Comments (0)

By admin, April 20, 2011 5:08 pm

RMC Webserver 2.0: error 304 occured

The  above is the error message when you tried to connect to DRAC III Web UI on Poweredge 2650, the old DRAC isn’t very stable, it just crashed without any reason from time to time.

To reset it the method is quite simple, you need to install Dell OpenManage 5.5 on CentOS, then issue the following command and wait 30 seconds before login again.

> racadm racreset

Btw, you can view  DRAC’s information by

> acadm getsysinfo

RAC Information:
RAC Date/Time         = Wed, 20 Apr 2011 16:54:27 GMT+08:00
Firmware Version      = 3.37 (Build 08.13)
Firmware Updated      =
Hardware Version      = A04
Current IP Address    = 10.0.0.22
Current IP Gateway    = 10.0.0.2
Current IP Netmask    = 255.255.255.0
DHCP enabled          = FALSE
Current DNS Server 1  =
Current DNS Server 2  =
DNS Servers from DHCP = FALSE
PCMCIA Card Info      = N/A

System Information:
System ID    = 0121h
System Model = PowerEdge 2650
BIOS Version = A21
Asset Tag    =
Service Tag  = XXXXXXXX
Hostname     =
OS name      = Linux 2.6.18-92.el5
ESM Version  = 3.37

Watchdog Information:
Recovery Action         = No Action�
Present countdown value = 0
Initial countdown value = 6553

RAC Firmware Status Flags:
Global Reset Pending Flag = 0

Since the DRAC III Firmware Version 3.37 (Build 08.13) is quite old, I want to update it to the latest 3.38, A00 (the release note said it has fixed remote console bug, so worth the update), all you need is download the harddisk version and extra it firmimg.bm1 to your TFTP root, then login to DRAC again and select the Update tap, upload and the firmware and wait a few minute to complete the whole update.

Comments (0)

By admin, April 20, 2011 2:15 pm

Ellie Arroway

“I’ll tell you one thing about the universe, though. The universe is a pretty big place. It’s bigger than anything anyone has ever dreamed of before. So if it’s just us… seems like an awful waste of space. Right?”

Comments (0)

By admin, April 19, 2011 2:55 pm

Today, when I deploy a CentOS VM from Template, I’ve encountered an error:

Reconfigure virtual machine Status showing “The operation is not supported on the object”

Googled around and find nothing, then I realized it’s probably something to do with the hardware configuration. I checked the vmfs configuration file and found ddb.adapterType = “lsilogic”, after remove it, everything is back to normal, of course, I’ve updated my template as well. It’s due to the CentOS template VM Disk Controller has been changed and the old configuration was still kept somehow.

I also discover deploy a Linux VM somehow will add new a NIC, the solution is to remove the nic.bak, and reconfigure the IP on the new eth0.

Update Jun-21-2011

I’ve encountered the same problem today when deploy from a w2k8r2 template, the annoying alert simply won’t go away. Luckily, I’ve found out the solution by trial and error. Simply convert the Template to VM, then to Template solved the problem completely. I suspect this is a bug in ESX 4.1, the original template was Cloned from the running VM, may be that’s why!

Comments (3)

By admin, April 18, 2011 2:06 pm

This is probably one of the most exciting news from Microsoft for virtualization community in recent years! It’s a bad news for many others who offering the similar products for high cost like StarWind, SANMelody, etc. and it’s even a sad news for those who purchased W2K8R2 storage servers from OEMs like Dell, HP and IBM a year ago.

On Apr 8 Microsoft has made it’s iSCSI Target software (original it’s WinTarget) for FREE! So go grab it and use it in your VMware ESX. Sure, it doen’t have many fancy features comparing to Equallogic, but it’s FREE and it supports ESX and Hyper-V as well as Xen and comes with schedule snapshots, so there is really nothing to complain.

Setup is very simple, just make sure you DE-SELECT the non-iSCSI NIC interfaces and leave only the iSCSI ones or you may risk to open your iSCSI SAN to the world and please double check the firewall setting disabled Public access, note after the default installation, somehow it enables Public access to iSCSI Target, huh? Ouch!

I got ESX 4.1 to connect to the MS iSCSI Target without any problem, and also went as far as changing the multipathing policy to EQL_PSP_EQL_ROUTED, haha…guess what, it did work apparently as all paths showing Active (I/O), but obviously it won’t work as later I found out there is no disk to mount under Storage, well it was expected. This leaves Round Robin (VMware) the best choice for MPIO setting and finally I loaded IOmeter, MPIO did shoot up to 60-80Mbps as I have two active links, not bad consider the underlying RAID-5 has only 4 disks on PERC H700 and the good news is the CPU loading of WinTarget.exe is very low, almost close to 0%.

FAQ
Q: The Microsoft iSCSI Software Target is now free. Is it supported in a production environment?
A: Yes. The Microsoft iSCSI Software Target is supported in a production environment. The Hyper-V team regularly tests with the MS iSCSI Software Target and it works great with Hyper-V.

Q: On what operating systems is the Microsoft iSCSI Software Target supported?
A: The Microsoft iSCSI Software Target is supported for Windows Server 2008 R2 Standard, Enterprise and Datacenter Editions with or without SP1 (in fact, that’s what is recommended), and it can only be installed on Windows Server 2008 R2 Full install, but not Core Install.

The Microsoft iSCSI Software Target 3.3, is provided in only in an x64 (64-bit) version.

Q: Can the free Microsoft Hyper-V Server 2008 R2 use the free Microsoft iSCSI Software Target?
A: Yes and No. Yes, Microsoft Hyper-V Server 2008 R2 can act as a client to access virtual machines via iSCSI. The way to do that is to type iscsicpl.exe at the command prompt to bring up the Microsoft iSCSI Initiator (client) and configure it to access an iSCSI Target (server). However, you can’t install the Microsoft iSCSI Software Target on a Microsoft Hyper-V Server. The Microsoft iSCSI Software Target requires Windows Server 2008 R2.

Q: Can I use the Microsoft iSCSI Software Target 3.3 as shared storage for a Windows Server Failover Cluster?
A: Yes. That is one of its most common uses.

Download the Microsoft iSCSI Software Target 3.3 for Windows Server 2008 R2, go to http://www.microsoft.com/downloads/en/details.aspx?FamilyID=45105d7f-8c6c-4666-a305-c8189062a0d0 and download a single file called “iSCSITargetDLC.EXE”.

Finally, make sure you read and understand the Scalability Limits!

Comments (0)

By admin, April 15, 2011 2:36 pm

1. After login, change to root:
su –

2. Install SNMP package using YUM:
yum install net-snmp

3. Configure SNMP parameter
echo rocommunity community_string mrtg.yourhost.com > /etc/snmp/snmpd.conf

4. Turn on the default SNMP service on system reboot
chkconfig snmpd on

5. Start SNMP service
service snmpd start

Finally, of course, you will need to open UDP Port 161 on the firewall in order to get SNMP working.

Comments (0)

By admin, April 13, 2011 9:55 pm

I finally figured out why the previous Luxilon TIMO 18 (Main) + M2 17 (Cross) on my POG didn’t last long for 2 ½ months, it’s because TIMO is 18 guage which tends to break easily. So I went to the pro shop and the owner if they have TIMO 17, unfortunately only 18 are my only choice left, so instead of going the old routine, I’ve asked him to recommend something similar again, and this time he picked hard Luxilon Adrenaline 17 for Main to combine with the soft part M2 for Cross and tension keeps the same as 57lbs, hopefully this new combination shall last for at least 3 months, will report back later.

Luxilon Adrenaline 17

PS. Yesterday, I’ve also tried Head’s Extreme Pro (Mid-Plus), it feels just so good, I felt almost all of the high end mid-plus racket from leading brands are equally good, particularly in control and spin, I must admit technology did evolve over the past 30 years, may be it’s time to finally switch?

Update Apr 15

Seemed you really get what you paid for, after playing for 2 hours, I would say the previous TIMO 18 (Main) worths more buying, although Adrenaline is HKD20 cheaper, but TIMO 18 is thinner and have better feel and control than Adrenaline 17, may be it just takes time to adjust, let’s see how long it will last this time.

Update Sep 24

As expected, the new combination lasted for about 4 months. I am going to return to the old combination: TIMO 18 + M2 16 and lower the tension to 55 lbs this time.

Comments (0)

By admin, April 11, 2011 10:19 pm

I got the Barracuda Spam & Virus Firewall Vx virtual appliance working in less than 30 minutes, it’s really easy to setup and use, there is almost no learning curve if your job involving managing email server daily.

In fact, I almost got a Barracuda 300 back in 2008, but the performance back then wasn’t good, now with the VM version, it’s lightening fast, thanks to latest CPU and Equallogic SAN, so I may eventually purchase one of these nice stuff for my clients this month.

One major drawback is the lack of comprehensive reporting capability even after almost 10 years of it’s product life. It can’t even provide simple things like list the top 100 domain name with most email usage and size for a specific day or time, list the top user who used the most email bandwidth, etc. Without this kind of reporting capability, I would say Barracuda can never make to the real ISP enterprise market, it’s good for SMB though.

PS. I just found out Barracuda Networks introduced the Barracuda Reputation Block List (b.barracudacentral.org) for free! Of course, you need to register your DNS server first in order to use it.

Comments (0)

By admin, April 11, 2011 5:10 pm

Then I found this thread on VMTN which explained everything.

This is not a BUG. However, is the way we understand the HA Settings and Functionality. When in “HA Settings” you specify the “Failover Capacity” as “1″ and you have a 2 NODE Cluster, you are simply telling the HA that in any given instance it will have “At least 1″ spare HOST. Now, when you Manually or Using Update Manager try to put a HOST in Maintenance Mode, HA Failover Capacity is “Violated” because while the HOST is in Maintenance Mode, there is “NO Spare HOST” for HA. Meaning in an event the Second Node goes down, everything goes down and HA will never work. This a Straight Violation to the “Failover Capacity” that you have specified.

Hence, by all means in a 2 NODE Cluster you have to “Allow VMs to Power On even if they violate the availability constrains” if you want them to be Automatically Migrated when you put HOST on Maintenance Mode or use Update Manager. If you don’t want to change this setting and still use this feature you need to add another HOST to the Cluster while keeping the Failover Capacity at 1.

Comments (0)

By admin, April 11, 2011 4:31 pm

可能是香港最好吃的豬扒飯。

鮮茄牛肉飯 咖哩豬扒飯

Comments (0)

By admin, April 11, 2011 4:12 pm

• The good thing, it’s FREE with ESX Advance/Enterprise/Enterprise Plus version.
• Yes, it’s simply a transparent firewall utilizing VMsafe API, so there is no need to change the default public IP on VMs, vShield Zone (ie, firewall) comes with limited functions comparing to real stuff like Netscreen, but it does get the job done by limiting ports, source, destination, direction on L2/L3 and L4 layer, one extra nice thing is vShield Zone comes with a bunch of dynamic ports based application such as FTP, DNS, etc.
• In version 4.1, there is no more separate OVF for vShield agent, it’s been renamed to vShield Zone, and deployment of vShield Zone is simply by clicking the Install link on the menu, it’s so much simpler to install a firewall on each ESX host with v4.1, no need to create any template for vShield Zone like in the old days as well. In additional, A new vSwitch, called vmservice-vswitch, is also created. It has no physical NICs assigned to it and has a VMkernel interface with a 169. IP address. This vSwitch should not be modified. It’s used exclusively by the Zones firewall VM, which has two vNICs connected to it. Through the vNICs , the Zones VM communicates with the LKM in the VMkernel. One vNIC is used forcontrol, and the other is for data path communication.
• The original version of vShield operated in bridged mode and sat inline between vSwitches so that all traffic to the protected zones passed through it. The new method of monitoring traffic at the vNIC, instead of the vSwitch, eliminates the vSwitch reconfiguration that previously occurred, and it provides better protection. In bridged mode, VMs in a protected zone had no protection from other VMs in the protected zone, but now that vShield Zones operates at the vNIC level, every VM is totally protected.
• So if something happens to the Zones virtual firewall VM (e.g., it’s powered off), the networking on a host will go down, because nothing can route without the virtual firewall VM. If you migrate a VM from a Zones-protected host to an unprotected one, vCenter Server automatically removes the filter, so a VM won’t lose network connectivity on its new host.
• Also in the new version of 4.1, VM Flow is gone (it was available free in is previous version), you need to upgrade to VShield App get have it back again. For my environment, I use PRTG’s packet analyzer on switch mirror ports, so such feature is not required.
• In this new version 4.1, committed firewall policy is applied in real time, there is no need to login to console and issue validate sessions anymore.
• vShield Zone firewall can apply to 3 levels, Data Center, Cluster and Port Groups (?), I usually deploy it at Cluster level due to DRS.
• If you have a cluster, then it’s highly recommended to install vShield Zone on all ESX hosts as VMs may got vMotioned between ESX hosts in the cluster and they will still be protected by vShield Zone (ie, firewall).
• Install vShield Zone process does not need to reboot the ESX host, but uninstall vShield Zone does require reboot the ESX host, after the reboot, often you will find the originally configured vShield Zone switch is not removed, so you need to remove it manually.
• It’s nice to see the extra tab in vCenter interface, but I still prefer to manage vShield using the web interface.
• You can always get more features by upgrading to other advanced vShield Products like vShield Edge as those will provide features like VPN, routing, load balancing, etc.
• Under Maintenance Mode, vShield Zone for a particular ESX host SHOULD NEVER NOT be vmotioned away although vShield Manage can. You will need to manually shut it down (by using CLI shutdown) after DRS automatically migrates all other VMs on the host and reboot the host. I am still trying to figure out how to set maintenance mode DRS recommendation for vShield VM, if you know, please do let me know, thanks.

Part of the above were quoted from Eric Siebert’s newly revised Installing VMware vShield Zones for a virtual firewall and don’t forget to review his article on “Top 10 VMware security tips for vShield users”

Update: Oct 30, 2011

I found the solution to my last question in how to avoid vShield Zone VM to be moved away during Maintenance Mode by DRS, the answer is at the end of the Install vShield Zone PDF (Page 13, can’t believe I missed this extremely important piece of information). Basically, you need to set vShield Zone VM Restart Priority to Disable under HA and Automation Level to Disabled under DRS.

To prove it’s working  I did a test, I put the host in to Maintenance Mode, DRS was able to vmotion away everything to other available nodes except the vShield Zone VM, then it shuts it down nicely, everything is done automatically.

Bravo!