0

Migrate VDM’s from one SAN to Another

Posted by paris on Oct 6, 2016 in Research

 

rdm_basic1It might be worth checking if these still need to be RDM’s. This was previously used for older versions of VMDK’s could only use 2TB , now with esx 5.5 and Virtual Machine hardware 10 this is upped to 62TB

Changed Pysical RDM to Virtaul RDM to VMDK’s

Use the webclient for this

1) Shutdown the server
2) Upgrade the Virtual Hardware to 10
3) Remove the Physical RDM Lun
4) Re-Add the Lun as Virtual
5) Power on server
6) Storage VMotion to New SAN

 

FYI Virtual RDM’s cannot be resized without shutting down the machine unlike Physical 

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Tags: , , , , , ,

 
0

Juniper Exam Revision Notes

Posted by paris on Oct 6, 2016 in Research

 

Deploy vSRX – VMware Workstation

RE – Routing Engine

— Manages the PFE

— Maintins Routing Tables

— Manages the Packet Forwarding Engine


PFE – Packet Forward Engine

— Is incharge of Policing , Stateless Firewall Filtering and CoS implemented by forwarding plane

— Forarding Plane Central Procesing contains the PFE

They are seperated in Juniper ( Control and Forwarding Planes ) to benifit speed and reduce bottlenecks -> https://www.juniper.net/techpubs/en_US/junos9.3/topics/concept/psd-control-and-forwarding-plane-in-separate-chassis.html

– Forwarding table is stored on both

-Routing Table ( stored on Control Plane ) Populate Forwarding Table

–Import Policys filter items doing to Routing Table

Routing Policy

Must have a then doesn’t need a from

Juniper also split software processes in Modules

Same base source code for all Boxes

Ctrl-A = Left All

Ctrl-U = Delete All

Ctrl-W = Backspace

Default Location for Configs are in /home/user

Default Location for logs /var/logs/

WIP Config = Canidate Configurations

Active Config = After Commit

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Tags:

 
0

Juniper Config for an SRX 240 in Failiver mode

Posted by paris on Oct 6, 2016 in Research

 

 

version 12.1X44-D35.5;
groups {
    node0 {
        system {
            host-name A;
        }
        interfaces {
            fxp0 {
                unit 0 {
                    family inet {
                        address 192.168.50.1/24;
                    }
                }
            }
        }
    }
    node1 {
        system {
            host-name SB;
        }
        interfaces {
            fxp0 {
                unit 0 {
                    family inet {
                        address 192.168.50.2/24;
                    }
                }
            }
        }
    }
}
apply-groups "${node}";
system {
    time-zone Australia/Brisbane;
    root-authentication {
        encrypted-password "";
    }
    name-server {
        8.8.8.8;
        8.8.4.4;
    }
    services {
        ssh;
        web-management {
            http;
        }
        dhcp {
            pool 192.168.30.0/24 {
                address-range low 192.168.30.100 high 192.168.30.200;
                router {
                    192.168.30.1;
                }
                propagate-settings vlan.100;
            }
    }
    ntp {
        server 129.250.35.250;
    }
}
chassis {
    cluster {
        reth-count 3;
        redundancy-group 0 {
            node 0 priority 200;
            node 1 priority 1;
        }
        redundancy-group 1 {
            node 0 priority 200;
            node 1 priority 1;
            interface-monitor {
                ge-0/0/14 weight 255;
                ge-5/0/14 weight 255;
                ge-0/0/15 weight 255;
                ge-5/0/15 weight 255;
            }
        }
        redundancy-group 2 {
            node 0 priority 254;
            node 1 priority 1;
        }
    }
}
interfaces {
    traceoptions {
        file interface-debug;
        flag all;
    }
    ge-0/0/11 {
        unit 0 {
            encapsulation ppp-over-ether;
        }
    }
    ge-0/0/13 {
        gigether-options {
            redundant-parent reth2;
        }
    }
    ge-0/0/14 {
        gigether-options {
            redundant-parent reth0;
        }
    }
    ge-0/0/15 {
        gigether-options {
            redundant-parent reth1;
        }
    }
    ge-5/0/13 {
        gigether-options {
            redundant-parent reth2;
        }
    }
    ge-5/0/14 {
        gigether-options {
            redundant-parent reth0;
        }
    }
    ge-5/0/15 {
        gigether-options {
            redundant-parent reth1;
        }
    }
    fab0 {
        fabric-options {
            member-interfaces {
                ge-0/0/2;
            }
        }
    }
    fab1 {
        fabric-options {
            member-interfaces {
                ge-5/0/2;
            }
        }
    }
    pp0 {
        unit 0 {
            ppp-options {
                pap {
                    local-name "";
                    local-password "";
                    passive;
                }
                lcp-max-conf-req 0;
            }
            pppoe-options {
                underlying-interface ge-0/0/11.0;
                idle-timeout 0;
                auto-reconnect 10;
                client;
            }
            family inet {
                mtu 1492;
                negotiate-address;
            }
        }
    }
    reth0 {
        vlan-tagging;
        redundant-ether-options {
            redundancy-group 1;
        }
        unit 100 {
            vlan-id 100;
            family inet {
                address 192.168.30.1/24;
            }
        }
    }
    reth1 {
        redundant-ether-options {
            redundancy-group 1;
        }
        unit 0 {
            encapsulation ppp-over-ether;
        }
    }
    reth2 {
        vlan-tagging;
        redundant-ether-options {
            redundancy-group 2;
        }
        unit 100 {
            vlan-id 100;
            family inet {
                address 192.168.30.1/24;
            }
        }
    }
}
routing-options {
    static {
        route 0.0.0.0/0 next-hop pp0.0;
    }
}
class-of-service {
    host-outbound-traffic {
        ieee-802.1 {
            default be;
        }
    }
}
security {
        tcp-mss {
            all-tcp {
                mss 1300;
            }
        }
    }
    nat {
        source {
            rule-set students_srcnat {
                from zone Student;
                to zone untrust;
                rule students_srcnat_1 {
                    match {
                        destination-address 0.0.0.0/0;
                    }
                    then {
                        source-nat {
                            interface;
                        }
                    }
                }
            }
            rule-set staff_srcnat {
                from zone Internal;
                to zone untrust;
                rule staff_srcnat_1 {
                    match {
                        destination-address 0.0.0.0/0;
                    }
                    then {
                        source-nat {
                            interface;
                        }
                    }
                }
            }
            rule-set wireless_srcnat {
                from zone Wireless;
                to zone untrust;
                rule wireless_srcnat_1 {
                    match {
                        destination-address 0.0.0.0/0;
                    }
                    then {
                        source-nat {
                            interface;
                        }
                    }
                }
            }
        }
    }
    policies {
        from-zone Internal to-zone untrust {
            policy default-permit {
                match {
                    source-address any;
                    destination-address any;
                    application any;
                }
                then {
                    permit;
                }
            }
        }
        from-zone Student to-zone untrust {
            policy student-internet {
                match {
                    source-address any;
                    destination-address any;
                    application any;
                }
                then {
                    permit;
                }
            }
        }
        from-zone Wireless to-zone untrust {
            policy wireless-internet {
                match {
                    source-address any;
                    destination-address any;
                    application any;
                }
                then {
                    permit;
                }
            }
        }
        from-zone Internal to-zone Internal {
            policy test-1 {
                match {
                    source-address any;
                    destination-address any;
                    application any;
                }
                then {
                    permit;
                }
            }
        }
    }
    zones {
        security-zone External {
            interfaces {
                reth1.0;
            }
        }
        security-zone Internal {
            address-book {
                address NEC <IPofNEC>/32;
            }
            interfaces {
                reth0.100 {
                    host-inbound-traffic {
                        system-services {
                            dhcp;
                            all;
                        }
                        protocols {
                            all;
                        }
                    }
                }
            }
        }
        security-zone untrust {
            host-inbound-traffic {
                system-services {
                    http;
                    ssh;
                }
            }
            interfaces {
                pp0.0;
                ge-0/0/11.0;
            }
        }
    }
}
VN:F [1.9.22_1171]
Rating: 4.0/10 (1 vote cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

 
0

Adding Domain/Forest Trust

Posted by paris on Oct 6, 2016 in Research

Set DNS Forwarders between domains using either one of these

Conditional Forwarder – How to configure a Conditional Forwarder in DNS

Stub Zone – How to configure a DNS Stub Zone in Windows Server

Secondary Zone – How to configure a DNS Secondary Zone in Windows Server

What should I use, a Stub, Conditional Forwader, Forwarder, or Secondary Zone??

 

How to configure Forest Level Trust in Windows Server

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

 
0

the type 11 controller is not supported by this firmware

Posted by paris on Oct 6, 2016 in Research

dell51

Was recently trying to update a PS6000 SAN from Firmware upgrade Failure from V5.0.8 to V6.0.7

FYI when trying firmware updates make sure you have the passive controller setup , as this will take the controllers offline during the update.

The error displayed was the type 11 controller is not supported by this firmware

 Upgrade your 5.0.8 to 5.2.x first and than to 6.0.7.

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Tags: , , , ,

 
0

GPO’s For Enterprise Windows 10 Roll Out

Posted by paris on Oct 4, 2016 in Research

There is a big list by Microsoft I went through – https://technet.microsoft.com/itpro/windows/manage/manage-connections-from-windows-operating-system-components-to-microsoft-services#BKMK_WiFiSense , Microsoft also provides a DISA STIG Baseline ( here )  however I have gone a bit further on security

Computer Configuration – Administrative Templates – Windows Components – Data Collection and Preview Builds

Disable access to pre-release features – Disabled

Configure telemetry to level 0 – Enterprise Only

Do not show feedback notifications – Enabled

Toggle user control over Insider builds – Disabled

 

Computer Configuration – Administrative Templates – System – Log on

                Show first sign-in animation – Disable

                Turn on convenience PIN sign-in – Diable

Turn off picture password sign-in -Enable

 

Computer Configuration – Administrative Templates – Windows Components – Search –

Allow Cortana – Disabled

 

Computer Configuration – Administrative Templates – Windows Components – Cloud Content

                Do Not Show Windows Tips – Enabled

                Turn off Microsoft Consumer Experiences – Enabled

 

Computer Configuration – Administrative Templates – Control Panel

                Do not display the lock screen – Enabled

 

Computer Configuration – Windows Settings – Security Settings – Local Policies – Security Options     

                Accounts: Block Microsoft Accounts – Enabled From Longon and Adding

 

Computer Configuration\Administrative Templates\Network\WLAN Service\WLAN Settings\

Allow Windows to automatically connect to suggested open hotspots, to networks shared by contacts, and to hotspots offering paid services – Disabled 

 

Computer Configuration\ Administrative Templates\ Control Panel\ Regional and Language Options\ Allow Input Personalization and set to Disabled.

We also collect your typed and handwritten words to improve character recognition and provide you with a personalized user dictionary and text completion suggestions. Some of this data is stored on your device and some is sent to Microsoft to help improve these services.

Is it possible that any collected words may accidentally include patient information?

 

Computer Configuration > Administrative Templates > Windows Components > OneDrive > Prevent the usage of OneDrive for file storage – Enabled

 

Computer Configuration > Administrative Templates > Windows Components > Search> Don’t search the web or display web results in Search – Enabled

 

Computer Configuration > Administrative Templates > Windows Components > Search> Don’t search the web or display web results in Search over metered connections– Enabled

Why might you want to disable web search?  It is a good idea if you don’t want your local search queries sent to Bing.

Computer Configuration> Administrative Templates> System> User Profiles> Turn off the advertising ID

Turn off the advertising ID to disable targeted ads –  Enabled

Computer Configuration > Administrative Templates > Windows Components > Store >Disable all apps from Windows Store.
You can turn off the ability to launch apps from the Windows Store that were preinstalled or downloaded. This will also turn off automatic app updates, and the Windows Store will be disabled. On Windows Server 2016, this will block Windows Store calls from Universal Windows Apps.

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Tags: , , ,

 
0

VMware Licensing – vSphere Enterprise will not be available

Posted by paris on May 6, 2016 in Research

Recently VMware announces some changes to their licensing policy for vSphere – http://www.vmware.com/files/pdf/products/vsphere/VMware-vSphere-vSOM-Pricing-FAQs.pdf.

The main change is that vSphere  Enterprise will not be available after June 30, 2016. After that date, partners and clients can purchase only vSphere Standard, vSphere Enterprise Plus and

vSphere with Operations Management Enterprise Plus licenses. They also slightly increased the retail prices for all range of their vSphere licenses.

Existent clients with vSphere Enterprise have two options to choose from, as follows:

  • use this version till it reaches the End of Support date on March 12, 2020
  • upgrade to vSphere Enterprise Plus with 50% discount (that will be available till June 25, 2016). VMware just recently published the information about 50% discount on their web-site – http://www.vmware.com/promotions/2016-vSphere-vSOM-upgrade.html.

The benefits that vSphere Enterprise Plus can bring to the virtual environment help further automate and standardise it – https://kb.vmware.com/kb/2109507.

In my opinion, these features are :

The good news is that VMware gives 25 Operating System Instance (OSI) pack of vRealize Log Insight for vCenter Server is now available for free to all vCenter Server Standard customers. This product allows to centralise the log files collection from hosts and vCenter, and it helps a lot to troubleshoot issues with the virtual environment – http://www.vmware.com/au/products/vrealize-log-insight.

For the productive environment, I would suggest upgrading to a special type of vSphere license called “vSphere Remote Office Branch Office Advanced” (or ROBO) – https://www.vmware.com/files/pdf/products/vsphere/VMware-vSphere-Remote-Office-Branch-Office-Editions-Datasheet.pdf.

Instead of licensing hosts by number of sockets, ROBO is licensed by pack of 25 VMs / per one site. One pack can be redistributed among many sites. However, only one pack can be used per site. So, three packs will be enough to license all productive sites, and it gives the same benefits as Enterprise Plus license – http://www.vmware.com/products/vsphere/compare.html

Prices in AUD

Vendor Part#DescriptionUnit RRP
   
ST6-RB-25VM-CVMWARE VIRTUAL SAN 6 FOR REMOTE OFFICE BRANCH OFFICE (25 VM PACK)$16,850.00
ST6-RB-25VM-P-SSS-CPRODUCTION SUPPORT/SUBSCRIPTION VMWARE VIRTUAL SAN 6 FOR REMOTE OFFICE BRANCH OFFICE (25 VM PACK) FOR 1 YEAR$4,204.06
VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Tags: , , , , , , , ,

 
0

Flapping Cisco Switch Ports

Posted by paris on May 6, 2016 in Research

Checklist : 

  1. Check the times of disconnect , are they every 10-20 seconds the same ( could be timers ) 
  2. show interfaces gigabitethernet 2/0/23 check for Errors
  3. Was this switch recently replaced / power problem – Raise a TAC
  4. Replace Cables/Ports
%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet2/0/23, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet2/0/23, changed state to down
%LINK-3-UPDOWN: Interface GigabitEthernet2/0/23, changed state to down
%LINK-3-UPDOWN: Interface GigabitEthernet2/0/23, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet2/0/23, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet2/0/23, changed state to down
%LINK-3-UPDOWN: Interface GigabitEthernet2/0/23, changed state to down
%LINK-3-UPDOWN: Interface GigabitEthernet2/0/23, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet2/0/23, changed state to up
VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

 
0

Outlook Intermittent Disconnections – Exchange 2010

Posted by paris on May 6, 2016 in Research

 

This is part 2 of my troubleshooting weeks where we were facing issues with Outlook losing connections to Exchange intermittently AND Database copies losing synchronization as well. The part 1 of this blog focused on what/how we troubleshoot so far mostly using database connectivity alerts. In this part we’ll be focusing on Outlook disconnections and how things got heated up for next few days.

I believe you will all agree that most annoying and most interesting issue for troubleshooting with Outlook & Exchange is?  Outlook intermittently disconnects or pops a message saying “Outlook lost connection to server, trying to reconnect”

The pop-up basically indicates that Outlook either lost MAPI connection to exchange services or/and is taking very long time to make complete connection causing Outlook to exhibit behavior such as it has lost connectivity.

 

The issue in itself doesn’t causes any critical business loss, it’s more of an annoyance and if users in your environment are as “peculiar” about Outlook’s well-being then you should be facing same level of annoyance as we do. Sometimes the level of annoyance is so high, that you feel to mask the problem using custom registry discussed below with blog ;-).

So here I am, discussing my mid-month of June where we had one such painful and interesting issue to troubleshoot where Outlook was generating RPC disconnection pop-up and lot of experts were basically head scratching along with us to remediate same.

Stage 2: Outlook intermittent Disconnections

The second and basically more critical sign of issues started happening few days after the database connectivity issues discussed in part 1 of this blog. Basically we started users complaining about:

  • Outlook intermittent pop-ups shown above saying Outlook is trying to connect.
  • Users unable to access shared mailbox and shared calendars, getting access denied error. (Users access shared mailbox/folders in online mode in our environment with their primary mailbox/folder in cached mode)

The Exchange hardware report/SCOM was not triggering any alerts for performance or RPC latency. When running server’s MAPI connectivity test, it failed & below error was reported:

____________________________________________________________________________________________

Error : [Microsoft.Exchange.Data.Storage.TooManyObjectsOpenedException]: Cannot open mailbox /o=Contoso/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/cn=Server01/cn=Microsoft System Attendant. Inner error [Microsoft.Mapi.MapiExceptionSessionLimit]: MapiExceptionSessionLimit: Unable to open message store. (hr=0x80040112, ec=1246)? ? ? ? ? ? ? ? ? ? ?  Diagnostic context:

_______________________________________________________________________________________________

The error basically indicates issue with system attendant out of RPC connections. However it was not adding up as we already had increased exchange store limits documented here, majorly Maximum Allowed Sessions Per Userwas already set as high as 5000 (decimal). Running ExMon (Exchange User Monitor tool) generally helps in these scenarios as it points out which user/mailbox is spending maximum CPU time in server or is having highest operations against exchange store, but not in our scenario sadly.

After some expert help, we were able to determine that issue was not due to total number of MAPI connections, but was due to Exchange administrative connections open at a given time against exchange server store. The Exchange administrative connections are primarily used by:

  • Shared calendar/mailbox
  • Blackberry Enterprise Server
  • Exchange search service (was not listed at first but we determined it later)

Default value for exchange store limits for administrative connections Maximum Allowed Exchange Sessions Per Service is 10000, however as per performance monitors, we were going above it at which point exchange store was locking down all connections causing Outlook outage. At this point we increased the following registries to make sure we do not go into outage situation again:

  • The Maximum Allowed Exchange Sessions Per Service registry to 20000 (default value 10000)
  • The Maximum Allowed Concurrent Exchange Sessions Per Service registry to 100 (default value 50)
  • The Maximum Allowed Service Sessions Per User registry to 64 (default value 32)

And from here we monitored if we go above same. But for me, it was still not adding up as we were running fine all this time, how can we spike connections overnight?

Meanwhile, the Outlook continuous prompts for disconnection and reconnection kept bugging users intermittently. We provided store dump for analysis using below command and were told that the administrative connections are still spiking and we need to bump them up to 30000 for resolving issues, but I still wasn’t sold on same.

After going through some network captures, logon statistics & RPC log dumps from Exchange CAS and MBX servers, I noticed below:

  1. All users have high number of connections to the server irrespective of client version or device they??™re using to connect or server they??™re on. Also in the logon statistics dump, I could see passive nodes of database copy were having logon connection against mailboxes as well other than CAS servers. At this time I learnt that search service also uses administrative connections and it is by Design that the Microsoft Exchange Search Indexer service on the passive node(s) indexes only the active node database. The design is that, in this way,?  all content indexes of the database on all database copies of the DAG are always up to date. (Get-LogonStatistics Shows Logons to a Mailbox on the Active Node by the Exchange Search Indexer on the Passive Node(s) of a DAG in Exchange 2010) So when we increased the registry for service sessions above, we basically allowed exchange search service to open more connections against mailboxes on database.
  2. At time of packet drop, we can see in network capture that CAS is losing connection to MBX server as well and soon after it sends lot of packet requests for Request fast re-transmit. I believe this could be one of factor why we??™re seeing lot of connections across environment. Sample packets below:

2586723? ? ? ? ? ? ? ? 3:02:58 PM 6/21/2013? ? ? ? ? ? ? ? 1343.5206036? ? ? ? ? ? ? ? store.exe? ? ? ? ? ? ? ? Server01?  ? ? ? ? ? ? ? ? 10.0.0.2? ? ? ? ? ? ? ? TCP? ? ? ? ? ? ? ? TCP:[Segment Lost]Flags=…A…., SrcPort=38364, DstPort=32159, PayloadLen=1460, Seq=1546335157 – 1546336617, Ack=3329138042, Win=511? ? ? ? ? ? ? ? {TCP:361, IPv4:11}

2586724? ? ? ? ? ? ? ? 3:02:58 PM 6/21/2013? ? ? ? ? ? ? ? 1343.5206181? ? ? ? ? ? ? ? store.exe? ? ? ? ? ? ? ? Server01?  ? ? ? ? ? ? ? ? 10.0.0.2? ? ? ? ? ? ? ? TCP? ? ? ? ? ? ? ? TCP:[Continuation to #2586723]Flags=…A…., SrcPort=38364, DstPort=32159, PayloadLen=279, Seq=1546336617 – 1546336896, Ack=3329138042, Win=511? ? ? ? ? ? ? ? {TCP:361, IPv4:11}

2586737? ? ? ? ? ? ? ? 3:02:58 PM 6/21/2013? ? ? ? ? ? ? ? 1343.5227346? ? ? ? ? ? ? ? store.exe? ? ? ? ? ? ? ? 10.0.0.2? ? ? ? ? ? ? ? Server01?  ? ? ? ? ? ? ? ? TCP? ? ? ? ? ? ? ? TCP:[Request Fast-Retransmit #2586723]Flags=…A…., SrcPort=32159, DstPort=38364, PayloadLen=0, Seq=3329138042, Ack=1546335157, Win=3045? ? ? ? ? ? ? ? {TCP:361, IPv4:11}

  1. Parsing through CAS logs, I can see lot of session drops, attached is connection log for certain users.

At this point, I turned back to network team who’ve given up on us and pushed them hard to check the network switches connected to our exchange VM farm, took some pushing but at the end they expanded monitoring traffic at switch level from not just exchange but basically all traffic coming to switch, at that point they were able to determine the cause of the issue.

The cause appears to have been another VM server in the data center that had 2 trunk ports that were flapping.?  When the ports would flap it would trigger a spanning-tree change on the LAN.?  During the spanning-tree re-convergence, traffic would get flooded out through all ports on the core switch.? ?  The switch ports connected to this server were set up for ‘spanning-tree portfast’ (disable spanning tree) but since they were trunk ports this command was not preventing the spanning-tree change during a port flap.?  We had to disable spanning-tree on each trunk port with the ‘spanning-tree portfast trunk’?  command.? ?  This stopped the spanning-tree issues during the port flaps.?  The server was found to be down and was moved to a powered down state.?  This stopped the port flaps from occurring.

So in a nut-shell, the powered down VM server was flooding traffic against all switches connected to it, exchange switch being one of them. Hence the switch getting overwhelmed, servers sending/receiving Rx Pause packets as they’re unable to keep up with network data speed and hence the packet loss and hence the database disconnections and hence the Outlook intermittent connectivity issue ! Phew !

Once the issue was determined, we removed the below two registries from server such that we do not allow more than default connections available for Exchange 2010 store service and added exchange admin client connection column in our Exchange hardware report for monitoring:

  • he Maximum Allowed Exchange Sessions Per Service registry (default value 10000)
  • The Maximum Allowed Concurrent Exchange Sessions Per Service registry (default value 50)

Since then, the administrative connections which were going above 20000 now stay below 2000 even at peak business day, no more Outlook intermittent dis-connectivity, no more database synchronization issue and hence my interesting yet painful mid-month of June ended so I can take on other issues waiting in queue 😉

Other frequent factors that impact Outlook intermittent disconnections:

  • WAN Accelerators:?  WAN Accelerators generally come in 2 flavors: Compress the compressed, or pattern matching. RPC is already compressed and the re-compressed data does not necessarily have any large performance gains based on independent testing. You can read more on the web on independent testing that has been done. Some products will keep Outlook sessions open for users. If we exceed limits on sessions that are set in Exchange automatically, you will see event IDs 9646 on the server.
  • Server performance: If source?  or destination server are running high CPU cycles or memory, exchange lowers the cycles available to Exchange replication service causing high copy queue length or replay queue length. You can monitor server performance using Exchange RPC counter monitor script available for download here.
  • Storage performance: If the SAN/LUN/Spindle associated with exchange servers physical/VM is exhibiting high IOPS, there will be delay in replaying copied transaction log against the database causing high replay queue length. If the storage array is same for active & passive databases like in most environments, this will also degrade database RPC performance or cause high RPC latency causing degradation on Outlook side for end users as well.
  • VMWare/Hyper-V Physical Host performance: If physical ESX host or Hyper-V server is oversubscribed (i.e. configured in 2:1 ratio for logical:physical cores) and is running out of resources, there will be overall degradation in performance for exchange servers running on the host, causing database replication and RPC performance degradation in environment.

To read more about other factors that cause issue where users observe Outlook RPC dialog box discussed above, please read the MS blog below:

Troubleshooting Outlook RPC dialog boxes – revisited

Hope you found these two part blogs of some assistance. For any queries, concerns or feedback, kindly drop same in the comment section below.

Thanks for reading !

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

 
0

Change Owncloud Directory in OpenSuse

Posted by paris on May 2, 2016 in Research
You need to change /etc/apache2/default-server.conf
 
DocumentRoot “/srv/www/htdocs/owncloud”
systemctl stop apache2.service
systemctl start apache2.service
VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Copyright © 2017 Welcome to Pariswells.com All rights reserved. Theme by Laptop Geek. Privacy Policy