Tuesday, 15 November 2011

Change Autotuning, RSS, Chimney and Taskoffload Settings

To get the status of you present settings open an administrative command prompt and run:
netsh int tcp show global
netsh int ip show global

There are 4 settings that are regularly changed to tune performance for older clients, to disable them you would run the following commands:

netsh int tcp set global autotuning=disabled
netsh int tcp set global rss=disabled
netsh int tcp set global chimney=disabled
netsh int ip set global taskoffload=disabled

Finally you must reboot the appliance.

Wednesday, 8 June 2011

Enable Autologon for Windows 2008 R2 and Windows 7

When a Windows 7 or WIndows 2008 machine is added to a domain the AutoAdminLogon key is removed which in turn removes the "Users must enter a user name and password to use this computer" check box in the Userpasswords2 control panel applet.

To get the checkbox back :
  1. Open a command prompt and enter reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v AutoAdminLogon /t REG_SZ /d "1" /f
  2. Rreplacing [domain] with your domain enter reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v DefaultDomainName /t REG_SZ /d [domain] /f
  3. Click start, run and enter control userpasswords2
  4. Untick Users must enter a user name and password to use this computer and click Ok
  5. Enter the username and password (excluding the domain name) you want to autologon with and click Ok

Now when the machine starts up it will automatically login as the user specified. Note that the password is encrypted.

Tuesday, 31 May 2011

Move DHCP from Windows 2003

To move DHCP from a Windows 2003 server to a new server start by exporting the DHCP database on the old Windows 2003 server:
  1. Open a command prompt and enter 'netsh dhcp server export C:\dhcp.txt all'
  2. Copy c:\dhcp.txt to the new DHCP server
  3. Load the DHCP console, right click on the server and select Unathorize
  4. Load services and change the DHCP Server service to disabled then stop the service
On the new server:
  1. Install DHCP from Add/Remove computers and Windows Components
  2. Open a command prompt and enter 'netsh dhcp server import c:\dhcp.txt all'
  3. Load the DHCP console, right click on the server and select Authorize
  4. Wait 10-15 seconds, refresh the screen and verify you can see your records

Issue a SAN Certificate from a Private Certificate Authority

Without modification the Certificate Authority service built in to Windows does not support SAN certificates which are required for correct operation of Exchange 2007 and Exchange 2010. To support them you need to add an additional flag called EDITF_ATTRIBUTESUBJECTALTNAME2.

To check if the flag already exists on your Certificate Authority open a command prompt and run:
certutil -getreg policy\EditFlags

To add the additional flag run:
certutil -setreg policy\EditFlags +EDITF_ATTRIBUTESUBJECTALTNAME2

Finally you will need to restart the Active Directory Certificate Services service.

Upgrade Windows 2008 R2 or Windows 7 Versions

In Windows 2008 R2 and Windows 7 you can upgrade editions using the DISM tool. You need to enter the KMS Client Key rather, this will reset activation grace period to 3 days to allow you to enter your own product key.

To see what target editions are available run:
DISM /online /Get-TargetEditions
To upgrade to one of these editions run:
DISM /online /Set-Edition:<edition ID> /ProductKey:XXXXX-XXXXX-XXXXX-XXXXX-XXXXX
So to upgrade from to Windows Server 2008 R2 Enterprise from Standard you would run:
DISM /online /Set-Edition:ServerEnterprise /ProductKey:489J6-VHDMP-X63PK-3K798-CPX3Y
The KMS Client productkeys for Windows 2008 R2 are as follows:
Web - 6TPJF-RBVHG-WBW2R-86QPH-6RTM4
Standard - YC6KT-GKW9T-YTKYR-T4X34-R7VHC
Enterprise - 489J6-VHDMP-X63PK-3K798-CPX3Y
Datacenter - 74YFP-3QFB3-KQT8W-PMXWJ-7M648
HPC Edition - FKJQ8-TMCVP-FRMR7-4WR42-3JCD7
Itanium-Based Systems - GT63C-RJFQ3-4GMB6-BRFB9-CB83V
The KMS Client productkeys for Windows 7 are as follows:
Professional - FJ82H-XT6CR-J8D7P-XQJJ2-GPDD4
Professional N - MRPKT-YTG23-K7D7T-X2JMM-QY7MG
Enterprise - 33PXH-7Y6KF-2VJC9-XBBR8-HVTHH
Enterprise N - YDRBP-3D83W-TY26F-D46B2-XCKRJ
Enterprise E - C29WB-22CC8-VJ326-GHFJW-H9DH4

Thursday, 26 May 2011

Windows XP Remote Access Connections Binding Order

When using Remote Access Connections in Windows XP you may find that despite the connection being active no data traverses this connection and/or DNS requests for this connection do not get submitted to the the DNS server associated with the connection. You would expect it to use the device that is highest in the binding order however it is not doing so. To resolve this we can change the binding order in the registry:
  1. Click Start, Run and type regedit
  2. Navigate to KEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Linkage
  3. In the right pane, double-click Bind.
  4. In the Value data box, select the "\Device\NdisWanIp" item, press CTRL+X, click the top of the list of devices, and then press CTRL+V.
  5. Click OK, and then quit Registry Editor.
You may need to disconnect and reconnect to the VPN or restart the computer. If any changes are made to the network adapter bind order you may need to repeat these actions.

Thursday, 19 May 2011

Add NIC drivers to ESXi 4

You cannot add drivers to an ESXi installation during the setup process, they must be added after:

1.       Connect to the ESXi host using the vSphere Client and put the ESXi host in to maintenance mode

2.       Download and install the VMware vSphere Command-Line Interface
3.       Download the drivers for your hardware on to the local PC
4.       Load the VMware vSphere CLI and run the following command:
vihostupdate.pl –server [HOSTS IP] –username root –install –bundle [PATH TO FILES ON LOCAL PC]

5.       Restart the host, once it’s back up verify you can see the additional NICs and remove it from maintenance mode


Monday, 9 May 2011

Exchange 2010 Calendar Permissions from the Powershell

With Exchange 2010 came the ability to manage permissions on folders through the powershell, one of the most common tasks with this is managing calendar permissions. Here are a set of simple commands to aid managing them.

To get the permissions of a mailbox:
Get-MailboxPermission -identity "Dan Woodhouse"
To get the permissions of a subfolder in a mailbox:
Get-MailboxFolderPermission -identity "Dan Woodhouse:\Calendar"
To change permissions on a subfolder in a mailbox:
Add-MailboxFolderPermission -identity "Dan Woodhouse:\Calendar" -user "The Boss" -AccessRights Reviewer
To remove permissions on a subfolder in a mailbox:
Remove-MailboxFolderPermission -identity "Dan Woodhouse:\Calendar" -user "The Boss"
If we wanted to add permissions to every mailbox that matches a certain criteria we can use filters, in the example below we will grant The Boss Author permissions to every mailbox for users whos name starts with Dan and are based in the Birmingham office:
Get-mailbox -Filter {(Name -like 'Dan*' -and Office -eq 'Birmingham')} | ForEach-Object {Add-MailboxFolderPermission $_":\Calendar" -User "The Boss" -AccessRights Author}
To remove these permissions we could use:
Get-mailbox -Filter {(Name -like 'Dan*' -and Office -eq 'Birmingham')} | ForEach-Object {Remove-MailboxFolderPermission $_":\Calendar" -User "The Boss"}

Monday, 11 April 2011

Basic HP Switch Configuration

HP switch commands are very similar to Cisco commands, however SH is show and not shutdown (worth remember when you go back to configuring a cisco device).

If you get stuck at any point pressing tab will show you a list of possible commands or syntax for the command you’ve already entered.

Basic commands provide information or change configuration modes:

sh vlan                                                                                  ; Shows Vlan
sh run                                                                                   ; Shows running config
sh save                                                                                 ; Shows saved config
en / exit                                                                               ; Back to enable mode
conf                                                                                       ; Enter config mode
write mem                                                                          ; Write the running config to memory

And here’s a typical config, in this example there’s 2 VLANs for servers and workstations, a trunk to a server network device, two servers which host virtual workstations on ports 5-6, a DHCP/DNS/SNMP server on 192.168.1.5 and another DNS/SNMP server on 192.168.1.4, finally there’s a gateway to another network that traffic needs to route to.

hostname "ProCurve Switch xxxxx"                                        ; Set the name of the switch
trunk 47-48 Trk1 Trunk                                                                   ; Create a static trunk group on port 47-48 called Trk1
ip default-gateway 192.168.1.254                                             ; Set the default gateway for the switch
ip routing                                                                                             ;
vlan 1                                                                                                    ; Modify VLAN1
   name "Servers"                                                                             ; Set the name of the VLAN
   untagged 1-6,Trk1                                                                        ; Untag port 1-6 and Trk1 (our trunk)
   ip helper-address 192.168.1.5                                                  ; Set the IP helper address for DHCP
   ip address 192.168.1.1 255.255.255.0                                    ; Set the switches IP address on the VLAN
   no untagged 7-46                                                                          ; Set ports 7-46 not to be untagged on this VLAN (VLAN 1 only requires this)
   ip igmp                                                                                              ; Allow IGMP packets
exit                                                                                                        ; Stop modifying VLAN1
vlan 2                                                                                                    ; Modify VLAN2
   name "Workstations"                                                                 ; Set the name of the VLAN
   untagged 7-46                                                                                ; Untag port 7-46
   ip helper-address 192.168.1.5                                                  ; Set the IP helper address for DHCP
   ip address 192.168.2.1 255.255.255.0                                    ; Set the switches IP address on the VLAN
   tagged 5-6                                                                                        ; Set ports 5-6 as tagged on VLAN2
   ip igmp                                                                                              ; Allow IGMP packets
exit                                                                                                        ; Stop modifying VLAN1
fault-finder bad-driver sensitivity high                                   ; Fault-finder highly sensitive undersized/giant packets
fault-finder bad-transceiver sensitivity high                         ; Fault-finder highly sensitive excessive jabbering
fault-finder bad-cable sensitivity high                                     ; Fault-finder highly sensitive CRC/alignment errors
fault-finder too-long-cable sensitivity high                           ; Fault-finder highly sensitive late collisions
fault-finder over-bandwidth sensitivity high                        ; Fault-finder highly sensitive high collision or drop rate
fault-finder broadcast-storm sensitivity high                       ; Fault-finder highly sensitive excessive broastcasts
fault-finder loss-of-link sensitivity high                                  ; Fault-finder highly sensitive loss of link
fault-finder duplex-mismatch-HDx sensitivity high           ; Fault-finder highly sensitive duplex mismatches (reconfigure to full duplex)
fault-finder duplex-mismatch-FDx sensitivity high            ; Fault-finder highly sensitive duplex mismatches (reconfigure to auto)
timesync sntp                                                                                    ; Set the time protocol to SNTP
sntp server priority 1 192.168.1.5 3                                           ; Set SNTP server and priority
sntp server priority 2 192.168.1.4 3                                           ; Set SNTP server and priority
ip dns domain-name "domain.local"                                        ; Set network DNS domain name
ip dns server-address priority 1 192.168.1.5                          ; Set DNS servers and priority
ip dns server-address priority 2 192.168.1.4                          ; Set DNS servers and priority
ip route 0.0.0.0 0.0.0.0 192.168.1.254                                       ; Set default gateway
ip route 192.168.50.0 255.255.255.0 192.168.1.253             ; Set gateway to a specific subnet
snmp-server community "public" unrestricted                   ; Set SNMP community name
snmp-server host 192.168.1.5 community "public"           ; Set SNMP servers for the community
snmp-server host 192.168.1.4 community "public"           ; Set SNMP servers for the community
snmp-server contact "IT Dept." location "Server Room" ; Set SNMP published contact details
spanning-tree                                                                                   ; Enable spanning tree protocol
spanning-tree Trk1 priority 4                                                       ; Set spanning tree priority for Trk1

Friday, 8 April 2011

Network Load Balancing on VMware

When using Network Load Balancing (NLB) on VMware (or doing a PtoV conversion where NLB exists) be aware that while Multicast works without making any changes to the configuration for Unicast you will need to modify the NIC adapters on the HOST to prevert PARP packet transmission on the virtual switch or on the port group.

  1. Load the VMware vSphere Client and select the host.
  2. Click the Configuration tab and choose Networking.
  3. Click on Properties for the Virtual Switch in question.
  4. Click Edit next to either the Virtual Switch or Port Group (which to choose depends on your requirements however Port Groups will overide Virtual Switches).
  5. Select the NIC Teaming tab and set Notify Switches to No.
  6. Click OK and close the Properties box.