Posts Tagged “linux”

The web server is now running on the much more powerful ESXi system.  It seems faster to me but I have the advantage of browsing on the local network.  Any of you Internet people see a boost in performance?

I’ll post some tricks I learned about migrating a Linux virtual machine from VMWare Server to ESXi soon.

Comments 1 Comment »

I played around with VMWare ESXi some more this evening and managed to get it installed on an IDE disk to test.  The IDE JBOD mode didn’t work as I hoped.  Eventually I found this tip on how to get ESXi to install on an IDE disk.  That did the trick and ESXi installed no problem!

After ESXi installed, I did some testing and built a Win XP virtual machine as a test.  It was a bit tricky to get going as ESXi does not support IDE disk emulation in the guest OS.  This made the Windows XP installer complain as it would not find the virtual disk.  Fortunately, VMWare has a vmscsi driver disk available for download here: http://www.vmware.com/download/server/drivers_tools.html.  Mounting the SCSI Disk Driver floppy image and pressing F6 immediately during the Windows XP installation loads the driver and the installation was a breeze after that.

I played a bit more with the ESXi configuration and tools and I’m pretty impressed.  I think it would make a good replacement for my current server configuration – Win2k3 on native hardware with a Linux VM running in VMWare Server 1.02.

Now the remaining problems are how to easily migrate the existing server to ESXi.  Migrating the Linux VM might be a pain because I had problems using SCSI emulation on the virtual disk and I went with IDE.  Maybe VMWare converter will be able to convert the disk format but it might still be tough at a guest OS level to change the hard drive configuration.  If things don’t go too well, I could always just install a fresh Fedora Core 10 to ESXi and go from there.  I’m due for an upgrade anyways.

Migrating Windows Server 2003 from native hardware to ESXi should be pretty easy with VMWare converter but of course I’ll have to test it to be sure.  This is definately a system I do not want to rebuild from scratch!

After I was done testing/playing, I got a bit brave since I was more comfortable with the ESXi installer and I wanted to see if the ESXi installer detected a SATA disk.  Since the plan is to use two 500GB SATA drives in a RAID-1 config, I want to be sure it will work before I buy two drives.  So without having a spare SATA disk to test with, I hooked up my primary SATA drive (with all my important data on it) and booted the ESXi installer.  I’m happy to report that ESXi detected the SATA drive no problem without needed the above ‘tweak’ to get it working.  I figured that was a good point to cancel out and hope my drive had not been altered.  I would assume at this point that the SATA RAID-1 will work just fine with ESXi and my nForce 4 controller.

Next step….not sure…

Update: The embedded nForce SATA RAID configuration doesn’t work.  Even when enabled in the BIOS, ESXi sees the ‘RAID-1′ as two individual drives.  I haven’t found any solution to this problem but other people have had the same issue.  Kind of unfortunate as cheap RAID-1 solution would be a huge benefit for ESXi.

Comments Comments Off

In many environments, putting an Exchange 2007 front-end server directly on the Internet is not a desired configuration – either because of technical limitations or security concerns.  One solution is to have an Apache HTTP server on the network perimeter to act as a reverse proxy to an internally located Exchange 2007 server.  The following example is an Apache configuration to:

  • Redirect browsers from http://webmail.domain.com/ to the secure https://webmail.domain.com/
  • Redirect from the root of https://webmail.domain.com to https://webmail.domain.com/exchange – you may wish to redirect to /owa if you use a pure Exchange 2007 environment.
  • Any requests to the https://webmail.domain.com/* will be dynamically tunneled through Apache’s reverse proxy to the internal Exchange system and served back to the client.

The main advantage of the below configuration is that using the ReWriteRule directive with the [P] parameter (Proxy), we can avoid having many individual ProxyPass and ProxyPassReverse directives for each of the Exchange 2007 virtual directories.  Nice, clean, simple.

ProxyRequests Off
<VirtualHost webmail.domain.com:80>
  ServerAdmin hostmaster@domain.com
  ServerName webmail.domain.com
  #ErrorLog /var/log/apache2/webmail.domain.com-error_log
  #CustomLog /var/log/apache2/webmail.domain.com-access_log combined

  ProxyPreserveHost On
  RewriteEngine on
  # Redirect http traffic to https
  RewriteRule ^/(.*)$         https://webmail.domain.com/$1 [L,R]
</VirtualHost>

<VirtualHost webmail.domain.com:443>
  ServerAdmin hostmaster@domain.com
  ServerName webmail.domain.com:443
  #ErrorLog /var/log/apache2/webmail.domain.com-ssl_error_log
  #TransferLog /var/log/apache2/webmail.domain.com-ssl_access_log
  #CustomLog /var/log/apache2/webmail.domain.com-ssl_request_log ssl_combined

  SSLEngine on
  SSLProxyEngine On
  RequestHeader set Front-End-Https "On"
  ProxyPreserveHost On
  RewriteEngine on
  CacheDisable *

  # Rewrite the WWW-Authenticate header to strip out Windows Integrated
  # Authentication (NTLM) and only use Basic-Auth
  SetEnvIf User-Agent ".*MSIE.*" value BrowserMSIE
  Header unset WWW-Authenticate
  Header add WWW-Authenticate "Basic realm=webmail.domain.com"  

  # Redirect / to /exchange
  RewriteRule ^/$             https://webmail.domain.com/exchange/ [R]

  # Reverse proxy all requests to the internal Exchange 2007 server
  RewriteRule ^/(.*)          https://exchange.domain.internal/$1 [P]

  SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
  #SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:RC4-MD5:+HIGH:+MEDIUM:+SSLv3:+SSLv2
  SSLCertificateFile /etc/apache2/ssl.crt/webmail.domain.com.crt
  SSLCertificateKeyFile /etc/apache2/ssl.key/webmail.domain.com.key

  SetEnvIf User-Agent ".*MSIE.*"    \
  nokeepalive ssl-unclean-shutdown  \
  downgrade-1.0 force-response-1.0
</VirtualHost>

Comments 40 Comments »

One of the newest features of Outlook 2007SP1 combined with Exchange 2007 is the ability for Outlook to automatically configure itself to an Exchange 2007 server.  The main benefit is for remote users to use Outlook on the Internet as if it was connected on the LAN – this is called Outlook Anywhere or Outlook RPC over HTTP.  This is very easily accomplished by having a specific DNS record available for the domain.

Unfortunately most documentation provided uses the assumption that you are serving DNS from a Microsoft DNS server – good try Microsoft.  There is an easy way to serve the same record from BIND under Linux/UNIX.  Create the DNS record as follows:

_autodiscover._tcp.domain.com. SRV 0 0 443 webmail.domain.com.

Where ‘webmail’ specifies the external address of the Exchange 2007 server.

To test the Autodiscover feature of Outlook 2007SP1, start Outlook and while holding the Control key, right-click the Outlook icon and there will be an option to “Test E-Mail Autoconfiguration”.

Comments 2 Comments »

A couple people at work pointed out that support.microsoft.com would not load when browsed through the squid proxy cache.  However, it would work if you could browse directly to the site with no proxy between.  Some web searching turning up the following information that support.microsoft.com somehow managed to break itself when browsing through squid.  To correct the issue, add the following lines to your squid.conf:

# Fix broken sites by removing Accept-Encoding header
acl broken dstdomain support.microsoft.com
header_access Accept-Encoding deny broken

Restart squid with squid-k reconfigure and support.microsoft.com should be working again.

On a somewhat related note, Windows XP service pack 3 was loooong overdue.  I found a Microsoft hotfix today for Windows XP going back to 2006 that fixes kernel problems when over 1Gb of RAM is installed.  Unfortunately this fix never made it in to the automatic update channel but it has been included in SP3 – which was only release 3 weeks ago.  I guess when XP came out in 2001, not a lot of Microsoft engineers thought it would still be used quite heavily 7 years later.  Vista?  Pth…try again, Microsoft.  Mac OS X 10.5 seems to be the most modern operating system right now.  It may not be perfect (is anything truly perfect though?) but it’s still much better than Vista.

Comments Comments Off

I noticed something a bit odd on the Active Directory integrated Linux systems I run at work. When listing all of the running processes with “ps auxw”, the output would display the following:

root      3964  0.0  0.0   3060   688 tty6     Ss+  May07   0:00 /sbin/mingetty tty6
10010     5091  0.0  0.0   9980  2344 pts/0    Ss   08:26   0:00 -bash
bmartin   5592  0.0  0.0  35768  2524 ?        S    09:39   0:00 pure-ftpd (IDLE)
wwwrun   30349  0.0  0.1 176992  6508 ?        S    May12   0:00 /usr/sbin/httpd2-prefork

Looks pretty normal except for that second line where the user-id number is displayed instead of my proper user-name (lgoldenstein). I figured this might be caused by problems between Linux and the Active Directory user mappings. However, other Active Directory accounts display correctly in the ps output.

Some Google searching found the solution:
ps will only display the username if the username is eight characters or less. Otherwise, the user-id will be displayed.

Comments Comments Off

After upgrading to Vista SP1, I ran in to some problems between my computer and my Fedora Core 6 Samba 3.0.24 server.  I have my Wordpress software directory mounted from the Linux server to my Vista SP1 computer to make adding plug-ins easy.  All I do is copy the new plug-in from my computer to the Wordpress share and it is added.  This worked fine until a few days ago when I suddenly started to get “access denied” when copying the files.  I concluded the problem was the fault of Vista SP1 after the following troubleshooting:

  • No changes had been made to the Samba configuration for quite some time.
  • All file permissions on the Samba server were correct.
  • Mac OS X Leopard was functioning correctly with no changes required.
  • Windows XP SP2 was functioning correctly with no changes required.

After checking the latest version of Samba (3.0.28a at this time), it mentioned that it corrects “interoperability issues” with Vista SP1.  To correct these issues, follow these steps:

Download the Samba 3.0.28a source RPM for Fedora Core 8
Install it: rpm -ivh samba-3.0.28a-0.fc8.src.rpm
Build it: rpmbuild -bb /usr/src/redhat/SPECS/samba.spec
If you get warnings about dependencies, either download the dependent packages through yum (yum install …) or use the –nodeps option with rpmbuild.
Watch some Battlestar Galatica while the package builds…
Install it: rpm -Fvh /usr/src/redhat/RPMS/i386/samba*
This will update only the RPMs that are already installed.

Test the new installation and your Vista SP1 problems should disappear!

Comments 3 Comments »