Error mounting Samba Shares in FreeBSD

Over a number of years I’ve had an issue “reliably” mounting some samba shares from my Windows 7 machine. The FreeBSD machine and Windows machine are on the same LAN Subnet and have no firewalls between them. Generally I’ve also disabled the firewall on the win7 machine but still I cannot mount the samba shares (where as they were working previously).

The error given by the mount command does not help with troubleshooting.

root@zzz:~ # mount /data3
mount_smbfs: unable to open connection: syserr = Connection refused
root@zzz:~ # mount /data3
mount_smbfs: unable to open connection: syserr = Connection reset by peer

The options in the nsmb.conf file are nicely described in this man page. The default connectivity (port445 option) is normal which means it will attempt to connect via port 445. If that is unsuccessful, try to connect via NetBIOS over TCP/IP (ie TCP port 139).

In my case a wireshark shows that the connection to port 139 was being immediately dropped.

10:12:50.195293 IP 10.202.70.220.47946 > 10.202.70.162.139: Flags [S], seq 3682484936, win 65535, options [mss 1460,nop,wscale 6,sackOK,TS val 4148422 ecr 0], length 0
10:12:50.195393 IP 10.202.70.162.139 > 10.202.70.220.47946: Flags [R.], seq 0, ack 3682484937, win 0, length 0

On the Windows machine I used the ifconfig command to check if NetBIOS over TCP/IP was enabled.

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel(R) 82579LM Gigabit Network Connection
   Physical Address. . . . . . . . . : A0-B3-CC-FC-34-A5
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::95e:16e8:af2f:2493%10(Preferred)
   IPv4 Address. . . . . . . . . . . : 10.202.70.162(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 10.202.70.151
   DHCPv6 IAID . . . . . . . . . . . : 245412812
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-19-41-B0-3E-A0-B3-CC-FC-34-A5
   DNS Servers . . . . . . . . . . . : 10.48.2.160
                                       10.48.2.162
   NetBIOS over Tcpip. . . . . . . . : Enabled

However this isn’t enough. Microsoft, for some unknown reason, only allows netbios to bind to one ip address on my windows interface. So if you have two ip address: 10.202.70.162 and 10.10.10.5 then netbios will bind to the lowest ip address (ie 10.10.10.5). The best way to check this is to use netstat:

C:\Users\myuser>netstat -an | find /i "139"
  TCP    10.10.10.5:139         0.0.0.0:0              LISTENING
  TCP    169.254.178.132:139    0.0.0.0:0              LISTENING
  TCP    192.168.56.1:139       0.0.0.0:0              LISTENING
  TCP    192.168.195.1:139      0.0.0.0:0              LISTENING

This can be easily fixed by removing the secondary ip address and rebooting the machine. NetBios will now bind to the correct address:

C:\Users\agarg>netstat -an | find /i "139"
  TCP    10.202.70.162:139      0.0.0.0:0              LISTENING
  TCP    169.254.178.132:139    0.0.0.0:0              LISTENING
  TCP    192.168.56.1:139       0.0.0.0:0              LISTENING
  TCP    192.168.195.1:139      0.0.0.0:0              LISTENING

The netbios bind address changes only if the following events happen:

1) On reboot, netbios will bind to the lowest ip address

2) On restarting the netbios process it will bind to the lowest ip address (Control Panel->Network Connections -> Lan Adapter -> IPv4 -> Properties -> Advanced -> WINS -> Disable/Enable netbios)

3) Removing the lowest numbered ip address, netbios will bind to the next lowest ip address

If you just add a “lower” ip address to an exiting interface then it will not change till the next event defined above. This is where the problem is! I would add a temp address to test a config and then 4-6 weeks later reboot the windows machine (to apply patches or install software) and suddenly the SMB mounts are no long working because netbios isn’t listening on the primary address anymore.

 

 

 

 

Converting OLM to PST

If you happen to be reading this post you probably already know what the title means. If you are still in the dark then let me explain:

Microsoft Outlook 2011 for Mac exports/imports all email to a file called OLM. Additionally it can only import email from PST files (ie files exported by Windows versions of Outlook). This basically means you can take your windows emails and move over to a Mac OSX machine quite easily. If how ever if you are disenchanted by the OSX version of Outlook then moving back is not so easy. If you Google there are a number of “paid” tools around which can convert the OLM to PST for you. I have a problem with the word “paid”, I believe it should be free. Why should I be locked into a platform, I should be able to take my data anywhere with me.

If you look for free solutions the best suggest you

1) create a new gmail account
2) connect to it using IMAP
3) copy all you email over to gmail
4) connect a Windows Outlook to the same Gmail account
5) pull the email back into your favorite version of Outlook

There are two issues I have with this

a) What if you are have huge number emails and they have big attachments. You are going to be waiting for a while for all this to be sent to the “cloud” and then back to your windows machine
b) Security. I’m totally against sharing my email with another party who probably will keep the email indefinitely. Think photos / confidential documents that were sent to you in emails.

The IMAP method however has merit. It not only allows conversion between OLM and PST but in reality it could be used to move from any email/operating system to another without issue. You are basically doing Source -> imap -> Destination and this a really novel technique.

To avoid my issues I am proposing to run a IMAP server locally. This way my data never leaves my local LAN. Here’s how to start

  • On your windows machine download hmailserver (free). It may ask to you install .NET2 if its not already install, let it do its thing.
  • During the install it will ask you for a admin password. Type one in and note it down
  • Once installed (no reboot required), start up “hmailserver Administrator” and select connect. Then type in the admin password you set during the install

Screen Shot 2014-11-17 at 10.32.27 pm

Screen Shot 2014-11-17 at 10.36.24 pm

  • Click Add domain and type in a random domain (can be anything). I chose to use convert.com, then click save

Screen Shot 2014-11-17 at 10.39.06 pm

  • When you click Save, the domain is added to the “Domain” tree. Expand the convert.com item and click Accounts -> Add
  • Provide a username and password (eg test) and then click Save

Screen Shot 2014-11-17 at 10.42.32 pm

  • Change the STMP message size from 20480k to 200480k, this will allow large attachments to be copied over
  • In Settings -> Protocols -> IMAP -> Advanced, change the Hierarchy delimiter to “/” from the default of “.” This is incase you have used “.” in your folder names

Now you can configure up Mac Outlook 2011 to connect to the server. Note the Incoming / Outgoing server should the ip address of the windows machine.

Screen Shot 2014-11-17 at 10.44.30 pm

  • You should now be able to drag all your folder from Mac Outlook over this imap account
  • Then use the same IMAP settings in the destination email program and pull the email over. Note that Oulook 2013 by default only syncs the last three months of emails. Change this slider to all the way to the right ie “All”

Building your first Windows Domain Controller

Are you a first time admin for a Windows network? Do you want to learn how to build a AD domain and attached PCs to them? What about pushing policies and updates?

I’m in the same situation where the number of Windows VMs I manage have been slowing increasing. This meant that I was repeating the same tasks on each VM. Adding a Windows Domain controller will allow me to offload some of this repetition by setting domain policies.

Here’s how to begin your first Windows domain network.
 
Choosing an Active Directory name
The AD domain name is also the name of the forest. The forest root name is a Domain Name System (DNS) name that consists of a prefix and a suffix in the form of prefix.suffix. For example, an organization might have the forest root name corp.contoso.com. In this example, corp is the prefix and contoso.com is the suffix.

Select the suffix from a list of existing names on your network. For the prefix, select a new name that has not been used on your network previously. By attaching a new prefix to an existing suffix, you create a unique namespace. Creating a new namespace for Active Directory Domain Services (AD DS) ensures that any existing DNS infrastructure does not need to be modified to accommodate AD DS.

There is a number of options of what should be done. This post discusses each one and lets you make a decision for yourself. I decided to use option 2  – using a subdomain off my public domain.
 
Building the domain controller
This post by Brad Held is the best one I’ve ever read. I didn’t have much experience with Windows networking and this post help quite a lot.

Creating an alternative (easy-to-remember) Active Directory name
My choice for the AD name above was quite long and this post described how to set a more friendly name. 

Add the first user to the domain

Login to the domain controller using the local admin account
Run the Active Directory Users & Computers tool
Click on the Users Folder and Add a new User
Make the user a Member of the Domain Users (default) and Domain Admin Group

Add the first PC to the domain (for initial testing)
Login to the PC as the local admin account
Change the DNS settings to point to the new domain controller (if you have a DHCP server then make the change here for everyone else)
Right Click computer and change from workgroup to domain
Provide the domain name and credentials for the admin account created above

Start configuring Domain Policies
Here is a good page which describes how to setup your first policy

Some polices I’m setting up:

 Now you can begin the following tasks:

  • Adding users
  • Adding PCs
  • One thing to consider is that you might want to organize your AD tree so that you can group computers/users in easily recognizable structures. For example:

    • AD Forest (corp.contoso.com)
      • Computers (Default, where all new PCs are stored when added to the domain)
      • Users (Default where all users can live)
      • Resources (A name I used but it could be anything you like)
        • Site A (Site / Office Name)
          • Computer (Computers at this site)
          • Users (Users at this site)
        • Site B (Site / Office Name)
          • Computer (Computers at this site)
          • Users (Users at this site)

    As you add users and PCs to the domain, drag-and-drop them into the correct folders in the Resources section.

    For me the has the benefit of identifying the users and hardware in geographical locations. I can then apply polices / Updates / software on a “per Office” basis.

    HDD SMART Monitoring in Win 7

    SMART (Self Monitoring, Analysis and Reporting Technology) is a hard disk monitoring system that is built into the HDD logic boards. It provides a host of parameters that are actively monitored by the HDD during its normal operation. Note, this monitoring and recording of information does not require any support from the Operating System.

    The article is from Google below analyzes SMART parameters and their correlation to HDD failure.

    http://static.googleusercontent.com/external_content/untrusted_dlcp/research.google.com/ja//archive/disk_failures.pdf

    They found that the parameters below have a large impact on failure probability.

    Scan Error (No SMART Parameter)
    Drives typically scan the disk surface in the background and report errors as they discover them. Large scan error counts can be indicative of surface defects, and therefore are believed to be indicative of lower reliability.

    Reallocation counts (SMART Parameter: 0x05)
    When the drive’s logic believes that a sector is damaged (typically as a result of recurring soft errors or a hard error) it can remap the faulty sector number to a new physical sector drawn from a pool of spares. Reallocation counts reflect the number of times this has happened, and is seen as an indication of drive surface wear.

    Offline reallocation counts (SMART Parameter: 0xC4, 0xC6)
    Offline reallocations are defined as a subset of the reallocation counts studied previously, in which only reallocated sectors found during background scrubbing are counted. In other words, it should exclude sectors that are reallocated as a result of errors found during actual I/O operations. Although this definition mostly holds, we see evidence that certain disk models do not implement this definition.

    Probational counts (SMART Parameter: 0xC5)
    Disk drives put suspect bad sectors “on probation” until they either fail permanently and are reallocated or continue to work without problems. Probational counts, therefore, can be seen as a softer error indication. It could provide earlier warning of possible problems but might also be a weaker signal, in that sectors on probation may indeed never be reallocated.

    I use Crystal Disk Info on Windows 7 to report on some of the parameters above.

    Win7 System Reserved Partition

    Let the Windows 7 setup proceed to the partition manager. At this point delete all the partitions you need to so that you have one big block of unallocated space. Then press Shift+F10 to open a Command Prompt window. Type diskpart to enter the Diskpart environment.

    To list the existing partitions:

    list disk – This should show you only one disk (unless you have multiple hard drives)
    select disk 0
    list partition
    create partition primary – This will create a single primary partition with all the unused space
    exit – to exit out of diskpart
    exit – to exit out of the command window

    Now hit Refresh on the Windows 7 Disk partition GUI and the your newly created partition will pop up. Select this partition and proceed with the system install as normal

    Outlook 2010 HTML formatted email – Attachments vs Embedded email size

    Today I composed an email in Outlook 2010 with some text plus two images. When I sent this email I cc’ed myself and was surprised to see that the email size was 11Mb! The question that immediately came up was why?

    Here is the break down of what I found out:

    1) Image file size
    I checked the file size of both images. I was sure they were very small as I had photoshoped them and reduced the size. The total size was only 406kb.

    File 1

    File 2

    2) Text quantity

    There isn’t more that 20 lines of text in the whole email (including the signature) so this can be excluded

    I then repeated the test, sending one email with the only pictures embedded and the other with the same images but as attachments. The email with the attachments is almost smaller by 3.5M!

    This probably has to do with how the embedded vs attached files are encoded, but what is it?

    Adding diskspace to Windows 7 Virtutal Machines

    Lets say you build a virtual machine and are running short of hard disk space. There are two options in VMware. The first is to add a secondary hard disk and move the content over.

    The other option is to extent the current hard disk. The easy way to do this is:

    1) Shutdown the virtual machine
    2) edit the properties of the virtual machine
    3) On the hard disk setting and in utilities on the right side add some disc space
    4) Start up the virtual machine and log in as administrator
    5) Start control panel -> admin tools -> computer management
    6) click storage on the left hand side and select disk management
    7) right click on the original partition and click extent volume