http://www.claudiokuenzler.com Online portfolio of Claudio Kuenzler en-en http://www.claudiokuenzler.com/graph/content/rss.png http://www.claudiokuenzler.com http://www.claudiokuenzler.com/blog/264/debian-squeeze-bind-reload-error-connection-refused-connect-failed-953 http://www.claudiokuenzler.com/blog/264/debian-squeeze-bind-reload-error-connection-refused-connect-failed-953 By upgrading a Debian server from Lenny to Squeeze, the version of the DNS name server Bind changes from 8.4.7 to 9.7.3. If the same configuration files are re-used, bind will have problems to reload the configuration. While it worked fine under Debian Lenny, errors now appear on Squeeze. The errors look like these: # /etc/init.d/bind9 reload Reloading domain name service...: bind9rndc: connect failed: 127.0.0.1#953: connection refused amp;nbsp;failed! # rndc reload rndc: connect failed: 127.0.0.1#953: connection refused The port 953 is used for the rndc (control-) command, usually used for reloading the bind server. In /etc/bind there is a file called rndc.key. This file (or the content) need to be included in named.conf or named.conf.options. Furthermore the control definition needs to be added, so that rndc listens on port 953. I defined both in named.conf.options: # cat named.conf.options options { ... }; key quot;rndc-keyquot; { amp;nbsp;amp;nbsp;amp;nbsp;amp;nbsp;amp;nbsp;amp;nbsp;amp;nbsp; algorithm hmac-md5; amp;nbsp;amp;nbsp;amp;nbsp;amp;nbsp;amp;nbsp;amp;nbsp;amp;nbsp; secret quot;xxxYOURSECRETKEYxxx==quot;; }; controls { amp;nbsp;amp;nbsp;amp;nbsp;amp;nbsp;amp;nbsp;amp;nbsp;amp;nbsp; inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { rndc-key; }; amp;nbsp;amp;nbsp;amp;nbsp;amp;nbsp;amp;nbsp;amp;nbsp;amp;nbsp; }; After a bind9 restart, the config could be successfully reloaded... Thu, 17 May 2012 12:29:31 +0200 http://www.claudiokuenzler.com/blog/263/ftp-login-error-530-login-incorrect-proftpd-server-bin-false-shell http://www.claudiokuenzler.com/blog/263/ftp-login-error-530-login-incorrect-proftpd-server-bin-false-shell In case you have a Proftpd FTP server and you receive the following error message in your FTP log, it does not necessarily mean that your password is wrong: Status:amp;nbsp;amp;nbsp;amp;nbsp; Verbinde mit xxx.xxx.xxx.xxx:21... Status:amp;nbsp;amp;nbsp;amp;nbsp; Verbindung hergestellt, warte auf Willkommensnachricht... Antwort:amp;nbsp;amp;nbsp;amp;nbsp; 220 FTP Server ready. Befehl:amp;nbsp;amp;nbsp;amp;nbsp; USER web24 Antwort:amp;nbsp;amp;nbsp;amp;nbsp; 331 Password required for web24 Befehl:amp;nbsp;amp;nbsp;amp;nbsp; PASS ******** Antwort:amp;nbsp;amp;nbsp;amp;nbsp; 530 Login incorrect. Fehler:amp;nbsp;amp;nbsp;amp;nbsp; Kritischer Fehler Obviously you need to check on the server if the password is really correct. The next step is to use proftpd's debugging mode. Stop the daemon and launch the following command: proftpd -nd6 This command launches proftpd in debug mode, where you can trace everything what happens: # proftpd -nd6 amp;nbsp;- using TCP receive buffer size of 87380 bytes amp;nbsp;- using TCP send buffer size of 16384 bytes amp;nbsp;- disabling runtime support for IPv6 connections amp;nbsp;- mod_tls/2.4.2: using OpenSSL 0.9.8o 01 Jun 2010 amp;nbsp;- amp;lt;IfModuleamp;gt;: using 'mod_tls.c' section at line 9 ftp.server.ip.address - ftp.server.ip.address - Config for example.com: ftp.server.ip.address - Limit ftp.server.ip.address -amp;nbsp; DenyGroup ftp.server.ip.address - DefaultServer ft... Mon, 14 May 2012 23:49:31 +0200 http://www.claudiokuenzler.com/blog/262/linux-compare-synchronization-virtual-or-physical-ntp-server http://www.claudiokuenzler.com/blog/262/linux-compare-synchronization-virtual-or-physical-ntp-server A while ago I experienced NTP synchronisation problems between Linux clients and the NTP server, a Windows 2003 server (Domain Controller role). As a temporary solution, a virtual machine was then set up which served as NTP server. Due to virtualized hardware, the virtual machines often have problems with keeping up their (virtual) time. They often run too fast, are therefore in the future, sometimes they're lagging behind. So it was clear: To use a virtual NTP server must be a temporary solution. After re-modifications and adaption of the Windows settings to be able to serve NTP requests, the Linux guests were switched back to re-use the physical NTP server. But would it really make such a big difference? The following graphs prove it: Yes. As one can see on the graphic, before the switch to the physical NTP server, many spikes of offsets can be seen. This happened on both physical and virtual servers, has therefore nothing to do with the NTP client. Instead both physical and virtual servers received the same time from the virtual NTP server which itself presents its own time, synchronized with an external source. After the switch to a physical NTP server, there are no offset spikes anymore and the whole synchronization is much steadier. ... Mon, 14 May 2012 12:27:10 +0200 http://www.claudiokuenzler.com/blog/261/after-debian-upgrade-webalizer-confixx-statistics-not-created-error-geoip http://www.claudiokuenzler.com/blog/261/after-debian-upgrade-webalizer-confixx-statistics-not-created-error-geoip Just experienced a 'funny' issue on a recently upgraded Debian server (upgraded from Lenny to Squeeze): The Webalizer statistics were not created anymore. On web servers with Confixx installed, the script which creates the Webalizer statistics is located in /root/confixx/runwebalizer.sh. After a manual launch, the following errors were shown: ~/confixx # ./runwebalizer.sh Error Opening file /usr/share/GeoIP/GeoIP.dat Error Opening file /usr/share/GeoIP/GeoIP.dat Error Opening file /usr/share/GeoIP/GeoIP.dat Error Opening file /usr/share/GeoIP/GeoIP.dat Error Opening file /usr/share/GeoIP/GeoIP.dat Error Opening file /usr/share/GeoIP/GeoIP.dat Error Opening file /usr/share/GeoIP/GeoIP.dat Error Opening file /usr/share/GeoIP/GeoIP.dat After a quick research I found the following hint in Debian Bug #532123: This file is now part of the geoip-database package, which webalizer should depend on. So even if you have libgeoip1 installed (and this was sufficient on Debian Lenny), you now need to install geoip-database as well: # apt-get install geoip-database Shortly after that, Webalizer ran fine again. amp;nbsp; Update May 11th 2012: The issue went deeper than I previously thought. Although the errors of the GeoIP.dat file disappeared, the Webalizer statistics weren't updated automatically anymore. Only a manual launch of the mentioned runwebalizer.sh script worked. So I tried to run the basic Webalizer command with the confi... Mon, 07 May 2012 19:38:37 +0200 http://www.claudiokuenzler.com/blog/260/using-aptitude-apt-get-behind-proxy-with-authentication http://www.claudiokuenzler.com/blog/260/using-aptitude-apt-get-behind-proxy-with-authentication After making a few tests with openSUSE 12.1 and Ubuntu 12.04 LTS on a workstation, I ran into proxy authentication problems when trying to update the OS. While on openSUSE zypper simply doesn't support proxy authentication (yet... a bug is still open), at least on Ubuntu there's the possibility to add the proxy settings to the apt configuration. In your /etc/apt/apt.conf file you need to enter the following lines: # cat /etc/apt/apt.conf Acquire::http::proxy quot;http://proxyuser:password@proxyserver:8080/quot;; Acquire::https::proxy quot;http://proxyuser:password@proxyserver:8080/quot;; Acquire::ftp::proxy quot;http://proxyuser:password@proxyserver:8080/quot;; Note that without proxy authentication, it is not necessary to enter the user and password credentials. ... Fri, 04 May 2012 11:28:16 +0200 http://www.claudiokuenzler.com/blog/259/check-equallogic-bugfix-in-info-check-firmware-version http://www.claudiokuenzler.com/blog/259/check-equallogic-bugfix-in-info-check-firmware-version In previous versions, the info check of the Nagios plugin check_equallogic couldn't correctly handle the output, when several members were used in the same group. As it is known, each member shows information about all members in the same group - this is a wanted design of Equallogic.amp;nbsp; The fix in version 20120503 addresses this issue and now shows a correct information of all devices.amp;nbsp; Furthermore a firmware check has been added (still in this 'info' check type). The firmware version is controlled on every member and a WARNING is issued if the firmware versions differ. Reminder: All Equallogic members of the same group should have the same firmware version. ... Thu, 03 May 2012 10:25:01 +0200 http://www.claudiokuenzler.com/blog/258/esxi-5.0-u1-slow-hardware-status-new-vmware-knowledge-base-article http://www.claudiokuenzler.com/blog/258/esxi-5.0-u1-slow-hardware-status-new-vmware-knowledge-base-article As I already wrote in an article (Slow hardware discovery/check with ESXi 5.0 U1) in March, there is a bug in the current ESXi version (5.0 U1) which slows down the query of the CIM entries. VMware acknowledged the bug and announced a bugfix for Q3. Now I just saw that VMware has created a new Knowledge Base entry on April 17th for this particular bug: http://kb.vmware.com/kb/2016538 This is not only great for ESXi admins to track this bug and find updated information but it is also great for the Nagios plugin check_esxi_hardware.py as it is mentioned directly in the KB article! Take a look at the screenshot (or visit the KB link above): Thanks to all the check_esxi_hardware users who contacted VMware concerning this bug. I'm pretty sure that users of check_esxi_hardware.py were the first ones hitting that bug ;-). ... Wed, 02 May 2012 16:45:58 +0200 http://www.claudiokuenzler.com/blog/257/check_esxi_hardware-plugin-bugfix-cannot-concatenate-nonetype-objects http://www.claudiokuenzler.com/blog/257/check_esxi_hardware-plugin-bugfix-cannot-concatenate-nonetype-objects Craig Hart discovered a bug in the monitoring plugin/script check_esxi_hardware.py which occurred on self-built servers or generally on servers which did not have a CIM entry for Manufacturer. The typical error message, when the script tries to handle the Manufacturer value, looks like this: TypeError: cannot concatenate 'str' and 'NoneType' objects The bugfix added in todays version (20120501) handles this case and sets the manufacturer string to Unknown Manufacturer. Big thanks to Craig for his discovery and fix. ... Tue, 01 May 2012 12:10:49 +0200 http://www.claudiokuenzler.com/blog/256/monitor-check-snapshots-dell-equallogic http://www.claudiokuenzler.com/blog/256/monitor-check-snapshots-dell-equallogic Already a while ago Roland Penner has send me an interesting patch which added a new check type (snapshots) in the Nagios/Monitoring plugin check_equallogic. As the name of the type already describes it, this check type is used to check the reserved disk space on your Dell Equallogic SAN.amp;nbsp; This new features is available now and version 20120430 of check_equallogic has been released. Big thanks to Roland for his contribution! ... Mon, 30 Apr 2012 16:10:40 +0200 http://www.claudiokuenzler.com/blog/255/linux-server-crash-oops-bug-unable-to-handle-null-pointer-defect-memory http://www.claudiokuenzler.com/blog/255/linux-server-crash-oops-bug-unable-to-handle-null-pointer-defect-memory Just recently I had to handle two crashes of the same Linux server. As soon as I launched some I/O intensive process (rsync in my case), the machine crashed. The following log entries were written in the kern.log. First crash: Apr 25 20:12:15amp;nbsp; kernel: [12156.863672] BUG: unable to handle kernel NULL pointer dereference at (null) Apr 25 20:12:15amp;nbsp; kernel: [12156.863728] IP: [] writeback_inodes_wb+0xf6/0x4ff Apr 25 20:12:15amp;nbsp; kernel: [12156.863765] PGD 0 Apr 25 20:12:15amp;nbsp; kernel: [12156.863787] Oops: 0002 [#1] SMP Apr 25 20:12:15amp;nbsp; kernel: [12156.863812] last sysfs file: /sys/devices/system/cpu/cpu7/cpufreq/scaling_governor Apr 25 20:12:15amp;nbsp; kernel: [12156.863862] CPU 4 Apr 25 20:12:15amp;nbsp; kernel: [12156.863883] Modules linked in: acpi_cpufreq cpufreq_conservative cpufreq_powersave cpufreq_stats cpufreq_userspace ext3 jbd loop snd_pcm snd_timer i2c_i801 snd soundcore snd_page_alloc i2c_core video wmi button output pcspkr evdev ext4 mbcache jbd2 crc16 dm_mod aacraid 3w_9xxx 3w_xxxx raid10 raid456 async_raid6_recov async_pq raid6_pq async_xor xor async_memcpy async_tx raid1 raid0 md_mod sata_nv sata_sil sata_via sd_mod crc_t10dif ahci libata ehci_hcd r8169 xhci scsi_mod usbcore thermal nls_base mii processor thermal_sys [last unloaded: scsi_wait_scan] Apr 25 20:12:15amp;nbsp; kernel: [12156.864195] Pid: 9876, comm: flush-253:1 Not tainted 2.6.32-5-amd64 #1 System Product Name Apr 25 20:12:15amp;nbsp;... Fri, 27 Apr 2012 13:18:43 +0200 http://www.claudiokuenzler.com/blog/254/gmail-new-layout-change-show-labeled-text-buttons-not-icon http://www.claudiokuenzler.com/blog/254/gmail-new-layout-change-show-labeled-text-buttons-not-icon Google's famous free mailing service, Gmail, has created a new layout back in November 2011, which imho is less intuitive and much slower than the previous one. At least Google permitted to continue to use the old layout - until this month. The option quot;Switch back to old layoutquot; is not there anymore and now long time happy users like me have to adapt ;-). The first big bugger is the fact, that the buttons use icons instead of text labels now. I'm usually a fan of nice created icon-buttons but in this case I lose more time looking for the right button than if it would've been labeled with text. The icons also increase the risk of pushing the wrong button... Luckily Google acknowledged that the text labeled buttons are probably easier (and faster) to read and recognize and gave an option to revert to these text buttons. And here's how you do that: On the right side of the screen click on the Settings icon (a gearwheel). Then click on Settings: In the Settings make sure you're in the first tab (General). There's a setting called Button Labels, this is the one you want to change to Text: After hitting Save Changes at the bottom of the Settings page, you will see the text labeled buttons again. And honestly, take a look and compare the following menu, which one would you think is easier to 'guess' the action of the button? ... Tue, 24 Apr 2012 14:30:57 +0200 http://www.claudiokuenzler.com/blog/253/xinha-editor-force-html-xhtml-encoding-br-without-slash http://www.claudiokuenzler.com/blog/253/xinha-editor-force-html-xhtml-encoding-br-without-slash Xinha is a very handy text-editor which can easily be applied on any textarea field. See the following picture for an example: Although the Xinha project is old and probably dead (the last update dates from May 2010) it still is a very effective TextArea-Editor and easy to install. There was only one issue which bugged me for a long time: Instead of writing amp;lt;bramp;gt; tags as linebreak, the XML version amp;lt;br /amp;gt; was always used. This is fine if one has declared his page encoding with the XHTML standard but the W3C validator complains when the page's encoding is set to HTML 4.01. Unfortunately there is no setting in Xinha to set the encoding output but it is manually possible to handle this problem. In XinhaCore.js set the HTML output method from DOMwalk (default) to TransformInnerHTML: /** This determines the method how the HTML output is generated. amp;nbsp; *amp;nbsp; There are two choices: amp;nbsp; * amp;nbsp; * amp;nbsp; * DOMwalk This is the classic and proven method. It recusively traverses the DOM tree amp;nbsp; *amp;nbsp;amp;nbsp;amp;nbsp;amp;nbsp;amp;nbsp;amp;nbsp;amp;nbsp;amp;nbsp;amp;nbsp;amp;nbsp; and builds the HTML string quot;from scratchquot;. Tends to be a bit slow, especially in IE. TransformInnerHTML This method uses the JavaScript innerHTML property and relies on Regular Expressions to produce amp;nbsp; *amp;nbsp;amp;nbsp;amp;nbsp;amp;nbs... Mon, 23 Apr 2012 10:22:26 +0200 http://www.claudiokuenzler.com/blog/252/confixx-spamassassin-user-settings-in-roundcube-webmail http://www.claudiokuenzler.com/blog/252/confixx-spamassassin-user-settings-in-roundcube-webmail In August 2010 I already wrote an article how to change Confixx email account passwords in Roundcube. Now it is time to continue the integration of Confixx into Roundcube. As Confixx administrators know, there is a possibility to integrate SpamAssassin. Every Confixx user can adapt his own black- or whitelists, set the rewrite_subject options, and so on. But there is one big downside: The user needs to be logged into Confixx to make changes in his SpamAssassin settings. Wouldn't it be much simpler for the user to change these settings directly in his Roundcube Webmail, instead of having to log in to another web-application? The answer is yes. There's a plugin called SpamAssassin User Prefs (short SAUserPrefs). This plugin is all you need to succeed, plus a few changes in the SQL privileges. I'll explain step by step. 1. Grant SQL permissions for Roundcube userThe Roundcube Webmail runs with its own database and usually with its own database user. If you're not sure anymore which SQL user your Roundcube installation uses, take a look at the config/db.inc.php file. In my example the username is roundcube.This database user need to have the following rights on the database confixx and on the table spamprefs: SELECT, INSERT (on username, preference and value) and DELETE.So grant these permissions: GRANT SELECT , INSERT( `username` , `preference` , `value` ) ,DELETE ON `confixx`.`spampref` TO 'roundcube'@'localhost'; 2. Download and unpack the pluginGo to... Fri, 20 Apr 2012 11:42:34 +0200 http://www.claudiokuenzler.com/blog/251/windows-file-copy-transfer-robocopy-vs-richcopy http://www.claudiokuenzler.com/blog/251/windows-file-copy-transfer-robocopy-vs-richcopy A couple ofamp;nbsp; years ago, I had to handle a massive file transfer on a Windows file server. Back then I used Robocopy (mentioned in the link list) to do the job, which worked excellent. Now I had to do a similar transfer and naturally wanted to re-use Robocopy until I saw that the article about a GUI for Robocopy on the Utiliy Spotlight website of Microsoft has been updated and now mentions a new copy tool called: Richcopy. To release a better GUI than the one made for Robocopy is not that difficult. What is more interesting is the functionality of both tools. Robocopy (I'm refering from now on to the command line) is a short name for 'robust copy' (and not Robot(ic) copy as many think, although it can be used in batch scripts). It is the known working tool to copy files and folders and keep their NTFS security permissions. However, it is known to be slow, as each file is treated once after another.Richcopy is newer but does newer mean better? The GUI seems straightforward, simple and provides all essential copy-options. I started the transfer with Richcopy: As soon as I started the copy process, Richcopy accessed several files at the same time (see screenshot above). That's a big improvement over Robocopy! With this multi-threaded copy, it didn't only seem faster to my eye, but was in fact much faster. Another nice improvement is the fact, that now the copied folders and files take heritage of the destination folder. That's exactly what I ne... Wed, 18 Apr 2012 16:48:07 +0200 http://www.claudiokuenzler.com/blog/250/netbackup-init-script-32bit-6.5-sles-linux http://www.claudiokuenzler.com/blog/250/netbackup-init-script-32bit-6.5-sles-linux Someone who wants to install NetBackup on a 32bit machine might rub his eyes: The latest version 7.x is not available for 32bit machines anymore. In this case it is mandatory to install the previous version, 6.5.x on the client. Although the installation is not that difficult, the init script which comes with the installation doesn't really work. Additionally it sets itself up in /etc/xinet.d and is therefore dependent on the xinet.d service. The following init script is adapted to launch the necessary NetBackup services on a 32bit machine, in this case it was a SLES Linux: #!/bin/bash################################################################################# Script:amp;nbsp;amp;nbsp;amp;nbsp;amp;nbsp;amp;nbsp;amp;nbsp; netbackup (init script)amp;nbsp;amp;nbsp;amp;nbsp;amp;nbsp;amp;nbsp;amp;nbsp;amp;nbsp;amp;nbsp;amp;nbsp;amp;nbsp;amp;nbsp;amp;nbsp;amp;nbsp;amp;nbsp;amp;nbsp;amp;nbsp;amp;nbsp;amp;nbsp;amp;nbsp;amp;nbsp;amp;nbsp;amp;nbsp;amp;nbsp;amp;nbsp;amp;nbsp;amp;nbsp;amp;nbsp;amp;nbsp;amp;nbsp;amp;nbsp;amp;nbsp;amp;nbsp;amp;nbsp;amp;nbsp;amp;nbsp;amp;nbsp;amp;nbsp;amp;nbsp;amp;nbsp; # # Author:amp;nbsp;amp;nbsp;amp;nbsp;amp;nbsp;amp;nbsp;amp;nbsp; Claudio Kuenzleramp;nbsp;amp;nbsp;amp;nbsp;amp;nbsp;amp;nbsp;amp;nbsp;amp;nbsp;amp;nbsp;amp;nbsp;amp;nbsp;amp;nbsp;amp;nbsp;amp;nbsp;amp;nbsp;amp;nbsp;amp;nbsp;amp;nbsp;amp;nbsp;amp;nbsp;amp;nbsp;amp;nbsp;amp;nbsp;amp;nbsp;amp;nbsp;amp;nbsp;amp;nbsp;amp;nbsp;amp;nbsp;amp;nbsp;amp;nbsp;amp;nbsp;amp;nbsp;amp;nbsp... Wed, 11 Apr 2012 16:23:38 +0200 http://www.claudiokuenzler.com/blog/249/poolconn-poolusage-rewrite-check_equallogic http://www.claudiokuenzler.com/blog/249/poolconn-poolusage-rewrite-check_equallogic A new version (20120405) of the well used check_equallogic monitoring plugin is available. Several modifications were done in the last days, mainly by Erwin Bleeker. In version 20120319 he added a new check type called poolconn which checks the highest number of ISCSI connections per pool (compared to the conn check, which measures the total number of connections). Then he also rewrote the poolusage check, which wasn't actually showing the real usage of defined pools, but rather the utilization of an Equallogic member (and its disk) in a group. So to make use of that, two things happened:1. The old poolusage check was renamed to memberusage - to be able to measure the disk utilization on each member of the whole group2. New poolusage check which now correctly shows the utilization of a pool The new poolusage check was introduced in version 20120330. The latest version 20120405 contains some small bugfixes for the output of the new poolusage check when no thresholds were used. ... Fri, 06 Apr 2012 11:10:53 +0200 http://www.claudiokuenzler.com/blog/248/fixed-dell-warrantly-urls-in-check_esxi_hardware http://www.claudiokuenzler.com/blog/248/fixed-dell-warrantly-urls-in-check_esxi_hardware Because DELL has changed the URL for warranty status (once again), the links in the Nagios plugin check_esxi_hardware.py were not valid anymore.amp;nbsp; Phil Randal fixed this issue by handling the new urls. A new version, 20120405, is therefore available. ... Thu, 05 Apr 2012 10:20:35 +0200 http://www.claudiokuenzler.com/blog/247/linux-virtual-server-crash-update_cpu_power-kernel-uptime-bug http://www.claudiokuenzler.com/blog/247/linux-virtual-server-crash-update_cpu_power-kernel-uptime-bug Last night there was a crash of a virtual Linux server, running on SLES11 SP1 which uses Kernel 2.6.32 (2.6.32.36-0.5-default to be exact). At first I suspected a problem with the vmware tools as vSphere client showed the following error at 05.38am this morning: This virtual machine reset by HA. Reason: VMware Tools heartbeat failure. A screenshot is saved at..... One of the first things to look at a vm crash is the cpu and memory usage. It often happens that a process gone haywire increases its memory allocation or cpu usage until the machine gives up and eventually dies. But in this case it's different. At the moment of the crash, a spike of CPU usage is shown: First thing I saw in the messages log were thousands of kernel entries, starting with this one yesterday at 11.15pm: Apramp;nbsp; 3 23:15:29 linuxserver kernel: [18446744063.848170] ------------[ cut here ]------------Apramp;nbsp; 3 23:15:29 linuxserver kernel: [18446744063.848179] WARNING: at /usr/src/packages/BUILD/kernel-default-2.6.32.36/linux-2.6.32/kernel/sched.c:3847 update_cpu_power+0x151/0x160()Apramp;nbsp; 3 23:15:29 linuxserver kernel: [18446744063.848183] Hardware name: VMware Virtual PlatformApramp;nbsp; 3 23:15:29 linuxserver kernel: [18446744063.848184] Modules linked in: af_packet cifs(X) nls_utf8 nfs lockd fscache nfs_acl auth_rpcgss sunrpc softdog vsock(X) vmmemctl(X) acpiphp microcode fuse ext2 loop ppdev parport_pc parport sg tpm_tis tpm floppy vmci(X) tpm_bios pcspkr sr_... Wed, 04 Apr 2012 10:30:42 +0200 http://www.claudiokuenzler.com/blog/246/check_esxi_hardware-available-as-openbsd-port http://www.claudiokuenzler.com/blog/246/check_esxi_hardware-available-as-openbsd-port Great news to everyone who's using OpenBSD: From today on the Nagios/Monitoring plugin check_esxi_hardware.py is available as OpenBSD port: http://www.openbsd.org/cgi-bin/cvsweb/ports/net/nagios/check_esxi_hardware/ Big thanks to Mike Erdely who will be the maintainer for the port. ... Mon, 02 Apr 2012 21:25:08 +0200 http://www.claudiokuenzler.com/blog/245/anti-blog-spam-comments-technologies-captcha-vs-questions http://www.claudiokuenzler.com/blog/245/anti-blog-spam-comments-technologies-captcha-vs-questions Back in June 2011 I wrote about new amp;quot;intelligentamp;quot; blog spamming where bots left comments on blogs.Since then, blog-spamming sharply increased. As the webmaster of a blog usually gets a notification-mail that a comment was written on the blog (often with the content of the comment), this is equal to a spam. It's in fact even easier for a spammer because he doesn't even have to know the recipients e-mail address. In the past months I've gotten so many comment-spams per day, I got tired of amp;quot;cleaningamp;quot; them out. Also it increased the risk of not seeing a amp;quot;realamp;quot; comment. Nothing is worse than deleting a ham, may this be a ham-mail or a ham-comment! From the beginning I've always been using so-called captchas, images which show letters or other characters, mixed with background noise to make it difficult for bots to read it. That worked fine for many years but the intelligence of such spam-bots seem to have increased a lot. Even after changing the font of the captcha to something almost unreadable, the bots were still able to comment-spam me while humans had difficulties to read the characters. Time for something new! On other blogs I've already seen other possibilities and I decided to use questions instead of captchas: To compare the difference between comment-spams with captchas and questions, I counted the number of spams per day since March 1st until March 31st. The date of the switch (from captcha to question) wa... Sun, 01 Apr 2012 11:49:58 +0200 http://www.claudiokuenzler.com/blog/244/monitor-datadomain-virtual-tapes-available-nagios-plugin http://www.claudiokuenzler.com/blog/244/monitor-datadomain-virtual-tapes-available-nagios-plugin As of today there's only one Nagios plugin available to check a Datadomain storage (check_dd.pl, written by Pierre Gremaud back in January 2008). It allows to check the Datadomain host for used disk space and for triggered alerts. This is good so far but backups can still fail, when there are no virtual tapes left/when all virtual tapes are 100% used (even when there is still a lot of disk space left). It is actually quite easy to monitor the status for available tapes as well, the important SNMP OID is .1.3.6.1.4.1.19746.1.11.2.4.1.1.7: # snmpwalk -v 1 -c public mydatadomainhost .1.3.6.1.4.1.19746.1.11.2.4.1.1.7SNMPv2-SMI::enterprises.19746.1.11.2.4.1.1.7.0 = STRING: amp;quot;100.0amp;quot;SNMPv2-SMI::enterprises.19746.1.11.2.4.1.1.7.1 = STRING: amp;quot;100.0amp;quot;SNMPv2-SMI::enterprises.19746.1.11.2.4.1.1.7.2 = STRING: amp;quot;100.0amp;quot;SNMPv2-SMI::enterprises.19746.1.11.2.4.1.1.7.3 = STRING: amp;quot;100.0amp;quot;SNMPv2-SMI::enterprises.19746.1.11.2.4.1.1.7.4 = STRING: amp;quot;100.0amp;quot;SNMPv2-SMI::enterprises.19746.1.11.2.4.1.1.7.5 = STRING: amp;quot;100.0amp;quot;SNMPv2-SMI::enterprises.19746.1.11.2.4.1.1.7.6 = STRING: amp;quot;100.0amp;quot;SNMPv2-SMI::enterprises.19746.1.11.2.4.1.1.7.7 = STRING: amp;quot;100.0amp;quot;SNMPv2-SMI::enterprises.19746.1.11.2.4.1.1.7.8 = STRING: amp;quot;100.0amp;quot;SNMPv2-SMI::enterprises.19746.1.11.2.4.1.1.7.9 = STRING: amp;quot;100.0amp;quot;SNMPv2-SMI::enterprises.19746.1.11.2.4.1.1.7.10 = STRING: amp;quot... Thu, 29 Mar 2012 12:28:26 +0200 http://www.claudiokuenzler.com/blog/243/thurgau-wahlen-2012-kandidat-website-marcel-kuenzler http://www.claudiokuenzler.com/blog/243/thurgau-wahlen-2012-kandidat-website-marcel-kuenzler In January I announced a new website which I was working on. The website itself is for the presentation of a political candidate for local elections in April 2012.amp;nbsp; The design colors slightly changed from my first dev versions... but the way it is presented is still the same: Left: Development version. Right: Final version with different colors. Now that the elections come closer, it is time to launch it and since last week the website is now officially online and can be visited at the following address:www.frischer-wind-im-thurgau.ch ... Mon, 26 Mar 2012 12:34:32 +0200 http://www.claudiokuenzler.com/blog/242/esxi-5.0-u1-slow-hardware-check_esxi_hardware-cim http://www.claudiokuenzler.com/blog/242/esxi-5.0-u1-slow-hardware-check_esxi_hardware-cim Several users of the Nagios plugin check_esxi_hardware.py have contacted me to tell me that the plugin seems broken after having installed ESXi 5.0 U1.amp;nbsp; The plugin now takes several minutes to finish the check. In the verbose mode every CIM query (for each class) takes 5 seconds before returning the results. After a couple of checks (thanks Pascal Saul) this 'slow bug' seems to come from the U1 update and is not related to the plugin. This can easily be verified by using your own vSphere client. Open the Hardware Status tab of the affected ESXi server then click on 'Update' and you will see that it takes a very long time (~3min) until the hardware information is collected. Update March 27th 2012 (1): VMware has acknowledged the bug and forwarded the case to their engineers/developers. Update March 27th 2012 (2): The VMware devs already responded and they're working on a bugfix. But the fix will most likely not be finished/available until Q3 2012. Thanks again to Pascal for the updates. Update March 29th 2012: The bug can be tracked with the following ID: PR 855196 Update April 4th 2012: The bugfix will be released in ESXi 5 Patch 3, which is unfortunately still only scheduled for Q3. Update May 2nd 2012: VMware released a new Knowledge Base (KB 2016538) entry where this bug is described. ... Wed, 21 Mar 2012 09:29:58 +0100 http://www.claudiokuenzler.com/blog/241/nagios-monitoring-plugin-check-ibm-ts-tape-library http://www.claudiokuenzler.com/blog/241/nagios-monitoring-plugin-check-ibm-ts-tape-library Today I can happily announce a new Nagios/Monitoring plugin called 'check_ibm_ts_tape.pl' which makes several checks on an IBM System Storage TS Tape Library. Currently the models TS3100 and TS3200 are supported and GlobalStatus, Drive Cleaning Status and Basic Information can be checked.For more information, download and documentation, please go to the page of the plugin check_ibm_ts_tape. As this is my very first Perl script (yayy!), please let me know if you find bugs or if you have ideas to improve the plugins. Enjoy!... Mon, 19 Mar 2012 19:48:16 +0100 http://www.claudiokuenzler.com/blog/240/netbackup-error-2817-flashbackup-windows-policy-restore-virtual-machine http://www.claudiokuenzler.com/blog/240/netbackup-error-2817-flashbackup-windows-policy-restore-virtual-machine In February I took over an open support case about a failed restore job in NetBackup (7.1.0.2). A restore of a virtual machine (without NetBackup agent installed) and with a size of around 550GB always failed after around 4.5 hours with the following error code: Job State: Done (Failed)FlashBackup-Windows policy restore error(2817) To fasten up the restore process, even though it fails, it was necessary to create a new Key called BACKUP in:HKEY_LOCAL_MACHINE\SOFTWARE\Veritas\NetBackup\CurrentVersion\ConfigIn this BACKUP Key/Folder a new DWORD (32-bit) value called NoEagerlyScrub was added. From now on the restore process still failed but right after around 40 seconds instead of more than 4 hours. This is all done on the Media Server. Thanks to this, the Symantec technician and I were able to make more test restores and dig into verbose log files - which had to be activated before doing a restore. The verbose logs bpfis, tar, bpvmutil and vxms are activated by:- Creating the folders bpfis, tar, bpvmutil in \Veritas\NetBackup\logs\- Changing the Logging DWORD value in HKEY_LOCAL_MACHINE\SOFTWARE\VERITAS\VxMS to 7580 (hexadecimal). The logs are created in C:\Program Files\Common Files\VERITAS\VxMS\Logs\.As before, this is also done on the Media Server. Then, before launching the restore itself, in the BAR (Backup Archive and Restore) Console go to File amp;#8594; Netbackup Client Properties amp;#8594; Troubleshooting and set Verbose to 5 and General to... Fri, 16 Mar 2012 12:30:39 +0100