Blog

One of our customers uses VMware VCB backups integrated with CommVault Simpana. The CommVault job simply calls a pre-backup script to snapshot the VM and copy all the VM files to the VCB proxy, backs up the files from the proxy to the CommVault media server, then a post-backup script commits the snapshot and purges the VM files from the VCB proxy.

Recently, we upgraded this customer from VMware VI3.5 to VMware vSphere v4 Update 2. For most of the VMs that are backed up with VCB, we had no issues at all. The backups ran the weekend following the upgrade with no issues. However, all of the VMs that had been secured with the Windows Security Configuration Wizard would not back up. These VMs are in the DMZ and are locked down very tight because they host externally available web applications. The issue is that each time a backup was initiated from CommVault, the VCB script would return a non-zero error due to a snapshot failure in VMware. VMware’s error was “Cannot create a quiesced snapshot because the create snapshot operation exceeded the time limit for holding off I/O in the frozen virtual machine.” This would happen when using VCB scripts, but I could create a snapshot without error from the VI client. [more]

After much research and testing, I determined that the problem was hold-over from the VMTools upgrade. In the new version of VMTools, a new service is installed called VMware Snapshot Provider is installed. This service gets installed when VMTools is upgraded. Its purpose is to help facilitate application consistent snapshots through the VMTools. On the servers that were getting the “quiesced snapshot error”, this service was not present at all, but VMTools had already been updated…very strange. Here is where the Security Configuration Wizard comes in. Part of our lockdown policy is to disable a service called COM+ System Application. This service manages the configuration and tracking of COM+ based components. Apparently, without this service enabled, VMTools upgrade will NOT install the VMware Snapshot Provider service. Without the service, no quiesced snapshots and you get errors when creating snapshots via the VCB integration modules.

So why could I create a snapshot from the Vi client? Well, VMware knows that you are using VCB to create snapshots for the purpose of backup. What good would the backup be if it wasn’t app consistent? The VI client, on the other hand, will first try to create an app consistent snapshot, but if it fails or times out, it will go ahead and create the snapshot “crash consistent” without error. VCB is not as forgiving. If the guest quiesce fails, the snapshot fails…end of story. The solution was to uninstall the VMTools, reboot, temporarily enable and start the COM+ System Application service, install VMTools, then disable the COM+ System Application service. After I did that, backups have been running fine since.

During recent bank audits, our LANguard scans have been flagging some systems by saying “Administrator account with blank password”.  We would typically look at the systems it flagged, determine they were printers, and not worry about it too much.  After some unsuccessful poking around in LANguard, one of our network engineers and I could not figure out what tests it uses to determine that the admin password is blank.  My coworker recommended attempting to connect a shared drive the next time I see that scan result at a bank.  As usual, my coworker's intuition was right.  The next time LANguard came up with that finding, I was able to connect to share drives (\\printer name\ipc$) on multiple printers using the username “Administrator” and a blank password for authentication. [more]

So far, the only reason I have found that printers are using SMB file sharing is to allow access to any flash memory cards that might be in the printer.  At this point, it doesn’t seem like a big security risk, but there may be a time when printers will need to be setup with a telnet management password, an HTTP management password, and a Windows administrator password.

I had a problem with VMware Workstation 7.0.1 this weekend. It is a known problem which causes the vmdk to corrupt. This has happened to me a couple times before, but in those cases I just reverted to a snapshot to fix it. This time it was too much work, so I did some research.

Turns out this has been fixed in 7.1.1 build-282343 and fusion 3.1.1  Everyone who is using Workstation 7 or Fusion 3, you should install the latest copy to avoid this issue. In case you have the problem, the fix can be found at: [more]http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1023856

One of the new features in Outlook 2010 that I absolutely love is the ability to create “Quick Steps.” At home, I’ve got several email accounts that download into Outlook. From those separate inboxes, I file them into folders kept completely offline. A problem that I run into is that when using the preview pane, the email isn’t marked as read (intentionally) unless I click off and back onto it. When I click-drag the email to a folder to file it, it keeps its unread status unless, once again, I click off and on. This is not a very efficient way for me to work and Quick Steps fix that.

When you create a new Quick Step, you can define a set of actions that this one button performs. [more]

As can be seen below, the following Quick Step will ask you which folder to move your email to and mark it as read.

If you are having problems opening iPhoto (no photos are displayed, etc.), you might can fix it by rebuilding the iPhoto cache.  Just hold Command + Control when launching iPhoto, then select all rebuild options and click Rebuild.

We ran into a problem where the print properties or preferences of a shared printer being accessed on a Microsoft Windows client PC would cause the print driver to be re-vended (downloaded/installed) from the server and an Event ID: 20 entry to be logged in the Event Log. Event ID: 20 indicates that a print driver has been added or updated. Slow client UI response and/or slow server performance was also reported. In some instances, the driver would generate over 100 Event ID: 20 entries in the Event Log. Selection of the printer from an application may freeze up the application and printing to printer was reported to take up to 15-20 minutes.

This issue can occur if the privileges on the print server are set such that users with print access also have manage permissions on the print queue. [more]

My Solution 

Disable queue manage permissions for users. NOTE: In my situation, the user was a domain admin. Removing manage permission for domain admins would prevent further access to the printer. I had to add a separate group to allow management permission before removing administrator permissions.

To change permissions:

1. From the print server, right-click the printer queue (object) in the Print & Fax window.
2. Select Properties.
3. Select the Security tab.
4. Click the User Group used for printing permissions.
5. Deselect the check in the box next to Manage Printers under the Allow column.

HP's Solution

Upgrade to UPD version 5.1 or later.

The switch ports on the Cisco routers don’t appear to be as robust as a standard switch.  All clients at a clients motor bank went down the other morning.  After travelling on site, it turned out the problem was a bad cable end on one client.  All seven devices connected to the same 8-port switch on the branch router, and this one bad cable took down all seven devices.  I could move the faulty device from the router’s switch port to an external switch, and everything would work.  I went ahead and replaced the bad cable end, and reconnected all devices to the router’s switchports.

I came across a problem in one of our automated Robocopy command scripts when copying files from NTFS to EMC Celerra file system.  The problem was that every time Robocopy was told to copy files to the EMC Celerra over the VPN, the files were always detected as “newer” on from the originating source.  This caused Robocopy to copy every single file from our network to the remote network each and every time. 

I came across a command line switch for Robocopy: /FFT : Assume FAT File Times (2-second date/time granularity).  So what this does is force Robocopy to use FAT style time stamps which are 2-second granularity.  It allows enough flexibility to account for the way the time is recorded when doing a file copy from NTFS to another file system. This is needed when going between and NTFS and Linux/Unix/FAT or emulated file system.

I purchased a new iPhone, but when I tried to sync my old iPhone to my new iPhone it kept crashing my system (laptop would shut down – not blue screen, just turn off).  The event logs showed nothing…  Below is what I tried:

1. Reinstalled iTunes
2. Changed USB ports I was plugged into
3. Changed cables I used to connect my iPhone to my laptop
4. Restored iPhone to factory default

Then I started synching only pieces at a time and found that it only crashed my laptop when I tried to sync photos…

Not sure exactly which photo or why the sync of photos caused the crash – I have tried only synching a few photos and did not have a problem, but I have not synced all photos since.