Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
In DRS
virtual machines can move in online state
VMware Fault Tolerance is enabled on individual virtual machines. FT required dedicated Nic.
HA requires 2 esx & same vSwitch with same name.
VMotion is migration of virtual machine from one data store to another data store.
Comparing vNetwork Standard Switch with vNetwork Distributed Switch
These features are available with both types of virtual switches:
Can forward L2 frames
Can segment traffic into VLANs
Can use and understand 802.1q VLAN encapsulation
Can have more than one uplink (NIC Teaming)
Can have traffic shaping for the outbound (TX) traffic
These features are available only with Distributed Switch:
Can shape inbound (RX) traffic
Has a central unified management interface through vcenter
Supports Private VLANs (PVLANs)
Provides potential customization of Data and Control Planes
Uplink is a nic of physical server which connected to vSwitch (virtual Switch)
Esx IMP commands
Service network(service name) restart
ifconfig
esxcfg-vswif
esxcfg-vswitch
esxcfg-nics
You can use the command: esxcfg-info > config.txt
Another excellent tool for checking out what VLAN's are presenting is this baby:
esxcfg-info -n | grep -E -i "_name|Hint
How to export esx logs?
To gather diagnostic data using the VMware vSphere Client:
Open the vSphere Client and connect to vcenter Server or directly to an ESXi 4.x host.
Login with administrator account.
Click the File menu, and select Export, Export System Logs.
In the Export System Logs dialog, select the host or group of hosts to collect diagnostic
information from.
"
You can create a maximum of 512port groups on a single host.
If Vcenter server is down then which feature will available?
HA will continue to work. It is configured through vCenter Server (i.e. vCenter Server
configures the hosts), however it does not need vCenter Server to work.
DRS will not work. Moving the VM's between hosts is a vCenter Server function.
FT will continue to work for the configured VMs. However in case of a failover, no new
Secondary will be created.
Adding a data store?
Vcenter => Click on ESX server => Select configuration tab => Select Hardware Tab = >
Add data store => add storage window will appear => then add Once in that just follow the
wizard for adding a new Disk\LUN.
Block Size
We can format every block size with 2Tb but assign files size as below.
1MB block size 256GB maximum file size
2MB block size 512GB maximum file size
4MB block size 1024GB maximum file size
8MB block size 2048GB maximum file size
Thick provision & Thin Provision?
Thin provisioning will allow the machine to use only the required storage space.
Thick provisioning will allow the machine to use whole allocated disk space.
Raw Device Mapping
Raw device mapping (RDM) provides a mechanism for a virtual machine to have direct
access to a LUN on the physical storage. It will help for better Performance of VM.
2 types of RDM
Software base RDM & Hardware base RDM.
In Software base RDM we can take Snapshot but this future is not available in Hardware base
RDM.
How Does VMware VMotion Work?
The entire state of a virtual machine is encapsulated by a set of files. The active memory
and precise execution state of the virtual machine is rapidly transferred over a high speed
network. The networks being used by the virtual machine are also virtualized by the
underlying ESX host, ensuring that even after the migration, the virtual machine network
identity and network connections are preserved.
What is a snapshot?
A snapshot preserves the state and data of a virtual machine at a specific point in tiem.
While taking snapshot it will do original machines as read only and create same copy of VM.
What is a snapshot?
A snapshot preserves the state and data of a virtual machine at a specific point in time.
The state includes the virtual machines power state (for example, powered-on, powered-off,
and suspended).
The data includes all of the files that make up the virtual machine. This includes disks,
memory, and other devices, such as virtual network interface cards.
Tool use forP2V?
P2V converter
What is the template?
A virtual machine template is a virtual machine image loaded with an operating system,
applications, and data. After you define and publish a virtual machine template, you can
quickly and easily create multiple virtual machines based on the virtual machine template
without having to reinstall software or redo setup tasks on each virtual machine. Using
virtual machine templates ensures that virtual machines are consistently configured across
an entire organization.
VMotion 8000
Discover packet
DHCP offers to the client.
In response to the offer Client requests the server
DHCP acknowledging the request
DHCP Scope
A DHCP scope is a valid range of IP addresses that are available for assignment. In a DHCP
server, a scope is configured to determine the address pool of IPs. Scopes determine which
IP addresses are provided to the clients.
superscop
A superscope is an administrative feature of Dynamic Host Configuration Protocol (DHCP).
Superscope, you can group multiple scopes as a single administrative entity in DHCP.
Multiscope
You can configure multiple scopes on a single network. A single DHCP server or multiple
DHCP servers
can serve these scopes. However, anytime you work with multiple scopes, it's extremely
important that
the address ranges used by different scopes don't overlap. Each scope must have its own
unique address
range. If it doesn't, the same IP address may be assigned to different DHCP clients, which
can cause
severe problems on the network.
dfsr- is introduce after 2003r2. The Distributed File System Replication (DFSR) service is a
new .
multi-master replication engine that is used to keep folders synchronized on multiple
servers.
increases data availability and gives users in remote sites fast, reliable access to files.
dns
A name server can act as a primary for multiple zones and as secondary for others. Some
valid record
types on a DNS server are stated as follows.
SOA record (Start of Authority), which consist of crucial information like the SERIAL number,
which is
monitor by other name servers for change, which indicates to them a change in information
for a zone,
REFRESH which tell how often a secondary name server should check for a change in the
serial number,
RETRY is to inform a secondary server how long it should use it current entry if it is unable to
perform a refresh and MINIMUM is how long the other name servers should hold these
information.
NS record which show the authoritative DNS for the zone
A record which points a hostname to an IP address
CNAME record (canonical naming) which allows a node to be address using more than one
hostname
MX record, which is used for message routing where there are multiple mail exchange hosts.
A (A) record host address is needed for every MX record set.
PTR records, which are just the reverse of A records, it maps IP address to a hostname.
These records
can only be meaningful in-addr.arpa zones have been delegated to your control by your
service provider
of your IP block.
There are also some other lesser used record types like HINFO which indicate CPU and
operating system
types for mapping to specific hostnames and Text (TXT) record that provides a descriptive
text
associated with a domain name.
Stub Zone
Stub zone is a newly added feature in WIN 2003 stub zone contains name server information
or name
server records and SOA records (Start of Authority) Stub zones provide fault tolerance & load
balancing besides providing the name server & SOA record information.
Stub zones are useful for resolving the query faster.
If 2003 server is in native mode what issue occurred
Leagacy will not support in native mode.
We have 6 dc's DC1,2,3,4,5 & 6? DC1 have forest wide roles & Dc2 have Domain wide roles.
Dc1 get down to H/W problem IT head said that move forest wide role on DC6 only? But the
dc6 is not
able to access via RDP?
=> There is no requirement to connect particular DC via RDP at the time of NTDSUTIL it will
ask for the
Connection where we need to move the roles.
Stub zone byde fault ad integrated or not?
Yes.
Unexpected Reboot?
Check the server state via DRAC OR ILO
Then log in to the server.
Check HW health Staus.
check Eventvwr
Check Eventvwr for Dump File
Anlyze the dump file via dumpster.
Authorative & non Authorative.
Non -Authorative = Most commonly used when hardware or software problem. This is
directory services restore mode. first restore os then DC content from Backup.
Authorative = Most commonly used when change was made within the directory such as
deleting an organization unit by mistake.This process restores the DC from the backup and
then replicates to and overwrites all other domain controllers in the network to match the
restored DC.
While authorative backup DC USN is increase with 1,00,000. and other dc in same domain
get think like the dc1 have latest update so they will try to update the self with same as dc1.
Win2K3 edition
std, Ent, Datacenter, web & storage.
Cluste
2000
2k3
2k8
node support
4
8
16
4 CPU
Std
Ent
64
What is tombstone?
Keeping some of deleted object in multimaster systems such as Active Directory (AD). which
must replicate deletions among domain controllers (DCs). When you delete an object in AD,
that object doesn't disappear completely. The default tombstone lifetime is 60 days
Tombstone lifetime?
Tombstone lifetime is the time period till which a deleted object is left alive.
What is DSACCESS?
It is a exchange process to communicate with AD.
DSAccess performs a discovery process to determine the Active Directory topology and then
chooses suitable Active Directory domain controllers and global catalog servers that can be
used by Exchange.
What are the roles of Exchange server 2003?
Answer : Front-End and Back-End Server
Details:MS Exchange Server 2003 and Microsoft Exchange 2000 Server support front-end
and back-end servers. front-end server accepts requests from clients and proxies them to
the appropriate back-end server for processing. This guide discusses how
Exchange Server 2003 and Exchange 2000 Server support the front-end and back-end
server architecture. Also covered
are several front-end and back-end scenarios and recommendations for configuration.
1.Whats the difference between local, global and universal groups?
Domain local groups assign access permissions to global domain groups for local domain
resources.
Global groups provide access to resources in other trusted domains.
Universal groups grant access to resources in all trusted domains.
2.I am trying to create a new universal user group. Why cant I?
Universal groups are allowed only in native-mode Windows Server 2003 environments.
Native mode requires that all domain controllers be promoted to Windows Server 2003
Active Directory.
3.What is LSDOU?
Its group policy inheritance model, where the policies are applied to Local machines, Sites,
Domains and Organizational Units.
Why doesnt LSDOU work under Windows NT?
If the NTConfig.pol file exist, it has the highest priority among the numerous policies.
4.Where are group policies stored?
%SystemRoot%System32\GroupPolicy
5.What is GPT and GPC?
Group policy template and group policy container.
It helps to reconcile desktop settings, applications, and stored files for users, particularly
those who move between workstations or those who must periodically work offline.
21.Whats the major difference between FAT and NTFS on a local machine?
FAT and FAT32 provide no security over locally logged-on users. Only native NTFS provides
extensive permission control on both remote and local files.
23.How do FAT and NTFS differ in approach to user shares?
They dont, both have support for sharing.
24.Explan the List Folder Contents permission on the folder in NTFS.
Same as Read & Execute, but not inherited by files within a folder. However, newly created
subfolders will inherit this permission.
25.I have a file to which the user has access, but he has no folder permission to read it. Can
he access it?
It is possible for a user to navigate to a file for which he does not have folder permission.
This involves simply knowing the path of the file object. Even if the user cant drill down the
file/folder tree using My Computer, he can still gain access to the file using the Universal
Naming Convention (UNC). The best way to start would be to type the full path of a file into
Run window.
26.For a user in several groups, are Allow permissions restrictive or permissive?
Permissive, if at least one group has Allow permission for the file/folder, user will have the
same permission.
27.For a user in several groups, are Deny permissions restrictive or permissive?
Restrictive, if at least one group has Deny permission for the file/folder, user will be denied
access, regardless of other group permissions.
28.What hidden shares exist on Windows Server 2003 installation?
Admin$, Drive$, IPC$, NETLOGON, print$ and SYSVOL.
29.Whats the difference between standalone and fault- tolerant DFS (Distributed File
System) installations?
The standalone server stores the Dfs directory tree structure or topology locally. Thus, if a
shared folder is inaccessible or if the Dfs root server is down, users are left with no link to
the shared resources. A fault-tolerant root node stores the Dfs topology in the Active
Directory, which is replicated to other domain controllers. Thus, redundant root nodes may
include multiple connections to the same data residing in different shared folders.
30.Were using the DFS fault-tolerant installation, but cannot access it from a Win98 box.
Use the UNC path, not client, only 2000 and 2003 clients can access Server 2003 faulttolerant shares.
31.Where exactly do fault-tolerant DFS shares store information in Active Directory?
In Partition Knowledge Table, which is then replicated to other domain controllers.
32.Can you use Start->Search with DFS shares?
Yes.
33.What problems can you have with DFS installed?
Two users opening the redundant copies of the file at the same time, with no file-locking
involved in DFS, changing the contents and then saving. Only one file will be propagated
through DFS.
34.I run Microsoft Cluster Server and cannot install fault- tolerant DFS. Yeah, you cant.
Install a standalone one.
35.Is Kerberos encryption symmetric or asymmetric?
Symmetric.
36.How does Windows 2003 Server try to prevent a middle-man attack on encrypted line?
Time stamp is attached to the initial client request, encrypted with the shared key.
37.What hashing algorithms are used in Windows 2003 Server?
RSA Data Securitys Message Digest 5 (MD5), produces a 128- bit hash, and the Secure Hash
Algorithm 1 (SHA-1), produces a 160-bit hash.
38.What third-party certificate exchange protocols are used by Windows 2003 Server?
Windows Server 2003 uses the industry standard PKCS-10 certificate request and PKCS-7
certificate response to exchange CA certificates with third-party certificate authorities.
39.Whats the number of permitted unsuccessful logons on Administrator account?
Unlimited. Remember, though, that its the Administrator account, not any account thats
part of the Administrators group.
40.If hashing is one-way function and Windows Server uses hashing for storing passwords,
how is it possible to attack the password lists, specifically the ones using NTLMv1?
A cracker would launch a dictionary attack by hashing every imaginable term used for
password and then compare the hashes.
41.Whats the difference between guest accounts in Server 2003 and other editions?
More restrictive in Windows Server 2003.
42.How many passwords by default are remembered when you check "Enforce Password
History Remembered"?
Users last 6 passwords.
1. How would you troubleshoot AD Replication ( Intersite & Intrasite ) and what are the tools
which you would use Event Viewer / RPC / Repadmin / DcDiag / Replmon / Subnet Information Event ID 1311 /
1290 / 1586.
Senario - There are 4 Sites Site A Site B Site C Site D. Site A connected to Site B, Site
B connected to Site C, Site C connected to Site D, but Site D is not connected to Site A. So
how long would replication take from Site A to Site D.
Answer Site to Site replication takes 15 min in Windows 2003 Domain, so it would take 45
min for an object to be replicated from Site A to Site D.
2. What are the various Attributes for an Object
Answer Address, E-Mail,
3. Which are the different Naming Context in AD
Answer Domain / Configuration / Schema / Application / Domain DNS / Forest DNS
4. How would you Force Replication in AD & FRS
Answer AD Replication can be forced using Replmon, FRS Replication can be forced by a
relevant D2 or D4.
5. Senario Based A User in Site A changes his Password and then tries to Login in Site B, so
would he be able to login with his new Password or would require to Login with Cached
Credentials.
Answer Yes, the User would be able to Login to Site B with the new password as password
replications are Urgent Replications and are triggered in 15 Sec.
6. What is FRS ? Why is it Used and what are the tools to monitor FRS ?
Answer FRS is used to replicate GPOs and Scripts b/w DCs and also used to Replicate DFS
Data. Tools to monitor FRS are FRSDiag / Ultrasound / Sonar / Event Viewer.
7. What are Morphed Folders and what are they created and what is the way to Troubleshoot
them.
Answer Morphed folders are duplicate folders with same name created due to Replication
Link Failure or Forced Traffic in DFS & FRS.
8. What is Sharing Voilation ?
Answer Sharing Voilation is multiple user accessing the same file while that file is
Replicating through FRS or DFS and fails replication cause User are using the File and it is in
use. Sharing Voilation can be troubleshot by doing a D2 on the Server.
9. What is Backlog Issue in FRS ?
Answer Backlog issue is when Server A is replicating files to Server B and Server B is not
accepting those files then the files are accumulating and creating a Backlog on Server B.
Troubleshooting step is D2 on Server B.
10. How would you flush and register a DNS Record
Answer Ipconfig /flushdns & ipconfig /registerdns.
11. What are the Various Records for a DC in DNS ?
Answer Host A / GUID / Kerberos / GC Record / _MSDCS Record.
12. What is the difference b/w Primary Zone / AD Integrated Zone and Secondary Zone in
terms of Usage and Replication.
Answer Primary Zone is a editable copy but replicated through DNS Replication. AD
integrated zone is AD integrated and is replicated through AD. Secondary zone is a readonly
copy of either Primary or AD Integrated Zone.
13. How would you troubleshoot disappeared DNS Records and what is the use of C Name
Record ?
14. What is Scavenging and what are Stale Records in DNS ?
Answer Scavenging is automatic removal of Stale Records in DNS, default period is 7 days.
15. What are the tools to monitor GPO Replication
Answer GPResult / Userenv / RSOP / GpoTool.
16. There are 1000 Users in an OU and you would like to apply a Policy to only 200 Users in
that OU. How is that possible ? Answer GPO Filtering. User and Computer part of a Policy
can also be filtered if required. There is only 1 Password Policy per Domain no matter what.
17. How would you recover a deleted User / GPO or OU Answer
Migration with Storage VMotion allows you to move a virtual machine's storage without any
interruption in the availability of the virtual machine.
High Availability (HA) Feature that provides high availability for applications running in
virtual machines. If a server fails, affected virtual machines are restarted on other
production
servers that have spare capacity.
Distributed Resource Scheduler (DRS) Feature that allocates and balances computing
capacity
dynamically across collections of hardware resources for virtual machines. This feature
includes
distributed power management (DPM) capabilities that enable a datacenter to significantly
reduce
its power consumption.
Consolidated Backup (Consolidated Backup) Feature that provides a centralized facility for
agent-free backup of virtual machines. It simplifies backup administration and reduces the
impact
of backups on ESX/ESXi performance.
Fault Tolerance When Fault Tolerance is enabled for a virtual machine, a secondary copy of
the
original (or primary) virtual machine is created. All actions completed on the primary virtual
machine are also applied to the secondary virtual machine. If the primary virtual machine
becomes
unavailable, the secondary machine becomes active, providing continual availability.
vNetwork Distributed Switch (DVS) Feature that includes a distributed virtual switch (DVS),
which
spans many ESX/ESXi hosts enabling significant reduction of on-going network maintenance
activities and increasing network capacity. This allows virtual machines to maintain
consistent
network configuration as they migrate across multiple hosts.VMware vSphere Introduction
Host Profiles Feature that simplifies host configuration management through user-defined
configuration policies. The host profile policies capture the blueprint of a known, validated
host configuration and use this to configure networking, storage, security, and other settings
across multiple hosts. The host profile policies also monitor compliance to standard host
configuration settings across the datacenter. Host profiles reduce manual steps involved in
configuring a host and can help maintain consistency and correctness across the datacenter.
Pluggable Storage Array (PSA) A storage partner plug-in framework that enables greater
array
certification flexibility and improved array-optimized performance. PSA is a multipath I/O
framework allowing storage partners to enable their array asynchronously to ESX release
schedules. VMware partners can deliver performance-enhancing multipath load-balancing
behaviors
that are optimized for each array.
vCenter Server vCenter Server provides a single point of control to the datacenter. It
provides
essential datacenter services such as access control, performance monitoring, and
configuration.
Resource pools are partitions of computing and memory resources from a single host or a
cluster.
Resource pools can be hierarchical and nested. You can partition any resource pool into
smaller
resource pools to further divide and assign resources to different groups or for different
purposes.
VMware Update Manager Enables security administrators to enforce security standards
across
ESX/ESXi hosts and managed virtual machines. This plug-in provides the ability to create
userdefined security baselines that represent a set of security standards. Security administrators
can compare hosts and virtual machines against these baselines to identify and remediate
virtual
machines that are not in compliance.
port group A construct for configuring virtual network options such as bandwidth limitations
and
VLAN tagging policies for each member port
RDM (raw device mapping) A mechanism that enables a virtual machine to have direct
access to a
LUN on the physical storage subsystem
revert to snapshot To restore the status of the active virtual machine to its immediate parent
snapshot.
scheduled task A vCenter Server activity that is configured to occur at designated times.
snapshot A reproduction of the virtual machine just as it was when you took the snapshot,
including the state of the data on all the virtual machines disks and the virtual machines
power state (on, off, or suspended). You can take a snapshot when a virtual machine is
powered
on, powered off, or suspended.
Snapshot Manager A control that enables you to take actions on any of the snapshots
associated
with the selected virtual machine.
SSH (Secure Shell) A program for securely logging on to a remote machine and executing
commands.
SSH provides encrypted communications between two untrusted hosts over a network.