Use the following commands to get a Procurve switch to use SNTP and use the right time zone:
sntp unicast
sntp server 192.168.0.1
sntp 30
timesync sntp
time daylight-time-rule western-europe
wr mem
substitute the address of your SNTP server above.
Verify with
sh time
Thursday 6 June 2013
Friday 24 August 2012
Resize VHD With Bitlocker Partition
I recently created a new virtual machine under Hyper-V not noticing the default was a dynamic disk and the disk size was set to 127 gig (oops). So I thought okay I will convert it to a fixed disk using the Hyper-V tools and then shrank the partition to 50 gig in windows using disk manager without any problems.
After a quick search with my favourite search engine it seemed I needed a tool called VhdResizer . This was because the VHD was still seen as a 127 gig disk so I needed to chop off all that unallocated space.
So my first attempt went like this:
Opened VhdResizer
Selected the source and destination
Set the size for the new disk
So I was ready to go at this point but the resize button was still greyed out. This turned out to be that the free space was in the middle of the drive because there was a 300 meg bitlocker partition on the disk and the minimum size I could select was the whole 127 gig!
After much head scratching I decided to boot the VM from Gparted CD image and move the bitlocker partition. To my surprise this worked fine and the VM booted without issue (phew). I then ran VhdResizer again and selected the minimum size which was the size of the C: drive partition but the resize button was still greyed out (grrrrr) I then increased the size by 1 gig and the button was available to start the process. The process ran to completion and I updated the VM to use the new disk. Job done!
So if you want to resize a VHD you must do the following things.
Resize your partition in disk manager
Make sure the free space is at the end of the disk (Use a tool like Gparted if necessary)
When VhdResizer states a minimum size you must select 1 gig above that.
Hope this helps someone with the same issue.
After a quick search with my favourite search engine it seemed I needed a tool called VhdResizer . This was because the VHD was still seen as a 127 gig disk so I needed to chop off all that unallocated space.
So my first attempt went like this:
Opened VhdResizer
Selected the source and destination
Set the size for the new disk
So I was ready to go at this point but the resize button was still greyed out. This turned out to be that the free space was in the middle of the drive because there was a 300 meg bitlocker partition on the disk and the minimum size I could select was the whole 127 gig!
After much head scratching I decided to boot the VM from Gparted CD image and move the bitlocker partition. To my surprise this worked fine and the VM booted without issue (phew). I then ran VhdResizer again and selected the minimum size which was the size of the C: drive partition but the resize button was still greyed out (grrrrr) I then increased the size by 1 gig and the button was available to start the process. The process ran to completion and I updated the VM to use the new disk. Job done!
So if you want to resize a VHD you must do the following things.
Resize your partition in disk manager
Make sure the free space is at the end of the disk (Use a tool like Gparted if necessary)
When VhdResizer states a minimum size you must select 1 gig above that.
Hope this helps someone with the same issue.
Monday 26 March 2012
Domain Controller NTP Time Synchronisation
If you work with Windows Domains and Active Directory and Kerberos you will know there will be issues if your clients clock are not within 5 minutes of your servers. As standard your domain joined clients should synchronise their time with the PDC emulator on the domain. This is not usually an issue and works well by default (usually!).
When you do start to get issues is when the clock on your PDC emulator starts to skew and all the clients skew to match it. This does not cause issues for your network but the time on all the computers is wrong an inevitably people will start complaining.
So lets just synchronise with one of those nice NTP clocks on the internet, that's easy right you just look at the clock options and set it there like on standard Windows 7 etc. Well unfortunately it's not that easy as you do not get the option to do that instead you need to go through a fairly complicated set up and take a few things into consideration.
Lets start with the service that controls the time
w32time
and the command you use to configure various options:
w32tm
You can use the following command to check a couple of things:
1. You can see if you can access the NTP server.
2. You can see how far your clock is out according to the NTP.
w32tm /stripchart /computer:time.server.com /samples:3
If you can't contact the NTP server then try another server or check your firewall isn't blocking it.
The port for NTP is port 123 UDP
If all is well you can check the current config by diving into the registry under:
HKLM\SOFTWARE\Policies\Microsoft\W32time\Parameters
or you can use the command:
w32tm /dumpreg /subkey:Parameters
The screenshot above is from my home PC but the settings will be the same on domain joined PCs except the NTP client mode which is the 0x9 next to time.windows.com. On your domain the settings for the time source will use the 0x8 client mode which sets the local computer to operate in client mode in association with the preceding time server.
To set the time server you can use the following command:
w32tm /config /manualpeerlist:time.server.com,0x8 /syncfromflags:MANUAL /reliable:yes
Make sure you substitute the time server address you want to use in that command. pool.ntp.org comes highly recommended for a reliable time source.
All you need to do then is stop and restart the service: and give it a chance to refresh it
net stop w32time && net start w32time
If you want to force a refresh you can use the command:
w32tm /resync /nowait
The last step in troubleshooting is to check the settings for type under the subkey parameters.
In the screenshot above the type is NTP which is right for the server (PDC Emulator) that you want to be contacting the external time source. The setting on your clients must be NT5DC though as this means they seek the time from the domain hierarchy ie the PDC emulator (I may have mentioned that before ;-) )
To fix your client settings from the command line you can execute the command:
w32tm /config /syncfromflags:domhier /update
This should not need doing as by default this should be the normal setting.
Now working in a domain environment you can also use Group Policy to control these settings:
These are located in the following location:
Computer Configuration > Administrative Templates > System > Windows Time Service
I have used a GPO to target all the domain controllers with the NTP settings. You may want to filter that more in your environment.
So there you have it, the idea sounds simple but once you start looking into it, it's a lot more complicated!
When you do start to get issues is when the clock on your PDC emulator starts to skew and all the clients skew to match it. This does not cause issues for your network but the time on all the computers is wrong an inevitably people will start complaining.
So lets just synchronise with one of those nice NTP clocks on the internet, that's easy right you just look at the clock options and set it there like on standard Windows 7 etc. Well unfortunately it's not that easy as you do not get the option to do that instead you need to go through a fairly complicated set up and take a few things into consideration.
Lets start with the service that controls the time
w32time
and the command you use to configure various options:
w32tm
You can use the following command to check a couple of things:
1. You can see if you can access the NTP server.
2. You can see how far your clock is out according to the NTP.
w32tm /stripchart /computer:time.server.com /samples:3
If you can't contact the NTP server then try another server or check your firewall isn't blocking it.
The port for NTP is port 123 UDP
If all is well you can check the current config by diving into the registry under:
HKLM\SOFTWARE\Policies\Microsoft\W32time\Parameters
or you can use the command:
w32tm /dumpreg /subkey:Parameters
The screenshot above is from my home PC but the settings will be the same on domain joined PCs except the NTP client mode which is the 0x9 next to time.windows.com. On your domain the settings for the time source will use the 0x8 client mode which sets the local computer to operate in client mode in association with the preceding time server.
To set the time server you can use the following command:
w32tm /config /manualpeerlist:time.server.com,0x8 /syncfromflags:MANUAL /reliable:yes
Make sure you substitute the time server address you want to use in that command. pool.ntp.org comes highly recommended for a reliable time source.
All you need to do then is stop and restart the service: and give it a chance to refresh it
net stop w32time && net start w32time
If you want to force a refresh you can use the command:
w32tm /resync /nowait
The last step in troubleshooting is to check the settings for type under the subkey parameters.
In the screenshot above the type is NTP which is right for the server (PDC Emulator) that you want to be contacting the external time source. The setting on your clients must be NT5DC though as this means they seek the time from the domain hierarchy ie the PDC emulator (I may have mentioned that before ;-) )
To fix your client settings from the command line you can execute the command:
w32tm /config /syncfromflags:domhier /update
This should not need doing as by default this should be the normal setting.
Now working in a domain environment you can also use Group Policy to control these settings:
These are located in the following location:
Computer Configuration > Administrative Templates > System > Windows Time Service
I have used a GPO to target all the domain controllers with the NTP settings. You may want to filter that more in your environment.
So there you have it, the idea sounds simple but once you start looking into it, it's a lot more complicated!
Sunday 25 March 2012
Smoothwall Guardian Unblock iPlayer Content
At work we use the excellent Smoothwall Guardian for our web filtering needs.
After recent issues I decided the box needed a fresh install as we were having a few issues which were undoubtedly because the install was over 4 years old and had lots of chopping and changing done to the config.
The new install went very smoothly as I was following our documentation and I am very familiar with the product (well you would hope so after four years of use). The only thing I couldn't get working was BBC iPlayer for our normal users despite entering all the domains I had entered previously. After contacting support the following solutions was provided:
Add the following URLs to the authentication bypass:
static.bbc.co.uk
bbcimg.co.uk
bbci.co.uk
edgefcs.net
Now this is the solution I had in our documentation but it didn't seem to work.
The next suggestion was to open port 1935 for streams on the Firewall. Now I know for a fact that this hadn't been done before so god only knows how it was working fine on the old install.
Anyway I entered the new rule into ISA not thinking it would do anything but sure enough iPlayer content started working. To make sure I disabled the rule and Iplayer content stopped working.
So there you go working iPlayer. Now I believe this rule may need some refinement to limit it to certain sites as it may open a lot of other sites that maybe undesirable. I will work on that soon.
After recent issues I decided the box needed a fresh install as we were having a few issues which were undoubtedly because the install was over 4 years old and had lots of chopping and changing done to the config.
The new install went very smoothly as I was following our documentation and I am very familiar with the product (well you would hope so after four years of use). The only thing I couldn't get working was BBC iPlayer for our normal users despite entering all the domains I had entered previously. After contacting support the following solutions was provided:
Add the following URLs to the authentication bypass:
static.bbc.co.uk
bbcimg.co.uk
bbci.co.uk
edgefcs.net
Now this is the solution I had in our documentation but it didn't seem to work.
The next suggestion was to open port 1935 for streams on the Firewall. Now I know for a fact that this hadn't been done before so god only knows how it was working fine on the old install.
Anyway I entered the new rule into ISA not thinking it would do anything but sure enough iPlayer content started working. To make sure I disabled the rule and Iplayer content stopped working.
So there you go working iPlayer. Now I believe this rule may need some refinement to limit it to certain sites as it may open a lot of other sites that maybe undesirable. I will work on that soon.
Getting Rid Of The Hibernation File
On one of my machines I have an older small SSD drive on which I have tried to install the minimum amount of programs and installed the rest to my other hard drive.
Recently I have been struggling for space even though I have done a lot of different things to take things off the drive by changing paths or by using symbolic links.
The hibernation file will be 75% the size of your total ram by default so in my case it was 3 gig as I have 4 gig in that particular computer.
To turn it off you need to an elevated comand prompt and use the command:
powercfg -h off
Now I have a nice bit of space on that drive :-)
Recently I have been struggling for space even though I have done a lot of different things to take things off the drive by changing paths or by using symbolic links.
The hibernation file will be 75% the size of your total ram by default so in my case it was 3 gig as I have 4 gig in that particular computer.
To turn it off you need to an elevated comand prompt and use the command:
powercfg -h off
Now I have a nice bit of space on that drive :-)
Wednesday 19 October 2011
MCITP: Server Administrator Completed
I finished the MCITP: Server Administrator a while ago doing both the 70-642 and the 70-646. I stuck to my tried and tested formula of book(s), labs and testing software. I must say I have really enjoyed doing these exams as it's always good to have proof of all your hard work and knowledge gained.
I enjoyed them so much I have decided to go for the Enterprise Administrator MCITP as well, while I am on a roll. I am currently doing the 70-643 Windows Server 2008 Applications Infrastructure, Configuring . This one I am enjoying a lot as the main areas are:
WDS
Hyper V
Clustering
Remote Desktop Services
IIS
Windows Media Services
Sharepoint Foundation
I have also read an additional book on Remote Desktop Services as well, which was the resource Kit from Microsoft which I found to be excellent.
There are many projects at work in the pipeline and one of them is setting up an RDS server farm which is covered in this exam. Currently we have one RDS server but I am looking for load balancing and redundancy so I will be implementing a load balanced cluster for this.
I have been using Virtualbox for my labs but could not get Hyper V to run under it. It will however run fine under VMWare and a proper instance of Hyper V.
Not much else to report really, I never had to use any of my second shot vouchers but MS have put the price of the exams up a little but its the first time in 10 years or something, so that's not too bad I suppose!
I enjoyed them so much I have decided to go for the Enterprise Administrator MCITP as well, while I am on a roll. I am currently doing the 70-643 Windows Server 2008 Applications Infrastructure, Configuring . This one I am enjoying a lot as the main areas are:
WDS
Hyper V
Clustering
Remote Desktop Services
IIS
Windows Media Services
Sharepoint Foundation
I have also read an additional book on Remote Desktop Services as well, which was the resource Kit from Microsoft which I found to be excellent.
There are many projects at work in the pipeline and one of them is setting up an RDS server farm which is covered in this exam. Currently we have one RDS server but I am looking for load balancing and redundancy so I will be implementing a load balanced cluster for this.
I have been using Virtualbox for my labs but could not get Hyper V to run under it. It will however run fine under VMWare and a proper instance of Hyper V.
Not much else to report really, I never had to use any of my second shot vouchers but MS have put the price of the exams up a little but its the first time in 10 years or something, so that's not too bad I suppose!
Sunday 23 January 2011
Boson ExSim 70-640 Active Directory, Configuring: Exam Prep Software Review
In my last post I talked about my continuation of my quest to get up to date with my Microsoft certification. My method for studying has been developed over time, but I believe it isn't that different from most people who have taken a few exams.
My first port of call for studying is usually a book. Many years ago I would have gone straight to the Microsoft Press books, but they have started to get a reputation as not having a 100% accurate content eg lots of stupid mistakes. You would think this would not be the case from somebody as big as MS but some of these seem to be put together in a hurry with very little proof reading.
These days there are other alternative books to sink your teeth into and at the time I usually have a look around at reviews and opinions on the relevant forums and see if I want to go with the MS book or an alternative. The alternatives can sometimes be a lot better as they tend to be released later and sometimes have a lot more detail. If I am undecided which way to go and I have the cash I will try and buy a MS book and another alternate source. Some people always recommend this approach as the other book tends to fill in the gaps of the other book or explain it better, or in some cases contradict the other book which highlights the mistakes to you.
Buying 2 books is really up to you and your finances as the cost for these exams can really start to add up when you are buying 2 books at £25-40 each and an exam at £88 and some test prep software at £50-100. Some people will also go for videos series from the like of Train Signal or CBT nuggets and these do cost a lot more so in theory you could end up spending £300-400 on one exam!!!!! This is where it is nice to have your employer help with these costs. I personally always fund my own qualifications, that way you don't have to sign any kind of learning agreement that ties you to a particular employer for a set amount of time, as they have funded your training.
After I have read as much as I can, watched what ever videos I can get my hands on, read blogs and articles on the exam requirements I look towards the exam prep software. Over the years I have used Transcender, Measure up and now Boson.
Now I will be honest with you here I had never heard of Boson before I started participating on the forums at www.certforums.co.uk this is probably more down to the fact that I haven't really bothered too much with the certification resources available in the last 6 years or so. The guys from Boson are a great bunch and have the exact right attitude that a company should have, that are participating on a public forum. They participate in all areas of the forum and offer advice on most of the subjects that come up there. There is never a feeling they are there to sell but they do mention their product in a kind of matter of fact way on occasion to help people out. This a refreshing change from the wrong sorts of people from companies I deal with at the extremely popular site Edugeek where I have been a moderator for a long time.
One thing the guys from Boson are very good at is helping us all steer clear of the brain dumping sites and educating all the people new to certification about brain dumping, what it is and why it's no good for you!
Anyway down to the product itself. I was given the opportunity to test the Boson exam environment out so I chose the one that was relevant to the exam I was doing at the time the 70-640 AD Configuring.
Installation:
The installation was as easy most windows apps and was just a next, next finish type install. The bare exam engine is available from their website before you have to make any purchases and you can download some demos to get a feel for it. For the exam content you need to get an activation code which you get when you purchase the product and you just paste this in to the exam activation wizard, which makes it available for download.
Taking the exam:
There are 2 ways to get your exam up and running you can either use the exam wizard or press the choose exam button and select your exam options. If you choose the "Choose Exam" button you do get access to a few more options that using the "Exam Wizard".
Most of the options were fairly standard (standard meaning all the options you would expect) and were the same as what other competitors offered, but the one Boson had that I thought was great was "Enable Smart Mode".
Smart mode is an option that allows you to set the exam content by saying that if you have already answered a question right a user definable amount of times, don't include it. This I think is great as sometime with these things you can do these practice tests too many times and get the same questions in all the time which you end up memorising rather that using your knowledge to answer them. This way you always get a fairly fresh set of questions from the larger question pool.
Question accuracy and resources
Boson have done a good job here, I could not find any typos or questions with answers, that turned out to be wrong as I have done on occasion with other products. One thing I love about this kind of exam prep software is it reinforces you knowledge and the explanations give you some more depth into the answer as well. You may know the answer to the question but you may be a little vague on detail. This product gives you good explanations to the answers and offerers links for resources on the subject. This way you are enhancing your learning even more.
Conclusion
A great accurate, easy to use product with a company that are very accessible, should you need help. The price is good too and often noticeably cheaper than other popular competitors.
I was impressed enough that I purchased the 70-642 exam when it was on offer before Christmas, to help me with my next exam.
Subscribe to:
Posts (Atom)