Monday, January 30, 2012

Windows 2008 R2 – An error occurred while creating the cluster

This message could be a number of different issues upon getting the generic error below.

An error occurred while creating the cluster.
An error occurred creating cluster 'CLUSTERNAME'.
The service has not been started

Looking at the example error report you can see after Server3 checks the Network FT Driver it attempts to cleanup and exit.

Beginning to configure the cluster 'CLUSTERNAME'.

Initializing Cluster 'CLUSTERNAME'.

Validating cluster state on node server1.domain.com.

Searching the domain for computer object CLUSTERNAME.

Creating a new computer object for CLUSTERNAME in the domain.

Configuring computer object CLUSTERNAME as cluster name object.

Validating installation of the Network FT Driver on node Server1.domain.com.

Validating installation of the Cluster Disk Driver on node Server1.domain.com.

Configuring Cluster Service on node Server2.domain.com.

Validating installation of the Network FT Driver on node Server2.domain.com.

Validating installation of the Cluster Disk Driver on node Server2.domain.com.

Configuring Cluster Service on node Server3.domain.com.

Validating installation of the Network FT Driver on node Server3.domain.com.

Unable to successfully cleanup.

To troubleshoot cluster creation problems, run the Validate a Configuration wizard on the servers you want to cluster.

This issue is stemmed from installing the Failover Cluster in the wrong order normally in a Hyper-V cluster. To fix this all you need to do is remove this feature and install it again. Reinstall Failover Cluster feature to fix your cluster NIC missing during cluster creation.

ocsetup FailoverCluster-Core /uninstall

ocsetup FailoverCluster-Core

Sunday, January 29, 2012

Windows 7 Install – Very slow setup on Intel DP43TF Motherboard

If your upgrading or just getting a computer with a Intel DP43TF to Windows 7 or Vista x64(64 bit) it might be really slow. Just in case you ran across this post with another motherboard its most likely that bios has the floppy enabled. To fix that just disable the floppy controller from bios.

The best from reading the release notes for the Intel DP43TF BIOS updates is below.


BIOS Version 0104
About This Release:
 January 22, 2010
 NBG4310H.86A.0104.2010.0122.1624
 ME Firmware Revision: 1129 SKU4
 Integrated Graphics Option ROM Revision: 1800
 MEBx Version:5.0.5.0004
 PXE LAN Option ROM Revision: Intel(R) Boot Agent GE v1.3.27
New Fixes/Features:
 Fixed issue where updating DMI data causes reset loop.
Fixed issue where 64-bit operating system runs extremely slow
with 4 GB memory installed.

 Fixed S3 hang issue with POST code 13.
 Changed Intel ME firmware binary power package default.
 Implemented Security Phase 2
 Changed HECI driver for PCIE base 0xF0000000 to fix low memory
issue.
 Removed certain graphics card limit which was causing yellow
bang

At this current time bios version 0107 is available for download. Apply this bios update via cdrom, bootable usb or the preferred method running self updater from windows. As you could tell after the update the issue was resolved.

http://downloadcenter.intel.com/Detail_Desc.aspx?ProductID=2980&DwnldID=19740&lang=eng&iid=dc_rss

Friday, January 20, 2012

PowerShell – Remote System call using invoke-command out of memory

Some memory errors might occur using using the invoke-command PowerShell cmdlet to run programs or scripts on remote hosts. By default a remote session is default limited to 150MB. For example when trying to run java application remote.

Invoke-Command -ComputerName MyServer-ScriptBlock {java}
Error occurred during initialization of VM
Could not reserve enough space for object heap

To solve this setting the MaxMemoryPerShellMB option for remote shell connections to a larger amount. This comment must be run on the remote system with administrator rights.

Powershell

set-item wsman:localhost\Shell\MaxMemoryPerShellMB 2048

Batch

winrm set winrm/config/winrs @{MaxMemoryPerShellMB="2048"}

Now trying again to run invoke-command to the remote server yields better results.

Invoke-Command -ComputerName MyServer -ScriptBlock {java}
Usage: java [-options] class [args...]
           (to execute a class)
   or  java [-options] -jar jarfile [args...]
           (to execute a jar file)

This can be affect by using PowerShell ISE Remote PowerShell Tab also.

Debian – SNMPWALK with MIB lookups

Just a quick reference to get a Debian server to be able to do MIB lookups. When running snmpwalk out of the box will not use MIB lookups due to licensing issue.

snmpwalk -c public -v 1 192.168.1.1

iso.3.6.1.2.1.6.1.0 = INTEGER: 1
iso.3.6.1.2.1.6.2.0 = INTEGER: 50000
iso.3.6.1.2.1.6.3.0 = INTEGER: 3200000
iso.3.6.1.2.1.6.4.0 = INTEGER: -1
iso.3.6.1.2.1.6.5.0 = Counter32: 1993
iso.3.6.1.2.1.6.6.0 = Counter32: 13648696
iso.3.6.1.2.1.6.7.0 = Counter32: 0
iso.3.6.1.2.1.6.8.0 = Counter32: 686
iso.3.6.1.2.1.6.9.0 = Gauge32: 1
iso.3.6.1.2.1.6.10.0 = Counter32: 138464739
iso.3.6.1.2.1.6.11.0 = Counter32: 85732550
iso.3.6.1.2.1.6.12.0 = Counter32: 1530

Below we are updating our source list to allow for non-free packages. If you already have security source you can just add non-free to the end.

vi /etc/apt/sources.list

deb http://security.debian.org/ squeeze/updates main non-free
deb-src http://security.debian.org/ squeeze/updates main non-free



Install modules for snmp and snmp mibs.




apt-get update



apt-get install snmp snmp-mibs-downloader




You also need to comment out the one line in snmp.conf file. Just add a # before the mibs:




vi /etc/snmp/snmp.conf



#mibs :




Now when you do a snmpwalk you should get results like below




snmpwalk -c public -v 1 192.168.1.1



TCP-MIB::tcpRtoMin.0 = INTEGER: 50000 milliseconds

TCP-MIB::tcpRtoMax.0 = INTEGER: 3200000 milliseconds


TCP-MIB::tcpMaxConn.0 = INTEGER: -1


TCP-MIB::tcpActiveOpens.0 = Counter32: 1993


TCP-MIB::tcpPassiveOpens.0 = Counter32: 13648419


TCP-MIB::tcpAttemptFails.0 = Counter32: 0


TCP-MIB::tcpEstabResets.0 = Counter32: 686


TCP-MIB::tcpCurrEstab.0 = Gauge32: 2


TCP-MIB::tcpInSegs.0 = Counter32: 138461949


TCP-MIB::tcpOutSegs.0 = Counter32: 85730827


TCP-MIB::tcpRetransSegs.0 = Counter32: 1530

Friday, January 13, 2012

HP H3C S5800 – Enable Switch for SSH Access

For this quick example for enabling SSH Server on S5800 (HP 5800) series switches. This might work for other switches in other series too.

To start with you need to generate RSA keys for your switch. To do so you need to public-key command with the parameter. This will be used for the encryption key used in the SSH Tunnel.

public-key local create rsa

Next is to enable the SSH server.

ssh server enable

You will need a VTY interface for access on SSH connections. Below are the commands to enable that protocol for AAA.

user-interface vty 0 4

authentication-mode scheme

protocol inbound ssh

By default users are given access level of 0 which allows for basic trouble shooting. For this you can edit the default group system but for this example will be creating a new group. Using authorization attribute level at 3 we will be granting any user in this group full access.

user-group sshusers

authorization-attribute level 3

Last part is create the user pointing that to our newly created group.

local-user sshuser

password simple mypassword

group sshusers

service-type ssh

From there you can test your SSH connection from putty or other such tools.

HP H3C Switches - DHCP Relay

This only applies to HP switches running H3C software. Running DHCP Relay allows you to have DHCP server in another network and or VLAN. This also reduces the broadcast packets by intercepting DHCP requests before their broadcast. The example below shows that you can have more then one DHCP server if required.

 

DHCP Enable

DHCP Relay Server-Group 1 IP X.X.X.X

DHCP Relay Server-Group 1 IP Y.Y.Y.Y

Interface Vlan-Interface 1

DHCP Select Relay

DHCP Relay Server-Select 1

Replace X.X.X.X with DHCP Server #1 IP and if available Server #2 replace Y.Y.Y.Y with that IP.

Thursday, January 12, 2012

HP H3C 3COM 7500 5800 5820 Series Switches running NLB in Multicast mode issues

Just a heads up to anyone who may have run into issues using some of the switches below while enabling NLB in multicast mode. As it turns out from the command guide the switch will deny any multicast mac address. Below for is reference for command arp check.

Syntax

arp check enable

undo arp check enable

View

System view

Default Level

2: System level

Parameters

None

Description

Use the arp check enable command to enable ARP entry check. With this function enabled, the device cannot learn any ARP entry with a multicast MAC address. Configuring such a static ARP entry is not permitted and will prompt an error message.

Use the undo arp check enable command to disable the function. Then, the device can learn the ARP entry with a multicast MAC address, and you can also configure such a static ARP entry on the device.

By default, ARP entry check is enabled.

Examples

# Enable ARP entry check.

<Sysname> system-view

[Sysname] arp check enable

Switches with this enabled by default:

  • HP/H3C 5800-24G (JC099A,JC100A,JC103A)
  • HP/H3C 5800-48G (JC104A,JC105A,JC101A)
  • HP/H3C 5800AF-48G (JG225A)
  • HP/H3C 582014XG-SFP+ (JC106A)
  • HP/H3C 5829-24XG-SFP+ (JC102A)
  • HP/H3C 5820AF-24XG (JG219A)
  • HP 7510 (JD238B)
  • HP 7506-V (HD241B)
  • HP 7506 (JD239B)
  • HP 7503 (JD240B)
  • HP 7503-S (JD243B)
  • HP 7502 (JD242B)

This might effect more models then this but these are ones that can be confirmed to have this on by default.

Inbound TCP Connection denied flags SYN on interface

I’ve had a few times I noticed some networks could talk to each other and some would be denied. I found messages like the one below in the syslog (or in log viewer).

ASA-2-106001


Inbound TCP connection denied from X.X.X.X to 
Y.Y.Y.Y flags SYN on interface interface_name



It turns out most of the time the interface is created with a incorrect security level on the interfaces. Security levels by default are used to allow implicit rules to communicate with lesser secure networks without having to maintain rules. For example a network with security level of 50 would be able to access a network 40 without any issues.



image



But for most the times I run into this issue its because same security level blocking. This is also on by default and the fix is either to change the security levels of one of the effected interfaces or enable that security policy. To enable the security policy either use the command below or check the Enable traffic between two or more interfaces which are configured with same security levels.




same-security-traffic permit inter-interface




image