Author: Chris Bradford

Categories
Performance

ESX 4.X : Increased RAM use on Intel EPT Enabled Processors

 

Why does memory utilisation appear higher on ESX 4.X when using Intel EPT Enabled Processors?

 

There is an simple reason why memory usage on your ESX 4.X boxes looks higher than on 3.5; ESX3.5 doesn’t support Intel EPT for HW MMU this is why you’ve not seen this in ESX 3.5. Had you been running AMD RVI capable processors you’d have encountered this with an upgrade from 3.0 to  3.5; ESX 4 was the first ESX platform to support Intel EPT; http://www.vmware.com/files/pdf/software_hardware_tech_x86_virt.pdf

 

Interpretation of esxtop counters is key here, counters we’re interested in:

·         “GRANT” (the amount of physical memory granted to a VM/pool)

·         “SHRD” (the shared portion of  “GRANT”.)

·         “SHRDSVD” (estimated saving due to TPS)

·         “COWH” (indication of memory which can be reclaimed by TPS)

 

When using Intel EPT – http://www.vmware.com/pdf/Perf_ESX_Intel-EPT-eval.pdf  – (or AMD RVI) and where a VM supports HWMMU the ESX kernel will use 2MB pages instead of 4KB pages. On these VM’s you will see low values for SHRD/SHRDSVD.

 

HWMMU is supported on all versions of Windows from 2003 onwards; it is also the default setting for VM’s running these operating systems on hardware that supports Intel EPT; http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1020524

 

 

How can we interpret memory usage on ESX 4.X when using HWMMU?

 

Using esxtop you will find that Linux based VM’s will have high values for SHRD/SHRDSVD, this is because they do NOT use Intel EPT and therefore do not use HWMMU. As MMU is virtualised (software) small pages are used which play nicely with TPS. Windows 2003+ VM’s will use HWMMU and therefore will use large pages.

 

You can check the HWMMU status of a VM by checking the vmware.log and looking for “HV Settings” –look at the value for “virtual mmu” if ‘software’ the VM is not using HWMMU (Intel EPT) if ‘hardware’ it is.

 

Large Page support can be disabled (therefore forcing TPS to work regardless of contention), but there is a CPU performance impact (not massive to be fair but mileage may vary on this). At the end of the day TPS will kick in a claim back memory (significant amounts – http://vmnomad.blogspot.com/2011/08/shared-memory-effectiveness-of.html) at 94% used.

  

I hope this makes sense and sheds some light on why the ESX 4 boxes appear to be using more RAM.

Categories
Exchange Server 2003

Exchange 2003 : Manual Log File Cleanup

Exchange 2003 : Manual Log File Cleanup

1) Stop Affected Databases
2) Check Database State;
             Execute: eseutil /MH “<filename>.edb”
             Execute: eseutil /MH “<filename>.stm”

 Check Value of ‘State’ for both – should be Clean Shutdown or Consistent state

 Check Value of ‘ Log Required’ if 0-0 then no logs are required to start the DB,
 otherwise it will tell you the log range required to start the DB.

You can safely remove all the numbered log files that are less than the lowest entry in any Log Required field for any database in the storage group. Remember to move, not delete, the log files. Remember, the most recent logfile will be the prefix, i.e. E00.log as a result the last log in ‘Log Required’ may not exist.

Categories
Windows Server 2003

NAPP : iSCSi Initiator and Snap Server Replacement

NAPP : iSCSi Initiator and Snap Server Replacement

 

Snap Server can have IP address set to 10.10.10.10 by holding down the reset button whilst powering on.

 

Once configured ensure GuardianOS is upgraded to the most recent entitlement.

 

To reconfigure the backup server (normally XX0015.eu01.apmn.org)

  1. Load Microsoft iSCSI initiator
  2. Remove all iScsi Targets under Persistent Targets
  3. Go to Targets > Refresh
  4. Highlight the new Target > Logon > Tick Automatically Restore This Connection
  5. Under Disk Management Partition & Format the drive:
      500GB Drive I:\ ‘Daily Backups’
      Remaining Drive W:\ ‘Weekly Backups’
  6. Verify the Backup Software paths are correct for the Backup to Disk targets.
Categories
Exchange Server 2010

Exchange 2010 : Export-Csv EmailAddressPolicies by Priority

Exchange 2010 : Export-Csv EmailAddressPolicies by Priority

Use the following Exchange Shell command to export EmailAddressPolicy information, yes this is a large command in order to join all of the multi-string values together:

{code lang:xml showtitle:false lines:false hidden:true}Get-EmailAddressPoicy | select-object name,priority,RecipientFilter,RecipientFilterType,IncludedRecipients,EnabledPrimarySMTPAddressTemplate,Enabled,@{name=’ConditionalDepartment’;Expression={[STRING]::JOIN(";",($_.ConditionalDepartment))}},@{name=’ConditionalCompany’;Expression={[STRING]::JOIN(";",($_.ConditionalCompany))}},@{name=’ConditionalStateOrProvince’;Expression={[STRING]::JOIN(";",($_.ConditionalStateOrProvince))}},@{name=’ConditionalCustomAttribute1′;Expression={[STRING]::JOIN(";",($_.ConditionalCustomAttribute1))}},@{name=’ConditionalCustomAttribute2′;Expression={[STRING]::JOIN(";",($_.ConditionalCustomAttribute2))}},@{name=’ConditionalCustomAttribute3′;Expression={[STRING]::JOIN(";",($_.ConditionalCustomAttribute3))}},@{name=’ConditionalCustomAttribute4′;Expression={[STRING]::JOIN(";",($_.ConditionalCustomAttribute4))}},@{name=’ConditionalCustomAttribute5′;Expression={[STRING]::JOIN(";",($_.ConditionalCustomAttribute5))}},@{name=’ConditionalCustomAttribute6′;Expression={[STRING]::JOIN(";",($_.ConditionalCustomAttribute6))}},@{name=’ConditionalCustomAttribute7′;Expression={[STRING]::JOIN(";",($_.ConditionalCustomAttribute7))}},@{name=’Conditio,alCustomAttribute8′;Expression={[STRING]::JOIN(";",($_.ConditionalCustomAttribute8))}},@{name=’ConditionalCustomAttribute9′;Expression={[STRING]::JOIN(";",($_.ConditionalCustomAttribute9))}},@{name=’ConditionalCustomAttribute10′;Expression={[STRING]::JOIN(";",($_.ConditionalCustomAttribute10))}},@{name=’ConditionalCustomAttribute11′;Expression={[STRING]::JOIN(";",($_.ConditionalCustomAttribute11))}},@{name=’ConditionalCustomAttribute12′;Expression={[STRING]::JOIN(";",($_.ConditionalCustomAttribute12))}},@{name=’ConditionalCustomAttribute13′;Expression={[STRING]::JOIN(";",($_.ConditionalCustomAttribute13))}},@{name=’ConditionalCustomAttribute14′;Expression={[STRING]::JOIN(";",($_.ConditionalCustomAttribute14))}},@{name=’ConditionalCustomAttribute15′;Expression={[STRING]::JOIN(";",($_.ConditionalCustomAttribute15))}},@{name=’RecipientContainer’;Expression={[STRING]::JOIN(";",($_.RecipientContainer))}},@{name=’ObjectClass’;Expression={[STRING]::JOIN(";",($_.ObjectClass))}},@{name=’NonAuthoritativeDomains’;Expression={[STRING]::JOIN(";",($_.NonAuthoritativeDomains))} } | sort-object priority | export-csv C:\export.csv{/code}</p>'</p>’
Categories
SQL

McAfee EPO : Database Managment

McAfee EPO : Database Managment

I recently ran into some issues with a remote sites EPO server. There were seveal issues:

  1. SQL Express Database had grown to 2GB (it was SQL Express 2005 therefore 2GB was the limit)
  2. The drive which the database files were stored was running low on disk space
  3. There were excessive rows in the events table which required purging

Move The Database

— Identify logical file names and file locations for the database you wish to move

select a.name, b.name as ‘Logical filename’, b.filename from sys.sysdatabases a

inner join sys.sysaltfiles b

on a.dbid = b.dbid

 

— Set DB Offline, forcefully

ALTER DATABASE ePO4_SERVER

SET offline WITH  ROLLBACK IMMEDIATE

GO

 

— Copy files to the new location, yes COPY!

— New location D:\Program Files\McAfee\ePO SQL Database

— Old Location C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data

— Set Destination NTFS Permissions to Match Source location

 

— Move database files(As there was not enough disk space on the C:\ on SERVER)

ALTER DATABASE ePO4_SERVER

MODIFY FILE ( NAME = ePO4_SERVER,

FILENAME = “D:\Program Files\McAfee\ePO SQL Database\ePO4_SERVER.mdf”)

GO

 

ALTER DATABASE ePO4_SERVER

MODIFY FILE ( NAME = ePO4_SERVER_log,

FILENAME = “D:\Program Files\McAfee\ePO SQL Database\ePO4_SERVER_log.LDF”)

GO

 

ALTER DATABASE ePO4_SERVER

SET online

GO

Cleanup The Database


— Find Out EPO DB Size

EXEC sp_spaceused

 

— Find Table Sizes

select object_name(id) [Table Name],

[Table Size] = convert (varchar, dpages * 8 / 1024) + ‘MB’

from sysindexes where indid in (0,1)

order by dpages desc

 

— Identify Events that can be purged between a specific date/time range

Select ThreatEventid, Count(Threateventid)

FROM EPOEvents

WHERE ReceivedUTC BETWEEN ‘2000-01-01 00:00:00.000’ AND ‘2011-03-31 23:59:59.999’

GROUP BY ThreatEventid

 

— Purge Events

 

— 1 Stop all EPO Sevices

— 2 Backup DB

— 3 Purge table

 

DELETE FROM EPOEvents

WHERE ReceivedUTC BETWEEN ‘2000-01-01 00:00:00.000’ AND ‘2011-05-31 23:59:59.999’

 

— 4 shrink the database

dbcc shrinkdatabase (ePO4_SERVER,1)

Categories
Exchange Server 2007

Troubleshoot OOF

Troubleshoot OOF:

http://www.msexchange.org/articles_tutorials/exchange-server-2007/tools/troubleshooting-out-of-office.html

Categories
SQL

SQL 2008 : Cluster DTC Configuration

SQL 2008 : Cluster DTC Configuration

In order to configure a DTC per SQL instance perform the following steps:

Create a new DTC resource

i.            Look for a green arrow in the middle pane next to “Configure a Service or Application” and click on it to open the “High Availability Wizard”

ii.            Choose “Next” to go to the “Select Service or Application” screen

iii.            Choose “Distributed Transaction Coordinator (DTC)” then click “Next”

iv.            You can either use the default name or create your own unique name for the “Client Access Point” then click “Next”. You may want to name it something like DTC_YourSQLServerResourceName. For example: if your SQL instance’s virtual name is SQL01, call your DTC resource something like DTC_SQL01 or MSDTC-SQL Server (SQL01).

v.            Choose a disk that is not already used and will not be the disk you choose during SQL Server setup.

vi.                  Click “Next” twice.

 

Install SQL Server on at least one node.

 

Move DTC to the SQL Server group

i.            Right click on the DTC resource and choose “More Actions” then “Move this resource to another service or application”.

ii.            Choose your SQL Server group in “Select A Service or Application”.

iii.            Right click on the DTC resource and choose “Properties”. Go to the “Policies” tab and uncheck “if restart is unsuccessful, fail over all resources in this service or application” for the DTC resource unless you are sure you want a DTC failure to cause SQL Server to fail over. This is the same thing as “affect the group” in older versions of Windows.

iv.            Optionally you can take DTC offline and make it dependent on the SQL Server name and disk. Then remove its dependencies on the original name and disk. Then you can optionally delete the original IP, name, and disk or move them out of the SQL Server group.

(Optional for SQL Server 2008) Map SQL Server to this DTC resource.

If you skip this step SQL Server 2005 will use the default DTC. SQL Server 2005 will only use the DTC in the SQL Server group if that one is the default for the entire cluster or if you do the mapping step. SQL Server 2008 will use the DTC in its group unless that DTC is not online/started when SQL Server starts or if you create a mapping to a different DTC.

i.                     Open a dos prompt using “Run as Administrator”.

ii.                   Modify the below statement with a mapping name (make up a name to id the mapping), service (the SQL Server service name – not the display name), and ClusterResourceName (DTC resource name) then run it
Example: Msdtc -tmMappingSet -name DTC_SQL01_Mapping -service “MSSQL$SQL01” -ClusterResourceName “MSDTC-SQL Server (SQL01)”  Do you want to continue with this operation? [y/n] y [enter]

iii.                 Run “msdtc -tmmappingview *” to verify the mapping was created successfully. The mapping is also stored in HKEY_LOCAL_MACHINE\Cluster\MSDTC\TMMapping\Service\ as a new key named the same as the mapping parameter used in the msdtc command.

iv.            To verify SQL Server is mapped to the expected instance of DTC you can either

§ Shut down all the other DTC services and make sure the mapped DTC is online. Verify you can do a BEGIN DISTRIBUTED TRANSACTION from this SQL Server.

§ Do a BEGIN DISTRIBUTED TRANSACTION from this SQL Server, verify it succeeds and roll it back. Then shut down the mapped DTC and verify a new BEGIN DISTRIBUTED TRANSACTION will work.

e)      Enable network access

i.                 Run DcomCnfg

ii.               Navigate to Computers.Component Services.My Computer.Distributed Transaction Coordinator.Clustered DTCs

iii.              Right click on the DTC service for this SQL Server group and select “Properties”.

iv.               Go to the security tab and check “Network DTC Access”, “Allow Inbound”, and “Allow Outbound”.

v.                When you hit “Apply” or “OK” it will restart the DTC resource.

Categories
Exchange Server 2007

Exchange 2007 : SendAs Distribution List

Exchange 2007 : SendAs Distribution List

Use the following Exchange Shell command to enable users to Send As a Distribution list or Mail-Enabled Security Group:

get-group “Group Name” | Add-AdPermission -user “UserName” -AccessRights extendedright -ExtendedRights “send as”

Categories
Windows Server 2003

AD DS : PDCe Time Server Configuration

AD DS : PDCe Time Server Configuration

Use the following script to configure your PDCe to sync its time using an external time source:

w32tm /config /manualpeerlist:”tock.usno.navy.mil,0x9 tick.usno.navy.mil,0xa” /syncfromflags:MANUAL
w32tm /config /update
w32tm /resync

This will perform all of the required registry changes under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters without having to actually modify the registry.

Check the system event log for Event ID 35, W32Time ‘The time service is now synchronizing the system time with the time source tock.usno.navy.mil.’ entries once complete.

Categories
SQL

Exchange 2007 : Managing Shared Mailboxes

Exchange 2007 : Managing Resource Mailboxes

To create a shared mailbox:

New-Mailbox -database “MAILSERVER\MDB1\Mailbox Database” -Name Cancel -OrganizationalUnit “domain.local/Exchange Objects/Resource Mailboxes” -DisplayName “user1” -UserPrincipalName “user1@domain.local” -Shared

To set the country code on the user (may be used for address list policies):

Set-User Cancel -CountryOrRegion “GB”

Grant full access/sendas permissions:

Add-MailboxPermission Cancel -User “user2” -AccessRights FullAccess
Add-ADPermission Cancel -User “user2” -Extendedrights “Send As”