Friday, January 30, 2009

ESX sees Raid Adapater, but it isn't available for a VMFS volume

First I did an fdisk, created a primary partition that took up the whole disk. It was type "fb"


Command (m for help): p
Disk /dev/sdb: 640.1 GB, 640136773632 bytes 255 heads, 63 sectors/track, 77825 cylinders Units = cylinders of 16065 * 512 = 8225280 bytes Device Boot Start End Blocks Id System /dev/sdb1 1 77825 625129281 fb Unknown Command (m for help): q

Then to put VMFS3 on it,
vmkfstools -C vmfs3 -S local vmhba1:0:0:1

Asus DSBV-DX mobo, Raid & ESX

Trying to use some local storage (3 x 750GB Seagate's in a Raid 5, and another random 80gb drive for the OS) on an ESX box, I decided to use the onboard raid for the Asus DSBV-DX. I had two problems, and I can thank some newsgroup posters for solving my issue(s).

Problem #1
Using the Default LSI controller build into the mobo (there are 6 Raid ports, they can be controlled by either the LSI or the Intel Storage Matrix) I could not create a raid 5 out of my disks, I tried everything, but in the LSI bios, it allowed me to choose Raid 5, but then gave the error of "Invalid Operation. Pls check the RAID key", so after my friend google found me this article http://vip.asus.com/forum/view.aspx?board_id=5&model=DSBV-DX&id=20080601052918421&page=1&SLanguage=en-us I realized that I had to use the Intel controller to leverage Raid 5, since the LSI doesn't support it.

Problem #2
Now that I have swapped the jumper over to Intel, and sucessfully configured a Raid 5 out of my drives, The ESX 3.5 Up3 install tells me that I have 3 individual drives, not the Raid 5 Single Drive it should see. Again Mr Google found me this http://vip.asus.com/forum/view.aspx?board_id=5&model=DSEB-DG&id=20080601004357890&page=1&SLanguage=en-us . So I grabbed a PCI-X ESX supported Raid controller, and now my ESX server is working again with local storage just like I wanted it.

another 20 minute job that took 6 hours...I love technology

Thursday, January 15, 2009

8 minimum Windows Security Best Practices

Inside of your "Domain security policy", "Local Policies", "Security Options"

Network Security: (enable these)
1) LAN Manager authentication level: "Send NTLMv2 response only, Refuse LM"
2) LDAP client signing requirements :"Negotiate Signing"
3) Do not allow anonymous enumeration of SAM accounts (and shares)
4) Do not store LAN Manager has value on next password change

Microsoft Network client
5) Digitally sign communications (always + if server agrees) = Enabled
6) Send

Microsoft Network server
7) Digitally sign communications (always + if server agrees) = Enabled

Domain Member:
8) Digitally encrypt and sign whenever possible.

Thursday, January 8, 2009

Windows 7 Beta1

So far so good.  Only found a few bugs, I like the Install, boot times, most software seems compatible (Vista software that is).  I like a lot of the windows live functions, I'm using Windows Live Writer to publish this post, so far, so good.  Antivirus seems a bit touchy, The latest Symantec EP doesn’t work, but AVG does.  Our systems management products are having some trouble gathering data, but I'm not surprised since its beta 1