Skip to main content

IP address scheme changeover

Today we're (I'm) changing over the rest of our servers to the new IP addressing scheme. This is noteworthy because we've only really done one so far - our Sharepoint box - and it broke a few unexpected things.

Reason? We are going to change all the IPs to a new subnet range to clean things up. We're halfway there, and now we can't get past ISA blocking RPC due to us trying to access different subnets, rather, go across subnets. Just doesn't work properly. Kinda silly.

Anyways, we had two options, make ISA disappear, or finish up the IP address change - something I was sure would break a lot of things.

So far, things are going pretty well, but I've set it up so we do everything easy first!

Changing the IP for the Exchange and BES servers is a little unnerving...but I think that Exchange pretty much exclusively uses DNS - I don't ever recall seeing statically set IP addresses, except in the TCP/IP settings. I've updated the static DNS records, so everything should work. Update: Yep, it works. AFTER you change the ISA rules to accommodate new IPs!!!

The SQL machines, however, I'm concerned about. There's a lot of custom stuff in there, and who knows what person decided an IP was a good way to connect something.
Update: Things seem to be working just fine so far....we'll see when people actually start using the system.

Changing the printers is proving to be the most difficult of all the changes. So far at least one of them is on a JetDirect box. It required a reboot before it would take the new IP settings, and now the server refuses to see that it's online. I may need to restart the printer itself.
Update: Server reboot fixed it.

Another thing to take into account on ISA is the network setup. If you remove the network/gateway ip from the old subnet, then try to access stuff on the old network - no connection until you re-add the network range and gateway ip!! Confused me for a minute...

Nmap is still turning up some random hosts, including an IP I'm sure that I have already disabled...nic is made by Accton Technology...and I'd thought it was on one of our Cisco devices, but the Cisco device no longer has that IP enabled, so this is messed up.
Update: Haha! Figured out what they were, and it's another lesson: Keep track of your network devices, and their respective logins!!!

We're working on a comprehensive document to keep better track of devices. We'll eventually tie it into something like Nagios.

Well, everything is up and running, so that concludes this entry. I'll post up any other oddities I run across.

Comments

  1. This is an useful information.I would like to share some points about IP address and IP changing.

    An IP address is also known as Internet Protocol Address.It is very important in Internet.Every Internet users are identify by their users using their IP address.IP address is Unique.You can get it from your Internet Service Provider[ISP].
    There are five classes of available IP ranges: Class A, Class B, Class C, Class D and Class E, while only A, B, and C are commonly used:
    Class A------------------> 1.0.0.1 to 126.255.255.254
    Class B -----------------> 128.1.0.1 to 191.255.255.254
    Class C -----------------> 192.0.1.1 to 223.255.254.254
    Class D------------------> 224.0.0.0 to 239.255.255.255
    Class E -----------------> 240.0.0.0 to 254.255.255.254
    If your IP address is a static IP ,you cannot change it.
    If it is Dynamic IP address you can change it simply by resetting the modem.If you reset the modem the IP will change and a new IP assigned for you.

    To find your Internet IP address visit the site IP-Details.com and get it.

    ReplyDelete

Post a Comment

Popular posts from this blog

DFSR - eventid 4312 - replication just won't work

This warning isn't documented that well on the googles, so here's some google fodder:


You are trying to set up replication for a DFS folder (no existing replication)Source server is 2008R2, 'branch office' server is 2012R2 (I'm moving all our infra to 2012R2)You have no issues getting replication configuredYou see the DFSR folders get created on the other end, but nothing stagesFinally you get EventID 4312:
The DFS Replication service failed to get folder information when walking the file system on a journal wrap or loss recovery due to repeated sharing violations encountered on a folder. The service cannot replicate the folder and files in that folder until the sharing violation is resolved.  Additional Information:  Folder: F:\Users$\user.name\Desktop\Random Folder Name\  Replicated Folder Root: F:\Users$  File ID: {00000000-0000-0000-0000-000000000000}-v0  Replicated Folder Name: Users  Replicated Folder ID: 33F0449D-5E67-4DA1-99AC-681B5BACC7E5  Replication Group…

Fixing duplicate SPNs (service principal name)

This is a pretty handy thing to know:

SPNs are used when a specific service/daemon uses Kerberos to authenticate against AD. They map a specific service, port, and object together with this convention: class/host:port/name

If you use a computer object to auth (such as local service):
MSSQLSVC/tor-sql-01.domain.local:1433

If you use a user object to auth (such as a service account, or admin account):
MSSQLSVC/username:1433

Why do we care about duplicate SPNs? If you have two entries trying to auth using the same Kerberos ticket (I think that's right...), they will conflict, and cause errors and service failures.

To check for duplicate SPNs:
The command "setspn.exe -X

C:\Windows\system32>setspn -X
Processing entry 7
MSSQLSvc/server1.company.local:1433 is registered on these accounts:
CN=SERVER1,OU=servers,OU=resources,DC=company,DC=local
CN=SQL Admin,OU=service accounts,OU=resources,DC=company,DC=local

found 1 groups of duplicate SPNs. (truncated/sanitized)

Note that y…

Logstash to Nagios - alerting based on Windows Event ID

This took way longer than it should have to get going...so here's a config and brain dump...

Why?
You want to have a central place to analyze Windows Event/IIS/local application logs, alert off specific events, alert off specific situations.  You don't have the budget for a boxed solution.  You want pretty graphs.  You don't particularly care about individual server states.  (see rationale below - although you certainly have all the tools here to care, I haven't provided that configuration)

How?
ELK stack, OMD, NXlog agent, and Rsyslog.  The premise here is as follows:

Event generated on server into EventLogNXlog ships to Logstash inputLogstash filter adds fields and tags to specified eventsLogstash output sends to a passive Nagios service via the Nagios NSCA outputThe passive service on Nagios (Check_MK c/o OMD) does its thing w. alerting
OMD
Open Monitoring Distribution, but the real point here is Check_MK (IIRC Icinga uses this...).  It makes Nagios easy to use and main…