Windows 7 - Configuring remote access

Well, had a new Windows 7 build provided the other day which is all nice and shiny - but......

Now going through the "I used to configure this via......" which occurs with every change of the MS Operating System.

In this case I wanted to log into my PC remotely to do some work and while testing the connection I got this error message:

"The connection was denied because the user account is not authorized for remote login"

Googled and came across this link which was just what I was after......

An extract of which is:

"Remote Desktop is not enabled by default. You must specifically enable it to allow remote access to the workstation. When it is enabled, any member of the Administrators group can connect to the workstation. Other users must be placed on a remote access list to gain access to the workstation.

To configure remote access, follow these steps:
1. In Control Panel, click System And Security, and then click System.
2. On the System page, click Remote Settings in the left pane. This opens the System Properties dialog box to the Remote tab.
3. To disable Remote Desktop, select Don’t Allow Connections To This Com¬puter, and then click OK.Skip the remaining steps.
4. To enable Remote Desktop, you have two options. You can:

• Select Allow Connections From Computers Running Any Version Of Remote Desktop to allow connections from any version of Windows.
• Select Allow Connections Only From Computers Running Remote Desktop With Network Level Authentication to allow connections only from Windows 7 or later computers (and computers with secure network authentication).

5. Click Select Users. This displays the Remote Desktop Users dialog box.
6. To grant Remote Desktop access to a user, click Add. This opens the Select Users dialog box. In the Select Users dialog box, click Locations to select the computer or domain in which the users you want to work with are located. Type the name of a user you want to work with in the Enter The Object Names To Select field, and then click Check Names. If matches are found, select the account you want to use and then click OK. If no matches are found, update the name you entered and try searching again. Repeat this step as necessary, and then click OK.
7. To revoke remote access permissions for a user account, select the account and then click Remove.
8. Click OK twice when you have finished"

In my case, due to the fact we are running Group Policies, I followed up to opening System Properties - then clicked the Remote tab and added my account into the "Select Users" area.

Solaris - Resetting the Root password

Someone decided to change the root password and not test it while having the original logged in terminal window open. So we no longer had a working root password, so what to do!!

Well, found a number of useful links which covered SPARC and x86 (which seemed to look the same to me) but nothing about ZFS until I found the Oracle guide which was almost what I wanted.......

What you need to do is remove the root password entry in the shadow file and below is how I did that:


1. First of all you need to get to the <ok> prompt and boot into single user mode - in my case a Jumpstart server is used and not a DVD.

<ok> boot net -s

2. Once booted become root - which is a simple su <enter> (Running a ZFS list at this point produces no response).

3. Import the root pool and specify an alternative mount point.

# zpool import -R /a rpool

4. At this point you can run a ZFS list (# zfs list) to see what is available (I was interested as we also use Live Upgrade here so there were a number of BEs - I did have a couple of lines stating some parts failed to mount, but the ZFS list showed that a number BEs were available.

5. Mount a BE (in this case u10test).

# zfs mount rpool/ROOT/u10test

 6. Change to the /etc directory.

 # cd /a/etc

7. Now you can edit the shadow file (well, not quite as you'll get an error stating that the system doesn't know what input device you are using.....).

# TERM=vt100
# export TERM

8. Now you can edit the shadow file.

# vi shadow

9. Okay! What do I remove?

 root:BZQ8dnry$$MOOj3d71FeSNOngAAqIwY/:15643::::::

10. Remove the entries between root: and :15643 like so...

root::15643::::::

11. Save the file.

:wq!

12. Restart the server

# init 6

13. Log into the server (we log in with a normal account then su)

!!You will not be prompted for a password!!

14. Change your root password.

# passwd root

Solaris - memstat

I wanted to check what the memory usage status of the server and stumbled across this:

# mdb -k

Loading modules: [ unix genunix specfs dtrace zfs sd mpt_sas px ldc dls sockfs ip hook neti sctp arp usba fcp fctl nca lofs md cpc random crypto fcip logindmux ptm ufs sppp nfs ]

> ::memstat
Page Summary                Pages                MB  %Tot
------------     ----------------  ----------------  ----
Kernel                     195420              1526   38%
ZFS File Data              115894               905   23%
Anon                        38070               297    7%
Exec and libs                5870                45    1%
Page cache                 130559              1019   25%
Free (cachelist)            12603                98    2%
Free (freelist)             14980               117    3%

Total                      513396              4010
Physical                   490083              3828

To exit:

ctrl-d

Solaris - ZFS mirror

We were rebuilding a server we'd moved two additional disks into the T3-1 to make a total of four.

The original two were configured as the root pool via Jumpstart.

Prior to releasing the server to the DBA team for their work we had to configure the second set of disks into another mirror for application install.

Only having done this once before I started off with the basics.

Does the server see the disks?

# format

AVAILABLE DISK SELECTIONS:
       0. c0t5000C50031F8E1E7d0 <SUN300G cyl 46873 alt 2 hd 20 sec 625>
          /scsi_vhci/disk@g5000c50031f8e1e7
       1. c0t5000C50031FC06C3d0 <SUN300G cyl 46873 alt 2 hd 20 sec 625>
          /scsi_vhci/disk@g5000c50031fc06c3
       2. c0t5000C50031FC1377d0 <SEAGATE-ST930003SSUN300G-0B70-279.40GB>
          /scsi_vhci/disk@g5000c50031fc1377
       3. c0t5000C50031FC1577d0 <SEAGATE-ST930003SSUN300G-0B70-279.40GB>
          /scsi_vhci/disk@g5000c50031fc1577

4 disks are seen - great! (If they weren't picked up I'm reliably informed that a devfsadm will do the trick..).

NOTE: To check which disks are already in a pool run:

# zfs list


        NAME                         STATE     READ WRITE CKSUM
        rpool                        ONLINE       0     0     0
          mirror-0                   ONLINE       0     0     0
            c0t5000C50031F8E1E7d0s0  ONLINE       0     0     0
            c0t5000C50031FC06C3d0s0  ONLINE       0     0     0


First of all I tried the following

# zpool create pool2 c0t5000C50031FC1377d0 c0t5000C50031FC1577d0
/dev/dsk/c0t5000C50031FC1577d0s2 is part of exported or potentially active ZFS pool rpool

So I had to rerun with a -f (I know I could do this without causing any issues as I had taken the disks out of a server that had been decommissioned)

# zpool create -f pool2 c0t5000C50031FC1377d0 c0t5000C50031FC1577d0

# zpool status
  pool: pool2
 state: ONLINE
 scan: none requested
config:

        NAME                     STATE     READ WRITE CKSUM
        pool2                    ONLINE       0     0     0
          c0t5000C50031FC1377d0  ONLINE       0     0     0
          c0t5000C50031FC1577d0  ONLINE       0     0     0

# zpool list
NAME    SIZE  ALLOC   FREE    CAP  HEALTH  ALTROOT
pool2   556G    94K   556G     0%  ONLINE  -


Which was great apart form I wanted a mirror configuration....

# zpool destroy pool2

# zpool create pool2 mirror c0t5000C50031FC1377d0 c0t5000C50031FC1577d0

# zpool status
pool: pool2
 state: ONLINE
 scan: none requested
config:

        NAME                       STATE     READ WRITE CKSUM
        pool2                      ONLINE       0     0     0
          mirror-0                 ONLINE       0     0     0
            c0t5000C50031FC1377d0  ONLINE       0     0     0
            c0t5000C50031FC1577d0  ONLINE       0     0     0

# zpool list
NAME    SIZE  ALLOC   FREE    CAP  HEALTH  ALTROOT
pool2   278G  92.5K   278G     0%  ONLINE  -

Job done!

Solairs - Upgrading and Patching LDOMs

Still investigating the patching. If you've been reading the previous patching blogs you'll know that the bare metal OS is sorted plus the Zones (which is just patch the bare metal and the Zone receives the patch as well) have been covered using ZFS and Live Upgrade (being still reasonably new to Solaris I've been impressed with).

What hasn't been covered is LDOMs of which we have very few and will soon be getting rid of the last one shortly.

So far I've patched the bare metal OS, or Host, which runs the LDOM application. The machine has been patched using the previous steps as statement in the older blogs - upgrade to update 10 and then applying the latest Recommended patches.

NOTE: The Host system is running on ZFS.

Patching the LDOM is the same as patching a physical server. Since I use Live Upgrade to upgrade and patch the OS I had to check whether Live Upgrade was installed.

# telnet localhost 5000

Log in to the Virtual Machine and then check if Live Upgrade packages are installed.

# pkginfo | grep "Live Upgrade"

If it is installed then you need to apply the Live Upgrade patches. Having spoken to Oracle Support about the "Best Practice" for patching LDOMs the support guy recommended the following patches for Live Upgrade:
119252-35, 119254-86, 119534-32, 120199-19, 121428-15, 121430-83, 124630-69, 137321-02, 144569-01, 146054-07, 146578-06, 147061-01

(I've only been using 119254-84, 121428-15, 121430-80, 141444-09, 146578-06 with my previous attempts which has worked fine as most of the patches aren't applied when ran).

After applying the patches:

# patchadd 119252-35 (repeat for each patch)

NOTE: Effectively from this point on it is just like patching a physical server (you could even argue that it is full stop - which I would agree with but this was the steps I took to get to the point I was comfortable patching the VM)

Then create a new Boot Environment (BE) for patching (or for upgrade purposes)

# lucreate -n u10guest

Patch or upgrade the newly created BE (in this case upgrade using a script as I wanted to have note of how long each process took - upgrade and patch). /dvd is the mount point for the Solaris 10 Update 10 ISO.

#!/usr/bin/ksh
echo "`date` : Start ---------------"
luupgrade -u -n u10guest -s /dvd >> /logs/u10log
echo "`date` : Finish -------------"

# nohup ./upgrade &

Once the upgrade has occurred you can activate and reboot into the new BE u10_guest

# luactivate -n u10guest

Make note of the out just in case you need to recover...... then reboot the server.

# init 6

Once the server has rebooted apply the Live Update patches (119252-35, 119254-86, 119534-32, 120199-19, 121428-15, 121430-83, 124630-69, 137321-02, 144569-01, 146054-07, 146578-06, 147061-01).

Solaris - October CPU error

When applying the latest prereq I got the following error:

bash-3.2# ./installpatchset --apply-prereq --s10patchset
ERROR: Unable to read patch set 10_Recommended_CPU_2012-07.README file.



Looking at the extracted files in the directory:

drwxr-xr-x   3 root     root          11 Oct 11 21:43 .
drwxr-xr-x   3 root     root           5 Oct 17 10:42 ..
-r--r--r--   1 root     root      105874 Oct 11 11:56 10_Recommended_CPU_2012-10.html
-r-xr-xr-x   1 root     root       57112 Oct 11 11:56 10_Recommended_CPU_2012-10.README
-r--r--r--   1 root     root        7625 Oct 11 11:56 Copyright
lrwxrwxrwx   1 root     root          15 Oct 17 10:52 installcluster -> installpatchset
-r-xr-xr-x   1 root     root      100674 Oct 11 11:56 installpatchset
-r--r--r--   1 root     root       18775 Oct 11 11:56 LEGAL_LICENSE.TXT
-r--r--r--   1 root     root        3640 Oct 11 11:56 patch_order
drwxr-xr-x 366 root     root         367 Oct 11 11:56 patches
-r--r--r--   1 root     root        4818 Oct 11 11:56 patchset.conf

Spot the difference......

Yes, someone forgot to change the password check to read the 10_Recommended_CPU_2012-10.README and not 10_Recommended_CPU_2012-07.README file


Renaming the README files fixes the (minor) problem.......

Virtualisation - conversion from one VI to another

There maybe a need to be able to migrate from one Virtualisation Product to another (vSphere to Hyper-V or vice-versa)

I've found some resources that can help.

Hyper-V to vSphere

A guide on how to convert from Hyper-V to vSphere VMs, which also has a link to a video from TrainSignal, can be found here.

vSphere to Hyper-V

There is now a tool that will enable you to convert vSphere VMs to Hyper-V 2012 which can be downloaded from here.

Microsoft - Booting Hyper-V 2012 from a USB stick

Coming from a VMware Virtualisation background and being new to Hyper-V I wanted to look at how I would do common tasks - in VMware ESXi gets installed on a internal USB stick (well, that's the option we use and how the servers are configured) so how do I do that in Hyper-V?

In short - you can't if you want any support off Microsoft.

NOTE: They do have a guide which allows OEMs to do it for you which is supported.

That aside, feel free to follow the guide to install it in a lab environment which will be what I'll be doing!

I also found a short video showing you how to do this (which follows the Microsoft instructions).

Alternatively you just get the ISO image for ESXi and follow the installation instructions to install it on hard disk or USB...... just a thought.....

Microsoft - Hyper-V 2012

Investigating Hyper-V 2012 which has been getting some good reviews.

There are a number of Hyper-V Jump Start videos available which I've been using.

The first one in the series is called Core which you can find here

If you want to check costs Windows 2012 licensing information can be found here

A video of Virtualisation Products comparisons are available from Microsoft (hmmm....) which are taken from there TechEd 2012 conference VIR311 and one about Private Cloud comparisons VIR312