SafeDuino – Part 03: The goalposts change

Ok, I admit it… feature creep has officially set in on this project.

After doing the basic designs and working out I needed the EtherMega (from Freetronics) for the SafeDuino project, and consequently purchased some (I say some as I keep changing the design) of the components I decided that it was a “waste” of a mega to only use the small number of I/O’s I needed (but more than I could get from an ethernet connected UNO), and this is where the feature creep began.

So, now what I have is more of an environmental monitor not only for the cabinet it was to maintain originally, but also for the room/building it is housed in, this will allow me to do differential monitoring for parts of the building vs the areas I am going to monitor/control individually.

So far I have determined, that beyond the original cabinet it was going to monitor, the following are going to be monitored;

  • The building itself, this is to allow for differential comparisons and fluctuations in temperature and humidity to see if the things I am putting in place to control humidity are in fact working
  • Two other cabinets, including one humidor, just because I can 😀
    • Turn on/off humidification/dehumidification equipment and fans to allow for circulation in the closed environments based upon readings
  • Possibility of wine/beer fridges
  • External temperature/humidity
  • Solar Radiation (for estimating solar panel power generation)
  • Background radiation, this is more of another because I can thing, being able to monitor radiation (Alpha, Beta, Gamma) in the background of the environment long-term will be useful in the future just to see the changes over time, I will be connecting it to one of the sensor networks that have popped up after the Fukushima accident
  • Internal and External light sensors, again to see how it affects temperature/humidity in the closed environments/building
  • Same goes for door/window openings

I am sure there is more to come, in fact I know there is, I have 40 odd pins to fill up :D.

In addition to these added features, I have decided to add some protection to the arduino itself through the use of optocouplers/optoisolators to isolate the external electronics from the device itself, where possible anyway, this will also take some of the current loading of the arduino board. So far I have confirmed that the 4N25 optocouplers work, and I have tested those which I have purchased to ensure they operate correctly.

I am still to get a few linear optocouplers for use the with the voltage divider to allow me to monitor the voltage in the battery system.

Considering ultimately that the EtherMega will be powered via POE (supplied by the switch, so a proper 801.11af regulator, which is being done to ensure monitoring will continue even if the batteries for the lights etc fail) there will be no load on the batteries apart from a few mA for sensors and alike for the most part, but I will be configuring the reed switches for example to be Normally Open (NO) so that there is no power going through them when they are not activated (apart from what is used by the resistors to keep a proper ground) I should be able to maintain this for a long period with just the batteries, and with a solar charger, I should be able to maintain this use of the system indefinitely.

Hyper-V Fix Time Sync issues

I know this has been done to death, but as this is my Blog, and the original idea for it was for me to put all the odds and sods of knowledge in one location so  I did not have to remember every little command, I am doing it again.

Hyper-V on Server 2008 and 2008 R2 has a known issue with time slipping slipping slipping into the future (sorry Steve Miller Band moment there) when using a Hyper-V based Primary Domain Controller (PDC). The first part of this is an east step, you turn OFF “Time Synchronisation” for the PDC, or whichever server takes care of your time syncing on the network (although I do it for all servers) on the Hyper-V host, this is done by selecting the Virtual Machine in the Hyper Visor, opening its properties, selecting integration services and unchecking “Time Synchronisation” as shown in the image below

Virtual Machine Settings - Integration Services - Turn off Time Sync
Virtual Machine Settings – Integration Services – Turn off Time Sync

Secondly to that, on the PDC you should set a known reliable time source, I normally select one from http://pool.ntp.org.

To add this sever and set it to your PDC time server open an Administrative Command Prompt and enter the following commands

net stop w32time
w32tm /config /manualpeerlist:PEERS /syncfromflags:manual /reliable:yes /update
net start w32time

Where PEERS is the selected time server or time server pool.

This should update itself instantly, and keep itself updated

Hyper-V High Ping Latency

Had an interesting issue today, an insanely slow, brand new server….. or so I thought. First a bit of background on the client, they are fairly large, with over 400 client access devices to maintain, not including server, network equipment etc. to support this the client has 3 servers, one purchased a year and the oldest one thrown out, keeping all devices in warranty and with modern powerful equipment to keep things running, in addition to this there are two other servers that are replaced every three years, these are treated differently as these are speciality servers, and only do one task.

So, building a new server for a client, in this case a Dell R520 with Server 2008R2 running as a Hypervisor, nothing special in that, I do this exceedingly regularly so it has become more of a routine build for me. What got me with this one though was during testing I was getting insanely high ping latency, not only to the virtual machines from the network and vice versa, but also from the hypervisor to the machines and vice versa. Pings to other virtual machines on others server, on different LAN segments were all responding normally in <1MS

My first thought was there was something wrong with the virtual machines and that I had butchered something in the migration, but as they worked on other hypervisors without delays, that knocked that one on the head. Then I thought network location issue, but that does not make any sense due the fact that pinging from a hypervisor to guest does not go across a physical network, so it has to be the brand new server.

Ok, so what’s new about this server, well its got newer Processors, greater memory, faster HDD’s with larger capacity’s, basically it was more a case of what wasn’t different to the last server. Not going to go through the whole process of troubleshooting, but basically it was to do with the NIC’s, fine now what about them is it. After trial and error, and of course every techs most important tool, Google I came across the issue what is it…

 

THE ISSUE IS VMQ or Virtual Machine Queuing inside the Broadcom NIC drivers as shown below, disable this and the issue clears instantly

Advanced NIC Properties showing Virtual Machine Queue option
Advanced NIC Properties showing Virtual Machine Queue option

 

Pings and other indicators are now back down to <1ms which is what I expected to see in the first place.

Hardware effected by this was as follows

DELL R520
Server 2008R2 Enterprise
Broadcom Quad Port NIC
Broadcom Driver 15.4.0.17 dated 4th of September 2012, as downloaded from the DELL site on the 31st of January 2013

Going to put this on my to check list in future

 

UPDATE 11th February 2013:

Dennis over at Flexecom has found the same thing in this posting (http://www.flexecom.com/high-ping-latency-in-hyper-v-virtual-machines/), posted on the 10th of December, wish I had found it before so I did not have to troubleshoot this myself, none the less he has more information on how VMQ’s are MEANT to work, interestingly although it is a different manufacturer, the NIC is the same, as is the driver version although the reported release date of the driver is different, so currently the problem seems to exist with BROADCOM NIC’s and specifically using driver revision 15.4.0.17. Perhaps we could get Broadcom to turn this off by default, then if desired the server admin could turn it on.

 

Global DNS Blocklist, WPAD not resolving – Remove the Filter

After the rebuild of a AD Domain Controller I was wondering why I could not longer get response from WPAD, when it hit me like a ton of bricks….. Global DNS Blacklist, this is a “feature” in some Microsoft products, and in this case specifically Server 2008 R2 that blocks the query of specific DNS names (isatap and wpad by default, although you can add and remove names to the list), apparently for security so that the address cannot be used to gain unauthorized access to the system through spoofing, all well and good, and I am all for added security but a number of browsers require it for automatic proxy detection, hence we  have to disable it.

Thankfully that is easy enough through an ADMINISTRATIVE command prompt using the following commands

If you want to check that the DNS blocklist is enabeld, type; dnscmd /info /enableglobalqueryblocklist if it displays 1, its enabled, if 0 its disabled nice and simple, but wait what if you want to see the contents of the blocklist, again simple through an administrative command prompt (lets assume from now on in this article that all command prompts are administrative shall we) simply type; dnscmd /info /globalqueryblocklist this will make the blocklist print out onto your screen

Now how to disable it, easy simply input the following commands

  1. dnscmd /config /globalqueryblocklist (Optional, this clears the blocklist that way if something happens and it is re-activated it is empty)
  2. dnscmd /config /enableglobalqueryblocklist 0

The second command there is the one that does the actual disabling, conversely if you want to enable it you should type dnscmd /config /enableglobalqueryblocklist 1. As an asside, if you want to ADD an item to the blocklist this is done by typing the following: dnscmd /config /globalqueryblocklist name where name is the item you want to add to the blocklist.

 

Also dont forget to ensure that the mimetype for the file is defined as “application/x-ns-proxy-autoconfig”

[SOLVED] WSUS Update Error, Not reporting and error 800B0001

After a WSUS Rebuild, I started noticing that Machines, although associating with WSUS were showing up that they had not yet reported to the server, upon investigating this it was discovered that the clients were erroring and displaying error code 800B0001. The machine in question hosting WSUS is a 64 Bit Server 2008 R2 machine, with these details in hand I go off looking for a solution.

Looking for solutions to this I came across several sources indicating that this is a known problem, and thankfully that there is a solution available from Microsoft (http://www.microsoft.com/en-us/download/details.aspx?id=29999)

I simply installed the update, and restarted at then end as asked by the installer, once the server is back up I went back to the same clients and re-ran windows update, and off it went working again.

Nice Simple fix, if only everything was that easy

 

%d bloggers like this: