...
mifs[7]: 684 files, 26 directories
mifs[7]: Total bytes     :   64094208
mifs[7]: Bytes used      :   11614208
mifs[7]: Bytes available :   52480000
mifs[7]: mifs fsck took 60 seconds.
...done Initializing Flash.
done.
Loading "flash:/ies-lanbase-mz.122-50.SE2/ies-lanbase-mz.122-50.SE2.bin"...flash:/ies-lan
base-mz.122-50.SE2/ies-lanbase-mz.122-50.SE2.bin: magic number mismatch: bad mzip file

Error loading "flash:/ies-lanbase-mz.122-50.SE2/ies-lanbase-mz.122-50.SE2.bin"

Interrupt within 5 seconds to abort boot process.
Boot process failed...

The system is unable to boot automatically.  The BOOT
environment variable needs to be set to a bootable
image.

No problem I thought, I’ll just use Rommon and suck down a clean image from a TFTP server. How wrong I was! These switches don’t have Rommon, instead they have their own boot OS which bizarrely doesn’t seem to support any kind of networking whatsoever. It can format the filesystem and do basic file operations, but thats it as far as I can tell. You quickly find yourself stuck with no way to upload an image, and the scant documentation unhelpfully suggests that you reset your switch to factory defaults. If you follow this advice you now have a switch with no config and still a corrupt IOS. There doesn’t appear to be any documentation at all about the strange little OS you find yourself stuck in, so its time to experiment.

Plugging the flash card into my Windows machine showed that it wasn’t formatted in a way that Windows could read it, so you can’t copy an image that way. Formatting it as FAT resulted in a strange situation where both Windows and the switch could write to the flash card, but neither could see the others files. Unfortunately I didn’t have easy access to a Linux machine to see if it was readable on there, I needed another way to get the right data onto the card. I did have other working Stratixes, so I had the idea of cloning a working flash card. You can’t do this natively in Windows so I had to find a Windows version of the well known Linux tool, dd.

dd is a very low level tool that copies data at a block level. It doesn’t see files or folders or even disk formats, it just sees the raw bits. The plan was to make an image of a working flash card, and then dump that onto the failed one. In theory you should end up with a perfect clone, and this way Windows doesn’t need to be able to read the disk format. I used the tool as follows, first listing the available drives, second making an image of a good flash card and finally writing that image onto the corrupt one:

D:\Programs\dd>dd --list
rawwrite dd for windows version 0.6beta3.
Written by John Newbigin <jn@it.swin.edu.au>
This program is covered by terms of the GPL Version 2.

Win32 Available Volume Information

[snip]

\\.\Volume{43371b24-d6a0-11df-b040-005056c00008}\
 link to \\?\Device\HarddiskVolume10
 removeable media
 Mounted on \\.\l:

[snip]

D:\Programs\dd>dd if=\\.\l: of=stratix.img
rawwrite dd for windows version 0.6beta3.
Written by John Newbigin <jn@it.swin.edu.au>
This program is covered by terms of the GPL Version 2.

125440+0 records in
125440+0 records out

D:\Programs\dd>dd if=stratix.img of=\\.\l:
rawwrite dd for windows version 0.6beta3.
Written by John Newbigin <jn@it.swin.edu.au>
This program is covered by terms of the GPL Version 2.

125440+0 records in
125440+0 records out

D:\Programs\dd>

Happily it worked flawlessly, the cloned flash card contained an exact copy of the working IOS and I was able to get my switch working again. I’d love to know the manufacturer’s recommended restore method, but as is often the case the documentation is lacking.

(Standalone drive inventory)
vmphyinv {-n drive_name | -u device_number} [-h device_host]
[-non_interactive] [-verbose]

C:\Program Files\VERITAS\Volmgr\bin>vmphyinv.exe -u 2 -h tapesvr

Proposed Change(s) to Update the Volume Configuration
=====================================================
Logically add new media BE????.
Logically update EMM database, if required.

Update volume configuration? (y/n) n: y

Added new media BE0000 on host tapesvr.
Added media ID BE0000 to EMM database.

C:\Program Files\VERITAS\Volmgr\bin>

You get the device number from the activity monitor->drives screen. Once you run this command Netbackup will start to read the images on the tape, you can see this on the catalog->results screen. Once this is complete the media will appear on the catalog->search screen ready for the phase 2 import.

Bear in mind that this will delete all data on the drive, so make sure to back it up first!

We are going to use a handy commandline tool called diskpart to go through and delete the partitions on the disk one by one. Once this is done you can format the disk as normal (but only as one big partition). Here is an example where I delete two partitions on a USB disk.

C:\Windows\system32>diskpart

Microsoft DiskPart version 6.1.7600
Copyright (C) 1999-2008 Microsoft Corporation.
On computer: WORKSTATION

DISKPART> list disk

Disk ###  Status         Size     Free     Dyn  Gpt
--------  -------------  -------  -------  ---  ---
Disk 0    Online          465 GB      0 B
Disk 1    Online           14 GB  1500 MB

DISKPART> select disk 1

Disk 1 is now the selected disk.

DISKPART> list partition

Partition ###  Type              Size     Offset
-------------  ----------------  -------  -------
Partition 1    Primary           1501 MB    31 KB
Partition 0    Primary             11 GB  3002 MB

DISKPART> select partition 1

Partition 1 is now the selected partition.

DISKPART> delete partition

DiskPart successfully deleted the selected partition.

DISKPART> list partition

Partition ###  Type              Size     Offset
-------------  ----------------  -------  -------
Partition 1    Primary             11 GB  3002 MB

DISKPART> select partition 1

Partition 1 is now the selected partition.

DISKPART> delete partition

DiskPart successfully deleted the selected partition.

At this point I format the partition in disk management. Going back to diskpart we can see that the new partition is recognised and is the correct size. Note that the sizes don’t add up as there was unallocated space on the disk which has been included in the new partition.

DISKPART> list partition

Partition ###  Type              Size     Offset
-------------  ----------------  -------  -------
* Partition 1    Primary             14 GB      0 B

DISKPART>

If you use it yourself its worth looking at each setting and asking if it applies to your environment. Some of the settings will probably be set by your GPOs anyway once you add machines deployed from it to your domain, other bits are just slightly anal and unnecessary.

As a side note 2008 R2 only supports 64 bit processors, so make sure your environment is capable fo this before you proceed.

login as: root
root@192.168.100.12's password:

Dell Remote Access Controller 5 (DRAC 5)
Firmware Version 1.40 (Build 08.08.22)

$ racadm help

 help [subcommand] -- display usage summary for a subcommand
 arp             -- display the networking ARP table
 clearasrscreen  -- clear the last ASR (crash) screen
 clrraclog       -- clear the RAC log
 clrsel          -- clear the System Event Log (SEL)
 config          -- modify RAC configuration properties
 coredump        -- display the last RAC coredump
 coredumpdelete  -- delete the last RAC coredump
 fwupdate        -- update the RAC firmware
 getconfig       -- display RAC configuration properties
 getniccfg       -- display current network settings
 getraclog       -- display the RAC log
 getractime      -- display the current RAC time
 getsel          -- display records from the System Event Log (SEL)
 getssninfo      -- display session information
 getsvctag       -- display service tag information
 getsysinfo      -- display general RAC and system information
 gettracelog     -- display the RAC diagnostic trace log
 ifconfig        -- display network interface information
 netstat         -- display routing table and network statistics
 ping            -- send ICMP echo packets on the network
 racdump         -- display RAC diagnostic information
 racreset        -- perform a RAC reset operation
 racresetcfg     -- restore the RAC configuration to factory defaults
 serveraction    -- perform system power management operations
 setniccfg       -- modify network configuration properties
 sslcertview     -- view SSL certificate information
 sslcsrgen       -- generate a certificate CSR from the RAC
 testemail       -- test RAC e-mail notifications
 testtrap        -- test RAC SNMP trap notifications
 version         -- display the version info of RACADM
 vmdisconnect    -- disconnect virtual media connections
 vmkey           -- perform virtual media key operations
 usercertview    -- view user certificate information

$

To reset the DRAC, we need the racreset command. This will re-initialise the DRAC and after a minute or so everything should be working again

The CCIE consists of two parts, the first is a written exam which tests basic knowledge and after that you do a day long lab exam. The lab exam is considered to be the hardest of the two, with most people requiring multiple attempts. Once you have the certification, you just need to pass the written exam every few years to keep it.

Without any input from those who didn’t recertify its hard to work out why they didn’t bother. Change in job role could account for some but it seems unlikely that this would account for the full 61. Is it just that now there are more people with it, the CCIE is less highly regarded?

If you are unfamiliar with the CCNP, the previous track consisted of four exams which can be briefly summed up as follows: BSCI (routing), BCMSN (switching), ONT (QoS + wireless), and ISCW (everything else – VPNs, DSL, MPLS, security). The new track is three exams.

The changes are very interesting – I always saw the core of this track as being routing and switching and Cisco seem to be acknowledging that with the first two exams, ROUTE and SWITCH. If you delve a bit deeper into the actual exam topics you can see that they’ve actually cut a lot of the content which isn’t routing or switching out. ROUTE looks to be basically the BSCI exam, with a very small coverage of the VPN and DSL topics from ISCW. SWITCH is the BCMSN with a bit of security. The third exam is TSHOOT, which is aligning with new CCIE track by adding a dedicated troubleshooting element.

Personally I’m 50/50 about the changes. Cisco seem to be trying to make each track very specific with no overlaps (the current CCNP has some overlap with the CCVP, CCSP and CCIP), and while I can see why they would want to do this I think it will produce less rounded engineers at the end of it. If you do the current CCNP you come out of it knowing a lot about routing and switching, and enough about everything else that you can work out most issues after a little research. Its kind of the jack of all trades qualification, which you might expect based on the acronym. With the changes it is turning more into the CCR&SP.  However I do like is the inclusion of the troubleshooting section since just setting equipment up in the first place is only the start of your job, you then have to go and support it.

Luckily I got my CCNP just last year so I’m not affected by the changes, but candidates who are halfway through theirs can either continue with the current track (until July), or substitute BSCI and BCMSN exams they have already completed for ones on the new track. More info on this here

One of the most interesting things is that they have finally come up with their own AV solution, which uses multiple existing engines plus one of their own. I’m also pretty happy that there is finally an IPS solution (built into TMG, which is roughly the replacement to ISA). They are also jumping on the ‘cloud’ bandwagon and providing outsourced Exchange spam filtering and mail archiving.

All this stuff is either out now or coming out pretty soon, so it will be interesting to see if it holds up to competition once it gets in the wild.

Apcupsd is an open source ups agent designed to work with APC products. It is fairly simple to set up, and there is a ton of documentation on the website. The first thing you will want to do is download the rpm, and then install it on your server.

Since this is a PowerChute setup I will work under the assumption that you have multiple machines running off of one UPS. If this is the case you will want to alter the default install slightly. By default the software is configured to shut down your UPS once the server has finished powering down, which we definitely don’t want if our UPS is powering multiple systems. To make these changes, check for lines labeled apcupsd in your system halt file and remove all the lines you find:

cat /etc/rc.d/init.d/halt | grep apcupsd

Once this is done we need to tell apcupsd what kind of UPS it is talking to. To do this, edit <tt>/etc/apcupsd/apcupsd.conf</tt> and make sure the following configuration is set up. Note that IP is your UPS IP, the username is usually apc, and the passphrase is your agent passphrase, not your administration password for the web interface.

UPSCABLE ether
UPSTYPE pcnet
LOCKFILE /var/lock
DEVICE ipaddr:user:passphrase
UPSCLASS standalone
UPSMODE disable

Once this is done, ensure apcupsd is set up to run at startup, and start the service.

chkconfig apcupsd on
service apcupsd restart

At this point check in /etc/apcupsd/apcupsd.events to ensure that there are no errors. If you get a message saying communications with the UPS have been lost, you either have a configuration issue or need to update your firewall rules similar to the following:

-A RH-Firewall-1-INPUT -p udp --dport 3052 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 3052 -j ACCEPT

At this point you are ready to test a power fail and ensure that the system powers off gracefully.

A few other points to bear in mind, the PowerChute support in apcupsd is unfortunately not as mature as the official product, so you don’t get a web interface on your server to check its status. Options for custom shutdown scripts etc are still available and can be found in the official documentation. It is also worth mentioning that if for whatever reason you would still prefer to use the official agent, you can work around the GUI requirement by installing the agent on another server which does have a GUI, and then copying the files across.