Category Archives: IT Pro

Unable to correctly configure Time Service on non PDC Domain Controller

Posted on by
Reply

Introduction

Around new year, between the 31st 2016 and the 1st of January 2017 some ISP had issues with the time service. It jumped 24 hours ahead. This cause all kinds of on line services issues ranging from non working digital TV to problems with the time service within companies. That caused some intervention time and temporarily switching the external reliable NTP time server sources to another provider that didn’t show this behavior. Some services required a server reboot to sort things out but things were operational again. But it became clear we still had a lingering issue afterwards as we were unable to correctly configure Time Service on non PDC Domain Controller.

Unable to correctly configure Time Service on non PDC Domain Controller

A few days later we still had one domain, which happend to be 100% virtualized, with issues. As turned out the second domain controller, which did not hold the PDC role, wasn’t syncing with the PDC. No matter what we tried to get it to do so. If you want to find out how to do this properly for virtualized environment I refer you to a blog post by Ben Armstrong Time Synchronization in Hyper-V and fellow MVP Kevin Green Hyper V Time Synchronization on a Windows Based Network.

But no matter what I did, the DC kept  getting the wrong date. I could configure it to refer to the PDC as much as I wanted, nothing helped. It also kept saying the source for the time was the local CMOS (w32tm /query /source). I kept getting an error, we’re normally able to fix by configuring the time service correctly.

image

Another trouble shooting path

The IT universe was not aligned to let me succeed. So that’s when you quit … for a coffee break. You relax a bit, look out of the window whilst sipping from your coffee. After that you dive back in.

I dove into the registry settings for the Windows time service in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time of a functional DC in my lab and the one of the problematic DC in the production domain.  I started comparing the settings and it all seemed to be in order. But for one serious issue with the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Security key on the problematic DC.

Trying to open that key greeted me with the following error:

Error Opening key

Security cannot be opened. An error is preventing this key from being opened. Details: The system cannot find the file specified.

image

That key was empty. Not good!

image

I exported the entire W32Time registry key and the Security key as a backup for good measure on the problematic DC and I grabbed an export of the security key from the working DC (any functional domain joined server will do) and imported that into the problematic DC. The next step was to restart the time service but that wasn’t enough or I was to inpatient. So finally I restarted the DC and after 10 minutes I got the result I needed …

image

Problem solved Smile

Manage Your Brocade Fibre Channel Switch with recent Java & browser versions

Posted on by
31

Introduction

I was in the process of setting up a new jump server a management station server virtual machine on Windows Server 2016 Hyper-V. The guest was also Windows Server 2016 (desktop install). That station needed to be used to manage some aging Brocade fibre channel switches. With the default setting and links this will give you some headaches and some solution require you to keep older and insecure browser or java versions installed. We’ll show you how to get GUI access to your FC switches without needing to do that so you can manage your Brocade Fibre channel switch with recent Java & browser versions. Well not all of them, but it can be done with IE 11 and Firefox 52.0.1 (at the time of writing).

Another solution is to use the CLI naturally.

Manage Your Brocade Fibre Channel Switch with recent Java & browser versions

It’s OK to use the most recent Java version available. At the moment that I wrote this blog post that was Java 1.8.0.121. I can’t give guarantees other than that, but for now that does work.

Instead of navigating to http or https to just the IP address which will send you to https://x.x..x.x/switchexplorer you need to create a shortcut link to the following: https://10.30.2.2/switchexplorer_installed.html (or http://10.30.2.2/switchexplorer_installed.html if you have not enabled https on your switch).

Like this:

clip_image001

I normally change the icon to the shortcut to indicate it’s pointing to a network device. I actually created some ico files based on an image of brocades Fibre Channel switches that I use for this. I just place then under C:\Programdata\BrocadeFC for safe keeping together with a cop of the short cuts. On the management station, I add them to the desktop for easy access. Below is a screenshot of my Windows 10 or Windows Server 2016 (Desktop Experience) management station.

clip_image002

But we’re not there yet. You need to go to Java configuration and select the Security Tab. Make sure Enable Java Content in the browser is enabled. Leave the security at high but don’t forget to add the IP addresses of your Brocade switch to the Exception Site List.

clip_image004

You’ll need to add http or https or both depending on your situation. I think we can all agree we should go for https in this day and age.

In Firefox when you launch the shortcut you’ll get asked what app to use for opening this file.

clip_image005

Make sure you point it to javaws.exe (in C:\Program Files (x86)\Java\jre1.8.0_121\bin) if that’s not the case.

clip_image007Also, check to “Do this automatically for files like this from now on” for faster access during normal operations.

In Internet Explorer allow the add-on “Java SE Runtime Environment 8 Update 121 from Oracle America Inc.” to run.

clip_image009

When it comes to Chrome, this doesn’t’ work anymore. See https://www.java.com/en/download/faq/chrome.xml

When the application is launched, depending on the age of the fibre channel switch and the version of the firmware you’ll be greeted by a more or less harsh security warning.

clip_image010

clip_image011

Check the “I accept the risk and want to run this application” or “Do not show this again for this app from the publisher above” depending on the case. This also allows for easy access the next time you launch the shortcut. The app will launch and you’ll be greeted by the login screen.

clip_image012

Juts log in and there’s nothing more to it. You can now manage your FC switches from Firefox again.

image

Hope this helps some of you out there that come across this issue.

Off Host Backup Jobs with Veeam and Replay Manager 7.8

Posted on by
2

It’s all about application consistent hardware VSS provider snapshots

I was browsing to see if I could already download Replay Manager 7.8 for our Compellent (SC) SANs. No luck yet, but I did find the release notes. There was a real gem in there on Off Host Backup Jobs with Veeam and Replay Manager 7.8. We’ll get back to that after the big deal here.

image

So what kind of goodness is in there? Well obviously there is the way too long overdue support for Windows Server 2016, including the Hyper-V role and its features. That is great news. We now have application consistent hardware VSS provider snapshots.I do not know what took them so long but they need to get with the program here. I have given this a s feedback before and again at DELL EMC World 2017 The Compellent still is one of the best “traditional” centralized storage SAN solutions out there hat punches fare above its weight. On top of that, having looked at Unity form DELL EMC, I can tell you that in my humble opinion the Compellent has no competition from it.

Off Host Backup Jobs Veeam Replay Manager 7.8

Equally interesting to me, as someone who leverages Compellent and Veeam Baclup & Replication with Off Host Proxies (I wrote FREE WHITE PAPER: Configuring a VEEAM Off Host Backup Proxy Server for backing up a Windows Server 2012 R2 Hyper-V cluster with a DELL Compellent SAN (Fiber Channel))  is the following. Under fixed Issues is found:

RMS-24 Off-host backup jobs might fail during the volume discover scan when using Veeam backup software.

I have Off host proxies with transportable snapshots working pretty smooth but it has the occasional hiccup. Maybe some of those will disappear with Replay Manager 7.8. I’m looking forward to putting that to the test and roll forward with Windows Server 2016 for those nodes where we need and want to leverage the Compellent Hardware VSS provider. When I do I’ll let you know the results.

I am presenting at VeeamON 2017

Posted on by
Reply

I’m travelling to New Orleans for VeeamON2. If you don’t know what that is, please check it out here. I can recommend this conference. Both the attendees and presenters are all very active users of Veeam products and the workloads Veeam protects in real live. That makes for excellent sharing of experiences, insights and knowledge with your peers.

SM banner-Presenters

I have the distinct honor of presenting a joint session with Luca Dell’Oca (@dellock6 / http://www.virtualtothecore.com/en/) and Carsten Reachfahl (@hypervserver / https://www.rachfahl.de/). The presentation is called: Throw your backups into ANY window and is on Wednesday, May 17 | 13:30-14:30.

Choosing a storage solution for your backups can be a daunting task: Windows or Linux servers, SMB shares, SAN, NAS, deduplication appliances … But block cloning, a new feature in Windows 2016 and leveraged by Veeam Backup & Replication™, is promising to change this. Available for ReFS 3.1 file systems, this technology allows for insanely reduced transform times and spaceless GFS backups. Or at least, this is what marketing has told us so far, but how good is it in reality? Is an expensive and complex Storage Spaces Direct the only way to consume all the amazing new features? How can I design my new backup repository with these new options in mind? What about encryption and Veeam Scale-out Backup Repository™? Didier Van Hoye, Carsten Rachfahl (both Microsoft MVPs and Veeam Vanguards) and Luca Dell’Oca (Veeam cloud architect) have joined forces to bring you from-the-field information, tips, tricks and ideas to build your next Veeam backup repository with real-life tests and feedback gained from deploying this new powerful combination into multiple environments.

This session is complimentary to the other ones given at VeeamON 2017, both the breakout sessions as well as some of the session the Microsoft MVPs are presenting at the boot. Those sessions combined will send you home with ideas and options on how to leverage Veeam in creative ways to achieve the best possible solution for your needs. Personally I’ll be discussing some of the options you have to get get high available backup targets leveraging ReFSv3.1 in brown field scenarios when  a brand new Storage Spaces Direct deployment is not option or when you don’t run Windows Server Windows Server 2016 yet.

Next to that and between attending interesting sessions I’ll be available at the Veeam and Microsoft boots if you want to have questions or want to discuss the technologies. At the Microsoft boot I’ll be presenting a demo focused walk through on how to on Discrete Device Assignment in Windows Server 2016.