Posts made by jrc

Some more details: We use a proxy on the iPads, it requires that the kids sign in once a day on their iPads, they do this with their AD credentials, and it works most of the time.

For the cases that it does not work, we want to have the kids to go to a simple website and try to sign in there. This will then do a few things:

1. It helps us rule out the AD password as the issue (which it is in most cases)
2. It will help the kids remember their passwords by trying a few times with clear feed back.
3. Allow my techs to check that the password we have on file is correct quickly and easily.
4. Give us a solid, relatable data point that the school admins can understand and can't argue with (they panic when this issue pops up and treat it like it's a back end system issue and not a user education one).

Have a powershell script is great, but it can't be run by the end user, who only has an iPad, and it has to be a website.

@JaredBusch said

Or you can roll your own by setting up mod_auth_ldap in Apache or PHP based LDAP.

This is what I was thinking to do and was hoping for a clear "1 Do this, 2 Do that ...." type howto.

I have need of a simple website, one that prompts for an AD username and password, if you enter them correctly you get a "Congrats, you are using the correct username and password" and if wrong, then a "Wrong username and password" page. I could build it from scratch, but I just don't have the time, so a pre-bakes linux install that needs to be slightly customized or a rock solid HowTo is what I need.

Having this in place will help us solve iPad proxy issues we are running into, or at least help us rule out the username and password being entered wrong which will solve ~60% of our iPad tickets and help shape the perception of the issue.

Thanks in advanced!

@scottalanmiller - So the native L2TP client in OS X, when connecting to a VPN server on an OS X server machine definitely does something with DNS so that it behaves the way I described. No idea how it did it though.

Do you know if you can configure OpenVPN to work as a DNS relay (local relayed to remote)?

So I have OpenVPN setup and working for me and some colleagues to be able to do some work from. I have it so that it routes any 10.0.0.0/8 traffic via the VPN but all else stays local and it works great.

However, one thing it does is it sets the DNS servers to those at work, but I don't want it to do this for a variety of reasons. I'd like it to use the local DNS settings as the primary, then the work ones as secondary, so that if it can't resolve something it would then query the work ones. So something like google.com would get resolved locally, but someserver.my.domain would get pushed out to the remote DNS server for resolution.

Is this even possible? If so, how do I do it on the server side?

Thanks in advance for the help!

I fixed it! Shut down the VM, then ran an offline quiescence and that did it:

xe host-call-plugin host-uuid=<Host UUID> plugin=coalesce-leaf fn=leaf-coalesce args:vm_uuid=<VM UUID>

It did take about 45 minutes, but once it was done the space was free. Xencenter is now happily reporting the used space as 4127Gb and a virtually assigned is 4115Gb, it's not perfect, but I'll take it!

Ok, let's see if this works....

The images are here

@RojoLoco said in Rack Rails for Cisco BE6000M servers:

Deep rack shelf -> place server onto shelf -> Profit!

Earthy quake... server crashes and burns on the floor, or kills admin the room at the time -> Loss and Lawsuite!

@travisdh1 said in Rack Rails for Cisco BE6000M servers:

@jrc said in Rack Rails for Cisco BE6000M servers:

@scottalanmiller said in Rack Rails for Cisco BE6000M servers:

I think eyeballing might be the only option.

This may be a stupid question, but how would you recommend I do that?

Take some pictures of the thing and show us, maybe?

Well there you go again, with your exceptionally reasonable and well thought out suggestions....

I'll see if I can grab some decent pictures later this afternoon. The servers are in production, sitting on the floor in the bottom of the rack, so it may be a bit tricky. I'll also see if I can grab some measurements while I am at it (stud separation distance).

@scottalanmiller said in Rack Rails for Cisco BE6000M servers:

I think eyeballing might be the only option.

This may be a stupid question, but how would you recommend I do that?

@scottalanmiller said in Xenserver Space Woes:

@jrc said in Xenserver Space Woes:

So my IOPs seem to be jumping between 0 and 900k fairly quickly. But the Queue size seems to stay between 0 and 1, with the latency very low (near zero) as well. Network traffic is well under 1MBps. This is from the performance meters on the Xen master host.

Basically what that is telling me is that you have plenty of IOPS in reserve and you are never demanding more from it than it can provide. Those numbers are basically showing your storage as "idle" and ready for whatever you want to throw at it.

Ok, so my gut on that was right. Then I need to work out why the leaf quiescence thingy is timing out, since it appears to not be a disk IO thing.

So my IOPs seem to be jumping between 0 and 900k fairly quickly. But the Queue size seems to stay between 0 and 1, with the latency very low (near zero) as well. Network traffic is well under 1MBps. This is from the performance meters on the Xen master host.

@coliver said in Rack Rails for Cisco BE6000M servers:

Check and see if this is a SuperMicro server. It looks like it might be.

O, that's a good idea. Any idea how I could confirm this?

@scottalanmiller said in Rack Rails for Cisco BE6000M servers:

@jrc said in Rack Rails for Cisco BE6000M servers:

Never had this issue with my HP servers, or any of my dell servers.Thanks in advanced!

Welcome to the Cisco world.

Great.... What really ticks me off is that the VAR was in our MDF, saw the racks and never said a thing. But I suppose I should not be too surprised, there are a few other issues that have cropped up that could have been avoided with a slightly more detailed visit to our MDF (they refused to send someone out for a visual).

Anyone know where I can get some rails for these servers that will work in a 2 post rack (with some 4 post adapters), the included rails are too thick and hit the posts. I could jam them in, but that'd cause them to bow out and obviously won't work.

Never had this issue with my HP servers, or any of my dell servers.Thanks in advanced!

@BRRABill said in Xenserver Space Woes:

@momurda said

In XenCenter, if your Xenserver is up to date with all hotfixes,

Is it the hotfixes, or the XS Tools? I know the tools have to be installed to run some of the stuff. (Like memory.)

Good point. The tools are not up to date. So I'll need to update them tonight, though I am looking at historical data from before I applied SP1 and the other updates.

@momurda said in Xenserver Space Woes:

In XenCenter, if your Xenserver is up to date with all hotfixes, you can use the performance tab in XC on the XS host to measure disk performance (read/write/total iops, queue length for each SR or vd) and you should get accurate results. If you dont have the hotfixes installed, you prob will not get accurate results.

In general longer queue lengths mean the disk can't keep up with what it is being asked to do.
You can also query performance from the cli using iostat.

Cool, I created a graph and added Disk IO Wait and Disk Queue size, but there appears to be no data (the hosts are completely up to date as of this weekend). I do note that on the standard Disk Performance graph there is not too much activity, over the last few days it's topped out at around 0.33MBps.

I guess I'll check in on it over the next few days and see what it looks like, but I don't think I'm having disk performance issues.

I think I may have worked it out. It would appear that the online coalesce for the VM in question keeps timing out on the specific VDI in question (the 6255... one), they go on to say this might be due to heavy load on the storage at the time it tries. I do not think this is the case here, but the suggested solution is to shut it down and do an offline coalesce with the command:

xe host-call-plugin host-uuid=<UUID of the pool master Host> plugin=coalesce-leaf fn=leaf-coalesce args:vm_uuid=<uuid of the VM you want to coalesce>

I am going to try this tonight and see what happens.

A side question: How does one work out: 1. If your storage is too slow? and 2. What is the IOP speed your storage is capable of?

@momurda said in Xenserver Space Woes:

This issue is fascinating.
Here is an article from Citrix, the answer is probably here, though at this time it is a bit over my head.
http://support.citrix.com/article/CTX201296
This discusses coalescing, and reasons for failure and steps to troubleshoot and fix the coalescing issues.
There seem to be 8 possible issues for this happening automatically.
/var/log/SMlog probably has more info about the problem according to this.
Also, are you able to move the SR(which will automatically get rid of ss chains) or export the vm and delete it, then import it?
I also think that any of these solutions require you to have sufficient free space on the SR.

Browsing through /var/log/SMlog does not really show anything obvious. I can see where it is doing some thing with the three VDIs previously mentioned, but it looks like that was a success. Yet I continue to be using 2Tb more than is virtually assigned.

I am going to dig through that support doc you linked and see if I can work anything out.

@Danp said in Xenserver Space Woes:

Can you post the results of xe vdi-list showing both VDIs? I'm wondering if one VDI is acting as a base copy for the other.

Bad? One:

uuid ( RO): 5535a3db-da4f-4211-afa8-077241f63221
name-label ( RW): Staff Home
name-description ( RW): VDI for staff home folders
sr-uuid ( RO): 4558cecd-d90d-3259-7ea5-09478d0e386c
virtual-size ( RO): 2193654546432
sharable ( RO): false
read-only ( RO): true

Good one:

uuid ( RO): 6255caa0-e7d4-4d27-a257-b33aaf3a7507
name-label ( RW): Staff Home
name-description ( RW): VDI for staff home folders
sr-uuid ( RO): 4558cecd-d90d-3259-7ea5-09478d0e386c
virtual-size ( RO): 2193654546432
sharable ( RO): false
read-only ( RO): false

EDIT: Maybe I am barking up the wrong SR-VDI here, since I ran the vhd-util command and got:

vhd=VHD-f832866c-1bb4-48d5-81e7-4dd468b2618b capacity=2,193,654,546,432 size=2,197,689,466,880 hidden=1 parent=none
vhd=VHD-5535a3db-da4f-4211-afa8-077241f63221 capacity=2,193,654,546,432 size=14,424,211,456 hidden=1 parent=VHD-f832866c-1bb4-48d5-81e7-4dd468b2618b
vhd=VHD-6255caa0-e7d4-4d27-a257-b33aaf3a7507 capacity=2,193,654,546,432 size=2,197,945,319,424 hidden=0 parent=VHD-5535a3db-da4f-4211-afa8-077241f63221

That seems to imply that the "good" vdi is a child of the "bad" vdi, which is itself a copy of the base VDI. Which would seem to be "normal" but still, where is that extra 2Tb going? And why can't I free it up?

@DustinB3403 said in Xenserver Space Woes:

You'll have to change the VDI from read-only: true to false before you can edit it.

Is that disk not supposed to be there though?

I am increasingly of the opinion that it should not be there. I have 2 VDIs called "Staf Home" one is the actual VDI connected to the VM, the other is this one. This VDI is also the exact size of the discrepancy in space used and space allocated. But I am completely open to any and all suggestions on how I can confirm that this VDI is in fact just wasted space.