Crack My Head With Tech: 2012

Wednesday, November 7, 2012

Wordpress - Permalink Problem

Copy from sis Salina Blog... :) having same problem and this help me to solve the same problem.
_________________________________________________
Salam,

I've just set up WordPress on my personal FreeBSD server, and now I'm trying to configure permalinks to this format:
/%category%/%postname%

This is not working. I've followed those instructions as well as I can, but it's still not working.

In httpd.conf:

Options FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all

Then,I chmod'ed the .htaccess-file so WordPress could edit the file. The file is now containing this:

# BEGIN WordPress

RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]

# END WordPress

After some reading and checking, I found out that my .htaccess-file is not being read! How to solve this?

From forum I read, he says that "You see AllowOverride None anywhere in your config files?"

So in my httpd.conf, I found it here:

# AllowOverride controls what directives may be placed in .htaccess files.
# It can be "All", "None", or any combination of the keywords:
# Options FileInfo AuthConfig Limit
#
# AllowOverride None
AllowOverride All

I comment the original setting, and set to AllowOverride All.
After restart apache, the permalinks now working like a charm.
Alhamdulillah..

-----------------------------------------------------------------
For Ubuntu - you can do like this..

1. Manually create a ".htaccess" file and save it in your main WordPress directory. (This is the one with the wp-admin, wp-includes, and wp-content folders.)

2. Go to the Ubuntu terminal and type:
sudo chown -v :www-data "/enterYourFilePathHere/.htaccess"
You should see a line printed saying that the (group) file ownership has been changed to www-data (Apache2).

3. Give Apache2 write access to the file:
sudo chmod -v 664 "/enterYourFilePathHere/.htaccess"
You should see a line printed saying that the mode of the file has been retained.

4. Next, we have to allow WordPress to write to the .htaccess file by enabling mod_write in the Apache2 server. Type the following in the terminal:
sudo a2enmod rewrite
You should see a line printed saying that it is enabling mod rewrite and reminding you to restart the web server

5. So let's do that. Restart the web server, Apache2, for the changes to take effect by typing:
sudo /etc/init.d/apache2 restart
We are all done with the command line prompt; you can close the command line window now.

5. Go into your WordPress admin panel (i.e. http://yourDomain/wp-admin). Go to the Settings --> Permalinks and select the permalink format of your choice. Hit the "Save Changes" button.

6. DONE! Go to your site and check any page (other than your homepage) to ascertain that everything is working as expected.

Friday, September 28, 2012

MSSQL Server Installation

Setup SQL server.. refer to http://www.sqlserverclub.com/essentialguides/how-to-install-sql-server-2008-step-by-step-guide.aspx

Tuesday, September 25, 2012

Configuring Hybrid Exchange 2010

First of all we can find Exchange Deployment Assistant
http://technet.microsoft.com/exdeploy2010

There is guideline that you can follow base on your architecture.

ADFS and ADFSP (for single sign on)
Refer to this step : http://onlinehelp.microsoft.com/en-us/office365-enterprises/ff652540.aspx

This is the referrence for cmdlet for office 365:

http://onlinehelp.microsoft.com/en-US/office365-enterprises/hh125002.aspx

Then you can test the SSO authentication at O365 using your AD authentication.

After SSO works, then you can start plan for hybrid exchange 2010.

Here is some image step that give some guidance instead of reading the "Exchange Deployment Assistant".
Ref:
1. http://www.howexchangeworks.com/2012/01/office-365-hybrid-deployment-with-exchange-2010-sp2-part-1.html
2.http://www.howexchangeworks.com/2012/01/office-365-hybrid-deployment-with-exchange-2010-sp2.html
3.http://www.howexchangeworks.com/2012/01/office-365-hybrid-deployment-with-exchange-2010-sp2-part-3.html
4. http://www.howexchangeworks.com/2012/02/office-365-hybrid-deployment-with-exchange-2010-sp2-part-4.html
5. http://www.howexchangeworks.com/2012/02/office-365-hybrid-deployment-with-exchange-2010-sp2-part-5.html

http://www.msexchange.org/articles_tutorials/office-365/exchange-online/using-hybrid-configuration-wizard-exchange-2010-service-pack-2-part1.html

Here is the good reference that you can use for handling this Hybrid Exchange 2010 Migration;
1. http://technet.microsoft.com/en-us/library/hh563847.aspx (hybrid deployment)

2. http://technet.microsoft.com/en-us/library/gg430167 (FOPE connector & Hybrid scenario)

If you have problem during migration, you can get support from the FOPE and O365 engineer by sending Service Request.
1. For O365 Service Request, you can submit at portal o365 admin cpanel, there are button for Service Request.
2. For FOPE Service Request, you can submit at https://support.live.com/default.aspx?productkey=mocpexhome&brand=mocp&&mkt=en-us

Hope all the link could help other user to migrate their mailbox to Office 365. :)

Finally my team successfully go for hybrid exchange o365 :) Thanks to all blogger and technical person who already assist the deployment..

Wednesday, August 8, 2012

Windows 2008: CRM Server Problem - No internet connection after electrical failure shutdown

Case: CRM Server - Cannot remote & No internet connection after electrical failure shutdown

Study case:

One of the components of the Internet connection on your computer is a built-in set of instructions called TCP/IP. TCP/IP can sometimes become damaged or corrupted. If you cannot connect to the Internet and you have tried all other methods to resolve the problem, TCP/IP might be causing it.

Because TCP/IP is a core component of Windows, you cannot remove it. However, you can reset TCP/IP to its original state by using the NetShell utility (netsh).

Recommended solutions:

Logged on to the computer as an administrator.
Type cmd in the Start Search
Type netsh winsock reset at the command prompt, and then press ENTER.
> netsh winsock reset
*Note If the command is typed incorrectly, you will receive an error message. Type the command again. When the command is completed successfully, a confirmation appears, followed by a new command prompt. Then, go to step 3.
Type exit, and then press ENTER.

Thursday, July 19, 2012

SSO make me feel dizzy and crazy

It is already a week I'm try to study about sso. It is not easy for me.. To many thing I should learn.. About the permission, reading logs, cache, backup file.. It is not easy as what I thought. Mmm.. hopefully I could understand xml coding.. That is my most problem in touching up the front page of SSO.

YaAllah.. permudahkan laa.. :)

Monday, July 16, 2012

CAS Jasig in Ubuntu: Login Issue

Copy from salinaitmind.blogspot.com :)
Case: Cannot login to ldap after done configuration in Tomcat6.

Solution steps:

1. Check tomcat log
  # cd /var/log/tomcat6

  # grep -R 443 *   <- to grep all log related to 443 port

2. Check established port
  # netstat -na

3. Check LDAP log whether CAS listen/connected with Tomcat server.
  # tail -f /var/log/debug.log

4. How to check tomcat root folder ?
  # nano /etc/init.d/tomcat6

From this file, you will find that root folder for tomcat in:
  CATALINA_HOME = /usr/share/tomcat6

5. Check the SSL Cert current location. In my case, the cert located in /root/ folder.
The cert should move to tomcat root folder : /usr/share/tomcat6

6. Move the SSL cert folder from /root to   /usr/share/tomcat6/
# cd /root/
# mv cert /usr/share/tomcat6/

7. Change ownership for the cert folder
  # cd  /usr/share/tomcat6/
# chown -R tomcat6:tomcat6 cert

8. Fix the cert path in server.xml configuration file

9. Check the deployerConfigContext.xml for 'authenticationHandlers' setting:
For new version of CAS Jasig, the basedn setting look like this:
  **
  value="cn=%u, ou=people, dc=staff, dc=company, dc=com, dc=my"

In our case, we missed the ou object in the property value.
10. Restart Tomcat Server
  # /etc/init.d/tomcat6 restart

11. Test login again & good luck. Its working in my case!

Thank you to sifoo Saufi .... cayalah.. terbukti pemegang CCNA.

Thursday, July 5, 2012

Cannot start Microsoft Outlook. Unable to open the Outlook window. The set folders could not be opened. The server is not available.

I do have the same problem. I did remove all the profile at first but it doesn't work.

But lucky what I did to solved the problem by using this step :
1. Run Outlook.exe" /resetnavpane
2. Start > Regedit
Locate HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem
Delete the Profiles key under the Windows Messaging (Subsystem) key.
3. Then use CCleaner to remove unwanted regedit.
4. And of course you need to reboot your PC to apply any changes in regedit.

PS: recommended to backup regedit. In my case it works very fine \:)/

Wednesday, June 20, 2012

CAS- Install & Configured CAS Server in UBUNTU

Reference site: https://help.ubuntu.com/community/CentralAuthenticationService

1) Install TOMCAT on Ubuntu

# sudo apt-get update
# sudo apt-get install tomcat6
OR
# sudo aptitude install tomcat6
# sudo apt-get install openjdk-6-jdk

Verify Java Installation
# java -version

check installation done
dpkg --get-selections | grep jdk

2) Install Maven
# sudo apt-get install maven2

3) Optionally you can install maven-ant-helper in case you decide to use Ant to create deployment tasks:

# sudo apt-get install ant
# sudo apt-get install maven-ant-helper

4) Configuring CAS Server Build for Maven.
Get the latest CAS server archive from JASig: http://www.ja-sig.org/downloads/cas
-----------------
# wget http://www.ja-sig.org/downloads/cas/cas-server-3.3.5-release.tar.gz
# tar -xvzf cas-server-3.5.0-RC1-release.tar.gz
# cd cas-server-3.5.0-RC1

5) Edit pom.xml
# cd cas-server-wepapps/
# nano pom.xml

and add this line:

[dependency]
 ${project.groupId}
             cas-server-support-ldap
             ${project.version}
[/dependency]

*Change [ ] to < and > & Save file.

6) Edit server.xml
# nano /var/lib/tomcat6/conf/server.xml

*Make sure you add or enable this

[Connector port="8080" protocol="HTTP/1.1"
               connectionTimeout="20000"
               redirectPort="8443" /]


   [Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
               maxThreads="150" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS" /]

**Change [ ] to < and > & Save file.

7) Run this command in cas-server-3.5.0-RC1/cas-server-webapp directory
# cd cas-server-3.5.0-RC1/cas-server-webapp
# mvn clean package

8) Copy all content from content from cas-server-3.5.0-RC1/cas-server-webapp/target/cas-server-3.5.0-RC1/
# cd cas-server-3.5.0-RC1/cas-server-webapp/target/cas-server-3.5.0-RC1/
# cp -Rp * /var/lib/tomcat6/webapps/ROOT/

9) Restart tomcat service
#service tomcat6 restart
OR
# /etc/init.d/tomcat6 restart

10)Setup SSL (self signed cert) with tomcat
# keytool -genkey -alias tomcat -keyalg RSA -keystore /etc/tomcat6/keystore

* You will be requested for data that will show on your user browser's certificate:
Enter keystore password: abc123
Re-enter new password: abc123
What is your first and last name: Jeremy Atkins
What is your organizational unit: OU
What is the name of your organization: NOYO
What is the name of your city or your locality: MyCity
What is the name of your state or province: Saudi Arabia
What is the two-letter country code for this unit: uk
Is the entered data correct: yes>

11) Edit server.xml again

           [Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"

           maxThreads="150" scheme="https" secure="true"

           clientAuth="false" sslProtocol="TLS" 

           keystoreFile="/etc/tomcat6/keystore" 

           keystorePass="abc123" /]

**Change [ ] to < and > & Save file.

12) Restart tomcat service
# service tomcat6 restart
OR
# /etc/init.d/tomcat6 restart

13) Make sure firewall allow port 8080, 8443, 8009, 389.
Test telnet the port within server sso and ldap through all related port.
# telnet serverip 8443
# telnet serverip 8080
# telnet serverip 8009
# telnet serverip 389

14) ** Test site >> http://serveraddress:8080

15) Configure deployerConfigContex.xml
#/var/lib/tomcat6/webapps/ROOT/WEB-INF

Add this line at   :
----------------------------------------------------------------------------
[bean class="org.jasig.cas.adaptors.ldap.FastBindLdapAuthenticationHandler"]
[property name="filter" value="cn=%u,ou=people,dc=student,dc=contoso,dc=edu,dc=sa" /]
[property name="contextSource" ref="contextSource" /] [/bean]
----------------------------------------------------------------------------

And this line after :
------------------------------------------------------------
[bean id="contextSource" class="org.springframework.ldap.core.support.LdapContextSource"]
[property name="pooled" value="true"/]
[property name="urls"]
[list>
[value]ldap://serverldap_ip/[/value]
[/list]
[/property]
[property name="userDn" value="cn=admin,dc=it,dc=mycompany,dc=com"/]
[property name="password" value="asdfgh"/]
[property name="baseEnvironmentProperties"]
[map]
[entry]
[key]
[value]java.naming.security.authentication[/value]
[/key]
[value]simple[/value]
[/entry]
[/map]
[/property]
[/bean]
-----------------------------------------------------------
**Change [ ] to < and > & Save file.

16) Restart tomcat service
#service tomcat6 restart

17) Allow port 8443 > 443
# nano /etc/sysctl.conf add -> sysctl net.ipv4.ip_forward=1

Run iptable command:
# iptables -t nat -A PREROUTING -p tcp --dport 443 -j DNAT --to-destination serverapps_ip:8443

18) Test site >> http://serveraddress

19) Test Login

-----------------------------------------------------------------------------------
Reference site:

http://rackerhacker.com/2009/11/16/automatically-loading-iptables-on-debianubuntu/
http://stackoverflow.com/questions/2619798/setup-ssl-self-signed-cert-with-tomcat
https://help.ubuntu.com/community/IptablesHowTo

Wednesday, June 13, 2012

Howto-FreeBSD9-CAS-Server

After settled Create New Server + Config IP,hostname

1. Download latest diablo-jdk-freebsd and cp to /usr/ports/distfiles
2. Download latest tzupdater and cp to /usr/ports/distfiles
3. cd /usr/ports/java/diablo-jdk16/ && make install clean
4. cd /usr/ports/www/tomcat6/ && make install clean
5 Install apache22 + Apache Setup
Add: apache22_enable="YES"
tomcat60_enable="YES"

6 Install mod_jk (connector used by appche to connect to servlet container)
7 Configure Apache SSL (HTTPS) - refer to apache documentation

8. Edit /usr/local/etc/apache22/httpd.conf
Change this parameter ->
Listen 80 to Listen 443

9. Make sure this module load at apache start

Enable this in httpd.conf -> LoadModule jk_module libexec/apache22/mod_jk.so

10.Add this in httpd.conf -> Include etc/apache22/mod_jk.conf

11.Create new file
#ee /usr/local/etc/apache22/mod_jk.conf

And add this

JkWorkersFile /usr/local/etc/apache22/workers.properties

JkLogFile /var/log/jk.log
JkShmFile /var/log/jk-runtime-status
JkLogLevel error

Save mod_jk.conf

12.Create new file
# ee /usr/local/etc/apache22/workers.properties
and add this

worker.list=host-name-newsso01

worker. host-name-newsso01.port=8009
worker. host-name-newsso01.host= host-name-newsso01
worker. host-name-newsso01.type=ajp13
worker. host-name-newsso01.lbfactor=1

Save workers.properties

Note : please change all " host-name-newsso01 " with your own server name

13.Edit /usr/local/etc/apache22/extra/httpd-ssl.conf

Disable Listen 443

Add this (bottom of file before )

JkMount /* host-name-newsso01
JkMount /*.jsp host-name-newsso01

Note : please change all " host-name-newsso01 with your own server name

14. cd /usr/local/apache-tomcat-6.0/conf

15. ee server.xml

*Make sure you add or enable this

connectionTimeout="20000"
redirectPort="8443" />

maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" />

save server.xml

16. Edit /etc/rc.conf and add this line if not yet(STEP 5)

apache22_enable="YES"
tomcat60_enable="YES"

save rc.conf

17. Start apache and tomcat

18. Test access tomcat (non secure using http://servername:8080)
then try access secure connection https using https://servername:8080
**Unable to make a secure connection to the server.
This may be a problem with the server or it may be requiring a client authentication certificate that you don't have

CONFIGURE CAS SERVER

1. Install apache MAVEN -

# cd /usr/ports/devel/maven2 && make install clean ; rehash

2. Download latest JASIG CAS Server from http://downloads.jasig.org/cas/ and save in your home directory

3. Extract downloaded CAS Server

For example if latest version is cas-server-3.4.11-release.tar.gz

#tar -xzf cas-server-3.4.11-release.tar.gz

#cd cas-server-3.4.11/cas-server-webapp

#ee pom.xml and add this line

${project.groupId}
cas-server-support-ldap
${project.version}

save file

4.Run this command in cas-server-3.4.11/cas-server-webapp directory

# mvn clean package

5.Run this command in cas-server-3.4.11/cas-server-webapp/target/cas-server-webapp-3.4.11/
Stop apache tomcat

# /usr/local/etc/rc.d/tomcat6 stop

6.Replace all content in /usr/local/apache-tomcat-6.0/webapps/ROOT/ with content from cas-server-3.4.11/cas-server-webapp/target/cas-server-webapp-3.4.11/

# cp -Rp * /usr/local/apache-tomcat-6.0/webapps/ROOT/

:/var/lib/tomcat6/webapps/ROOT (UBUNTU)

7.Edit deployerConfigContext.xml

# ee /usr/local/apache-tomcat-6.0/webapps/ROOT/WEB-INF/deployerConfigContext.xml

make sure you configure this parameter same like this

8.Add this line at :
--------------------------------------------------------------------------------
[bean class="org.jasig.cas.adaptors.ldap.FastBindLdapAuthenticationHandler"]
[property name="filter" value="uid=%u,ou=people,dc=lms,dc=contoso,dc=edu,dc=my" /]
[property name="contextSource" ref="contextSource" /] [/bean]
-------------------------------------------------------------------------------

and put this in ldap server parameter (For lms LDAP)

[value]ldap://xxx.xxx.xxx.xx/[/value]

OR paste this line (For LDAP):
------------------------------------------------------------
[bean id="contextSource" class="org.springframework.ldap.core.support.LdapContextSource"]
[property name="pooled" value="true"/]
[property name="urls"]
[list]
[value]ldap://xxx.xxx.xx.xx/[/value]
[/list]
[/property]
[property name="userDn" value="cn=admin,dc=it,dc=mycompany,dc=com"/]
----------------------------------------------------------------

9. Start apache tomcat

#/usr/local/etc/rc.d/tomcat6 start

10.Create Server Key
http://www.digicert.com/csr-creation-apache.htm

11.Run this command in your home
# openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr

**Check https details/info from current https site - https://sso.contoso.edu.my
Klik dekat lock, view certificate details > subjects

12.Get server key from server.csr
- Open server.csr
- Copy key inside .csr and paste in notepad (make sure only key copied)
________________________________________________________________

(Common Name)CN :*.contoso.sdn.bhd
(Organization)O :Contoso Sdn Bhd (CONTOS)
(Locality) L :Shah Alam
(State) S :Selangor
(Country) C :MY
________________________________________________________________

13.Register/Create New SSL certificate from digicert

- Login Digicert
- Reissue action
- Get duplicate (To get duplicate certificate)
- Paste key from notepad
- Server software : Apache
- Note : New SSO Staff
- Others lets default
- Process

** Wait until u get mail for the new cert(cert.zip)

14.Download cert > Unzip cert > copy to sso server(your home)

15.Create folder certs in apache22

#cd /usr/local/etc/apache22/
#mkdir cert
17. Move all key and cert file to this directory

#cd /home/you/
#mv server.key /usr/local/etc/apache22/cert
#mv DigiCertCA.crt /usr/local/etc/apache22/cert
#mv star_contoso_edu_my.crt /usr/local/etc/apache22/cert

** Make sure all 3 key inside cert folder

-rw-r--r-- 1 root wheel 3858 May 4 02:38 DigiCertCA.crt
-rw-r--r-- 1 root wheel 1679 May 4 02:37 server.key
-rw-r--r-- 1 root wheel 2450 May 4 02:38 star_contoso_edu_my.crt

** After all setting ok, setchmod to 444 for all

18.Configure SSL cert in your server.Edit httpd-ssl.conf

#ee /usr/local/etc/apache22/extra/httpd-ssl.conf

Enable and define right path for this SSL Cert:
____________________________________________________________________________

SSLCertificateFile "/usr/local/etc/apache22/cert/star_contoso_edu_my.crt"
SSLCertificateKeyFile "/usr/local/etc/apache22/cert/server.key"
SSLCertificateChainFile "/usr/local/etc/apache22/cert/DigiCertCA.crt"
____________________________________________________________________________

19.Test Config Apache
#apachectl configtest

20.Enable httpd-ssl-conf in basic apache setting http.conf
#ee /usr/local/etc/apache22/extra/httpd.conf

Include etc/apache22/extra/http-default.conf

21. Stop & Start Apache
#/usr/local/etc/rc.d/apache22 stop
#/usr/local/etc/rc.d/apache22 start

22. Now you should able to access you CAS server
https://servername/login

Done.

How To Connect To Amazon EC2 Linux Instance Using PuTTY Private Key On Windows

When first setting up an Amazon EC2 server, you receive an ssh key to connect to the instance. Example: contoso.pem

Convert Amazon EC2 PEM files to PPK
Open Puttygen, if you dont have puttygen, you can get it for download at http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html

OR use PuTTYgen from WinSCP, go to Windows Start Menu -> All Programs -> WinSCP ->Key Tools -> PuTTYgen

Now click Conversions > Import.
Choose your PEM file that was downloaded from the Amazon EC2 dashboard
Click on Save Private Key and name it something .ppk
Voila, use your ppk to login through Putty to your Amazon EC2 Instance

Use putty to access cloud server

Open PuTTY and enter your host

Select “data” on the left hand side under “auto-login username” enter the user “root”

Select “Auth” on the left hand side then under “private key for authentication” select the .ppk file we just created with PuTTYGen.
Go back to the top(Session) and connect to your instance.

Open putty connection

Thursday, June 7, 2012

Access Cloud

Usually I never care how to access cloud.. but today since sister salina is on leave, so I have to assist bro John.
#sudo su
#password aminah:

Firsty we do remote the cloud using unix server. In my case im using Ubuntu server to ssh the cloud server.

1. Copy contoso.pem to /home/aminah
2. chmod 400 contoso.pem
3. ssh -i contoso.pem ubuntu@xxx-ip-ip-ip-ip.ap-southeast-1.compute.amazonaws.com (this we can get from below step)

step to get command.

Go to amazon (https://console.aws.amazon.com)-> login
EC2 -> instance
right click to the instance -> connect
choose tab Connect with a standalone SSH Client -> copy
ps: the command line is the ssh command in step 2.

done..

If you want to copy, I choose to use reverse copy.

Thursday, May 31, 2012

UBUNTU: Add New Hard Disk in Virtual Server

Case: In Unlicensed vmware

1. Power off the server
2. Right Click on server -> Edit Setting
3. Add New Hard Disk ->  Next > Next
4. Disk Size: 25 GB -> Case for db server(don't click thin provisioning)
5. Specify Datastore ->  Datastore01
6. Next ->  Next ->  Finish -> Ok

** Power on the server back.

How to present/mount New Hard Disk in Ubuntu?
1. To list the HD in server
# fdisk -l /dev/sdb/ ..........
2. To Format the new Hard Disk
# mkfs.ext3 /dev/sdb
# Yes: Y ->  Enter
# cd /
3. To Mount New HD in Ubuntu Server
# mkdir data && mount /dev/sdb/ /data/
# df -h
4. Configure/edit fstab file
# nano /etc/fstab

**Add line under the last row:(Can also refer to existing ubuntu server) /dev/sdb /data/ ext3 noatime 0 0 Ctrl X   ->   Y ->  Enter (to save ->  exit).

Wednesday, May 30, 2012

Storage - DELL equallogic/ modular disk storage

Another revision... May be can be use if I left from this company :) hehehe..

What is the different between Equallogic and MD ? Equallogic got space and CPU while MD got only space...

Equallogic designed to meet the performance and availability needs of virtualization environments in medium to large enterprises. These virtualized iSCSI storage area networks (SANs) combine intelligence and automation with fault tolerance to provide simplified administration, enterprise performance and reliability, and seamless scalability.

MD can simplify IT by optimizing your data storage architecture and ensuring the availability of your data. This frees up valuable resources to help make innovation a daily practice.

Storage - NetApss

Some revision :)

Term in storage :

1. NAS - Network attach Storage

2. DAS - Direct attach Storage

3. SAN - Storage attach Network

3 types of hardisk that I know :

1. SATA - Serial AT attachment

2. SSD - SSD - Solid state drive -> yang ni lg laju tapi mahal

3. SAS - Serial attach SCSI -> yang nih capacity besar... nih kita biasa guna.

iSCSI - internet Small Computer Software Interface

If you are using windows server 2003, you need to install Ascsi initiator.(download first).

Initiate iSCSI

General

copy -> initiator node name (iqn...)

Discovery

add target portal -> ip netapps

NetApss

initiator groups

Manage

add initiator groups

groupname : PM-S-CONTOSO
type : iSCSI
OS : Windows (or any OS)
Initiator : initiator route name (iqn...)
add

check manage

Volumes

add new volumes
new -> flexible
volume image : CONTOSOvol01
language : posix
UTF-8 -> disable
next -> content agregate + left
next -> total size

volume size -> ____ Gb
snapshot -> reserve 10%
next -> commits

Manage

LUN (logical unit number)

add LUN
path -> vol/CONTOSOvol01/CONTOSOlun01
lun protocol -> windows
description -> apa2 laa..
size -> smaller than volume size
unit : ___Gb
space reserved (tick)
Manage (map group)

map
LUN ID : 01
add group to map

PM-S-CONTOSO
done

Server CONTOSO

my computer -> manage
computer management

disk management

rescan disk
initial disk (tick)

Thin provision : not recommended to use for database server.

Tuesday, May 22, 2012

apache cannot restart because of libphp5.so

I've got this error after upgrading apache from apache-2.2.19 to 2.2.22_5

Performing sanity check on apache22 configuration:
httpd: Syntax error on line 104 of /usr/local/etc/apache22/httpd.conf: Cannot load /usr/local/libexec/apache22/libphp5.so into server: Cannot open "/usr/local/libexec/apache22/libphp5.so"
Starting apache22.
httpd: Syntax error on line 104 of /usr/local/etc/apache22/httpd.conf: Cannot load /usr/local/libexec/apache22/libphp5.so into server: Cannot open "/usr/local/libexec/apache22/libphp5.so"

It is resolved after I upgrade the php....

My Cluster Crash :(

Ok.. today is my bad day.. This is the first time that my snapshot doesn't work... You know why??? It is because the server is cluster.. We cannot simply revert your snapshot for cluster server.

What you should do actually you should copy the folder and move to the current server. This is for moodle application.

WARGH...keja dah aaa menimbun.. tambah lg satu masalah.. :( sedih... Tapi, it is a process of learning... Go shariha go..

Wednesday, May 9, 2012

Upgrade Moodle 2.1 to 2.2

Okay.. waiting for snapshot VM..

Then keep reading... lalala..

http://docs.moodle.org/22/en/Upgrading_to_Moodle_2.2

Do a full database backup!
Do a full moodledata backup
Check your backups carefully

ok.. done all backup thing..

now.. do the step.. copy current moodle to moodle.old

Then.. copy new moodle to current path.

Take config.php old one.. to new moodle.

Then.. go to admin page.. Follow upgrade instruction.

Problem

1. Coding changes that already made in old version should be recheck again.

Solution

1. Developer have to use CVS may be or other tool to check the different in the new code.

Restore Image In Lab

Today we are testing to broadcast an image to multiple PCs. In this case my sifu show our team member how to use clonezilla (Clone and restore OS over network). There will be 1 server which will save the image where we use mode clonezilla-save-disk. The image is come from 1 PC which already install with OS and other default application.

Check clonezilla-start by "space" key, various modes will be shown:
clonezilla-save-disk: clonezilla save disk mode
clonezilla-restore-disk: clonezilla restore disk mode
clonezilla-save-parts: clonezilla save partitions mode
clonezilla-restore-parts: clonezilla restore partitions mode

Then, the PC that we want to clone need to talk via network with the server.

After finish.. We choose clonezilla-restore-disk. Here we can choose either to make it multicase, unicast or broadcast.

In this testing we manage to restore 2 PCs in 4 minutes via network.

Well done.. The step is already simplified... Choose default setting... :)

Read more here..

There will be more testing where we can Automatically set hostname, group and SID of cloned Ms Windows Machine .

http://www.drbl-winroll.org/

Monday, May 7, 2012

Reverse Copy

I nearly forget about reverse copy. Yasterday sis Salina have problem to copy file for Server Source to Server Destination.

Here is the way where we can pull the data ( reverse copy )
Normal copy ( copy command at source server ) source -> destination
Reverse copy ( copy command at destination server ) destination <- source

For example you want to copy DATA from Server S (source) to Server D (destination):

Normally at Server S
# scp /path/to/DATA aminah@ipServerD: -> file akan ada kat home/aminah/
# scp /path/to/copyDATA aminah@ipServerD:/path/to/save/ -> file akan ada kat /path/to/save/

But for reverse copy, we copy DATA to our home at server S.
-> so at server S we have /home/aminah/DATA

At Server D
# scp aminah@ServerS.contoso.com.my:DATA ./

Reverse SCP for amazon
#scp -i mykey.pem root@ec2-184-73-72-150.compute-1.amazonaws.com:/file/path/filename ./

./ -> mean current directory

Normal SCP for amazon
#scp -i mykey.pem filename root@ec2-184-73-72-150.compute-1.amazonaws.com:/path/to/save/

hehehe... done..

Upgrade Exchange 2010 SP1

Ok.. today I have to review all important thing for upgrading Exchange 2010 to SP1... I really hate in upgrading microsoft product since there will be a lot of forum and blog that I need to read to solved minor problem.. From my reading I should not only upgrade to SP1 but also SP2 since there are bugs already resolved in SP1... Ok.. time to read and later will update you the outcomes..

Peace... :)

Thursday, May 3, 2012

Setup SSL Server - Apache SSL

First of all, I would like to give full of thanks to Bro Saufi for transferring this knowledge :)

Ok.. Here we already subscribe Digicert.. You can choose any SSL certificate provider such as www.verisign.com, www.godaddy.com and etc...

There is wildcard cert and standart cer.. Later I will discuss on this issues. In this case, we are using wildcard cert where the cert will start with *.contoso.com

A) SSL Certificate CSR Creation
ref : http://www.digicert.com/csr-creation.htm

Before you can order your SSL Certificates, you must first generate a CSR (Certificate Signing Request) on your server:

Distinguished Name or DN

The Country (C) is a two-digit code -- for the United States, it's 'US'. For countries outside of the United States, see our listing of SSL Certificate Country Codes.
State (S) and Locality (L) are full names, i.e. 'California', 'Los Angeles'.
The Organization Name (O) is your Full Legal Company or Personal Name, as legally registered in your locality.
The Organizational Unit (OU) is whichever branch of your company is ordering the certificate such as accounting, marketing, etc. -nil-
The Common Name (CN) is the Fully Qualified Domain Name (FQDN) for which you are requesting the ssl certificate. (*.contoso.com.my)
email - nil ; password -nil

B) OpenSSL CSR Creation for Apache SSL
1. Login to your server via your terminal client (ssh).
At the prompt, type:
# openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr
where server is the name of your server.

You will get 2 files :
1. server.csr - this will be used/ copy to digicert
2. server.key - this will be used in client server. Put this files same path as stated in ee /usr/local/etc/apache22/extra/httpd-ssl.conf (search for : SSLCertificateKeyFile "/usr/local/etc/apache22/path/server.key")

C) Reissues Action
- applicable if we use wild card registration
1. Get duplicate

Enter Your CSR

paste key file server.csr (we get from before step)

Select Your Server Software

eg: Apache, IIS Microsoft, etc..

Note

purpose of server as note

Click Button Process

proceed the step

2. Then wait to download the files or you can received it through email notification. ( You will get zip files content : star_contoso_com_my .crt DigiCertCA.crt and INSTALL_INSTRUCTIONS.txt

SSLCertificateFile /your/path/to/star_contoso_com_my.crt
SSLCertificateKeyFile /your/path/to/star_contoso_com_my.key
SSLCertificateChainFile /your/path/to/DigiCertCA.crt

3. Check apache configuration
# apachectl configtest

4. Check httpd.conf
# ee /usr/local/etc/apache22/httpd.conf

uncomment
# Secure (SSL/TLS) connections
Include etc/apache22/extra/httpd-ssl.conf

5. Stop & Start Apache
#/usr/local/etc/rc.d/apache22 stop
#/usr/local/etc/rc.d/apache22 start

6. Now you should able to access you CAS server

https://servername/login

Done.

Wednesday, April 25, 2012

Configure sendmail as a smart host

Smart host is very handy if you are on dial up network or sometimes a host finds mail that it is unable to deliver directly to the desired remote host.
http://www.cyberciti.biz/faq/configure-sendmail-as-a-smart-host/

1. Install send mail (UBUNTU) -> kalu freebsd dah siap install...
#apt-get install sendmail
...bla...bla..
sendmail (y)..
..bla..bla..

2. Create file sendmail.mc
#cd /etc/mail
#nano sendmail.mc

3. Tambah command kat bawah ...features...
define('SMART_HOST','smtp.net4india.com')

4.Replace smtp.net4india.com with your actual smtp server address. If line contains word, dnl remove the dnl word. Regenerate a new sendmail.cf config file with m4 command:
# m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf

ckp sifu; .cf nih autorun.. bahaya kalu edit .cf file nih.. sbb kalu .cf nih ubah ada extra space.. nnti dia akan jd lain...

5.Restart sendmail service:
# /etc/init.d/sendmail restart

...kata sifu.. senang jerk.. pastu gelak2.. huhuhu.. kena byk blaja lg nih..

Tuesday, April 24, 2012

UBUNTU - Check Network Interface Usage

How to check network interface usage?

Open Ubuntu servern and run this command.
# vnstat -u -i eth0
# vnstat

Move / Copy files with exception in UNIX.

The syntax :
mv [!filename]* target.
ie:
In directory "y" you have these files :
-rw-r--r-- 1 sirap sirap 0 2010-03-25 11:40 1
-rw-r--r-- 1 sirap sirap 0 2010-03-25 11:40 2
-rw-r--r-- 1 sirap sirap 0 2010-03-25 11:40 3
-rw-r--r-- 1 sirap sirap 0 2010-03-25 11:40 4

You want to move all files except file "4" to directory "z".
The syntax should look like this :
# mv [!4]* ../z/ Done.

SUDO on Freebsd / Linux

as root install
sudo located at /usr/ports/security/sudo
make configure
make && make install

edit conf at
ee /usr/local/etc/sudoers

example and edit :
# Runas alias specification

#User privilege specification
root ALL=(ALL) ALL
kenan ALL=(www) ALL

note :

This Sudo command limits the user's power on the basis of the configuration made on the file "/etc/sudoers".
Generally in default case you might see something like this:

root ALL=(ALL) ALL
Above, you can see ALL 3 times. But what does it mean?
The first ALL: Run from any(all) host
The Second ALL: From any Terminal
The third ALL: Can Run any command

example :
usename ALL=(group) ALL

** note : !/usr/bin/su (this will prevent user to sudo su)

General sudoers File Record Format
usernames/group servername = (usernames command can be run as) command

How To Change New HD in DELL PECL 5i

Kalaulah ditakdirkan korang punya salah satu harddisk (HDD) rosak...pastu nak replace (kalau korang pakai RAID 5 -Dell Perc5i la..)..alih2 RAID kata degraded...(x jumpa hdd baru tu)...cuba rebuild, x boleh2...cuba force online pun, x boleh2...ha..ni aku nak kongsi pengalaman aku..
Sepatutnya hdd baru boleh di rebuild automatically...aku pun x tahu kenapa...mungkin boleh rujuk kat sini : [1]

Anyway...apa yang aku buat...(ikut pendapat mamat Dell yg reply kat link atas tu la pun), assign hdd baru sebagai HotSpare dulu...pastu dia akan rebuild sendiri tanpa hilangkan data kat hardisk lain (hopefully la). Tunggu la dia rebuild...berjanggut ooo...bergantung pada server tu sendiri.
dah settle...reboot...dah siap...
Reference : http://lists.us.dell.com/pipermail/linux-poweredge/2006-November/028538.html

copied from sifu sirap :)

Add user as sudoer

1. Open Unix Server

2. Login as root (sudo su)
Type command:

# setenv EDITOR ee
# visudo

3. Add within this line to add new sudoer:
## User privilege specification
root ALL=(ALL) ALL
hassan ALL=(ALL) ALL

Press ESC to save & exit.
Done.

==========================================

=============================

Set sudoer permission in admin group:

# nano /etc/group

Change/Add admin
*admin: name1, name2, name3

Ctrl X > Y > Enter

Done.. :)

Tuesday, April 17, 2012

AD MASTER CORRUPTED

We can use this command to list the FSMO roles holder:
C:\Netdom Query

FSMO The 5 roles:

Schema Master: Used to introduce manual and programmatic schema updates, and this includes those updates that are added by Windows ADPREP /FORESTPREP, by Microsoft Exchange, and by other applications that use Active Directory Domain Services (AD DS). - Must be online when schema updates are performed. (which in my case when I wanted to promote the new DC in to the existing domain it was unable because the DC was holding the Schema master was offline).
Domain Naming Master: Used to add and to remove domains and application partitions to and from the forest. -Must be online when domains and application partitions in a forest are added or removed.
Primary Domain Controller: Receives password updates when passwords are changed for the computer and for user accounts that are on replica domain controllers. -Consulted by replica domain controllers that service authentication requests that have mismatched passwords. -Default target domain controller for Group Policy updates. -Target domain controller for legacy applications that perform writable operations and for some admin tools. -Must be online and accessible 24 hours a day, seven days a week.
RID: Allocates active and standby RID pools to replica domain controllers in the same domain. -Must be online for newly promoted domain controllers to obtain a local -RID pool that is required to advertise or when existing domain controllers have to update their current or standby RID pool allocation.
Infrastructure Master: Updates cross-domain references and phantoms from the global catalog.

You can see that all masters are binding to the corrupted server and you cannot change the operation master since it could not be contacted.

What you can do is using ntdsutil command. (use this ref : http://www.vishalvasu.com/finding-fsmo-roles-using-ntdsutil/)

Step #1: On any Domain Controller, click Start. In the Run command type CMD and hit Enter. You will be taken to the good old command prompt window (DOS were the days). Type ntdsutil and hit Enter.

Step #2: You shall see the screen with ntdsutil: prompt. Since we want to find out the roles, type roles and hit Enter. Notice that the prompt now changes to show fsmo maintenance:. Now is a good time to get more HELP on the list of available commands.

Step #3: On the fsmo maintenance: prompt, type ? and hit Enter. Right-click in the Window, mark and copy them. Paste the clipboard in to Notepad for easy reference.

Step #4: Type connection and press Enter. This will show a prompt with server connections:. Type connect to server (replace and press Enter.

Step #5: Once we are connected to the Domain Controller, type q to return back to the fsmo maintenance prompt. Now type, select operation target and then press Enter. Notice that the prompt changes to select operation target:.

Step #6: At the select operation target prompt, type list roles for connected server and press Enter. This would list all the FSMO roles for that Domain Controller. To get out of the ntdsutil, type q until you are back to the good old DOS prompt. Then, if the master server are permenantly offline use seize command (ref: http://www.petri.co.il/seizing_fsmo_roles.htm) . If the master server still online ; you can user transfer command to moving the 5 FSMO roles while both the original FSMO role holder and the future FSMO role holder are online and operational.

This table has the info:

FSMO Role	Loss implications
Schema	The schema cannot be extended. However, in the short term no one will notice a missing Schema Master unless you plan a schema upgrade during that time.
Domain Naming	Unless you are going to run DCPROMO, then you will not miss this FSMO role.
RID	Chances are good that the existing DCs will have enough unused RIDs to last some time, unless you're building hundreds of users or computer object per week.
PDC Emulator	Will be missed soon. NT 4.0 BDCs will not be able to replicate, there will be no time synchronization in the domain, you will probably not be able to change or troubleshoot group policies and password changes will become a problem.
Infrastructure	Group memberships may be incomplete. If you only have one domain, then there will be no impact.

The following table summarizes the FSMO seizing restrictions:

FSMO Role	Restrictions
Schema	Original must be reinstalled
Domain Naming
RID
PDC Emulator	Can transfer back to original
Infrastructure	Can transfer back to original