No more connections can be made – when joining domain
Posted in Server Management / Monitoring on July 6th, 2010
We recently had an issue where when trying to join machines to the domain we encountered the following error.
“The following error occurred attempting to join the domain gwlab.net”
“No more connections can be made to this remote computer at this time because there are already as many connections as the computer can accept”
If you read through the walls of web pages you will find it’s often due to the number of licenses available on the server. This was not our case at all.
The issue was somewhat more simple.
The systems we were attempting to join all had the wrong time. In our case they were off by about 15 or 20 minutes and had come from our supplier this way.
Not the greatest error description for sure!
Simple fix. Change the time on the local system to be more close with the Domain Controller(s) and then attempt to join.
One additional thing I found very handy was the ability to join the domain using a specific server. The best way I found to do this in our situation was with powershell. All systems were Windows 7.
Open powershell
Type add-computer -?
Specifically: “add-computer -DomainName gwlab.net -Credentials washburng -Server gwlab.net\DC2″
Tons of other options I recommend considering but this for sure makes pointing to a specific DC a breeze.
Setting Time on Cisco Switches
Posted in Network Management / Monitoring on May 22nd, 2009
Many Cisco switches do not have the ability to save time after a power cycle. For this reason it is probably best to use NTP to keep the time current.
In GWLab we decided to use our Microsoft Domain Controllers as time servers. The main reason for this is to ensure Active Directory logon attempts do not fail due to a time difference.
Here’s an example of how to configure a Cisco 2950 switch:
Config t
ntp server 10.1.1.203
ntp server 10.1.1.107
clock timezone EST -5
clock summer-time EDT recurring 2 Sunday March 2:00 first Sunday November 2:00
The first and second line set the ip addresses of the domain controllers to be our ntp servers.
By default time on the Cisco switch is kept in UTC format. So the third line in this config example offsets UTC by -5 (which corresponds to EST). Set this to the correct offset for your timezone.
We want to display time correctly during daylight savings time. In 2007 the daylight savings time was modified. The specifics were set that daylight savings time would begin on the 2nd Sunday in March and end the 1st Sunday in November at 2:00 am. The fourth line in this config example displays the timezone as EDT during daylight savings time.
Setting a site-local or global IPv6 address within Windows 2008 Server Core
Posted in Network Management / Monitoring, Server Management / Monitoring on April 13th, 2009
Recently, I set up a IPv6 section of gwlab. The devices included Vista64, Windows 2008 Server Standard, Windows 2008 Server Standard Core, and Fedora 10 64bit. They all natively support IPv6 but typically use link-local addresses (sorta like using 169.254.x.x addresses in IPv4). Those with gui’s are easy to change but Windows 2008 core and it’s lack of a gui make it more of a challenge. The method I use is very simple and would also work on other versions of 2008 and vista.
On the Windows 2008 Standard Core Server (2008 Core) device log in as an administrator. At the cmd prompt enter the following command to get a list of the interface names:
“netsh interface ipv6 show interfaces”
You should get a list of interface information. Look for the interface that is not disconnected and not name labeled with some part being loopback. Use caution as many of the interfaces will have similar names by default.
On my system the interface name of interest was “Local Area Connection 2″ but most devices will need to be configured on “Local Area Connection”
Now that you have the interface name issue the following command:
“netsh interface ipv6 set address ‘inteface name determined above’ ‘ipv6 address’”
In my case that means: netsh interface ipv6 set address “Local Area Connection 2″ fec0:0:0:fffe::aa
Verify you now have the correct IPv6 interface settings by using the following commands:
“netsh interface ipv6 show addresses” or “netsh interface ipv6 show addresses ‘Local Area Connection 2′”
You should also be able to ping interfaces on other IPv6 enabled systems within the same network. So for example:
ping fec0:0:0:fffe::1%1
You probably don’t need to include the %”interface number” but I’ve found it’s just a good habit to get into.
How to Config Ubuntu Server 8.10 to use a Trunk port
Posted in Network Management / Monitoring, Server Management / Monitoring on January 29th, 2009
I wanted to set up a VMWare 2.0 server host to allow guests on multiple vlans. The project required that all Microsoft based servers / workstations be on one vlan and all Linux based servers / workstations be on a different vlan. This meant that a VMware Server hosting both Microsoft and Linux based guests would be impossible until setting up multiple interfaces and trunking the switch port. I did this project during a transition from from a Cisco switch to a Netgear Layer 3 switch so I provide config instructions for both devices.
Project Primary Goal(s):
1.) Create a trunk port from a switch / router connected directly to a Ubuntu 8.10 Server
2.) Enable multiple logical network interfaces on the Ubunutu system (1 each for each vlan on the trunk
3.) Be able to network “sniff” traffic for only a given vlan while still communicating over other vlans for mail / web / etc
4.) Be able to run VMware guests in different vlans
5.) No routing enabled on the Ubuntu Server
6.) Provide static config options for restoring all networks and connections after a reboot
On the Switch (This is Cisco – See below for a Netgear config):
1.) Enter config mode on the switch “config t”
2.) Enter config mode for the interface we want to trunk “int gig 1/0/1” for example
3.) On some switches / routers you will need to set the encapsulation type “switchport trunk encapsulation dot1q”
Note: If you don’t set this explicitely (even if your switch doesn’t require it) you will not be able to get vlan headers on a full network “sniff” and you may encounter communications problems on your vmware guest systems.
4.) Set port to trunk mode “switchport mode trunk”
5.) Allow vlan’s of interest on the trunk “switchport trunk allowed vlan 10,172,192″
6.) Most admins agree setting a description is worth the effort for reducing confusing in future troubleshooting – ‘description “Trunk link to Ubuntu 8.10 VMware Server”’
7.) Get out of int config mode “exit”
8.) Get out of config mode “exit”
9.) Save config to memory “write mem”
On the switch (This is Netgear config – See above for a Cisco config)
1.) Enter config mode “Configure Terminal”
2.) Enter interface config mode “Interface 0/10″
3.) Set participation in the vlans of interest:
”vlan participation include 10″
“vlan participation include 172″
“vlan participation include 192″
4.) Set tagging for all vlans:
“vlan tagging 10″
“vlan tagging 172″
“vlan tagging 192″
5.) Most admins agree setting a description is worth the effort for reducing confusing in future troubleshooting – ‘description “Trunk link to Ubuntu 8.10 VMware Server”’
6.) Get out of interface config mode “exit”
7.) Get out of config mode “exit”
8.) Save config to memory “save” then “y” to the confirm prompt
On the Ubuntu 8.10 Server (I’ll try to get around to writing up instructions for Fedora 10 as well – basically they are the same except the static settings and the su / sudo commands).
1.) I prefer to just up my privs to root and leave them there while on the terminal but you might want to use sudo instead – “sudo -s -H” then enter the root password for the system
2.) Remove any settings on eth0 – Especially do not leave eth0 as DHPC enabled (I’ll provide more info about what I decided to do in the static config section below – but if you are just looking to do something temporary just take off ip information and routing information for eth0)
3.) Now create the logical interfaces for each vlan.
“ip link add link eth0 name vlan10 type vlan id 10”
“ip link add link eth0 name vlan172 type vlan id 172”
“ip link add link eth0 name vlan192 type vlan id 192”
5.) If you have a dhcpserver on any of the vlans you can grab a dhcp address
“dhclient vlan10”
To release the dhcp address:
“dhclient -r vlan10”
6.) If you want to “sniff” traffic on a given vlan set the logical interface to promiscuous mode
“ifconfig vlan172 -promisc”
“tcpdump -i vlan172″
If you want to “sniff” traffic on all vlans
“tcpdump -i eth0″
Static Settings (this section is of interest if you want to set this up perminantely – For me that’s a primary project goal)
Several modifications need to be made to the /etc/network/interface file so “vi /etc/network/interfaces”
I include an example file here:
———————————————————————————————————————-
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
# I set this up in promiscuous mode for any network “sniffing” I may want to do in the future
auto eth0
iface eth0 inet manual
up ifconfig $IFACE 0.0.0.0 up
up ip link set $IFACE promisc on
down ip link set $IFACE promisc off
down ifconfig $IFACE down
# The vlan 10 network interface
# This is an example of a logical vlan interface that has connectivity to a DHCP server
iface vlan10 inet dhcp
pre-up ip link add link eth0 name vlan10 type vlan id 10
post-down ip link del dev vlan10
auto vlan10
# The vlan192 network interface
# This is an example of a logical vlan interface that needs static / manual ip address information
iface vlan192 inet static
pre-up ip link add link eth0 name vlan192 type vlan id 192
post-down ip link del dev vlan192
address 192.168.7.8
netmask 255.255.255.0
auto vlan192
———————————————————————————————————————-
Don’t forget to save the file “:wq!”.
Last thing is to reconfigure the VMserver environment:
-
At the root prompt type “/usr/bin/vmware-config.pl” or at the user prompt “sudo /usr/bin/vmware-config.pl”
-
When it asks to set up various network information the ones of highest interest is the Bridged. Ensure you choose to set a bridged network for each vlan – I chose to name mine “Bridged10″, “Bridged172″, and “Bridged192″ after the logical vlan interfaces they would operate on.
-
Go into the VMware Server web gui “https://serverip:8333” (you can do this from a remote system since you probably don’t have a graphical front end or web browser for the VMware Server) and for each guest that has been created ensure that the correct bridged network is selected. For me that meant selecting each Linux guest and changing it’s network to “Bridged192″ and selecting each Microsoft guest and changing it’s network to “Bridged10″.
Note: I did this for VMware applications but it’s not a terrible way to configure a Linux firewall that has only 1 interface. Just set the default route to the ip address given on each logical vlan interface. Then enable ip forwarding on the linux system.
New Server Today
Posted in Uncategorized on January 23rd, 2009
Today I got my new quad core server in. This will host several Virtual systems.
I tried installing VMWare ESX but apparently they have no support for the processor I have in this system 
New server name was something my wife came up with.
She thought I should call it “Casino” because it had so many slots 
I liked it and it stuck.
I welcome Casino to the Lab.
Installing VMWare Server 2.0 on Ubuntu 8.10 Server
Posted in Server Management / Monitoring on January 23rd, 2009
Download References:
Download free VMware Server 2.0 for linux at http://www.vmware.com.
Download free Ubuntu Server 8.10 64bit (and other versions) at http://www.ubuntu.com.
These directions assume you have a running Ubuntu 8.10 64bit system. However, I will try to include specific notes where 32bit systems would use different commands.
Duplicating the steps I took:
1.) sudo apt-get install linux-headers-`uname -r`
2.) sudo apt-get install build-essentials
3.) sudo apt-get install xinetd
4.) scp, ftp, copy from cd or whatever method works best for you to copy the vmware server installation files to your ubuntu system. In my case I have Ubuntu 8.10 64bit Server so I scp’d “VMware-server-2.0.0-122956.x86_64.tar.gz” and “VMware-vix-1.6.0-122956.x86_64.tar.gz” to ~/vmware directory for convenience. 32bit Ubuntu systems will have a different set of vix and server install files.
5.) Set your working directory to the place you copied the vmware installation files “cd ~/vmware”
6.) Extract the installation files “tar xvfz VMware-s*.tar.gz”
7.) Set your working directory to the directory created during the extraction process in step 6 “cd v*”
8.) Run the install script “sudo ./vmware-install.pl”
9.) Accepting all the defaults works for some ppl but not for me. You will want to pay particular attention to where you install / store your virtual machine, the ports you run the management web interface and ESPECIALLY pay attention to the vmware administrator account. I recommend you add your username as the administrator during the install.
10.) Enter the 20 character key you recieved from VMware download. If you don’t have your key handy you can also go to the VMware site and view your license by going thru the download process for VMware Server.
Note: To access the VMware manager from any network connected machine that has a route to the VMware Host you would browse to https://”yourhostname”:8333 (i.e. https://10.1.1.107:8333 or for local access https://127.0.0.1:8333)
Note2: I recommend firewalling the server and disabling non-ssl communication with the the VMware Host.
User’s $Home/.dmrc file is being ignored
Posted in Server Management / Monitoring on January 19th, 2009
Today after a series of autoupdates my Ubuntu 8.04 system greeted my login with this message.
You can imagine I was not terribly please.
But the fix wasn’t bad. It turns out one of the updates or something done as part of lab testing made my home folder not readable.
The fix:
sudo chmod 700 /home/yourusername/
If you want other users to be able to read your home folder the fix:
sudo chmod 755 /home/yourusername/
Clonezilla 1.2.1-23
Posted in Server Management / Monitoring on January 18th, 2009
My Symantec Ghost software is getting too expensive to maintain so I went out looking for alternatives this weekend. Had two really good candidates: PING 3.00 and Clonezilla 1.2.1-23. Obviously, from the name of this post after testing both Clonezilla 1.2.1-23 is the one I decided on.
Clonezilla had one really cool thing going for it. It supports SSH / SCP of images.
PING was ok but I kept getting hangs when trying to connect to remote windows shares. There were work arounds but, to me it seemed, less friendly. It also didn’t have support for writing images via ftp (only reading) and did not seem to support SSH / SCP at all.
I tested Clonezilla Live image backups of both linux systems and windows systems with absolutely no problems.
I also added to my future projects list “set up a DRBL (Diskless Remote Boot in Linux) server.” This will facilitate the advanced features in Clonezilla for supporting multicasting.
To get Clonezilla standalone up and running is as simple as downloading an ISO and burning a CD / USB.
Download Clonezilla @ http://www.clonezilla.org/download/sourceforge/stable/iso-zip-files.php
Burn the ISO, boot the system you wish to image from the CD or USB you made, and follow the on screen instructions for countless easy to follow options.
Also you can boot to a root prompt (with either product) to reset passwords / accounts or fix broken files or file permissions. Both products support partition and disk imaging.