Making a Smooth and Seamless Transition to Windows 10 – Webinar coming up!

Gil Cattelain

Microsoft will discontinue all support for its Windows 7 operating system in January 2020.  Even today, Windows 7 is in an extended support phase, meaning Microsoft is offering paid support but not the free support included with licenses, and only provides security-related updates.  What it means is the clock is ticking for businesses to migrate …

+read more

The post Making a Smooth and Seamless Transition to Windows 10 – Webinar coming up! appeared first on Cool Solutions. Gil Cattelain

Related:

  • No Related Posts

VNX: Linux: Cannot boot from SAN. Install boot fails in BIOS with “Emulux driver not installed”

Article Number: 482969 Article Version: 3 Article Type: Break Fix



Symmetrix,PowerPath,VNX1 Series,VNX2 Series

On trying to boot from SAN, we can install the OS (Linux Red Hat) with a mounted Linux disk. After install, boot fails in BIOS with “Emulux driver not installed”.

When the host OS kernel resides on an external device, it will not be loaded during boot by the host system’s hard disk controller. The OS image can only be fetched by the HBA’s BIOS. To facilitate visibility of external boot device by the HBA, the HBA BIOS must be installed to register the external device as the boot source.

To boot from storage attached to the SAN environment, the host bus adapters Boot BIOS must be installed and enabled on the adapter. This can explain why the Boot fails from SAN, as the reported message after OS install : boot fails in BIOS with “Emulux driver not installed”.

Correctly configuring HBA BIOS

Issue was resolved by following the steps for installing and configuring HBA BIOS in Host connectivity guide for Linux, Page 168-173.

EMC Host connectivity guide for Linux is found on Dell EMC Online Support at https://support.emc.com/docu5128_Host-Connectivity-Guide-for-Linux.pdf?language=en_US

Dell EMC supports Emulex, QLogic, and Brocade HBAs to boot from SAN.

Visit the Dell EMC webpage of the Dell EMC supported HBA vendor for the latest BIOS and firmware download:

• For Emulex, go to http://www.emulex.com

• For QLogic, go to http://www.QLogic.com

• For Brocade, go to http://www.Brocade.com
Emulex and QLogic adopt slightly different approaches in distributions of latest BIOS and firmware.

Related:

  • No Related Posts

VNX: VDM MetroSync – Failed to query consistency group on VNX for Block.

Article Number: 483959 Article Version: 3 Article Type: Break Fix



VNX7600,VNX8000,VNX5800,VNX5600,VNX5400,VNX5200,VNX2 Series,VNX OE for Block 05.33.009.5.155,VNX OE for File 8.1.9.155

Unable to start or remove existing VDM MetroSync session, due to missing consistency group or MirrorView LUN from Secondary Site.

Note – Primary VNX (PHOST1) and Secondary VNX (SHOST2)

  • Session failed to start
[nasadmin@PHOST1-CS0 ~]$ nas_syncrep -start id=18036Error 13431997121: Failed because of the operation on the remote site.
  • Session failed to remove
nasadmin@SHOST2-CS0 ~]$ nas_syncrep -delete id=18036Error 13431997056: Failed to query consistency group syncrep_69_145_72_2143 on VNX for Block.Error 13431997056: Failed to query consistency group syncrep_69_145_72_2143 on VNX for Block.
  • Primary VDM MetroSync session is showing unknown consistency group, whereas Secondary VDM MetroSync is still referring to the old consistency group/MirrorView Session
[nasadmin@PHOST1-CS0 ~]$ nas_syncrep -info -allid = 18036name = SYNCREP_1vdm_name = VDM1syncrep_role = activelocal_system = PHOST1-CS0local_pool = VDM1_Pool01local_mover = server_2remote_system = SHOST2remote_pool = VDM1_Pool01remote_mover = server_2consistency_group = unknownsession_status = start_failed[nasadmin@FDCEPIPVN02-CS0 log]$ nas_syncrep -info -allid = 18036name = SYNCREP_1vdm_name = VDM1syncrep_role = unknownlocal_system =SHOST2-CS0local_pool = VDM1_Pool01local_mover = server_2remote_system = PHOST1remote_pool = VDM1_Pool01remote_mover = server_2consistency_group = syncrep_xx_xx_xxsession_status = start_failed
  • Remote Connection to Destination VNX is unknown
[nasadmin@PHOST1-CS0 ~]$ nas_syncrep -listid name vdm_name remote_system session_status18036 SYNCREP_1 VDM_1 unknown start_failed[nasadmin@SHOST2-CS0 ~]$ nas_syncrep -lid name vdm_name remote_system session_status18036 SYNCREP_1 VDM_1 unknown start_failed
  • MirrorView Session does not show Secondary Image
[nasadmin@PHOST1-CS0 ~]$/nas/sbin/navicli -h spa -np mirror -sync -listsyncprogressMirrorView Name: syncrep_mv_2000Has Secondary Images: NOMirrorView Name: syncrep_mv_2007Has Secondary Images: NOMirrorView Name: syncrep_mv_2001Has Secondary Images: N
  • Identifying underlying user defined NAS pool and all volume members
id = 69name = VDM1_Pool01description = XXX MetroSync Storage Pool (PHOST1)acl = 0in_use = Trueclients = XXXXXXXXmembers = d2000,d2001,d2007storage_system(s) = CKM00xxxxxxxxxdefault_slice_flag = Trueis_user_defined = Truethin = Truetiering_policy = Auto-Tier/Highest Available Tiercompressed = Falsemirrored = Truedisk_type = Mirrored_mixedserver_visibility = server_2,server_3is_greedy = Falsetemplate_pool = N/Anum_stripe_members = N/Astripe_size = N/Afixed_block_dedup = False

User has Administratively Fractured MirrorView Session from Unisphere, which resulted in Secondary LUN to be removed from the MirrorView Session – causing start_failed for VDM MetroSync session.

As a result of the Administrative Fracture, the user was unable to restart or remove the MetroSync Session, as the Primary VNX has lost association to the Destination VNX.

You should not perform operations, (such as fracture, promote, delete, and so on) on any MirrorView Consistency Groups and mirrors that have a prefix name of “syncrep_”, or any MirrorView mirrors and Clone Groups that have a prefix name of “nasdb_” from the Block side directly. The “syncrep_” and “nasdb_” prefix names are used by synchronous replication sessions, and the synchronous replication service, respectively. Otherwise, the synchronous replication session or service will not work properly.

Note – Primary VNX (PHOST1) and Secondary VNX (SHOST2)

  • Confirm the status of interconnects between Primary VNX to Destination VNX
[nasadmin@PHOST1-CS0 ~]$ nas_cel -lid name owner mount_dev channel net_path CMU0 PHOST1-CS0 0 10.xxx.xxx.160 CKM00xxxxxxxxxxxx[nasadmin@SHOT2-CS0 log]$ nas_cel -lid name owner mount_dev channel net_path CMU0 SHOST-CS0 0 10.xxx.xxx.160 CKM00xxxxxxxxxxxx
  • Update the interconnect, in-case the connection is broken
[nasadmin@PHOST1-CS0 ~]$ nas_cel -update id=0operation in progress (not interruptible)...id = 0name = PHOST1-CS0owner = 0device =channel =net_path = 10.xxx.xxx.160celerra_id = CKM00xxxxxxxxxxxx[nasadmin@SHOST2-CS0 ~]$ nas_cel -update id=0operation in progress (not interruptible)...id = 0name = SHOST2-CS0owner = 0device =channel =net_path = 10.xxx.xxx.160celerra_id = CKM00xxxxxxxxxxxx
  • Review the impacted volume members (d2000, d2001, d2007) to verify that Primary Data Mover is able to see the volumes on both the Primary and Secondary VNX
[nasadmin@PHOST1-CS0 ~]$ nas_disk -lid inuse sizeMB storageID-devID type name servers.....47 y 4194303 CKMxxxxxxxxxxx-07D0 MMIXD d2000 1,248 y 4194303 CKMxxxxxxxxxxx-07D1 MMIXD d2001 1,2.....54 y 4194303 CKMxxxxxxxxxxx-07D7 MMIXD d2007 1,2[nasadmin@SHOST2-CS0 log]$ nas_disk -lid inuse sizeMB storageID-devID type name servers.....137 y 4194303 CKMxxxxxxxxxxx-07D0 MIXED d2000 138 y 4194303 CKMxxxxxxxxxxx-07D1 MIXED d2001 .....144 y 4194303 CKMxxxxxxxxxxx-07D7 MIXED d2007 
  • We were able to confirm that the Administrative Fracture, through Unisphere MirrorView Block Management, has caused the Secondary Site VNX, to remove the diskmarking, resulting in the behaviour that Primary VNX (PHOST1) is unable to restart or remove the VDM MetroSync Session.
  • As a result of the above disjoint mapping of the volume member, we will need to do a “Storage Rescan” on the Secondary VNX (SHOST2)
[nasadmin@SHOST2-CS0 log]$ nas_diskmark -m -a
  • After the “Storage Rescan”, the volume member should be correctly mapped to the Data Moverson the Secondary VNX (SHOST2)
[nasadmin@SHOST2-CS0 log]$ nas_disk -lid inuse sizeMB storageID-devID type name servers.....137 y 4194303 CKMxxxxxxxxxxx-07D0 MIXED d2000 1,2138 y 4194303 CKMxxxxxxxxxxx-07D1 MIXED d2001 1,2.....144 y 4194303 CKMxxxxxxxxxxx-07D7 MIXED d2007 1,2
  • Once that is confirmed, referring back to the Primary VNX (PHOST1), the VDM MetroSync session should be reference back to the original consistency group/MirrorView Session (note Session-Status will still stay as start_failed)
[nasadmin@PHOST1-CS0 ~]$ nas_syncrep -info -allid = 18036name = SYNCREP_1vdm_name = VDM1syncrep_role = activelocal_system = PHOST1-CS0local_pool = VDM1_Pool01local_mover = server_2remote_system = SHOST2remote_pool = VDM1_Pool01remote_mover = server_2consistency_group = syncrep_xx_xx_xx ß----- consistency group is recognized on Primary VNX (PHOST1)session_status = start_failed
  • Once we were able to confirm the session status was ok and the <consistency_group = syncrep_xx_xx_xx > is recognized, we then went ahead and restarted the VDM MetroSync Session. (note the session can be started from Primary or Secondary VNX)
[nasadmin@ PHOST1-CS0 ~]$log nas_syncrep -start id=18036Done
  • Once the VDM MetroSync Session started successfully, please confirm the link state, has changed to sync_in_progress. (Note – you will need to validate with customer and confirm that the synchronization path is correct)
[nasadmin@PHOST1-CS0 ~]$ nas_syncrep -listid name vdm_name remote_system session_status18036 SYNCREP_1 VDM_1 -->SHOST2 sync_in_progress[nasadmin@SHOST2-CS0 ~]$ nas_syncrep -listid name vdm_name remote_system session_status18036 SYNCREP_1 VDM_1 <--PHOST1 sync_in_progress[nasadmin@PHOST1-CS0 ~]$ nas_syncrep -info -allid = 18036name = SYNCREP_1vdm_name = VDM1syncrep_role = activelocal_system = PHOST1-CS0local_pool = VDM1_Pool01local_mover = server_2remote_system = SHOST2remote_pool = VDM1_Pool01remote_mover = server_2consistency_group = syncrep_xx_xx_xx session_status = sync_in_progress

Once that we have confirmed the VDM MetroSync Session is in progress of synchronization, you can also verify that the MirrorView Session, has the updated Secondary Image.

[nasadmin@PHOST1-CS0 ~]$ /nas/sbin/navicli -h spa mirror -sync -listsyncprogress MirrorView Name: syncrep_2000Has Secondary Images: YESImage UID: 50:XX:XX:XX:XX:XX:XX:XXImage State: SynchronizingSynchronizing Progress(%): 8 MirrorView Name: syncrep_2007Has Secondary Images: YESImage UID: 50:XX:XX:XX:XX:XX:XX:XXImage State: SynchronizedSynchronizing Progress(%): 100 MirrorView Name: syncrep_2001Has Secondary Images: YESImage UID: 50:XX:XX:XX:XX:XX:XX:XXImage State: SynchronizingSynchronizing Progress(%): 52
  • From the above output, we can confirm that the VDM MetroSync Session has successfully started, and the synchronization progress is on-going.
  • Once the synchronization is completed the result of the MetroSync Link status, should be the following:
[nasadmin@PHOST1-CS0 ~]$ nas_syncrep -listid name vdm_name remote_system session_status18036 SYNCREP_1 VDM_1 -->SHOST2 in_sync

If there is still an issue with starting or removing VDM MetroSync session please contact EMC Support Center.

Related:

  • No Related Posts

VNX: User has write permission but gets “permission denied”

Article Number: 484656 Article Version: 3 Article Type: Break Fix



VNX/VNXe Family,Celerra,VNX1 Series,VNX2 Series

User is unable to write to a filesystem, but has “full control” NTFS permissions.

“Everyone” group added to filesystem permissions with Read/Execute and now other users with Read/Write/Execute cannot write to the filesystem.

Note: This issue is not specific to VNX/Celerra but rather all Windows NTFS permission functionality.

In Windows Advanced NTFS Security permissions, the effective permissions are applied with the lowest permissions first.

If an Active Directory group is added to a file/folder permission, and the new group has less control than any preexisting groups/users, any user that is included in this new group will have the effective permissions with the least control applied first.

Consider this Scenario:

There is a share on the data mover with the path “/filesystem1/share1”.

The “share1” folder has the following permissions:

  • “Everyone” group has read/execute permission.
  • “nas_user” group has read/write/execute permission.

A user named “user1” logs in and is part of both “Everyone” and “nas_user” Active Directory groups.

​When “user1” attempt to write to a file to the share “share1” directory they are denied access.

“user1” is denied access because the permissions from “Everyone” group is effective permission and applied first as it is the permission with the least amount of control.

An active directory group was added to a file/folder permission that has less control than a preexisting user/group in the same directory.

To correct the permission issue, the Active Directory Domain Administrator needs to consider the permission structure and re-apply the appropriate effective permissions.

In reference to the above scenario, some examples to correct the issue would be:

  • Remove “user1” from the “Everyone” group. (least intrusive)
  • Add write permission to the “Everyone” group.
  • Remove the “Everyone” group from the share’s permissions.

You can identify the issue with two ways:

  • You can have the customer check from a windows client in the advanced security properties of the folder/file as well as checking the group properties.
  • You can run an ACL dump and CRED report of the file/directory and user from the control station of the VNX/celerra.

Checking through Windows Client:

This example is with local groups, however the user may be using Active Directory, and would need to check in Active Directory Users and Computers.

  1. Check which permissions are applied to the folder — note that the box in RED is the user with read/write/execute permission, and the box in GREEN is the group showing the effective ready/execute permissions because “user1” is included in the “users” group.
user_permissions
  1. Verify any groups included in the permissions and see if the affected user is included in the group with the least amount of permissions.
User-added image

Checking through Control Station ACL / CRED dump:

Run the following two commands on the controls station. You must know the path to the share and/or file, the user account name trying to access/write, the data mover/vdm name, the customer domain name, and the CIFS server name.


$ server_cifssupport <vdm/server_name> -cred -name <username> -domain <domain_name> -compname <cifs_server_name>
$ server_cifssupport <vdm/server_name> -acl -path /filesystem1/share1

Use the following output to compare the CRED report with the ACL DUMP Report:

CRED Report:

$ server_cifssupport <vdm/server_name> -cred -name <username> -domain <domain_name> -compname <cifs_server_name>
ACCOUNT GENERAL INFORMATION

Name : user_name

Domain : DOMAINNAME

Server : CIFSSERVERNAME

Primary SID :

S-1-5-15-xxx9ff8-6bc5c62-6b635f23-1fc521 <<< User SID


UID : 23xx70

GID : 32xx8

Authentification : KERBEROS

ACCOUNT GROUPS INFORMATION <<< groups that this account is part of

Type UNIX ID Name Domain SID

NT 4294967294 Everyone S-1-1-0 <<< SID of Everyone group

ACL DUMP REPORT:

$ server_cifssupport <vdm/server_name> -acl -path /filesystem1/share1
Path : /filesystem1/share1

UID : 10xx5

GID : 40xx1

Rights : rwxrwxr-x

owner SID : S-1-5-xx-1-27c9

group SID : S-1-5-xx-2-9f4d

DACL <<< this section is the permission formation for the above path

USER 23xx70 S-1-5-15-xxxx9ff8-6bc5c62-6b635f23-1fc521 <<< user SID same as above

ALLOWED 0x2 0x1201ff RWX— user has read/write/execute

ALL S-1-1-0 <<Everyone SID from above

ALLOWED 0x9 0xa0000000 R-X— << Everyone has only read/execute

In Summary:

Using the Windows NTFS Security permission guidelines and referencing the highlighted output, we can determine that “Everyone” has read/execute, and the user has “read/write/execute.

Since the user is part of the “everyone” group, the effective permissions for the user is read/execute.

Related:

  • No Related Posts

Re: M&R, custom alert for VVolumes WriteLatency

Hi A1gah,

In our SRM 4.2 lab I re-created your custom VPLEX alert. It worked successfully in the lab. I did review the collected metrics using a File-Connector before I created the alert. This allowed me to be sure the VirtualVolume data was being collected. It also let me know that the value of FeWriteLat is always zero in our lab. So, I had to adjust the comparator to compare against a value of zero. See my screenshots below.

You need to make sure your perpetual monitors are working correctly, which allows SRM to collect the virtual volume performance data. Also, I noted the metrics, FeWriteLat, is not available in all the previous versions of SRM. What version are you using?

Regards,

Nancy

image1.PNG.png

image2.PNG.png

An N/A alert has been received with the following attributes:

Message: N/A

Device: FNM0012xxxxxxxxx

Device Type: VirtualStorage

Severity: N/A

Source: N/A

Source IP: N/A

Part Type: VirtualVolume

Part: device_CLARiiONxxxx_LUN_xxxxx_1_vol

Category: N/A

This is an auto-generated email. To change the notification settings, consult the site administrator.

Related:

  • No Related Posts