Monday, 11 April 2011

Basic HP Switch Configuration

HP switch commands are very similar to Cisco commands, however SH is show and not shutdown (worth remember when you go back to configuring a cisco device).

If you get stuck at any point pressing tab will show you a list of possible commands or syntax for the command you’ve already entered.

Basic commands provide information or change configuration modes:

sh vlan                                                                                  ; Shows Vlan
sh run                                                                                   ; Shows running config
sh save                                                                                 ; Shows saved config
en / exit                                                                               ; Back to enable mode
conf                                                                                       ; Enter config mode
write mem                                                                          ; Write the running config to memory

And here’s a typical config, in this example there’s 2 VLANs for servers and workstations, a trunk to a server network device, two servers which host virtual workstations on ports 5-6, a DHCP/DNS/SNMP server on and another DNS/SNMP server on, finally there’s a gateway to another network that traffic needs to route to.

hostname "ProCurve Switch xxxxx"                                        ; Set the name of the switch
trunk 47-48 Trk1 Trunk                                                                   ; Create a static trunk group on port 47-48 called Trk1
ip default-gateway                                             ; Set the default gateway for the switch
ip routing                                                                                             ;
vlan 1                                                                                                    ; Modify VLAN1
   name "Servers"                                                                             ; Set the name of the VLAN
   untagged 1-6,Trk1                                                                        ; Untag port 1-6 and Trk1 (our trunk)
   ip helper-address                                                  ; Set the IP helper address for DHCP
   ip address                                    ; Set the switches IP address on the VLAN
   no untagged 7-46                                                                          ; Set ports 7-46 not to be untagged on this VLAN (VLAN 1 only requires this)
   ip igmp                                                                                              ; Allow IGMP packets
exit                                                                                                        ; Stop modifying VLAN1
vlan 2                                                                                                    ; Modify VLAN2
   name "Workstations"                                                                 ; Set the name of the VLAN
   untagged 7-46                                                                                ; Untag port 7-46
   ip helper-address                                                  ; Set the IP helper address for DHCP
   ip address                                    ; Set the switches IP address on the VLAN
   tagged 5-6                                                                                        ; Set ports 5-6 as tagged on VLAN2
   ip igmp                                                                                              ; Allow IGMP packets
exit                                                                                                        ; Stop modifying VLAN1
fault-finder bad-driver sensitivity high                                   ; Fault-finder highly sensitive undersized/giant packets
fault-finder bad-transceiver sensitivity high                         ; Fault-finder highly sensitive excessive jabbering
fault-finder bad-cable sensitivity high                                     ; Fault-finder highly sensitive CRC/alignment errors
fault-finder too-long-cable sensitivity high                           ; Fault-finder highly sensitive late collisions
fault-finder over-bandwidth sensitivity high                        ; Fault-finder highly sensitive high collision or drop rate
fault-finder broadcast-storm sensitivity high                       ; Fault-finder highly sensitive excessive broastcasts
fault-finder loss-of-link sensitivity high                                  ; Fault-finder highly sensitive loss of link
fault-finder duplex-mismatch-HDx sensitivity high           ; Fault-finder highly sensitive duplex mismatches (reconfigure to full duplex)
fault-finder duplex-mismatch-FDx sensitivity high            ; Fault-finder highly sensitive duplex mismatches (reconfigure to auto)
timesync sntp                                                                                    ; Set the time protocol to SNTP
sntp server priority 1 3                                           ; Set SNTP server and priority
sntp server priority 2 3                                           ; Set SNTP server and priority
ip dns domain-name "domain.local"                                        ; Set network DNS domain name
ip dns server-address priority 1                          ; Set DNS servers and priority
ip dns server-address priority 2                          ; Set DNS servers and priority
ip route                                       ; Set default gateway
ip route             ; Set gateway to a specific subnet
snmp-server community "public" unrestricted                   ; Set SNMP community name
snmp-server host community "public"           ; Set SNMP servers for the community
snmp-server host community "public"           ; Set SNMP servers for the community
snmp-server contact "IT Dept." location "Server Room" ; Set SNMP published contact details
spanning-tree                                                                                   ; Enable spanning tree protocol
spanning-tree Trk1 priority 4                                                       ; Set spanning tree priority for Trk1

Friday, 8 April 2011

Network Load Balancing on VMware

When using Network Load Balancing (NLB) on VMware (or doing a PtoV conversion where NLB exists) be aware that while Multicast works without making any changes to the configuration for Unicast you will need to modify the NIC adapters on the HOST to prevert PARP packet transmission on the virtual switch or on the port group.

  1. Load the VMware vSphere Client and select the host.
  2. Click the Configuration tab and choose Networking.
  3. Click on Properties for the Virtual Switch in question.
  4. Click Edit next to either the Virtual Switch or Port Group (which to choose depends on your requirements however Port Groups will overide Virtual Switches).
  5. Select the NIC Teaming tab and set Notify Switches to No.
  6. Click OK and close the Properties box.

Check a Blackberry Service Plan

If you need to check the plan for a Blackberry and want a definative answer Blackberrys Enterprise Activation Readiness Tool is excellent.

Go to and login, select Enterprise Activation Readiness, specify the product type, enter the PIN and serial number, click Next and follow the instructions for the service type.

Improve VMWare Console Mouse Control on Windows 2008

VMWare Tools on Windows 2008 leaves the default video driver installed, this causes laggy mouse controls when using the console to access the server.

To resolve this go to Device Manager and update the driver on the Standard VGA Adapter from:
C:\Program Files\Common Files\VMware\drivers\wddm_video
This will install a VMware SVGA 3D (Microsoft Corporation - WDDM) driver, reboot the server when it's convenient and mouse control will be as good as it was under Windows 2003.

Wednesday, 6 April 2011

acctinfo.dll: Additional Account Info in AD

As part of the Windows 2003 Resource Kit Support Tools (download here) came .dll file called Acctinfo.dll. if you register the .dll and load Active Directory Users and Computers (ADUC) you will find an Additional Account Info tab which contains details including:
  • Password Last Set and Password Expires date and time
  • SID and GUID of account
  • Last Logon, Last Logoff and Last Bad Logon
  • Logon Count and Bad Password Count

To enable the function on computer(s) or server(s) you administrate ADUC from install the resource kit tools or copy acctinfo.dll to %systemroot%\system32 the run the following command:
regsvr32 %systemroot%\system32\acctinfo.dll
To remove the additional account info run the following command:
regsvr32 /u %systemroot%\system32\acctinfo.dll

PFDAVAdmin: Recover Deleted Public Folders

If you need to manage or recover Public Folders have a look at PFDAVAdmin from Microsoft, it allows you to recover deleted public folders (if they’re within the retention period) very easily:

Load the tool, select File, Connect and enter the details for the server and specify Public Folders and ok.

Right click on the folder above the one that’s missing, right click and select Show deleted subfolders (this only works for folders directly underneath it) and the deleted folders will show up  in red.

Right click and select Recover and it will recover the folder and append RECOVERED to the end of it, it will take a few minutes but when it’s completed you’ll get a prompt to say it’s completed. You can then rename the folder back and change the permissions so it doesn’t happen again.

Forfiles or the command you always wanted

Forfiles allows you to search for files
over a certain date, of a certain type or configure more detailed crieria.

To find files in C:\SQLBackups that start with the name SQL1 and have the extension of .bak and are over 7 days old then delete the file the command would be:
This command has replaced many vbscripts and batch files I've built up over the years.
forfiles /p C:\SQLBackups /m SQL1*.bak /d -7 /c "cmd /c del @file"

To find directories in C:\Data\Pictures that start with the name Holiday and were create after 06/04/2011 then delete the directory and its contents quietly the command would be:
forfiles /p C:\Data\Pictures /m Holiday* /d 06/04/2011 /c "cmd /c rmdir /s /q @file"

Alternative Server Names

Occasionally you'll decomission an old server but you don't know if there are any hard coded links in place to that servers name, to get around that issue you can add an alternative server name, this alternative name allows the server to respond to requests on that name as well as the name it already has.

The domain functional level is Windows 2003 Native, you can then use the following command:
netdom computername <servers_name> /add:<additional_name>.<>
Next you need to add a CNAME entry in to DNS for the additional name directing it to the existing DNS entry for the server. 
Finally you can need to disable strict name checking, that is the mechanism that allows the server to only respond on its primary name. Open regedit and navigate to the following key:
Create a new DWORD called DisableStrictNameChecking with a value of 1 then restart the server.

Your server will now respond on the additional name you've given it, next you need to reshare the volumes or printers with the same share names as the server you're replacing and users can continue to use their old shortcuts, mapped drives and printers.

Disable Offline Files & Folders in Windows 7

If you need to disable Offline Files and Folders on a computer disabling the user side will still allow shares that have already been set to work offline to continue to do so. To disable all Offline Files and Folders on the computer edit your GPO and expand the following location:

·         Computer Policy\Computer Configuration\Administrative Templates\Network\Offline Files

Then set the following policy elements as listed below:

·         Allow or disallow use of offline files feature: Disabled
·         Prohibit user config: Enabled
·         Sync all offline files when logging on: Disabled
·         Sync all offline files before logging off: Disabled
·         Sync offline files before suspend: Disabled
·         Remove Make offline: Enabled
·         Prevent use of Offline Files folder: Enabled

Run a gpupdate on the computer or reboot it for the changes to take effect.

Re-registering VSS in Windows 2008

Open an Administrative command prompt and enter the following commands:

cd /d %windir%\system32
net stop "System Event Notification Service"
net stop "Background Intelligent Transfer Service"
net stop "COM+ Event System"
net stop "Microsoft Software Shadow Copy Provider"
net stop "Volume Shadow Copy"
net stop vss
net stop swprv
regsvr32 /s ATL.DLL
regsvr32 /s comsvcs.DLL
regsvr32 /s credui.DLL
regsvr32 /s CRYPTNET.DLL
regsvr32 /s CRYPTUI.DLL
regsvr32 /s dhcpqec.DLL
regsvr32 /s dssenh.DLL
regsvr32 /s eapqec.DLL
regsvr32 /s esscli.DLL
regsvr32 /s FastProx.DLL
regsvr32 /s FirewallAPI.DLL
regsvr32 /s kmsvc.DLL
regsvr32 /s lsmproxy.DLL
regsvr32 /s MSCTF.DLL
regsvr32 /s msi.DLL
regsvr32 /s msxml3.DLL
regsvr32 /s ncprov.DLL
regsvr32 /s ole32.DLL
regsvr32 /s OLEACC.DLL
regsvr32 /s OLEAUT32.DLL
regsvr32 /s PROPSYS.DLL
regsvr32 /s QAgent.DLL
regsvr32 /s qagentrt.DLL
regsvr32 /s QUtil.DLL
regsvr32 /s raschap.DLL
regsvr32 /s RASQEC.DLL
regsvr32 /s rastls.DLL
regsvr32 /s repdrvfs.DLL
regsvr32 /s RPCRT4.DLL
regsvr32 /s rsaenh.DLL
regsvr32 /s SHELL32.DLL
regsvr32 /s shsvcs.DLL
regsvr32 /s /i swprv.DLL
regsvr32 /s tschannel.DLL
regsvr32 /s USERENV.DLL
regsvr32 /s vss_ps.DLL
regsvr32 /s wbemcons.DLL
regsvr32 /s wbemcore.DLL
regsvr32 /s wbemess.DLL
regsvr32 /s wbemsvc.DLL
regsvr32 /s WINHTTP.DLL
regsvr32 /s WINTRUST.DLL
regsvr32 /s wmiprvsd.DLL
regsvr32 /s wmisvc.DLL
regsvr32 /s wmiutils.DLL
regsvr32 /s wuaueng.DLL
sfc /SCANFILE=%windir%\system32\catsrv.DLL
sfc /SCANFILE=%windir%\system32\catsrvut.DLL
sfc /SCANFILE=%windir%\system32\CLBCatQ.DLL
net start "COM+ Event System
Now reboot the server to bring the writers back to a stable state.