I now host e-mail! Send me a message! aj AT curli DOT us
Category: Windows Server
Which Came First? AD or VMware?
This was a particularly frustrating issue to solve on my home network. The answer to the question posed by the title of the post is obviously AD. But don’t tell that to my network. Sigh…
It all started with the untimely dying of a UPS battery. Investigation later showed that I got at least 3+ years of lifetime from the pack before it required replacement. Cannot complain there. But this particular UPS likes to notify me that it’s time for new batteries by shutting off entirely. The only two things getting power from this unit: (both) power supplies from the VMware server and the Dell gigabit managed switch. A recipe for disaster.
I’ll keep this post short. The whole reason why there was an issue was that the VMware server was not properly shut down. Oh, and in the process of trying to start up the server, the UPS died again. Joy… Anyway, because I have battery backup capability, I do not worry about sudden power failures. Therefore (and for other reasons too) I run my OS drive datastore in a RAID stripe array (without parity). Performance is great; redundancy, not so much. Upon starting up the AD controller, there were some issues. DHCP would not start at all. Who knows what else? So I made the decision to restore from backup. I use Veeam to routinely image the VMware guests through vCenter. Everything is happily married to Microsoft AD for security and easy authentication. Well, when you have to restore the AD controller which must be shut off, that makes it nearly impossible to authenticate the proper connectivity points through vCenter and Veeam to restore the guest. And this is why Microsoft (and VMware) always tell you to have a physical DC at every site.
The ultimate solution was to edit DNS of the services not properly authenticating to use an off-site DC. That worked like a charm. Pat myself on the back for that ability. Meanwhile after the dust has settled, I am starting a new experiment: virtualizing another DC as a guest on FreeNAS.
A Tale of Two NAS’s
Finally I met with success in two Network Attached Storage devices on my home network. Surprisingly, both at the same time, but different solutions.
I have a Synology DS1010+ that has been in use for the better part of a decade and I also had a FreeNAS homebuilt computer. The Synology’s job was for Plex media storage (PMS) and mass file storage. 5x 2 TB drives in a Synology Hybrid RAID (SHR) array. For a few years, the admin portal kept telling me there was array errors, yet all the files were accessible and the drive checks out were good. I purchased a WD 10 TB USB 3.0 drive on President’s day and painstakingly copied all the files from the Synology to the single drive over the past few days. I then wiped the Synology and let it rebuild over about 10 hours. When I brought it back up, SHR was not an option when creating the array. Only normal RAID levels. So I selected RAID 5 and went on my way. 24 hours later, no array errors are present. I think it’s fixed. Also, I found out how to use Domain Admins as admin accounts for the Synology (joined to Active Directory, obviously).
As far as the FreeNAS, apparently the motherboard was dying. I found a suitable replacement and used the latest version of FreeNAS, which is a completely different GUI. It seems to be working much better and I don’t have any errors when using Veeam to backup my VMware ESX server. This is the exclusive purpose of the FreeNAS system. It has 3x 2 TB drives in a ZFS RAID 5 array. The protocol is SMB. iSCSI proved too much hassle to get working. I’ve done it before, but simple Windows share is fine for me.
That’s all today, folks. Maybe next time I’ll announce my new 10 GbE network.
Just rolled out to my home network; also known as WPA2-EAP or 802.1x EAP, it’s the last “unhackable” wireless encryption protocol. The encryption key is handled by the access point (ultimately the RADIUS server) and the client device therefore there is no key to be compromised or changed regularly. Authentication is handled by the users credentials on the RADIUS (read Active Directory) server. Want to lock out a user? No problem; just disable their AD account.
As my wireless network just sits at the same physical address for years on-end, this prevents me from being brute-force attacked by a tech-savvy neighbor.
Remember to Enable PowerShell Scripts
This is a very basic rule about Windows PowerShell. You cannot run .ps1 files unless you first run the command shown below.
DFS Replication and Dirty Shutdowns
Again, a simple problem is fixed by just checking the Event Viewer. There are two servers on different subnets connected via VPN. Replication has not happened for a while simply because it was not a pressing issue. I vaguely remembered that I had this problem with AD replication so I went into Event Viewer of both sides and checked the Application and Services Logs > DFS Replication events. Clear as day you can see Event ID 2213 that reports that the database was “not shut down cleanly” and Auto Recovery is disabled (I should check into that later). But the important part is that it shows how to fix the issue. I have highlighted it in the screen snip below.
Almost immediately after running the command I can see that replication is occurring in the background trying to catch up with the changes.