Connecting to a remote console with MSTSC 6.0.6001
Posted on July 23rd, 2008 by Christian in Life
Well, as one can read in about every damn post you can find afor that topic, the /console switch is now silently ignored, as well as the rdp file option “connect to console:i:1“.
Now, what you don’t find anywhere (only in some scenario explanation), that it is allowed to specifiy the mode (ie /console previously and now /admin) within the full address parameter.
Scenario: In the RDC client UI, you specify Computer_name /console in the Computer box (where Computer_name represents the name of the remote computer to which you want to connect), and then click Connect.
Behaviour: The /console switch is silently ignored. You will be connected to a session to remotely administer the server. (For more information about the Windows Server 2008 behavior, see the “Behavior when you connect to a server that does not have Terminal Server installed” section of this article.)
So my rdp connection file basically looks like this:
screen mode id:i:1 desktopwidth:i:1152 desktopheight:i:864 session bpp:i:24 winposstr:s:0,1,0,0,1219,971 full address:s:ip-address /admin compression:i:1 keyboardhook:i:2 audiomode:i:0 redirectdrives:i:0 redirectprinters:i:0 redirectcomports:i:0 redirectsmartcards:i:0 displayconnectionbar:i:1 autoreconnection enabled:i:1 alternate shell:s: shell working directory:s: disable wallpaper:i:0 disable full window drag:i:0 disable menu anims:i:0 disable themes:i:0 disable cursor setting:i:0 bitmapcachepersistenable:i:1 redirectclipboard:i:1 redirectposdevices:i:0 drivestoredirect:s: authentication level:i:0 prompt for credentials:i:0 negotiate security layer:i:1 remoteapplicationmode:i:0 allow desktop composition:i:1 allow font smoothing:i:1 gatewayhostname:s: gatewayusagemethod:i:0 gatewaycredentialssource:i:4 gatewayprofileusagemethod:i:0 prompt for credentials:i:0 EnableCredSSPSupport:i:0
SUSE Linux Enterprise Server 10 on VMware ESX
Posted on July 22nd, 2008 by Christian in Life
We’re currently having a *really* weird problem with our VM’s. Sometime last week, SUSE released a kernel update. Now, once you install it and you reboot the selected VM with a DVD/CD image present, you’re gonna see this:
msg.vmxaiomgr.retrycontabort.unknown
The only workaround so far has been to unmount *any* cleanse any CD-Drives attached to the VM. And yes, this is reproduceable, even reinstalling from scratch doesn’t change the fact, that after installing the patch the VM quits working.
I also know, SLES10 SP2 ain’t officially supported yet by VMware, but I’d still suspect it to just work and not produce such weird errors. The only thing I found so far is this VMTN thread ..
Nagios Hostgroup Inheritance (continued)
Posted on July 19th, 2008 by Christian in Life
Well, it turns out that my thought was ultimativly flawed. When defining the hostgroup_members in the lower tiers, nagios is association the checks from the lower tier with the upper tiers. Thus propagandating all checks upwards, and me ending up with ~250 checks instead of ~150.
Gonna have to try to define the dependency backwards, maybe that’ll help. But that’s a topic for Monday. Guess I’ll finish viewing Ghost in the Shell - Stand Alone Complex first.
Nagios Hostgroup Inheritance
Posted on July 17th, 2008 by Christian in Life
As I wrote earlier, I recently virtualized our nagios. Along with that came a complete “redesign” of how checks are applied. Up till now, I defined checks for each and every single server, thus ending up with ~25 files, each holding roughly 6 checks which are in the same file just sorted by hostname.
As you can imagine, it gets quite confusing with that amount of checks (~150). So the last two days I spent on reorganizing (with Visio), on which object/hostgroup placing a check would make sense. Now, this is my first result of two days planning, reorganizing, reordering and moving hosts into different hostgroups.
Nagios Hostgroup Inheritance - Linux
Nagios Hostgroup Inheritance - Windows
Thanks to Josh (and Chris I think), realizing the above is gonna get quite easy. Gonna talk about the config layout itself about once I have it all wrapped up. Stay tuned!
Nagios virtualization
Posted on July 15th, 2008 by Christian in Life
As virtualization seems to be a trendy thing to do, I went ahead and virtualized our nagios (while reinstalling the whole thing …).
Now as I went into work today and started my email client, I received 4 nagios warnings about a LOAD service reaching critical state. Looked at the nagios box itself, opened up the VM console, looked into the syslog. Nothing.
Yet over 3/4 of the services were flapping, some ping checks were critical (for whatever reason). So I opened the nagios webinterface again, and noticed it dropping the connection over and over again (had to reauthentificate me again and again).
So I opened up Putty, which established the connection without a single problem, but dropped me like a stone after a short amount of time. I restarted the session and got a security warning from Putty (due to different than the saved sshd public key). That raised my suspicion. So I took a look at the hostname, and lookie there.
Somehow my old nagios box (which is a physical box), got turned online again, thus having the same IP address as my virtualized one. So the virtualized nagios wasn’t really dropping my connection, but I was being directed to the old nagios.
Walked over into the data center, turned of the old box (well, I kept the power button pressed for a short time), and away went my troubles.
Latest SLES10 RPM additions
Posted on July 14th, 2008 by Christian in Life
Well, as some people know, I keep around a small set of packages for my own needs (stuff I need from time to time, packages currently in the distributions but yet too old).
So here are some additions to my small repo (that is so far this month):
- iftop 0.17-7 for SLES10 (i586, x86_64, srpm) — Rebuild from Fedora’s SRPM
- nagios-nrpe 2.12-1 for SLES10 (i586, x86_64, srpm) — Rebuild/Bump from my previous SRPM
- nagios 3.0.3-1 for SLES10 — Rebuild/Bump from the original SLES10 SRPM
- pnp4nagios 0.4.10 for SLES10 (i586, x86_64, srpm) — Rebuild from CentOS SRPM, modified to fit into the SLES scheme — currently has a small bug, still need to fix it tomorrow (/etc/apache2/conf.d/pnp4nagios.conf has a wrong “Allow” line … ooooops).
Extending VMotion compatiblity (continued)
Posted on July 14th, 2008 by Christian in Life
Remember my last post about cpu masking ? Well, turns out that you can do it to a “template”.
The only point you don’t need to do, is to mark the VM as a “template“. You still can clone it and move it around and all that other stuff, but the good part is, that the cloned VM keeps the cpu mask set to the “template” *shrug*
I don’t know, why VMware didn’t include that feature into the templates, since it’s a real freaky way to do.
Nagios3 with Active Directory authorization on SLES10
Posted on July 14th, 2008 by Christian in Life
Well, it seems to be getting a “trend” for me, to integrate stuff into our Active Directory. Now that I know why, and how easy that is, I expect to add more stuff. The good thing about the integration is, that you only need to maintain a single source for authorization.
The bad thing about that is, that stuff becomes dependant on the Active Directory (we do have four domain controllers, so that should be fine).
Now, here’s the ssl-(only) apache2 configuration file for my vhost:
<VirtualHost *:80> ## mod_core DocumentRoot "/usr/share/nagios" ServerName nagios.barfoo.org ServerAlias nagios3.barfoo.org ServerAdmin nagiosadmin@barfoo.org ## mod_rewrite RewriteEngine On RewriteRule ^/(.*) https://nagios.barfoo.org/$1 [L,R] </VirtualHost> <VirtualHost *:443> ## mod_core DocumentRoot "/usr/share/nagios" ServerName nagios.barfoo.org ServerAdmin nagiosadmin@barfoo.org ScriptAlias /nagios/cgi-bin /usr/lib/nagios/cgi Alias /nagios /usr/share/nagios Alias /pnp /usr/share/nagios/html/pnp4nagios <DirectoryMatch "/usr/(share/nagios|lib/nagios/cgi)"> AllowOverride None Order deny,allow Deny from all Allow from 10.0.0. Options None # Authorization AuthType Basic AuthName "Nagios Barfoo" # The authentification provider is mod_ldap AuthBasicProvider ldap # mod_ldap is our *only* authentification provider for this! AuthzLDAPAuthoritative on # Redirect the userfile requests to /dev/null AuthUserFile /dev/null # AD requires an authentication DN to access any records AuthLDAPBindDN "BARFOO\\ldap_nagios" AuthLDAPBindPassword "somethingrandom" # The URL to search in AuthLDAPURL "ldap://dc0.barfoo.org dc1.barfoo.org dc2.barfoo.org dc3.barfoo.org/OU=Users,dc=barfoo,dc=org?sAMAccountName?sub?(objectClass=*)" # Search the group membership in the specified group, otherwise it's gonna # get searched at the binding DN's location AuthLDAPGroupAttributeIsDN on Require ldap-group CN=gr_nagios,OU=Groups,DC=barfoo,DC=org </DirectoryMatch> ## mod_log ErrorLog /var/log/apache2/nagios.barfoo.org.error_log TransferLog /var/log/apache2/nagios.barfoo.org.access_log CustomLog /var/log/apache2/nagios.barfoo.org.ssl_request_log ssl_combined ## mod_ssl SSLEngine on SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SSLCertificateFile /etc/apache2/ssl.crt/nagios.barfoo.org.crt SSLCertificateKeyFile /etc/apache2/ssl.key/nagios.barfoo.org.key <Files ~ "\.(cgi|shtml|phtml|php3|php?)$"> SSLOptions +StdEnvVars </Files> SetEnvIf User-Agent ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 </VirtualHost>
As you can see, AuthLDAPUrl holds the four LDAP servers separated by spaces (that’s what the Apache2 documentation says about that), and that actually works.
The only additional thing I had to change from the nagios part is in /etc/nagios/cgi.cfg to allow everyone to issue system commands. Also, if you ever stumble upon extranous chars in the check_nrpe output, update to a newer NRPE version, that fixed it for me (that is on the receiver side - as in the box running the NRPE agent).
Extending VMotion compatiblity
Posted on July 4th, 2008 by Christian in Life
Today I did something horrible. I yet again noticed that I bought the wrong CPU’s (basically I bought Xeon DP’s with four cores). Those have apparently a feature called SSSE3, which makes VMotion with our old Xeon DP’s (dual cores) fail before even trying.
But as we had a cooling outage today (basically ’cause it broke), I needed to turn off some ESX servers. Thus leaving me with the new ones and one of the old ones. *yuck*
So after a bit of googling, I found this VMware KB entry, which luckily lists the registers (on level 1) you need to zero out.
1 2 | ecx ---- ---- ---- -0-- ---- --0- ---0 -0-- edx ---- ---- ---- --0- ---- ---- ---- ---- |
Only problem after that was that it still wasn’t enough. So back to the drawing board. The final solution came rather quick and looks like this:
1 2 3 | eax ---- ---- ---- ---- ---- 0--0 ---- ---- ecx ---- ---- ---- -0-- ---- --0- ---0 -0-- edx ---- ---- ---- --0- ---- ---- ---- ---- |
The only stupid thing about this is, that
- it ain’t supported by VMware (as in if you’re having trouble with your ESX/VC and you have a VM running with this, you’re shit outta luck!)
- you have to define this on a *per VM basis*, which really is a pain in the ass for larger installations
True, I just should’ve bought VMotion compatible CPU’s, that would have spared me the hassle … but it’s too late now, I have to live with those ones.
Managing unixODBC connections on SLES10
Posted on July 3rd, 2008 by Christian in Life
Recently I got the task, to implement unixODBC/freetds on one (well, it’s really three) of our web servers, as someone wanted to use Microsoft SQL Server 2005 with PHP (without using the MSSQL functions, which PHP provides soo nicely; don’t ask me why).
With that I also got a set of “instructions” on how to install freetds from source (remember, I was a Gentoo dev, so I know my way around, when it comes to building from source), as well as a small set of instructions on how to create the connection.
Well, after trying to figure out why the hell the connection ain’t working with unixODBC’s tsql and PHP’s odbc functions, and yet the plain connection using telnet works … *shrug* turns out it was a simple mistake …
The “howto” said something like this:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 | [FreeTDS] Description = FreeTDS unixODBC Driver Driver = /usr/lib64/libtdsodbc.so Setup = /usr/lib64/libtdsodbc.so [ODBC Data Sources] mssql = Microsoft SQL Server 2005 [mssql] Driver = /usr/lib64/libtdsodbc.so Description = MSSQLServer Trace = No Database = Database TraceFile = /var/log/freetdssql-foobar.log Servername = sql.foobar.org Port = 2433 TDS_Version = 8.0 [Default] Driver = /usr/lib64/libtdsodbc.so |
While it should have been this:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 | [FreeTDS] Description = FreeTDS unixODBC Driver Driver = /usr/lib64/libtdsodbc.so Setup = /usr/lib64/libtdsodbc.so [ODBC Data Sources] mssql = Microsoft SQL Server 2005 [mssql] Driver = /usr/lib64/libtdsodbc.so Description = MSSQLServer Trace = No Database = Database TraceFile = /var/log/freetdssql-foobar.log Server = sql.foobar.org Port = 2433 TDS_Version = 8.0 [Default] Driver = /usr/lib64/libtdsodbc.so |
See the difference ? If not, I’ll show you a diff:
1 2 3 4 5 6 7 8 9 10 | --- odbc.ini.orig +++ odbc.ini @@ -12,7 +12,7 @@ Trace = No Database = Database TraceFile = /var/log/freetdssql-foobar.log -Servername = sql.barfoo.org +Server = sql.barfoo.org Port = 2433 TDS_Version = 8.0 |
Something as simple as adding another part of a word (as in “name“) to Server, makes the whole thing go wonko. Well, it ain’t going wonko per se, as Servername is different from the meaning of Server, at least when it comes to freetds.
Servername is the SQL-Server Instance name, while Server is the DNS name .. figures.