This is my new blog for my Technology posts. This is a more professional approach than JohnnyWard.co.uk
New VPN Solution
We used to use Routing and Remote Access (RRAS) under Windows 2008 to provide an Active Directory friendly route into the network (we have a lot of remote workers) - And while this is not a fancy solution it did just work. Well, that was until our new WatchGuard Firewall got in the way!
The WatchGuard XTM series is fantastic value for money offering various routing and firewall options for any small-medium network. the XTM 505 is a fantastic piece of kit which during the testing phase has proven to be significantly better that our older x2500 model, which was showing its age.
I’m still yet to figure out exactly what the problem with RRAS and out firewall was, something to do with protocol routing with GRE and PPTP when using 1:1 NAT, however I found so many articles on this and still after following them all to the letter, nothing worked. I couldn’t get in (neither could anyone else) - So I trusted my instinct and this article: http://blog.bruteforcetech.com/archives/470 - Hats off to the guy who wrote it, magnificent overview of how to get it working. Only took 30 minutes to implement the article and then another 15 or so to fiddle around with placing rules on the firewall to allow protocols etc.
What I like about the solution is on my WatchGuard System Manager dashboard I can see who is connected (via RADIUS) and how many bytes they’ve used as well as the IP address they are connected on. This is the first full day of the new solution and I have 6 people from around the UK connected without any issues. FInally I have replaced RRAS with something less glitchy and perhaps easier to manage.
I reused my VPN server as the RADIUS server, but may be able to free it up by putting RADIUS on one of the domain controllers, which would hopefully speed the LDAP lookups up.
Coming Soon… The Great Conficker Battle of 2012
Oh yes, it hasn’t gone away just yet, Conficker is still as big as ever. To get some background try this link:
http://en.wikipedia.org/wiki/Conficker
I will be posting my personal experience very soon, well as soon as its over…
New Final Year Project Site
I have just converted by FYP micro-site into WordPress, so if your interested in virtualisation and private clouds head over to: http://www.johnnyward.me.uk/linux/fyp
Graduation Ceremony 2012
My Graduation Ceremony took place yesterday ay Symphony Hall, Birmgham.
The pictures can be founf here: http://johnnyward.me.uk/galleries/graduation
Nagios Notification Script
Originally posted at johnnyward.co.uk (http://www.johnnyward.co.uk/nagios-notification-script/)
I decided to write my own script for Nagios to send emails to external addresses when MS Exchange goes down in our organisation (which has been happening quite often lately!)
my exchangescript.sh file is called by a command created in the nagios command.cfg file as below:
#Exchange notifications
define command{
command_name notify_ex_mail
command_line sh /etc/nagios3/exchangescript.sh “$NOTIFICATIONTYPE$” “$SERVICEDESC$” “$HOSTALIAS$” “$HOSTADDRESS$” “$SERVICESTATE$” “$LONGDATETIME$” “$SERVICEOUTPUT$” “$CONTACTEMAIL$”
}
The “$PARAMETER$” inputs are created by nagios and therefore would not make sense outside of a Nagios config file.
my exchangescript.sh file is here:
#!/bin/bash
## Send mail notification when nagios detects a problem - manual overide from Nagios defaults ##
## Script By Jonathan Ward 26/09/2011 ##
##Parameter List as defined in /etc/nagios3/commands.cfg
## $1 = Notification Type e.g. “PROBLEM”
## $2 = Service Description e.g. “Explorer.exe” OR “SMTP Status”
## $3 = Host Alias e.g “MyExchangeServer”
## $4 = Host Address e.g. “192.168.1.1”
## $5 = Service State e.g. “CRITICAL”
## $6 = Long Date and Time e.g. “Mon Sept 26 16:07:21 BST 2011”
## $7 = Service Output
# #$8 = Contact Email
##Set Message Subject - spaces won’t work?
msgsubject=’Exchange Issue’
##Set Email Addresses with spaces not commas etc.
msgto=”EMAIL ADDRESSES GO HERE”
##Set Message Body
msgbody=”Nagios is reporting $1 on $3 \n \nService $2 State is: $5 \n \nTime Reported: $6”
##Create subject in file /etc/nagios3/mailbody
#echo -e “$msgbody” > /etc/nagios3/mailbody
##Command to send email with subject and body
#mail -s “$msgsubject” “$msgto”
echo -e “’$msgbody’” | mail -s “$msgsubject” “$msgto” #using internal echo as body - prints -e in emails???
##delete body file for next run
#rm -f /etc/nagios3/mailbody
##Debugging lines go here…
# echo -e “$1 \n$2 \n$3 \n$4 \n$5 \n$6 \n$7 \n$8” > /root/scriptdebug #Copies values of parameters on seperate lines in /root/scriptdebug file
##TO TEST SCRIPT##
## /etc/nagios3/exchangescript.sh “notifcation type” “service description” “host alias” “host address” “service state” “long date time” “service output” “contact email”
Linux Script for monitoring Machine Room temperatures
Following on from one of my first projects at BMS, where I installed a server monitoring solution called Nagios, I have taken things one step further and started using the nagios scripts to provide in depth monitoring which I can target at specific people etc. I have used my knowledge gained from my older Nagios Notifcation Email script as reposted on this blog here.
The plan was to use the Dell OpenManage plugins that I spent so long configuring within Nagios, to send temperature updates via email. The final script (after 4+ hours testing etc.) looks like this:
#!/bin/bash
##ThermoMail.sh
## Send mail notification of Machine Room Temperatures##
## Script By Jonathan Ward 01/02/2012##
##./gettemp.sh (was spereate script)##
rm /root/temperatures
echo -e “Machine Room 1 status: ” > /root/temperatures
/usr/lib/nagios/plugins/check_openmanage -H [ipaddress] —only temp » /root/temperatures
echo -e “\n\nMachine Room 2 status: ” » /root/temperatures
/usr/lib/nagios/plugins/check_openmanage -H [ipaddress] —only temp » /root/temperatures
####
##Set Message Subject
msgsubject=’Machine Room Temperatures’
##Set Email Addresses with spaces not commas etc.
msgto=”mail@example.com”
##Command to send email with subject and body
mail -s “$msgsubject” “$msgto”
##DEBUGGING LINES
#echo -e “$msgbody” > /root/mailtest
Now I know this looks a little crude, and could be tidied up with some symbolic links etc. but it is a simple solution and I have scheduled a cron job to run the script 4 times a day…
The outoput in the email looks like this:
Windows Server Backup with DAG
Following on from the Exchange 2010 issues I’ve been having, my last hurdle has been backups. I couldn’t figure out for the life of me why the daily backups of my Exchange installations were failing. So I followed a couple of YouTube videos and made minor changes. This still didn’t work, so after a day of not thinking about it, and clearing my mind I finally found this solution, which worked a treat:
Using Windows Server Backup on Database Availability Group Members
If a server hosting the data being backed up is a member of a database availability group (DAG) and hosts both active and passive database copies, you must disable the Microsoft Exchange Replication service VSS writer. If the Microsoft Exchange Replication service VSS writer is enabled, the backup operation will fail.
To disable the Microsoft Exchange Replication service VSS writer, perform the following steps:
Log on to the server by using an account that has local administrator access, and then start Registry Editor (regedit).
Navigate to HKEY_LOCAL_MACHINE\Software\Microsoft\ExchangeServer\v14\Replay\Parameters.
Add a new DWORD value named EnableVSSWriter, and set its value to 0.
Exit Registry Editor and then restart the Microsoft Exchange Replication service.
This solution is found here: http://technet.microsoft.com/en-us/library/dd876851.aspx
Web Development Projects
In my spare time (limited though it is!) I have been working on a website for a local church (where my better half happens to work) and am quite impressed with the start that’s been made…
So how about visiting http://www.holytrinitybelbroughton.co.uk - and if you have any ideas or suggestions fill in the form on the Contact page.
I have also redone my homepage at: http://www.johnnyward.me.uk and modified some settings on my main blog to fix the URL rewrites (http://www.johnnyward.co.uk). not bad for a new year so far…
Exchange 2010 Failure
Bugger!
It seems that after I’ve finally built a redundant Exchange 2010 cluster with DAG that I needed a reboot on one of the servers (due to some other reconfiguration) - unfortunately I had forgotten the server hadn’t been rebooted since before AVG Business Edition was installed, oops, this appears to interfere with the WinRM service which just wouldn’t work, this meant I couldn’t use anything powered by powershell through the IIS - in other words I had no Exchange Management Console (EMC) or shell commands. The problem wasn’t so much emails as the DAG implementation ensured my other server took care of that with the passive database copy becoming active at the server fail, it was my primary public folder database which had the most problems, it just wouldn’t mount, so a quick scheduled reboot (during the lunch hour) and within 20 minutes (after 2 1/2 hours diagnosis and testing) I had the public folders back, this was also partially affected by the Replication service on the healthy server being stuck in a “stopping” state, I had to kill the process in task manager to fix this and manually start it.
So, what have I learnt today?
Exchange works, now leave it alone!
P.S
somewhere along the line this reboot etc enabled SSL on the pop3 service, this affected a few of our remote users, but I managed to fix that quickly enough once I knew the issue!
Exchange 2010 SP2
Microsoft have just released Exchange 2010 SP2 - a little over a month since I built both the new email servers on SP1 - how annoying is that! - anyway, after reading the new features list provided here: http://www.theregister.co.uk/2011/12/05/redmond_exchange_2010_sp2/ I am not too fussed, and will not be planning an upgrade anytime soon, maybe 6-12 months time I think…
