In this blog post I will describe how to Analyze the traffic of an virtual windows server with WireShark (Freeware Packet Analyzer http://www.wireshark.org/ ) on an ESX host . On the UML deployment diagram it is the red dependency witch will be monitored.

I use Wire Shark since many years and I find it one of the best Analyzer in the market. Wire shark is also cross platform it runs on Windows, Linux & OSX. I used Ubuntu (http://www.ubuntu.com/) as host for the sniffer because its free and easy to use. The sniffing software should never installed on the productive system!

The Ubuntu VM (Virtual Machine) must be connected to same vSwich as the server you want to monitor.

After you have installed the sniffing machine we need to edit the Virtual switch from the ESX server. The good news is that you don’t have any interruption on any VM. Its totally save to do on a Productive system (it only sets the switch form Layer 2 Mode in Layer 1 Mode on the OSI/ TCP/IP Modell) . Open  vSphere Client and go to the Network Settings of the vSwitch and click on “Properties…”

Select the vSwitch and click on “edit”.

go to the “Security” tab an change the “Promiscuous Mode:” to “Accept”. The default value is Reject like in the screenshot.

Now the system is reedy to chapter the network traffic. Like you see in the last screenshot the ICMP Traffic (Ping) to an server in the World Wilde Web.

TIME SERVERNAME utauthd: [ID 197738 user.info] Worker5 UNEXPECTED: during send to: java.net.SocketOutputStream@94c924 error=java.net.SocketException: Broken pipe

After searching the error in the net, we don’t get any step forward. next thing we did analyze the thin client traffic with wire shark. 30 seconds before the Terminal reboots there are many tcp retransmits on the network.

It was “to milk mousses”* after some searching (x>2 Day’s) we find out that the arp Table on the switch with the SunRay attached flips a mac address.

With this additional input it takes 20 seconds and we get the brake trough idea. The problem was a simple IP conflict with a old Printer. So if you ever get this problem don’t waste 3 Day’s of your live.

Regards Konrad

*milk mouse is some German saying for we are working very hard but don’t get any step near the Target.

BlueJ is an very simple to use Java IDE (integrated development environment). One of the mayor feature is you can crate an Object with few clicks. Also interacting with Object as example call a method can be done with a few kicks. The second side of the coin is BlueJ has no IntelliSense, which can you drive crazy, but its god to learn code sintax for a examination.

I guess the best way to start is tray out. Install the JDK (Java Development Kit) from Oracle (SUN) and install BlueJ. It runs under Windows, linux and the famous MAC OS X. If you look for a good book I would recommend Objects First with Java, A Practical Introduction using BlueJ (ISBN-10 0-13-606086-2). As a little kick-starter you can download one of my BlueJ Projects . In the Project you find an example of: Casting, for / do / while Loop, use of operators, if / if-else / switch case selection, J unit Test, Java Doc, inheritance, bubble / insertion / selection sort algorithms and many more.

PS: Always Remember: Chuck Norris dont need to catch an Excep­tion because Java is afraid of the “fly­ing tor­nado kick” at the moment it throws

I use the following settings:

General = Default
Appearance = Default
Windows Style = Default
Filters = Default
Advanced = Default
Shortcuts Keyboard “alt” & “tab” and Shortcuts mouse “mose move at top-left of Monitor 1.

You can download Switcher for free at http://insentient.net/

“ Defines the DNS servers to which a computer sends queries when it attempts to resolve names.

Warning: The list of the DNS servers defined in this setting supersedes DNS servers configured locally and those configured using DHCP. The list of DNS servers is applied to all network connections of multihomed computers to which this setting is applied.

To use this setting, click Enable, and then enter a space-delimited list of IP addresses (in dotted decimal format) in the available field. If you enable this setting, you must enter at least one IP address.

If this setting is not configured, it is not applied to any computers, and computers use their local or DHCP-configured parameters.”

After reading the description I Thanked this is it. So let me show you first the test environment. We got to server and a Client. The server running Windows 2003 and the client runs XP. The two servers (dc01.planetgeek.ch/ 172.16.111.120 and sql.platnetgeek.ch / 172.16.111.124) have installed DNS servers. The Client has only one DNS configured the dc001.

Setting up the new GPO and link it to the client pc.

Now we use the client to review the impact of this GPO setting. First we use the gpresut to look if the GPO was adapted.

After we are sure that the GPO was applied I do an “ipconfig /all” to check the DNS settings.

Okay it looks like the DNS setting is not applied. I checked the result several times, rebooted the PC, used netsh to look on the DNS settings and searched for event log entries. Then I tried nslookup on the console. Look on witch DNS server the request goes.

It looks like the network tools (ipconfig, netsh and the tcp/ip Settings gui) from windows XP did not recognize the GPO Setting. I guess if you use this in large company this will end up in a debugging nightmare. Normally I hate this Microsoft bashing, because the Company make good and stable products. But this time the guys from Redmond did a very lousy job.

First I will make my coming out as an Apple fan boy. So this article reflects my personal meaning and may not be 100% objective. The physical dimensions of the device are 243mm x 190mm x 13mm. The weight of the iPad is 0,68 kg or 0.73 kg for the 3G model. By the way the 3g models have also an compass and a GPS module. The display is 9.7 inch and has a resolution of 1024×768 (132ppi). The battery live is beyond 10 hours witch is very, very, very impressive. There are only three points witch are semi optimal. The reflecting display is not my favorite option. And if you use the iPad in the Sun in became a little bit hot and shuts himself down. The iBook store of Switzerland only host’s only free book from the Gutenberg project. As you can imagine Nathan the wise from Lessing is note my favorite bed lecture.

My top 5 apps for the iPad are:

FunBox: It is an very simple app. There are 60 buttons each of the buttons play’s a funny sound.
fun box

GoodReader is for my case the best eBook reader for the iPad. I assume you don’t need it if you buy books in the Apple Store. At the moment I buy e-books on the Exlibris web store and print the Adobe DRM contaminated files to a pdf printer (Freepdf) and send it to GoodReader.
GoodReader

NewsRack (thx Dani for the hint) is very nice RSS reader. A very nice feature is the sync with the Google reader. The reader can cash posts and pictures.

PocketCAS is a very nice function plotter. Which is very usefully in my studies at the university of Lucerne
PocketCAS

Dropbox the best way to keep your files in sync.
dropbox

After all I like the iPad and give him 4.5 geeks from max 5 geeks

master.mdf, masterlog.ldf

C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER08\MSSQL\DATA

Model.mdf, modellog.ldf

C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER08\MSSQL\DATA

MSDBdata.mdf, MSDBlog.mdf

C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER08\MSSQL\DATA

Tempdbv.mdf, templog.ldf

C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER08\MSSQL\DATA

planetgeek.mdf, planetgeek_log.ldf

C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER08\MSSQL\DATA

First thing you notice the filenames are all tuned in the same schema, pls. Microsoft it cannot be so hard. Our mission is to move all log files in the path D:\mssqlserver08 and all data files to E:\mssqlserver08. The first thing we should do is give the sqlserver service account user read and write rights to this two directories. This step is not quiet necessary but the remote db creation and auto grow features will not work. Let’s start with the master db. Start the SQL Server Configuration Manager. Click “start” -> “run” and type “SQLServerManager10.msc” and right click on the properties from the SQL server Service.

In the advanced tab you have to edit the Startup Parameters

The default value is (keep in mind there are no spaces!!!):

-dC:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER08\MSSQL\DATA\master.mdf;

-eC:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER08\MSSQL\Log\ERRORLOG;

-lC:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER08\MSSQL\DATA\mastlog.ldf

-d is the path to the master.mdf

-e path of the “ERRORLOG” File.


-l is path to the ldf File

After change the path to (keep in mind there are no spaces!!!):

-dD:\mssqlserver08\master.mdf;

-eD:\errorlog\ERRORLOG;

-lE:\mssqlserver08\mastlog.ldf

stop the sql server (for cluster use you can use an UNC path and share name. This is useful on relaxed security cluster environments). Copy the master db files to the new path. And start the SQL server Service. One step done four steps are left, so let’s move on with the temporary db. Open the SQL Server Management Studio and open a new query and enter the following lines

After the alter database statement you need to stop the Sql Server move the files in explorer to their new location and start the SQL Server Service. Many of you are maybe wondering why “ … name = tempdev, …” and the “name = templog” in the SQL query. This is the internal database name. A very easy name to get this name is stored procedure sp_help

with this procedure you are able to easily modify the path of all other databases. Normally we would have finished at this point. But after then years of experience as IT guy I know that “developers” often don’t care about path in the file system (developers who write for planetgeek are not this kind of developers . So we should change the default database creation path to ensure it will work even when we are not in the office (Yes the IT Professionals have Holydays;-).

Enjoy the comfort of non direct attached storage, RIDE ON

Konrad

Nice Irony I guess

The question is not so easy as it guess. Because Mac OS X leopard has many of the things I nee built-in. Let us start with some basic tools I Use.

VMware Fusion. is a virtual machine software product developed by VMware for Macintosh computers with Intel processors. Fusion allows Intel-based Macs to run x86 and x86-64 "guest" operating systems, such as Microsoft Windows, Linux, NetWare and Solaris as virtual machines simultaneously with Mac OS X as the "host" operating system using a combination of virtualization, emulation and dynamic recompilation. While similar in most respects to VMware Workstation.

Skype is a software application that allows users to make telephone calls over the Internet. Calls to other users of the service, and in some countries to free-of-charge numbers are free, while calls to other landlines and mobile phones can be made for a fee. Additional features include instant messaging, file transfer and video conferencing.

Keypass X  is a free open source password manager, which helps you to manage your passwords in a secure way. You can put all your passwords in one database, which is locked with one master key or a key file. So you only have to remember one single master password or select the key file to unlock the whole database. The databases are encrypted using the best and most secure encryption algorithms currently known (AES and Twofish)

Microsoft Office 2008, Word PowerPoint, Excel and Entourage. More or less the same bugi thing like on Windows.

LaTeX is based on the idea that authors should be able to focus on the content of what they are writing without being distracted by its visual presentation. In preparing a LaTeX document, the author specifies the logical structure using familiar concepts such as chapter, section, table, figure, etc., and lets the LaTeX system worry about the presentation of these structures. It therefore encourages the separation of layout from content while still allowing manual typesetting adjustments where needed.

Cyberduck is an open source FTP, SFTP, WebDAV, Mosso Cloud Files and Amazon S3 browser for the Mac. It features an easy to use interface with quickly accessible bookmarks. The outline view of the browser allows to browse large folder structures efficiently and you can quickly preview files with Quick Look. To edit files, a seamless integration with several external editors makes it easy to change content quickly. Both Amazon CloudFront and Cloud Files from Rackspace can be easily configured to distribute your content in the cloud. Many OS X core system technologies such as Spotlight, Bonjour and the Keychain are supported and a large number of translations makes you feel at home.

Freeciv is a multiplayer, turn-based strategy game for workstations and personal computers inspired by the commercial proprietary Sid Meier’s Civilization series. The game’s default settings are closest to Civilization II, both in gameplay and graphics (including the units and the isometric grid).

These are the Programs that make my 24 iMac to a Powerful blog machine. There is only one thing I am missing. On windows there is a free Software called Live Writer. Live writer make blogging very easy but I don’t find a Sirius alternative for Mac. If you know something pls don’t hesitated post a commend.

Regards Konrad

A good place to fix this whole bunch of problems is by verifying the backup strategy and ensuring that all system-states are saved on all domain controllers. The second step is verifying that DNS are fine and syncing the proper way. Now we are ready to move the FSMO roles. For everyone that is not familiar with the five FSMO Friends, here is a small overview from Wikipedia

Flexible Single Master of Operation (FSMO, F is sometimes floating ; pronounced Fiz-mo), or just single master operation or operations master, is a feature of Microsoft’s Active Directory (AD). As of 2005, the term FSMO has been deprecated in favor of operations masters.

FSMOs are specialized domain controller (DC) tasks, used where standard data transfer and update methods are inadequate. AD normally relies on multiple peer DCs, each with a copy of the AD database, being synchronized by multi-master replication. The tasks which are not suited to multi-master replication, and are viable only with a single-master database, are the FSMOs.

Domain-wide FSMO Roles:

Every domain in an Active Directory forest must contain one of each of the following FSMO roles:
The Relative ID Master allocates security RIDs to DCs to assign to new AD security principals (users, groups or computer objects). It also manages objects moving between domains.
The Infrastructure Master maintains security identifiers, GUIDs, and DNS for objects referenced across domains. Most commonly it updates user and group links. This is another domain-specific role and its purpose is to ensure that cross-domain object references are correctly handled. For example, if you add a user from one domain to a security group from a different domain, the Infrastructure Master makes sure this is done properly. As you can guess however, if your Active Directory deployment has only a single domain, then the Infrastructure Master role does no work at all, and even in a multi-domain environment it is rarely used except when complex user administration tasks are performed, so the machine holding this role doesn’t need to have much horsepower at all.
The PDC Emulator operations master role processes all password changes in the domain. Failed authentication attempts due to a bad password at other domain controllers are forwarded to the PDC Emulator before rejection. This ensures that a user can immediately login following a password change from any domain controller, without having to wait several minutes for the change to be replicated. The PDC Emulator Operations Master role must be carefully sited in a location to best handle all password reset and failed-authentication forwarding traffic for the domain.

Forest-wide FSMO Roles:

Regardless of the number of domains in an Active Directory forest, the following FSMO roles exist only once:
The Schema Master maintains all modifications to the schema of the forest. The schema determines the types of objects permitted in the forest and the attributes of those objects.
The Domain Naming Master tracks the names of all domains in the forest and is required to add new domains to the forest or delete existing domains from the forest. It is also responsible for group membership.

Normally it’s very easy to move these roles by right clicking the forest level and choose Move …  in the Active Directory Schema snap-in, Active Directory Domains and Trusts snap-in and Active Directory Users and Computers snap-in. But it will fail to 99% with an obscure error. The reason for the error is one domain controller in the replica ring is missing and marked as Tombstone. Let’s get to the bigger guns and start “ntdsutil.exe”, open a command prompt and enter “ntdsutil.exe”. If the shell is bugging you that the exe is missing, you need to install the server support tools. They are located on the Windows CD in the support folder. Other ways you can download it from Microsoft using Google ☺.

!! Remember at this point you can do very large harm to the directory so please be sure that you have properly working backups!!

After “ntdsutil.exe” has successful started, type “roles” and press enter. Type “connections” and press enter. Now Type “connect to server xyz.planetgeek.ch”, where xyz.planetgeek.ch is the name of the server where you want to transfer the roles to. A message will appear:

“Binding to xyz.planetgeek.ch …
Connected to servername using credentials of locally logged on user.”

Tipe “quit” to leave the selection menu. Now appears: “fsmo maintenance:” now enter:

“Seize schema master” if you want move the schema master.
“Seize domain naming master” if you want move the naming master.
“Seize PDC” if you want move the PDC.
“Seize RID master” if you want move the Relative ID master.
“Seize infrastructure master” if you want move the infrastructure master.

Next thing to do is kicking the metadata out of the directory. To do this I know two possible ways. The first is use a VB script written by Clay Perrine from Microsoft. The second way is to use ntdsutil.exe. I prefer the VB script. It works on the most common Windows Operating systems (2k, XP, 03, Vista and 08). The script is below ore you can obtain it directly from Microsoft (http://go.microsoft.com/fwlink/?LinkID=123599).

REM    ==========================================================
REM                GUI Metadata Cleanup Utility
REM             Written By Clay Perrine
REM                          Version 2.5
REM    ==========================================================
REM     This tool is furnished "AS IS". NO warranty is expressed or Implied.

on error resume next
dim objRoot,oDC,sPath,outval,oDCSelect,objConfiguration,objContainer,errval,ODCPath,ckdcPath,myObj,comparename

rem =======This gets the name of the computer that the script is run on ======

Set sh = CreateObject("WScript.Shell")
key= "HKEY_LOCAL_MACHINE"
computerName = sh.RegRead(key & "\SYSTEM\CurrentControlSet\Control\ComputerName\ComputerName\ComputerName")

rem === Get the default naming context of the domain====

set objRoot=GetObject("LDAP://RootDSE")
sPath = "LDAP://OU=Domain Controllers," & objRoot.Get("defaultNamingContext")

rem === Get the list of domain controllers====

Set objConfiguration = GetObject(sPath)
For Each objContainer in objConfiguration
    outval = outval & vbtab &  objContainer.Name & VBCRLF
Next
outval = Replace(outval, "CN=", "")

rem ==Retrieve the name of the broken DC from the user and verify it’s not this DC.===

oDCSelect= InputBox (outval," Enter the computer name to be removed","")
comparename = UCase(oDCSelect)

if comparename = computerName then
    msgbox "The Domain Controller you entered is the machine that is running this script." & vbcrlf & _
        "You cannot clean up the metadata for the machine that is running the script!",,"Metadata Cleanup Utility Error."
    wscript.quit
End If

sPath = "LDAP://OU=Domain Controllers," & objRoot.Get("defaultNamingContext")
Set objConfiguration = GetObject(sPath)

For Each objContainer in objConfiguration
    Err.Clear
    ckdcPath = "LDAP://" & "CN=" & oDCSelect & ",OU=Domain Controllers," & objRoot.Get("defaultNamingContext")
    set myObj=GetObject(ckdcPath)
    If err.number <>0 Then
        errval= 1
    End If
Next

If errval = 1 then
    msgbox "The Domain Controller you entered was not found in the Active Directory",,"Metadata Cleanup Utility Error."
    wscript.quit
End If

abort = msgbox ("You are about to remove all metadata for the server " & oDCSelect & "! Are you sure?",4404,"WARNING!!")
if abort <> 6 then
    msgbox "Metadata Cleanup Aborted.",,"Metadata Cleanup Utility Error."
    wscript.quit
end if

oDCSelect = "CN=" & oDCSelect
ODCPath ="LDAP://" & oDCselect & ",OU=Domain Controllers," & objRoot.Get("defaultNamingContext")
sSitelist = "LDAP://CN=Sites,CN=Configuration," & objRoot.Get("defaultNamingContext")
Set objConfiguration = GetObject(sSitelist)
For Each objContainer in objConfiguration
    Err.Clear
    sitePath = "LDAP://" & oDCSelect & ",CN=Servers," &  objContainer.Name & ",CN=Sites,CN=Configuration," & _
        objRoot.Get("defaultNamingContext")
    set myObj=GetObject(sitePath)
    If err.number = 0 Then
        siteval = sitePath
    End If   
Next

sFRSSysvolList = "LDAP://CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System," & _
    objRoot.Get("defaultNamingContext")
Set objConfiguration = GetObject(sFRSSysvolList)

For Each objContainer in objConfiguration
    Err.Clear
    SYSVOLPath = "LDAP://" & oDCSelect & ",CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System," & _
        objRoot.Get("defaultNamingContext")
    set myObj=GetObject(SYSVOLPath)
    If err.number = 0 Then
        SYSVOLval = SYSVOLPath
    End If
Next

SiteList = Replace(sSitelist, "LDAP://", "")
VarSitelist = "LDAP://CN=Sites,CN=Configuration," & objRoot.Get("defaultNamingContext")
Set SiteConfiguration = GetObject(VarSitelist)

For Each SiteContainer in SiteConfiguration
    Sitevar = SiteContainer.Name
    VarPath ="LDAP://OU=Domain Controllers," & objRoot.Get("defaultNamingContext")
    Set DCConfiguration = GetObject(VarPath)
    For Each DomContainer in DCConfiguration
        DCVar = DomContainer.Name
        strFromServer = ""
        NTDSPATH =  DCVar & ",CN=Servers," & SiteVar & "," & SiteList
        GuidPath = "LDAP://CN=NTDS Settings,"& NTDSPATH
        Set objCheck = GetObject(NTDSPATH)
        For Each CheckContainer in objCheck
rem ====check for valid site paths =======================
            ldapntdspath = "LDAP://" & NTDSPATH
            Err.Clear
            set exists=GetObject(ldapntdspath)
            If err.number = 0 Then
                Set oGuidGet = GetObject(GuidPath)
                For Each objContainer in oGuidGet
                    oGuid = objContainer.Name
                    oGuidPath = "LDAP://" & oGuid & ",CN=NTDS Settings," & NTDSPATH 
                    Set objSitelink = GetObject(oGuidPath)
                    objSiteLink.GetInfo
                    strFromServer = objSiteLink.Get("fromServer")
                    ispresent = Instr(1,strFromServer,oDCSelect,1)

                    if ispresent <> 0 then
                        Set objReplLinkVal = GetObject(oGuidPath)
                        objReplLinkVal.DeleteObject(0)
                    end if
                next

                sitedelval = "CN=" & comparename & ",CN=Servers," & SiteVar & "," & SiteList
                if sitedelval = ntdspath then
                    Set objguidpath = GetObject(guidpath)
                    objguidpath.DeleteObject(0)
                    Set objntdspath = GetObject(ldapntdspath)
                    objntdspath.DeleteObject(0)
                end if
            End If
        next
    next
next
Set AccountObject = GetObject(ckdcPath)
temp=Accountobject.Get ("userAccountControl")
AccountObject.Put "userAccountControl", "4096"
AccountObject.SetInfo
Set objFRSSysvol = GetObject(SYSVOLval)
objFRSSysvol.DeleteObject(0)
Set objComputer = GetObject(ckdcPath)
objComputer.DeleteObject(0)
Set objConfig = GetObject(siteval)
objConfig.DeleteObject(0)
oDCSelect = Replace(oDCSelect, "CN=", "")
msgval = "Metadata Cleanup Completed for " & oDCSelect
msgbox  msgval,,"Notice."
wscript.quit

An easy to use description of the ntdsutil.exe way you find under http://technet.microsoft.com/en-us/library/cc736378.aspx

Next thing that will drive you crazy are the millions of ntfrs errors in the Eventlog. Ntfrs is the “New Technology File replication Service” from Windows. It is used for the replication of the sysvol/ netlogon. Remember Since Windows 2003 R2 nftrs is replaced trough DFS. First of all we are saving the eventlog to a file then clean it and boot every Domain Controller in the domain and wait a few minutes. On my experience this will fix half of the problems, like swiss admins tend to say “ein boot tut immer gut” ; -).