So you can´t set tcp autotuning to disabled after vista sp2?

Exactly this was my problem today morning. No one in the newsgroups seemed to have a solution. Now what I did was start a netsh shell and looked around for this "heuristics" feature which was obviously introduced with sp2. Finally, I found out you have to disable this heuristic first before you can set autotuning to disabled. The steps are: 

netsh

interface

tcp

set heuristics disabled

set global autotuninglevel=disabled

and...here you go.

Exchange 2007 Backup out of the box with Windows 2008 in Q3

The Exchange Team finally announced the long awaited full integration of the exchange backup capabilites to the windows 2008 backup program. Many users were very frustrated in the last year as it was possible to backup e2003 with ntbackup of windows 2003 but is wan´t possible to backup exchange 2007 with windows 2008. It only worked with a trick. Now the Exchange team said, it will deliver the functionality with the release of sp2 for exchange 2007 which will be available in q3 2009.

VMDK Recovery Tool of ESX 3.5 U3

Until now the one and only way to get deleted or corrupted VM´s back to life was to call VMware and let them use their magic little in-depth-disk-tricks. Well, with ESX3.5U3 VMware provides a first: The VMDK recovery tool (experimental). Just connect to your COS and enter 'vmfs-undelete'.

You are provided with a menu like that one here: 

[root@joergsesx1]# vmfs-undelete

########################################################
# VMFS Data Recovery and Backup #
# #
# This tool is NOT a replacement for regular backups #
# Please backup your data on a regular basis #
# There is absolutely no guarantee #
# Use at your own risk #
# #
# VMs with Raw Disks (virtual or physical) are #
# Not supported!!!! #
########################################################

--------------------------------------------------
Select [b]ackup, [r]estore [q] to quit: b

Now, believe it or not, this one will allow you to backup your blockfiles of one, many, or all your VM´s on a ESX 3.5U3 host. If you somehow kill your VM and you have the blockfile at your hand you can restore the deleted VM. Now be aware of the fact that this feature is experimental and in no way a replacement for any kind of backup.

Backing up Exchange 2007 with ntbackup locally

As you certainly know the new backup program that comes with Windows Server 2008 is not capable of backing up Exchange 2007. You have to use DPM or some other third-party VSS-aware Backup-Tool. Some months ago, Microsofts Exchange Team finally blogged about a special plugin to come which re-enables the Windows Server Backup in Windows Server 2008 to do the trick again. That was on June 18th. Now it´s october and the community is still waiting. Now me, I was tired of waiting and as I read the comments I found a person called "Phil Carter" trying to copy the old ntbackup files to the win2008 machine claiming that would work. So I decided to test that. I tried to just copy the "old" ntbackup over to my 2008 machine and let´s see how it goes. At first, I virtualized a w2003x64 Server to get the x64 versions of

ntbackup.exe,
ntmsapi.dll and
vssapi.dll.

Done. Took these three files and copied them to a new created folder in the 2008 machine´s root. Launched it, selected the local Exchange Store and hit backup. And voila, it did the job and Exchange successfully purged the log files of the mailbox store and also of the public folder store. The eventlog of the W2008 Exchange Server 2007 says started with id 210, successful, ended with 213, successfull.
Now I was wondering..wow..so easy..let´s check the backup file. So I extracted the bkf with ontrack powercontrols and mounted the source with powercontrols and voila: My Test-Mailboxes all were there and everything was fine.
Now don´t get me wrong here. This streaming backup scenario certainly is not a replacement for a TRUE 2007 vss aware exchange live backup. But it´s something to start with and finally I am able to backup my Exchange 2007 without a special foreign backup solution.

Equallogic releases Firmware 4.0.1

Wow, now thats a first. Today I visited the equallogic support portal and wondered why there again was a new firmware available. A few days ago 3.3.3 was posted and NOW..wow...there you go with 4.0.1. The features are amazing, you can now assign a special port just for managing and the most important thing in my opinion is the smart new restart function when updating to a newer version, it will smartly flip between the two controllers so you won´t have any downtime at all. Pretty smart. Also there were some improvements in Replication and other minor changes, also the new 5500 48Gig array is now supported. Also supported is now iSCSI IPv6 support. Now be aware of that: The update could easily take about 40 minutes, don´t get nervous, it´ll continue smart and clean till the end and you just have to restart which requires about 1,5 mins.Fair enough if you configured your qlogic devices in your ESX machines like I told you in one of my previous posts. I updated all my 4 eql arrays this night without problems.

 

VSS support in ESX3.5U2 - cute stuff rarely spoken of

One of the most exciting features in esx35u2 is the vss ability. but nobody makes a big deal about that. How come? Maybe this feature wasn´t documented very well at the very beginning so here is my two cents about that: 

Ever had anger with the famous sync driver inside the guests? Well, this little peace of software is used by vmware tools inside the guest to "harmonize" the file system before a snapshot is taken. Sadly this driver resulted very often in corrupt ad and exchange databases, so the general recommendation in the community was to turn this driver off (in hardware/unhide hidden devices/computer/sync driver/right klick/disable). Now the sad fact about that workaround was inconsistent snapshots sometime and i personally saw some other weird behaviour regarding this workaround.

But now there is the new VSS driver which is capable of using Microsofts Volume Shadow Copys inside the guest, therefor it´s a very clean and cute solution and no database corruption shall appear at all. But there are some things to highly consider: 

a) When you install a fresh new VM on a esx35u2 and install the vmtools, everything is great, vss driver is automatically installed

b) Sadly: When you just update an existing VM with the latest tools the sync driver is NOT installed automatically! So you HAVE TO trigger the installer, say Change and explicitly select the VSS driver in the manual installation mode!

c) VSS is used when triggering a backup with VCB (tested) and the latest version of vranger when "disable quiescing" is turned off  (tested) BUT VSS is NOT triggered when you perform a manual snapshot in VC. Weird. But important to know!

d) When VSS is triggered successfully Windows takes care of everything. Exchange/AD/SQL VSS providers inside the VM are triggered and harmonizing the databases. I guess this is the main reason why Microsoft just certified VMware for their virtualization program.

e) VSS is also triggered when using a manual crafted VCB script, like let´s say 'cscript pre-command.wsf (path) (vmname) fullvm'. Very important for people like me who like to deeply control the VCB interactions manually.

esx 3.5 u2 has a timebomb

This morning the vmware community all around the world had any reason to scream out loud, seems like august 12th is a hard coded timebomb inside vmwares esx 35u2. vmware took the isos, patches and zips offline and now all the community is waiting for a patch.

In the meantime vmware suggests to turn off ntp and change the time back two days. also, they recommend to turn off drs, do not power off any vm and do not vmotion any vm. very awkward.

HA errors after update to esx 3.5 u2

Yesterday I updated my whole ESX farm to 3.5 u2 and suddenly encountered a strange one: A few minutes after updating one of my test clusters gone red telling me the ha agent has an error. So i checked out the communities and found that i was not alone. Many people had the same issue. Now there are several guides online how to fix it, but most of them didn´t solve it for me now here is how I solved it:
First, it seems like this is some kind of DNS issue. So check the hostname in the
vi client. Lets say its esx1.domain.local
Now enter console and check

/etc/hosts

and make sure the entry from the vc is exactly the same, especially check for upper/lowercase mismatches. If your /etc/hosts shows ESX1.domain.local, change it to esx1.domain.local.
Now, thats not all, check

/etc/opt/vmware/aam/FT_HOSTS.

Your cluster members should be in this file, but only the first part f the dns name, if you dns name is esx1.domain.local, only esx1 should be in FT_HOSTS.
If there is any other entry or you are not shure, simply delete FT_HOSTS and reconfigure your cluster. Reboot the ESX hosts.

Now: Mostly these steps seemed to solve the problem but not for my test lab. The next day i encountered the error again. Now this is what I have done in addition which seemed to finally solve the problem.

Put your esx hosts in maintenance mode, remove them from the cluster, delete the cluster and create a new one with a different name. Put your esx hosts out of maintenance mode and assign them the cluster again. Now finally to be 100% sure right click em and reconfigure HA. That whole bunch solved the problem for me (have my eyes now on it for a few hours).

VMware´s got a new CEO

The VMware board of directors announced today that they appointed Paul Maritz as President and CEO of VMware effective immediately. The community is shocked as well as the investors. The stock crashed more than 30% to its lowest value since the IPO. I personally can´t understand this decision in any way. I got to know Diane Greene at VMworld 2008 in Cannes together with her husband Mendel Rosenblum, they are my absolute personal dream-couple and also dream-leaders of such a great company. And speaking of that, what will Mendel Rosenblum, VMwares chief scientist do now?

 

Installing Nessus on Backtrack 3

As i blogged lately Backtrack 3 was released. Now the worst thing about it is that Tenable would not allow nessus for redistribution, therefor it is not included. Here is how to fix this for yourself (tested successfully with the vmware version of bt3 final):

Download the Nessus and NessusClient Fedora Core 8 RPM’s from the Nessus website, then
convert them to TGZ :
rpm2tgz Nessus-3.2.x-fc8.i386.rpm
rpm2tgz NessusClient-3.2.x-fc8.i386.rpm

Use the Slackware Package Tool to extract and install the packages from the current directory:
pkgtool

Configure the application:
cd /opt/
export PATH=$PATH:/opt/nessus/sbin:/opt/nessus/bin:
cp /usr/lib/libssl.so /lib
cp /usr/lib/libcrypto.so /lib
cp /opt/nessus/lib/libnessus.so.3 /lib
cp /opt/nessus/lib/libnessusrx.so.0 /lib
cp /opt/nessus/lib/libpcap-nessus.so.3 /lib
cd /lib
ln libssl.so libssl.so.6
ln libcrypto.so libcrypto.so.6

nano /etc/ld.so.conf
/opt/nessus/lib #add this line to the config file

ldconfig
/opt/nessus/sbin/nessus-mkcert
/opt/nessus/sbin/nessus-adduser

Next update your plugins. Make use you registered at the Nessus website. Use the code they emailed to you below.
cd /opt/nessus/etc/nessus
nessus-fetch –register bla-bla-bla-bla

Run the Nessus Server:
/opt/nessus/sbin/nessusd

Launch the Client
/opt/nessus/bin/NessusClient

the credits for this CUTE guide go to williamc, the source is forums.remote-exploit.org