SAN Volumes the Microsoft iSCSI Initiator
Every time we rebooted our servers, we noticed that the SAN volumes were always offline. This is really annoying when hosting Virtual Servers, File shares and databases (yes SQL server doesnt like this one bit!).
Without any documentation to install and help us with configuring a new volume we decided that we should create new dynamic disks rather than basic disks (as a SAN can be seen as dynamic)
Note to self: DO NOT do this with the iSCSI initator. This is not supported or recommended by Microsoft after reading some obscure newsgroup posting.
Once we copied all data from drives, deleted and created a basic disk, rebooted, the volumes came up all OK.
So in summary, always create basic disks when using the iSCSI initiator.
7.30.2008
1.03.2007
Cisco :: Steps to password recovery
Lifted from http://www.routergod.com/psychic/
Steps to password recovery:
Power cycle the router.
Send a BREAK within 60 seconds.
From ROM mode, change config register to 2142.
Reboot router.
Get into Priv Exec (enable) mode.
Load up config with “copy start run”.
Change password and reset config-register to 2102.
Save config with “copy run start” and reload.
Steps to password recovery:
Power cycle the router.
Send a BREAK within 60 seconds.
From ROM mode, change config register to 2142.
Reboot router.
Get into Priv Exec (enable) mode.
Load up config with “copy start run”.
Change password and reset config-register to 2102.
Save config with “copy run start” and reload.
12.29.2006
12.06.2006
Resetting a PIX 506 password
To perform a password recovery:
You will need to download TFTP Server from the following link:
http://tftpd32.jounin.net/
Download the file np63.bin version at:
http://www.cisco.com/en/US/products/hw/vpndevc/
ps2030/products_password_recovery09186a008009478b.shtml#pix_without
1. Open the TFTP program
2. Install a serial terminal or a PC with terminal emulation software on the PIX console port.
3. Verify that you have a connection with the PIX, and that characters are going from the terminal to the PIX, and from the PIX to the terminal.
Note: Because you are locked out, you will see only a password prompt.
4. Immediately after you power on the PIX Firewall and the startup messages appear, send a BREAK character or press the ESC key. The monitor> prompt is displayed. If needed, type ? (question mark) to list the available commands.
5. Use the interface command to specify which interface the ping traffic should use.
6. Use the address command to specify the IP address of the PIX Firewall's interface.
7. Use the server command to specify the IP address of the remote TFTP server containing the PIX password recovery file.
8. Use the file command to specify the filename of the PIX password recovery file. For example, the 5.1 release uses a file named np63.bin.
9. If needed, enter the gateway command to specify the IP address of a router gateway through which the server is accessible.
10. If needed, use the ping command to verify accessibility. If this command fails, fix access to the server before continuing.
11. Use the tftp command to start the download.
12. As the password recovery file loads, the following message is displayed:
Do you wish to erase the passwords? [yn] y
Passwords have been erased.
13. The default Telnet password after this process is "cisco." There is no default enable password. Go into configuration mode and issue the passwd your_password command to change your Telnet password and the enable password your_enable_password command to create an enable password, and then save your configuration.
Example:
monitor> interface 0
0: i8255X @ PCI(bus:0 dev:13 irq:10)
1: i8255X @ PCI(bus:0 dev:14 irq:7 )
Using 0: i82559 @ PCI(bus:0 dev:13 irq:10), MAC: 0050.54ff.82b9
monitor> address 10.21.1.99
address 10.21.1.99
monitor> server 172.18.125.3
server 172.18.125.3
monitor> file np63.bin
file np52.bin
monitor> gateway 10.21.1.1
gateway 10.21.1.1
monitor> ping 172.18.125.3
Sending 5, 100-byte 0xf8d3 ICMP Echoes to 172.18.125.3, timeout is 4 seconds:
!!!!!
Success rate is 100 percent (5/5)
monitor> tftp
tftp np52.bin@172.18.125.3 via 10.21.1.1...................................
Received 73728 bytes
Cisco Secure PIX Firewall password tool (3.0) #0: Tue Aug 22 23:22:19 PDT 2000
Flash=i28F640J5 @ 0x300
BIOS Flash=AT29C257 @ 0xd8000
Do you wish to erase the passwords? [yn] y
Passwords have been erased.
Rebooting....
You will need to download TFTP Server from the following link:
http://tftpd32.jounin.net/
Download the file np63.bin version at:
http://www.cisco.com/en/US/products/hw/vpndevc/
ps2030/products_password_recovery09186a008009478b.shtml#pix_without
1. Open the TFTP program
2. Install a serial terminal or a PC with terminal emulation software on the PIX console port.
3. Verify that you have a connection with the PIX, and that characters are going from the terminal to the PIX, and from the PIX to the terminal.
Note: Because you are locked out, you will see only a password prompt.
4. Immediately after you power on the PIX Firewall and the startup messages appear, send a BREAK character or press the ESC key. The monitor> prompt is displayed. If needed, type ? (question mark) to list the available commands.
5. Use the interface command to specify which interface the ping traffic should use.
6. Use the address command to specify the IP address of the PIX Firewall's interface.
7. Use the server command to specify the IP address of the remote TFTP server containing the PIX password recovery file.
8. Use the file command to specify the filename of the PIX password recovery file. For example, the 5.1 release uses a file named np63.bin.
9. If needed, enter the gateway command to specify the IP address of a router gateway through which the server is accessible.
10. If needed, use the ping command to verify accessibility. If this command fails, fix access to the server before continuing.
11. Use the tftp command to start the download.
12. As the password recovery file loads, the following message is displayed:
Do you wish to erase the passwords? [yn] y
Passwords have been erased.
13. The default Telnet password after this process is "cisco." There is no default enable password. Go into configuration mode and issue the passwd your_password command to change your Telnet password and the enable password your_enable_password command to create an enable password, and then save your configuration.
Example:
monitor> interface 0
0: i8255X @ PCI(bus:0 dev:13 irq:10)
1: i8255X @ PCI(bus:0 dev:14 irq:7 )
Using 0: i82559 @ PCI(bus:0 dev:13 irq:10), MAC: 0050.54ff.82b9
monitor> address 10.21.1.99
address 10.21.1.99
monitor> server 172.18.125.3
server 172.18.125.3
monitor> file np63.bin
file np52.bin
monitor> gateway 10.21.1.1
gateway 10.21.1.1
monitor> ping 172.18.125.3
Sending 5, 100-byte 0xf8d3 ICMP Echoes to 172.18.125.3, timeout is 4 seconds:
!!!!!
Success rate is 100 percent (5/5)
monitor> tftp
tftp np52.bin@172.18.125.3 via 10.21.1.1...................................
Received 73728 bytes
Cisco Secure PIX Firewall password tool (3.0) #0: Tue Aug 22 23:22:19 PDT 2000
Flash=i28F640J5 @ 0x300
BIOS Flash=AT29C257 @ 0xd8000
Do you wish to erase the passwords? [yn] y
Passwords have been erased.
Rebooting....
12.05.2006
11.14.2005
11.10.2005
NetApp Filer :: Troubleshooting Cheat Sheet
---------- ---------- ----------
Packet Tracing on a NetApp Filer ::
Login to the CLI (console), and follow these steps -
1. pktt start e0 -b 1m -i 192.168.136.130
2. pktt status e0 ( should show some traces )
3. pktt dump e0 -f/mytrace.trc
4. pktt stop all
5. File is created at C$ of filer
6. Make a CIFS connection to the Filer from a Windows box, and point to \\\C$
7. Obtain the file "mytrace.trc"
8. Open "mytrace.trc" with either ethereal or packetizer
Be sure that step #4 is done, or pktt will fill up the C$ vol.
---------- ---------- ----------
NFS Troubleshooting ::
Wcc -u ---------- UNIX-type Credentials
>exportfs -c host pathname ro|rw|root #Checks access cache for host permission
>exportfs -s pathname #Verifies the path to which a wol is exported
>exportfs -f #Flush cache access entries and reload
>exportfs -r #Ensures only persistent exports are loaded
NFS error 70 - stale file handle --
>vol read_fsid
# mount --- Will display what protocol being used for mounting ( in a unix host )
# mount -o tcp < >
Out of inodes --
1. Check % used of inodes by:
Filer> df -i
2. To increase:
Filer> maxfiles < vol name >
> df -i /vol/vol0
OR
>maxfiles #This will display the number of usable inodes on the vol
To change:
>maxfiles
---------- ---------- ----------
CIFS Troubleshooting ::
Wcc -s domain\name -----windows - match with /etc/lclgroups.cfg file - ANY changes here will require a reboot
Wcc -u username --------------unix
Cifs domaininfo - Provides the Filer DNS entry
Rdfile /etc/rc --------- Will have further DNS info
Options wafl
Should see unix Pcuser
/etc/usermap
/etc/passwd these two files are read at the first time
Cannot Ping DNS server --
A.
1. Enter the host address in DNS
2. Make sure that there is no deny/untrusted entry in /etc/rc file
3. Check the filer view - > Networking -> DNS entry
4. If the qtree is created and shared for CIFS access, make sure that the qtree settings are correct, otherwise we may get an "access denied" error.
B.
1. Check DNS servers, must point to itself and must have at least "4,5" services - AD
C.
1. Check where the Filer is currently pointing to (DNS)
Filer> priv set diag
Filer> registry walk auth
If required to rerun cifs setup, the old registry can be deleted, as -
Filer> registry deltree auth
D.
Net view \\filername should show all shares from the Windows side and cifs shares should show from the Filer side
But, when the share is accessed from a Windows machine, we may get "No Network Provider Present". Ping works, drives are OK - can access. But, the cifs shares may not work. In the Filer side we see ‘Called name not present ( 0x82)". Cifs resetdc also gives the same message.
Check :
1. If the Filer and the Windows DC are rebooted at the same time (due to, say, a power failure) failure this is seen. The Filer needs to boot first, and then DC
2. Make sure that there are no virus-scan related activities running on that host. A Virus scan on a Windows host or Filer can also make this happen.
Trust Relationships - Multi-domain --
When a trust is newly established, "No Logon Server Available" may popup upon accessing the Filer.
Cifs resetdc #This makes it work. I don't know why.
Disable WINS on interface e0 (if the site requirement is to go by DNS only) --
Filer> ifconfig e0 -WINS (the Filer will now no longer communicate with the WINS server)
---------- ---------- ----------
Common CIFS Errors ::
LSAOpenPolicy2 : Exception rpc_s_assoc_grp_max exceeded --
Veritas Backup Exec 9.1 : mycomputer -> shares -> sessions shows Veritas Backup Exec Administrative account connections for every share in filer. One connection per share and it grows each and every day as well as stays there each and everyday. This must be wiped out.
Clock Skew --
Time Not synchronizing/+5/-5 min skewed ahead
Options timed
Timed.enable on
Timed.servers ntp2.usno.navy.mil:
Rdate
The above sets the Filer to Timed.servers ntp2.usno.navy.mil. The DC clock for a CIFS domain must be within 5 minutes (+/-) of the NetApp Filer.
---------- ---------- ----------
ONTAP upgrade process ::
1. Download the software to a Windows client
2. Create a cifs shares to /etc
3. Double click thedownloaded .exe file
4. Extract the files on the top of /etc
5. RUN the downloaded command
Packet Tracing on a NetApp Filer ::
Login to the CLI (console), and follow these steps -
1. pktt start e0 -b 1m -i 192.168.136.130
2. pktt status e0 ( should show some traces )
3. pktt dump e0 -f/mytrace.trc
4. pktt stop all
5. File is created at C$ of filer
6. Make a CIFS connection to the Filer from a Windows box, and point to \\
7. Obtain the file "mytrace.trc"
8. Open "mytrace.trc" with either ethereal or packetizer
Be sure that step #4 is done, or pktt will fill up the C$ vol.
---------- ---------- ----------
NFS Troubleshooting ::
Wcc -u
>exportfs -c host pathname ro|rw|root #Checks access cache for host permission
>exportfs -s pathname #Verifies the path to which a wol is exported
>exportfs -f #Flush cache access entries and reload
>exportfs -r #Ensures only persistent exports are loaded
NFS error 70 - stale file handle --
>vol read_fsid
# mount --- Will display what protocol being used for mounting ( in a unix host )
# mount -o tcp < >
Out of inodes --
1. Check % used of inodes by:
Filer> df -i
2. To increase:
Filer> maxfiles < vol name >
> df -i /vol/vol0
OR
>maxfiles
To change:
>maxfiles
---------- ---------- ----------
CIFS Troubleshooting ::
Wcc -s domain\name -----windows - match with /etc/lclgroups.cfg file - ANY changes here will require a reboot
Wcc -u username --------------unix
Cifs domaininfo - Provides the Filer DNS entry
Rdfile /etc/rc --------- Will have further DNS info
Options wafl
Should see unix Pcuser
/etc/usermap
/etc/passwd these two files are read at the first time
Cannot Ping DNS server --
A.
1. Enter the host address in DNS
2. Make sure that there is no deny/untrusted entry in /etc/rc file
3. Check the filer view - > Networking -> DNS entry
4. If the qtree is created and shared for CIFS access, make sure that the qtree settings are correct, otherwise we may get an "access denied" error.
B.
1. Check DNS servers, must point to itself and must have at least "4,5" services - AD
C.
1. Check where the Filer is currently pointing to (DNS)
Filer> priv set diag
Filer> registry walk auth
If required to rerun cifs setup, the old registry can be deleted, as -
Filer> registry deltree auth
D.
Net view \\filername should show all shares from the Windows side and cifs shares should show from the Filer side
But, when the share is accessed from a Windows machine, we may get "No Network Provider Present". Ping works, drives are OK - can access. But, the cifs shares may not work. In the Filer side we see ‘Called name not present ( 0x82)". Cifs resetdc also gives the same message.
Check :
1. If the Filer and the Windows DC are rebooted at the same time (due to, say, a power failure) failure this is seen. The Filer needs to boot first, and then DC
2. Make sure that there are no virus-scan related activities running on that host. A Virus scan on a Windows host or Filer can also make this happen.
Trust Relationships - Multi-domain --
When a trust is newly established, "No Logon Server Available" may popup upon accessing the Filer.
Cifs resetdc #This makes it work. I don't know why.
Disable WINS on interface e0 (if the site requirement is to go by DNS only) --
Filer> ifconfig e0 -WINS (the Filer will now no longer communicate with the WINS server)
---------- ---------- ----------
Common CIFS Errors ::
LSAOpenPolicy2 : Exception rpc_s_assoc_grp_max exceeded --
Veritas Backup Exec 9.1 : mycomputer -> shares -> sessions shows Veritas Backup Exec Administrative account connections for every share in filer. One connection per share and it grows each and every day as well as stays there each and everyday. This must be wiped out.
Clock Skew --
Time Not synchronizing/+5/-5 min skewed ahead
Options timed
Timed.enable on
Timed.servers ntp2.usno.navy.mil:
Rdate
The above sets the Filer to Timed.servers ntp2.usno.navy.mil. The DC clock for a CIFS domain must be within 5 minutes (+/-) of the NetApp Filer.
---------- ---------- ----------
ONTAP upgrade process ::
1. Download the software to a Windows client
2. Create a cifs shares to /etc
3. Double click thedownloaded .exe file
4. Extract the files on the top of /etc
5. RUN the downloaded command
Smurfs. Network Security. Evil.
Sad that I am *STILL* seeing that companies (large, small, and in the middle) are not protected from smurf attacks. And I don't mean the little blue fellas, either.
Defining Strategies to Protect Against TCP SYN
Denial of Service Attacks
http://cio.cisco.com/warp/public/707/4.html
Defining Strategies to Protect Against UDP Diagnostic
Port DoS Attacks
http://cio.cisco.com/warp/public/707/3.html
For the love of all things IT ...if you are at risk on either of the above, FIX IT NOW.
Please ...pretty please ...with sugar ...
Defining Strategies to Protect Against TCP SYN
Denial of Service Attacks
http://cio.cisco.com/warp/public/707/4.html
Defining Strategies to Protect Against UDP Diagnostic
Port DoS Attacks
http://cio.cisco.com/warp/public/707/3.html
For the love of all things IT ...if you are at risk on either of the above, FIX IT NOW.
Please ...pretty please ...with sugar ...
Why Linux Sucks (as a desktop OS)
Reposted without permission from http://www.vbrad.com/pf.asp?p=articles/art_linux_sucks.htm. I will gladly remove the post if I have to.
What brought this article on is availability of cheap PCs, sub $300 PCs from mass merchandisers like Walmart. These PCs are loaded with various Linux distros like Mandrake, for instance. The assumption is that these PCs are being bought by first time users (or maybe as a second PC) who are not computer experts or light Windows users. I've recently witnessed three instances of where these PCs were purchased, then the hard drive was reformatted and a copy of Windows was installed. I am sure there is more of that going on. The obvious conclusion here is that Linux for whatever reason did not pass the grade. Here are some reasons, in my opinion.
It has been written about to death. KDE & GNOME have released their respective excellent wares, but still, Linux is not making inroads at the desktop level. And chances are that it will never make them, unless some radical changes are undertaken by respective leaders of key Linux projects (kernel, X, desktop). Actually latest KDE & GNOME are rivaling Windows at this point, but it doesn't matter. The problem is the modularization and clear separation of kernel, X and the desktop environments from each other. This division has caused Linux to be poorly integrated. Actually, the problem has several faces.
Problem #1. The integration of device (and otherwise) drivers into the system. Case and point. RedHat 8 and 9 provide no ability to access WinXP NTFS volumes. They claim is that they can't provide this functionality because of its unsettled legal nature. Now a nice man (woman?) at linux-ntfs.sourceforge.net provides this ability. But how was this done? He took the original RedHat kernel, compiled the module that provides NTFS access and added the module to the kernel. Users can download the RPM that takes care of all the complexity. A couple more simple steps and voila - you can access your XP share. There are more examples like this where the user can add new functionality to the system by recompiling the kernel. In this case, because so many people need it, someone has taken initiative and provided a ready-made replacement kernel. Most of the cases are not like that. And herein lies the problem. Users don't want to recompile kernel or its modules - they want ready made solutions. Even power users don't want to recompile kernel. Period.
Keep in mind, I am NOT complaining that RH doesn't include NTFS support. I am bringing up an objection to manner in which users add functionality to their system.
Consider how support for other file systems is implemented in Windows. No one needs to recompile anything. Instead you simply run an installation that installs a dynamic device driver (.vxd) to handle foreign file i/o. For examples, see www.sysinternals.com.
Problem #2. Video drivers & X. Somehow it came to be that the Xfree is the one and final arbiter when it comes to displays, video drivers and functionality. They release their wares on a fairly slow schedule. So, if you got a brand spanking new video card, you are pretty much stuck waiting for the next release. This is the case mostly when you just bought a new PC (which will most likely be loaded with windows). You install Linux on the second partition, but alas the install reverts to a generic video driver. Sucks for you.
I understand if they release new functionality for X on a slow schedule - that's fine. But drivers should be released separately as soon as they are available.
Problem #3. Plug & Play. Unfortunately for Linux, its constituent parts are not tightly integrated. As a result, when I plug my USB digital camera (or mouse, printer, etc) into the PC, absolutely nothing happens. In Windows, you get the 'Add New Hardware' wizard (or something similar). In WinXP, it is even better: if the system can find a signed driver for the device on its own, it simply installs it without any user intervention and you can use it immediately. That's what I call true Plug & Play. In fact, the first time I encountered this feature, it took me for a loop. Years of dealing with PCs have conditioned me to a familiar routine: connect hardware, install the drivers and pray that it works. So after installing WinXP for the first time, I connected an Epson USB printer and sat patiently waiting for the 'New Hardware Found' box. Instead, all I got (and missed the first time around) was a little icon in the system tray and a popup tooltip informing me that new hardware has been detected and software for it installed. I hope we see more of this in the future.
What brought this article on is availability of cheap PCs, sub $300 PCs from mass merchandisers like Walmart. These PCs are loaded with various Linux distros like Mandrake, for instance. The assumption is that these PCs are being bought by first time users (or maybe as a second PC) who are not computer experts or light Windows users. I've recently witnessed three instances of where these PCs were purchased, then the hard drive was reformatted and a copy of Windows was installed. I am sure there is more of that going on. The obvious conclusion here is that Linux for whatever reason did not pass the grade. Here are some reasons, in my opinion.
It has been written about to death. KDE & GNOME have released their respective excellent wares, but still, Linux is not making inroads at the desktop level. And chances are that it will never make them, unless some radical changes are undertaken by respective leaders of key Linux projects (kernel, X, desktop). Actually latest KDE & GNOME are rivaling Windows at this point, but it doesn't matter. The problem is the modularization and clear separation of kernel, X and the desktop environments from each other. This division has caused Linux to be poorly integrated. Actually, the problem has several faces.
Problem #1. The integration of device (and otherwise) drivers into the system. Case and point. RedHat 8 and 9 provide no ability to access WinXP NTFS volumes. They claim is that they can't provide this functionality because of its unsettled legal nature. Now a nice man (woman?) at linux-ntfs.sourceforge.net provides this ability. But how was this done? He took the original RedHat kernel, compiled the module that provides NTFS access and added the module to the kernel. Users can download the RPM that takes care of all the complexity. A couple more simple steps and voila - you can access your XP share. There are more examples like this where the user can add new functionality to the system by recompiling the kernel. In this case, because so many people need it, someone has taken initiative and provided a ready-made replacement kernel. Most of the cases are not like that. And herein lies the problem. Users don't want to recompile kernel or its modules - they want ready made solutions. Even power users don't want to recompile kernel. Period.
Keep in mind, I am NOT complaining that RH doesn't include NTFS support. I am bringing up an objection to manner in which users add functionality to their system.
Consider how support for other file systems is implemented in Windows. No one needs to recompile anything. Instead you simply run an installation that installs a dynamic device driver (.vxd) to handle foreign file i/o. For examples, see www.sysinternals.com.
Problem #2. Video drivers & X. Somehow it came to be that the Xfree is the one and final arbiter when it comes to displays, video drivers and functionality. They release their wares on a fairly slow schedule. So, if you got a brand spanking new video card, you are pretty much stuck waiting for the next release. This is the case mostly when you just bought a new PC (which will most likely be loaded with windows). You install Linux on the second partition, but alas the install reverts to a generic video driver. Sucks for you.
I understand if they release new functionality for X on a slow schedule - that's fine. But drivers should be released separately as soon as they are available.
Problem #3. Plug & Play. Unfortunately for Linux, its constituent parts are not tightly integrated. As a result, when I plug my USB digital camera (or mouse, printer, etc) into the PC, absolutely nothing happens. In Windows, you get the 'Add New Hardware' wizard (or something similar). In WinXP, it is even better: if the system can find a signed driver for the device on its own, it simply installs it without any user intervention and you can use it immediately. That's what I call true Plug & Play. In fact, the first time I encountered this feature, it took me for a loop. Years of dealing with PCs have conditioned me to a familiar routine: connect hardware, install the drivers and pray that it works. So after installing WinXP for the first time, I connected an Epson USB printer and sat patiently waiting for the 'New Hardware Found' box. Instead, all I got (and missed the first time around) was a little icon in the system tray and a popup tooltip informing me that new hardware has been detected and software for it installed. I hope we see more of this in the future.
Subscribe to:
Posts (Atom)
