@scottalanmiller - They both were well over 8 years old, and we have the exact same model all over the place (30+ of them) and in the 5 years I've been here the number of failures we have had could be counted on one hand.
It turns out there were some power issues on the grid on Monday night (downed tree on power lines) and that may have been the culprit here since as I mentioned the UPS is offline now (batteries will arrive Monday) so the surge could have taken the thing down.
The replacement switch was actually retired from another site, it ran 100% of the time for years, and the original one has also been running for more than a 5 years in the same location. So if there was some sort of manufacturing issue I would have thought this would have surfaced a long time ago.
As to logging on the unit, there is nothing that I could see on the unit that eventually started working again. But I can't get to any logs since the thing won't boot or push anything out via console.
As to the environment changes, there are none that I can think of. The UPS died in there about the same time as the first switch died, so it was the prime culprit back then, but the new one was plugged directly into the wall till we could circle back and get the UPS fixed up (it just needs new batteries). It is also worth mentioning that there is another switch in that IDF that has not had any issue, plugged into the same outlet.
So about 2 months ago I have a Cisco WS-C3560G-24PS-S switch die on me. It was working then it just stopped. So I power cycled it. Fans turn on and the lights on the front turned on, then went off, but not much else happened, no boot and nothing from the console at all.
So I replaced it with a spare we had (exact same model), and everything was happy. The dead switch sat on my desk for about a week until I managed to get the time to call Cisco to see if they would replace it, and while I was on hold I decided to plug it in and remind myself of the issue. Lo and behold the damn thing started up just fine and was working 100%. I had Cisco replace it anyway, since I could not trust it.
Anyway, fast forward to today, and the replacement switch I put in two months ago has died as well. With the exact same symptoms. Plug it in, get the fans spinning, all the light turn on briefly and then turn off and no console data coming from the unit at all.
One switch failing like this is par for the course and nothing to ponder about, but 2 switches, having the exact same issue in such a short period of time? That leads me to think there is something else going in here, but I am at a complete loss as to what that could be.
Any suggestions on where I can look here? I'd like to be reasonably sure that this won't happen to a third switch I put in place.
Yeah, it's an old freaking chassis that I am looking for, but it's turning into a bit of a hard thing to find, the only one on EBay is a full system and is a more than I'd want to spend. So I figured I'd ask my IT brethren about it, who knows, maybe one you guys has one sitting in a closet somewhere that you don't need. A long shot I know, but worth the try.
It will go nicely in my vintage computer collection, where I have an IBM 5160 (XT), IBM PCjr, IBM 5140 (The Convertible) and IBM 5162 (XT-286).
Thanks in advanced,
@Dashrender said in Looking for an AD GUI Tool for Account/Computer Management:
Several different tools, but some pretty handy ones.
AD Tidy is what I have used from there, and it worked well enough. I was hoping to get a single tool that did all my requirements, but I guess I could use multiple tools. Looks like they do not have a bulk user importer though.
@Dashrender said in Looking for an AD GUI Tool for Account/Computer Management:
SolarWinds also has several free and paid tools.
http://www.solarwinds.com/free-tools/active-directory-admin-tools-bundle
Yes, I have those, and have used them. They are ok, but i have found the bulk user tool is somewhat hit and miss, and very hard to use.
I need it to be idiot proof and easy. The plan is myself (System Admin) and our Data Admin will use it, and she would probably have issues with using powershell, she has even less time than I do to futz around with a CLI and a script.
So I've been given a little bit of money to buy a software tool to help me with AD. I'd like this tool to:
Yes, I know you can do all of this in powershell, and yes I know there are some free tools out there. But I have tried the free ones and have found none that work, and I simply do not have the time to develop and test powershell scripts for me to use once a year when I do all of this. I am looking for easy point and click and go.
Thanks in advance for your suggestions.
@momurda said in Backup solutions for Xenserver:
@jrc
I use the Unitrends virtual appliance, and I am still loving my Unitrends setup. I'm not sure what you mean that XS is an afterthought for Unitrends. They are 1 out of about 3 vendors that support XS. Every problem(2) I have had with it in the last 8 months has been my fault. I am only backing up about 10TB and 40 or so vms though, perhaps your environment is a lot larger.
This is with 1 gbit interface between xs and ueb
It does do dedupe very well. I usually get about 40-60MB/s backup speed on full backups. Agent backups seem to be a bit slower.
With XS and unitrends you have to have your network interfaces setup correctly in XS and the Unitrends appliance, or all sorts of stuff doesn't work well, or at all. You also need to make sure you aren't trying to backup too many vms at once on the same SR, which can lead to tapdisk unpause errors, tapdisk timeouts and other bad things. This seems to be a limitation of XS 6.5, not sure if 7 is better.
My UEB has an interface on Network 0(mgmt. iface) of the XS host. And one other that is on another subnet so I can easily connect to the web server.
My environment is much smaller than yours, I have 12 or so VMs with about 6Tb of data. I do stagger the backups so that I do not go over the max connected VHDs to the appliance.
When you say that the network interface has to setup right, what do you mean? My appliance just uses the network gang I have (4x1Gb NICs) that is also used by all the other machines and as the management interface.
The main problem I've had was that it would error out during a backup, but that error would cause my SR to then fill up with snapshots, which then caused more errors in Unitrends since it would never detach the VHD or do any cleanup. When they looked through the logs they would then blame it on the Xenserver error and more or less stop supporting it at that point. The main error was SR_Backend_Failure_46, which I was able to trace back to the fact that the backups were failing.
Here's my setup:
2 Xenservers with an HP SAN for storage (connected via 8Gb/s fiber, in multipath mode). My backup target is a Dell server running Ubuntu with a single NFS share created. The appliance is using NFS as the protocol for backup.
The latest issue is that the appliance just sort of stops backing things up, as well as sending out emails about any failures or anything. And when I go to look at it I can see there are 4 or 5 machines queued and one or two just sitting there at some percentage and just not moving forward at all. I have not really bothered to call them on this, since I suspect they're going to just go have me re-install and re-impliment it again (for the 6 or 7th time in a year), I have just not had the time with our new school opening up.
At this point, even if they were to fix it, I am not sure that I would trust it. I mean PHD Virtual worked perfectly and reliably, but Unitrends 9 has only worked for me a total of about a month out of the last 12, and I don't have the time to spend hours and hours on the phone asking them to fix something that is clearly broken on their end.
To their credit, they have really gone out of their way to try and help me on this. So their support is top notch, I just wish their product was better.
@KatieUnitrends said in Backup solutions for Xenserver:
@jrc I'm sorry that you're having this issue. We are committed to the success of all of our users, including those protecting XenServer. How can I help?
Hi Katie,
The issue is fundamentally a programming issue on your end. Xenserver seems to be an afterthought for you guys and as such is less than a priority. And I am honestly tired of having to fend off "The issue is on your end" from you support guys, when I have proved time and time again that it is not. On top of that the GUI is quite buggy, and I am also very tired of having to reinstall it to get it to work for a short period of time, just to have to do it all over again.
So yeah, I am not sure there is anything you can do to help me, but thanks for the offer.
Thought I'd update this. After many hours with Unitrends we got it working, and I was hitting near 100% success. And then it just stopped again. And by stopped I mean completely stopped emailing me, running scheduled backups, and running backups are just stuck. Reboot the appliance and it fixes it for about an hour.
The bottom line here is that Unitrends bought PHDVirtual for the interface, and seem to have zero interesting in getting it to work with Xenserver, the support techs I have dealt with have all but said as much. So I am being forced at this point to go somewhere else. I'll be testing Alike as soon as I get my head above water on some other projects, and I will most likely test some of the other backup options suggested here.
The process should be pretty simple. Unjoin the W2k3 machine from the NT 4 domain, rename the user's home folder, join it to the new domain, login as Admin and let it create the new profile directory. The use the profile copy options to get the profile copied over.
See the XP instructions here: https://kb.iu.edu/d/aidk
@thwr said in Apache 2 and Ldap Auth:
Awesome, glad you found a solution. Please be aware that auth basic is plaintext, just base64-encoded. Better use at least SSL to protect at the transport layer.
https://en.wikipedia.org/wiki/Basic_access_authentication#Client_side
Yes, I know. First thing I did when I setup this server was to add a cert, setup the SSL and create a rewrite rule to force all access over SSL (HTTPS). This auth stuff is also only in the default-ssl.config file.
I took the quote out and now it works....
<Directory "/var/www/html/ad_test">
AllowOverride all
order allow,deny
allow from all
AuthType Basic
AuthName "Please enter your AD credentials"
AuthBasicProvider ldap
#AuthzLDAPAuthoritative off
AuthLDAPBindDN [email protected]
#Account used to bind to AD
AuthLDAPBindPassword xxxxxxxx <---- no quotes
#Account Password
AuthLDAPURL ldap://dc.domain.tld:3268/dc=domain,dc=tld?sAMAccountName?sub?(objectClass=*) <---- no quotes
#Server Address for the bind
Require valid-user
</Directory>
@momurda said in Apache 2 and Ldap Auth:
Ah yes I see that now in the docs.
I noticed you've not included an OU in your url, is this user inside an OU, you might want to specify it.
I see what thwr mentioned too about the user name. If adding the OU doesn't/wont work, then you can try changing the user munki@tld to ad_test and its password to test as long as ad_test exists in your AD.
I originally had the user specced in the cn=munki,cn=admin,dc=domain,dc=tld format, and changed to this format from some web research. Neither worked. The munki account exists and works, it is used for AD looks up elsewhere and functions just fine.
@momurda said in Apache 2 and Ldap Auth:
Try adding this on a line between AuthBasicProvider and Auth LDAPBindDN
AuthzLDAPAuthoritative off
As I understand it that command has been deprecated in the latest version of apache. When I add it the config test fails with:
Invalid command 'AuthzLDAPAuthoritative', perhaps misspelled or defined by a module not included in the server configuration
I had this in there originally, but removed it because of this and the fact that the documentations says it's been removed since 2.4
Ahh, I think I follow. That does not sound right though. The log seems to indicate that it makes the connection fine, and the only error in there is one that clearly means credentials are the problem (the res_errno: 49, res_error: <80090308: LdapErr: DSID-0C0903C8, comment: AcceptSecurityContext error, data 52e, v2580>, res_matched: <> line, 52e = invalid credentials). But here;s the thing, I have no idea if this is the credentials for the binding account or the end user account. But regardless I am definitely using the right username and passwords there.
@thwr said in Apache 2 and Ldap Auth:
Just two things coming to mind:
- Two-hop issue
- Are you possibly affected by terminated TCP connections? E.g. Connection pinning/ keepalive
I am pretty sure that It's not a TCP connection issue. But I am not sure what you mean by two hop issue.
So after many hours today I have gotten Apache installed and configured and asking for passwords. But I am now pulling out my hair with this as it simply won't seem to authenticate with AD. I am 10000% sure that I am using the right username and password for both my test account (ad_test) and my binding account.
Here is what I have in my site-enabled conf file:
<Directory "/var/www/html/ad_test">
AllowOverride all
order allow,deny
allow from all
AuthType Basic
AuthName "Please enter your AD credentials"
AuthBasicProvider ldap
AuthLDAPBindDN “[email protected]”
#Account used to bind to AD
AuthLDAPBindPassword " " <--- removed for this post.
#Account Password
AuthLDAPURL "ldap://dc.domain.tld:3268/dc=domain,dc=tld?sAMAccountName?sub?(objectClass=*)"
#Server Address for the bind
Require valid-user
</Directory>
And here is the error output in the apache error log:
ldap_create
ldap_simple_bind
ldap_sasl_bind
ldap_send_initial_request
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP dc.domain.tld:3268
ldap_new_socket: 17
ldap_prepare_socket: 17
ldap_connect_to_host: Trying <correctserverIP>:3268
ldap_pvt_connect: fd: 17 tm: 10 async: 0
ldap_ndelay_on: 17
ldap_int_poll: fd: 17 tm: 10
ldap_is_sock_ready: 17
ldap_ndelay_off: 17
ldap_pvt_connect: 0
ldap_open_defconn: successful
ldap_send_server_request
ldap_result ld 0x7f833c0016f0 msgid 1
wait4msg ld 0x7f833c0016f0 msgid 1 (timeout 60000000 usec)
wait4msg continue ld 0x7f833c0016f0 msgid 1 all 0
** ld 0x7f833c0016f0 Connections:
** ld 0x7f833c0016f0 Outstanding Requests:
So what am I doing wrong here? It looks like the the LDAP bind is working, but for some reason it is not correctly checking the password of the user.
@IRJ said in Pre-Baked LAMP server with AD Authentication in Apache:
@JaredBusch said
This github project has not been modified in a year, but looks like it will handle things for you.
https://github.com/adldap/adLDAP
Or you can roll your own by setting up mod_auth_ldap in Apache or PHP based LDAP.
Beat me to it.
That looks promising, but I know the pieces are out there, getting linux to do LDAP auth is one thing, but where I fall short is getting that to also work in Apache. All of which I could do if I had the time. Hence my need for a clear simple set of instructions to get it working as quickly as possible.