ITCongress 2010
Acum cateva zile s-a terminat IT Congress editia II. Eu am fost unul dintre baietii din staff-ul tehnic care am prezentat tehnologii VMWare, Wyse, 10zig ma refer aici cu accent deosebit pe partea de VDI (Virtual Desktop Infrastructure).
Lume a fost si destule intrebari de asemenea, totusi timpul alocat subiectelor din pacate, a fost foarte scurt, nu prea am avut timp sa explic si sa raspund la intrebari asa cum mi-am dorit si cum mi-am planificat de la inceput.
Despre ce am discutat poate va intrebati cei care nu ati fost?
- VMWare View 4.0 (integrare AD, permisii / user, tipuri de grupuri de masini, linked clone)
- Wyse (P20 Thin Client cu PCoIP, demo multimedia, integrare cu view manager)
- Wyse (V10L Thin Client cu RDP si TCP, usb redirect, sunet bi-directional integrare cu view manager)
- 10zig (cu RDP 7, sunet bi-directional cand te conectezi pe Windows Server 2008 R2)
Atasez cateva poze de la IT Congress 2010.
1) Pregatiri
2) De sus in jos (Cisco Nexus + NetApp Storage)
2) De la stanga la dreapata (V10L, 10zig, P20 cu PCoIP)
3) Stand VMWare cu Thin Clients, fiecare ruland un trailer pe RDP si PCoIP
5) Una din prezentarile VDI si lumea prezenta.
(am sa revin cu mai multe poze & video, cele postate sunt facute de mine cu telefonul si nu am avut timp de prea multe)
Transfer or seize FSMO roles in Windows Server 2003
Few months ago I had a situation when one of our Windows Server 2003 DC`s crashed, the big problem was that the crashed DC owned all FSMO roles.
To explain a bit, a Windows Server 2000/2003 that is promoted to DC has 5 FSMO (Flexible Single Master Operations) usualy are kept on same DC, but in some scenarious administrators can move them to a different DC.
The five FSMO roles are:
Schema Master: The schema master domain controller controls all updates and modifications to the schema. To update the schema of a forest, you must have access to the schema master. There can be only one schema master in the whole forest.
Domain naming master: The domain naming master domain controller controls the addition or removal of domains in the forest. There can be only one domain naming master in the whole forest.
Infrastructure Master: The infrastructure is responsible for updating references from objects in its domain to objects in other domains. At any one time, there can be only one domain controller acting as the infrastructure master in each domain.
Relative ID (RID) Master: The RID master is responsible for processing RID pool requests from all domain controllers in a particular domain. At any one time, there can be only one domain controller acting as the RID master in the domain.
PDC Emulator: The PDC emulator is a domain controller that advertises itself as the primary domain controller (PDC) to workstations, member servers, and domain controllers that are running earlier versions of Windows. For example, if the domain contains computers that are not running Microsoft Windows XP Professional or Microsoft Windows 2000 client software, or if it contains Microsoft Windows NT backup domain controllers, the PDC emulator master acts as a Windows NT PDC. It is also the Domain Master Browser, and it handles password discrepancies. At any one time, there can be only one domain controller acting as the PDC emulator master in each domain in the forest.
You can transfer FSMO roles by using the Ntdsutil.exe command line utility or by using MMC snap-in. Depending on the FSMO role that you want to transfer, you can use one of the following three MMC snap-in:
• Active Directory Schema snap-in
• Active Directory Domains and Trusts snap-in
• Active Directory Users and Computers snap-in
The transfer operation works only if the DC that owns the roles is functional in your domain.
You can transfer them using Ntdsutil from your command line.
1. On any domain controller press START -> RUN type CMD then type Ntdsutil then press ENTER
2. Type roles then press ENTER
3. Type connections then press ENTER
4. Type connect to server servername , where servername is the name of the server where you want to transfer the roles.
A message will appear:
Binding to servername ...
Connected to servername using credentials of locally logged on user.
server connections:
5. Type q and press ENTER
6. It should appear now:
fsmo maintenance:
6. Now we can proceed to transfer the roles, type one by one the following commands:
Transfer schema master
Transfer domain naming master
Transfer PDC
Transfer RID master
Transfer infrastructure master
A message will appear asking if you want to transfer the role.
7. After you finish, type q and press ENTER and a nother q till you exit from Ntdsutil.
In the case you have only one DC working and the DC that owned the FSMO roles crashed you will need to use the sieze command instead of transfer
Example:
Seize schema master
Seize domain naming master
Seize PDC
Seize RID master
Seize infrastructure master
If you have any questions post them as a comment, I`ll be glad to answer.
Disable unneed CentOS services
In many situations we need every bit of resources from our servers. The main resource needed on all systems is RAM. Disabling some unneeded services will free a lot of memory.
The proper way disabling a service from being started on boot is to use the “chkconfig” utility.
Here is a list of services that can be disabled without affecting the OS in a situation when you host a WEB, DHCP, DNS, FTP or your using the server as a ROUTER.
chkconfig acpid off
chkconfig atd off
chkconfig autofs off
chkconfig cpuspeed off
chkconfig cups off
chkconfig gpm off
chkconfig haldaemon off
chkconfig isdn off
chkconfig mdmonitor off
chkconfig messagebus off
chkconfig netfs off
chkconfig nfslock off
chkconfig openibd off
chkconfig pcmcia off
chkconfig portmap off
chkconfig rawdevices off
chkconfig rpcgssd off
chkconfig rpcidmapd off
chkconfig smartd off
chkconfig xinetd off
You can disable same service typing in terminal the “setup” command and selecting System Services menu. You can turn off “microcode_ctl” if this is an AMD machine, and “irqbalance” if there is only one CPU. If you plan on using plug and play devices you should leave “haldaemon” and “messagebus” running. If you did not do a minimal install you’ll have more services enabled.
If you are not sure what something does, you can look in the particular service’s startup script to see the comments at the beginning. The scripts are in the /etc/init.d directory.
DNS – servfail response (SOA records)
Today, I have had some issues with one of my DNS servers.
The configuration is: one master and one slave for the zone. Yesterday night the master failed due to hard-disk failure. Today when I was reinstalled / upgraded the master, the slave start to respond “servfail” to all the queries for that zone. The thing was very strange because the slave still was the nameserver for that zone. Fortunately I managed to fix. The problem was in the SOA record.
As you know from an earlier post the zone looks something like this:
$TTL 3600
@ IN SOA example.com. root.example.com. (
0605200803 ; serial (d. adams)
36000 ; refresh
36000 ; retry
36000 ; expiry
36000 ) ; minimum
IN NS example.com.
example.com. IN A 192.168.2.141
example.org. IN A 192.168.2.142
www CNAME example.com.
The expiry timer is set to 36000 that in seconds means 10 hours. So the zone on slave will expire in 10 hours if the master cannot be contacted in the meantime. Keep in mind that the timers are in seconds and the slave WILL NOT ANSWER ANY QUERY WHEN THE ZONE HAS EXPIRED (the answer will be SERVFAIL).
Installing a DNS Server on CentOS 5
About DNS
When hosts on a network connect to one another via a hostname, also called a fully qualified domain name (FQDN), DNS is used to associate the names of machines to the IP address for the host.
Use of DNS and FQDNs also has advantages for system administrators, allowing the flexibility to change the IP address for a host without effecting name-based queries to the machine. Conversely, administrators can shuffle which machines handle a name-based query.
DNS is normally implemented using centralized servers that are authoritative for some domains and refer to other DNS servers for other domains.
When a client host requests information from a nameserver, it usually connects to port 53. The nameserver then attempts to resolve the FQDN based on its resolver library, which may contain authoritative information about the host requested or cached data from an earlier query. If the nameserver does not already have the answer in its resolver library, it queries other nameservers, called root nameservers, to determine which nameservers are authoritative for the FQDN in question. Then, with that information, it queries the authoritative nameservers to determine the IP address of the requested host. If performing a reverse lookup, the same procedure is used, except the query is made with an unknown IP address rather than a name.
Example:
bob.example.com
mail.example.com
games.example3.com
In this case we will use the well known BIND 9. BIND is also known as the service named in CentOS.