Blog: Networking

After switching to a Thinkpad T440s I started having display problems with Office applications. It would start as a minor issue but end up getting refreshed into a major display problem, which made most of a message or document unreadable. [more]

I found a blog entry at http://blogs.technet.com/b/rmilne/archive/2014/07/08/outlook-2013-distorted-display-issues.aspx that provided a workaround until the Thinkpad display drivers are fixed; disabling hardware graphics acceleration. This is accomplished from within the Office application by going to File -> Options -> Advanced -> Display and check the box to “Disable hardware graphics acceleration.


 

One of our customers reported their Veeam backups were failing. We determined the cause to be the vCenter services were stopped and would not restart. The vCenter issue was a result of the SQL Express database having grown to its 10GB maximum size. We were able to get the vCenter services running temporarily by purging performance data from the database using the procedure at http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1007453. [more]

This procedure removed enough data to get the services running, but didn’t reduce the overall size of the database significantly. I found a VMware SQL stored procedure named “dbo.cleanup_events_tasks_proc” that reduced the size of the database by 60%. After a couple of shrink file operations, the database and the vCenter services were up and running. 

However the Veeam backups failed yet again the next night. While the Veeam errors indicated that the vCenter services were again offline, this time it was because the virtual disk containing the SQL Server Express vCenter database was completely full. The transaction log for the vCenter database had bloated to 24GB and filled up the disk. This was confusing initially because I had checked the recovery model of the database prior to running the stored procedure to make sure it was set to “Simple” to prevent this very issue. 

With SQL Server the growth of the transaction log is directly proportional to amount of “work” that SQL Server has to perform between BEGIN TRANSACTION and COMMIT TRANSACTION commands. Certain SQL Server commands (insert, update, and delete) are always wrapped in implicit transactions. But some bulk operation transactions can be executed with explicit BEGIN/END TRANSACTION commands to control roll back. The stored procedure that I ran wraps a potentially large batch purge process in a SQL transaction that enables the entire process to be rolled back in the event of a failure. In this case, the lengthy stored procedure resulted in a ridiculously huge transaction log. Lesson learned is that “Simple” recovery model doesn’t guarantee the transaction logs will always be a manageable size.


 

After installing a new server and promoting it to a domain controller, the replication from the other domain controller did not work and the NETLOGON and SYSVOL folders were not created. Initially, I tried demoting it and re-promoting it, but that didn't work. I found the following Microsoft Support article - http://support.microsoft.com/en-us/kb/315457 - on how to rebuild the SYSVOL tree and it’s content in a domain. In summary, I had to go into ADSI and delete the orphaned GUIDs and create new symbolic links for both of the folders. I also had to recreate all of the group policies in order for them to work on the new server.


 

The sa account for the SQL Instance on a number of PCs got locked out. One way to unlock all sa accounts is by putting the instance in single-user mode and creating a recovery account, then you can get connected to the SQL instance with that recovery account and unlock the sa account.

Here are the instructions for how to do that: [more]

 

  1. Open SQL Server Configuration manager and Stop the SQL service. 
  2. Once the service stops, right-click the service and select properties. 
    1. Got to the Advanced tab, find the Startup Parameters and add –m; to the front of the line (This will start the SQL Service in Single-User mode the next time it starts up) 
  3. Then expand SQL Server Network Configuration, and click on Protocols for your SQL instance. 
    1. Then right-click Named Pipes, go to properties, and change the Pipe Name to just \\.\pipe\sql\query (This will allow you to connect to the SQL instance via sqlcmd) 
  4. Then start the SQL Server service again. 
  5. Once the service has started open up a Command Prompt on the PC and type sqlcmd. 
    1. At the 1> Prompt, enter CREATE LOGIN recovery WITH PASSWORD = ‘TopSecret1’ and press ENTER (Where TopSecret1 is the password you would like to use for the recovery account) 
    2. At the 2> Prompt, enter Go and press ENTER 
    3. At the next 1> Prompt, enter sp_addsrvrolemember ‘recovery’,’sysadmin’ and press ENTER 
    4. At the 2> Prompt, enter go and press ENTER 
  6. After creating the recovery account, go back into SQL Server Configuration Manager, stop the manager and undo the changes you previously made to the Startup Parameters and the Named Pipes configuration. (Remove –m; from Startup Parameters for SQL Server services and change Pipe Name back to what it was originally) 
  7. Then login to a PC or Server that has Microsoft SQL Server Management Studio installed and connect to the SQL Instance on that PC with the recovery account you just created. 
  8. Once you’re connected to the SQL Instance, go to Security -> Logins, then right-click the sa account and select Properties.  In the Properties screen, click Status on the left.  Then uncheck the box for Login is locked out then click OK. You will get a prompt that the Password needs to be reset, so click General on the left. For Password and Confirm Password enter the password you’d like to use and click OK. 
  9. Go back to the SQL Server Configuration Manager on the PC and restart the SQL Server service. 
  10. After restarting the services you should now be able to access the DB with the sa account. 
  11. After verifying that everything is working correctly, log back into the SQL Instance through SQL Management Studio, but this time use the SA account you unlocked. Go to Security -> Logins and delete the recovery account you created earlier.

 

  Not sure if it will work for all versions of SQL, but it worked on SQL 2008 R2 Express


 

I was subscribing to a mailing list that uses the Sympa software. This works like most of these systems - you give it your email address and it sends a confirmation email to that address with a link in it to click on to prove that you have control of that email address. This prevents someone from subscribing for another person.

I got the confirmation email right away and when I clicked on the link, I went to the web site as expected, but it gave me the message "Sorry, this operation can't be performed... The validation link has already been validated from host x.x.x.x. If you did not perform this validation, please report this confidentiality issue to your mail services administrator."

I thought "who has been reading my e-mail and clicking on links for me?" Well, that IP address belongs to Barracuda Networks, Inc. The email filtering software activated the link while checking it for malware.


 

Many of the print drivers today are only provided by Microsoft instead of the vendor’s website.  Setting up new printers with the add printer wizard will download drivers for whichever architecture the server is running (x64 or x86).  This can cause problems for clients on different architecture than the server when they try to connect to shared printers.  The client will say that a suitable driver could not be found. [more]

In order to add both types of print drivers to the print server to support all clients, use another dissimilar client and create local temporary printers using LPT1 port for each printer that needs drivers.  Make sure to click on the “Windows Update” button when you are adding the printer, and it will pull in a much larger list of printers to install.  Chances are the print driver you need will be listed.  Finish installing the printer locally.

After you have the 32 bit or 64 bit drivers you wish to add to the print server, browse to the print server (\\printserver) and right click the printer to select the properties.  On the sharing tab, click on the “Additional Drivers” button.  Check the box for the x86 or x64 drivers that you have already previously installed on the client you are connecting from and it should upload the drivers to the print server for all clients to use going forward.


 

After upgrading an iPhone and iPad to IOS 8, the iPad may “ring” every time a phone call is received on the iPhone for same id user account that is used on the iPad.  There is a setting in the FaceTime app that can be used to enable or disable this feature.  Go to Settings, FaceTime and turn on or off the “iPhone Cellular Calls”.  The description of feature “iPhone Cellular Calls” is “Use you iPhone cellular connection to make and receive calls when your iPhone is nearby and on Wi-Fi.”


 

User was unable to log into a PC, and user was getting error message that said, “The user profile service failed to logon. User profile cannot be loaded.”  Another user account also received same error message when trying to logon.  Admin user also received same error message when trying to logon. [more]Rebooting the system into Safe Mode with Networking and testing admin login did work. After a reboot, the same user was able to log into the PC without getting an error. 

The Event Viewer had the following event: 

Windows cannot copy file \\?\C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\SQM\iesqmdata_setup0.sqm to location \\?\C:\Users\TEMP\AppData\Local\Microsoft\Windows\Temporary Internet Files\SQM\iesqmdata_setup0.sqm. This error may be caused by network problems or insufficient security rights. 

DETAIL - Access is denied. 

Resolution was to delete the iesqmdata_setup0.sqm file from the directory mentioned in the event log. After deleting the file, all users could log in successfully.


 

Users had intermittent connection problem to published applications when using Citrix NetScaler Access Gateway that provides access to a XenDesktop 7 site.  Citrix receiver would spin saying “connecting to server” and then time out.  The NetScaler was deployed prior to a recent subnet change.  Connections worked ok when the user session was assigned to a server in the bottom half of the new subnet.  If connection was assigned a server in the top half on the new subnet then no connection could be made.

It was determined that the subnet mask for the NetScaler was wrong. The subnet that contained the XenDesktop hosts was recently changed from a /24 to a /23 due to IP shortage.  The resolution to the problem was to update the subnet mask for the NetScaler.

Be aware this change needs to be made via command line on the console of the VPX.  Changing the subnet mask from GUI can break access to NetScaler web GUI.  The subnet mask change can require that you remove and add a route.


 

vCloud Director requires a certificate to be installed on the device that it uses for communication with the other VMware products as well as a certificate for the vCD website. The following steps can be used to install a wildcard certificate (call the certificate certificate.pfx). [more]

  1. Convert pfx to pem: openssl pkcs12 -in certificate.pfx -out certificate.cer -nodes
  2. Obtain the private key from certificate.cer (cut and paste the private key to a new file, name it wildcard.key)
  3. Use the following command to recreate the pfx and set alias (PKCS12 keystore): openssl pkcs12 -export -in certificate.cer -inkey wildcard.key -name http -passout pass:password -out http.pfx
  4. Use the same certificate and key to create the consoleproxy pfx (PKCS12 keystore): openssl pkcs12 -export -in certificate.cer -inkey wildcard.key -name consoleproxy -passout pass:password -out consoleproxy.pfx
  5. Import the 2 PKCS12 keystore into Java keystore using keytool:Import the root certificate to the same keystore:
    ./keytool -importkeystore -srckeystore http.pfx -srcstoretype PKCS12 -destkeystore CERTIFICATES.ks -deststoretype JCEKS -deststorepass password -srcalias http -destalias http -srcstorepass password
    ./keytool -importkeystore -srckeystore consoleproxy.pfx -srcstoretype PKCS12 -destkeystore CERTIFICATES.ks – deststoretype JCEKS -deststorepass password -srcalias consoleproxy -destalias consoleproxy -srcstorepass password
  6. Import the root certificate to the same keystore:
    /keytool -importcert -alias root -file DigiCertHighAssuranceEVRootCA.crt -storetype JCEKS -keystore CERTIFICATES.ks -storepass password
  7. Import the Intermediate certificate to the same keystore:
    ./keytool -importcert -alias intermediate -file DigiCertHighAssuranceCA-3.crt -storetype JCEKS -keystore CERTIFICATES.ks -storepass password
  8. Verify the CERTIFICATES.ks keystore:
    ./keytool -list -keystore CERTIFICATES.ks -storetype JCEKS -storepass password
  9. Provide the necessary permission:
    chown vcloud:vcloud /opt/vmware/vcloud-director/jre/bin/CERTIFICATES.ks
  10. Stop the VCD service: service vmware-vcd stop
  11. Run the configure command: /opt/vmware/vcloud-director/bin/configure
  12. When prompted for the certificate, point to the following: /opt/vmware/vclouddirector/jre/bin/CERTIFICATES.ks
  13. When prompted to start the cell, press y and Enter

Source: http://virtxpress.wordpress.com/2013/12/22/using-wildcard-certificates-in-vcloud-director/