Mover roles asignados a un servidor DC que se borro y asi poder subir el nivel del Forest para incluir un servidor 2012 en el dominio

Como corregir el problema de los roles asignados a un servidor DC que se borro y asi poder subir el nivel del Forest para incluir un servidor 2012 en el dominio de RRA

Para consultar la asignación de roles actual, se hace con  " netdom query fsmo"

Para modificar los valores de “ForestDNSZones” y “DomainDNSZones” que seguían apuntando al servidor viejo, se realizaron los pasos del articulo  "AD DS Operation Failed – directory service is missing mandatory configuration – Event ID 2091 – FSMO Role Broken”   http://blog.mpecsinc.ca/2011/03/ad-ds-operation-failed-directory.html 

Se ve que los roles de Schema Master y "Domain naming Master" están asignados al servidor rra-srv-dc1, que fue el que se danio y por lo cual se realizo el procedimiento de metadata clean up. (ttp://support.microsoft.com/kb/216498.) y seize the FSMO role using the NTDSUtil command (http://support.microsoft.com/kb/255504) pero aun sigue apareciendo esa información en el AD.

Esto hace que no se pueda subir el nivel de forest a uno compatible o el windows 2012 r2 Dc que se quiere introducir. Entonces lo que hay que hacer es manualmente cambiar la referencias de los roles que aun quedan en el rra-srv-dc1 al servidor rra-srv-dc3 que queda. Esto se hace modificando con el ADSEI edit los parametros de cada uno de los roles. Para localizar dichos parametros se siguio el articulo  http://blog.dargel.at/2012/04/19/fsmo-roles-in-active-directory-database-adsi/ 

Se cambio el key fSMORoleOwner del valor "CN=NTDS Settings\0ADEL:d68a437f-09f8-465d-ab3f-865f0f4ffa43,CN=RRA-SRV-DC1\0ADEL:7eca4722-fbf1-4474-99e4-271e089997ee,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=rra,DC=local” 

al valor "CN=NTDS Settings,CN=RRA-SRV-DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=rra,DC=local. 

El valor se cambio para el rol de schema que apuntara al servidor existente ( rra-srv-dc3 )

            

Dado que el comando de subir el nivel del forest

Decía que se iba a modificar "CN=Partitions,CN=Configuration,DC=rra,DC=local” entonces gráficamente también se realizo el cambio de la llave "msDS-Behavior-Version” de valor 0 ( windows 200 forest level) a 2 ( windows 2003 forest level)

Al final ejecutando nuevamente la consulta de los roles , se vio el cambio

Como también consultando los niveles del dominio y del forest, usando el script, el cual se extrajo de (http://kpytko.pl/active-directory-domain-services/schema-version-using-powershell/)

Import-Module ActiveDirectory

Clear-Host

Write-Host ""

Write-Host "Domain Functional Level is " -ForegroundColor Green -NoNewLine

$domain=Get-ADObject -Identity "dc=rra,dc=local" -Properties * | Select msDS-Behavior-Version,ntMixedDomain

if ($domain.ntMixedDomain -eq 1){

Write-Host "Windows 2000 Mixed mode" -ForegroundColor Yellow

}

else {

switch ($domain."msDS-Behavior-Version")

{

0 { Write-Host "Windows 2000 Native mode" -ForegroundColor Yellow }

1 { Write-Host "Windows Server 2003 Interim mode" -ForegroundColor Yellow }

2 { Write-Host "Windows Server 2003 mode" -ForegroundColor Yellow }

3 { Write-Host "Windows Server 2008 mode" -ForegroundColor Yellow }

4 { Write-Host "Windows Server 2008 R2 mode" -ForegroundColor Yellow }

5 { Write-Host "Windows Server 2012 mode" -ForegroundColor Yellow }

6 { Write-Host "Windows Server 2012 R2 mode" -ForegroundColor Yellow }

default { Write-Host "unknown" -ForegroundColor Red }

}

}

Write-Host ""

Write-Host "Forest Functional Level is " -ForegroundColor Green -NoNewLine

$forest=Get-ADObject -Identity "cn=partitions,cn=configuration,dc=rra,dc=local" -Properties * | Select msDS-Behavior-Version

switch ($forest."msDS-Behavior-Version")

{

0 { Write-Host "Windows 2000 mode" -ForegroundColor Yellow }

1 { Write-Host "Windows Server 2003 Interim mode" -ForegroundColor Yellow }

2 { Write-Host "Windows Server 2003 mode" -ForegroundColor Yellow }

3 { Write-Host "Windows Server 2008 mode" -ForegroundColor Yellow }

4 { Write-Host "Windows Server 2008 R2 mode" -ForegroundColor Yellow }

5 { Write-Host "Windows Server 2012 mode" -ForegroundColor Yellow }

6 { Write-Host "Windows Server 2012 R2 mode" -ForegroundColor Yellow }

default { Write-Host "unknown" -ForegroundColor Red }

}

Write-Host ""

Borrar "Shadow Copies" para liberar Espacio en disco en windows 2003

Cuando se trata de borrar por el file manager dichas copias, se presenta un error como si una aplicación de backup estuviera usando el servicio; para lo cual hay que abrir un "command Prompt" y ejecutar lo siguiente

"vssadmin list shadows"

Este comando lista las copias existente de una partición especifica 

Después se usa el comando "wimc" para borrar las copias existentes.

Información tomada de http://www.tomshardware.com/ 

Install virtualbox guest additions on elementary OS

Para instalar hay que hacer los siguientes pasos:

Instalar los headers del kernel

$ sudo apt-get install build-essential module-assistant

ubicar la entrada en el dev del cdrom y montar el iso de virtualbox additions

$ lsblk
NAME   MAJ:MIN RM   SIZE RO TYPE MOUNTPOINT
sda      8:0    0    20G  0 disk 
├─sda1   8:1    0    18G  0 part /
├─sda2   8:2    0     1K  0 part 
└─sda5   8:5    0     2G  0 part [SWAP]
sr0     11:0    1  61.7M  0 rom  

$ cd ~/
$ mkdir vbox

# mount the cd rom
$ sudo mount /dev/sr0 ~/vbox
mount: block device /dev/sr0 is write-protected, mounting read-only

Instalar las virtualbox additions

$ cd vbox/
~/vbox$ sudo ./VBoxLinuxAdditions.run
Verifying archive integrity... All good.
Uncompressing VirtualBox 4.3.10 Guest Additions for Linux............
VirtualBox Guest Additions installer
Copying additional installer modules ...
Installing additional modules ...
Removing existing VirtualBox DKMS kernel modules ...done.
Removing existing VirtualBox non-DKMS kernel modules ...done.
Building the VirtualBox Guest Additions kernel modules ...done.
Doing non-kernel setup of the Guest Additions ...done.
Starting the VirtualBox Guest Additions ...done.
Installing the Window System drivers
Installing X.Org Server 1.11 modules ...done.
Setting up the Window System to use the Guest Additions ...done.
You may need to restart the hal service and the Window System 

Eso es todo.

Información tomada de

http://www.binarytides.com/install-virtualbox-guest-additions-elementary-os-luna/

Trabajando con NBAC en un symantec appliance 5230. (2.6.1.1)

Estos pasos fueron realizados tanto para configurar inicialmente esta caracteristica en el appliance y despues se desactivo dado que se presentaron problemas en el acceso.

• Se creo un usuario administrador para el CLI; este usuario se adiciono mediante la consola web.

• Con ese usuario se entra al appliance para habilitar el NBAC, esta es la salida:

login as: adminCLI

Using keyboard-interactive authentication.

Password:

**********************************************************************

*** Welcome NetBackup CLI Administrator to the NetBackup Appliance ***

**********************************************************************

adminCLI@nb5230-ac:~> bpnbaz -setupmaster

You will have to restart NetBackup services on this machine after the command completes successfully.

Do you want to continue(y/n)y

Gathering configuration information.

Please be patient as we wait for 10 sec for the security services to start their  operation.

Generating identity for host 'nb5230-ac'

Setting up basic authorization information. Please be patient.

Basic authorization information generated successfully.

Granting authorization check permissions to host 'nb5230-ac'

Configuring authentication domains within Netbackup

Setting up authorization information in Netbackup configuration files.

Setting up NBAC on target host: nb5230-ac

Warning: NetBackup Master Server is currently configured in AUTOMATIC mode. Security will be enforced only in REQUIRED mode. This can be done after entire NetBackup domain is configured with NBAC

Operation completed successfully.

adminCLI@nb5230-ac:~>

Como resultado no se pudo administrar desde la consola java el appliance.

•  Se deshabilita el IPS appliance para poder deshabilitar el NBAC. Aqui el log 

login as: admin
Using keyboard-interactive authentication.
Password:
Last login: Mon Aug 17 08:49:21 2015 from spw-monitor.xxx.xxx


Appliance  Manage master and media appliances.
Exit       Logout and exit from the current shell.
Manage     Manage NetBackup appliance.
Monitor    Monitor NetBackup appliance activities.
Network    Network Administration.
Reports    Examine the running and historical state of the host.
Settings   Change NetBackup appliance settings.
Shell      Shell operations.
Support    NetBackup Support.

nb5230-ac.Main_Menu> Support
Entering NetBackup support view...
nb5230-ac.Support> Maintenance
<!-- Maintenance Mode --!>
maintenance's password:
maintenance-!> /opt/Symantec/scspagent/IPS/sisipsoverride.sh
Symantec Critical System Protection Policy Override

    Agent Version: 5.2.9 (build 913)
   Current Policy: NetBackup Appliance Prevention Policy, r32
Policy Prevention: Enabled
  Policy Override: Allowed
   Override State: Not overridden

To override the policy and disable protection, enter your login password.
Password:

Choose the type of override that you wish to perform:
 1. Override Prevention except for Self-Protection
 2. Override Prevention Completely
Choice? [1]

Choose the amount of time after which to automatically re-enable:
 1. 15 minutes
 2. 30 minutes
 3. 1 hour
 4. 2 hours
 5. 4 hours
 6. 8 hours
 7. never
Choice? [1] 4

Enter a comment. Press Enter to continue.
NBAC

Please wait while the policy is being overridden.
.............

The policy was successfully overridden.

• Se sigue la guia del documento de symantec (http://www.symantec.com/docs/TECH175054) para deshabilitar NBAC
  

maintenance-!>
maintenance-!> elevate
nb5230-ac:/home/maintenance # netbackup stop
stopping the NetBackup Service Monitor
stopping the NetBackup CloudStore Service Container
stopping the NetBackup Vault daemon
stopping the NetBackup Web Management Console
stopping the NetBackup Agent Request Server
stopping the NetBackup Indexing Manager
stopping the NetBackup Service Layer
stopping the NetBackup Remote Monitoring Management System
stopping the NetBackup Storage Lifecycle Manager
stopping the NetBackup Policy Execution Manager
stopping the NetBackup Job Manager
stopping the NetBackup request daemon
stopping the NetBackup compatibility daemon
stopping the NetBackup database daemon
stopping the Media Manager volume daemon
stopping the NetBackup Resource Broker
stopping the NetBackup Enterprise Media Manager
stopping the NetBackup Deduplication Multi-Threaded Agent
stopping the NetBackup Deduplication Engine
stopping the NetBackup Deduplication Manager
stopping the NetBackup Audit Manager
stopping the NetBackup Event Manager
stopping the NetBackup Authorization daemon
stopping the NetBackup Database Server
stopping the NetBackup Discovery Framework
stopping the NetBackup client daemon
stopping the NetBackup network daemon
stopping the NetBackup Authentication daemon
nb5230-ac:/home/maintenance #
nb5230-ac:/home/maintenance #
nb5230-ac:/home/maintenance # vxpbx_exchanged stop
Stopped Symantec Private Branch Exchange
nb5230-ac:/home/maintenance # bpps -x
NB Processes
------------

MM Processes
------------

Shared Symantec Processes
-------------------------
root      85894      1  0 Aug13 ?        00:01:45 /opt/SYMCnbappws/eat/bin/vxatd -c /opt/SYMCnbappws/eat/data
nb5230-ac:/home/maintenance # mv /usr/openv/var/global/vxss/eab/data/root/.VRTSat/profile/VRTSatlocal.conf.tmplt /usr/openv/var/global/vxss/eab/data/root/.VRTSat/VRTSatlocal.conf.tmplt
nb5230-ac:/home/maintenance # rm -rf /usr/openv/var/global/vxss/eab/data/root/.VRTSat/profile/*
nb5230-ac:/home/maintenance # cp /usr/openv/var/global/vxss/eab/data/root/.VRTSat/VRTSatlocal.conf.tmplt /usr/openv/var/global/vxss/eab/data/root/.VRTSat/profile/VRTSatlocal.conf
nb5230-ac:/home/maintenance # rm -rf /usr/openv/var/vxss
nb5230-ac:/home/maintenance # rm -rf $HOME/.vxss
nb5230-ac:/home/maintenance # mv /usr/openv/db/data/NBAZDB.db /usr/openv/db/data/NBAZDB.db.old
nb5230-ac:/home/maintenance # mv /usr/openv/db/data/NBAZDB.log /usr/openv/db/data/NBAZDB.log.old
nb5230-ac:/home/maintenance # vi /usr/openv/db/data/vxdbms.conf
nb5230-ac:/home/maintenance # vi /usr/openv/db/data/vxdbms.conf
nb5230-ac:/home/maintenance # pwd
/home/maintenance
nb5230-ac:/home/maintenance # id
uid=0(root) gid=0(root) groups=0(root)
nb5230-ac:/home/maintenance # cd /usr/openv/db/data/
nb5230-ac:/usr/openv/db/data # ls -l vxdbms
vxdbms.conf       vxdbms_conf.lock
nb5230-ac:/usr/openv/db/data # cp vxdbms.conf vxdbms.old
nb5230-ac:/usr/openv/db/data # vi vxdbms.conf
nb5230-ac:/usr/openv/db/data # cp /usr/openv/db/data/NBAZDB.db.template /usr/openv/db/data/NBAZDB.db
nb5230-ac:/usr/openv/db/data # vi /usr/openv/netbackup/bp.conf
nb5230-ac:/usr/openv/db/data # USE_VXSS=PROHIBITED
nb5230-ac:/usr/openv/db/data # /opt/VRTSpbx/bin/vxpbx_exchanged start
Started Symantec Private Branch Exchange
nb5230-ac:/usr/openv/db/data # netbackup start
NetBackup Authentication daemon started.
NetBackup network daemon started.
NetBackup client daemon started.
NetBackup SAN Client Fibre Transport daemon started.
NetBackup Discovery Framework started.
NetBackup Database Server started.
NetBackup Authorization daemon started.
NetBackup Event Manager started.
NetBackup Audit Manager started.
NetBackup Deduplication Manager started.
NetBackup Deduplication Engine started.
NetBackup Deduplication Multi-Threaded Agent started.
NetBackup Enterprise Media Manager started.
NetBackup Resource Broker started.
Rebuilding device nodes.
Media Manager daemons started.
NetBackup request daemon started.
NetBackup compatibility daemon started.
NetBackup Job Manager started.
NetBackup Policy Execution Manager started.
NetBackup Storage Lifecycle Manager started.
NetBackup Remote Monitoring Management System started.
NetBackup Key Management daemon started.
NetBackup Service Layer started.
NetBackup Indexing Manager started.
NetBackup Agent Request Server started.
NetBackup Bare Metal Restore daemon started.
NetBackup Web Management Console started.
NetBackup Vault daemon started.
NetBackup CloudStore Service Container started.
NetBackup Service Monitor started.
NetBackup Bare Metal Restore Boot Server daemon started.
nb5230-ac:/usr/openv/db/data # /usr/openv/db/vxdbms_env.sh
nb5230-ac:/usr/openv/db/data # /usr/openv/db/bin/dblog -t NBAZDB.log /usr/openv/db/data/NBAZDB.db
/usr/openv/db/bin/dblog: error while loading shared libraries: libdbtool16_r.so: cannot open shared object file: No such file or directory
nb5230-ac:/usr/openv/db/data # .  /usr/openv/db/vxdbms_env.sh
nb5230-ac:/usr/openv/db/data # /usr/openv/db/bin/dblog -t NBAZDB.log /usr/openv/db/data/NBAZDB.db
SQL Anywhere Transaction Log Utility Version 16.0.0.2034
"/usr/openv/db/data/NBAZDB.db" was using log file "vrtsaz_db.log"
"/usr/openv/db/data/NBAZDB.db" is using no log mirror file
"/usr/openv/db/data/NBAZDB.db" is now using log file "NBAZDB.log"
Transaction log starting offset is 0000422309
Transaction log current relative offset is 0000004194
nb5230-ac:/usr/openv/db/data #
nb5230-ac:/usr/openv/db/data # ls /usr/openv/db/data
.odbc.ini.az           EMM_DATA.db         NBAZDB.log.old   SLP_INDEX.db
.odbc.ini.az.template  EMM_INDEX.db        NBDB.db          vrtsaz_db.log
DARS_DATA.db           JOBD_DATA.db        NBDB.log         vxdbms.conf
DARS_INDEX.db          NBAZDB.db           SEARCH_DATA.db   vxdbms.old
DBM_DATA.db            NBAZDB.db.old       SEARCH_INDEX.db  vxdbms_conf.lock
DBM_INDEX.db           NBAZDB.db.template  SLP_DATA.db
nb5230-ac:/usr/openv/db/data # /usr/openv/db/bin/nbdb_admin -dba nbusql
You must be Security Administrator to execute /usr/openv/db/bin/nbdb_admin