Πέμπτη, 26 Ιουνίου 2014

Windows Server 2012/2012 R2 Hyper-V Replica between two different domains (stand alone and cluster)

Hello folks,

Our scenario is about Hyper-V Replica between two different domains, one with the stand alone Hyper-V 2012 Nodes (primary site) and the other with a Clustered Infrastructure of Hyper-V 2012 R2 (repilica site).

After a lot of trial and error with some configurations for this scenario i ended to the following config.

First of all this config is based on Certificates and not Kerberos because of the different domains between the Hyper-V nodes. Bellow you will find the steps to make it work, let's start.

1. We must create the Hyper-V Replica Broker (on the Replica site, where our cluster nodes exhists):
  1. Open the Failover Cluster
  2. Configure Role
  3. Select Hyper-V Replica Broker and hit "Next"
  4.  Add the Name of the replica broker e.g replicabroker (Note: this will be translated as an fqdn and also will be add on the domain controller the a record replicabroker.domain.local)
  5. Add the IP for the Replica Broker (you have to add one unused IP from your local/public network (of course must be an ip from the same network as hosts and generally a routable IP) this will be a Virtual IP for the Host so you don't need to add another network interface)
  6. Then click "Finish"
2. We must open the Inbound Replica Broker rule on the Advanced Firewall of all Hyper-V nodes (the rule has been automatically created and named as: Hyper-V Replica HTTPS Listener (TCP-In))
3. We must create the certificates and the CAs, to do that we will use the makecert.exe tool. This tool you can download it if you don't have it from here.
4. After you install and locate the makecert.exe utility copy & paste it to the Primary site on the Primary server node you want to enable replication.
5. Run the following command from an elevated command prompt (cmd) on the primary server. This commands creates a self-signed root authority certificate. Also installs a Certificate in the root store of the local machine and is saved as a file locally to the current directory:
  1.  In primary server run this:
     1. makecert -pe -n "CN=PrimaryRootCA" -ss root -sr LocalMachine -sky signature -r "PrimaryRootCA.cer" and hit enter
     2. makecert -pe -n "CN=<fqdn.of.the.primary.server>" -ss my -sr LocalMachine -sky exchange -eku 1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2 -in "PrimaryRootCA" -is root -ir LocalMachine -sp "Microsoft RSA SChannel Cryptographic Provider" -sy 12 <PrimaryServerName>.cer (this will have to do it as times as the stand alone Hyper-V nodes we need to enable replication, the only thing we must change is the <fqdn> and the <PrimaryServerName>).
     3. We run one more time the upper command with the difference instead of the <fqdn> will add *.domain.local and in the <PrimaryServerName> you add something to remembers you that is for the replica site so lets say it ReplicaSite.cer.
6. We need to export the replica site certificate that we created in step 5.1.3 so we open the MMC -> Add/Remove Snap-In -> Add Certificate -> Computer Account -> Next,Next & Finish
7. We go to Personal -> Certificates and with right-click Export the ReplicaSite Certificate. We proceed with Export including the key and the file will be as .pfx also you have to give a password for the certificate.
8. After this we copy and paste this exported certificate the certificate of the CA that we have been created at step 5.1.1 (this will be located on the current directory that you run the cmd commands) on all Hyper-V Cluster nodes of the Replica Site (a good directory is C:\).
9. We open an elevated command prompt (cmd) and we run the certutil: certutil -addstore -f Root "C:\PrimaryRootCA.cer" (this will have to do it on every Hyper-V cluster node in the Replica Site).
10. After this we have to import the ReplicaSite certificate that we have exported as .pfx from the Primary Site to the Hyper-V Cluster nodes (again we must do it on every Hyper-V Cluster node in our Replica Site). To do this we open MMC -> Add/Remove Snap-In -> Add Certificates -> Computer Account -> Next, Next & Finish
11. Then we navigate to Personal -> Certificates -> Right-click and Import -> You must give the password that you have setup on the step 7.
12. Before we proceed with the replica configuration we have to disable the Revocation Check. This we have to do it on every Hyper-V server (primary site (stand alone nodes) and replica site (cluster nodes). To do this we must run this two commands bellow from an elevated command prompt (cmd):
  1. reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization\FailoverReplication" /v DisableCertRevocationCheck /d 1 /t REG_DWORD /f
  2. reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization\Replication" /v DisableCertRevocationCheck /d 1 /t REG_DWORD /f
13. After we have finished with the Import of the CA certificate and the ReplicaSite certificate and also with the disable of the Revocation Check we must select it to the Replica Broker configuration. To do this follow the steps bellow:
  1. Open The Failover Cluster and Navigate to Roles
  2. Right-click on the replica broker and select "Replication Settings"
  3. Check the "Enable this Cluster as a Replica Server"
  4. Check the "Use certificate-based Authentication (HTTPS)"
  5. Specify the port on 443 (leave it as it is)
  6. Now you must select the ReplicaSite Certificate that we have created and imported it to the Hyper-V Cluster nodes
  7. Specify the Cluster Storage directory
  8. And click OK
14. Now you have to Enable Replication in a VM on the Primary Server
15. To do this following the instruction bellow:
  1. Right-Click on the VM you want to replicate and  select Enable Replication
  2. Just hit "Next" on the first page with the description "Before You Begin"
  3. Specify the Replica Server, you must add the FQDN for the replica site (just to mention, all the Hyper-V nodes and the Replica Broker must have access to Internet and have FQDNs in the public dns servers of your Infrastructure so thay can "communicate" also they must have open the port 443 on the local firewall or if you use a dedicated appliance and NAT you must do the Network config there too) for me the FQDN is replicabroker.domain.local and hit "Next"
  4. After the Verification of the Replica we must specify the Connection Parameters. The only thing in that page that we must change (of course based on our scenario) is the Certificate, so we must select the Certificate with FQDN that we have been created based on the current server.
  5. "Next" on the Replication VHD (except we have 2 vhds and we want to replicate only one of them)
  6. In the Configure Recovery History you can configure whatever you want on your scenario and "Next"
  7. Initial Replication again whatever you want to do on your scenario "Next"
  8. "Finish" if all of the above is setup correct you must see the Enable Replication pop-up window and after a second (based on your network) you must see in the Hyper-V Manager on the Status, the percentage of the Replication.
That's it guys. If you need any advice or to edit something please leave a comment. Thank you a lot.


Τρίτη, 26 Νοεμβρίου 2013

How to disable IPv6 from MS Exchange 2010/2013 server - Gmail issue

Hello folks,

After an upgrade of SPF in Gmail servers, seems that Gmail is blocking e-mails with dynamic IPv6 addresses which have not PTR records in the RDNS. Because of that Gmail is also checking for every IPv6 address that is containing in the e-mail headers and not only the IP that is assigned on this server (the IP of the server that sending the e-mail to the Gmail's mail exchanges (MX)).

The solution is to completely disable the IPv6 addresses on the Edge servers (MX) of your Exchange Infrastracture. See below:

1. Regedit and go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TCPIP6\Parameters\ 
      a) Edit or Create a DWORD (32-bit) with the name "DisabledComponents"
      b) By default the value is 0x00000000 (0), you have to Right click and modify this value with the Hexademical 0xffffffff (you have to erase the 0 and write only the "ffffffff"), in Decimal it is the "4294967295" value.

2. You have to Restart your servers (edge exchange servers).

3. If you want to verify that you have set it up correctly just open a cmd and run this:
      a) C:\> reg query HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TCPIP6\Parameters /v DisabledComponents
      b) The output you must take is this: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TCPIP6\Parameters DisabledComponents    REG_DWORD    0xffffffff

That's all. Have a nice day.

Πέμπτη, 5 Σεπτεμβρίου 2013

How to Upgrade LIS (Linux Integration Services) on CentOS 6.2

Linux Integration Services are responsible for Windows Hyper-V 2008 and 2008 R2 to make Linux Virtual Machines work operational normally (Windows Server 2012 and Windows Server 2012 R2 have built in the LIS). They make work properly a lot of things such as Networking, Cluster (heartbeat failovers), Time out failovers, Storage migrations and QSMs (Quick Storage Migrations) etc.

In this tutorial i will saw you how to upgrade LIS (Linux Integration Services) on CentOS 6.2 or 6.3 (not 6.4 because they already have the latest LIS).

1. First of all you have to find first your exhisting LIS that you have installed because before the upgrade you have to uninstall the exhistings.
# rpm -qa | grep microsoft 
you will take an output like this (differences may causes because of different versions on LIS):
microsoft-hyper-v-rhel6-43.1 
kmod-microsoft-hyper-v-rhel6-43.1

2. Next you have to uninstall this packages:
# rpm -e microsoft-hyper-v-rhel6-43.1 kmod-microsoft-hyper-v-rhel6-43.1

3. After the uninstall completed you have to shutdown the VM
# shutdown -h now

4. Then you have to mount the ISO with the 3.4 LIS (you can find the ISO here!)
a) Open Hyper-V manager: Click Start, point to Administrative Tools, and then click Hyper-V Manager
b) Mount the ISO to the IDE Controller of your Virtual Machine

5. Start Virtual Machine: Right click -> Start

6. Login as root

7. Now you have to mount the ISO
# mount /dev/cdrom /media

8. Next you have to change directory to start the installation
# cd /media/RHEL6012 or cd /media/RHEL63 (depends on the version of CentOS that you have installed)

9. Run the installation script
# ./install.sh

10. If everything completed without an error reboot the VM
# shutdown -r now

Check that everything works properly:

11. # ping google.com (first of all to see that everything in network adapters works properly because in previous versions of LIS we have see that we lose the config of the Network Adapters in unexpected shutdowns or failovers through the cluster

12. # /sbin/modinfo hv_vmbus (with this command we must take as an output something like this)
filename:       /lib/modules/2.6.32-220.el6.x86_64/weak-updates/microsoft-hyper-v/hv_vmbus.ko
version:        3.4
license:        GPL
srcversion:     2865A5C1D4FDEDEDDDB3296
alias:          acpi*:VMBus:*
alias:          acpi*:VMBUS:*
depends:
vermagic:       2.6.32-71.el6.x86_64 SMP mod_unload modversions


13. # /sbin/lsmod | grep hv (also a check if you have a look alike output like the above)
hv_utils                6085  0
hv_netvsc              23141  0
hv_timesource           1079  0 [permanent]
hv_storvsc             10372  2
hv_vmbus               93781  5 hid_hyperv,hv_utils,hv_netvsc,hv_timesource,hv_storvsc


If all of the above are ok then your upgrade to 3.4 Linux Integration Services gone well.

For informations/questions/or anything you want leave comments.

See you folks.

 

Δευτέρα, 11 Ιουνίου 2012

Συμμετοχή στο 2ο openSUSE Collaboration Summer Camp

Ζεσταθήκατε;

Ήρθε η ώρα να κανονίσετε τις καλοκαιρινές σας εξορμήσεις!
Το 2ο openSUSE Collaboration Summer Camp πλησιάζει και φέτος στο γνωστό μέρος (ξενοδοχείο Grand Platon στην παραλία Κατερίνης) στις 20-22 Ιουλίου 2012!

Όπως και πέρσι θα μαζευτούμε στην πισίνα και θα συνδυάσουμε μπάνια και μπύρες με παρουσιάσεις και workshops (μην ξεχάσετε να φέρετε τα laptop σας!)

Η εκδήλωση δεν αφορά σε καμία περίπωση μόνο χρήστες του openSUSE!
Σκοπός είναι η συνεργασία μεταξύ ανθρώπων που απολαμβάνουν να προσφέρουν στο Ε.Λ/Λ.Α.Κ και η γνωριμία με τους διάφορους τρόπους που μπορούν να το κάνουν.
Σας περιμένουμε όλους ανεξαιρέτως από τη διανομή σας για να συζητήσουμε, να ανταλλάξουμε απόψεις και φυσικά περιμένουμε και τις δικές σας ομιλίες ή/και workshops πάνω στα θέματα που σας ενδιαφέρουν!

Όπως και πέρσι θα υπάρχει ποικιλία θεμάτων που θα παρουσιαστούν τα οποία θα ανταποκρίνονται σε όλους, ακόμα και στους πιο νέους και όχι και τόσο έμπειρους χρήστες.
Όλοι μπορούν να συμμετέχουν ενεργά, να παρακολουθήσουν τις παρουσιάσεις και να πραγματοποιήσουν workshops!

Τι πρέπει να γνωρίζετε:

1. [CfP] Η υποβολή ομιλιών/workshops έχει ανοίξει και περιμένουμε και τις δικές σας προτάσεις!
Το μόνο που χρειάζεται να κάνετε είναι να συμπληρώστε τη φόρμα: http://www.os-el.gr/content/submit-talk-collaboration-summer-camp-2012

2. Για δήλωση συμμετοχής & κρατήσεις δωματίων (καλό είναι να το κάνετε εγκαίρως για να μας βοηθήσετε να κρατήσουμε τα διαθέσιμα δωμάτια που θα χρειαστούν στο ξενοδοχείο) στείλτε τα στοιχεία σας στο reservations@os-el.gr
(Για κράτηση δωματίου απαιτείται η καταβολή του 50% του κόστους - περισσότερες πληροφορίες για την κατάθεση θα σας δοθούν μέσω email)

Το κόστος για τα δωμάτια είναι (συμπεριλαμβάνεται πρωινό & βραδινό):
  • Μονόκλινο - 35 ευρώ/βραδιά
  • Δίκλινο - 45 ευρώ/βραδιά
  • Τρίκλινο - 60 ευρώ/βραδιά

3. Έχετε άλλες ερωτήσεις ή απορίες;
  • Περισσότερες πληροφορίες μπορείτε να βρείτε στη σελίδα www.os-el.gr/summercamp
  • Για οποιαδήποτε ερώτηση, επικοινωνήστε μαζί μας μέσω email: summercamp@os-el.gr
    Διότι αγαπάμε αυτό που κάνουμε & περνάμε ωραία συνεισφέροντας στο ΕΛ/ΛΑΚ ακόμα και το καλοκαίρι!

    ΣΑΣ ΠΕΡΙΜΕΝΟΥΜΕ ΟΛΟΥΣ ΕΚΕΙ!

Παρασκευή, 1 Ιουλίου 2011

IPv6 Certification by HE.NET done!

After a lot of hours of playing around with my IPv6 certification finally i finished it.. (almost) Only the daily jobs left but it's something easy and now i am writing the script for these daily jobs so when i finish it i will post it here. The certification was really cool and pretty good for education purposes. I learned things that i haven't see them before in practice so i enjoy it a lot.
The all things you have to do to pass it is:
  • Prove that you have IPv6 connectivity
  • Prove that you have a working IPv6 web server
  • Prove that you have a working IPv6 email address
  • Prove that you have working forward IPv6 DNS
  • Prove that you have working reverse IPv6 DNS for your mail server
  • Prove that you have name servers with IPv6 addresses that can respond to queries via IPv6
  • Prove your knowledge of IPv6 technologies through quick and easy testing
You will also demonstrate that you are familiar with IPv6 concepts such as:
  • the format of IPv6 addresses
  • AAAA records
  • reverse DNS for IPv6
  • the IPv6 localhost address
  • the IPv6 default route
  • the IPv6 documentation prefix
  • the IPv6 link local prefix
  • the IPv6 multicast prefix
  • how to do an IPv6 ping
  • how to do an IPv6 traceroute
  • common IPv6 prefix lengths such as /64, /48, /32
  • and more!
as the site says.. if you are familiar with all these things or you know the basics and you want to participate, just visit the Hurricane Electric and do the Certification.

My certificate:


Anyway, it's a very good challenge and opportunity for professional network administrators to change their server to full IPv6 support and for newbies to learn more things about IPv6 and server side stuff.

Hope you enjoy it...

Παρασκευή, 17 Ιουνίου 2011

openSUSE Collaboration Weekend Camp 15-17 Ιουλίου

Ο καιρός έχει ζεστάνει για τα καλά και ήρθε λοιπόν η ώρα να κανονίσουμε ...τις καλοκαιρινές μας εξορμήσεις!

Για φέτος είχαμε μια πολύ ενδιαφέρουσα ιδέα... Σκεφτήκαμε να κάνουμε κάτι διαφορετικό!

"Μια εκδρομούλα που θα συνδυάζει παραλία με ΕΛ/ΛΑΚ!"

Έτσι λοιπόν θα μαζευτούμε όλοι μαζί δίπλα στη θάλασσα για να παρακολουθήσουμε διάφορα workshops (μην ξεχάσετε να φέρετε τα laptop σας!) και θα δουλέψουμε πάνω στα αγαπημένας μας project!

Μια συνάντηση που γίνεται από την κοινότητα... για την κοινότητα!
Δηλάδή τον κάθε έναν από ΕΣΑΣ, με σκοπό... (εκτός από τα μπάνια) τη συνεργασία!

* Πότε;
Το Παρασκευοσαββατοκύριακο 15-16-17 Ιουλίου 2011!

* Πού;
Στο ξενοδοχείο Grand Platon Hotel (http://www.grandplaton-hotel.gr/) στην Ολυμπιακή Ακτή στην παραλία Κατερίνης.
Λεπτομέρειες για το πώς να έρθετε μπορείτε να βρείτε στη σελίδα http://www.os-el.gr

* Ποιος;
Η ελληνική κοινότητα openSUSE που διοργανώνει το 1ο openSUSE collaboration weekend camp, θα φροντίσει για την ομαλή ροή του προγράμματος, τον χώρο και τις λεπτομέρειες της διοργάνωσης.
Απευθύνεται, όμως, σε όλους τους ανθρώπους του ΕΛ/ΛΑΚ, οι οποίοι μπορούν να συμμετέχουν καθώς και να πραγματοποιήσουν το δικό τους workshop!

Αν θέλετε να κάνετε κάποιο workshop δεν έχετε παρά να μας στείλετε email με μια σύντομη περιγραφή του, μέχρι και την Τετάρτη 6/7.

* Γιατί να έρθω λοιπόν;
Στόχος μας είναι να φέρουμε πιο κοντά τις κοινότητες, ενθαρρύνοντας έτσι τη συνεργασία, και να δουλέψουμε όλοι μαζί πάνω στο project που μας ενδιαφέρει, ενδυναμώνοντας την επικοινωνία ανάμεσα στα μέλη της ελληνικής κοινότητας ΕΛ/ΛΑΚ.

Φυσικά δε θα λείψουν οι αμέτρητες βουτιές στη θάλασσα και οι άφθονες μπύρες!

Γιατί αγαπάμε αυτό που κάνουμε και περνάμε ωραία συνεισφέροντας στο ΕΛ/ΛΑΚ ακόμα και το καλοκαίρι!

Όσοι θέλετε να συμμετέχετε επικοινωνήστε μαζί μας μέχρι την Τετάρτη 22/6 για να δηλώσετε συμμετοχή ώστε να μπορέσουμε να οργανώσουμε καλύτερα τη διαθεσιμότητα των δωματίων!

Για περισσότερες πληροφορίες & δήλωση συμμετοχής:

- Επικοινωνήστε μαζί μας στο info@os-el.gr ή

- Μπείτε στο κανάλι μας #openSUSE-el στον IRC server Freenode.
Οδηγίες για το πως να συνδεθείτε στο irc μπορείτε να βρείτε εδώ:
http://el.opensuse.org/SDB:XCHAT

Τετάρτη, 18 Μαΐου 2011

How to install Enlightenment (E17) in openSUSE 11.4

Hello folks, two days ago I installed on my netbook Enlightenment WM (window manager). A very lightweight WM with the minimalistic environment that i like.. After 30 minutes and search actually you can understand how it works, it's really easy if you understand that all the apps are modules and you have only to load them or unload them.. After this quick introduction i think we must go to the installation and see it by your self.


The first thing that we do is to check if we have all the dependencies that Enlightenment needs.. you can check it with this command (it's not as big as it seems):
ankso@osuse~# sudo zypper install subversion autoconf automake libtool make gettext gettext-runtime freetype freetype-tools pam-devel libpng14-devel libjpeg62-devel zlib zlib-devel libdconf-dbus-devel libdbus-1-qt3-0-devel dbus-1-python-devel libtolua-devel lua-devel lua xorg-x11-libX11-devel xorg-x11-libXrender lxrandr libtff3 libtiff-devel xorg-x11-libxkbfile xorg-x11-libxkbfile-devel xorg-x11-libXext xorg-x11-libXext-devel librsvg-devel giflib-devel libcurl-devel libcurl4 libgnutls-devel libgnutls-extra-devel libxmlsec1-gnutls-devel 

if you don't have something of these it will ask you to install them, just press 'y' and after some minutes you will have all the dependencies that you need. 

After this you have to download this script , this is the script for the installation of E17 WM. You have only to do this easy steps:
1) Go to the Download folder (or where you have save the script)
ankso@osuse~# cd Downloads/ 
2) Make it executable
ankso@osuse~# chmod +x efl_quick.sh
3) Be root
ankso@osuse~# su -
4) Okay, now you can run it
osuse:[root]~# ./efl_quick.sh

When the script is starting you will see something like this:
Enter a username of a non-root user:
just enter your current username, for me it's ankso.
Then it will ask you for the path, the only thing you have to do is to hit the "Enter" :)

After all when the script is done you have only to logout and choose from the Sessions menu Enlightenment. Now you are ready to login with your new window manager. 

Welcome to the Enlightenment!