Thread of PC Woes, Troubles, Problems, and Issues

[BeoTeK]

Having an issue on one of our AD servers.



The virtual disk is showing it had bad blocks. Now afaik I have replaced the problematic drive and these bad blocks are resident due to the problem drive. Now, can I run the "Clear bad blocks" command without compromising data?



I have tried to run a Patrol Read but that just seems to hang, along with a Consistency Check. Is this indicative of more drive related problems?

 

[PsychoFish]

Potentially, are the disks local to your ESX host or on a SAN?

 

[BeoTeK]

Potentially, are the disks local to your ESX host or on a SAN?

localised.

 

[PsychoFish]

Check your RAID controller on the host

 

[BeoTeK]

Check your RAID controller on the host

Yeah, my thinking is it's controller related. I'll have to bounce the machine to check at POST. Don't think the OMSA is able to display this?!

 

[BeoTeK]

Here is the hierarchy of the array...

 

[Nimatek]

Phone dell support to let them go through the logs. If the controller picked up the change in disk and then updated the raid config as it appears to have been done in the physical disks, it should have fixed the issue already.

They may ask you to reseat the disk, but before doing ANY of that, ENSURE your backups are up to date!!!

 

[BeoTeK]

[MENTION=2883]Nimatek[/MENTION]
Dunno if i'll be abale to, with thr R510 being EOL.

Edit: Also, bare metal backup fails every time due to some generic error: incorrect function

 

[PsychoFish]

[MENTION=2883]Nimatek[/MENTION]
Dunno if i'll be abale to, with thr R510 being EOL.

Edit: Also, bare metal backup fails every time due to some generic error: incorrect function

It's End of Sale, End of Support is still a couple of years away.

 

[Nimatek]

[MENTION=2883]Nimatek[/MENTION]
Dunno if i'll be abale to, with thr R510 being EOL.

Edit: Also, bare metal backup fails every time due to some generic error: incorrect function

It's End of Sale, End of Support is still a couple of years away.

Yup as the Fish sais, you still have support on the system and that card is still used by MANY people

The backup failing is a worry, what software are you using for backups ?

Also which disk did you replace, 0 or 1 ?

Dell support info here : http://en.community.dell.com/support-forums/servers/f/906/t/19603515
Looks like it could just be rebuild process that marked a few blocks, but this can be due to sync issues. Have you installed the Dell server management software somewhere so that you can connect to the logs yet ?

 

[BeoTeK]

[MENTION=2883]Nimatek[/MENTION]
Standard Windows Server Backup, just to create a full metal backup.

If memory serves it was the second disk in the array, that would be 1.
Yes I have pulled the logs and gone through them, the patrol reads don't show anything alarming and there's doesn't seem to be anything of concern.

 

[Nimatek]

Wait, are you running Windows Backup from inside the virtual to an external destination ?????

 

[BeoTeK]

[MENTION=6600]PsychoFish[/MENTION]
Any thoughts on IPFire?

 

[PsychoFish]

[MENTION=6600]PsychoFish[/MENTION]
Any thoughts on IPFire?

Depends on the use case. My list of preference in respects to firewalls are :

- Cisco ASA
- PF/NPF
- IPFilter
- Netfilter/IPtables
- ipfirewall
- IPfire
- IPCop
- pfsense
- Sidewinder
- smoothwall
- Cisco PIX

IPFire is nice and has a massive user base, etc. However it's complete overkill for SOHO use. SO use IPF or IPtables work perfectly fine WITHOUT the need to install anything extra on your BSD/Linux box.

Less things to install & configure= less things to get wrong = more secure host with smaller attack vector

 

[BeoTeK]

I've just been told that I must download it and play with it in order to get familiar with it, as that is what we are now using.

 

[PsychoFish]

Oh the joys. I'd suggest you setup a little test environment or if you have a spare PC at home, set it up on there and try using it as a firewall.

They're probably leaning towards it as it has a web interface for configuration, which is nice, but a complete waste of system resources IMHO.

To setup a basic firewall using iptables in under 5minutes:

iptables --flush
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT DROP
iptables -A INPUT -i eth0 -p tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o eth0 -p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o eth0 -p tcp --sport 80 -m state --state ESTABLISHED -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o eth0 -p tcp --sport 443 -m state --state ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o eth0 -p tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o eth0 -p tcp --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --sport 443 -m state --state ESTABLISHED -j ACCEPT
iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
iptables -A OUTPUT -p icmp --icmp-type echo-reply -j ACCEPT
iptables -A OUTPUT -p icmp --icmp-type echo-request -j ACCEPT
iptables -A INPUT -p icmp --icmp-type echo-reply -j ACCEPT
iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT
iptables -A OUTPUT -p udp -o eth0 --dport 53 -j ACCEPT
iptables -A INPUT -p udp -i eth0 --sport 53 -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -m limit --limit 25/minute --limit-burst 100 -j ACCEPT
iptables -N LOGGING
iptables -A INPUT -j LOGGING
iptables -A LOGGING -m limit --limit 2/min -j LOG --log-prefix "IPTables Packet Dropped: " --log-level 7
iptables -A LOGGING -j DROP

 

[BeoTeK]

Oh the joys. I'd suggest you setup a little test environment or if you have a spare PC at home, set it up on there and try using it as a firewall.

They're probably leaning towards it as it has a web interface for configuration, which is nice, but a complete waste of system resources IMHO.

To setup a basic firewall using iptables in under 5minutes:

iptables --flush
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT DROP
iptables -A INPUT -i eth0 -p tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o eth0 -p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o eth0 -p tcp --sport 80 -m state --state ESTABLISHED -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o eth0 -p tcp --sport 443 -m state --state ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o eth0 -p tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o eth0 -p tcp --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --sport 443 -m state --state ESTABLISHED -j ACCEPT
iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
iptables -A OUTPUT -p icmp --icmp-type echo-reply -j ACCEPT
iptables -A OUTPUT -p icmp --icmp-type echo-request -j ACCEPT
iptables -A INPUT -p icmp --icmp-type echo-reply -j ACCEPT
iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT
iptables -A OUTPUT -p udp -o eth0 --dport 53 -j ACCEPT
iptables -A INPUT -p udp -i eth0 --sport 53 -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -m limit --limit 25/minute --limit-burst 100 -j ACCEPT
iptables -N LOGGING
iptables -A INPUT -j LOGGING
iptables -A LOGGING -m limit --limit 2/min -j LOG --log-prefix "IPTables Packet Dropped: " --log-level 7
iptables -A LOGGING -j DROP

Funny you should mention that, they've utilized an entire R510 for this afaik. Unfortunately with them being in CT what they do with what is kinda out of my hands. Frustrates me really...

 

[PsychoFish]

To go though my list

- Cisco ASA - No GUI (GUI is installed on a separate server and can be used to manage multiple ASAs)
- PF/NPF - GUI, what is that?
- IPFilter - GUIs are for Linux/Windows users
- Netfilter/IPtables - with and X-windows system installed you do have a GUI, but you really don't need it
- ipfirewall - HAHHAAHHAHAA
- IPfire - Web GUI only
- IPCop - Web GUI only
- pfsense - Web GUI yet again
- Sidewinder - It's a McSucky product, hence it has a sucky GUI
- smoothwall - Yet another web GUI
- Cisco PIX - CLI

 

[PsychoFish]

Also keep in mind that the IPfire (as with most of the Linux/BSD based packages with a web frontend) is Apache based. When a vulnerability is picked up on Apache suddenly your firewall is vulnerable, and vulnerable on the web interface that manages your firewall, i.e. a crafty h4x0r just got given basically a skeleton key to everything you're trying to protect (best case). Worst case he/she deletes all your rules and replaces it with a "drop in all on all, drop out all on all" type rule scheme.

 

[Apollo]

Whats the recommended brand when it comes to RAM? I would like to upgrade my wife's rig a bit but its still using 2 x 2GB Mushkins. There are still 2 open slots on the board so i figured i would upgrade it with another 2 x 4GB dimms.