Bienvenido! - Willkommen! - Welcome!

Bitácora Técnica de Tux&Cía., Santa Cruz de la Sierra, BO
Bitácora Central: Tux&Cía.
Bitácora de Información Avanzada: Tux&Cía.-Información
May the source be with you!

Sunday, November 30, 2008

RAID-5 en Windows Server 2003

Raid5- Mirror C Partition
"Can I just add another dive and then use windows disk manager to mirror c:?"
Technically speaking yes you could software mirror. This is where you need to educated yourself to the difference between hardware raid and software raid.
Here is what you need to understand:
1. you lose two disks in your 3 disk raid5 you lost everything and you are only as good as your last backup. Google Hot Spare
2. if you software mirror the OS partition to another drive if you lost the raid5 array you lost everything except the OS [no data only os - back to #1]
3. if you lost the OS partition [and its boot] on the raid5 array you should be able to boot to the mirror and still access your data IF the OS sees the original OS as gone. If the partition is still there but not mountable it will be assigned a drive letter and you will not be able to mount your server programs or access data via the original drive letters.
No real failover here which makes this a waste of time and resources.
Now if you used a server version of cloning software you could clone the OS partition to a drive and then mirror that drive via the hardware. Then you could repartition the raid5 array and restore from backup so the drive letters/partitions all matched before the change [so everything works]. You would need two additional drives to accomplish this.

Configuración de un volumen seccionado con paridad (RAID-5) en Windows Server 2003
Un volumen seccionado con paridad, también denominada RAID-5 en Windows Server 2003, combina áreas de espacio libre de varios discos duros (de 3 a 32) en un volumen lógico.
La paridad es información redundante asociada con un bloque de información. En los productos Windows Server 2003, la paridad es un valor calculado que se utiliza para reconstruir datos después de producirse un error. Los volúmenes RAID-5 crean bandas de datos y paridad en un conjunto de discos. Cuando se produce un error en un disco, Windows Server 2003 utiliza la información de paridad para volver a crear los datos en el disco con errores.
Debido a esta tolerancia a errores, los administradores propician el uso de volúmenes RAID-5 cuando tanto la integridad de los datos como la velocidad de entrada y salida de los datos son importantes. Los volúmenes RAID-5 no pueden reflejarse ni ampliarse. En un volumen RAID-5 se puede utilizar cualquier sistema de archivos, lo que incluye los sistemas de archivos FAT, FAT32 o NTFS.
NOTA: Ni los archivos del sistema operativo ni los de inicio pueden residir en los discos RAID-5. Sin embargo, puede colocar el archivo de intercambio del sistema en un volumen RAID-5.
Un volumen seccionado (RAID 0) en Windows Server 2003
Un volumen seccionado (RAID 0) combina áreas de espacio libre de varios discos duros (entre 2 y 32) en un único volumen lógico. Los datos escritos en un volumen seccionado se intercalan en todos los discos al mismo tiempo en lugar de secuencialmente. Como consecuencia, el rendimiento del disco será mayor en un volumen RAID 0 en comparación con otro tipo de configuración de disco. Los administradores prefieren utilizar volúmenes seccionados cuando la velocidad de entrada y salida es importante. En un volumen seccionado puede utilizarse cualquier sistema de archivos, incluidos FAT, FAT32 o NTFS.
Reflejar la partición de sistema y de inicio (RAID1) en Windows Server 2003
Solucionar problemas
Una vez actualizado un disco básico a dinámico, las particiones existentes del disco básico se convierten en volúmenes simples (dinámicos). No puede volver a cambiar los volúmenes dinámicos a particiones.
Un disco dinámico no puede contener particiones ni unidades lógicas y no puede tener acceso a ellos mediante MS-DOS ni cualquier sistema operativo Windows que no sea Windows 2003.
Inicio desde el espejo cuando se pierde la partición primaria
Recuperación de una partición del sistema o de inicio reflejada que produce un error
Hardware RAID 5 on windows 2003
RAID 5 installation
Adding external drive to RAID
RAID -5 crashed
No backups. The worst mistake you can make with networks... There is no software to recover raid systems if the disks are not able to spin up. 
Now if you can get atleast one of the disks to spin up (depending on what is bad) there is software to recover or they might come up in the array long enough to recover the data. Raid 5 needs two working disks....Now if you have never disassembled a drive before it may not be your best bet. Otherwise as Jason suggested contact ontrack as i have found them the best in the recovery business. Not the cheapest but the best. Depends what your data is worth. www.ontrack.com 


Saturday, November 29, 2008

Spyware Warrior

Spyware Warrior Blog
Spyware Warrior Forums
Spyware Warrior Home

Those who have followed the development of this page since 2004 will have noted that the list of "rogue/suspect" anti-spyware products has not been updated since May 2007. Unfortunately, other time commitments have precluded our efforts to keep that list up to date. Since the last update dozens of "new" rogue anti-spyware programs have hit the 'Net. The vast majority of them, however, are not really new, but are simply re-branded clones and knockoffs of the same rogue applications that have been around from years. In most cases, they are being pushed through the same deceptive practices by the same parties responsible for earlier versions. See in particular these "families" of anti-spyware products, which continue to live on through shameless re-branding: 15, 18, 19, 21, 22, & 23.

If you are looking for information on the most recent rogue anti-spyware applications, we recomend visiting these sites:

"Rogue/Suspect" means that these products are of unknown, questionable, or dubious value as anti-spyware protection.
Some of the products listed on this page simply do not provide proven, reliable anti-spyware protection or may be prone to ridiculous false positives. Others may use unfair, deceptive, high pressure sales tactics to scare up sales from gullible, confused users. A very few of these products are either associated with known distributors of spyware/adware or have been known to install spyware/adware themselves. Not all products exhibit the same problems, however. Please see this "note to readers" for more information.
Users are advised to rely on the short list of Trustworthy Anti-Spyware Products with deserved reputations for quality performance.

Criteria & Testing
Criteria that we use to classify anti-spyware programs as "rogue / suspect" are discussed below in the Listing Criteria section.

Testing was performed with most of the apps listed below, though not all of them. The notes section below contains definitions and descriptions of some of the key terms used in the comments for the applications listed. Be sure to consult the Anti-Spyware Family Resemblances and Orphans & Outcasts companion pages for more information on the applications listed.

De-Listed Applications
Some applications that were originally included in this list of "rogue/suspect" anti-spyware programs have been de-listed after the vendors for those programs took steps to correct the problems identified on this page. For each program that has been de-listed there is a note explaining the circumstances at the bottom of the main "rogue/suspect" list. For more information on the process of de-listing application, see THIS discussion below.
Note:
before contacting us about programs not included on the main list below, please check the list of lesser-known anti-spyware applications that we have tested as well as the list of legitimate, licensed clones of other anti-spyware programs.

More Information
For additional information on "rogue/suspect" anti-spyware products, see the More Information section towards the bottom of the page. Suzi has put together a "Top 10 Rogue Anti-Spyware" list HERE.
For reports on more extensive testing with a select group of anti-spyware utilities, see HERE. A short list of anti-spyware applications that are recommended as useful and trustworthy can be found on the list of Trustworthy Anti-Spyware Products below. An extended list of quality anti-spyware products is HERE.

If your PC is already infested with spyware or adware, see the instructions below for getting help.

See also: Anti-Spyware Family Resemblances
Anti-Spyware Orphans & Outcasts
Anti-Spyware Programs: Feature Comparison
Anti-Spyware Tests (by Eric L. Howes)
Protecting Your Privacy & Security on a Home PC
Ben Edelman - Spyware Research

Trojan & Adware removal procedures

Generic Trojan / Adware Removal Procedures
(2 different procedures you can try for malware removal)
By: David Lipman

Procedure #1

  1. Download the following four items (links will open a new browser window)...

    McAfee Stinger
    http://vil.nai.com/vil/stinger/
    Trend Sysclean Package
    http://www.trendmicro.com/download/dcs.asp

    Latest Trend Virus Pattern Files. (example; lpt285.zip*)
    http://www.trendmicro.com/download/pattern.asp
    (*The file name lpt285.zip is simply an example name of the file and you'll find the filename posted at TrendMicro will have a higher number than 285. Each time TrendMicro produces new Pattern Files the number in the file name will be incremented accordingly.)

    Ad-Aware SE (free personal edition)
    http://www.lavasoftusa.com/

  2. Create a new directory.

    • On drive "C:\"
      (e.g., "c:\New Folder")
    • or the desktop
      (e.g., "C:\Documents and Settings\username\Desktop\New Folder")

    Place SYSCLEAN.COM (the Trend Sysclean Package referenced above) into the new directory you created. Extract the latest Trend Virus Pattern Files (Example: lpt$vpn.285 and WHATSNEW.TXT) from the zip file you downloaded above into the same new directory you created. The Trend Pattern File contained in the ZIP file must be placed in the same directory as SYSCLEAN.COM!

    Important: The TrendMicro Pattern file is updated reguarly. Aywhere from once per day to a few times in a day. Always make sure you have the latest version of SYSCLEAN.COM and the Pattern File before you scan your platform. The McAfee Stinger Internet worm and Trojan removal tool is upgraded periodically. Always make sure you have the latest version of McAfee Stinger utility before you scan your platform.

  3. Install and Update Ad-Aware with the latest definitions.
  4. If you are using WinME or WinXP, disable System Restore.
    http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.aspx
  5. Reboot your PC into Safe Mode [F8 key during boot process].
    How to Boot Into Safe Mode:
    Generic

    Windows XP
    How to perform a clean boot in Windows XP
  6. Using McAfee Stinger, the Trend Sysclean utility and Ad-Aware, perform a Full Scan of your platform and clean and/or delete any infectors and/or parasites found (a few cycles may be needed).
  7. Restart your PC and perform a "final" Full Scan of your platform using McAfee Stinger, the Trend Sysclean utility and Ad-Aware.
  8. If you are using WinME or WinXP,Re-enable System Restore and re-apply any System Restore preferences (e.g. HD space to use suggested 400 ~ 600MB).
  9. Reboot your PC.
  10. If you are using WinME or WinXP, create a new Restore point

End of Procedure #1

Procedure #2

Download MULTI_AV.EXE from the URL --
http://www.pctipp.ch/index.cfm?pid=1411&pk=28470

It is a self-extracting ZIP file that contains the Kixtart Script Interpreter { http://kixtart.org - Kixtart is CareWare } 4 batch files, 6 Kixtart scripts, one Link (.LNK) file, a PDF instruction file and two utilities; UNZIP.EXE and WGET.EXE. It will simplify the process of using; Sophos, Trend, Kaspersky and McAfee Anti Virus Command Line Scanners to remove viruses, Trojans and various other malware.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal Mode.
This way all the components can be downloaded from each AV vendor’s web site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC.

You can choose to go to each menu item and just download the needed files or you can download the files and perform a scan in Normal Mode. Once you have downloaded the files needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key during boot] and re-run the menu again and choose which scanner you want to run in Safe Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help file.
To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close
Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your FireWall to allow it to download the needed AV vendor related files.

End of Procedure #2

Wednesday, November 26, 2008

Cyber Monday

Ensure you're protected ahead of Cyber Monday
PC Tools' tips for safe online Christmas shopping

1. Use web browser protection
While shopping online you may come across what appear to be legitimate-looking websites created with the express intent of committing financial or identity fraud. Hackers can also infect legitimate or reputable websites, such that by merely going to a website, you could infect your family's computer and expose your personal details and financial welfare to risk.
Reputable browser protection, such as PC Tools Browser Defender, warns you about potentially dangerous websites and identifies websites that are trying to infect or harm your computer - standard option with PC Tools Internet Security.

2. Install comprehensive security protection
You can also help protect yourself from malicious attacks by installing reputable security software such as Spyware Doctor with AntiVirus or PC Tools Internet Security which are recommended by leading independent publications. Make sure your security product has real-time and browser protection, which can block attacks as they happen and while you surf the web, as well as behavioural protection, which helps protect against new and unknown threats.3. Ensure you have the latest updates
Always keep your product up to date. Ensure you are using the inbuilt Smart Update feature which automatically downloads the latest databases and software updates.

4. Do your homework
Check out the website's refund and returns policies, privacy policy and legal notices. These documents should be readily available on online websites. You will want to know for example, what your rights are in relation to any goods you buy on line and how a company deals with your personal details.

5. Be click aware
Be wise about clicking on links in emails from online retailers. Cybercriminals wanting to steal your personal information can now create emails that look exactly the same as those that come from well-known online stores. So even emails that may appear to be from a legitimate company may be dangerous. Make sure you have a powerful spam filter that automatically detects suspicious emails as they arrive in your inbox.

6. Look for the signs
Using your browser, you can view the site's security certificate and verify that it is issued to the web site you intended. A security certificate is designed to give you comfort that the information you send from your computer is kept secure from access by other parties. You should also check that the security certificate is registered to the website you are visiting. You can do this by double clicking on the security icon and verifying that the name in the certificate matches the name of the retailer.

7. Pay using a secure method
If you use a debit card when purchasing from an online shopping site, the purchase amount will be immediately withdrawn from your account and will be more difficult to get back if the transaction turns out to be fraudulent. If you use a credit card you can contest transactions before you pay your monthly statement. Frequent online shoppers should consider setting up a separate credit card with a low limit, so that if their details do get stolen, a thief will be limited in the amount of money they can charge to the card.

8. Don't give out too many details
Online retailers should only require your basic contact details (for example, name, billing address and contact number) and card details in order to process a credit/debit card payment. If you are concerned that a retailer is requesting too much information, contact them by phone to find out why they need so much information, how they plan to use it and if they have a privacy policy to protect you.

9. Keep records of the transaction
Make sure you print and save records of any online transactions, including the product description, price and the receipt of payment. If the site turns out to be fraudulent, you'll need this information to advise the relevant authorities in order to try to get your money back.

Monday, November 24, 2008

How to restore a Windows 2003 DC using ASR and VMWare

Source

The following procedure should work for any type of hardware, but I’ve used VMWare (so this procedure is also valid if you want to convert a physical Domain Controller to VMWare). Additionally, the procedure works for Windows 2003 server, but also for Windows XP (professional)

Prerequisites :

  • ASR backup .bkf file and the ASR floppy that corresponds with the ASR backup file. If you want to re-create the ASR floppy, have a look at http://support.microsoft.com/kb/325854/en-us
  • Converted ASR floppy (use a tool such as winimage to convert the floppy into a .ima or .img file, and then rename the .ima/.img file to .flp, or have a look at http://www.vmware.com/community/thread.jspa;jsessionid=9977DD123ECD2AA3C2E131C02E35998E?messageID=210767&#210767 or http://www.vmware.com/community/thread.jspa?threadID=18046 )
  • You will need to be able to have access to the .bkf file during the Windows setup in ASR mode.This is somewhat tricky. The only 2 ways I know of that work (read : that I have tested myself) is either back up to tape, and have the tape drive and tape available during the ASR restore; or back up to disk and put the bkf on a server in the vmware environment. Share the folder containing the bkf. Just don’t put the bkf file on the disks that will contain the Windows server afterwards, because all data will be removed during the ASR setup. According to some people, you should be able to put the bkf file on one of the disks in the server where ASR will run on. As long as it does not sit on the partition that has system files on it, and as long as the partition that will hold the bkf file is also available in the real DC, it should work. (But I tend not to believe this statement, because one of the first steps in the process is actually clearing the partitions and volumes on the disks… so the disk containing the bkf file would be emptied as well… right ?)
  • Disk configuration of the physical server (size of each disk)
  • Windows 2003 server CD
  • Make sure the vmware machine does not have access to the production machine, if you are trying this for simulation/testing purposes. Set the virtual machine to use a vmware internal network, without connection to the rest of the network.
  • Other backup sets (recent System State, Sysvol contents, …)

Before you start : Do not EVER EVER put the same machine twice on the same network. This will create havoc and in case of a DC, possible ruin your entire AD. Make sure to put the "to be restored" DC in an isolated network segment, without access to the real DC.

First all all, create a VMWare virtual machine, and make sure to create virtual disks that have at least the same size as the disks in the servers. (Note : I’m referring to disks, not partitions.) If your DC has 3 partitions of 12Gb, and the total disk is 36Gb, make sure to create 1 virtual disk of at least 36Gb.

Boot the vmware machine (boot from the Windows 2003 server CD.) When prompted, press F2 to enter ASR mode.

When you are prompted to insert the ASR Disk, mount the .flp file containing the ASR floppy. (Or just mount the physical floppy).

091407_2150_Howtorestor1

Windows setup will continue "loading files…", just wait until the following screen appears :

091407_2150_Howtorestor2

Press "C" to continue the setup. This step will remove everything that is on the disks listed in this view.

Next, the disks will be formatted and checked…

091407_2150_Howtorestor3

… and Windows setup will continue copying files :

091407_2150_Howtorestor4

Wait until this process has completed.

091407_2150_Howtorestor5

The system will reboot into the graphical mode of the ASR process. Make sure to change the BIOS not to boot from CD or floppy. (or press ESC at boot time to show the boot menu). You’ll end up at the ASR Welcome screen. Click next to continue (or just wait 90 seconds)

091407_2150_Howtorestor6

Select the path that contains the ASR .bkf file. If you have put the file on a fileserver in your vmware environment, you should be able to put in the UNC path to the folder (\\ip\sharename) and continue the restore process over the network. If you are doing this on a physical server and if you have put the asr backup on tape, the server should be able to detect the tape and find the asr backup automaticall. Of course, you can also browse to the bkf file over the network when you are performing a bare metal restore onto a physical server.

One more quick note on accessing a file server on the network. The network driver will be loaded in ASR mode, but you will need to make sure there’s a DHCP server in the network. If you are doing this in an isolated environment, you can put another 2003 server in the same isolated vmware environment, and install DHCP on that machine. The DHCP should be up and running at the time the "to be restored" server boots into ASR graphical mode. If DHCP doesn’t work, you can also rely on APIPA. Use a sniffer (wireshark) on the file server to see the APIPA address of the "to be restored" server :

091407_2150_Howtorestor7

Give the file server an apipa address in the same network range, and the two should be able to talk to each other. In my example, the file server (it actually is a Windows XP) has IP 169.254.145.192, the server has 169.254.145.191 (I got that address from the sniffer)

091407_2150_Howtorestor8

Go back to the ASR process. When you are at the dialog window to select your backup file, click "browse", and enter the UNC path to the share on the server. In my example, that is \\169.254.145.192\data. Provide a user/password to connect, when asked.

091407_2150_Howtorestor9

Select the bkf file that is stored on the server and click "open"

091407_2150_Howtorestor10

091407_2150_Howtorestor11
Click "next" to continue the process

Click "finish" to starting restoring

091407_2150_Howtorestor12

091407_2150_Howtorestor13

Wait until the process has completed. The ntbackup application will close and the server will reboot automatically.

When the machine reboots, a couple of things might happen

  1. The server boots and works fine. Congratulations. Even if you need to install display drivers or some other drivers after the boot, you still made it successfully. And if you planned for these types of scenario’s, you could restore your DC in half an hour or so…
  2. The server doesn’t boot. Try to repair the installation by booting with the 2003 server cd and go into repair mode. (You can choose to repair the Windows installation after the setup process has detected an existing Windows installation). If that doesn’t work, have a look at the following Microsoft KB’s :
    1. http://support.microsoft.com/kb/325375/en-us
    2. http://support.microsoft.com/kb/842009/en-us
    3. http://support.microsoft.com/kb/811944/en-us
    4. http://support.microsoft.com/kb/836421/en-us

If you get your DC to work, just check the Network Interface properties. If you do a ASR restore, odds are that the Firewall will be turned on again. Make sure to turn it off if that is what you need. You might need to reboot to get AD to run properly.

091407_2150_Howtorestor14

Event log : MSDTC errors/warnings

Finally, check the event log. There’s a pretty good chance that you will see MSDTC errors/warnings in the event log. You can clean these up using the following procedures :

Error EventID 53258

If the Event Log Application contains :

Source: MSDTC
Type: Warning
Category: SVC
Event ID: 53258
Description: MS DTC could not correctly process a DC Promotion/Demotion event. MS DTC will continue to function and will use the existing security settings. Error Specifics: %1

Start equipment Component Services (Start - Programs - Administrative Tools).
Expand Component Services.
Expand section Computers.
Right click on My Computer, select Properties, MSDTC tab.
Select Security Configuration, then OK.
Select OK again.
Right click on My Computer, and select Stop MS DTC. This will stop the Distributed Transaction Coordinator.
Right click again on My Computer, and select Start MS DTC.

Also, make sure "Network Service" has full control on HKLM\Software\Microsoft\MSDTC and everything below. Then restart the server.

Error EventID 4404

Source: MSDTC
Type: Error
Category: Tracing Infrastructure
Event ID: 4404
Description: MS DTC Tracing infrastructure: the initialization of the tracing infrastructure failed. Internal Information: msdtc_trace: File: d:\srvrtm\com\complus\dtc\dtc\trace\src\tracelib.cpp, Line: 1107, StartTrace Failed, hr=0×80070070

Start equipment Component Services (Start - Programs - Administrative Tools).
Expand Component Services.
Right click on My Computer, select Properties, MSDTC tab.
Choose Tracing Options.
Select Stop Session, New Session, Flush Data, and OK twice.
Right click on My Computer, and select Stop MS DTC. This will stop the Distributed Transaction Coordinator.
Right click again on My Computer, and select Start MS DTC.

Errors EventID 1058, 1030

Source: Userenv
Type: Error
Event ID: 1058
Description: Windows cannot access the file gpt.ini for GPO CN = {31B2F340-016D-11D2-945F-00C04FB984F9}, CN=Policies, CN=System, DC=test, DC=net. The file must be present at the location <\\ test.net \sysvol \test.net \Policies \ {31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini>. (The network location cannot be reached. For information about network troubleshooting, see Windows Help.). Group Policy processing aborted.

or also

Source: Userenv
Type: Error
Event ID: 1030
Description: Windows cannot query for the list of Group Policy objects. Check the event log for possible messages previously logged by the policy engine that describes the reason for this.

A full description of the solution is contained in article Microsoft #842804 at http://support.microsoft.com/?id=842804 . Be sure that:
Netlogon and DFS services are started.
The Controller of the domain valid reads and applies rules from Domain Controllers Policy.
The NTFS-rights to common resource Sysvol are configured correctly.
DNS records on server DNS are correct.

Other problems

If you try to open AD U&C, and you’re getting the following error : "Naming information cannot be located because the specified domain either does not exist or cannot be contacted. Contact your system administrator to verify that your domain is properly configured and is currently online.", check the Windows Time service and make sure it is running. Check DNS and make sure it does not contain any references to DC’s that are not available. Clean up AD (remove dead DC’s) using ntdsutil (see http://support.microsoft.com/kb/216498) and by removing entries in DNS. Reboot and wait for a little while.

Next, check if sysvol and netlogon shares are available. If not, check

http://www.jsifaq.com/SF/Tips/Tip.aspx?id=7979, http://support.microsoft.com/kb/316790, http://support.microsoft.com/kb/836421 and http://support.microsoft.com/kb/315457/.
Reboot and see what happens. If it works, fill up the sysvol folder with the sysvol backup (so you’ll have your scripts and gpo’s back) .

Finally, watch out for events in the Directory Service event log that say that the net logon service was paused. (NTDS Event ID 2103 : The Active Directory database has been restored using an unsupported restoration procedure. Active Directory will be unable to log on users while this condition persists. As a result, the Net Logon service has paused.) If you start the netlogon service manually, you should have a working DC (but you won’t have solved the problem – but that’s ok for now. If you really want to solve this USN Rollback issue as well, check http://blogs.dirteam.com/blogs/jorge/archive/2006/03/08/597.aspx, http://blogs.technet.com/petergal/archive/2006/02/04/418779.aspx, http://support.microsoft.com/kb/885875, http://www.ureader.com/message/1270504.aspx, http://www.mcse.ms/message1743890.html. Good luck)

Now run a dcdiag and look for errors and warnings.
2 more quick notes :

  1. The ASR Backup/Restore is based on a ASR backup. Odds are that the ASR backup is a bit older than the last System State backup, so it might be a good idea to take the last ntds.dit file, and perform a Authoritative Restore on this DC.
  2. If you had to restore one of the DC’s because all of the other ones died in a Disaster, and the DC you are restoring was not the primary DC, then you need to seize the FSMO roles to this DC. (depending on your environment, if this is the only DC in the forest left for example, you’ll need to seize ALL of the FSMO roles to this DC. You can do this using ntdsutil). http://support.microsoft.com/kb/255504 :

ntdsutil
ntdsutil: roles
fsmo maintenance: connections
server connections: connect to server yourservername
Binding to yourservername …
Connected to yourservername using credentials of
locally logged on user.
server connections: q
fsmo maintenance: seize domain naming master
fsmo maintenance: seize infrastructure master
fsmo maintenance: seize PDC
fsmo maintenance: seize RID master
fsmo maintenance: seize schema master
fsmo maintenance: q
ntdsutil: q
Disconnecting from yourservername…

Additionally, if this is the only DC that will be left over, you will have to clean up all of the other ones (if any) before promoting new servers into the domain. Otherwise, you’ll end up with a lot of errors and warnings, timeouts, … when this restored DC tries to contact other DC’s that aren’t there anymore. Look at Microsoft KB 216498 to remove the dead DC’s

Links :

How to move a Windows installation to different hardware : http://support.microsoft.com/kb/249694
How to perform a disaster recovery restoration of Active Directory on a computer with a different hardware configuration:

http://support.microsoft.com/?id=263532
How to rebuild the SYSVOL tree and its content in a domain:

http://support.microsoft.com/kb/315457/
The Sysvol and Netlogon Shares Are Missing After You Restore a Domain Controller from Backup:

http://support.microsoft.com/kb/316790
A domain controller is not functioning correctly?:

http://www.jsifaq.com/SF/Tips/Tip.aspx?id=8320
windows_bare_metal_recovery:ntbackup:

http://wiki.bacula.org/doku.php?id=windows_bare_metal_recovery:ntbackup
Recover from a system failure using Automated System Recovery:

http://technet2.microsoft.com/windowsserver/en/library/e96185f5-50b7-4b14-a2fd-0155d6b174f91033.mspx?mfr=true
How ASR Works:

http://technet2.microsoft.com/windowsserver/en/library/7b4f0436-cc90-4b52-b6ab-064f9db8d2721033.mspx?mfr=true
Restoring a Domain Controller Through Reinstallation:

http://technet2.microsoft.com/WindowsServer/en/Library/2f44ad0e-f84d-47a2-956b-df3f8554ea541033.mspx
Performing an Authoritative Restore of Active Directory Objects:

http://technet2.microsoft.com/WindowsServer/en/library/690730c7-83ce-4475-b9b4-46f76c9c7c901033.mspx
How backup works:

http://technet2.microsoft.com/windowsserver/en/library/9143ba85-587e-409d-b612-617e6617fece1033.mspx?mfr=true

3rd party tools :
http://www.stratesave.com/html/htmlhelp/meba2d89.htm

Cutting IT costs

Source
For the past few months everyone was hoping the IT industry might be saved the worst of the credit crunch fallout, on the basis that technology is vital to enterprise strategies to increase efficiency, improve services and ultimately benefit the bottom line. However, it is becoming increasingly apparent that CIOs, along with businesses in general, are now facing increased pressures to reduce their IT costs.


In addressing cost cuts, however, one of the central issues that need to be considered is the 'balance of value'. That is, it is crucial to resist the often knee-jerk reaction to simply cut IT costs down to the bone. Rather, one needs to look at the cost/productivity equation: how to reduce costs while at the same time increasing operational efficiency and competitive advantage.

Special report:

Recession and the IT economy
Radical cost-cutting may answer short-term needs but can lead to higher future costs as strategic projects that could improve efficiencies are delayed or deep frozen. With this in mind, it's vital to measure hardware, software and servicing not on cost alone, but in the context of performance and quality.
Here are some key points to consider in these cost-conscious times.
Making the right cut
Consider IT staffing. Before wielding the axe, one should first ask: How productive is the individual? What staffing levels are needed not just to maintain but to improve service delivery? Are our per-capita cost/performance ratios better, the same or worse than other companies in our market sector and against industry best practice?

These questions may seem obvious but to answer them requires a pre-existing benchmark of key performance indicators (KPIs) against which current measurements can be compared.

Without KPI and other IT benchmarking measurements, decisions about where to make cuts or where to spend money can only be based on internal politics, exigency or a best guess. However, gathering this data requires access to third-party best-practice peer and market data.

The conundrum is that in cost-conscious times CIOs are naturally reluctant to invest in benchmarking specialists. However unless the right cuts are made in the right place, the negative impact on service performance may lead to more revenue loss than money saved.

Outsourcing - get the price right
Analyzing outsourcing costs is even more challenging than planning internal cuts. Businesses often feel they are overpaying their IT service providers but can't pinpoint how much or why because of the lack of pricing transparency in the contract.

Cost creep can occur because of loss-leader cutbacks on renewal, because the client wants customized services or because their legacy infrastructure is highly complex.

In such cases, the client should be encouraged by providers to standardize application platforms, eliminate redundant desktops or rationalize service centers to save money.

Apples-to-apples comparisons
Sometimes clients automatically request a premium-level service where a standard one would suffice (however, don't expect providers to point this out, since it's rarely in their interests to do so).
Sometimes a CIO needs a job done in a rush whatever the cost. To save money CIOs should be encouraged to plan ahead and always check with their providers on the cost implications of doing work under time pressure.

However the services are delivered, it is important customers are able to compare what they are paying for a service - such as hosted email or help center support - on an apples-to-apples basis with the competition.

They should be able to make an informed choice between various service components by comparing every supplier's service catalogue and then compare these with the market average. Without this capability, there is no objective basis for knowing if one is paying under or over the
odds for any particular supplier.

Prosper or perish
While benchmarking cost/performance is currently enjoying a renaissance in the wake of cost-saving pressures, there has also been a trend towards companies - and outsource service providers - measuring their cost/performance ratios as a key part of
routine maintenance, or 'good housekeeping'.

This ensures that at any given time both clients and their suppliers can ensure they are working to best market practice. And in the case of service providers, it enables them to make a regular check that their price and quality positioning are competitive.

And those organizations who don't benchmark? Sometimes it's because they are reluctant to face the pain of change or undergo the disciplines involved in cost-containment. Or they may simply feel that the best approach is 'don't fix what ain't broke'.


Mediocre efficiency ratings may not be an issue during economic expansion when there is no compelling need to tighten a few extra points of operational cost but in a recession CIOs can suddenly find themselves under the microscope.

On the upside, tightened fiscal conditions can be just the catalyst needed to galvanize the complacent into action. There is something very focusing in the realization that the health of a company's IT price/performance environment may just be the key determinant in whether it prospers or perishes in the future.

Paul Michaels is director of consulting at Metri...

Windows Server 2003 & XP x64 Editions SP2

Source

There have been a few articles floating around on the Internet since we released the private beta of Windows Server 2003 SP2 a couple of weeks ago.  To remove any mystery or speculation about what this Service Pack 2 is about, I thought I would take a couple of minutes to lay it out.

First off, I know SP1 to Windows Server 2003 made some pretty big changes to the way we do security and it introduced a cycle of application testing and some compatibility issues….this was, however, a necessary evil needed to address server security.

Now that WS03 SP1 is the foundation for security moving forward, SP2 is back to a ‘standard’ service pack from MS…….

What this service pack contains:

  • All previously release Security Bulletin Updates
  • Roll-ups all individual hotfixes released since RTM of Windows Server 2003
  • Provides fixes to increase reliability, robustness and security
  • A collection of some customer requested features and features to support Windows Vista

What this service pack isn’t:

  • It isn’t SP1 :-)

Windows Server 2003 Service Pack 2 will update the following versions:

  • Windows Server 2003 Editions (32-bit x86)
  • Windows Server 2003 R2 Editions (32-bit x86)
  • Windows Server 2003 x64 Editions
  • Windows Server 2003 R2 x64 Editions
  • Windows Server 2003 for Itanium-based Systems
  • Windows XP Professional x64 Edition

Did you catch that last one?  That's right - the same SP2 bits will also update the x64 Edition of Windows Server Professional.  Cool.

Even thought SP2 is a standard service pack meant to  will also introduce a few limited-scope features, which include:

Windows Deployment Services
WDS is an updated and redesigned version of Remote Installation Services (RIS). WDS will be required to support the deployment of Windows Vista. WDS offers this functionality along with improved security surrounding image store, delegation of administration and better management story.

Microsoft Management Console
Microsofr Management Console 3.0 supports richer functionality in snap-ins designed for the MMC 3.0 infrastructure. In addition it allows users to add or remove snap-ins and provides improved error handling via the MMC console. Microsoft Management Console 3.0 replaces its predecessor (v2.1) for Windows Server 2003 customers. This feature is installed by default upon Service Pack 2 installation. 

Wi-Fi Protected Access 2 (WPA2)
Wi-Fi Protected Access enhances the wireless client software with support for the new Wi-Fi Alliance certification for wireless security. The update also makes it easier to connect to secure public spaces that are equipped with wireless Internet access. These locations are otherwise known as "Wi-Fi hotspots". This feature is enabled by default upon Service Pack 2 installation.

Scalable Networking Pack
Scalable Networking Pack supports new hardware that allows TCP offloading capability (aka TOE) to the OS. These changes will scale Windows networking to multi-gigabit link rates and across multiple CPUs. This feature is turned OFF by default and can be enabled only when the specific hardware is present.

Enabling ‘Firewall per port’ Authentication
‘Firewall per port; authentication secures traffic between the Extranet environment and internal assets that are protected via IPsec domain isolation. This feature is enabled by default upon Service Pack 2 installation. 

Performance improvements for SQL Server
Service Pack 2 provides performance improvement for SQL Server 2005 under intensive workloads . These improvements are installed by default upon Service Pack 2 installation.

Enhanced discoverability options in MSConfig
MSConfig now contains an additional tab which provide a single launching point for common support tools that will ease the discoverability of common diagnostic functionality This improvement is turned on by default upon Service Pack 2 installation.

Improved IPSEC Filter Management
Service Pack 2 reduces the filter set that needs to be managed in a Server and Domain Isolation using IPSEC scenario from ~400 filters to just 2 filters. It also removes the need for ongoing filter maintenance due to infrastructure changes. This performance improvement is turned on by default upon Service Pack 2 installation.

Performance improvements under Windows Virtualization
Service Pack 2 improves the performance under high APIC access rate for Windows Server 2003 running as a multiprocessor guest operating system under Windows Virtualization. 

You can keep up to date with SP2's progress at our Service Pack roadmap website:

Sunday, November 23, 2008

How to setup Network attached Storage

Source July 17th, 2007

Network-attached storage (NAS) is a dedicated data storage technology. The NAS server provides centralized data storage, which is easily accessible to users who belong to different networks over the Internet. There are different applications that can be implemented using NAS, such as data storage and file sharing. The purpose of the NAS server that I am going to set up, is that of data storage. It is to be used to provide remote backup of the data in clients™ servers.

The Operating System

Next step I have to do is to decide on an OS to setup the NAS server, which is free and easy to use.

I came across the site http://www.openfiler.com/

Openfiler is a project for a open source Network Attached Storage (NAS) OS distribution. It was developed by Xinit Systems and provides a file-based NAS system and block-based Storage Area Networking (SAN) in a single framework. Openfiler brings together almost all storage networking protocols into a single framework.

Installation via VMware :

Openfiler is a standalone Operating System, which requires access to all system resources in order to function. I got confused on how to install it remotely. Then I came to know that it can be installed in a virtual machine environment such as VMware. I decided to try out first in a test server which had a 40GB hard disk.

A VMware Server installs on any existing server hardware .
It partitions a physical server into multiple virtual machines, and provides for more hardware utilization and flexibility. So my first task was to install the VMware server.

The following packages needs to be installed in the remote server – The VMware Server itself and also the Management Interface.
Also install the VMware Server Linux client package, both in the server and your local machine. The rpms for the packages can be downloaded from the VMware site and the installation steps too are documented there. The installation guide can be obtained from

http://pubs.vmware.com/server1/wwhelp/wwhimpl/js/html/wwhelp.htm

Once the VMware installation is complete, you need to connect to the server remotely using the VMware Server client package.
Login using the IP address of the server and root password.

Once you are connected to the VMware server, you need to create a new virtual machine. It would create a set of files that represent a new computer, with a blank, unformatted hard disk, onto which the new operating system can be installed. The virtual disk by default has its disk space preallocated at the time of creation. I created a virtual disk of about 20GB size. The virtual disks are physically located in the folder /var/lib/vmware/Virtual Machines/ .

The Images of CD-ROMs are usually .ISO files. The .iso image was downloaded to the folder that was created for the virtual disk in the remote server, using wget command in SSH. Now, use the virtual machine settings editor to connect the virtual machine’s CD-ROM drive to the .ISO image file, then Power ON the virtual machine. The Openfiler OS would start installing, and you would get a graphical installation screen as per the steps given here:
http://www.openfiler.com/docs/install/graphical_install.html
Once the installation is complete, you can start configuring Openfiler by pointing your browser at the host name or IP address of the Openfiler system. The interface is mounted on https port 446. e.g.
https://test.myserver.com:446.

Installation via Installer :

Now that everything went fine in the test server, I decided to give a try in the real server. But the actual server had a 2 TB hard disk, which made my task difficult. I was not able to use VMware, as the hard disk size was really huge to create virtual disks. So, I started thinking of other options. There was still the restriction of no physical access to the server.

Luckily, I got IPMI access to the server.
The Intelligent Platform Management Interface (IPMI) specification has a set of common interfaces to computer hardware which can be used to monitor system health and to manage the system remotely. The IPMI provided a Text console, which I could make use of in the installation purposes.

But the server wasn’t configured to show the grub menu over the serial console. This would prevent us from selecting alternate kernels during the boot process. I could find that, for grub to work with IPMI, it has to be enabled for the serial console. Follow the steps given below to do this.

Find the serial port number and speed used on your server:

# grep agetty /etc/inittab
On my server the console is connected to serial port 1 with a speed of 19200:<br />co:2345:respawn:/sbin/agetty<br />ttyS1 19200 vt100-nav<br />Now open /boot/grub/grub.conf, and add the following lines below “hiddenmenu”:<br />serial --unit=1 --speed=19200<br />terminal --timeout=80 console serial<br />Replace the port number , timeout and speed if necessary.<br />To test this out, reboot your server and then connect<br />to the serial console as soon as possible using IPMIView. <br />Eventually,after a minute or so, you should see the following message repeating:<br />Press any key to continue.<br />Press any key to continue.<br />Pressing a key at this point will launch GRUB on the serial console.<br />First off, you would need to download the network installation image for the Openfiler OS that you want to install. I was able to download one boot.iso for Openfiler from <br /><a href=”http://www.rpath.org/rbuilder/project/openfiler/release?id=5076″http://www.rpath.org/rbuilder/project/openfiler/release?id=5076<br />I downloaded the boot.iso image to the server itself, using the wget command. <br />Next, you need to create a temporary directory in which to mount the ISO image to get the files out of it:<br />mkdir /nas<br />mount -o loop<br />boot.iso /nas<br />You also need to create a directory in your /boot directory. The /boot should be on a partition of its own. Copy the boot files from the iso image to the folder created.<br /># mkdir /boot/nas<br /># cp -R /nas/* /boot/nas/<br />Next you need to find the appropriate initial RAM disk and kernel files amongst these boot files. These will generally be called “initrd-xxxxx” and “vmlinuz-xxxxxx” respectively. Now that you have the files in the boot partition, you need to configure GRUB to allow you to boot into the installation.<br />Add the following section to grub.conf file.<br />title NAS install<br />root (hd0,0)<br />kernel<br />/nas/isolinux/vmlinuz console=ttyS1,19200<br />initrd /nas/isolinux/initrd.img
This assumes that your boot partition is /dev/sda1 (or /dev/hda1) as indicated by the “(hd0,0)” part. If your /boot partition is different, you can alter the device accordingly. The “console=ttyS1,19200″ part is very important as it tells the installation program to use the serial console accessible through the IPMI View program for the installation.

Now, you should get the iso image for the openfiler as mentioned earlier. I had a second hard disk of 50GB, in the server. I mounted that as another partition and downloaded the iso image for openfiler to that partition.

Now, reboot the server and choose the NAS install from the grub menu. The installer would start running. Fill in the details appropriately. The installer gives different options for installing the OS, such as NFS, FTP, HTTP, Hard Disk, CDRom etc. I elected the Hard Disk option as my OS image was on the second hard disk. I selected the appropriate hard disk and gave the path to the iso image. Please note that Openfiler does not exist with any other Operating System. The installer would format the entire drive on which its being installed, before installing the packages. The installer successfully completed installing the Openfiler in the 2TB drive of my server in about 4-5 hours. The installation steps are the same as given earlier, http://www.openfiler.com/docs/install/graphical_install.html.
Only difference that it would be text based and not graphical in this case. You can partition the drive manually or automatically, as you prefer. Once the installation is over, Reboot the server and you would be able to get a new server with Openfiler OS installed.

Login to the Interface and configure the Openfiler as per your requirements. A very good manual is available here : http://www.openfiler.com/docs/manual/

The installation process was a Trial and Error method which took up a lot of my time . There may be other effective methods and there are other OS distributions available for NAS. The steps given above depict the way I set up my server.

References:

http://www.openfiler.com/

http://sourceforge.net/docman/?group_id=90725

http://www.vmware.com/support/pubs/server_pubs.html

http://www.znark.com/tech/serialconsole.html

http://www.cyberciti.biz/nixcraft/vivek/blogger/2004/03/how-to-mount-iso-image-under-linux.php



Articles by Reeshma Ajin About the author: Reeshma
Ajin works as Sr. Software Engineer in Bobcares.com. She has worked in Bobcares for over 4 years and mainly specializes in
Linux server administration.

Virtualization using VMware

Source October 18th, 2007

I have been using and recommending Xen for Full Virtualization for a while now. Yet, when I tried to install Xen on my old PC that ran on AMD’s Athlon XP processor, I was not able to enable Full Virtualization using Xen. I know that Xen uses technology that demands higher hardware specifications to provide full virtualization. Somehow, I wanted to make my old PC a fully virtualized machine. I evaluated a few virtualization applications to make that possible. A few of them were..

1. ‘VMware’ and
2. ‘Microsofts Virtual PC’ (it only supports MS-DOS, Windows, and OS/2).

I wanted to use this on Linux, therefore I opted for VMware.
Fortunately it worked like a charm. Now there are four different
Operating Systems are running concurrently on that old PC!.

NOTE : However I think XEN will be the right choice if your sole purpose is ‘Testing’ or you wish to implement Load balancing between the nodes.

Why ‘VMware’

1. Full virtualization is free of cost.
2. Transfer of one VMware node from one server to another is quite simple, just like copying a file.
3. Fewer system requirements than other full virtualization technologies.
4. Provides full virtualization on a wide variety of processors.
5. Free and robust node/server management tools.
6. Extremely faster on VT enabled processors.
7. Widest selection of Guest Operating Systems.
8. If you are not using the free version, there are several other reasons to choose ‘VMware’.

Tested on machines with following configuration

This configuration was based on tests performed on a local machine
and remote production server with the following configuration.

Local Machine
Processor “AMD Athlon XP
Number of Processors 1 No
OS Fedora Core 7
RAM 640 MB
Hard Disk 120 GB No of Nodes Created 4 nos (3 windows and 1 Linux)
Remote Server
Processor Intel(R) Xeon(R)
Number of Processors 3 Nos
OS Fedora Core 7
RAM 16 GB
Hard Disk 320 GB
No of Nodes Created 6 nos (3 windows and 3 Linux)
Configure ‘VMware’ on a remote server
Requirements
2. Pre-install steps
3. Install VMware server
NOTE : Read through the entire installation steps before start installing it on a remote server.
1. Requirements
Compatible Host Operating Systems
You can install VMware Server software on Microsoft Windows or Linux server. It is possible to install a wide variety of Guest Operating Systems on its virtual nodes.
Here we are going to use Fedora Core 7 Operating System for the VMware server on which we are going to create virtual nodes.
Compatible Processors
Intel : Pentium II, Pentium III, Pentium 4, Pentium M Xeon,and EM64T.(Dual-core processors are supported and counted as one processor for licensing.)
AMD : Athlon, Athlon MP, Athlon XP, AMD Opteron, AMD Athlon 64, Turion 64.
Experimental support for AMD Sempron.)
NOTE : Many of these processors are not supported by XEN for Full Virtualization!!! ‘VMware’ is amazing… right?
RAM requirement
It’s best to allocate at least 128 MB of RAM for each guest node.
Hard Disk Space requirement
Hard disk space really depends on the use. Better to provide at least 10 GB for each nodes.
2. Pre - Installation Steps
a. Log into remote server
Log into the server which you wish to make as VMware host server. You must have root access to the system for installing VMware.
b. Check the Kernel
If FC7 has been installed with the option ‘virtualization’ (tools for XEN), your system should have two kernels. Make sure that your system is running under the default FC7 kernel and not the kernel for XEN.
# uname -r
If you are using the XEN kernel the do the following steps.
1. Edit /etc/grub.conf to make the original FC7 kernel as the default kernel to run.
2. reboot the server.
3. Confirm using 'uname -r'
c. Development Support
The OS must have development tools. Use the following command to install them all.
# yum groupinstall "Development Tools"
#yum install gcc gcc-c++
You can also install them from the FC7 installation DVD/CDs.
d. Check whether the running kernel matches the kernel headers
# uname -r; rpm -q kernel-devel
If the versions are not matching run the following commands.
# yum -y upgrade kernel kernel-devel
# reboot
# uname -r; rpm -q kernel-devel (to make sure whether they matches)
If the kernel development tools are not installed currently, then perform the following commands.
# yum install kernel-devel
# uname -r; rpm -q kernel-devel (to make sure whether they matches)
e. Find the location for kernel headers
While installing ‘VMware’ you will be asked for the kernel headers location. You may find it by running the following command.
# ls -d /usr/src/kernels/$(uname -r)*/include
f. Install ‘xinetd’
# yum install xinetd
g. Download the latest VMware patch
Since VMware hasn’t been released for the new kernel version ‘2.6.21-1.3194.fc7′, we have to apply a patch as follows.
#mkdir /usr/src/vmware/ /usr/src/vmware/patch
#cd /usr/src/vmware/patch
#wget http://knihovny.cvut.cz/ftp/pub/vmware/vmware-any-any-update113.tar.gz
# tar -zxvf vmware-any-any-update113.tar.gz
#cd vmware-any-any-update113
Do not run ‘./runme.pl’ now, we will do this later.
h. Obtain the free serial number from ‘VMware.com’
Use the link ‘http://register.vmware.com/content/registration.html’ and register for the free serial code. You have to paste the serial code while installing ‘VMware’. If not you will not be able to install guest OSs on the nodes though you can create virtual nodes.
3. Install VMware server
Installing VMware server is quite simple.
Step : 1
Through RPM
#wget http://download3.vmware.com/software/vmserver/vmware-server-1.0.3-44356.i386.rpm
#rpm -ivh vmware-server-1.0.3-44356.i386.rpm
Through Source
# wget http://download3.vmware.com/software/vmserver/vmware-server-1.0.3-44356.tar.gz
#tar -zxvf Vmware-server-1.0.3-44356.tar.gz
#cd vmware-server-distrib
# ./vmware-install.pl
While doing this you will be prompted for running the VMware configuration script ‘/usr/bin/vmware-config.pl’. Do not run this, we will do it in the next step.
Step : 2
# cd /usr/src/vmware/patch/vmware-any-any-update113
# ./runme.pl
This will patch the kernel and automatically call
‘/usr/bin/VMware-config.pl’.
Simply press ‘enter’ for selecting default values.
You will also have to enter the serial code for activating the software.
NOTE 1 : Remember the VMware port you used while installing VMware?
It’s required to manage the server remotely. I have used the port 902.
NOTE 2 : I would strongly recommend you to never open the VMware port over Internet. Restrict the access of this port from localhost only. Make sure that it is accessible via localhost, else we can’t manage the server via other machine
Create/manage Virtual Nodes
Now lets see how to create and manage nodes on the remote VMware host server. We can do this easily by installing the VMware Server Linux/Windows client package.
On the remote server, do these step
# mkdir /usr/src/vmware
#cd /usr/src/vmware
#wget http://download3.vmware.com/software/vmserver/vmware-server-linux-client-1.0.3-44356.zip
#unzip Vmware-server-linux-client-1.0.3-44356.zip
# rpm -ivh Vmware-server-console-1.0.3-44356.i386.rpm
Connect to the remote VMware server using VMware client
NOTE : The local system must be installed with the VMware Server Linux client package as shown above.
1. Set an ssh tunnel from local system to remote VMware server
Since VMware port ‘902′ on the remote server has been restricted for localhost access only, we are not able to connect to this port directly. Connect(via SSH) to the remote server to setup a tunnel between the systems. This way we can access the VMware port of the remote server via the local port 1902.
# ssh root@remoteserver -L :1902:127.0.0.1:902
or
# ssh root@remoteserver -L 127.0.0.1:1902:127.0.0.1:902
Enter root password to log into the remote VMware server. Make sure that VMware is running fine on this server.
# service vmware status
2. Start the VMware client from local machine<br Open another console on the local machine and type the following command, this will open a graphical window to connect to the remote  server.
# vmware-server-console &
3. Connect to the remote server using the following details
Host name - 127.0.0.1:1902
Username - root
Password - [root password of remote VMware host]
This will open the window to manage your VMware server from the local machine.
If you haven’t blocked the port access over internet, you can ignore step 1 (but make sure that vmware is running fine on the remote server) and use Host Name as follows.
Host name - [remote server IP]:902
Username - root
Password - [root password of remote VMware host]
4. Create/manage nodes
It is quite easy to create, delete, or manage nodes on a VMware server through the client package. The application interface is self explanatory and you can easily use it.
5. Install the Guest Operating System
1. Insert the Windows/Linux CD/DVD in the CD/DVD drive.<br />2. Power on the virtual machine to start installing OS.<br />3. Follow the remaining installation steps as you would for<br />a physical machine.<br />You may also install it from network locations, ISO or from a OS template. You can also create a mirror of the existing node.

NOTE : If you click on the node window and the cursor disappears, you have to press ‘ctr’ + ‘alt’ keys to retrieve the cursor.

Acknowledgment

I would like to express my gratitude to Ajeesh T Vijayan, for helping me with this project.

References

1. http://www.vmware.com
2. http://www.howtoforge.com/vmware_server_fedora7
About the author:
Sibin C has worked for over a year in Bobcares as a System Administrator. His interests mainly lie in writing scripts that will ease the work of system administrators, securing and administrating Linux/Windows servers.

Business Software

2020software.com
Since 1995, this site has represented only the best accounting, ERP and business software systems in their class.

As
you probably know there are tens of thousands of software systems for
sale - there are a number of search engines you can use to get a list
of all products available. But do you have time to weed through them
all?


Our added value is to present this "short-list"
of products that are developed by fiscally stable corporations that
provide excellent support and long-term development strategies.


This site offers a number of free services:
  • Free Demos - One form will allow you to request a number of demos.
  • Selection Assistance - Provide your requirements and we can assist in the selection of the right system.
  • Best Pricing - Receive a proposal from the best local sales consultants.
  • Software Comparisons - Compare the top solutions head to head in various categories and industries
Do you need help in determining what's important in a product? Check
out our newly released buying guide for more detail! Do you need help in determining what's important in a product? Check
out our newly released buying guide for more detail!
Manufacturing/ERP Software Buying Guide - An SMB's Guide to Buying Manufacturing ERP Software

Seamless Windows Virtualization in Ubuntu

Source (última edición 2008-10-13)

Rather than have an entire separate Windows desktop, you can run virtualized programs directly on your Linux desktop using the latest (version 1.5.0) rdesktop package that comes with Ubuntu 7.04, and Windows XP Professional's Terminal Services feature.

  • You do not however need a whole Windows installation (and therefore not need a virtualization at all) to:
    • run Windows applications in general. This can be done with the open source project [Wine]
    • use Internet Explorer. See InstallingInternetExplorer

    • edit video, develop web applications, etc... There are very many open source alternatives to your old Windows application. See http://www.osalt.com/

OpenSourceSeamlessVirtualizationResized.png

  • Start a Windows XP pro VM.
    • If using VMware, configure host-only networking, and note the VMs IP address for later.
      • You do not have to use host-only networking. Worked for me with "Custom: Specific visual network" [Ramvi]

    • If using QEmu, use the following command

qemu -m 384 -redir tcp:3389::3389 windows.img</pre></div><p class="line874" align="justify"> <span class="anchor" id="line-20"></span></p><div align="justify"><ul><li><p class="line862">This also works with <a href="https://help.ubuntu.com/community/VirtualBox">VirtualBox</a>, similarly easy as in <a href="https://help.ubuntu.com/community/VmWare">VmWare</a>. The only "tricky" part is configuring a host-only network in <a href="https://help.ubuntu.com/community/VirtualBox">VirtualBox</a>. Check these links for more information:<a class="http" href="http://ubuntuforums.org/showthread.php?p=2062234#post2062234">http://ubuntuforums.org/showthread.php?p=2062234#post2062234</a> and <a class="http" href="http://www.happyassassin.net/2007/02/06/vmware-to-virtualbox/">http://www.happyassassin.net/2007/02/06/vmware-to-virtualbox/</a> <span class="anchor" id="line-21"></span><span class="anchor" id="line-22"></span><span class="anchor" id="line-23"></span></p></li></ul></div><p class="line874" align="justify">This makes any connections to the localhost port 3389 be directed to the QEmu VM on port 3389, where Windows Terminal Services will run. <span class="anchor" id="line-24"></span></p><div align="justify"><ul><li><p class="line862">In the VM, log in as Administrator. Open the Control Panel (click <strong>Start</strong> → <strong>Control Panel</strong>) <span class="anchor" id="line-25"></span></p></li><li><p class="line862">Enable Terminal Services: in the control panel, click <strong>User Accounts</strong>. Ensure that <strong>Use the Welcome Screen</strong> and <strong>Fast User Switching</strong> are both checked. Click <strong>OK</strong>. <span class="anchor" id="line-26"></span></p></li><li><p class="line862">Allow remote connections: in the control panel, click <strong>System</strong>. On the <strong>Remote</strong> tab, tick <strong>Allow users to connect remotely to this computer</strong>. If you want to connect to a limited account, click 'Select Remote Users' and make sure the user account is in the list. Click <strong>OK</strong>. <span class="anchor" id="line-27"></span></p></li><li><span class="anchor" id="line-28"></span><br /></li><li><p class="line862">In the VM, download <a class="http" href="http://www.cendio.se/files/thinlinc/seamlessrdp/seamlessrdp.zip">http://www.cendio.se/files/thinlinc/seamlessrdp/seamlessrdp.zip</a>. Extract to <strong>C:\seamlessrdp</strong>. Ensure that the user account that you want to access has permissions to access this folder. Then log out of the VM. <span class="anchor" id="line-29"></span></p></li><li><p class="line862">If you don't have 'Internet > Remote Desktop Viewer' then install <strong>rdesktop</strong> on the host. See <a href="https://help.ubuntu.com/community/InstallingSoftware">InstallingSoftware</a>. <span class="anchor" id="line-30"></span></p></li><li>Test running an application seamlessly. <span class="anchor" id="line-31"></span><span class="anchor" id="line-32"></span></li></ul></div><p class="line867" align="justify"><span class="anchor" id="line-33"></span><span class="anchor" id="line-34"></span></p><div align="justify"><pre>rdesktop -A -s "c:\seamlessrdp\seamlessrdpshell.exe C:\Program Files\Internet Explorer\iexplore.exe" <IP of VM>:3389 -u administrator -p password</pre><span class="anchor" id="line-35"></span><span class="anchor" id="line-36"></span></div><p class="line862" align="justify">For QEmu, use 'localhost' for <IP of VM>. For VMWare and for <a href="https://help.ubuntu.com/community/VirtualBox">VirtualBox</a>, use the IP address noted down earlier. <span class="anchor" id="line-37"></span><span class="anchor" id="line-38"></span></p><p class="line874" align="justify">A large window will pop up briefly with the Windows login screen, then your application should start in its own window. <span class="anchor" id="line-39"></span><span class="anchor" id="line-40"></span></p><p class="line862" align="justify">You can now create a desktop launcher to run the command above in future, when the VM has been started. High-resolution .PNG icons for Windows applications are available from <a class="http" href="http://deviantart.com/">DeviantArt</a>. <span class="anchor" id="line-41"></span><span class="anchor" id="line-42"></span></p><p class="line867" align="justify"> </p><h3 id="Making Windows Apps Look at Home in Ubuntu" align="justify">Making Windows Apps Look at Home in Ubuntu</h3><div align="justify"> <span class="anchor" id="line-43"></span><span class="anchor" id="line-44"></span></div><p class="line874" align="justify">To help Windows apps look at home in Ubuntu, you may configure Windows to use the Ubuntu Human theme. <span class="anchor" id="line-45"></span><span class="anchor" id="line-46"></span></p><p class="line867" align="justify"><img alt="SeamlessVirtualizationWithThemingResized.png" class="attachment" src="https://help.ubuntu.com/community/SeamlessVirtualization?action=AttachFile&do=get&target=SeamlessVirtualizationWithThemingResized.png" title="SeamlessVirtualizationWithThemingResized.png" /> <span class="anchor" id="line-47"></span><span class="anchor" id="line-48"></span></p><div align="justify"><ul><li><p class="line862">In the VM, download the <a class="http" href="http://www.deviantart.com/deviation/37743373/">Human for Windows theme</a> from <a class="http" href="http://www.deviantart.com/download/37743373/">http://www.deviantart.com/download/37743373/</a>. Extract the file to <strong>C:\windows\resources\Themes</strong>. <span class="anchor" id="line-49"></span></p></li><li>In the VM, specify the theme to be used for Terminal Services in\the Group Policy Object Editor.  <span class="anchor" id="line-50"></span><ul><li><p class="line862">Click <strong>Start</strong> → <strong>Run</strong>. Then type <strong>gpedit.msc</strong>.  <span class="anchor" id="line-51"></span></p></li><li><p class="line862">In the Group Policy Object Editor, navigate to <strong>User Configuration/Administrative Templates/Control Panel/Display/Desktop Themes</strong>.  <span class="anchor" id="line-52"></span></p></li><li><p class="line862">Open the <strong>Load a specific visual style file or force Windows Classic</strong> setting. Enable the setting, and enter <strong>%windir%\Resources\Themes\Human\Human.msstyles</strong> as the style. <span class="anchor" id="line-53"></span></p></li></ul></li><li><p class="line862">Note: Windows 2003 only must also enable the Theme Service under <strong>services.msc</strong>. <span class="anchor" id="line-54"></span></p></li><li><p class="line862">Log out of Windows (you <strong>must</strong> log out of <strong>all</strong> accounts) <span class="anchor" id="line-55"></span></p></li><li>Test your application from the host: <span class="anchor" id="line-56"></span></li></ul></div><p class="line867" align="justify"><span class="anchor" id="line-57"></span><span class="anchor" id="line-58"></span></p><div align="justify"><pre>rdesktop -A -s "c:\seamlessrdp\seamlessrdpshell.exe C:\Program Files\Internet Explorer\iexplore.exe" <IP of VM>:3389 -u administrator -p password

If using QEmu, use 'localhost' rather than the IP of the VM.

The new theme will take effect after the login screen.

Some themes that are larger or smaller than default might show a few lines of the Windows wallpaper color.

Shortcomings/Notes

  • Due to limitations in Windows XP clients, only one user can be logged in remotely at a time. The way the current solution is designed, this translates to one program running at a time.
    • I find that the best application to start is "C:\WINDOWS\SYSTEM32\taskmgr.exe". It lets you start more applications and got options for logging out (which you should do when done with Windows. Or else I've found that you're not able to log back in) ~~~~
    • Not necessarily. I've found that if you launch a program that can launch other programs (ex: my computer or cmd.exe), you can use it to open other programs, which then also show up as windows. I've tried it, and I was able to run Internet Explorer and Adobe Acrobat at the same time. The limitation seems to be in the windows program, not anything in rdp. -- JoeTerranova

    • However, RDP 6.0 (since Windows Server 2003 SP1) supports running individual programs, so no need for seamless desktop. Does rdesktop support 6.0 features yet? -- MarkReitblatt

      • Not yet. Ideally needs Microsoft need to release the protocol documentation. --ChrisRose4

    • There's an unofficial patch for XP Service Pack 2 that allows you to run unlimited concurrent remote user sessions to get around this limitation (it uses a terminal services library from a beta of SP2 that accidentally removed the limitation). It's probably OK for home users although I wouldn't recommend it for a business. http://www.kood.org/terminal-server-patch/

    • If you add a registry DWORD called NoDesktop to HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer and set it to 1 then log out and log in, you can start explorer in your rdesktop command line and get just a Windows taskbar. Of course, then you can't see your desktop if e.g. you log in using VNC. see http://www.linux.com/feature/124908?theme=print

  • The Human theme does not work in Windows XP x64.
  • There is an unofficial rdesktop version with seamless support made by Fontis IT Consulting. It's provide some interesting feature like loading multiple application in a Master Slave mode. So you can call rdesktop several time to open more application in the same user session. http://www.fontis.com.au/rdesktop

  • There is a freely available utility that launches a launchpad from which you can configure and run several applications from one seamlessrdp session. http://www.miguelfurtado.com/srdp.aspx

  • The Windows classic theme has glitches on the taskbar - use the hideous Luna theme or Human theme instead :)

  • XP Pro SP3 with the Hardy and Intrepid alpha 6 versions of rdesktop caused segmentation faults all over the place for me - I found that the 1.5.0 version from Debian doesn't have this problem - see https://bugs.launchpad.net/ubuntu/+source/rdesktop/+bug/275545 - fubarbundy

  • The 1.6 version of rdesktop in Intrepid seems to not hide window decorations - Hardy's 1.5 version or Debian's 1.5 and 1.6 versions don't have this problem - see https://bugs.launchpad.net/ubuntu/+source/rdesktop/+bug/275528 - fubarbundy

  • At least for XP Pro SP3, you can improve the appearance of Windows by enabling 24 bit colour and font smoothing. In Windows, run regedit, change HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp\ColorDepth to 4, under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations add a DWORD called AllowFontAntiAlias and set its value to 1, and under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp add an identical key (AllowFontAntiAlias 1). Restart Windows and Robert's your mother's brother. - fubarbundy