Archive for the ‘IT’ Category

Terminal Server: Exceeding the Connection Limit

How often have you run into the max-connection limit on your servers because you or other admins have left disconnected sessions logged in? Too often !

“The terminal server has exceeded the maximum number of allowed connections”

Terminal Server Warning

Terminal Server Woes

Terminal services allows up to 2 simultaneous connections for administrative purposes; but counts disconnected / inactive sessions towards this limit. Forgetting to log off; can essentially lock you and other admins out. Luckily session zero (console) doesn’t count towards this limit.

While connecting directly to the console often alleviates this problem, what happens when someone has commited the sin of leaving a session connected to the console (session 0).  Keyboard, Mouse and LCD?

Here’s a little work around I came across on the technobuff blog;

  • Open a command prompt and run the following;

query session /server:SERVERNAME
  • Record the ID of the session you want to terminate and run the following command

reset session [ID] /server:SERVERNAME

Sophos – Jumping through hoops !

Testing the new version of Sophos in a lab environment leads me to some interesting facts;

Enterprise console – the management back office of “Sophos Endpoint Security and Data Protection” does not currently support Windows Server 2008 R2 (release 2 available from October)

Remote deployment doesn’t work on Windows Vista or Windows 7 unless you take a variety of steps including running the remote registry service (+ setting to automatic start), modifying the local security policy disabling UAC for admins, opening various ports or just disabling the windows firewall in frustration, enabling file and printer sharing. Remote deploy on fully updated XP machines can also be problematic.

The client firewall doesn’t support servers (obviously) or 64 bit workstations (you what?) - including the 64 bit variants of XP, Vista and Windows 7! Though you’ll be pleased to know that 64 machines are supported if they run a 32 bit OS.

Come on Sophos adapt ! This isn’t 2003 anymore!

VMware VMFS Volume Size – Finding the Sweetspot

Reading a knowledge base post on the equallogics site I gleaned the following variables in relation to ESX that will have a factor on deciding VMFS volume size;

  1. ESX has a limit of 64 targets (volumes) per host
    • This is important in a HA / DRS environment where each host in the cluster must have access to all volumes even if the guest is currently running on another host.
    • Hence keeping volume counts down will improve scalability of the cluster
  2. ESX has a maximum queue length per target of 32 IO’s -
    • Thus more volumes means less pausing of IO opperations
  3. Certain Opperations (Start/Stop VM / Snapshot / vMotion) Require exclusive access to volume
    • Thus for a short period of time other vm’s IO is paused -
    • the more VM’s per volume the more this will impact performance
  4. VI 3.5 didn’t support MPIO so more volumes increased throughput
    • Does this matter anymore with MPIO in ESX 4? and multiple sessions per host taking advantage of all paths to the target.
  5. Don’t forget to account for snapshots in your volume size
    • vmware snapshots grow very quickly as they are an on-write copy delta of both the vm memory and it’s virtual hard disk.

ESX & SSH – Enable Remote Login

ESX ships with SSH enabled by default – so it may come as a surprise that it’s not actually possible to login from a remote station out of the box :o To enable remote logins we need to make a change to the ssh daemon config file, and restart the ssh service.

Why would you want to do this? Well chances are you already use DRAC or iLO for quick access to the service console on your esx box and chances are you’ve already got annoyed by the limited view screen space when comparing vswitch, port group and pnic configs.

#Move Context to the SSH Config Directory
[root@yourbox ]#
cd /etc/ssh

#Make a backup of the config file :)
[root@yourbox ]#cp sshd_config sshd_config.bkup

#Use sed to substitute the config string no with yes
[root@yourbox ]#
sed ‘s/PermitRootLogin no/PermitRootLogin yes/’ sshd_config > sshd_config

#Restart SSH so it picks up the config change
[root@yourbox]#
service sshd restart

sed is a very flexible stream editor but I mainly use it for substituting strings; more info on sed can be found on the oracle site

You might want to switch remote logins off when you’re not using SSH.

Autodesk Licensing Smicensing

In the age of DRM and Securerom in the consumer world it seems the only people being inconvenienced by licensing platforms are the genuine customers who are forking out for the licensed product. After all the torrenters of this world simply run keygens or cracked exe’s – and never worry about it again.

It should then come as no surprise that the same is true for the corporate world. At Splash Damage we have committed many hours to dealing with Autodesk, so much so that it almost becomes significant when considering staffing levels :)

Autodesk use a system called flexlm (formerly macrovision now acresso soft.) to handle their content protection for both the single user environment and network licencing type deployments.

The Pitfalls of Node Locked Licensing

In this case a license key is generated for a specific machine, and can only be used on that machine. Should that machine breakdown, be upgraded or replaced you need to fill in a “Software Removal” form and fax it back to Autodesk EMEA reading something along the lines of “I do solemnly swear that I uninstalled the software”. After which they will generate a key file for the new machine. 

This isn’t an automated process in fact it’s very hands on and involves sending multiple emails and making multiple calls while struggling to make your self understood and even worse struggling to understand the babelfish style responses you receive.

Vista 64 Caveat (isn’t there always)

The node locked license is actually a network license where there is a single seat, and the license server runs on the same machine. This presents problems as the license server service is not a compatible Vista 64 bit service -  FUN !

Network Licences and Support Contracts

Network licencing offers just as much entertainment if you choose to take out either standard or gold subscription or happen to purchase your licences at different time.

  • Autodesk will not merge licences that have different support contract end dates (fair enough)
  • Autodesk will not merge contracts that have different support levels (gold/standard)
  • Autodesk will not activate more than one license for the same product on the same server (despite flexlm supporting multiple services /ports)

So if you have two contract one for 20 licences and one for 10 you are forced to run two license servers on two difference machines and modify the end users license files to point to one or the other. This presents considerable overhead in terms of maintaining lists of which users are assigned to which network licences – and prevents you from taking advantage of a 30 seat pool across the whole company diminishing the value of the network license (for which you paid extra).

It’s east to get annoyed by this kind of hassle when I’m spending £10 on an Album or £40 on a game – but when your spending £3/4000 you expect a more efficient licensing experience. Well at least the vendors are willing to assist and often it is them who navigate the minefield that is Autodesks Licensing support and thank the flying spaghetti monster for temp licences !!

Return top