I came across an issue after adding too many network interfaces to an ESXi server where the network interface started getting high packet loss. I found error messages similar to the following in the vmkernel log:
2014-01-29T16:14:48.355Z cpu7:8768)MSI: 541: Couldn't allocate a vector number 0 for device 00:01:00.0
The first part approximates the number of whole weeks with a margin of error of maybe adding an extra week
The second part adjusts for the remaining days, and corrects the first part if it adds an extra week.
SELECT (FLOOR((datediff(day, @Start, @End) - DATEPART(dw, @End) + DATEPART(dw, @Start)) / 7) * 5) + (DATEPART(dw, @End) - DATEPART(dw, @Start) + 1 + CASE WHEN DATEPART(dw, @Start) = 1 THEN -1 ELSE 0 END + CASE WHEN DATEPART(dw, @End) = 7 THEN -1 ELSE 0 END)
the following powershell can be used to find all VSS scheduled tasks and alter the minutes to a random value.
$TaskService = new-object -comobject "Schedule.Service"
$TaskService.Connect()
$Folder = $TaskService.GetFolder("\")
$Task = $folder.GetTasks(0) | where {$_.Name.StartsWith("ShadowCopyVolume")}
if($Task.GetType().BaseType.Name -eq "Array") {
exit 1
}
$SetMinute=Get-Random -Minimum 1 -Maximum 59
$TaskDef=$Task.Definition
When using IPSEC, I prefer to use tunnel interfaces so you can route traffic normally across the tunnel and use BGP/OSPF to transfer routes between sites. I managed to get this working from Linux to Cisco as follows, with redundant DSL connections (yuo can adjust to suit your environment):
On the Cisco router:
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
lifetime 3600
crypto isakmp key Pre-Shared-Key address Linux-IP-Address no-xauth
I have been looking after QoS settings on a site using a Cisco router for a number of years, and had issues with it not doing what I expected. The design was to use a hierarchy to guarantee bandwidth to certain classes of traffic, but allow all traffic to use the full bandwidth if other classes did not need theirs. I discovered that you need to apply the service-policy to the ATM PVC (for a DSL WIC) in order for it to work as expected, and NOT to the dialer interface. The config I used is below:
Before you begin:
Like any storage device, disk configuration is a factor, including:
• Disk speed (SSD/15k/10k/7200)
• RAID Level
• Write-back cache (Hardware RAID with BBU, Linux bcache, EMC FAST cache)
• Memory for read cache
In addition for the above, dedup appliances need RAM to store the contents of the hash. For SDFS the rule is:
• (volume size / chunk size) * 25. This equated to 256MB per TB for a 128k chunk size, and 8GB per TB for a 4k chunk size.
• You also need CPU to process the data
I recently had to set up CRM 2011 with ADFS and had some issues with authentication. The key things I would like to note are:
1 - The URL for ADFS can be anything as long as the SSL certificate used on the web site matches the hostname
2 - In order to authenticate on the internal CRM URL, the client must not hit the ADFS proxy.
3 - In order to be able to visit the site externally, the user must visit hostname.crm.domain.name
To add a domain to an IE zone using GPO for all users on a computer without locking the settings, you can do the following:
Open the GPO that you are adding the setting to. The GPO needs to apply Machine Settings to the machines in question
Run the following command to change a windows domain controller to use NTP:
w32tm /config /manualpeerlist:"server1 server2 server3" /reliable:yes /syncfromflags:manual /update
To start with you must export your certificate with the full intermediate chain path into a pfx file. You then run the following commands to copy the certificate and key into the java keystore.
The first command removes the existing certificate, the second one (with command output) will show the certificate alias within the pfx file. The third one will copy the key into the ahsay keystore. You will need to restart ahsay to get it to start using the new certificate and key.