John G. Gauthier

My IT and development musings.

+menu-


  • PS3 Media Server + Windows 2008 R2

    The PS3 Media Server project is pretty cool and just what I needed, though it failed to run as a service for me on my Win2008R2 file server. I was given this error:

    Windows could not start the PS3 Media Server service on local computer. error 1067: the process terminated unexpectedly.

    Unfortunately the documentation and online FAQs gave me no obvious pointers here.

    The answer rested with Java (doesn’t it always?) In order to run PS3 Media Server at all, I had needed to download and install the Sun runtime environment 7.0 for Win x64. Well, neither Java nor PS3 Media Server put the Java bin folder in PATH.

    Add this to PATH:

    C:\Program Files\Java\jre7\bin


  • Home Xeon Server, v3

    Minor hardware improvements now have me at:

    • Lian Li PC-V351 mATX chassis (Lian Li)
    • Intel S1200BTS server motherboard (Intel)
      • 6 x SATA2 ports
        • Western Digital Green 2TB SATA hard drive (WD)
        • Crucial M4 256GB SSD (Crucial)
      • 4 x DDR3 1066/1333 MHz DIMM slots
        • 2 x DDR3 1333 MHz 4GB PC3-10600 (Crucial)
        • 2 x DDR3 1600 MHz 8GB PC3-12800 (Crucial)
      • 2 x Gigabit NICs (82574L, 82579LM)
    • Intel Xeon E3-1235 processor (Intel)
      • Quad core, 3.2 GHz
      • vPro, Hyper-Hhreading, VT-x, VT-d
      • Intel HD Graphics P3000
    • Dell PERC H700 Integrated RAID controller (Dell)
      • RAID 50: 6 x Fujitsu 73GB 15,000 RPM SAS hard drive (Fujitsu)
      • RAID 1: 2 x Western Digital Caviar Black 1TB 7,200 RPM SATA hard drive (WD)
    • 2 x AMS 2.5″ Backplane Module for HDD/SSD (Model DS-526SSBK)
    • VMware vSphere Hypervisor 5.1 (VMware)

    I did try an AMS six drive backplane module (still in a 5.25″ slot) but the Fujitsu hard drives were just too tall. Right now I have the six Fujitsu drives, the 256GB 2.5″ SSD, and the 750GB 2.5″ drive in the AMS backplanes.

    The upgrade to vSphere 5.1 was uneventful and with few improvements/enhancements worth getting excited over for a home server. vCenter 5.1 was painful.

    The upgrade to 24GB of RAM has given me a lot more freedom to try more complex virtual environments, including Microsoft Exchange, SharePoint, and SQL Server, all at home.


  • Debmon on Debian 6 (squeeze)

    I wanted to try out the latest revision of Icinga and decided that Debmon would be the fastest. I thought that, anyway, until I wasted two hours trying to get aptitude to play nice with Debmon.

    In an effort to save someone else some time, here are my notes for installing Debmon on Debian 6 (squeeze)…

    Be sure that the server timezone is set to UTC. Use dpkg-reconfigure tzdata to change it as necessary

    nano /etc/apt/sources.list

    deb http://ftp.us.debian.org/debian stable main
    deb-src http://ftp.us.debian.org/debian stable main
    deb http://ftp.debian.org/debian/ squeeze-updates main
    deb-src http://ftp.debian.org/debian/ squeeze-updates main
    deb http://security.debian.org/ squeeze/updates main
    deb-src http://security.debian.org/ squeeze/updates main
    deb http://backports.debian.org/debian-backports squeeze-backports main
    deb http://debmon.org/debmon debmon-squeeze main
    

    Command line:

    gpg --keyserver pgpkeys.mit.edu --recv-key DC0EE15A29D662D2
    gpg -a --export DC0EE15A29D662D2 | apt-key add -
    apt-get update
    apt-get upgrade
    apt-get install mysql-server
    apt-get install icinga-web icinga-phpapi icinga-web-pnp
    

    After this follow the Debmon write-up at http://debmon.org/IcingaIdoutilsIcingaWebInstallation

    For PNP, use https://wiki.icinga.org/display/howtos/Setting+up+PNP+with+Icinga#SettingupPNPwithIcinga-RRDToolandPerlBindings


  • Home Xeon Server, v2

    I have had the fortunate opportunity to overhaul my existing home server. I’ve now swapped to:

    • Chenbro ES30068 mini-ITX chassis (Newegg)
    • Lian Li PC-V351 mATX chassis (Lian Li)
    • Intel S1200KP server motherboard (Intel)
      • 2 x SATA2 ports
      • 2 x SATA3 ports
      • 2 x DDR3 1066/1333 MHz DIMMs
      • 2 x Gigabit NICs (82574L, 82579LM)
    • Intel Xeon E3-1235 processor (Intel)
      • Quad core, 3.2 GHz
      • vPro, Hyper-Hhreading, VT-x, VT-d
      • Intel HD Graphics P3000
    • Crucial Memory, 8GB kit (4GB x 2) of DDR3 1333 MHz PC3-10600 (Crucial)
    • Dell PERC H700 Integrated RAID controller (Dell)
      • RAID 5: 4 x Fujitsu 73GB 15,000 RPM SAS hard drive (Fujitsu)
      • RAID 1: 2 x Western Digital Caviar Black 1TB 7,200 RPM SATA hard drive (WD)
    • Western Digital VelociRaptor 150GB 10,000 RPM hard drive (WD)
    • Western Digital Green 2TB SATA hard drive (WD)
    • VMware vSphere Hypervisor 5.0 (VMware)

    Having upgraded to the E3-1235, I can say I am sorry I ever considered using the E3-1230 I had previously. Also adding hardware RAID with SAS drives has provided a noticeable performance increase.

    My RAID5 SAS drives provide the high speed playground I desired for most virtual machines, while the 1TB RAID1 gives me room for my file server. The 2TB WD drive is external and treated as a dedicated disk-to-disk backup destination for Acronis Backup & Recovery 11.

    Thanks to Chilly and the ESXi-Customizer I do have both NICs working. The process was painless and worth the wait not to do it manually.

    I remain very delighted with my choices and I continue to find new projects to support with this hardware.


  • Openfire 3.7.1 authenticating with an Active Directory global catalog server

    As in my previous post for 3.7.0 (link), I’ve created a patch for Openfire to authenticate against the entire global catalog. The actual changes and even the line numbers are identical:

    Index: LdapManager.java
    ===================================================================
    --- LdapManager.java    (revision 1)
    +++ LdapManager.java    (revision 2)
    @@ -622,7 +622,11 @@
                * the secure connection has been established. */
                if (!(startTlsEnabled && !sslEnabled)) {
                    env.put(Context.SECURITY_AUTHENTICATION, "simple");
    +           if (baseDN == null || baseDN.trim().isEmpty()) {
    +               env.put(Context.SECURITY_PRINCIPAL, userDN);
    +           } else {
                    env.put(Context.SECURITY_PRINCIPAL, userDN + "," + baseDN);
    +           }
                    env.put(Context.SECURITY_CREDENTIALS, password);
                } else {
                    if (followReferrals)
    

    This has been up and stable for several months now with no issues.

    To download the compiled openfire.jar, please click here.


  • Home Xeon server

    For several years I ran a Win2008 x64 home file server on an Asus Intel Atom ITX motherboard (see previous post), and then added a few Linux VMs on top of it with VMware Server. While functional, this was less than ideal for development work or any experiments I wanted to run. I was crippled by the processor’s lack of virtualization features, could only create 32-bit VMs, the web UI sucked, and more…

    In building a new server, I wanted a Xeon processor and wouldn’t take no for an answer. I also wanted all of the must-have features available from Intel (quad core, HT, VT-x, VT-d) but didn’t want to bother with a video card, so I went for the lowest processor where I could get all of these features: Xeon E3-1230. In hindsight I would have opted for the E3-1235 had I known better at the time, but more on that later.

    There was a lot of fretting over 8GB of RAM vs. 16GB, both of which were supported for this motherboard and processor. In the end, 8GB won simply due to price and for a home server I really didn’t expect to truly need more than 8GB of memory.

    I wanted to stick with my existing ITX case so I hunted a long while for a viable motherboard from a reputable manufacturer. After reading more product specifications than I care to talk about I settled on the Intel S1200KP server board. This wasn’t a 100% perfect choice for my VMware virtualization plans, but it was close. The secondary NIC (Intel 82579LM) is not yet officially supported, though there are ongoing threads with 3rd party solutions here and there. I’m also a bit disappointed at the lack of eSATA and no USB3 support.

    So, as a gift to myself, I assembled the following:

    • Chenbro ES30068 mini-ITX chassis (Newegg)
    • Intel S1200KP server motherboard (Intel)
      • 2 x SATA2 ports
      • 2 x SATA3 ports
      • 2 x DDR3 1066/1333 MHz DIMMs
      • 2 x Gigabit NICs (82574L, 82579LM)
    • Intel Xeon E3-1230 processor (Intel)
      • Quad core, 3.2 GHz
      • vPro, Hyper-Hhreading, VT-x, VT-d
    • Crucial Memory, 8GB kit (4GB x 2) of DDR3 1333 MHz PC3-10600 (Crucial)
    • Western Digital VelociRaptor 150GB 10,000 RPM hard drive (WD)
    • Western Digital Caviar Black 1TB 7,200 RPM hard drive (WD)
    • Western Digital Green 2TB hard drive (WD)
    • VMware vSphere Hypervisor 5.0 (VMware)

    While the motherboard does have a PCIe slot, the case doesn’t have any expansion slots so I was forced to build the machine and install the OS with the motherboard lying on the kitchen table with a cheap PCIe video card installed. What is important to note is that the BIOS has an option to beep when no video card is detected; with this feature disabled, the server boots quietly into VMware every time. With this feature enabled (the default), the BIOS will beep several times but will continue to boot the operating system anyway.

    Looking back, I would have opted to spend the extra money for the Xeon E3-1235 with built-in GPU just for the convenience factor of not needing to install a video card when errors occur, but that’s neither here nor there. I know the E3-1230 draws less power because there is no GPU and I’m going to keep pretending to myself that I’m saving real money every month on my electrical utility bill.

    I also would like to upgrade to a nice PCIe SSD or SATA3 600GB VelociRaptor. The hard drives included in this build are leftovers from previous systems and not my choice picks, but the price was impeccable.

    So far though things are working well and I’m able to run everything I [reasonably] want to run. If I were to include Microsoft Exchange or some other individually very heavy application I think I would be in trouble with only 8GB.

    Further reading on this project: Article updated 2012-05-02


  • Use of Snort in conjunction with your head end router

    Following repeated reports of inappropriate intranet port scans, we implemented a vanilla installation of Snort. To be honest, I needed to change out my adult diaper after looking at the raw, unfiltered data.

    As some background, we’ve installed Snort on a rather old HP DL180 G1 with 4GB of RAM and a pair of dual core processors. And to be fair, directing the network traffic of 350+ machines at a five year old server may not have been the kindest thing I’ve done in a while, but it did hold the load.

    After building rudimentary filters in BASE (Basic Analysis and Security Engine) and analyzing less than 24 hours worth of data, I was able to easily pick out a dozen workstations and a server that needed immediate attention from the IT team. I am looking forward to integrating Snort with iTop for a more complete network management solution, and hopefully I have more to share on this topic soon.


  • GeoRSS + user presence data + Google Maps API = killer app?

    Alright, so, I have:

    Where is the killer app with this data?


  • Manual boost controller woes with the Mazdaspeed 6

    In my few months’ experience, Mazda’s ECU is very sensitive to building boost rapidly, something my manual boost controller does all too well.

    Summer time performance was acceptable and proved to be an overall net gain of horsepower, but once the snow flew I had nothing but misery as I turned the boost farther and farther down. To alleviate my suffering, I purchased a Cobb AccessPort to reprogram the ECU and viola my life was better.

    I’m now running with the stock boost control system with the Cobb AP in charge and loving it.


  • Openfire 3.7.0 authenticating with an Active Directory global catalog server

    After more time than I care to admit, I have figured out what exactly is required to get my Openfire 3.7.0 instance to authenticate and pull users from a full Active Directory domain forest.

    • company.local
      • northamerica.company.local
      • europe.company.local
      • asiapacific.company.local

    I pointed Openfire at a domain controller in company.local with the global catalog server role and made the following changes to LdapManager:

    Index: LdapManager.java
    ===================================================================
    --- LdapManager.java  (revision 2)
    +++ LdapManager.java  (revision 3)
    @@ -622,7 +622,11 @@
    				* the secure connection has been established. */
    				if (!(startTlsEnabled && !sslEnabled)) {
    					env.put(Context.SECURITY_AUTHENTICATION, "simple");
    -					env.put(Context.SECURITY_PRINCIPAL, userDN + "," + baseDN);
    +					if (baseDN == null || baseDN.trim().isEmpty()) {
    +						env.put(Context.SECURITY_PRINCIPAL, userDN);
    +					} else {
    +						env.put(Context.SECURITY_PRINCIPAL, userDN + "," + baseDN);
    +					}
    					env.put(Context.SECURITY_CREDENTIALS, password);
    				} else {
    					if (followReferrals)
    

    System properties:

    • ldap.adminDN = openfire@company.local
    • ldap.autoFollowAliasReferrals = false
    • ldap.autoFollowReferrals = false
    • ldap.baseDN =
    • ldap.encloseDN = true
    • ldap.host = 10.0.0.10
    • ldap.port = 3268
    • xmpp.domain = company.local

    Please note that a global catalog server communicates on TWO different ports:

       389:  global catalog server responds as a domain controller in its natural domain
       3268: global catalog server responds as a global catalog server

    While this is in place and working, it requires that the ldap.basedn variable be set to blank or null, a situation the installer is not impressed with.

    Now, PLEASE NOTE that this will still not pass the tests during the installation phase. I installed Openfire 3.7.0 using the global catalog server’s domain, got it all working on that singular domain, and then performed the above patch.

    I hope this is useful to someone in the future.