Changing MTU for local-zone

Similar Messages

• Last status change time for local-zone

  hello
  I want to know the time when my local-zone went to "INstalled State" last time ? No information found in any of the message logs.
  OS version " Solaris 10 9/10 s10s_u9wos_14a SPARC".
  thanks in advance
  Subhrajit

  It took me an hour but, of course, as soon as I posted this question I found it.  I needed table JCDS.
  Thanks,
  Davis

• Solaris 10U1 needs to be to patched to SunUC 1.0.4 for local zones support

  The version of Sun UC integrated into S10u1 does not support systems with local zones configured. This has since been fixed but you first need to patch the system to upgrade to Sun UC 1.0.4. This can be done on a SPARC system as follows:
  $ smpatch download -i 121118-06
  $ smpatch add -i 121118-06
  For X86 the patch is 121119-06.

  This implies that ODP.NET does NOT need to be installed on a client. However, I cannot find OraOPs9.dll on a machine with Client Release 9.2 installed. Should OraOps?.dll automatically come with a Client installation of 9.2 or higher?
  ODP.NET needs to be installed on the client. OraOps9.dll is part of ODP.NET, not the Oracle Client.
  Also, if an application is built with the 10g ODP.NET, can it be run from a machine with OraOps9.dll?
  If an application is built with 10g ODP.NET, it can be run with 9.2 ODP.NET as long as you do not use any 10g APIs. The new features in 10g ODP.NET are included in the doc and the ODP.NET FAQ for your reference.

• Change MTU for just one Site-to-Site VPN between ASAs?

          Hi -
  I'm setting up a Site-to-Site Cisco VPN between ASAs. I'm being told by the remote site engineer to set the maximum MTU at 1362.
  Is it possible to set the MTU for one specific site-to-site VPN on my ASA 5510 Security Plus to MTU 1362? I see my interfeces are all set at 1500.
  If not, would you recommend I setup a subinterface on my inside network router and a subinterface on the ASA with an MTU of 1362 to get around this issue? Then use this subinterface for traffic from my inside network to transverse through prior to hitting the VPN.
  Thank you.

  I would not worry too much about UDP traffics.  I rather concentrate on TCP traffics because almost all of the issues will be TCP.
  Therefore, I would set the MSS value to 1362 or may be like 1300:   sysopt connection tcp-mss 1300
  That will solve most of  your issues.

• Disable prompt to change password for local non-admin account

  Hi there, I have a special-case laptop image running Windows 7 Enterprise. This one will not be on the domain--configured as a standalone workgroup only. I have three local accounts on it:
  1) Tech account with admin privs and password protected
  2) Teacher account with admin privs and password protected
  3) Kindergarten student account with regular user privs and no password at all
  For some reason, after Sysprep, when the student and teacher clicks their icon to logon, Windows always prompts them to change the password. I want to disable that. I have the following in my unattend.xml file which should take care of this, based on what
  I've read here. Still getting prompted to change password though. Any ideas what's missing?
  Thanks,
  Sir_Timbit
  <component name="Microsoft-Windows-Shell-Setup" .....
              <FirstLogonCommands>
                  <SynchronousCommand wcm:action="add">
                      <CommandLine>wmic useraccount where &quot;name=&apos;Student&apos;&quot; set PasswordExpires=FALSE&lt;/CommandLine&gt;</CommandLine>
                      <Description>Student password never expires...</Description>
                      <Order>2</Order>
                  </SynchronousCommand>
                  <SynchronousCommand wcm:action="add">
                      <CommandLine>net accounts /maxpwage:unlimited</CommandLine>
                      <Description>Disable expired local user account passwords</Description>
                      <Order>3</Order>
                      <RequiresUserInput>true</RequiresUserInput>
                  </SynchronousCommand>
                  <SynchronousCommand wcm:action="add">
                      <CommandLine>wmic useraccount where &quot;name=&apos;Staff&apos;&quot; set PasswordExpires=FALSE&lt;/CommandLine&gt;</CommandLine>
                      <Description>Staff password never expires</Description>
                      <Order>1</Order>
                  </SynchronousCommand>
              </FirstLogonCommands>

  For some reason my paste garbled up the unattend.xml file. It should read:
              <FirstLogonCommands>
                  <SynchronousCommand wcm:action="add">
                      <CommandLine>wmic path Win32_UserAccount WHERE name="Student" set PasswordExpires=FALSE</CommandLine>
                      <Description>Student password never expires...</Description>
                      <Order>2</Order>
                  </SynchronousCommand>
                  <SynchronousCommand wcm:action="add">
                      <CommandLine>net accounts /maxpwage:unlimited</CommandLine>
                      <Description>Disable expired local user account passwords</Description>
                      <Order>3</Order>
                      <RequiresUserInput>true</RequiresUserInput>
                  </SynchronousCommand>
                  <SynchronousCommand wcm:action="add">
                      <CommandLine>wmic path Win32_UserAccount WHERE name="Staff" set PasswordExpires=FALSE</CommandLine>
                      <Description>Staff password never expires</Description>
                      <Order>1</Order>
                  </SynchronousCommand>
              </FirstLogonCommands>
  Now, I let Sysprep complete and logged on as Staff. I went to the command prompt and ran the wmic command above to configure the student account to never expire. It failed when I ran it from a regular command prompt, but worked (and prevents the student
  password from expiring--what I want!) when I ran the command prompt as administrator, and paste the above. I was under the impression sysprep would be processing the unattend file with administrative privs. So I'm a bit closer here, but still unsure how to
  get it to run the above wmic command as administrator.

• Lion Server DNS service not working for locally created zones. Caching working fine.

  OS Lion Server DNS service not working for local zones. Was fine under Snow leopard server but Lion server upgrade has severely broken my DNS and web sites. Zones look fine under Server Admin but keep getting "query failed (SERVFAIL) for xxxx at /SourceCache/bind9/bind9-42/bind9/bin/named/query.c:3921" in the logs. BTW - Server Admin cant seem to see the log file either.
  Surely someone actually tested that DNS still worked on Lion?

  I upgraded from Snow Leopard Server to Lion Server on day 01.  I hit the same issue where, after the upgrade, my Lion Server stopped serving names for my private local domain.
  I finally took a few minutes to figure out what was wrong.  After turning on debug logging and looking through the logs, I found my particular issue, now resolved.
  The issue I had was, when the domain initially was setup when I installed Snow Leopard Server, for some reason it created a zone just for the server (in my case, something like zone "s-01.mydomain.priv"), and a separate zone for all the other machines (zone "mydomain.priv", containing all the private IPs for my local domain).  I never messed with it because it worked, but generally I would have put all of them in the same zone.
  My zone "mydomain.priv" had a nameserver and mail exchanger entry for my server, s-01.mydomain.priv.  I could see this in the Server Admin app on the DNS bubble, Zones tab, mydomain.priv selected, and the General Info panel.  This was fine in Snow Leopard.  This was failing the zone load in the updated bind for Lion Server, though.  The issue was that the "mydomain.priv" zone was referencing the s-01.mydomain.priv server, which was not defined in the "mydomain.priv" zone but rather in the "s-01.mydomain.priv" zone.
  My fix:
  1. In Server Admin, add the server to the zone "mydomain.priv".  I put an A record (Add Machine) in the "mydomain.priv" zone for my server named s-01.mydomain.priv.
  2. shut down DNS on the OS X Lion Server (hit the Stop DNS button on Server Admin).
  3. edit /etc/named.conf by hand, removing the specialized zones that contianed just the server.  In this case, it would be the section titled 'zone "s-01.mydomain.priv"' and the section titled 'zone "3.10.1.10.in-addr.arpa"'.  Your in-addr.arpa zone name will change based on whatever your server IP address was.  My internal one happened to have s-01.mydomain.priv mapped to 10.1.10.3.
  4. Once the specialized zones for just the server were removed, I started the DNS up again.  Instead of serving four zones as it had in OS X Snow Leopard Server, it now servers two zones.  And, now, it is resolving my local machines for the mydomain.priv zone.
  YMMV.  I did note that it wasn't totally necessary to do step 3, but I never really understood the need for the specialized domain, and keeping it around would have a copy of data that would just confuse things.
  Hope that helps.  That's been the only hiccup I've noticed updating to OS X Lion Server thus far.

• Network access from local zones on a Solaris 10 router

  I'm kind of stuck at an interesting problem.
  I have a Solaris 10u6 system which is itself a router between a number of networks.
  It has several dozen routes to different networks via different next-hop gateways,
  just one of which is a default route to the ISP to internet.
  I thought of setting up local zones to securely run infrastructure services (BIND,
  Squid, Mail relay) on this machine, with only a single dedicated public IP address
  (from our delegated address space) per such zone. Zones use a shared-IP stack
  on one of the machine's VLAN interfaces (the LAN part with public IP addresses).
  The problem is - since this machine is the gateway for the subnet used for the
  local zones, they don't inherit any default route. The one default we have to the
  ISP is on another interface's subnet.
  [root@ns8 /]# netstat -rn | grep default
  [root@ns8 /]# netstat -rn | wc -l
  50
  On a side note, these zones do inherit dozens of other routes (50 above) with
  next-hop routers not on the local zone's subnet - so these are also not accessible.
  I think such useless routes should also be filtered away - as "mismatching" default
  routes are.
  Due to all this the zone has no networking outside its subnet/mask: it doesn't
  even try to send anything, since there is not a single route with a matching next
  hop router, i.e.
  [root@ns8 /]# traceroute -nI 194.87.0.50
  traceroute to 194.87.0.50 (194.87.0.50), 30 hops max, 40 byte packets
  1 xx.yy.zz.8 0.102 ms !H 0.032 ms !H 0.027 ms !H
  To reiterate, this setup is different from that of the numerous replays of "How to
  set up internet for zones with virtual IP addresses?"
  That recipe suggests to add a fake router and maintain its ARP address to be
  that of the real default gateway, and set up NAT to rewrite private IP addresses
  to the global zone's public IP. While I've also used the recipe a number of times,
  it does not seem feasible in this router's case - there are too many next-hop
  routers (and learned with a dynamic routing protocol), not just one default-gw.
  I can of course go back to running services in the global zone and binding them
  to these dedicated public IP addresses via configuration files - and this works
  since the global zone has access to any needed routers having IP addresses
  in relevant subnets - but I hoped to secure the system a bit more and separate
  routing from infrastructure tasks...
  So the question is: how can I set up networking for local zones in this case
  when they are running on a router? Is it possible?
  Thanks,
  //Jim

  You can set the Airport Extreme in "Bridge" mode, and then it will just extend the existing subnet.
  Airport Utility -> Airport Extreme -> Internet -> Connection Sharing -> Off (bridge mode)

• Using dtrace to tap into local-zone console output?

  Was wondering if anyone has experimented with dtrace to capture zlogin console output for local zones. (all in the global ofcourse)
  (I don't want to run zlogin and capture its output to a file, since that would interfere with normal "zlogin" operation.)
  The idea would be to try and use dtrace to attach to some sort of centralized "zlogin construct/object" and then capure ALL zlogin console-output for ALL local zones, with dtrace, and then having that parsed out to log-files for each local zone.
  Might sound a little far-fetched, but until a standard interface for zone-console logging is created, this may be the base we can do?
  If you can think of alternatives, please share them.
  thanks,
  -- MikeE

  For the record: http://blogs.sun.com/roller/page/menno/20050525
  Menno

• How to dynamically set max-rss size for a local zone?

  Running solaris 10 05/08.
  Following situation: Three local zones in a Veritas cluster. The zones
  can fail over but normally not all three are on the same physical box.
  I want to be able to restrict physical memory usage for the zones in
  situations where certain combinations of them end up on the same
  physical box. So, I need to be able to dynamically change memory
  resources. I know how to do this with, for example locked memory:
  prctl -n zone.max-locked-memory -r -v <mem> `pgrep -z <zone name>
  init`
  but i need to do this for physical memory and I can't see that there
  is a zone resource for this? I thought this was added in 05/08?

  Hi
  You can do this by using rcapd from the global zone
  - start rcapd from the global zone:
  svcadm enable svc:/system/rcap:default
  - set a physical memory caping value for each zone
  rcapadm -z your_zone -m max_rss_value
  - check the memory use for all the zone capped
  rcapstat -gz
  You can set the rss capping value in the zone configuration:
  # zonecfg -z your_zone
  zonecfg:busi-app-prod> add capped-memory
  zonecfg:busi-app-prod:capped-memory> set physical=900m
  zonecfg:busi-app-prod:capped-memory> end
  zonecfg:busi-app-prod> verify
  zonecfg:busi-app-prod> commit
  zonecfg:busi-app-prod> exit
  This will be take in account at the next reboot of this zone.
  Have a also a look to rcapadm to tune rcapd
  Bye
  Fred

• Can external users change their language, time zone, and locale settings?

  Hi,
  We’re migrating our hosts from WebEx cloud to our on-prem solution right now (CWMS 1.5.1.323.A).
  We’ve learned that CWMS 1.5 does not provide an online address book where hosts could customize language, time zone, and locale settings for their external attendees.
  Do external users have any chance at all to change their language, time zone and locale settings individually?
  Thank you,
  Helge

  Hi Dejan,
  "external users" are those participants, who do not have an LDAP account in our deployment, since they are not intendet to act as hosts: our stakeholders, partners, customers, clients.
  It looks, as if these people would stick to the systems' default language / time zone / locale.
  We are wondering if there might be a CWMS-component like this:
  https://artcom.webex.com/cmp0307l/webcomponents/widget/preference.do?serviceType=MC&siteurl=artcom&target=Page&backUrl=%2Fmw0307l%2Fmywebex%2Fdefault.do%3Fsiteurl%3Dartcom%26service%3D1
  to allow those "extenal" participants to make their adjustments.
  Thank you,
  Helge

• Modify Ethernet driver settings for a local zone of exclusive ip-type

  Hi there
  A quick one. Have configured a local zone with ip-type set to exclusive for a physical interface fjgi1. How can I modify the fjgi driver settings for this local zone?
  Should I edit /platform/SUNW,SPARC-Enterprise/kernel/drv/fjgi.conf under the global zone and reboot the global zone, or create and edit a new config file in the local zone and reboot it?
  Thank you
  Sunny

  Driver settings like this are shared by all zones. So you'd need to make the change in the global zone.
  Darren

• Solaris 10 local zone setup requirement/steps for am/ps 7.0 installation

  Hi,
  Is there any document available on solaris 10 local zone creation/requirement for am server/ portal server 7.0 install? Any help/pointer is appreciated.
  Thanks,

  I don't believe there is any specific documentation am/portal in a zone. And as far as I know there are no specific requirements either. I have successfully installed portal in a solaris zone.
  A good starter tutorial on zones is here: http://partneradvantage.sun.com/protected/solaris10/adoptionkit/tech/zones/tutorial.html
  Hi,
  Is there any document available on solaris 10 local
  zone creation/requirement for am server/ portal
  server 7.0 install? Any help/pointer is
  appreciated.
  Thanks,

• Df error for lofs file system in local zone.

  I 've a zone which is running oracle db instance. We have exported the SAN file system from the global zone as following
  fs:
  dir: /oradb
  special: /oradb
  raw not specified
  type: lofs
  options: []
  from global zone
  #df -h | grep oradb
  /dev/dsk/emcpower174c 17G 5.1G 11G 31% /oradb/archa
  /dev/dsk/emcpower177c 58G 3.3G 54G 6% /oradb/index1
  /dev/dsk/emcpower172c 9.9G 610M 9.2G 7% /oradb/redob
  /dev/dsk/emcpower176c 58G 30G 27G 53% /oradb/index2
  /dev/dsk/emcpower180c 58G 35G 23G 61% /oradb/data1
  Problem is from local zone if i do cd to /oradb/data1 and then df -h . , i get following error Is there anyway i get the usage or df o/p of lofs file system from the local zone itself
  local_zone# df -h .
  df: Could not find mount point for .
  local_zone # pwd
  /orad/data1
  local_zone# df -h /oradbdb/data1
  df: Could not find mount point for /oradbdb/data1
  local_zone#

  Do you have amount point within the zone path for these oradb mounts?
  You have to add a directory entry for /oradb in the zone's root directory, i.e. ``zone_path''/root/oradb

• SG300 cant change the Link Local address for an IPv6 interface

  There seems to be no apparent way to change the Link Local address for an IPv6 interface
  If I create more than one interface they all appear to have the same Link Local address

  Never mind, I figured it out
  By adding a Link Local address to an interface, it overides the existing one on the interface

• Install NetConnect in Global Zone of Solaris 10 x86 with 5 local zone fail

  Problem:
  Install NetConnect in Global Zone of Solaris 10 x86 with 5 local zone failed
  But I didn't have any issue with the same pkg in Solaris 9
  Steps taken:
  # groupadd netcon
  # useradd -d /export/home/netcon -g netcon -m netcon
  # vi /etc/shadow
  change LK to NP
  # ./UninstallNetConnect.003.002.001.sh
  # ./InstallNetConnect.003.002.001.sh
  Enter the user account to use: netcon
  Enter group: netcon
  Installing Sun(SM) Net Connect Proxy Core as <SUNWsrspx>
  ## Installing part 1 of 1.
  /etc/opt/SUNWsrspx/CustomerCert.pem
  /etc/opt/SUNWsrspx/SRSCACert.pem
  /etc/opt/SUNWsrspx/binaries
  /etc/opt/SUNWsrspx/srsproxyconfig.cfg
  /opt/SUNWsrspx/bin/srsexec
  /opt/SUNWsrspx/bin/srsinstall
  /opt/SUNWsrspx/bin/srsinstallmode
  /opt/SUNWsrspx/bin/srsproxy
  /opt/SUNWsrspx/bin/srspxrun
  /opt/SUNWsrspx/bin/srspxstat
  /opt/SUNWsrspx/bin/srspxtrace
  /opt/SUNWsrspx/bin/srsuser
  /opt/SUNWsrspx/bin/srsxfer
  /opt/SUNWsrspx/lib/srsimapi.jar
  /usr/lib/libsrsimapi.so.1
  [ verifying class <none> ]
  ## Executing postinstall script.
  copying initial install customer cert into place
  copying initial install srs cert into place
  copying initial install proxy config file into place
  removing any existing uninstallscript before copying the correct one
  copying uninstall script into place
  /var/sadm/pkg/SUNWsrspx/install/postinstall: /opt/SUNWsrspx/bin/srspxrun: cannot execute
  proxy queue initialization failed
  pkgadd: ERROR: postinstall script did not complete successfully
  Installation of <SUNWsrspx> failed.
  ERROR: pkgadd failed for: SUNWsrspx
  Please correct this situation and rerun the installation.
  Exiting installation.
  # cat /var/adm/messages
  Oct 7 00:00:01 planet root: [ID 702911 daemon.error] ERROR: proxy queue initialization failed
  Any clue, or it will only possible in Global zone that didn't have any local zone
  thanks in advance

  Problem:
  Install NetConnect in Global Zone of Solaris 10 x86
  with 5 local zone failed
  But I didn't have any issue with the same pkg in
  Solaris 9
  Steps taken:
  # groupadd netcon
  # useradd -d /export/home/netcon -g netcon -m netcon
  # vi /etc/shadow
  change LK to NP
  # ./UninstallNetConnect.003.002.001.sh
  # ./InstallNetConnect.003.002.001.sh
  Enter the user account to use: netcon
  Enter group: netcon
  Installing Sun(SM) Net Connect Proxy Core as
  <SUNWsrspx>
  ## Installing part 1 of 1.
  /etc/opt/SUNWsrspx/CustomerCert.pem
  /etc/opt/SUNWsrspx/SRSCACert.pem
  /etc/opt/SUNWsrspx/binaries
  /etc/opt/SUNWsrspx/srsproxyconfig.cfg
  /opt/SUNWsrspx/bin/srsexec
  /opt/SUNWsrspx/bin/srsinstall
  /opt/SUNWsrspx/bin/srsinstallmode
  /opt/SUNWsrspx/bin/srsproxy
  /opt/SUNWsrspx/bin/srspxrun
  /opt/SUNWsrspx/bin/srspxstat
  /opt/SUNWsrspx/bin/srspxtrace
  /opt/SUNWsrspx/bin/srsuser
  /opt/SUNWsrspx/bin/srsxfer
  /opt/SUNWsrspx/lib/srsimapi.jar
  /usr/lib/libsrsimapi.so.1
  [ verifying class <none> ]
  ## Executing postinstall script.
  copying initial install customer cert into place
  copying initial install srs cert into place
  copying initial install proxy config file into place
  removing any existing uninstallscript before copying
  the correct one
  copying uninstall script into place
  /var/sadm/pkg/SUNWsrspx/install/postinstall:
  /opt/SUNWsrspx/bin/srspxrun: cannot execute
  proxy queue initialization failed
  pkgadd: ERROR: postinstall script did not complete
  successfully
  Installation of <SUNWsrspx> failed.
  ERROR: pkgadd failed for: SUNWsrspx
  Please correct this situation and rerun the
  installation.
  Exiting installation.
  # cat /var/adm/messages
  Oct 7 00:00:01 planet root: [ID 702911 daemon.error]
  ERROR: proxy queue initialization failed
  Any clue, or it will only possible in Global zone
  that didn't have any local zone
  thanks in advance
  [I believe that it does not work in x86, watches with pkginfo - l SUNWsrspx, in the platform.
  Willy Suarez
  Sopport UNIX
  Colombia/code]