Creating Linux NTP Server

Linux, in this example Ubuntu, does not come with a built in NTP server, however it is a nice lightweight platform than can be used as an alternative to a Windows machine that would obviously have to be licenced, and the NTP service can easily be added assuming the machine has an Internet connection (it only needs this during the configuration phase

Personally, I like to use Ubuntu Server 10.04 (http://releases.ubuntu.com/), since this isn't burdened with the updated GUI interface that seems to require additional resources, and that is just not needed.
The setup is pretty much self-explanatory, simply ensure the machine has a network connection (preferably to the Internet) before starting.

Installing the NTP Software:

Type: sudo -s and then type the appropriate password
To get and install the NTP Software (you MUST have an Internet connection), type: apt-get install ntp

Edit the NTP Configuration File:

(This uses the "vi" editor, you can obviously use one of your choice, such as Nano)

Open the file for editing: vi /etc/ntp.conf
Press the ‘Insert’ key
Insert the following lines of code after “server ntp.ubuntu.com”
     server 0.uk.pool.ntp.org iburst
     server 1.uk.pool.ntp.org
     server 2.uk.pool.ntp.org
     server 3.uk.pool.ntp.org
     server 127.127.1.0
     fudge 127.127.1.0 stratum 10
     tos orphan x (where x is a stratum level between 4 and 10)
Press the ‘Esc’ key, then enter :wq and press enter (to save the file and quit the editor)

[Note: The "tos orphan x" line is only needed if you intend to use this NTP server as a definitive time source on the network, without connecting this server to the Internet.  In fact, if this is the case, the "server 0" to "server 3" lines can be safely deleted, I leave them in case the server is connected to the Internet at a later date]

Restart the NTP Server:

     /etc/init.d/ntp restart

Check Status:

You can check the status of the various NTP servers by typing: ntpq -c lpeer
(Note: This may take a while to update after first being initialised)
 

Changing IP Address:

Assuming that the machine was built with a connection to the Internet, it will likely have a DHCP assigned IP address.  This can be found by typing: ifconfig eth0

To set a static IP address:

Backup the current IP details: cp /etc/network/interfaces /etc/network/interfaces.backup
Edit the interfaces file: vi /etc/network/interfaces
Press the ‘Insert’ key
Change 'iface eth0 inet dhcp' to 'iface eth0 inet static'
Enter the following lines (substituting in the desired values for the IP addresses):
     address 192.168.0.10
     netmask 255.255.255.0
     gateway 192.168.0.1 (This line can be omitted if not needed)
Press the ‘Esc’ key, then enter :wq and press enter (to save the file and quit the editor)
Type: ifdown eth0, then ifup eth0 to restart the network interface
Check that the new static IP has been assigned by once again typing: ifconfig

Reconfiguring the NTP Server after Cloning or Building from a Template:

When an virtual NTP is cloned or imported from a template, the “Ethernet 0” card is often unavailable, and the interface on the new server is named “Ethernet 1”, this can be checked by typing ifconfig eth1

If this is the case, edit the Interfaces file as follows:
Edit the interfaces file: sudo vi /etc/network/interfaces
Change the “Address”, “Netmask” and “Gateway” entries to reflect the IP addresses for the network.
Press the ‘Esc’ key, then enter :wq and press enter (to save the file and quit the editor), then type ifup eth1 to bring up the interface.
Check that the new static IP has been assigned by once again typing: ifconfig

Domain Kerberos Error

This post describes how to resolve the following Kerberos error:
"The trust relationship between this workstation and the primary domain failed"

Although the error message states "workstation", the exact same error message will be seen on Windows Servers too.

Although this error can be seen for a variety of reasons, it is typically found when a domain connected machine is restored to a previous point in time via third party tools (i.e. not Windows restore), or when using snapshots in a virtual environment.  It occurs because the computer's account has become mismatched with the one on the domain controller.

One could simply remove the machine from the domain and re-add it, however this can be a pain, especially if you have more than one machine with the error.  The other option is to reset the computer account, so that it is in sync with the one on the domain controller.

To reset the account

1. Log on to the affected machine using the local administrator account
2. Open PowerShell
3. Run the following command:
   Test-ComputerSecureChannel -Repair -Credential (Get-Credential) -VerboseWhen prompted, enter the credentials of a user that has Domain Admin permissions.
4. The account will be reset and PowerShell report a successful repair.
5. The connection can be tested by running the following command:
   Test-ComputerSecureChannel -Verbose
   This command should report that the secure channel is in good condition.

You can now log off and back on as a domain user.

SQL DDL Triggers

This post covers the details of creating a Data Definition Language (DDL) trigger, which are used to perform administrative tasks within the database or on the server itself.  For a useful jumping off point regarding DDL Triggers, see this TechNet article.

I have used such triggers in the past for forcibly logging a user off the system, when they attempt to access SQL server through the Management Studio.  Typically this is when a username and password that is used in an application is well known, and I only want that application to be able to connect, not a user via the Management Console.  Such a scenario would be better controlled via user permissions, however this is not always possible.

The following code is used to create a trigger (called “TR_LOGON_APP”).  This trigger occurs after the user has logged on, but before the session is created.  If the user is connecting with the Management Studio, an error is thrown, and the “This login is for application use only” error is entered into the SQL Log.

To create such a trigger:

• Run “sqlcmd” at a command prompt
• Copy and paste the code into the SQL command window
  [Note: Change the <username> section of the code to reflect the user you want to prevent logging on]

CREATE TRIGGER [TR_LOGON_APP]

ON ALL SERVER

FOR LOGON

AS

BEGIN

        DECLARE @program_name nvarchar(128)

                DECLARE @host_name nvarchar(128)

                SELECT @program_name = program_name,

                                @host_name = host_name

                FROM sys.dm_exec_sessions AS c

                WHERE c.session_id = @@spid

                

                IF ORIGINAL_LOGIN() IN('<username>')

                                AND @program_name LIKE '%Management%Studio%'

                BEGIN

                                RAISERROR('This login is for application use only.',16,1)

                                ROLLBACK;

                END

        END;

• Review the code, type GO, and press the enter/return key
• To see any triggers that have been created, type the following at the SQL command prompt:
  
          SELECT * FROM sys.server_triggers
          GO
• To delete a trigger, run the above command to list all DDL triggers, and make a note of the one you want to delete, and then type the following at the SQL command prompt:
  DROP TRIGGER <trigger name> ON ALL SERVER
  GO

Show Hidden Devices (Windows)

There are a number of instances where devices that were once part of a system no longer show up, however nearly all of them result from the simple removal of hardware.

One would think that simply loading "Device Manager" and selecting "View" / "Show Hidden Devices" would be enough to view them, but alas no.

Thankfully the solution is really simple:

1. Open a command prompt
2. Type set devmgr_show_nonpresent_devices=1
3. Type devmgmt.msc
4. From within Device Manager, select "View" then "Show Hidden Devices"
5. Browse the various categories of device for any that are greyed out.  Right-click on them, and select "uninstall" 

[Note: Do not uninstall devices that you are unsure about.  This could leave your system in a non-working state, although Windows should automatically scan for and re-install any missing devices, if specific software is required, this is not always possible]