Migrate Windows File Server

Posted on January 19, 2024 by Andy

Microsoft File Server migration in my case consisted of 3 steps:

Copy files (including NTFS permissions)
Copy shares
Copy quotas

Here is what to do:

Copy files using robocopy

i copied files from my old to new server using following command on the source server:

robocopy.exe .\MyRootFolder \\MyDestinationServer\driveletter$\MyRootFolder /MIR /SEC /SECFIX /W:3 /R:3 /E /ZB /COPYALL /V

To learn more about the parameters, go to this microsoft page for robocopy

Copy shares

Use regedit to export / import following key and its content:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanServer\Shares

Copy quotas

Now this was the most complicated part as it involved some scripting. First export the quota templates from the source server:

dirquota.exe quota template export /file:C:\quota.xml

copy that file onto the destination server and do:

dirquota.exe quota template import /file:<path_to_xml_file>

Afterwards you have to output the specific quotas and add them with:

dirquota.exe quota add /Limit:<size_in_gb_or_mb> /SourceTemplate:<name_of_the_template> /Path:<path_to_quota_folder>

Source: https://suddhaman.blogspot.com/2020/07/file-server-migration-windows-server.html

Enable legacy provider and TLSv1 in OpenSSL3 on FreeBSD14

Posted on December 28, 2023 by Andy

First you need to compile OpenSSL from ports and enable different options

# pkg install portsnap portmaster
# portsnap auto
# portmaster --packages-build security/openssl

then enable:

Provider Modules -> Legacy
Protocol Support -> TLS1 and TLS1_1

After compilation is finished, make sure the sections in /etc/ssl/openssl.conf look like this:

[openssl_init]
providers = provider_sect
ssl_conf = ssl_configuration

[provider_sect]
default = default_sect
legacy = legacy_sect

[default_sect]
activate = 1
[legacy_sect]
activate = 1

[ssl_configuration]
system_default = tls_system_default

[tls_system_default]
MinProtocol = TLSv1
CipherString = DEFAULT@SECLEVEL=0

Install uCARP on Debian 12

Posted on December 20, 2023 by Andy

Download the ucarp package first:

apt install ucarp

Configure the interface in /etc/network/interfaces on your PRIMARY server:

iface eth0 inet static
    address 10.1.1.4/24
    gateway 10.1.1.1
    # dns-* options are implemented by the resolvconf package, if installed
    dns-nameservers 1.1.1.1 9.9.9.9
    dns-search domain

iface eth0:ucarp inet static
    address 10.1.1.30
    netmask 255.255.255.0

now do the same thing on your SECONDARY server:

iface eth0 inet static
     address 10.1.1.5/24
     gateway 10.1.1.1
     # dns-* options are implemented by the resolvconf package, if installed
     dns-nameservers 1.1.1.1 9.9.9.9
     dns-search domain

iface eth0:ucarp inet static
     address 10.1.1.30
     netmask 255.255.255.0

you can check on your primary if carp is working with

$ ifup eth0:ucarp

if this is fine we have to create a config file and the systemd startup unit as the package comes without such a unit file.

First create /etc/ucarp/vip-common.conf on both servers and paste the following. This is for the primary so you have to adapt it to fit the secondary, notably SOURCE_ADDRESS and ADVSKEW. Set the ADVSKEW higher on the secondary, e.g. ADVSKEW=”100″:

BIND_INTERFACE="eth0"
PASSWORD="mysimplepass"
VIP_ADDRESS="10.1.1.30"
SOURCE_ADDRESS="10.1.1.4"
VHID="1"
ADVBASE="1"
ADVSKEW="10"
OPTIONS="-P -z"
UPSCRIPT="/usr/share/ucarp/vip-up"
DOWNSCRIPT="/usr/share/ucarp/vip-down"

Then create the systemd unit file /etc/systemd/system/ucarp.service

[Unit]
Description=UCARP virtual interface %I
After=network.target

[Service]
EnvironmentFile=-/etc/ucarp/vip-common.conf
ExecStart=/usr/sbin/ucarp $OPTIONS -i $BIND_INTERFACE -p $PASSWORD -v $VHID -a $VIP_ADDRESS -s $SOURCE_ADDRESS -b $ADVBASE -k $ADVSKEW -u $UPSCRIPT -d $DOWNSCRIPT
KillMode=control-group

[Install]
WantedBy=multi-user.target

Last but not least start it

$ systemctl enable --now ucarp

https://ucarp.wordpress.com

YAIB

Yet Another IT Blog