Wednesday, July 30, 2008

After Migrating an ESX VM (local storage to local storage) I get an error "The parent virtual disk has been modified since the child was created"

Basically the .vmdk files for the C: and D: drives lost their connection with the snapshot vmdk files. I was removing some snapshots to try and make the migration work smoother, and apparently it forgot what we were doing part way through. I used this site to find out how to do basic CID repair

http://sanbarrow.com/vmdk-basic-CID-chain-repair.html

http://sanbarrow.com/vmdk/vmdk-when-its-too-late.html

Worked like a champ, now my VM's are alive again on the new ESX Server.

Monday, July 28, 2008

ISA 2006 Reverse Proxy dies with 23006 error

So in an attempt at High(er)-availability I setup a proxy server load balance on my IIS7 Web Farm. I debated between using NLB or ISA, I have always been an ISA fan since back in the 2.0 days, so I went with it. However about once a week all of the websites being served with ISA report a 500 error. I am using a fully patched ISA 2006 server on a 2003 R2 SP2 machine. I noticed in the application event logs, this: Event ID: 23006

Description:The Compression filter cannot handle a response because the allocated memory currently used for compression reached its limit. The memory allocated for compression is specified by the following registry values under the HKLM\Software\Microsoft\RAT\Stingray\Debug\W3Filter key: COMPRESS_MEMORY_ALLOC_MBYTES (by default, 256) and COMPRESS_MEMORY_POOL_BLOCKS (by default, 200).

To resolve this I went into the general tab at the bottom of ISA manager and disabled HTTP Compression, but I did find a KB article about this bug. http://support.microsoft.com/kb/947521

Tuesday, July 15, 2008

GPO VPN connections

In Group Policy i'm trying to setup a VPN connection under the "Network Options" Windows Settings Preferences. Everything almost works great, but for some reason IPv4 and IPv6 are unchecked or not enabled on the clients after they receive the policy. I can't seem to find a way of making this work. I found this article of someone having the same issue, but nobody knows how to fix it. http://www.eggheadcafe.com/software/aspnet/32624228/configuring-vpn-using-gro.aspx

Any ideas?

Thursday, July 10, 2008

Weird DHCP issue ..resolved

Ok, so a user reports vista wants them to identify a new network i've never heard of as "home,work, or public". This isn't our corporate domain (which their machine is a member of), and this is happening over wired connections. To put it mildly, this gets my attention. I look at his network adapter settings, it's all setup to DHCP, nothing hard coded. doing a ipconfig /all and looking at his registry, he is receiving a different DHCP server than I am handing him, and his "DhcpDomain" as it is referred to in the registry is not my domain, but this newfound mystery domain. The crazy thing is that the "DhcpServer" is MY server. I verified with wireshark that my dhcp server is giving him the address directly, and that on his end, he is receiving DHCP from me, so what gives? where is the incorrect data coming from? In the packet capture I noticed something very interesting, there are Dhcp Inform packets coming from a random PC on my corporate lan.

Basically the answer is, someone created a "test domain" and installed DHCP server, configured a scope, and then disabled that scope, but did not delete the scope or uninstall/disable DHCP Server. Due to a microsoft bug, http://support.microsoft.com/kb/944200, it will still respond to these DHCP inform packets, and append/overwrite the data my DHCP server is sharing.

Good luck if this happens to you. I am going to go drink a Guinness.

Tuesday, July 1, 2008

More IIS FTP7

Ugh, so after a couple hours of frustrating results trying to FTP into my web cluster, a friend brought the obvious to my attention, windows 2008 firewall is blocking FTP by default, and that's why I can only reach it locally. Do the following to turn it off for anonymous(non SSL) FTP.

netsh advfirewall firewall add rule name="FTP (no SSL)" action=allow protocol=TCP dir=in localport=21
netsh advfirewall set global StatefulFtp enable

Thanks to the following blog
http://blogs.iis.net/jaroslad/archive/2007/09/29/windows-firewall-setup-for-microsoft-ftp-publishing-service-for-iis-7-0.aspx

132GB of ram in a workstation

16 Ram banks. I didn't think this was possible..

I just hope this thing will run ESX 3.5

http://h10010.www1.hp.com/wwpc/us/en/sm/WF25a/12454-12454-296719-307907-296721-3432827.html

Maximum memory
128 GB 667 MHz DDR2, 16 DIMM slots


What time does FedEx arrive today?

Word 2007 Prints garbage on envelopes

Well if your printing to an envelope and it looks like your printing in windings, in my scenario it turns out you may have a corrupt default font type (+Headings), try another font, replace the bad font if you still want to use that one.

asp (not dot net) troubleshooting is awful in 2008/IIS7

Well I found that when upgrading older applications written in the original asp to 2008/IIS7 can be very difficult as it appears no matter what you do, all errors return "500 Server error". I did read if you change the ASP options to show "Send Errors to Browser" and disable "HTTP Friendly error messages", and do this locally on the server, no matter what..you still only get "500 Server error". So the really cool error reporting and repair suggestions work great for asp.net, but don't bother with them for good old asp pages. The ASP CDO emailer page I was modifying had perfect code, but the SMTP server was rejecting my connection, and blamo, 500 server error.

Installing IIS FTP7 in a shared config

Since microsoft didn't ship FTP 7 on the windows 2008 disks, you have to uninstall the FTP 6 you installed during setup. Then you need to download the x86 or x64 version from here

http://www.iis.net/downloads/default.aspx?tabid=34&g=6&i=1619 (x86)
or
http://www.iis.net/downloads/default.aspx?tabid=34&g=6&i=1620 (x64)

Easy enough to install, unless your using a shared config IIS web farm. Now if you have no data in your shared config, no big deal, unless you're me and have completed the migration of a number of sites over to this shared config already and your doing FTP as a "last step" setup. So when you install FTP7, it says you can't be in a shared config, so you take the machine out of shared mode, install FTP7, add it back in, and you do this for all the machines in your shared config. However when your done, you don't have the option to "create FTP site" under your "Sites" tab. I also noticed in my System log the following error: Source: FTPSVC EventID: 30 "the FTP Service encountered an error trying to read configuration data from the file "\\?\UNC\servername\sharename\applicationHost.config, line number 0. The error message is: The configuration section 'system.ftpServer/providerDefinitions' cannot be read because it is missing section declaration. blah blah blah

So what this all means is that because I pulled my nodes out of the shared config one by one, then installed FTP7 on them, FTP7 modified the local config, then was never published those changes back to the shared config files, therefore the FTP Service doesn't work and I can't create FTP sites because the shared config doesn't know we have FTP7 installed. So a step by step on how to fix this follows.

1) Uninstall FTP6(on windows 2008 cd if you installed it) & FTP 7 if you've installed it already

2) Pull all your nodes out of the shared config 1 by 1, make sure you choose the option to copy the shared profile locally. This will keep your 'same config' and your sites wont experience an interruption during the modification process (assuming you have NLB or ISA-NLB or another load balancing option setup correctly).

3) Pick a node you like that has the shared config now copied locally. Install IIS FTP7 to that node. Make sure to restart IIS and your IIS Manager app, verify when you right click sites you have the option to "Add FTP Site...".

4) Move your shared config files somewhere else, leave the directory empty.

5) go into the "shared config" page again, choose "export configuration" and follow the normal steps and now make a new shared config. (just a hint, to make a encryption key that works, you need upper, lower, number and symbol). restart IIS and IIS Manager just for fun.

6) on all your other nodes, install FTP7, and add them back into the shared config.

That's about it, it should work for you.