Archive for August, 2007

Troubleshooting AFP Performance on Xsan

Wednesday, August 29th, 2007

Troubleshooting steps for an Xsan volume acting as an AFP Bridgehead:
1. Fragmentation – Run the SNFS defrag utilities per the article on Xsanity that I referenced earlier. This will most likely give the biggest bang for the buck in terms of troubleshooting time.
2. DNS – Rule out DNS by using IP address for all users. This is basically not a DNS issue, but we need to be sure.
3. Number of files and size of files. Try to limit each folder to 100 files for now just to see if there is an issue with 1000 vs 100 files (and keep in mind that subfolders count for file sizes).
4. 3rd party indexing applications. Try to temporarily not use any 3rd party indexing applications.
5. Backups during the day. Try to verify that Atempo is not running during the heavy utilization of the SAN (during the day).
6. Encryption. Do not use AFP over SSH (Secure AFP).
7. Switching. Review the switching infrastructure and disable all features that could be limiting bandwidth.
8. DAS. Test using a little Direct Attached Storage where possible to verify that issues are definitely related to resharing of the SAN as opposed to using DAS.
9. AFP Tuning. Consider enabling Jumbo frames. This likely will not net a performance gain but it’s always worth a shot.
10. Network Home Folders. If you’re trying to run any network home folders off the SAN try disabling this for the initial roll out.
11. Wiring. Verify that all wiring is clean Cat 5e or Cat6 cables. I realize this is kinda’ stupid considering you were using all new patch cables that I pulled out of the bags, but please just look through them and make sure they’re good.
12. Infrastructure. From a switching perspective make sure that there aren’t any bottlenecks along the way where there is a switch feeding another switch with a 100MB or sole gigabit cable stacking the two. If you need to stack, use a real stacking cable (typically giving a 10GB backplane link between switches)
13. LUNS. Make sure you have enough LUNs to provide the bandwidth. I believe we’re at 2GB per Volume, so you should be good here, but just wanted to mention that.

These steps should at a minimum help us to narrow down what issues you are running into. You can also use the debugger in Xsan, and get very verbose logs. With these logs we might be able to find some more issues, but make sure to disable this feature shortly after enabling it as it will fill up your boot volume of the machine running it.

Also, Kerberos and LDAP issues are likely not going to net any bang for the buck in terms of troubleshooting. Can you mount the volume for clients? Yes, which likely rules out any OD issues. Just an FYI to help conserve valuable time in isolating your bandwidth issues.

We have seen fragmentation cause this a few times and this may resolve the issue. If so, it will reoccur and when it does you will need to defrag again. Due to the effect that a defrag has you will likely find you need to rebuild the volume from scratch to clear up the orphaned iNodes caused by the defrag process.

Finder Shortcuts

Thursday, August 23rd, 2007

When you’re active application is the Finder then check out these shortcuts:
Command-N opens a new finder window
Command-Shift-N creates a new folder in the active folder of your finder
Command-W closes a window
Command-Shift-W closes all the windows (if you have more than one open)
Command-Shift-Escape
Command-E ejects a disk or mounted volume
Command-Tab switches to the previous application
Command-Shift-Tab switch to the next application
Command-Shift-Delete trashes an item
Command-Shift-Option-Delete empties the trash without a warning dialog

SANS Mac OS X Fundamentals Now Avaliable

Tuesday, August 21st, 2007

The SANS Institute recently released a course by Charles Edge on Mac OS X Security Fundamentals. The course is described in the following manner:

“SANS is the leader in Information Security. This course on securing Mac OS X is the fastest way and most comprehensive way to get up to speed on applying the principals of the information security industry to the Mac. Written and taught by one of the security veterans of the Mac community, this course covers how real world security concepts are applied to the Mac with real world examples from the Mac community. The course offers a balanced mixture of technical issues making it appealing to attendees needing to understand how to effectively secure a Mac.

We begin by reviewing existing Mac exploits and then move on to covering the basic concepts and challenges of securing a Mac. Next, we review the standard security measures that should always be employed and the usability implications of each. We cover forensics, intrusion detection, firewalls, web browsers, mail programs, network infrastructure, preferences, system policies, command line tools, encryption, hardware and OS X Server. Through the course you will find thorough coverage of defense in-depth on the Mac platform.

If you’re a newcomer to the field of information security but a long time user of the Mac or a newcomer to the Mac but a long time information security expert then this is the course for you. You will develop skills that will help you to bridge the gap between the Mac administrators and the security administrators in most organizations. You will also learn the ins and outs of keeping your data private.

This is an ideal course for anyone charged with securing Mac systems. From securing a desktop to the high availability options available on the platform, this course is going to be a whirlwind overview of the Mac that will leave you ready to move to the next level!”

For more information on the course, see the following link:

https://www2.sans.org/staysharp/description.php?tid=1492

RDC to Windows Server With Maxed Out Remote Connections

Friday, August 3rd, 2007

This must be done from a Windows computer (NOT Mac RDC client). CoRD has an option for “taking over console session”.

On the PC, go to Start -> Run -> type “mstsc /console /v IP or name of server”

This will kick out the console user but you can then get access to the server.

Thanks to Eli for pointing this out!

Getting Mail on a Mac and an iPhone to Work with Kerio Mail Server

Wednesday, August 1st, 2007

This KBase article applies to IMAP connections to Kerio MailServer.

By default, Mac OS X Mail and the iPhone use different folders for Sent and Deleted messages than Kerio MailServer. Kerio MailServer stores its sent and deleted messages in folders named “Sent Items” and “Deleted Items”. By default, Apple Mail and iPhone use folders named “Sent Messages” and “Deleted Messages”.

What happens when you set up a Mail or an iPhone with a Kerio MailServer, is that rather than detecting and using the “Items” folders that Kerio uses, the Apple products simply create new “Sent Messages” and “Deleted Messages” folders. The problem becomes that anything sent or deleted from Apple Mail or iPhone goes into the “Messages” folders but Kerio WebMail or Entourage will continue to use the “Items” folders, thus splitting the users mail across separate folders. This can be easily remedied. I will split the instructions into an Apple Mail and iPhone section.

Apple Mail:
Once you create the account using the correct settings, Mail will create the two “Messages” folders on the Kerio Server. In the main window of Mail, you should see the two “Items” folders from the Kerio server below the standard Mail folders for Inbox, Sent and Trash in the sidebar. Select the folder name “Sent Items”, then in the menu bar choose Mailbox > Use This Mailbox For and then choose Sent. Do the same for the “Deleted Items” folder and choose Trash. Now you will see the “Messages” folders Apple Mail created in the sidebar. Simply right click on these and select Delete to remove them (this can also be done through webmail).

iPhone:
The iPhone, like Apple Mail, creates the two “Messages” folders. After setting up the account with the appropriate settings, you should be back at the Mail Settings screen. Select the account, now scroll to the bottom and select the Advanced button. From here you will see 3 items for Mailbox Behaviors: Drafts, Sent and Deleted Mailboxes. Drafts can be left as is. Sent Mailbox should show “Sent Messages” as the default. Select the Sent Mailbox menu and choose the “Sent Items” folder. Do the same for the Deleted Mailbox item, this time selecting “Deleted Items”. Now you will have to delete the “Messages” folders, which cannot be done from the iPhone menus. You can either do this from the Mail client on their computer or through webmail, either from the iPhone or a computer.