VMware stencils for Visio

I finally stumbled across this Visio diagram which contains some Visio shapes for VMware diagrams. Unfortunately they aren’t in .vss format, it is an actual diagram, but the shapes are great!

http://gollum123.free.fr/vmware.VSD

Exchange 5.5 nightmare!

Yesterday was an interesting day. We are currently planning our upgrade from Exchange 5.5 to Exchange 2007. Unfortunately something we had been dreading for some time happened – we ran out of disk space on one of our servers. In Exchange 5.5 Standard (and 20000, I believe) there is a limit of 16GB for the size of the databases. Historically our priv.edb database (mailboxes) has always been 16GB and the pub.edb (Public Folders) has been tiny, only about 100MB. The size of the disk partition that the two were on is about 17GB in size, so only just big enough. However because our users rarely used the Public Folders this has always been plenty. Unfortunately one group of users had started using the Public Folders to store archived emails in, so the pub.edb folder grew and grew until it was about 900MB in size — which meant we ran out of disk space and the Microsoft Exchange Information Store service crashed. This meant that more than 50% of our users could now no longer access their mailboxes and no-one could access the Public Folders — what we term a ‘major incident’. After doing some frantic research and a conversation with a friendly consultant, these are the steps I took to get the system back up and running.

1. Made a copy of the two Information Store database file: pub.edb and priv.edb
2. Deleted the pub.edb file from its original location
3. Started up the Microsoft Exchange Information Store service (this created a new, empty pub.edb file). Users could now access there mailboxes but Public Folder info was not available.
4. Start up Exchange Administrator on server1. In the Properties/Database Paths tab amended the drive and path of the Public Folder database to point at a drive with sufficient disk space to take the original pub.edb file (and leave some spare space!)
5. Stopped the Microsoft Exchange Information Store service
6. Deleted the new pub.edb and moved the original pub.edb file to the new location
7. From the command line, ran c:exchsrvrbinisinteg -patch. This took about 2 minutes to run.
8. Started the Microsoft Exchange Information Store service – et voila! It worked!

We will be running Exchange 2007 on a SAN and I believe that MS have removed the restriction on database size, so hopefully I will never have to go through anything this stressful again. I’ve managed to get through 10 years with Exchange 5.5 not causing me any grief, so here’s to the next decade!

Terminal Services / Citrix utilities

On the Brian Madden site I came across this link which lists some cool utils for managing TS & Citrix.

Here:

Setting up OpenVPN 2.0.9 on Ubuntu 6.06

These are some brief instructions on how I went about setting up OpenVPN 2.0.9 on Ubuntu 6.06. Our existing OpenVPN server was version 2.0.6 which I believe has some bugs according to http://ubuntuforums.org/showthread.php?t=255904 — we did experience the occasional lock-up which required OpenVPN to be restarted, so as it is becoming more critical I decided to upgrade. We use OpenVPN to provide staff and external partners access to our network, they use the Windows GUI client to connect (although I use the Linux one at home).

I went about it by setting up a new server and then just copying the config files from the old one. This avoids having to set up new certificates, etc, and it means that if the server falls over I can just build up a new server again.

Bear in mind that these OpenVPN is quite flexible as to where it lets you put things like config files so hings like folder and file locations might need tweaking for different circumstances or distros.

I have also created some scripts which help to automate the procedure for creating & revoking the VPNs, this saves loads of time! These are also at the end.

Apologies if I’ve missed any steps here, I only decided to document what I was doing after I’d done most of it. However, if I find I’ve missed anything I’ll come back and add it in later. If you spot any errors, please let me know. I hope this helps.

Setting up the server

Install Linux distro of choice (e.g. Ubuntu)
Install Linux kernel headers and stuff to compile apps: sudo apt-get install build-essential
Next, install OpenSSL: sudo apt-get install openssl*

Go to your home folder: cd ~
Download the latest version of OpenVPN from http://openvpn.net and copy to your home folder

You need to download and install the LZO libraries:download from http://www.oberhumer.com/download/lzo

tar xvf lzo-x.xx.tar.gz

cd lzo-xx.x.tar.gz

./configure

sudo make

sudo make install

Extract the files: tar xvf openvpn-2.0.9.tar.gz
We now need to configure and compile the source code:
cd openvpn-2.0.9
./configure
make
sudo make install
Copy openvpn-2.0.9/easy-rsa to /usr/share/openvpn

Create a folder for the OpenVPN config files to live in: mkdir /etc/openvpn

We now need to set the server to forward IP packets: edit the file /etc/sysctl.conf and uncomment the line net/ipv4/ip_forward=1
To make it easy to manage, I log in as a user called ‘openvpn’ and do all the admin with that, it means I don’t have to type ’sudo’ after every single command. For this to work I have to set the ‘openvpn’ user to be the owner of the directories with the OpenVPN files:
sudo chown -R openvpn /usr/share/openvpn
sudo chown -R /etc/openvpn
Copy all contents of /usr/share/openvpn/easy-rsa/2.0 from old OpenVPN server to the new one (use scp or similar)
Copy contents of /etc/openvpn from old server to new one — at minimum you will need ipp.txt & server.conf. If you are using a client config directory to provide individual settings, you will also need the ccd directory (assuming that’s where you have located it)

I think that’s about it for the OpenVPN installation.

Setting up mail

I find it useful to have a mail sent to me when a VPN has been created or revoked, that way if someone else creates one I will always know about it. To do this we need to set up the tools to send mail:
Install the mailutils package: sudo apt-get install mailutils
Configue exim4: sudo dpkg-reconfigure exim4-config to set up Exim which is the mail server — I just set it to send SMTP mail only using DNS, but you will need to configure it in a way apprpriate to your needs.
You should now be able to send a mail from the command line like so (for example): mail -s “VPN created” “joe.bloggs@email.com” < “created.txt”
The preceding line will send an email with the subject ‘VPN created’ to the specified address, with the body of the email piped in from ‘created.txt’. I use this in the scripts I’ve created so that it will email with the name of the VPN.

Scripts
Below are some scripts I have created to create a VPN, revoke it, and one which I use on my Windows laptop to get the certificate files which need to be copied onto the client PC. Note: these work for my system, you would probably need to do a bit of tweaking for your setup. Don’t forget to chmod a+x the bash scripts to make them executable!

create-vpn (bash script)

Usage: ./create-vpn username
Creates the VPN certificates, creates a config file from a template, then emails me to tell me a VPN has been set up.

#!/bin/bash
cd /usr/share/openvpn/easy-rsa/2.0
source ./vars
sudo ./build-key $1
sudo chown openvpn keys/$1.*
# Next line copies a config file template I have created for most of our users to use and renames it for the user
cp /etc/openvpn/ccd/vpn-template /etc/openvpn/ccd/$1
echo VPN keys for $1 created, they are located in /usr/share/openvpn/easy-rsa/2.0/keys.
echo Default config file for created, named /etc/openvpn/ccd/$1
echo Edit that config file to confirm correct routing and IP options are provided.
echo A VPN has been created for user $1 > /home/openvpn/created.txt
mail -s “VPN created for $1″ “joe.bloggs@email.com” < “/home/openvpn/created.txt”

revoke-vpn (bash script)

Usage: ./revoke-vpn username
Revokes the certificates so that the client cannot connect, then emails me to inform me.

#!/bin/bash
cd /usr/share/openvpn/easy-rsa/2.0/
source /usr/share/openvpn/easy-rsa/2.0/vars
./revoke-full $1
echo VPN revoked for $1 > /home/openvpn/revoked.txt
mail -s “VPN revoked” “joe.bloggs@email.com” < “/home/openvpn/revoked.txt”

getvpn.bat (Windows batch file)
Usage: getvpn username
This file uses pscp.exe which is available from the Putty download page to copy the require client certificate files from the OpenVPN server onto my hard disk. I can then copy them onto the client machine along with client.ovpn and ca.crt.

@echo off
cls
if exist %windir%\pscp.exe goto pscpexists
copy \\server1\software\misc\putty\pscp.exe %windir%
:pscpexists
pscp openvpn@openvpn://usr/share/openvpn/easy-rsa/2.0/keys/%1.* .
del %1.csr