Α.Κ και η γνωριμία με τους διάφορους τρόπους που μπορούν να το κάνουν.
Σας περιμένουμε όλους ανεξαιρέτως από τη διανομή σας για να συζητήσουμε, να ανταλλάξουμε απόψεις και φυσικά περιμένουμε και τις δικές σας ομιλίες ή/και workshops πάνω στα θέματα που σας ενδιαφέρουν!

Όπως και πέρσι θα υπάρχει ποικιλία θεμάτων που θα παρουσιαστούν τα οποία θα ανταποκρίνονται σε όλους, ακόμα και στους πιο νέους και όχι και τόσο έμπειρους χρήστες.
Όλοι μπορούν να συμμετέχουν ενεργά, να παρακολουθήσουν τις παρουσιάσεις και να πραγματοποιήσουν workshops!

Τι πρέπει να γνωρίζετε:

1. [CfP] Η υποβολή ομιλιών/workshops έχει ανοίξει και περιμένουμε και τις δικές σας προτάσεις!
Το μόνο που χρειάζεται να κάνετε είναι να συμπληρώστε τη φόρμα: http://www.os-el.gr/content/submit-talk-collaboration-summer-camp-2012

2. Για δήλωση συμμετοχής & κρατήσεις δωματίων (καλό είναι να το κάνετε εγκαίρως για να μας βοηθήσετε να κρατήσουμε τα διαθέσιμα δωμάτια που θα χρειαστούν στο ξενοδοχείο) στείλτε τα στοιχεία σας στο reservations@os-el.gr
(Για κράτηση δωματίου απαιτείται η καταβολή του 50% του κόστους - περισσότερες πληροφορίες για την κατάθεση θα σας δοθούν μέσω email)

Το κόστος για τα δωμάτια είναι (συμπεριλαμβάνεται πρωινό & βραδινό):
  • Μονόκλινο - 35 ευρώ/βραδιά
  • Δίκλινο - 45 ευρώ/βραδιά
  • Τρίκλινο - 60 ευρώ/βραδιά

3. Έχετε άλλες ερωτήσεις ή απορίες;
  • Περισσότερες πληροφορίες μπορείτε να βρείτε στη σελίδα www.os-el.gr/summercamp
  • Για οποιαδήποτε ερώτηση, επικοινωνήστε μαζί μας μέσω email: summercamp@os-el.gr
    Διότι αγαπάμε αυτό που κάνουμε & περνάμε ωραία συνεισφέροντας στο ΕΛ/ΛΑΚ ακόμα και το καλοκαίρι!

    ΣΑΣ ΠΕΡΙΜΕΝΟΥΜΕ ΟΛΟΥΣ ΕΚΕΙ!