Powered by Blogger.
RSS

CrashPlan 3.4.1 and above stuck on "Waiting for Crashplan to Start" Mac

In case anyone runs across this, after CrashPlan 3.3 likes like the folks at Code42 compiled their code using Java 6.

 

I have an old Mac server running 10.5.8, after the upgrade the application got stuck at “Waiting for the CrashPlan ProE Server to Start”

 

You have to get Java 6 on that machine and then update the LaunchDaemon to point to the 1.6.0 directory.

 

I installed Java 6 using this link:

http://stackoverflow.com/questions/7731268/java-version-shows-as-1-5-after-java-6-installed-on-mac-os-x-10-5-8

 

Then had to edit your LaunchDaemon to point to the new directory.

http://tapestryjava.blogspot.com/2012/06/getting-crashplan-to-work-on-mac-after.html

 

--mando

 

  • Digg
  • Del.icio.us
  • StumbleUpon
  • Reddit
  • RSS

Cisco CUCM 8.6.5 with AD LDS for Multi forest environment

This was a huge pain… worth posting J
 
I’ve got two domains that we are consolidating over to just one.  One is running AD 2003, and has three child domains. The other is a 2008 AD, and the new domain is 2008 R2. For the sake of this post, I will be calling the domains AD2003, AD2008, AD2008R2.
 
I have a brand new CUCM 8.6.5 cluster I’m bringing up, and need to authenticate users on all three domains until my migration is complete. I have a root CA already configured on my new AD2008R2 domain, so LDAP over SSL is the way I’ll be configuring this.
 
First off, I’d like to post the websites and give the people who wrote them thanks for doing so. I would be completely lost without their help.
 
How to Configure Unified Communications Manager Directory Integration in a Multi-Forest Environment
 
https://supportforums.cisco.com/docs/DOC-16356 by Greeshma Bernad and edited by Gabriel Sroka
 
AD LDS 101 – Part 4 – MS-AdamSyncConf.XML: A Detailed Look
 
Merging & Syncing multiple Active Directory databases into one ADAM instance
 
Using SSL with ADAM (AD LDS)
 
THANKS ALL!!
 
Firstly, Greeshma on the Cisco KB pretty much lays it out as to how to do this, however, there’s a lot that is not covered and of course would be impossible to cover every single deployment scenario for this. So I’m just going to cover how my deployment went and what I needed to do to make it work. I’ll shorthand a bunch of it and refer back to the links above, but will include some screenshots on stuff that isn’t covered.
 
All was pretty much good for me on the KB until,
 
     One thing I didn’t understand from step 8 on this procedure was that the partition name is a brand new partition. The KB names the partition the same as the host AD DC domain. For me a more descriptive “DC=Multiforest,DC=local” works better.
 
     For the Service Account, I created a new account on the domain I was hosting it on
       AD2008R2\ADAMMultiforest is the account I used. I think it prompted me to give the user rights to start the service and I went ahead and clicked yes on that. I rebuilt this AD LDS a few times, so I don’t know if it just didn’t prompt me anymore, or if it was a different installation that gave me that prompt…
 
    AD LDS Administrators, I chose AD2008R2\Domain Admins for my instance.
 
 
Now for the next section:
 
CoreLAN team does a great job explaining exactly what you are doing. Definitely a good read if you need some more info on this.
 
    Referencing the Cisco KB article, I ran steps 1-7 for my first domain AD2008R2. Please remember that step 3 references your target schema which is the standard AD on each domain (going through LDAP port 389) and the base schema is the new AD LDS on port 50000.
   Ran Step 8 (simple,) and ran step 9 for the first domain AD2008R2.
   Now we need to rerun steps 1-7 for my next domain, AD2008. Then you can skip step 8, and run step 9.
     One thing to note here is that I got an error on step 9 for the second domain. So I ran the ldife command with a “-k” to ignore the errors and keep processing the other entries. I tried updating the schema using ADSI and then restarting the Multiforest AD LDS instance, but I still got that error on the third domain too. Not sure what that exact error is there, or if it even matters.
 
ldifde -i -s localhost:50000 -c CN=Configuration,DC=X #ConfigurationNamingContext -f diff-schema.ldf -j c:\windows\adam\logs -k
 
 
   I then finally ran steps 1-7 from the Cisco KB for my third domain, and ran step 9 with the –k switch.
 
That’s it. My new AD LDS instance includes all the schema extensions from my other domains, so now we are ready to import users.
 
In the Cisco KB, extending the AD LDS Schema with User-Proxy is pretty simple, just download the file and run the command mentioned. No need to change anything.
 
After that we configure the system to import users using the KBs procedure:
 
    Since Greeshma used the same AD name on his AD LDS instance, I got a bit confused here. Doug from www.thegeekispeak.com cleared things out for me. His detailed look at MS-AdamSyncConf.XML is of great help.


   There’s really just 4 lines that need to be modified, see the www.thegeekispeak.com post I mentioned earlier for a “detailed look”
 
 For my setup this was the first config file. I have a IT OU that I’m only synching in this case.
 
<?xml version="1.0"?>
<doc>
<configuration>
<description>Sample ADAMSync Config File</description>
<security-mode>object</security-mode>
<source-ad-name>AD2008R2.local</source-ad-name>
<source-ad-partition>dc=AD2008R2,dc=local</source-ad-partition>
<source-ad-account></source-ad-account>
<account-domain></account-domain>
<target-dn>dc=Multiforest,dc=local</target-dn>     
  <query>           
   <base-dn>OU=IT,dc= AD2008R2,dc=local</base-dn>
  
 
 Now here’s the tricky part that got me on the target DN. For the second domain AD2008, it needs to look like this. In my case I also added a source-ad-account and domain. When I ran the sync, just put in the switch “/passprompt” (see CoreLAN link)
 
<?xml version="1.0"?>
<doc>
<configuration>
<description>Sample ADAMSync Config File</description>
<security-mode>object</security-mode>
<source-ad-name>AD2008.local</source-ad-name>
<source-ad-partition>dc=AD2008,dc=local</source-ad-partition>
<source-ad-account>USER1</source-ad-account>
<account-domain>AD2008</account-domain>
<target-dn> dc=Multiforest,dc=local</target-dn>     
  <query>           
   <base-dn>OU=CorpUsers,dc= AD2008,dc=local</base-dn>
  
 
 From here, I’m sure you know what I did for my third domain.
 
Here are my commands that I ran:
 ADAMSync /install localhost:50000 AdamSyncConfAD2008R2.xml
 ADAMSync /sync localhost:50000 "dc=Multiforest,dc=local"
 
 ADAMSync /install localhost:50000 AdamSyncConfAD2008.xml /passprompt
 ADAMSync /sync localhost:50000 "dc=Multiforest,dc=local"
 
 ADAMSync /install localhost:50000 AdamSyncConfAD2003.xml /passprompt
 ADAMSync /sync localhost:50000 "dc=Multiforest,dc=local"
 
     After the config setup above, just run steps commands from the Cisco KB on this section, and you should be good. Create the appropriate BAT file for and that ends this section.
 
The next section, is pretty much as is.
 
For the LDAP over SSL certificate use the following links to get yourself all set up.
 
 
One thing that the above link didn’t include a screenshot of was the subject name config on the template. Please see below for that. I went with DNS name for the Subject name format.
 
 
Here’s another link from Microsoft.
 
One thing I would like to mention is that I had to create the certificate under the “Local Computer” personal store, then I had to move it to my Multiforest instance personal store. I tried exporting it but it wouldn’t work.
 
Also don’t forget to set the appropriate permissions under the C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys directory
 
 
 
Then after you’ve restarted you AD LDS instance, verify LDAP over SSL works by using the ADSIedit or another LDAP tool, such as Softerra.
 
Once it’s been verified, upload your RootCA and Intermediates to the Cisco Cluster under Tomcat_Trust (very important step, took me a while to find this one, had to open a TAC case and the guy from some support cases on the forums pointing me to this.)
 
Here are some screenshots that the Cisco KB was missing when I went through it. After that just followed the rest of the KB and it worked for me.
 
Figure 47
 
 
Figure 48
 
 
--mando
 

  • Digg
  • Del.icio.us
  • StumbleUpon
  • Reddit
  • RSS

Static NAT with Dual WAN on Cisco IOS 1841

Thought I’d post this up. Thanks to x443 for posting this up too, that’s where I found my solution.

 

I found a bunch of links for dual WAN capability, but only for traffic going out, not much on dual WAN with Static NATs for traffic coming in.

 

This is a common link on the forums, but mostly used for when your primary WAN goes down and you want to failover to your secondary.

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_configuration_example09186a0080950834.shtml

 

x443 linked me to this page:

http://docwiki.cisco.com/wiki/NAT_failover_with_DUAL_ISP_on_a_router_Configuration_Example

 

Basically it allows you to have two WAN connections terminating to the same host on the inside. While many set ups would require proper DNS configuration should your primary fail (as would be the case for a www or smtp server,) there are other uses for this.

 

The reason I was looking for this was because someone had two ISPs and wanted to have some VPN users terminate to their Windows Remote Access Server using one ISP, and another set of VPN users terminating to the other ISP. In that case, this would be the ideal solution.

 

Once again, thanks x443!

 

--mando

 

  • Digg
  • Del.icio.us
  • StumbleUpon
  • Reddit
  • RSS

Reverse Telnet Aux Port to Cisco 300 Series Switch

The Cisco line of 300 switches provides you with a serial cable (DB-9 to DB-9) to connect to the console of the switch. Not sure if it’s a straight or null cable, but in either case here’s how to configure a Cisco router to reverse telnet using the aux port and into the console port of the switch.

First off, the route needs this config on the aux port.
line aux 0
modem InOut
transport input all
transport output all
stopbits 1
speed 115200

(speed is important as the 300 switches operate at this speed by default, but the aux port runs at 9600)

Then use a blue Cisco console cable (the one with RJ-45 on one end and DB-9 on the other) and roll it over by reversing the pins. I simply cut off the RJ-45 end and put another one in by flipping the connector.

Here’s some info on the Aux port and what a rolled cable is in case you need it.

After that you can now connect to the switch. Here’s some info on how to reverse telnet, my goal is simply to show you the cabling and aux config that worked for me.

  • Digg
  • Del.icio.us
  • StumbleUpon
  • Reddit
  • RSS

ADI Installation for 64-bit OS

I was trying to install ADI on my Citrix server that was running Windows 2008 R2 (x64) and kept getting an error on adicom30.ins(509): OS ERROR

Found this nice article by Ning:

Basically, just comment out the 509th line and run it again. Should install. I'm still testing it out to make sure it works and I don't have any other issues, but so far the application runs….

This is what I commented out.

        /* Register the 32Bit AUW Files 
        {
          spawn( replace( "%windows_sys_dir%\SPAWNER.EXE %windows_sys_dir%\AUWREG32.EXE /S /32", "\\", "\") );  
        }
        
        ['UNKNOWN_ERROR, 'NO_RESPONSE: continue();]
        */

  • Digg
  • Del.icio.us
  • StumbleUpon
  • Reddit
  • RSS

Final Numbers - Backblaze Storage Pod

It’s been a while since I last wrote about this, and I’ve had these pics and numbers for a while.

In the end the best configuration was using the 3Ware card with a 15 drive RAID-50 and a spare drive. I’ve been running this thing since July and to tell you the truth I’m not even using the other 30 drives yet. My 22TB config has about 10TB left on it, so seeing how little storage I was using I didn’t bother with the Addonics cards. I just decided to wait until my next year’s budget to get some more 3ware cards.

The power supply worked like a champ, but I was not able to get the redundancy I wanted. I simply decided that this was just a backup device. I have the spare power supply mounted on the pod, and should the main power supply fail, I’ll simply move the connections over to the second power supply – aided by the fact that the PS is modular.

Below are the numbers I was seeing when the hard drives would start up. Each rail can do 30A, so I was well within the range. I think the peak range for this PS was in the 35 or 40 range, so I was able to load up a rail pretty high in one instance… Don’t remember, but I think I powered up all 45 drives on one rail to see if it’ll take it and it did!

I’m actually planning for my budget for this year. I’ve learned quite a bit of things with this project and will upload my version 2 on this project as soon as I am able too. Of the few things I would change: motherboard (to have more PCI-E slots,) processor (go with Intel i7,) and definitely go all 3ware on the RAID config. Will post part numbers and pricing on my ideas next time.

Start-up

Normal Operation

20HDs - molex

12V

25A

6.5A

5V

10A

6A

4HDs - SATA

12V

5.3A

1.2A

5V

5.5A

3.3A

10HDs - molex

12V

14A

3.3A

5V

5.5A

3.3A



  • Digg
  • Del.icio.us
  • StumbleUpon
  • Reddit
  • RSS

Edgesync Credentials Not Found For Edge Transport

I got a call on a Saturday from my China counterpart about their Exchange 2007 Edge server losing its connection to the Hub. Actually, I’m not using an Exchange Edge, I got my IronPort/Barracuda taking care of Anti-SPAM and Anti-Virus, so this is the first time I got to deal with an Exchange 2007 Edge server.

I got to reading a few forums and either they were left opened or the solution worked for some people but not everyone. I finally got this server to work by compiling a few threads.

In my case I got the error “Edgesync Credentials Not Found For [Edge Transport Server Name]”

I then proceeded to use the steps from a few websites:

This one kept appearing all over the place and is pretty much on it, except for a couple of steps on my case-

http://fawzi.wordpress.com/2008/04/11/edgesync-credentials-not-found-for-edge-transport/

This one includes a script to verify the certificate on AD, which it was of no help to me –

http://social.technet.microsoft.com/forums/en-US/exchangesvradmin/thread/d7f7220f-eb3c-4562-a62f-e7d018499ab9

BTW, the missing smiley on the script code is supposed to be “…SearchScope]::Subtree;” I had a tough time figuring that one out L

In the end it was this thread that helped me out –

http://social.technet.microsoft.com/forums/en-US/exchangesvrtransport/thread/4349b146-ad6e-44a2-9d3e-52158eee8a5d

I kept getting an “LDAP server not found” error. After making sure the certificates were not the same, and that they were created properly, I finally stumbled onto the third website. Then I just simply deleted the certificate, restarted the ADAM service and was good to go.

This are the notes I sent to my friend in China after the sync was successful:
1) Removed the edge subscription from the hub and edge servers
a. Hub: Remove from management console
b. Edge: from powershell -> Remove-EdgeSubscription -> edge
c. Restart transport service on both servers
2) Recreated the Hub certificate
3) Recreated the edge certificate
4) Enabled the certificate on hub for POP, IIS, and SMTP
5) Enabled the certificate on edge for SMTP
6) Deleted the certificate from ADAM service
a. Restarted ADAM service
7) Created the Edge subscription file
a. Edge -> Powershell -> New-EdgeSubscription -FileName "c:\EdgeServerSubscription.xml"
8) Imported the xml file on the Hub for new subscription
9) Ran “Start-EdgeSynchronization” on Powershell of Hub server and got a success

  • Digg
  • Del.icio.us
  • StumbleUpon
  • Reddit
  • RSS

J-Initiator 1.1.8.16 on Windows 7 x64 (64-bit)

I gotta admit, I think I spent a good 100 hours trying to figure this one out. I’ve personally have deployed Vista x64 since about 2 years now, and ever since then I’ve been trying to get away from having to use another computer to run Oracle E-Business suite. At first it wasn’t that big of a deal since I didn’t use it much, but recently I’ve been deploying a few Windows 7 x64 machines and have had to use XP-Mode for the users to get this to work.

We’ll I finally figured this out, and while many websites include some good tips on making this work with a different version of J-Initiator, my company is stuck with an old version and so I’m not even able to use those workarounds.

Maris Elsins wrote this blog:
http://appsdbalife.wordpress.com/2008/11/13/java-plugin-instead-of-jinitiator-on-64-bit-windows/

But in his case he was using 1.4.2_11, the JRE for my version of 1.1.8.16 is unavailable from Sun.

Raymond Reid wrote this:
http://notsomany.wordpress.com/2010/03/30/jinitiator-working-on-windows-7/

I can get version 1.3.1.13 to work, or at least install on Win 7 x64, but again… not the version we’re using, and Oracle keeps wanting to install version 1.1.8.16 even though I have 1.3.1.13 installed.

Ok, so now to the nitty + gritty. I could just provide you the files, but I’m more of a “teach them to fish” type of guy.

1) Download InstallRite application (the original website seems to have been taken offline, but just search on Google and I’m sure you’ll find some site that has it archived. I believe I downloaded mine from http://www.brothersoft.com/ )

2) Use it to create an install package in a 32-bit Windows XP machine of J-Initiator version 1.1.8.16

3) Now that you have all the file and registry modifications that have been made, go ahead and extract the new and modified registry settings from the install package (just right-click and extract) I believe it’s a total of 8 files, 4 new and 4 modified registry hives.

4) Now find the files that were created, it should be an Oracle folder under program files.

5) Copy that Oracle folder from the WinXP machine to the Win7 x64 machine, I placed my folder under the “Program Files” folder and not the “Program Files(x86)” folder. Just to keep things easy.

6) Edit the 2 HKEY_Users files by replacing the SID with the one from the registry of the Win7 x64 machine.

7) Edit the 2 HKEY_Local_Machine files by replacing the “SOFTWARE\” word with “SOFTWARE\Wow6432Node\”

8) Simply open up notepad and use the Replace… feature for the above two steps.

9) Finally import the reg keys, reboot, and Voila!

10) I got IE 8 and it works fine on my Win7 x64 machine, I can now open up my Oracle apps without having to go through XP-Mode!

A few last notes:

1) You may get an error on one of the reg keys above, but since I got it working and with all the time I have already spent on it, I didn’t want to dig any further into what the cause of it is. Also, I guess I could clean up the reg keys a bit before I imported them, but as I said… it’s working, I don’t want to bother with it anymore.

2) The J-initiator console is not imported with the above steps. I was unable to register the dll file.

3) If you need the console, you may want to try checking out this website, and run another version of J-Initiator:


Just remember about the \SOFTWARE\Wow6432Node\ part, I haven’t tried it, but maybe it’s worth a look

  • Digg
  • Del.icio.us
  • StumbleUpon
  • Reddit
  • RSS

Cisco Reverse Telnet Escape sequence

Just a quick post on how to perform the escape sequence when you reverse telnet to Cisco routers/switches:

Ctrl-Shift-6

Ctrl-Shift-6

If you do a Ctrl-Shift-6 then x, it terminates the session and takes you back to the parent router. So doing the above allows you to stay on your current reverse telnet session. Thanks to Sam Wilson on this.

http://www.velocityreviews.com/forums/t485989-ending-reverse-telnet.html

  • Digg
  • Del.icio.us
  • StumbleUpon
  • Reddit
  • RSS

Drive Testin'

It’s a big mess I know, but I was working on this over the weekend and wanted to start the RAID initialization so when I came back on Monday I would be able to have it ready for me.

I’m doing some performance testing on the drives using HD Tune. I’ve set this up on the 3ware controller using a RAID 50. After I get some numbers off this, I’m going to go with a RAID 10, and a RAID 0 to see how they compare.

Just want to see what works and how good it works.

  • Digg
  • Del.icio.us
  • StumbleUpon
  • Reddit
  • RSS