Category: OS

Fix the ESXi not responding problem

~ allen ~ Leave a comment

Situation:

A “not responding” are displayed after all esxi hypervisor shown in vsphere client which linked to the vcenter. Right click any of the esxi and select “Connect” will bring it back. But after a short while, no more than 90 secs, it will be back to not responding status.

Solution:

1 In vShpere client, open menu “Administration” — “vCenter Server Settings”, click “Runtime Settings” from the left panel, make sure that all IP and server name are correct. If not, re-enter it. Close and reopen your vSphere client — This is important.

2 Try to ping from your vCenter, not the vSphere client, to each of esxi hypervisors.

3 If you are using Windows Server 2008/R2 or any OS with firewall for vCenter, you need to add or change some firewall rules:

change:

Enable the “File and Printer Sharing (Echo Request – ICMPv4-In)”

Enable the “File and Printer Sharing (Echo Request – ICMPv6-In)”

Add a rule to allow TCP 903 income for ESXi heartbeat.

Add a rule to allow UDP 902 income for ESXi heartbeat.

4 Try to reconnect all ESXi hypervisors.

 

If the problem still exists, you have to google it again.

Windows Live Messenger Error 8100030d

~ allen ~ Leave a comment

When you get this error, you may need to delete your cache of WLM.

For XP users,?delete these folders:

  • C:\Documents and Settings\Your Windows logon name\Contacts\Your Messenger e-mail address
  • C:\Documents and Settings\Your Windows logon name\Local Settings\Application Data\Microsoft\Windows Live Contacts\Your Messenger email address

For Vista/Win7 users, delete these folders:

  • C:\Users\Your Windows logon name\Contacts\Your Messenger e-mail address
  • C:\Users\Your Windows logon name\AppData\Local\Microsoft\Windows Live Contacts\Your Messenger e-mail address

You may need to shutdown your WLM completely and some services like wlcomm.exe by Task Manager.

Install OpenVPN Server on CentOS 5.4

~ allen ~ 18 Comments

There are many guys asking me how to install OpenVPN on CentOS 5.2/5.4. I have a server with that system (minimal installation) exactly and I cannot find an all correct guide for this setup step. So I decide to write this post.

You cannot count on the post to explain what OpenVPN is. But if you just require a simple guide for installation, you’ve got it.

Preparation:

1 A server running with CentOS 5.2/5.4. I don’t know which services you’ve installed, so I have to install all necessary components by bash command. You can skip that command if you know that is installed.
2 A KVM, an SSH client or another way to connect to your server.
3 You must know how to use tool vi to edit file.

Setup guide:

All blue texts should be typed into bash command line, and press Enter after each command. All black texts are just commit. Read them as you wish.

Install some tools.

yum install -y wget Install a tool for downloading packages.
yum install -y iptables Install the controller for inputting firewall rules.

Configure yum to install OpenVPN

yum install -y yum-priorities Let your yum to install more packages.
cd /tmp
 wget http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.1-1.el5.rf.i386.rpm for x86 (32bit) only
wget http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.1-1.el5.rf.x86_64.rpm for x64 (64bit) only
rpm -i rpmforge-release-0.5.1-1.el5.rf.*.rpm
 yum check-update

Install OpenVPN

yum install -y openvpn

Configure OpenVPN Server

cd /etc/openvpn/
 cp -R /usr/share/doc/openvpn-2.0.9/easy-rsa/ /etc/openvpn/
 cd /etc/openvpn/easy-rsa/2.0/
 . ../vars There is a space between the 1st and 2nd dot.
chmod +rwx *
 source ./vars
 vi ../vars Modify the last several lines of this file to match your location and org name.
vi vars Modify the last several lines of this file to match your location and org name.
./build-ca Input your location and org name.
source ./vars
 ./clean-all
 ./build-ca Always press enter directly. You can verify your infomation in this step.
./build-key-server server Answer y twice for the 2 questions in the end, press enter directly for others.

Configure OpenVPN Setting. Following this post, you will get a server running at port 1194 with UDP protocol, and the sub network for VPN clients is 10.0.0.0/24. You can modify this document with the rest commands synchronously.

vi /etc/openvpn/openvpn.conf Create setting file.

Type all green text below to the edit form of vi.

port 1194 Use port 1194.
proto udp Use udp protocol. You can change this into tcp as you wish. It seems that udp is faster. Tcp can be used when you are using a udp banned network.
dev tun Mode. You can choose tun or tap. I don’t wanna explain this.
ca ca.crt
 cert server.crt
 key server.key
 dh dh1024.pem
 server 10.0.0.0 255.255.255.0 Sub network for VPN clients
push "dhcp-option DNS 208.67.222.222" Use DNS of OpenDNS.
push "dhcp-option DNS 208.67.220.220" Use DNS of OpenDNS.
push "redirect-gateway" Let all traffic from client to go though with this VPN server. Remove this line if you don’t want it.
ifconfig-pool-persist ipp.txt Let OpenVPN server to record the last used IP for each client, which allows client to use the same IP when reconnected.
keepalive 10 120
comp-lzo Enable compression for saving bandwidth.
user nobody
 group users
 persist-key
 persist-tun
 status openvpn-status.log
 verb 3
 client-to-client Allow clients to communicate with each others. Remove this line if you dont’t want it.

Save this file.

cp keys/{ca.crt,ca.key,server.crt,server.key} /etc/openvpn/
 ./build-dh This may take a while.
cp keys/dh1024.pem /etc/openvpn/
 /etc/init.d/openvpn start Service starts!
chkconfig --list | grep vpn

Create key for each client.

The working folder is /etc/openvpn/easy-rsa/2.0 and you can verify it by typing pwd if you like. If it’s not, type cd /etc/openvpn/easy-rsa/2.0 to change it. Run source ./vars if needed.

Run this command for each client.
./build-key <client name> Answer y twice for the 2 questions in the end, press enter directly for others. Change <client name> to client name.

Final steps and add some firewall rules

service iptables start Start the iptables service.
iptables -A INPUT -i eth0 -p udp --dport 1194 -j ACCEPT Allow udp datagrams to be received from port 1194 of your nic eth0. Notice that there are 2 hyphens before dport.
iptables -A OUTPUT -o eth0 -p udp --dport 1194 -j ACCEPT Allow udp datagrams to be sent from port 1194 of your nic eth0. Notice that there are 2 hyphens before dport.
iptables -A INPUT -i tun0 -j ACCEPT Allow traffic from OpenVPN nic tun0. Change it to tap0 if you use tap mode in server configuration.
iptables -A OUTPUT -o tun0 -j ACCEPT Allow traffic from OpenVPN nic tun0. Change it to tap0 if you use tap mode in server configuration.
iptables -A FORWARD -o tun0 -j ACCEPT Allow traffic from OpenVPN nic tun0. Change it to tap0 if you use tap mode in server configuration.
iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -o eth0 -j MASQUERADE Enable NAT.
/etc/init.d/iptables save Save iptables’ rules.
/etc/init.d/iptables restart Restart iptables service.
chkconfig iptables on Let iptables be started automatically.
chkconfig openvpn on So is openvpn.
vi /etc/sysctl.conf

Find a line with text net.ipv4.ip_forward = 0, change it into net.ipv4.ip_forward = 1, and save this file.

You’ve finished the configuration of server. Please restart it.

shutdown -r now

All certifications and key files can be found at /etc/openvpn/easy-rsa/2.0/keys. You should download ca.crt, <client name>.key and <client name>.crt to each client computer.

I’ll go on to create an OpenVPN client in Windows for example.

Download and install OpenVPN Windows Version.

Copy ca.crt, <client name>.key and <client name>.crt to its config folder (c:\Program Files (x86)\OpenVPN\config\ or c:\Program Files\OpenVPN\config\ by default). You can create a sub folder for each server to make it possible to connect to many servers, not at the same time.

Create a text file with extension “ovpn” in the folder which contains these 3 files with all green text below.

client
dev tun
proto udp
remote <your server name or ip address> 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert <client name>.crt
key <client name>.key
ns-cert-type server
comp-lzo
verb 3

Save this file.

Start OpenVPN Client, right click the icon in the system tray and connect the server. If you are running Windows Vista / 7 or Windows Server 2008 / 2008 R2, you have to run this program as administrator coz Route.exe which will be run by OpenVPN need this.

I hope you get it though.
BTW, if you are using fedora, you may wanna check this post, which contains more commands to adjust firewall.

For CentOS 6.0: iptables’ commands need to be adjust. See your iptables configuration file for detail information.

Remove vSphere snapshot automatically

~ allen ~ 3 Comments

From version 7 of VMware workstation, a new function named AutoProtect is added, which makes it easier to create and remove snapshots automatically. Unfortunately, vSphere doesn’t have some function like that.

In my situation, I need to protect some crucial services, like configuration management database, by creating snapshots, which can be done by daily scheduled tasks. But I still need to delete old snapshots manually which was created 5 days ago. In another word, I need to keep only about 5 latest snapshots for each specified VM.

After some research, I find a tool named PowerCLI. I made some PowerShell scripts to delete snapshots.

Connect-VIServer localhost
$i = new-object System.Int32
$a = Get-VM "CM Database" | get-snapshot -name: 'Daily Backup'
$i = 0
while ($a.Count-$i -gt 5) {$a[$i] | remove-snapshot -confirm: $false; $i++;}
$a = Get-VM "SVN" | get-snapshot -name: 'Daily Backup'
$i = 0
while ($a.Count-$i -gt 5) {$a[$i] | remove-snapshot -confirm: $false; $i++;}
Disconnect-VIServer -confirm: $false

By running this script in PowerCLI environment, the snapshots of vm “CM Database” and “SVN” with a name “Daily Backup” will be deleted from older to newer, until only 5 left — to keep the 5 latest snapshots. All snapshots with other names will not be affected.

I saved this script to file C:\RemoveDailySnapshot.ps1. Create a batch file to run this script:

C:\WINDOWS\system32\windowspowershell\v1.0\powershell.exe -psc "C:\Program Files (x86)\VMware\Infrastructure\vSphere PowerCLI\vim.psc1" -c ". \"C:\Program Files (x86)\VMware\Infrastructure\vSphere PowerCLI\Scripts\Initialize-VIToolkitEnvironment.ps1\";C:\RemoveDailySnapshot.ps1"

Update: code above is for vSphere 4.x; below is for vSphere 5.0.

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -psc "C:\Program Files (x86)\VMware\Infrastructure\vSphere PowerCLI\vim.psc1" -c ". \"C:\Program Files (x86)\VMware\Infrastructure\vSphere PowerCLI\Scripts\Initialize-PowerCLIEnvironment.ps1\";C:\RemoveDailySnapshot.ps1"

(You may need to change the path string in this code above.)
Finally, by adding this batch file as a Windows schedule task, the AutoProtect for vSphere has been reached.

I still wonder that why this useful function is not included in vSphere?

64bit world, without windows phone sync

~ allen ~ Leave a comment

From Office 2010, native x64 version is included. The funny thing is, if you install an x64 version of Outlook into your windows, no matter windows xp (x64), vista (x64) or win7(x64), you just cannot synchronize the data between Outlook and your windows phones.

It seems that ActiveSync(xp) and Windows Mobile Device Center(vista and win7) cannot recognize the x64 version of Outlook. And, the x64 version Outlook cannot be installed on the operation system which contains any x86 office components.

If you need to sync your windows phones with outlook, you have to install the 32bit office.

Virus remove manually (00333.cn)

~ allen ~ Leave a comment

There is a virus appeared recently which set your homepage of IE to 00333.cn frequently.

Now I provide a way to get you out of the trap. (Windows XP/2003/2003 R2/Vista/2008/7/2008 R2)

1 Navigate to the system32 folder of your windows system.
2 Get all files in that folder which like “mshtml??.dll”. You may find several files.
3 Check these files one by one. You can just submit file to?virustotal to check. Remember the file name which contains a virus.
4 Kill explorer.exe process by using Task Manager or some other tool.
5 Unregister that virus by running command: “regsvr32.dll /u mshtmlXX.dll” (without quote mark, and the file name is the same as the found one in step 3.)
6 Delete mshtmlXX.dll. If you cannot delete it (access denied), you can move that file into another folder (like the root of the driver which contains your operation system).
7 Restart computer.
8 Delete the file from your target folder if you cannot delete it in step 6.

Good luck.

BTW:
By the register information of 00333.cn (provided by www.miibeian.gov.cn), the owner of that site named Liu Yan (zh: 柳严). The register number is Shanghai-ICP-Reg-09032544(zh: ICP备09032544号).
This virus is coded by VB and activated by the context menu of explorer.exe. I dunno how my computer was infected.

Need we choose the Ultimate version of Windows 7 ?

~ allen ~ Leave a comment

Windows 7 Ultimate has all functions but it costs much expensive. In many cases, the additional functions are not so useful for us, or we can use some cheaper softwares instead.

Microsoft told us that, if you choose Professional version instead of Ultimate, you will lose these functions:

1 Help protect data on your PC and portable storage devices against loss or theft with BitLocker. (OK, if I really need this, why not to purchase another software instead )

2 Work in the language of your choice and switch between any of 35 languages. (Great, but not needed, at least for me.)

If you choose Home Premium version instead of the Professional one, several functions more are lost:

1 Run many Windows XP productivity programs in Windows XP Mode. (Yes, you may have known that is not so easy for use and cost lots of resources.)

2 Connect to company networks easily and more securely with Domain Join. (I think it’s not necessary at all for a home user.)

3 Recover your data easily with automatic backup to your home and business network. (It’s not the system restore, but a standalone backup tool. And, this is the only one function, backing up to a network destination. You still can backup to your hard disks and removable devices without it.)

And, with the much cheaper version, Home Premium:

Windows 7 Home Premium makes it easy to create a home network and share all of your favorite photos, videos, and music. You can even watch, pause, rewind, and record TV. Get the best entertainment experience with Windows 7 Home Premium.

  • Simplify your PC with new navigation features like Aero ShakeJump Lists, and Snap.
  • Customize Windows to look and feel the way you like by changing themes and taskbar programs.
  • Setting up a home network and connecting to printers and devices is easier than ever.
  • Windows 7 Home Premium supports the latest hardware and software.
  • Designed to make your PC sleep and resume quicker.
  • Takes full advantage of 64-bit PC hardware and memory.
  • Connecting to wireless networks is fast and easy.
  • Watch, pause, rewind, and record TV with Windows Media Center.
  • Watch your favorite DVD movies.
  • Includes integrated video and Dolby audio codecs.

Check it here: http://windows.microsoft.com/en-US/windows7/products/compare-editions