Categories
Single Sign On (SSO)

Broadcom 43xx Driver Installation HOWTO Under Fedora Core 5

Broadcom 43xx Driver Installation HOWTO Under Fedora Core 5

Having a BCM4306 Based Wireless Card until now has been the bane of my linux use, however I came accross this guide a couple of days ago and I\\”m now running 100% wireless with my Broadcom Card! 🙂

Prerequisites

Card drivers which include firmware:
You can get the firmware here: wl_apsta.o

 

Firmware cutter utility:

bcm43xx-fwcutter i386

bcm43xx-fwcutter x86_64

Simply install the bcm43xx-fwcutter tool:

For i386: rpm -ivh bcm43xx-fwcutter-004-1.fc5.i386.rpm

For x86_64: rpm -ivh bcm43xx-fwcutter-004-1.fc5.x86_64.rpm

Then use the command:

/usr/bin/bcm43xx-fwcutter -w /lib/firmware wl_apsta.o

Then enable the gnome NetworkManager :

/sbin/chkconfig level 5 NetworkManager on

/sbin/service NetworkManager start

The first time network manager connects to your wifi AP it will ask fior a keyring password. I reccomend you set it the same as your logon password, you’ll see why in a future update.

This setup will work with WEP and WPA turned on.

NOTE: To change / reset your keyring password simply bring up a terminal and run the following:

cd .gnome2/keyrings/\r\nrm default.keyring

The next time your machine boots it will ask you to enter a new keyring password

Categories
Presentation Server

Citrix / Terminal Server Performance Registry Settings

Terminal Server / Citrix Performance Registry Settings

I have gathered a list of registry and operating system tweaks that improve Citrix performance. I use these tweaks on all Citrix servers deployed in order to ensure reliable performance when under heavy user load.

 

Registry Modifications

Firstly, we disable paging of the NT Executive – this keeps core system components in memory and out of the page file. If there is only one tweak you take away with you today, this should be it:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkStation\Parameters]
“UtilizeNTCaching”=dword:00000000

 

Next, I configure addition worker threads to increae available CPU threads to users:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Executive]
“AdditionalCriticalWorkerThreads”=dword:00000016
“AdditionalDelayedWorkerThreads”=dword:00000016

 

Now we increase the functionality of the lanmanserver service which controls file and print resource / access on the server:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Lanmanserver\Parameters]
“MaxWorkItems”=dword:00002004
“MaxMpxCt”=dword:00000800
“MaxRawWorkItems”=dword:00000200
“MaxFreeConnections”=dword:00000064
“MinFreeConnections”=dword:00000020

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters]
“IRPStackSize”=dword:0000000f

 

Now we configure the lanmanworkstation service which is the file and print client:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters]
“MaxThreads”=dword:000000ff
“MaxCollectionCount”=dword:0000ffff
”MaxCmds”=dword:00000800

 

Operating System Configuration

 

Firstly, change the server processing scheduling and memory usage bias towards programs:

 

Next change the performance bias on the network file and print sharing fr Microsoft networks to maximaise data throughput for network applications:

 

 

Categories
Windows Server 2003

Performing an Unattended Installation of Active Directory

Performing an Unattended Installation of Active Directory

 

Automating Domain Controller Deployment (read Active Directory Services and DNS) couldn’t be simlper; allowing you to install and configure AD remotely with virtually no interaction with the server at all.

First, you will need an unattend file that provides Windows Setup with the desired settings for NTDS installation. The Contents of this file should look similar to this:

 

[DCINSTALL]
CreateOrJoin=Create
ReplicaOrNewDomain=NewDomain
NewDomainDNSName=newdomain.com
DomainNetBiosName=newdomain
SetForestVersion=Yes
AutoConfigDNS=Yes
DatabasePath=%systemroot%\ntds
LogPath=%systemroot%\ntds
SYSVOLPath=%systemroot%\ntds
SafeModeAdminPassword=Password
SiteName=UK

 

Save the above into a new file named ad-auto.txt.

Use the above file to create a new forest – set using the CreateOrJoin and ReplicaOrNewDomain options.

The DC will be placed into a new AD site named UK – set using the SiteName option.

The forest root domain will be ‘newdomain.com’ with a NETBios name of newdomain – set using the NewDomainDNSName and DomainNetBiosName options.

SYSVOL and NTDS directories will be installed to their default paths (%systemroot%\) – set using the SYSVOLPath, DatabasePath and LogPath options.

The DSRM password will be set to ‘password’ – using the SafeModeAdminPassword option.

DNS will be automatically installed and configured appropriately – set using the AutoConfigDNS option.

Finally, the forest functionality level will set as Windows Server 2003 native rather than mixed mode – set using the SetForestVersion option.

 

To install Active Directory services using this unattended file simply run this command: dcpromo /answer:ad-auto.txt

Categories
VBScript

VBScript ; Check Operating System Service Pack Level

VBScript ; Check Op Save erating System Service Pack Level

The script below will output the current service pack of any Windows 2000+ Operating System. This is very useful if you are deploying software via logon script.

Const Impersonate = “winmgmts:{impersonationLevel=impersonate}!\\”
computer = “.”
Set oWMI = GetObject(Impersonate & computer & “\root\cimv2”)
Set QueryWMI = oWMI.ExecQuery(“SELECT * FROM Win32_OperatingSystem”)
For Each oItem In QueryWMI
spVer = oItem.ServicePackMajorVersion
Next

MsgBox “This computer has Service Pack ” & spVer & ” is installed.”

 

 

 

 

 

 

 

 

 

 

Categories
Presentation Server

Troubleshooting Citrix Session Poor Response / High Latency

Troubleshooting Citrix Session Poor Response / High Latency

I was recently tasked with troubleshooting very poor performance on a Citrix Presentation Server 4.5 Advanced Edition Farm.

Hardware Requirements

Your first port of call should be server specification: is the server ‘man’ enough for the task being asked of it? Use the built-in Windows Performance Counters to troubleshoot here.

Check you CPU usage and troubleshoot specific processes if your CPU utilisation is very high. For my environment CPU usage was at < 5%; this was not the governing performance issue.

Memory utilisation can also hinder performance. As a Citrix server runs out of RAM the number of pages /second dramatically increase. Memory usage was circa 50% and the number of pages /second was low.

Network utilisation; whilst ICA is a low-bandwidth application other applications on your environment may be increasing network latency due to saturation of the network link. Use the built-in Windows Performance counters and your switch management tools to ascertain if this is your governing issue. For my environment network usage was < 5% on a 100MB Full-Duplex link.

Network Problems

Are there specific problems with your network that are causing peaks in latency and dropped packets?

Using the Metaframe Servers SDK (MFCOMSDK) v2.3 tool; smcconsole.exe I was able to monitor individual user sessions.

 

Using this tool you can view individual sessions bandwidth utilisation and latency. This tool is incredibly useful when troubleshooting issues regarding session performance. Session latency can also be viewed using the WMI performance counters for ICA Session that are installed when Citrix is installed on a Windows Server.

 

The Metaframe Server SDK version 2.3 is available from here

 

The image above shows a latency figure of 32ms. This equates to 0.03 seconds – a more than acceptable latency figure for an ICA session. When troubleshooting my issues I was receiving figures of 27000ms (yes, 27 seconds!).

Common causes of high latency are:

Ø Network topology issues including port mismatches

Ø MTU issues

Ø Link saturation / QoS

 

A quick and easy check, which should identify any serious network issues, is to conduct what I call a ‘loaded ICMP echo request’ from a network that is experiencing the latency issues to a server in the Citrix farm. A normal ICMP echo request is 32 bytes; we are able to load the packet with up to 1500 bytes. This is achieved using the following command:

> ping ctxserver1 –t –l 1472 -f

 

Let me explain the command. The ‘-t’ option forces the ping to repeat until instructed otherwise (i.e. cancelled with Ctrl-C). The ‘-l 1472’ option sets a packet length of 1472 bytes; there is a 28byte packet overhead therefore, the total packet size is 1500.Finally, the ‘-f’ option forces the packet to not fragment over multiple packets.

 

First, verify that the MTU for your network is in fact 1500 bytes. You can verify this by using the same test to other servers and devices across your network. If you see many dropped packets you know there is a network fault, which may well be the cause of your performance woes.

 

Using this test I identified that there was a fault. The next step is to identify where this fault is occurring.

 

Use ‘tracert’ to identify the path that your packets travel in order to reach your citrix server. Then perform this loaded ping test to each of these addresses one at a time.

 

Categories
Presentation Server

Configuring & Replicating SpeedScreen in Citrix PS 4.5

Configuring & Replicating SpeedScreen in Citrix PS 4.5

‘Speedscreen’ is a very useful feature built in to all versions of Citrix Presentation Server 4.. Configuring this feature is remarkably easy, but it is also remarkably easy to overlook.

For more information regarding speedscreen functionality and benifits see the ‘Presentation Server 4.5 Bandwidth & Usability Study in Graphics-Rich Scenarios’ whitepaper at the following URL: http://www.citrix.com/English/ps2/products/documents_onecat.asp?contentid=186&cid=White+Papers

To configure SpeedScreen log into a Citrix Server which has the Citrix Toolbar / Administration Tools installed. From the Administrative Toolbar select the following Icon:

 

You will then be presented with the following window:

You can see that this server has been configured for SpeedScreen on all of the listed executables. To add SpeedScreen functionality to another application simply click ‘New… ‘ you will then be presented with a Wizard which will ask you to browse for the desired executable to utilise SpeedScreen with.

Replicating Configuration Between Servers

If you have more than a couple of Citrix Servers in your environment the last thing you want to do is set this up manually on all servers. There is a very simple and quick way of replicating your SpeedScreen configuration between all servers.

Browse the filesystem of a server which has been configured to utilise SpeedScreen, copy the follwoing folder: %Citrix-Install-Dir%\ss3config to all servers under the Citrix Installation Directory. Note this folder may also be under %windir%\system32\ss3config

Provided you have enabled Speed Screen at the Farm level via the Access Management Console you’re good to go!

 

 

 

Categories
Exchange Server 2003

Temporarily Increase Exchange 2000 / 2003 16gb DB Limit

Temporarily Increase Exchange 2000 / 2003 16gb Database Limit

This article covers the necessary stps to increase your Exchange 2000 / 2003 SP1 Database limit from 16GB to 17GB to allow you to perform database maintenence.

Temporarily Increase the Exchange 2000/2003 Mailbox Database Size Limit

Locate the following key in the registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchangeIS\\Private-

Add a new REG_DWORD Value: ‘Temporary DB Size Limit Extension‘ set it to 1.This can only be used on servers running Exchange 2000 with the September 2003 Post-Service Pack 3 Roll up or Exchange Server 2003 SP1.Once the database is mounted remove unnecessary database content and then perform a defragmentation of the database in order to reclaim the database space.

In order to permanently resolve this issue on Exchange Server 2003 SP2:

First, verify that sufficient hard disk space is available for the larger database.

Always ensure you have 120% of the desired database size in free space for database maintenence.

For a mailbox store, click the following registry subkey:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSExchangeIS\Server name\Private-Mailbox Store GUID

For a public folder store, click the following registry subkey:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSExchangeIS\Server name\Public-Public Store GUID

Create a new DWORD Value; ‘Database Size Limit in Gb’ set the value as Decimal, and then an integer from 1 to 75.Note These integer values represent the maximum size of the database in gigabytes (GB). For example, a value of 75 represents a database that has a maximum size of 75 GB.

Restart the Microsoft Exchange Information Store service. To do this, follow these steps:

net stop msexchangeis

net start msexchangeis

In the Event Viewer tool, click Application event ID 1216 to verify that the database size has been set successfully.

Categories
Windows Server 2003

Complete Authoritative Restore of Active Directory

Performing a Complete Authoritative Restore of Active Directory

Restart in Directory Services Restore Mode

Simply reboot the server and press F8 during the boot procedures. Select Directory Services Restore Mode. You will require your DSRM password for this procedure. This can be reset as detailed in this guide.

Restore from backup media for authoritative restore

Click the Restore Wizard button, and then click Next.Select the appropriate backup location and ensure that at least the System disk and System State containers are selected.Click the Advanced button and ensure you are restoring junction points. If you do not go through the advanced menu, the restore process will not be successful.Select Original Location in the Restore Files to list.In the Advanced Restore Options window, check the boxes for:Restore security.Restore junction points, and restore file and folder data under junction points to the original location.Preserve existing volume mount points.For a primary restore of SYSVOL, also check the following box. A primary restore is only required if the domain controller you are restoring is the only domain controller in the domain.When restoring replicated data sets, mark the restored data as the primary data for all replicas.Click OK and continue through the restore process. A visual progress indicator is displayed.When asked to restart the computer, do not restart.

Restore system state to an alternate location

Copy the contents of the scripts directory from:

c:sysvolc_winntSysvolDomainscripts and add it to:c:WinntSYSVOLSysvoldomainscripts

Copy the contents of the policies directory from:

c:sysvolc_winntSysvolDomainpolicies And add it to:c:WinntSYSVOLSysvoldomainpolicies

Restore the database

Open a command prompt and type ntdsutil and then press ENTER.Type authoritative restore and then press ENTER.Type restore database and press ENTER.At the Authoritative Restore Confirmation dialog box, click OK.Type quit and press ENTER until you have exited Ntdsutil.exe.

Restart in normal mode

Restart the server. It is now authoritative for the domain, and changes will be replicated to the other domain controllers in the enterprise.

Verify Active Directory restore

When the computer is restarted in normal mode, Active Directory automatically detects that it has been recovered from a backup and performs an integrity check and re-indexes the database. After you are able to log on to the system, browse the directory and verify that all user and group objects that were present in the directory prior to backup are restored.

Categories
Windows Server 2003

Renaming a Windows 2003 Domain Controller

Renaming a Windows Server 2003 Active Directory Domain Controller using the ‘netdom’ tool’

Whilst not an everyday occurrence, I would recommend deploying a new machine and running dcpromo on it in order to achieve this result. However, a native Windows 2003 Active Directory environment will permit name changes on Domain Controllers.

Please note that this is NOT possible in a Windows 2000 Server Active Directory Domain.

This guide illustrates the required commands for renaming the server ‘vm-dc1.home.net’ to ‘vm-dc.home.net’ (notice no ‘1’ in the name anymore)

Step One; add the additional name to the computer object.

Open a command prompt window and type:

netdom computername vm-dc1.home.net /add:vm-dc.home.net

Successfully added vm-dc.home.net as an alternate name for the computer.

The command completed successfully.

Service Principal Name (SPN) attributes will be updated using the netdom command and DNS records will be created for the new computer name.

After allowing sufficeient replication time I would suggest you verify the secondary name has been registered correct in Active Directory using adsiedit.msc. Simply find the original Computer Object and check the msDS-AdditionalDnsHostName attiribute has been populated with the new name.

Step Two; make the new name the primary name for the computer object.

Next, run the following command:

netdom computername vm-dc1.home.net /makeprimary:vm-dc.home.net

Successfully made vm-dc.home.net the primary name for the computer.

The computer must be rebooted for this name change to take effect. Until then this computer may not be able to authenticate users and other computers, and may not be authenticated by other computers in the forest. The specified new name was removed from the list of alternate computer names. The primary computer name will be set to the specified new name after the reboot.

The command completed successfully.

Using ADSI edit you will now see that the msDS-AdditionalDnsHostName attribute for the Computer Account is now populated with the old name.

Step Three; reboot the server.

Proceed with a reboot of the server.

Step Four; remove the old name.

Finally, run the command:

netdom computername vm-dc.home.net /remove:vm-dc1.home.net

Successfully removed vm-dc1.home.net as an alternate name for the computer.

The command completed successfully.

And that’s it!

Categories
Windows Server 2003

Reset the DSRM Password

How to reset the Directory Services Restore Mode (DSRM) Password

The importance of the DSRM password is often forgotten; many administrators will have never used Directory Services Restore Mode.

There is a simple procedure for resetting this crucial password using ntdsutil; from a command prompt window run the following commands:

C:\>ntdsutil

nntdsutil: set dsrm password
Reset DSRM Administrator Password: reset password on server domainController1
Please type password for DS Restore Mode Administrator Account: ********
Please confirm new password: ********
Password has been set successfully.
Reset DSRM Administrator Password: quit
nntdsutil: quit

C:\>

If you\\”ve forgotten your DSRM password, or you have any doubts I’d seriously reccomend changing the password so you know exactly what it is.