Search

Ads

Thursday, August 21, 2014

Setting Up DNS Server On CentOS 7


DNS, stands for Domain Name System, translates hostnames or URLs into IP addresses. For example, if we type www.unixmen.com in browser, the DNS server translates the domain name into its associated ip address. Since the IP addresses are hard to remember all time, DNS servers are used to translate the hostnames like www.unixmen.com to 173.xxx.xx.xxx. So it makes easy to remember the domain names instead of its IP address.
This detailed tutorial will help you to set up a local DNS server on your CentOS 7 system. However, the steps are applicable for setting up DNS server on RHEL and Scientific Linux 7 too.

DNS Server Installation

Scenario

For the purpose of this tutorial, I will be using three nodes. One will be acting as Master DNS server, the second system will be acting as Secondary DNS, and the third will be our DNS client. Here are my three systems details.

Primary (Master) DNS Server Details:

Operating System     : CentOS 7 minimal server
Hostname             : masterdns.unixmen.local
IP Address           : 192.168.1.101/24

Secondary (Slave) DNS Server Details:

Operating System     : CentOS 7 minimal server
Hostname             : secondarydns.unixmen.local
IP Address           : 192.168.1.102/24

Client Details:

Operating System     : CentOS 6.5 Desktop  
Hostname             : client.unixmen.local
IP Address           : 192.168.1.103/24

Setup Primary (Master) DNS Server

Install bind9 packages on your server.
yum install bind bind-utils -y

1. Configure DNS Server

Edit ‘/etc/named.conf’ file.
vi /etc/named.conf
Add the lines as shown in bold:
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//

options {
    listen-on port 53 { 127.0.0.1; 192.168.1.101;}; ### Master DNS IP ###
#    listen-on-v6 port 53 { ::1; };
    directory     "/var/named";
    dump-file     "/var/named/data/cache_dump.db";
    statistics-file "/var/named/data/named_stats.txt";
    memstatistics-file "/var/named/data/named_mem_stats.txt";
    allow-query     { localhost; 192.168.1.0/24;}; ### IP Range ###
    allow-transfer{ localhost; 192.168.1.102; };   ### Slave DNS IP ###

    /* 
     - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
     - If you are building a RECURSIVE (caching) DNS server, you need to enable 
       recursion. 
     - If your recursive DNS server has a public IP address, you MUST enable access 
       control to limit queries to your legitimate users. Failing to do so will
       cause your server to become part of large scale DNS amplification 
       attacks. Implementing BCP38 within your network would greatly
       reduce such attack surface 
    */
    recursion yes;

    dnssec-enable yes;
    dnssec-validation yes;
    dnssec-lookaside auto;

    /* Path to ISC DLV key */
    bindkeys-file "/etc/named.iscdlv.key";

    managed-keys-directory "/var/named/dynamic";

    pid-file "/run/named/named.pid";
    session-keyfile "/run/named/session.key";
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
    type hint;
    file "named.ca";
};

zone "unixmen.local" IN {
type master;
file "forward.unixmen";
allow-update { none; };
};
zone "1.168.192.in-addr.arpa" IN {
type master;
file "reverse.unixmen";
allow-update { none; };
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

2. Create Zone files

Create forward and reverse zone files which we mentioned in the ‘/etc/named.conf’ file.

2.1 Create Forward Zone

Create forward.unixmen file in the ‘/var/named’ directory.
vi /var/named/forward.unixmen
Add the following lines:
$TTL 86400
@   IN  SOA     masterdns.unixmen.local. root.unixmen.local. (
        2011071001  ;Serial
        3600        ;Refresh
        1800        ;Retry
        604800      ;Expire
        86400       ;Minimum TTL
)
@       IN  NS          masterdns.unixmen.local.
@       IN  NS          secondarydns.unixmen.local.
@       IN  A           192.168.1.101
@       IN  A           192.168.1.102
@       IN  A           192.168.1.103
masterdns       IN  A   192.168.1.101
secondarydns    IN  A   192.168.1.102
client          IN  A   192.168.1.103

2.2 Create Reverse Zone

Create reverse.unixmen file in the ‘/var/named’ directory.
vi /var/named/reverse.unixmen
Add the following lines:
$TTL 86400
@   IN  SOA     masterdns.unixmen.local. root.unixmen.local. (
        2011071001  ;Serial
        3600        ;Refresh
        1800        ;Retry
        604800      ;Expire
        86400       ;Minimum TTL
)
@       IN  NS          masterdns.unixmen.local.
@       IN  NS          secondarydns.unixmen.local.
@       IN  PTR         unixmen.local.
masterdns       IN  A   192.168.1.101
secondarydns    IN  A   192.168.1.102
client          IN  A   192.168.1.103
101     IN  PTR         masterdns.unixmen.local.
102     IN  PTR         secondarydns.unixmen.local.
103     IN  PTR         client.unixmen.local.

3. Start the DNS service

Enable and start DNS service:
systemctl enable named
systemctl start named

4. Firewall Configuration

We must allow the DNS service default port 53 through firewall.
firewall-cmd --permanent --add-port=53/tcp

5. Restart Firewall

firewall-cmd --reload

6. Configuring Permissions, Ownership, and SELinux

Run the following commands one by one:
chgrp named -R /var/named
chown -v root:named /etc/named.conf
restorecon -rv /var/named
restorecon /etc/named.conf

7. Test DNS configuration and zone files for any syntax errors

Check DNS default configuration file:
named-checkconf /etc/named.conf
If it returns nothing, your configuration file is valid.
Check Forward zone:
named-checkzone unixmen.local /var/named/forward.unixmen
Sample output:
zone unixmen.local/IN: loaded serial 2011071001
OK
Check reverse zone:
named-checkzone unixmen.local /var/named/reverse.unixmen 
Sample Output:
zone unixmen.local/IN: loaded serial 2011071001
OK
Add the DNS Server details in your network interface config file.
vi /etc/sysconfig/network-scripts/ifcfg-enp0s3
TYPE="Ethernet"
BOOTPROTO="none"
DEFROUTE="yes"
IPV4_FAILURE_FATAL="no"
IPV6INIT="yes"
IPV6_AUTOCONF="yes"
IPV6_DEFROUTE="yes"
IPV6_FAILURE_FATAL="no"
NAME="enp0s3"
UUID="5d0428b3-6af2-4f6b-9fe3-4250cd839efa"
ONBOOT="yes"
HWADDR="08:00:27:19:68:73"
IPADDR0="192.168.1.101"
PREFIX0="24"
GATEWAY0="192.168.1.1"
DNS="192.168.1.101"
IPV6_PEERDNS="yes"
IPV6_PEERROUTES="yes"
Edit file /etc/resolv.conf,
vi /etc/resolv.conf
Add the name server ip address:
nameserver      192.168.1.101
Save and close the file.
Restart network service:
systemctl restart network

8. Test DNS Server

dig masterdns.unixmen.local
Sample Output:
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> masterdns.unixmen.local
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- 0="" 125="" 16:20:46="" 192.168.1.101="" 1="" 2014="" 20="" 25179="" 2="" 4096="" 86400="" aa="" additional:="" additional="" answer:="" answer="" aug="" authority:="" authority="" edns:="" flags:="" id:="" in="" ist="" masterdns.unixmen.local.="" msec="" msg="" nbsp="" noerror="" opcode:="" opt="" pseudosection:="" qr="" query:="" query="" question="" ra="" rcvd:="" rd="" secondarydns.unixmen.local.="" section:="" server:="" size="" span="" status:="" time:="" udp:="" unixmen.local.="" version:="" wed="" when:="">
nslookup unixmen.local
Sample Output:
Server:        192.168.1.101
Address:    192.168.1.101#53

Name:    unixmen.local
Address: 192.168.1.103
Name:    unixmen.local
Address: 192.168.1.101
Name:    unixmen.local
Address: 192.168.1.102
Now the Primary DNS server is ready to use.
It is time to configure our Secondary DNS server.

Setup Secondary(Slave) DNS Server

Install bind packages using the following command:
yum install bind bind-utils -y

1. Configure Slave DNS Server

Edit file ‘/etc/named.conf’:
vi /etc/named.conf
Make the changes as shown in bold.
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port 53 { 127.0.0.1; 192.168.1.102; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query     { localhost; 192.168.1.0/24; };
.
.
.
.
zone "." IN {
type hint;
file "named.ca";
};
zone "unixmen.local" IN {
type slave;
file "slaves/unixmen.fwd";
masters { 192.168.1.101; };
};
zone "1.168.192.in-addr.arpa" IN {
type slave;
file "slaves/unixmen.rev";
masters { 192.168.1.101; };
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

2. Start the DNS Service

systemctl enable named
systemctl start named
Now the forward and reverse zones are automatically replicated from Master DNS server to ‘/var/named/slaves/’ in Secondary DNS server.
ls /var/named/slaves/
Sample Output:
unixmen.fwd  unixmen.rev

3. Add the DNS Server details

Add the DNS Server details in your network interface config file.
vi /etc/sysconfig/network-scripts/ifcfg-enp0s3
TYPE="Ethernet"
BOOTPROTO="none"
DEFROUTE="yes"
IPV4_FAILURE_FATAL="no"
IPV6INIT="yes"
IPV6_AUTOCONF="yes"
IPV6_DEFROUTE="yes"
IPV6_FAILURE_FATAL="no"
NAME="enp0s3"
UUID="5d0428b3-6af2-4f6b-9fe3-4250cd839efa"
ONBOOT="yes"
HWADDR="08:00:27:19:68:73"
IPADDR0="192.168.1.102"
PREFIX0="24"
GATEWAY0="192.168.1.1"
DNS1="192.168.1.101"
DNS2="192.168.1.102"
IPV6_PEERDNS="yes"
IPV6_PEERROUTES="yes"
Edit file /etc/resolv.conf,
vi /etc/resolv.conf
Add the name server ip address:
nameserver      192.168.1.101
nameserver      192.168.1.102
Save and close the file.
Restart network service:
systemctl restart network

4. Firewall Configuration

We must allow the DNS service default port 53 through firewall.
firewall-cmd --permanent --add-port=53/tcp

5. Restart Firewall

firewall-cmd --reload

6. Configuring Permissions, Ownership, and SELinux

chgrp named -R /var/named
chown -v root:named /etc/named.conf
restorecon -rv /var/named
restorecon /etc/named.conf

7. Test DNS Server

dig masterdns.unixmen.local
Sample Output:
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> masterdns.unixmen.local
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- 0="" 125="" 17:04:30="" 18204="" 192.168.1.102="" 1="" 2014="" 20="" 2="" 4096="" 86400="" aa="" additional:="" additional="" answer:="" answer="" aug="" authority:="" authority="" edns:="" flags:="" id:="" in="" ist="" masterdns.unixmen.local.="" msec="" msg="" nbsp="" noerror="" opcode:="" opt="" pseudosection:="" qr="" query:="" query="" question="" ra="" rcvd:="" rd="" secondarydns.unixmen.local.="" section:="" server:="" size="" span="" status:="" time:="" udp:="" unixmen.local.="" version:="" wed="" when:="">
dig secondarydns.unixmen.local
Sample Output:
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> secondarydns.unixmen.local
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- 0="" 125="" 17:05:50="" 192.168.1.102="" 1="" 2014="" 20="" 2="" 4096="" 60819="" 86400="" aa="" additional:="" additional="" answer:="" answer="" aug="" authority:="" authority="" edns:="" flags:="" id:="" in="" ist="" masterdns.unixmen.local.="" msec="" msg="" nbsp="" noerror="" opcode:="" opt="" pseudosection:="" qr="" query:="" query="" question="" ra="" rcvd:="" rd="" secondarydns.unixmen.local.="" section:="" server:="" size="" span="" status:="" time:="" udp:="" unixmen.local.="" version:="" wed="" when:="">
nslookup unixmen.local
Sample Output:
Server:        192.168.1.102
Address:    192.168.1.102#53

Name:    unixmen.local
Address: 192.168.1.101
Name:    unixmen.local
Address: 192.168.1.103
Name:    unixmen.local
Address: 192.168.1.102

Client Side Configuration

Add the DNS server details in ‘/etc/resolv.conf’ file in all client systems
vi /etc/resolv.conf
# Generated by NetworkManager
search unixmen.local
nameserver 192.168.1.101
nameserver 192.168.1.102
Restart network service or reboot the system.

Test DNS Server

Now, you can test the DNS server using any one of the following commands:
dig masterdns.unixmen.local
dig secondarydns.unixmen.local
dig client.unixmen.local
nslookup unixmen.local
That’s all about now. The primary and secondary DNS servers are ready to use.
Cheers!
For questions please refer to our Q/A forum at : http://ask.unixmen.com/

Saturday, August 2, 2014

9 Tips for Longer Laptop Battery Life

9 Tips for Longer Laptop Battery Life

Follow these steps to squeeze the most juice out of your laptop's battery.
9 Tips for Longer Laptop Battery Life

Contents

We've all been there. You're in a meeting, or on the road, or in a classroom, and you find, to your horror, that your laptop is nearly dead. Maybe you forgot your power adapter, maybe there isn't an available outlet. For whatever reason, your battery power is dwindling, and you still have stuff to get done. Hope is not lost, however. There are some things you can do to buy more time on that almost-dead battery so you can meet a deadline or respond to an important email before it's too late.
Some of these techniques are for when you need to stretch your battery at that very moment, while others are preventative measures, best implemented before your battery life comes up short. There is some of overlap between the short- and long-term strategies we'll outline below, but even when the actions are the same, the reasons behind it may be different.
Short-Term Battery-Stretching Strategies
If you're in a tough spot right now, there are things you can do to extend the battery life immediately. None of these actions will actually increase the amount of power left in the battery, but instead will reduce the amount of power the laptop is using, letting you squeeze in a few more precious minutes before the battery goes kaput. The name of the game in these instances is power consumption, and you need to reduce yours to as little as possible.
1. Activate Your Laptop's Battery Saver Mode or Eco Mode
Designed with these sorts of circumstances in mind, most Battery-Saver or Eco modes will engage a number of automatic changes to lengthen usable battery life—many of the same changes we'll be making here. This saved profile will adjust your laptop's settings and shift components into low-power states to help you ration your remaining juice a bit longer.
Once you've turned on the automatic battery-saver tool, there are still plenty of steps to take to eke out even better efficiency. This is done by turning off unnecessary devices, adjusting settings to reduce power consumption, shutting down unwanted apps and processes, and adjusting your activities to use less power.
2. Disable Unused Devices and Ports
The easiest way to reduce power consumption is to simply turn stuff off. Every component in your laptop needs power to function, but that doesn't mean you need to power all of those components all the time. Start by disconnecting any unneeded peripherals (like a USB mouse or external drive) and turning off the biggest power hogs, like Wi-Fi and Bluetooth radios, graphics processors, and unused optical drives.
WARNING: Before disabling any component or device, stop and make sure that this device is not in use, and that it is not essential to continuing operation of the laptop. For example, you DO NOT want to disable the hard drive that houses the operating system, or the processor the runs the entire laptop. Only disable those devices you are comfortable turning off.
To disable unused devices on a Windows system, open up your system's Control Panel and find the Device Manager. In the Device Manager, individual components are grouped by category. For example, Network Adapters will often include both the LAN adapter, which provides Ethernet connectivity, and Wi-Fi, for wireless networking.
9 Tips for Longer Laptop Battery Life
The four standard candidates for saving power are the graphics card (found under Display Adapters), the optical drive (found under DVD/CD-ROM Drives), and the Ethernet and Wi-Fi adapters (under Network Adapters). Find the device you want to shut down within the relevant category. Right click on the device name, and select "Disable" from the drop down menu.
While you're in the Device Manager, you can also turn off any unused ports. Just like an extension cord left plugged into an outlet, these unused plugs still have power going through them, and losing some in the process. The actual impact on battery life will be minimal, but if you need to eke out another minute or two of life, this will help. Take a quick glance at your ports, and turn off anything that's not being used, like USB ports with nothing connected to them.
While you can disable USB ports on a Mac using the terminal program, it's something that IT administrators would use to lock down Macs for security purposes. We don't recommend doing it as an end user because it may make your system act up. You can, however, disable Bluetooth and Wi-Fi from the Menu bar at the top of the screen.
3. Adjust Your Settings
While you'll still have to use the display and the keyboard, you can adjust the settings for each to reduce power consumption. One often overlooked power drain is keyboard backlighting. Unless you're in the dark, and need the backlight just to make out each key, turn the backlight off entirely. You can typically assign a hotkey for this function.
The next power drain is your screen. While you need to keep the up and running to use the laptop, you don't necessarily need it running at 100-percent brightness or full resolution. Many laptops will have hotkeys for increasing and decreasing the screen brightness, but if not, it can be adjusted in the control panel. Reducing the display to 50 percent when you're running on battery power can add a significant amount of time.
Additionally, if you're simply typing up a document, you don't need all of the detail offered by a 1080p or higher display. Dialing down the screen resolution to a basic 1,366-by-768 resolution or lower reduces the amount of power used in graphics processing without negatively impacting your ability to work, letting your laptop a bit longer than at full resolution.
Finally, turn off or turn down the sound. If you need to hear, drop the sound down as low as you can, and consider switching from the laptop's larger speakers to a set of tiny earbuds to get the audio piped right to your ears. Whenever possible, just mute the laptop altogether. That way, the speakers won't be getting any power, and you'll buy yourself some more precious time.
4. Turn Off Apps and Processes
It's not just the hardware that's stealing your battery juice. Multiple apps and processes running on your system will also chew through battery life more quickly. As with the hardware, start by turning off anything that isn't being used.
In Windows, start by taking a look in your System Tray, the collection of icons in the lower right corner of the desktop, next to the clock. On the left end of the System Tray, select the icon to display hidden icons. Take note of which apps are running in the background.
Open up the Task Manager by pressing Ctrl+Shift+Esc, or use Ctrl+Alt+Del and select Task Manager from the menu. Once in the Task Manager, look at the open apps—you may find that a program or two have been left running simply because you forgot to close a window instead of minimizing it.
Next, go to the Processes tab. This shows you what processes are currently running on your machine. While some of these are needed, some, like those associated with music and video players or cloud storage services (like Dropbox or Google Drive) can be disabled without causing any problems.
For MacBooks, the process is a little different. Take a look at System Preferences > Users&Groups for a menu called Login Items. Delete any power-hungry programs that you don't need anymore, or disable things like Google Chrome's automatic launch at startup. You can also see programs that are using a lot of power at any given moment by holding down the Option key, then clicking on the battery indicator in the Menu bar. Alternately, you can open the Activity Monitor utility to see a list of all the programs and processes you currently have open , and which of these are using the most power. You can stop these processes by selecting the program and then clicking the Stop icon. Power Nap is an Apple OS X feature that checks your email and twitter feeds for activity while the system is asleep. If you are trying to maximize battery life, it would be wise to turn that feature off.
5. Simplify
You can also stretch your battery life by simplifying your own activities. Multitasking is nice when you have full power, but running several programs at once puts a greater load on the processor and draws more power. Adjust your computer use by sticking to one application at a time and avoiding resource-intensive programs.
Start by single-tasking—if you need to type up a document, close any additional programs. You'll get longer battery life by not running Spotify in the background. If you need to keep some tunes going, switch from streaming media to locally stored songs—you'll still be using some extra power to play them, but streaming media over Wi-Fi also uses the laptop's wireless radio.
You might also benefit from switching to simpler tools for the same tasks, like opting for a simple text file instead of a Word document. With fewer features and none of Word's automatic actions (like Spell Check and Autosave), you can do all the writing you need without using quite so much power. Some activities you'll want to avoid entirely, like photo and video editing tools, which place a significant load on the processor and graphics card, and are real power hogs.
By eliminating unnecessary power uses, you should be able to extend the life of your battery in those moments that you find yourself high and dry.


Long-Term Strategies
These tweaks will help turn your system into a lean, mean energy-efficient machine, adding to both the useful time you get out of a single charge, and extending the overall lifespan of the battery.
6. Care and Feeding of Batteries
It starts with taking care of the battery itself. If your system has a removable battery, take care not to damage the battery contacts—they connect the laptop to the battery, and if the contacts get dirty or damaged, it can reduce and disrupt the flow of power. You can clean the contacts off with a cotton swab and rubbing alcohol, but damaged contacts might need to be professionally repaired. This doesn't apply to laptops that seal the battery into the chassis.
You may have heard old tips about charging your battery to only 80 percent, and not leaving it on the charger all the time, but most of that advice is outdated, and applies to older nickel metal hydride batteries but not the lithium-ion and lithium-polymer batteries used today. While modern laptop batteries don't require you to be as conscientious about how and when you charge your battery, you should occasionally take the opportunity to let the battery drain completely through normal use.
Finally, keep things cool. Heat will shorten the long-term life of the battery, so take steps to provide optimal airflow and cooling. The biggest problems come from physical obstruction of the ventilation ports. Dust buildup is one problem, which you can take care of by cleaning the laptop's vents and fan. A can of compressed air can be used to blow out some of the dust. The more frequent issue that crops up is using the laptop on a pillow or blanket, which can both obstruct the ventilation fan and retain the heat coming off of the system. This can be avoided by only using your laptop on surfaces like a table or desk, and a lapdesk will make a big difference when using a laptop in bed.
7. Tune-Up
The next step is keep your laptop tuned up for more efficient use of power. A few simple maintenance tasks and upgrades will not only help your battery last longer, but they will also result in a faster system overall.
For starters, regularly defragment your hard drive to make data retrieval more efficient. (Note: DO NOT try to defrag a solid-state drive, as it will reduce the usable life the drive.) An active drive uses more energy that an idle one, and defragging your hard drive reduces the amount of active drive time needed to access data. Over time, as you add and remove files from your system, data is haphazardly recorded to the hard drive, scattered in different portions of the drive. This disorderly (or fragmented) data, requires additional time and energy to access that information in the course of regular use. Defragmenting your drive is the digital equivalent of organizing your cupboards, making everything a bit tidier and easier to find. Windows 7 amd Windows 8 both have automatic tools that defragment your drive on a regular basis, but you should at least check to be sure that this is enabled and running properly.
Decluttering your drive will also make it more efficient. Practice good computer hygiene and regularly remove unwanted programs, clean out cobwebbed files, and ditch any excess bloatware that came with your system. Your cleanup should also include cleaning out the cache on your Web browser and deleting all of the old files from your downloads folder.
Samsung 840 EVO (500GB)
8. Upgrade Components
Another option is to ditch the hard drive entirely, and upgrade to a solid-state drive (SSD). Solid-state drives use flash memory instead of a spinning disk, so there are no moving parts, automatically offering more energy efficiency. It also removes the problems associated with fragmentation, which is a larger problem with hard drives. Upgrading to an SSD will both improve your battery life, and put some pep in your system, as SSDs offer faster performance and boot times than their traditional counterparts.
Finally, add some more RAM to your system. RAM stores data for short term use in flash modules, much like an SSD. The more data that can be put into RAM, the less reliant the system will be on pulling that data afresh from the hard drive. Again, reducing hard drive activity reduces the power consumption, but like an SSD upgrade, adding RAM also has performance benefits that you will notice immediately.
9. Battery Backup
Finally, the easiest way to ensure that you always have enough battery power is to bring along an extra; either a spare battery or an external battery pack. For laptops with a removable battery, the simplest option is a second battery. These can either be ordered directly from the manufacturer, or purchased from a third-party company, usually for less than $100. Simply swap the old battery for the new once in a while when charging, and bring along the charged-up spare whenever you expect to be away from a power outlet.
Another, similar option is to buy an external power pack. While it is also technically a battery, these external power sources plug into your laptop just like your charger does. They generally cost between $100 and $200, but come with adapters for use with many different laptop models, and can be reused on more than one system, and even for other devices, like your phone or tablet.
Check out more troubleshooting tips, such as what to do when your Windows laptop or MacBook is plugged in, but not charging.

Tuesday, July 22, 2014

How to Backup/Restore a Windows 2003 Domain Controller

How to Backup/Restore a Windows 2003 Domain Controller 

 
 
Posted by General Zod in Microsoft, Tech.
trackback
A couple years back, I was working for a rather large company with hundreds of sites in about 50 different countries that were all linked by a single global network… except for 4 or 5 data center sites that were called “solution centers”.  I worked at one of these special sites.  The purpose of the solution centers was to house whatever services a customer company required us to while keeping it separate for our company’s global network.  As we were not part of the global network, we were considered the black sheep of the company… and I was the lone systems engineer responsible for keeping the servers at my site running.  No bother… I do my best work when I’m left to my own devices.
However, this did present many additional complications that others in my company did not have to contend with.  The largest challenge to overcome was our site’s disaster recovery plan.  We could not just assume to relocate to a new site because we would need to recover our own environment, which included our own domain.
Yes, I know… I could have just housed one of our domain controllers at another location and established a special VPN just for the communications between the DC’s.  That would be a valid solution, but just not good enough.  During a DR event, that would place me very dependent upon the IT staff at that other location… and call me crazy, but I want to be able to ensure that I would be able to perform the recovery 100% without the assistance of anyone else.
I spent a lot of time reading over Microsoft white papers and procedures written by various individuals, throwing ideas around with colleagues, and plucking away at ideas in an attempt to develop a procedure that would fulfill our needs.  Eventually, I developed the procedure that you’ll read below… and tested it successfully on several occasions.  Knowing that someone else out there is probably looking for the same thing, I figured it would be grand to share it with you.

How to Backup the Domain Controller(s)

Obviously, before you can restore your domain, you have to back it up first.  :)
Mainly what we’re interested in backing up is the System State of a Domain Controller.  So what is the System State?

The System State of your server includes the Registry, the Boot files, some System files, the Active Directory service, and other components.  (Read more about it here.)  You can not pick and choose between which components are backed up during a System State backup.  It’s an all or nothing situation.
Since this includes the whole of your Registry, you have to understand that this includes the information about the original System’s installed hardware.  This may complicate the restore process somewhat.  If you backed the System State from DC on an HP Proliant DL380 G5 series server… and attempt to restore it on a Dell PowerEdge T100… you will most likely have issues with booting up the OS afterwards because the hardware set is significantly different.
As part of your DR plan, I recommend making a point of documenting the hostname, IP address, Operating System, Service Pack level, and the hardware make/model of each of your domain controllers.  You may find this information useful when the time comes.
These instructions are going to use the hostname "DC123" as name of the domain controller, and assume that you want to run your System State backup every day at 3:00am.
Login to your domain controller, and perform the following steps:
  1. Create a C:\Backup\ folder.
  2. Click Start — All Programs — Accessories — System Tools — Backup.
  3. Click [Next] — Select Backup Files and Settings — [Next].
  4. Select Let me choose what to back up — [Next].
  5. Expand My Computer — Check System State — [Next].
  6. Set the location of the backup file to C:\Backup\ folder.
    Set the Name of the Backup to “DC123 System State”.
  7. Click [Next] — [Advanced] — Select Normal — [Next].
  8. Check the Verify Data after Backup box — [Next].
  9. Select Replace the existing backups — [Next].
  10. Select Later — Set the Job Name to “DC123 System State”.
  11. Click [Set Schedule] — Schedule the job to run Daily at 3:00am.
  12. Click [OK] — Enter a set of user credentials — [OK].
  13. Click [Next] — Enter a set of the user credentials — [OK] — [OK] — [Finish].
The actual backup job itself will probably take somewhere between 15 – 30 minutes to run.  Then, you can backup the C:\Backup\ folder to tape.  Personally, I had preferred to schedule another task that would launch at 4:00am to “robocopy” (which can be found as part of the Windows Server 2003 Resource Kit Tools download) each of the backup files to another server where they were all dumped to tape a few hours later.
You only really need to backup 1 domain controller for this to work, but then your pretty much locked into a single hardware set when it comes time to do the restore.  Since I was never sure what kind of hardware I would have available to me when it came time to do the restores, I tried to make a practice of housing each domain controller on a different model of server… and backing each of them up individually.  Each backup ran me somewhere between 600 – 800 MB of disk space (which is rather a small pittance by today’s standards).
Yes, this was probably a significant amount of overkill on my part.  However, I find that the more paranoid you are, the better prepared you tend to find yourself.  And I tend to be rather paranoid about things like DR.

How to Restore the Domain Controller(s)

Now let’s pretend that a disaster has struck!
You’ve retrieved your tapes from off-site storage and acquired your target hardware, so let’s get to work!  (Remember that matching the hardware to the DC restore would be best, but you can make substitutions.  It’s not an exact science, so some experimentation may be required.)
Note:  These instructions are written with a few assumptions in mind.
  1. We assume that your entire domain has been leveled by some catastrophic event.
  2. We assume that your domain controllers are running a Windows 2003 operating system.
  3. We assume that whomever is doing the work knows the login credentials (from the original domain) to the domain’s Administrator account or a user account that is a member of both the domain’s "Domain Admins" and "Schema Admins" groups.
  1. Build a stand-alone Windows 2003 server, and bring it up to the same Service Pack level as the original DC.
  2. Name the server with the same hostname as your original DC.
  3. Restore your System State backup files from tape, and copy them to the new server’s local hard disk.
  4. Reboot the server.
  5. After POST, hit [F8] and select to boot into “Directory Services Restore Mode (Windows domain controllers only)”.
  6. Click Start — All Programs — Accessories — System Tools — Backup.
  7. Click [Next] — Select Restore files and settings — [Next] — Browse to the location of the backup file — [Next].
  8. Expand File – System State Backup — Check the System State box — [Next].
  9. Click [Advanced] — Select Original Location — [Next] — [OK] — Select Leave existing files (Recommended) — [Next].
  10. Check the boxes for: *  Restore Security Settings
    *  Restore junction points, but not the folder and file data
    *  Preserve existing volume mount points
    *  When restoring replicated data sets, mark the restored data as the primary data for all replicas
  11. Click [Next] — [Finish].
  12. After the restore is completed, click [Close] — [Yes] to reboot the system.
If your server hardware is significantly different from the original DC, then you may experience difficulty with the boot to the GUI.  If this is the case, then you might be able to still recover the OS by booting into Safe Mode or by booting to an original Windows 2003 OS CD to perform a Repair.
Once you get into the GUI, you will need to login using the local Administrator password from the original DC.
Now you will be able to seize the FSMO roles.  (Note:  After each "seize" command, click [Yes] and allow 3-5 minutes for the task to complete.)
  1. Click Start — Run — NTDSUTIL — [OK].
  2. Type the following commands into NTDSUTIL. roles
    connections
    connect to server DC123
    q
    seize domain naming master
    seize infrastructure master
    seize PDC
    seize RID master
    seize schema master
    q
    q
Next, confirm that your DC is a Global Catalog server.
  1. Launch AD Sites and Services
    (C:\Windows\System32\dssite.msc)
  2. Expand Sites – Default-First-Site-Name – Servers – DC123.
  3. Right-click and select NTDS Settings — On the General tab, verify that the Global Catalog box is checked.
  4. Perform a clean reboot of the system.
Now we’ll clean the old domain controllers out of the AD database.
  1. Click Start — Run — NTDSUTIL — [OK].
  2. Type the following commands into NTDSUTIL. metadata
    cleanup connections
    connect to server DC123
    quit
    select operation target
    list domains
    select domain <#>
    list sites
    select site <#>
    list servers in site
    select server <# of bad DC>
    quit
    remove selected server
    quit
  3. Launch Active Directory Sites and Services(C:\Windows\System32\dssite.msc).
  4. Expand Sites – Default-First-Site-Name – Servers.
  5. Right-click on — Select Delete.
  6. Launch Active Directory Users and Computers (C:\Windows\System32\dsa.msc).
  7. Expand the domain — Open the Domain Controllers container.
  8. Right-click on — Select Delete.
  9. Select The domain controller is permanently offline and can no longer be demoted using Active Directory Installation Wizard (DCPROMO).
  10. Click [Delete] — [Yes] to confirm.
Your domain should now be successfully restored, but don’t consider yourself finished at this point.  This restored server should be considered hinky at best, and should not be kept as a long-term solution.
Before doing anything else, I recommend that you build a 2nd “clean” domain controller alongside this restored 1st DC.  Then, transfer the FSMO roles to the 2nd DC.  Finally, demote the 1st DC to a member server and retire it from the domain.  That will hopefully ensure that your domain is running on a clean and stable DC that you can rely upon.  Then, build a new 2nd DC to ensure some redundancy.
Congratulations!  Your domain is restored.  Now get to work on restoring everything else.  :)

Windows Server 2003 Disaster Recovery Planning (Part 1)

Windows Server 2003 Disaster Recovery Planning (Part 1)


In this article, we will discuss what every Microsoft Windows Administrator and Engineer should think about when trying to manage their environments in the scope of planning for Disaster Recovery and Business Continuity. This is Part I in a 4 part article series where we will cover many of the details administrators and engineers need to know about planning Disaster Recovery for Windows Systems, as well as for their networks in general. In part I, we will look at Windows 2000 & Windows Server 2003 Clustering & Load Balancing for high availability, as well as general planning information.


For a complete guide to security, check out 'Security+ Study Guide and DVD Training System' from Amazon.com

Planning for High Availability  

Windows Server Disaster Recovery Planning can be a chore, but if you have the details and a plan, it can go smooth to setup, and will be a life saver when your systems start to smoke, and your VP’s are knocking on your office door asking what the heck is going on! In this section we will look at how to plan for High Availability.
Taking the time to plan and design is the key to your success, and it’s not only the design, but also the study efforts you put in. I always joke with my administrators and tell them they’re doctors of technology. I say, “When you become a doctor, you’re expected to be a professional and maintain that professionalism by educational growth through constant learning and updating of your skills.” Many IT staff technicians think their job is 9 to 5, with no studying done after hours. I have one word for them: Wrong! You need to treat your profession as if you’re a highly trained surgeon except, instead of working on human life, you’re working on technology. And that’s how planning for High Availability solutions needs to be addressed. You can’t simply wing it and you can’t guess at it. You must be precise, otherwise, your investment goes down the drain – and all the work you put in will be not only useless, but also wasteful.

Plan Your Downtime

You need to achieve as close to 100 percent uptime as possible. You know a 100 percent uptime isn’t realistic, though, and it can never be guaranteed. Breakdowns occur because of disk crashes, power or UPS failure, application problems resulting in system crashes, or any other hardware or software malfunction. So, the next best thing is 99.999 percent, which is still somewhat reasonable with today’s technology. You can also define in a Service Level Agreement (SLA) what 99.999 percent means to both parties. If you promised 99.999 percent uptime to someone for a single year, that translates to a downtime ratio of about five to ten minutes. I would strive for a larger number, one that’s more realistic to scheduled outages and possible disaster-recovery testing performed by your staff. Go for 99.9 percent uptime, which allots for about nine to ten hours of downtime per year. This is more practical and feasible to obtain. Whether providing or receiving such a service, both sides should test planned outages to see if delivery schedules can be met. You can figure this formula by taking the amount of hours in a day (24) and multiplying it by the number of days in the year (365). This equals 8,760 hours in a year. Use the following equation: percent of uptime per year = (8,760 - number of total hours down per year) / 8,760 If you schedule eight hours of downtime per month for maintenance and outages (96 hours total), then you can say the percentage of uptime per year is 8,760 minus 96 divided by 8,760. You can see you’d wind up with about 98.9 percent uptime for your systems. This should be an easy way for you to provide an accurate accounting of your downtime. Remember, you must account for downtime accurately when you plan for high availability. Downtime can be planned or, worse, unexpected. Sources of unexpected downtime include the following:
  • Disk crash or failure
  • Power or UPS failure
  • Application problems resulting in system crashes
  • Any other hardware or software malfunction

Building the Highly Available Solutions’ Plan

Let’s look at the plan to use a Highly Available design in your organization and review the many questions you need to ask before implementing it ‘live’. Remember, if the server is down, people can’t work, and millions of dollars can be lost within hours. The following is a list of what could happen in sequence:
  1. A company uses a server to access an application that accepts orders and does transactions.
  2. The application, when it runs, serves not only the sales staff, but also three other companies who do business-to-business (B2B) transactions. The estimate is, within one hour’s time, the peak money made exceeded 2.5 million dollars.
  3. The server crashes and you don’t have a Highly Availability solution in place. This means no failover, redundancy, or load balancing exists at all. It simply fails.
  4. It takes you (the systems engineer) 5 minutes to be paged, but about 15 minutes to get onsite. You then take 40 minutes to troubleshoot and resolve the problem.
  5. The company’s server is brought back online and connections are reestablished.
Everything appears functional again. The problem was simple this time—a simple application glitch that caused a service to stop and, once restarted, everything was okay. Now, the problem with this whole scenario is this: although it was a true disaster, it was also a simple one. The systems engineer happened to be nearby and was able to diagnose the problem quite quickly. Even better, the problem was a simple fix. This easy problem still took the companies’ shared application down for at least one hour and, if this had been a peak-time period, over 2 million dollars could have been lost. They want to become aware, so the possibility of 2 million in sales evaporating never occurs again. Worse still, the companies you connect to and your own clientele start to lose faith in your ability to serve them. This could also cost you revenue and the possibility of acquiring new clients moving forward. People talk and the uneducated could take this small glitch as a major problem with your company’s people, instead of the technology. Let’s look at this scenario again, except with a Highly Available solution in place:
  1. A company uses a Server to access an application that accepts orders and does transactions
  2. The application, when it runs, serves not only the sales staff, but also three other companies who do business-to-business (B2B) transactions. The estimate is, within one hour’s time, the peak money made exceeded 2.5 million dollars.
  3. The server crashes, but you do have a Highly Available solution in place. (Note, at this point, it doesn’t matter what the solution is. What matters is that you added redundancy into the service.)
  4. Server and application are redundant, so when a glitch takes place, the redundancy spares the application from failing.
  5. Customers are unaffected. Business resumes as normal. Nothing is lost and no downtime is accumulated.
  6. The ‘one hour’ you saved your business in downtime just paid for the entire Highly Available solution you implemented.

Human Resources and Highly Available Solutions

Human Resources (people) need to be trained and work on site to deal with a disaster. They also need to know how to work under fire. As a former United States Marine, I know about the “fog of war,” where you find yourself tired, disoriented, and probably unfocused on the job. These characteristics don’t help your response time with management. In any organization, especially with a system as complex as one that’s highly available, you need the right people to run it.

Managing Your Services

In this section, you see all the factors to consider while designing a Highly Available solution. The following is a list of the main services to remember:
• Service Management is the management of the true components of Highly
Available solutions: the people, the process in place, and the technology needed to create the solution. Keeping this balance to have a truly viable solution is important. Service Management includes the design and deployment phases.
  • Change Management is crucial to the ongoing success of the solution during the production phase. This type of management is used to monitor and log changes on the system.
  • Problem Management addresses the process for Help Desks and Server monitoring.
  • Security Management as discussed in Chapter 7, is tasked to prevent unauthorized penetrations of the system.
  • Performance Management is discussed in greater detail in this chapter. This type of management addresses the overall performance of the service, availability, and reliability. Other main services also exist, but the most important ones are highlighted here. Service management is crucial to the development of your Highly Available solution. You must cater to your customer’s demands for uptime. If you promise it, you better deliver it.

Highly Available System Assessment Ideas

The following is a list of items for you to use during the postproduction-planning phase. Make sure you covered all your bases with this list:
  • Now that you have your solution configured, document it! A lack of documentation will surely spell disaster for you. Documentation isn’t difficult to do, it’s simply tedious, but all that work will pay off in the end if you need it.
  • Train your staff. Make sure your staff has access to a test lab, books to read, and advanced training classes. Go to free seminars to learn more about High Availability. If you can ignore the sales pitch, they’re quite informative.
  • Test your staff with incident response drills and disaster scenarios. Written procedures are important, but live drills are even better to see how your staff responds. Remember, if you have a failure on a system, it could failover to another system, but you must quickly resolve the problem on the first system that failed. You could have the same issue on the other nodes in your cluster and if, that’s the case, you’re on borrowed time. Set up a scenario and test it.
  • Assess your current business climate, so you know what’s expected of your systems at all times. Plan for future capacity especially as you add new applications, and as hardware and traffic increase.
  • Revisit your overall business goals and objectives. Make sure what you intend to do with your high-availability solution is being provided. If you want faster access to the systems, is it, in fact, faster? When you have a problem, is the failover seamless? Are customers affected? You don’t want to implement a high-availability solution and have performance that gets worse. This won’t look good for you!
Do a data-flow analysis on the connections the high availability uses. You’d be surprised that damaged NICs, the wrong drivers, excessive protocols, bottlenecks, mismatched port speeds, and duplex, to name a few problems, have on the system. I’ve made significant differences in networks by simply running an analysis on the data flow on the wire and, through this analysis, have made great speed differences. A good example could be if you had old ISA-based NIC cards that only ran at 10 Mbps. If you plugged your system into a port that uses 100 Mbps, then you will only run at 10, because that’s as fast as the NIC will go. What would happen if the switch port was set to 100 Mbps and not to autonegotiate? This would create a problem because the NIC wouldn’t communicate on the network because of a mismatch in speeds. Issues like this are common on networks and could quite possibly be the reason for poor or no data flow on your network.
  • Monitor the services you consider essential to operation and make sure they’re always up and operational. Never assume a system will run flawlessly unless a change is implemented . . . at times, systems choke up on themselves, either by a hung thread or process. You can use network-monitoring tools like GFI, Tivoli, NetIQ, or Argent’s software solutions to monitor such services.
  • Assess your total cost of ownership (TCO) and see if it was all worth it.

Cost Analysis

Do a final cost analysis to check if you made the right decision. The best way to determine TCO is to go online and use a TOC calculator program that shows you TCO based on your own unique business model. Because, for the most part, all business models will be different, the best way to determine TCO is to run the calculator and figure TCO based on your own personal answers to the calculator’s questions. Here’s an example of a specific one, but many more are available to use online - just run a search in a search engine (like Google.com) on ROI/TCO calculators, and you will see them.

Testing a High Availability System

Now that you have the planning and design fundamentals down, let’s discuss the process of testing your high-availability systems. You need to assure the test is run for a long enough time, so you can get a solid sampling of how the system operates normally without stress (or activity) and how it runs with activity. Then, run a test long enough to obtain a solid baseline, so you know how your systems operate normally on a daily basis. Use that for a comparison during times of activity.

In Sum

This should give you a good running start on advanced planning for high availability, and it gives you many things to check and think about, especially when you’re done with your implementation.

Common Scenarios for Active Directory Related Backup and Disaster Recovery

Common Scenarios for Active Directory Related Backup and Disaster Recovery


(Or, Everything you ever wanted to know about AD DR Plans but couldn’t find in one place..)
As part of our Active Directory Risk Assessment Program we perform an Operational Interview portion of the engagement.  During this we talk about things we can’t really ask the machines.  Such as, SLA’s, OLA’s, DR Plans and various other things that involve humans more than computers but, are a vital part to the health and risk associated with an enterprise environment.  One of the things that often come up are common scenarios in your Disaster Recovery plans.  This came up for one of my customers and they asked me to compile information on how to handle these common topics.  So I compiled a list of TechNet and KB articles that will hopefully help you guys plug these into your DR plans. (Even having the links to the online articles handy when a disaster comes up can save you time, money, frustration and sanity Smile )  Hope this helps!
- How to recover an Active Directory forest
Planning for Active Directory Forest Recovery
http://technet.microsoft.com/en-us/library/planning-active-directory-forest-recovery(WS.10).aspx
Word Doc of the entire Forest Recovery Whitepaper:
http://go.microsoft.com/fwlink/?LinkId=152459
- How to recover domains
Recovering Active Directory Domain Services
http://technet.microsoft.com/en-us/library/cc816751(WS.10).aspx
- How to recover DNS
(Mostly covered in the Recovering Active Directory Domain Services article but additional info found here)
How to reinstall a dynamic DNS Active Directory-integrated zone
http://support.microsoft.com/kb/294328
- How to seize and transfer FSMO roles
Using Ntdsutil.exe to transfer or seize FSMO roles to a domain controller
http://support.microsoft.com/kb/255504
How to view and transfer FSMO roles in the graphical user interface
http://support.microsoft.com/kb/255690
- How to perform metadata cleanup
Clean Up Server Metadata (2008 & 2008R2)
http://technet.microsoft.com/en-us/library/cc816907%28WS.10%29.aspx
Clean up server metadata (2000, 2003 & 2003R2)
http://technet.microsoft.com/en-us/library/cc736378(WS.10).aspx
- How to recover an entire server
Windows Server Backup Step-by-Step Guide for Windows Server 2008
http://technet.microsoft.com/en-us/library/cc770266(WS.10).aspx
Performing a Full Server Recovery of a Domain Controller
http://technet.microsoft.com/en-us/library/cc772519(WS.10).aspx
- How to perform authoritative restores
- Active Directory database
Performing Authoritative Restore of Active Directory Objects
http://technet.microsoft.com/en-us/library/cc816878(WS.10).aspx
Performing Authoritative Restore of an Application Directory Partition
http://technet.microsoft.com/en-us/library/cc816934(WS.10).aspx
- SYSVOL (requires special recovery procedures)
For DFS Replicated SYSVOL
Restoring and Rebuilding SYSVOL
http://technet.microsoft.com/en-us/library/cc816596(WS.10).aspx
How to force an authoritative and non-authoritative synchronization for DFSR-replicated SYSVOL (like "D4/D2" for FRS)
http://support.microsoft.com/kb/2218556
For FRS Replicated SYSVOL
Using the BurFlags registry key to reinitialize File Replication Service replica sets
http://support.microsoft.com/kb/290762
How to rebuild the SYSVOL tree and its content in a domain
http://support.microsoft.com/kb/315457
- Successfully restoring users and their group memberships
How to restore deleted user accounts and their group memberships in Active Directory
http://support.microsoft.com/kb/840001
- How to perform non-authoritative restores
- Active Directory database
Performing Nonauthoritative Restore of Active Directory Domain Services
http://technet.microsoft.com/en-us/library/cc816627(WS.10).aspx
- SYSVOL (requires special recovery procedures) (Note: Same articles as Authoritative Restore since they include both procedures in the info.)
For DFS Replicated SYSVOL
Restoring and Rebuilding SYSVOL
http://technet.microsoft.com/en-us/library/cc816596(WS.10).aspx
How to force an authoritative and non-authoritative synchronization for DFSR-replicated SYSVOL (like "D4/D2" for FRS)
http://support.microsoft.com/kb/2218556
For FRS Replicated SYSVOL
Using the BurFlags registry key to reinitialize File Replication Service replica sets
http://support.microsoft.com/kb/290762
How to rebuild the SYSVOL tree and its content in a domain
http://support.microsoft.com/kb/315457