Friday, October 11, 2013

How to diplomatically phrase an "out of scope" to customer email. Wow. Not 100% grammatically correct but very diplomatic.

Thanks for sharing with us on the details and it's good to know the issue has been fixed.

Although we deliver a project based on best practice and experiences from past projects, but every project has different situations, hereby we implement user pilot stage to discover and fix potential issues, during the pilot stage of our project, we worked with your team covered as many scenarios as possible,  that is very important for the sanity of the deployment and I believe there haven’t been too much outstanding issues in past months. However,  to be very frankly, the concurrency of external user wasn’t included,  from a methodology point of view, such hidden issues normally will be further discovered and fixed during the gradually production rolling out, either my team or technical support team will help on this along the way.

Thanks for the understanding and have a nice day!

Tuesday, October 8, 2013

How to reduce (Tweak) Synology Rebuild time - Use at your own risk!

echo 90 > /proc/sys/vm/dirty_ratio
echo 80 > /proc/sys/vm/dirty_background_ratio
echo 6000 > /proc/sys/vm/dirty_expire_centisecs
echo 4000 > /proc/sys/vm/dirty_writeback_centisecs

For the next two, change "sda" to the device name; you may need to repeat for each device.
echo deadline > /sys/block/sda/queue/scheduler
echo 16384 > /sys/block/sda/queue/nr_requests

For the next two, change "md2" to the volume name if different; you may need to repeat for each volume.
echo 524288 > /sys/block/md2/md/stripe_cache_size
blockdev --setra 4096 /dev/md2

The following line can only be enabled while the array is healthy
mdadm --grow /dev/md2 --bitmap=internal

Edit /etc/sysctl.conf to add this line

Wednesday, July 17, 2013

Have multiple fields in excel to compare and output results? Use vlookup in excel

--- Start of Rant ---

Let me tell you something. Sometimes in IT you're stuck with an unenviable task of scripting mass changes to AD, you've got the starting point - the requirements and the objects that need to be changed, you have somehow managed to extract the data required to be changed. Now you need to eye-ball both spread sheets line by line to make sure you can produce the script that will update the required attributes.

It's not fun.

--- End of Rant ---

With this it will be fun:

Friday, July 5, 2013

Things to take note of before messing with vShield

vShield adds this line to each VM's .vmx file. = “vshield-dvfilter-module”
ethernet0.filter0.param1 = “uuid=52393e32-ee4f-4420-808d-dd2683015301.000″

Wednesday, May 29, 2013

Debugging scripts, output to console

Example 1

--- Script start ---
if not exist c:\Logs md c:\Logs
net use \\sourceserver\robocopy /user:username password 1>c:\Logs\test.txt 2>&1
--- Script end ---

"1>c:\Logs\test.txt 2>&1"

"1>" To capture error output; specify a full path for the log file. If not it might end up in the System32 folder.
"2>" = re-direction in DOS Command Prompt (console)

Example 2

--- Script start ---
net use \\sourceserver\robocopy /user:username password 1> c:\output.txt 2> c:\error.txt
dir \\sourceserver\robocopy 1>> c:\output.txt 2>> c:\error.txt
--- Script end ---

Or to use one single log file:

--- Script start ---
net use \\sourceserver\robocopy /user:username password 1> c:\output.txt 2>&1
dir \\sourceserver\robocopy 1>> c:\output.txt 2>>&1

Schedule a robocopy task on Windows 2008 R2 (WIP)

1. Schedule a task to copy a set of files from a DC to another DC.
2. Apply least privilege principle.

Windows 2008 R2 (
Robocopy version on Windows 2008 R2 (XP10 aka

Using robocopy, you will be able to copy folders from source location to destination location (folders will be created). However, files within the source folder will fail to copy.

Common errors:
1. ERROR : You do not have the Manage Auditing user right.
2. ERROR 5 (0x00000005) Copying NTFS Security to Destination Directory -instead-path-here- Access is denied.

Required Permissions:

To use the robocopy /COPYALL switch on a DC, at minimum, user account MUST BE in "Builtin\Administrators" group.

THIS CAN'T BE AVOIDED. Ref URL #4 below - "UAC operates under a dual token method where even if you have the right to have elevated access, until you request it via UAC its not provided. Once requested its a new process."

Tried to minimize security access with credentials "Builtin\Server Operators" (able to open an elevated command prompt but UAC will prompt for password) and "Builtin\Backup Operators"
However, with these credentials, during the copy process, the folders will be created successfully but files inside folders, you will hit error #2 mentioned above.

Required NTFS Permissions
1. Source location, at least read access to the files and folders
2. Destination location, "full control" to files and folders (If not you may have
3. If your destination folder is in a root folder, ie, D:\ or E:\, you will need to
3.1. Disable inheritance
3.2 Grant full control to the user that is used to run the robocopy scheduled task script

Windows 2008 R2 may not copy ACLs properly

1. XCOPY source_folder target_folder /I /E /X /T 
2.  ROBOCOPY source_folder target_folder /COPYALL /SECFIX /E 


Monday, April 1, 2013

vmware vi fastpath unable to add server

"Error: You don't have permission to execute this command" - Append sudo to command line
"Error: Failed to add users" - Make sure your username parameter has a double "\". Note the red "\" . It is NOT a typo.

Eg: sudo vifp addserver --authpolicy adauth --username addomain\\adusername

vSphere Management Assistant (vMA) 5.1 hostname not sticking

This is a frustrating problem. Don't understand why in my company's production systems, the standard VMware installation instructions don't work.

I had no issues on my home lab. (hair pulling)

You configure the new hostname using the instructions from the vMA user guide, configuration is done through the web interface on port 5480 and/or directly from the VM console, and/or from a SSH session.

The moment you reboot the system, it reverts back to localhost.localdomain. It does not matter if you initiate the reboot from the web interface on port 5480 or from a shell session.

Anyhow, to fix this problem, create an "A" record on the AD DNS server, then from shell run "sudo -i" (this will drop you into a root session (text color will change to red), then run Suse's network configuration utility "system-config-network-tui"


Edit (4/4/2013):
Same thing happened to my home vMA.