月度归档:2019年06月

How to Install Windows on RAID 5 with Drives Larger than 2TB

发表评论

Setting Up the PERC with the DISKPART Tool for Windows Install

Note: How to set up Dell PowerEdge RAID Controller H310 cards on a Precision workstation

This type of RAID array requires a partition using a GUID (Globally Unique Identifier) Partition Table (GPT) to work properly for Windows in UEFI BIOS mode. Windows Setup, however, does not support making a GPT partition in the standard setup dialogue. Diskpart from the Command Prompt must be used to create a GPT partition to allow setup to see the RAID partition and continue setup.


Figure 1

  1. Start the install, and load the PERC H310 drivers via the OS “Load Diver” function. After the driver is loaded the RAID volume will appear in the install to device list (Figure 1).
  2. Press Shift+F10 to bring up a Command Prompt window.
  3. Type DISKPART and press Enter to enter the DISKPART tool. Enter the commands in the following steps as shown in bold and press enter.
  4. DETAIL DISK – This shows a list of volumes seen by the system. Make note of the Volume number for the RAID array.
  5. SELECT DISK=X – X will be the Volume number of the RAID shown in the detail disk report.
  6. CLEAN – Clears the partition information.
  7. CONVERT GPT – Sets the partition to GPT.
  8. EXIT – Exits DISKPART.
  9. Exit the Command Prompt window.
  10. The full RAID volume should show in the device list.
  11. Complete the remainder of the installation process normally. The RAID volume should show as “Windows Boot Manager” in UEFI.

If this was completed correctly, the system should boot normally in UEFI BIOS mode, and allow Windows to install.

Note: More info on Windows Support for Disks with Capacity Greater than 2TB

Configure IIS to listen on specific IPs

发表评论

By default IIS will listen for connections on port 80 for any IP bound to the server. This happens even if there are no host headers or bindings set for a specific IP. This can be a problem when trying to run multiple web servers on port 80.

To set IIS to listen on specific IPs follow the instructions below.

Windows Server 2003/IIS 6:

1. This requires the Server 2003 support tools. If this is not already installed it can be downloaded here.

2. Once installed open a command prompt and navigate to the support tools installation folder (default is C:\Program Files\Support Tools).
cd C:\Program Files\Support Tools

3. Stop http.
net stop http /y

4. Use this command to display the current list of IPs:
httpcfg query iplisten

5. By default it will listen on all IPs (0.0.0.0) so we can remove this.
httpcfg delete iplisten -i 0.0.0.0

6. Specify the IP(s) that IIS should listen on. Make sure to update 127.0.0.1 to the desired IP and run the command for each IP IIS should listen on.
httpcfg set iplisten -i 127.0.0.1

7. Start http and test out your sites.
net start http

Windows Server 2008/IIS 7:

1. Open a command prompt and type “netsh”.
netsh

2. Type “http”.
http

3. Enter the following command to display the current list of IPs to listen on. Note if no IPs are displayed like in the below image, IIS will listen on all IPs (default).
show iplisten

4. Use the command below to set IIS to listen on a specific IP. Make sure to replace 127.0.0.1 with the correct IP and run the command again for any additional addresses.
add iplisten ipaddress=127.0.0.1

5. In case you need to delete an IP from this list, use the following command.
delete iplisten ipaddress=127.0.0.1

6. Restart IIS to apply these changes.
iisreset

IIS listening 127.0.0.1 instead 0.0.0.0

I use command:

netsh http show iplisten

and saw 127.0.0.1 in listening list. (But I didn’t add it manually). So I delete it and add 0.0.0.0 instead.

netsh http delete iplisten ipaddress=127.0.0.1

netsh http add iplisten ipaddress=0.0.0.0

Then I restarted iis server.

SSL certificates on Sites with Host Headers

发表评论

Source:https://blogs.iis.net/thomad/ssl-certificates-on-sites-with-host-headers

Today I got the following question:

“I have two sites (siteV1.mysite.com and sitev2.mysite.com). They listen on the same IP address and port. We generated a certificate for siteV1.mysite.com and SSL is working properly. The problem is that some of our customers use siteV2.mysite.com and they are getting certificate errors. What’s the problem?”

Here is the issue:

There are three pieces of data to uniquely identify an IIS site:

  • The IP address
  • The Port
  • The Host name which HTTP 1.1 clients send as an HTTP request header. 

This IP:Port:Hostname triplet is called a binding. The binding “192.168.1.192:80:myserver” for example represents a site that listens on IP address 192.168.1.192, port 80, host-header myserver

The very first things IIS (HTTP.SYS to be more precise) does when a request comes in is to read the site’s configuration. Connection limits and timeouts are examples of site configuration. The site binding is used to find the right site configuration. The SSL certificate seems to be another great example of site configuration – the SSL certificate is needed to decrypt the encrypted SSL data coming from the client.

And the IIS User Interface certainly makes it appear as if the SSL certificate would be site configuration, too – doesn’t it? In reality however you can’t bind a SSL certificate to a site. The IIS UI is fooling you. But why? 

It’s a chicken and egg problem: The host name is encrypted in the SSL blob that the client sends. Because the host name is part of the binding IIS needs the host name to lookup the right certificate. Without the host name IIS can’t lookup the right site because the binding is incomplete. Without the certificate IIS can’t decrypt the SSL blob that contains the host name. Game over – we are turning in circles. 

What IIS does under the covers is to ignore the host name. IIS binds the certificate to IP:Port and warns you when you try to bind a certificate to the same IP:Port combo with different host names. 

But there is a way if you need two different sites on the same IP:Port. You can accomplish this by getting a certificate that contains both common names, i.e. sitev1.mysite.com and sitev2.mysitem.com. Cert Authorities usually allow more than one so called “common names” in a certificate. By binding the certificate to one of the two sites you won’t not get certificate errors anymore. The client is happy if one of the names in the certificate matches. 

But there is another caveat: you can’t use the IIS7 User Interface to add a host header to an SSL site binding. You have to use command-line tools, do it programmatically or edit applicationhost.config directly. Here is an example and a link how you can it via command-line:

appcmd set site /site.name:”MySite V2″ /+bindings.[protocol=’https’,bindingInformation=’*:443:sitev2.mysite.com’]

And last but not least: with IIS7 you can use the following command to figure out what certificate is bound to a particular IP:Port combination:  
netsh http show sslcert

This command will show the IP:Port binding but also some other SSL settings.

Zabbix通过Smokeping检测网络质量并告警

发表评论

(一)Smokeping概述
(1) Smokeping是一款用于网络性能监测的开源监控软件,主要用于对IDC的网络状况,网络质量,稳定性等做检测,通过rrdtool制图方式,图形化地展示网络的时延情况,进而能够清楚的判断出网络的即时通信情况。

(2)SmokePing的特点
SmokePing keeps track of your network latency:
Best of breed latency visualisation.(最佳图形展示功能,延时丢包等可以很直观的可视化展现)
Interactive graph explorer.(交互式浏览器图表)
Wide range of latency measurement plugins.(丰富的网络状况测量插件)
Master/Slave System for distributed measurement.(支持主从的分布式部署模式)
Highly configurable alerting system.(自定义报警功能)
Live Latency Charts with the most ‘interesting’ graphs.(漂亮、免费、开源)
Free and OpenSource Software written in Perl written by Tobi Oetiker, the creator of MRTG and RRDtool

(二)技术概述
使用zabbix通过smokeping来检测网络质量zabbix官方论坛有推荐,可以登陆查看下,具体地址如下:https://www.zabbix.com/forum/showthread.php?t=31147
技术关键点有三点:
1,zabbix-trapper:这是一种数据传递方式,不同于zabbix-agent,这种方式定义的item需要使用zabbix-sender来发送数据给zabbix-server

2,zabbix-sender需要的参数:

-z - 指定zabbix server的IP
-p - 指定zabbix server的端口,默认为10051
-s - 指定目标主机,主机名必须是配置中的hostname而不是visible name,切记
-k - 指定key,我们定义的trapper的key,这边便是我们前面定义的trap
-o - 指定要传递的数据

3,使用fping探测各节点丢包率

fping的参数:
-b ping包大小
-c ping的次数   
-p ping间隔,单位ms

(三)具体步骤

(一)在zabbix_server端的配置
1,放开zabbix_server.conf中ExternalScripts的配置并设置为:ExternalScripts=/usr/local/zabbix/externalscripts

[root@localhost externalscripts]# vim /usr/local/zabbix/etc/zabbix_server.conf

### Option: AlertScriptsPath
#       Full path to location of custom alert scripts.
#       Default depends on compilation options.
#
# Mandatory: no
# Default:
# AlertScriptsPath=${datadir}/zabbix/alertscripts
 AlertScriptsPath=/usr/local/zabbix/alertscripts

### Option: ExternalScripts
#       Full path to location of external scripts.
#       Default depends on compilation options.
#
# Mandatory: no
# Default:
# ExternalScripts=${datadir}/zabbix/externalscripts
ExternalScripts=/usr/local/zabbix/externalscripts

2,把zabbix官方推荐的脚本放到ExternalScripts=/usr/local/zabbix/externalscripts/目录下,http://www.mbs-it.pl/inne/zbxsmokeping

[root@localhost externalscripts]# cat zbxsmokeping
#!/bin/bash
# Where is your zabbix server
ZBXSERVER=172.20.66.110
# where is fping tool?
FPING=/usr/sbin/fping
# where is zabbix_sender tool?
ZBXSENDER=/usr/local/zabbix/bin/zabbix_sender
# Where to send ping
IP=$1
# How many ping to send
COUNT=$2
# What interval between ping [ms]
INTERVAL=$3
# How many bytes in one ping
BYTES=$4
# 'Hostname' of the host which will collect data
HOSTNAME=$5

if [ $# -lt 5 ]
 then
     echo
     echo " Not enough parameters"
     echo " Usage: zbxsmokeping <HOST_IP> <NUMBERS_OF_PINGS> <INTERVAL> <BYTES> <TO_WHICH_HOST_SEND_DATA_IN_ZABBIX>"
     echo " Zabbix External Check Item ex.: zbxsmokeping[{HOST.IP},6,1000,68,{HOST.HOST}]"
  exit 2
fi
# debug
# echo $FPING -b $BYTES -c $COUNT -q -p $INTERVAL $IP 2>&1

OUTPUT=`$FPING -b $BYTES -c $COUNT -q -p $INTERVAL $IP 2>&1 | awk '{print $5,$8}' | tr -d "%|," | tr -s " " "/" | awk -F"/" '{print $3,$4,$5,$6}'`
tab=( $OUTPUT )
# debug
#echo $ZBXSENDER -z $ZBXSERVER -p 10051 -s $HOSTNAME -k SmokLoos -o ${tab[0]}
#echo $ZBXSENDER -z $ZBXSERVER -p 10051 -s $HOSTNAME -k SmokLatencyMin -o ${tab[1]}
#echo $ZBXSENDER -z $ZBXSERVER -p 10051 -s $HOSTNAME -k SmokLatencyMax -o ${tab[3]}
#echo $ZBXSENDER -z $ZBXSERVER -p 10051 -s $HOSTNAME -k SmokLatencyAvg -o ${tab[2]}

$ZBXSENDER -z $ZBXSERVER -p 10051 -s $HOSTNAME -k SmokLoos -o ${tab[0]}  -v | grep "Failed 1"
$ZBXSENDER -z $ZBXSERVER -p 10051 -s $HOSTNAME -k SmokLatencyMin -o ${tab[1]} -v | grep "Failed 1"
$ZBXSENDER -z $ZBXSERVER -p 10051 -s $HOSTNAME -k SmokLatencyMax -o ${tab[3]} -v | grep "Failed 1"
$ZBXSENDER -z $ZBXSERVER -p 10051 -s $HOSTNAME -k SmokLatencyAvg -o ${tab[2]} -v | grep "Failed 1"
echo 1

3,给该脚本执行权限,并重启下zabbix_server服务。

[root@localhost externalscripts]# chmod +x zbxsmokeping

[root@localhost externalscripts]

# ll zbxsmokeping -rwxr-xr-x 1 root root 1649 Dec 27 17:38 zbxsmokeping

[root@localhost externalscripts]

# /etc/init.d/zabbix_server restart

至此zabbix_server端配置完成。

Zabbix通过Smokeping检测网络质量并告警
Zabbix通过Smokeping检测网络质量并告警

(二)在浏览器端配置。
1,把官方推荐的模板导入进来,http://www.mbs-it.pl/inne/zbx_export_templates_smokeping.xml

2,把模板链接到需要检测网络质量的站点上

Zabbix通过Smokeping检测网络质量并告警

至此zabbix通过smokeping监控网络质量完成。