Средства поддержки Windows Server 2003 Пакет обновления 1

В этой статье описываются обновления средств поддержки Microsoft Windows Server 2003, включенные в Microsoft Windows Server 2003 Пакет обновления 1 (SP1).

Оригинальная версия продукта: Windows Server 2003 Пакет обновления 1 оригинальный номер КБ: 892777

Введение

Если вы поддерживаете или администратор сети, вы можете использовать средства поддержки Windows для управления сетями и устранения проблем с сетью, которые могут возникнуть.

Дополнительные сведения

Windows Server 2003 SP1 содержит обновления для следующих средств поддержки:

• Acldiag.exe
• Adsiedit.msc
• Bitsadmin.exe
• Dcdiag.exe
• Dfsutil.exe
• Dnslint.exe
• Dsacls.exe
• Iadstools.dll
• Ktpass.exe
• Ldp.exe
• Netdiag.exe
• Netdom.exe
• Ntfrsutl.exe
• Portqry.exe
• Repadmin.exe
• Replmon.exe
• Setspn.exe

Средства поддержки Windows не устанавливаются автоматически при установке Windows Server 2003 SP1. Чтобы установить средства поддержки Windows на компьютере под управлением Windows Server 2003, запустите программу Suptools.msi, которая находится в папке Support\Tools на КОМПАКТ-диске SP1 Windows Server 2003.

Файл справки о средствах поддержки Windows Server 2003 (Suptools.chm) расположен в Sup_srv.cab файле. Этот файл справки содержит описание каждого средства и связанного с ним синтаксиса. Этот файл справки также включает пример вывода и заметки. См. в этом файле справки для определенных сведений об использовании для этих средств.

Дополнительные справки введите следующую команду в командной подсказке и нажмите кнопку ENTER: имя инструмента/справка.

В этой команде имя средства-задатщика представляет имя средства, для которого необходимо получить помощь.

Если на компьютере установлена более раная версия средств поддержки Windows, необходимо удалить эту версию перед установкой средств поддержки Windows Server 2003 SP1.

Windows Server 2003 Service Pack 1 Support Tools

This article describes updates to the Microsoft Windows Server 2003 Support Tools that are included in Microsoft Windows Server 2003 Service Pack 1 (SP1).

Original product version: В Windows Server 2003 Service Pack 1 Original KB number: В 892777

Introduction

If you are a support person or a network administrator, you can use the Windows Support Tools to manage networks and to troubleshoot network problems that you may experience.

More information

Windows Server 2003 SP1 includes updates for the following Support Tools:

• Acldiag.exe
• Adsiedit.msc
• Bitsadmin.exe
• Dcdiag.exe
• Dfsutil.exe
• Dnslint.exe
• Dsacls.exe
• Iadstools.dll
• Ktpass.exe
• Ldp.exe
• Netdiag.exe
• Netdom.exe
• Ntfrsutl.exe
• Portqry.exe
• Repadmin.exe
• Replmon.exe
• Setspn.exe

The Windows Support Tools are not automatically installed when you install Windows Server 2003 SP1. To install the Windows Support Tools on a computer that is running Windows Server 2003, run the Suptools.msi program that is in the Support\Tools folder on the Windows Server 2003 SP1 CD.

The Windows Server 2003 Support Tools Help file (Suptools.chm) is located in the Sup_srv.cab file. This Help file includes a description of each tool and its associated syntax. This Help file also includes sample output and notes. See this Help file for specific usage information for these tools.

For additional help, type the following command at the command prompt, and then press ENTER: tool name /help.

In this command, the placeholder tool name represents the name of the tool for which you want to obtain help.

If you have an earlier version of the Windows Support Tools installed on your computer, you must remove this version before you install the Windows Server 2003 SP1 Support Tools.

Support Tools

When creating a new PV device using a previously partitioned disk, you may see the following error message.

It’s often necessary to migrate from a self-signed or LetsEncrypt certificate to an externally created certificate like DigiCert or Comodo in Rancher v2.x.

systemd-resolved can cause issues with Kubernetes (not to mention the time spent troubleshooting various issues).

In Rancher v1.6, sometimes a service can be stuck in a removing state.

All containers of this service were already deleted in the user interface. I verified this on the Docker hosts using “docker ps -a,” and yes, all container instances were correctly removed. But the service in Rancher was still stuck in removing.

Furthermore, in Admin -> Processes the service.remove processes (which seem to because of being stuck in that service removing in progress) never disappeared and were re-started every 2 minutes:

Although I’m not sure what caused this, the reason might be several actions happening on that particular service almost at the same time:

How to change etcd cipher suite in Rancher / RKE

This article will walk Rancher administrators through hardening the cluster communication between etcd nodes. We’ll go over configuring etcd to use specific ciphers which enable stronger encryption for securing intra-cluster etcd traffic.

The cipher suites defined in the example could trade off speed for stronger encryption. Consider the level of ciphers in use and how they could impact the performance of an etcd cluster. Testing should be done to factor the spec of your hosts (cpu, memory, disk, network, etc…) and the typical types of interacting with kubernetes as well as the amount of resources under management within the k8s cluster.

How to add additional scrape configs to a Rancher cluster or project monitoring Prometheus

The Rancher cluster and project monitoring tools, allow you to monitor cluster components and nodes, as well as workloads and custom metrics from any HTTP or TCP/UDP metrics endpoint that these workloads expose.

This article will detail how to manually define additional scrape configs for either the cluster or project monitoring Prometheus instance, where you want to scrape other metrics.

Whether to define the additional scrape config at the cluster or project level would depend on the desired scope for the metrics and possible alerts. If you wish to scope the metrics scraped and likely alerts configured for these metrics, you could configure the additional scrape config at the project monitoring level to a project. If you wish to scope the metrics at the cluster level, only those with cluster-admin access could see the metrics or configure alerts. You could configure the additional scrape config at the cluster monitoring level.

How to increase the log level of Kubernetes components in an RKE CLI or Rancher provisioned Kubernetes cluster

When troubleshooting an issue with an RKE CLI or Rancher provisioned Kubernetes cluster, it may help to increase the verbosity of logging on one or more of the Kubernetes components above the default level. This article details the process of increasing logging on both those components that use the Kubernetes hyperkube image (kubelet, kube-apiserver, kube-controller-manager, kube-scheduler, kube-proxy) as well as the etcd component.

How to block specific user agents from connecting through the nginx ingress controller

At times it’s necessary to block specific user agents from connecting to workloads within your cluster. Whether it’s bad actors or for compliance reasons, we’ll go through how to get it done with Rancher/RKE created clusters.

How to enable Envoy access logging in Rancher v2.3+ deployed Istio

This article details how to enable Envoy’s access logging, for Rancher deployed Istio, in Rancher v2.3+

How to retrieve a kubeconfig from RKE v0.2.x+ or Rancher v2.2.x+

During a Rancher outage or other disaster event, you may lose access to a downstream cluster via Rancher and be unable to manage your applications. This process allows to bypass Rancher and connects directly to the downstream cluster.

How to change the Rancher 2.x Server URL

This article details how to change the server URL for the Rancher v2.x cluster.

How to Fix ‘Migrate greyed out in vCenter for a single VM’

While migrating some VMs to a new storage array, I ran into an issue while moving the last VM, which, of course, was my vCenter appliance. When I right-clicked the VM in vCenter, then went to migrate. The migration option was greyed out, which blocked the migration.

TL;DR Follow VMware’s KB 1029926

How to access a protected server using a Jumpbox

It is a common practice to access servers remotely via SSH. Typically, you may have, which is commonly referred to as a “Jumpbox.” This server is accessible from the internet or other lesser trusted networks (sometimes this Jumpbox would be in a DMZ or have special firewall rules).

TL;DR To SSH to a server through a jumpbox, you can use ssh -J [email protected] [email protected] .

How to Fix ‘rm: cannot remove ‘/etc/resolv.conf’: Operation not permitted’

In Ubuntu, you may run into an issue when updating /etc/resolv.conf even tho you have root permissions.

How to Fix ‘Backend error: GSQLBackend unable to list keys’ in PowerDNS

After upgrading to Ubuntu 20.10, you may sometimes encounter an error when attempting to start PowerDNS:

Backend error: GSQLBackend unable to list keys: Could not prepare statement: select cryptokeys.id, flags, active, published, content from domains, cryptokeys where cryptokeys.domain_id=domains.id and name=?: Unknown column ‘published’ in ‘field list’

How to enable debug level logging for the Rancher Cluster/Project Alerting Alertmanager instance, in a Rancher v2.x managed cluster?

This article details how to enable debug level logging on the Alertmanager instance in a Rancher v2.x managed Kubernetes cluster, which may assist when troubleshooting cluster or project alerting.

How to enable legacy TLS versions in Rancher’s ingress-nginx

This article details how to enable TLS 1.1 on the ingress-nginx controller in Rancher Kubernetes Engine (RKE) CLI or Rancher v2.x provisioned Kubernetes clusters.

How to enable legacy TLS versions in Rancher’s ingress-nginx

This article details how to enable TLS 1.1 on the ingress-nginx controller in Rancher Kubernetes Engine (RKE) CLI or Rancher v2.x provisioned Kubernetes clusters.

How to use External TLS Termination with AWS

This document covers setting up Rancher using an AWS SSL certificate and an ALB (Application Load Balancer).

How to Fix ‘E: Could not get lock /var/lib/dpkg/lock-frontend — open (11: Resource temporarily unavailable)’

In Ubuntu, you may sometimes encounter an error when attempting to run an apt command:

E: Could not get lock /var/lib/dpkg/lock-frontend — open (11: Resource temporarily unavailable) E: Unable to acquire the dpkg frontend lock (/var/lib/dpkg/lock-frontend), is another process using it?

Updating the docker bridge for Rancher managed clusters

The docker0 bridge network has a default IP range of 172.17.0.0/16 (with an additional docker-sys bridge for system-docker using 172.18.0.0/16 by default on RancherOS). These ranges will be routed to these interfaces, per the below example of the route output. If the range(s) overlap with the internal IP space usage in your own network, the host will not be able to route packets to other hosts in your network that lie within these ranges. As a result you may wish to change the bridge range(s) to enable successful routing to hosts within these.

Install PowerShell on Ubuntu

As part of my DevOps process, I needed to create some DNS records on my Windows DNS server. In order to script this out, I needed to install PowerShell on my Jenkins server which is running Ubuntu 18.04.

Rancher SSL Passthrough for NGINX ingress

Recently while setting up Vault inside Rancher. I ran into an issue with the NGINX ingress terminating TLS and forwarding traffic unencrypted to Vault.

Persisting RancherOS state

Recently I set about installing RancherOS. This was just to have a look and see what use cases it might help with. I chose to install RancherOS to a VM. In my case, VMware workstation. A roadblock I hit was providing an SSH key to the cloud-config.yml file.

The roadblock specifically, how can I send a file to a system I don’t have a password or SSH key for?

This article covers, generating an SSH key, SSH access to live CD and installation to hard disk.

How to become a local CA, and sign your own SSL certificates

Sometimes when you experiment with some apps and VMs (like hosting gitlab on a local server or running a Rancher lab cluster) you might want to setup SSL for the app to work, to mimic the live setup and to make the browser happy. In order to do that, you need a SSL certificate.

You can buy one for your domain from a trusted CA, but if you’re working on a local network, that might not be possible. The other solution is… becoming CA yourself and issuing and signing the certificate yourself!

It’s pretty easy, you need a linux box with openssl installed, then follow these instructions:

Blog of Khlebalin Dmitriy

(Дорогу осилит идущий…)

Административные утилиты (win2003).

Системы Windows Server 2003 содержат множество утилит командной строки: одни из них выполняют те же действия, что и различные административные оснастки, только позволяют работать в окне консоли или создавать командные файлы, автоматизирующие типовые операции; другие утилиты могут оказаться незаменимым инструментом администратора при выполнении специфических задач по управлению компьютерами, пользователями и сетями.
Администраторы сетей, где используются системы Windows XP и Windows Server 2003, обязательно должны познакомиться с разделом справочной системы «Command-line reference A-Z» . Многие утилиты, ранее входившие в состав пакета Windows 2000 Resource Kit, теперь являются стандартными элементами этих систем — мы еще раз обращаем на них внимание администраторов.
Назовем лишь некоторые из утилит командной строки :

• Defrag.exe — выполняет дефрагментацию дисковых томов;
• Diskpart.exe — позволяет управлять дисками и томами;
• Eventcreate.exe — позволяет администратору создавать события в системных журналах;
• Eventtriggers.exe — настраивает триггеры событий, т. е. определенных действий, выполняемых на компьютере;
• Fsutil.exe — позволяет управлять дисковыми системами (например, управлять квотами);
• Gpupdate.exe — обновляет установки групповых политик, применяемые к компьютеру и пользователю;
• Openfiles.exe — отображает открытые файлы;
• Schtasks.exe — планировщик задач, значительно более мощный, чем команда AT;
• Shutdown.exe — выключение и перезагрузка локального или удаленного компьютера;
• Systeminfo.exe — полезная информация о системе, которую иначе искать довольно долго;
• Tasklist.exe — отображает список выполняющихся приложений, служб и процессов;
• Taskkill.exe — завершает задачи или процессы;
• Typeperf.exe — записывает значения счетчиков производительности в окно консоли или в журнал.

Пакет Windows Server 2003 Support Tools

На дистрибутивных Дисках систем Windows Server 2003 имеется пакет чрезвычайно полезных утилит, которые в значительной мере облегчают поиск неисправностей в сетях и доменах на базе Windows 2000 Server и Windows Server 2003. (Многие их этих утилит упоминались в разных главах данной книги.)
Этот пакет называется Windows Server 2003 Support Tools и должен устанавливаться отдельно от самой системы. Для его установки нужно запустить файл Suptools.msi, находящийся в дистрибутиве в папке \SUPPORT\TOOLS. Кроме того, дистрибутив содержит мощнейшее средство миграции между доменами — Active Directory Migration Tool version 2.0 (ADMT), которое устанавливается из папки \I386\ADMT.
В табл. 10.10 перечислены основные административные утилиты и указаны области их применения.

Таблица 10.10. Назначение утилит из пакета Windows Server 2003 Support Tools