Fileserver upgrades

The PSU on my fileserver (singularity) broke recently, and I decided to take the opportunity to upgrade it a bit.

New hardware:

Asus M4A88T-M motherboard
AMD Sempron 145 2.8GHz
4GB ECC DDR3 memory

This isn’t a massive upgrade over the old system, however it does give me ECC memory capability (the motherboard/CPU both support it – a nice feature of AMD kit that even their bottom-of-the-line kit has this) as well as a better-supported chipset for FreeBSD (the old motherboard used an nVidia chipset which never really worked well).

Here’s the dmesg for the new system:


Copyright (c) 1992-2011 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
The Regents of the University of California. All rights reserved.
FreeBSD is a registered trademark of The FreeBSD Foundation.
FreeBSD 8.2-RELEASE #0: Thu Feb 17 02:41:51 UTC 2011
root@mason.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC amd64
Timecounter "i8254" frequency 1193182 Hz quality 0
CPU: AMD Sempron(tm) 145 Processor (2812.64-MHz K8-class CPU)
Origin = "AuthenticAMD" Id = 0x100f63 Family = 10 Model = 6 Stepping = 3
Features=0x78bfbff
Features2=0x802009
AMD Features=0xee500800
AMD Features2=0x37fd
TSC: P-state invariant
real memory = 4294967296 (4096 MB)
avail memory = 3841773568 (3663 MB)
ACPI APIC Table:
ACPI Warning: Optional field Pm2ControlBlock has zero address or length: 0x0000000000000000/0x1 (20101013/tbfadt-655)
ioapic0 irqs 0-23 on motherboard
kbd1 at kbdmux0
acpi0: on motherboard
acpi0: [ITHREAD]
acpi0: Power Button (fixed)
acpi0: reservation of fee00000, 1000 (3) failed
acpi0: reservation of ffb80000, 80000 (3) failed
acpi0: reservation of fec10000, 20 (3) failed
acpi0: reservation of fed40000, 5000 (3) failed
acpi0: reservation of 100000, cfe00000 (3) failed
acpi0: reservation of 0, a0000 (3) failed
Timecounter "ACPI-fast" frequency 3579545 Hz quality 1000
acpi_timer0: port 0x808-0x80b on acpi0
cpu0: on acpi0
acpi_hpet0: iomem 0xfed00000-0xfed003ff on acpi0
Timecounter "HPET" frequency 14318180 Hz quality 900
pcib0: port 0xcf8-0xcff on acpi0
pci0: on pcib0
pcib1: at device 1.0 on pci0
pci1: on pcib1
vgapci0: port 0xd000-0xd0ff mem 0xd0000000-0xdfffffff,0xfeaf0000-0xfeafffff,0xfe900000-0xfe9fffff irq 18 at device 5.0 on pci1
pci1: at device 5.1 (no driver attached)
pcib2: irq 18 at device 2.0 on pci0
pci2: on pcib2
pcib3: at device 0.0 on pci2
pci3: on pcib3
arcmsr0: <Areca SATA Host Adapter RAID Controller
> mem 0xfebfb000-0xfebfbfff,0xfd800000-0xfdbfffff irq 16 at device 14.0 on pci3
ARECA RAID ADAPTER0: Driver Version 1.20.00.19 2010-11-11
ARECA RAID ADAPTER0: FIRMWARE VERSION V1.48 2009-12-31
arcmsr0: [ITHREAD]
pcib4: at device 0.2 on pci2
pci4: on pcib4
pcib5: irq 18 at device 10.0 on pci0
pci5: on pcib5
re0: port 0xe800-0xe8ff mem 0xfdfff000-0xfdffffff,0xfdff8000-0xfdffbfff irq 18 at device 0.0 on pci5
re0: Using 1 MSI messages
re0: Chip rev. 0x2c000000
re0: MAC rev. 0x00000000
miibus0: on re0
rgephy0: PHY 1 on miibus0
rgephy0: 10baseT, 10baseT-FDX, 10baseT-FDX-flow, 100baseTX, 100baseTX-FDX, 100baseTX-FDX-flow, 1000baseT, 1000baseT-master, 1000baseT-FDX, 1000baseT-FDX-master, 1000baseT-FDX-flow, 1000baseT-FDX-flow-master, auto, auto-flow
re0: Ethernet address: 14:da:e9:b7:f1:a9
re0: [FILTER]
atapci0: port 0xc000-0xc007,0xb000-0xb003,0xa000-0xa007,0x9000-0x9003,0x8000-0x800f mem 0xfe8ffc00-0xfe8fffff irq 22 at device 17.0 on pci0
atapci0: [ITHREAD]
atapci0: AHCI v1.10 controller with 4 3Gbps ports, PM supported
ata2: on atapci0
ata2: [ITHREAD]
ata3: on atapci0
ata3: [ITHREAD]
ata4: on atapci0
ata4: [ITHREAD]
ata5: on atapci0
ata5: [ITHREAD]
ohci0: mem 0xfe8fe000-0xfe8fefff irq 16 at device 18.0 on pci0
ohci0: [ITHREAD]
usbus0: on ohci0
ohci1: mem 0xfe8fd000-0xfe8fdfff irq 16 at device 18.1 on pci0
ohci1: [ITHREAD]
usbus1: on ohci1
ehci0: mem 0xfe8ff800-0xfe8ff8ff irq 17 at device 18.2 on pci0
ehci0: [ITHREAD]
usbus2: EHCI version 1.0
usbus2: on ehci0
ohci2: mem 0xfe8fc000-0xfe8fcfff irq 18 at device 19.0 on pci0
ohci2: [ITHREAD]
usbus3: on ohci2
ohci3: mem 0xfe8fb000-0xfe8fbfff irq 18 at device 19.1 on pci0
ohci3: [ITHREAD]
usbus4: on ohci3
ehci1: mem 0xfe8ff400-0xfe8ff4ff irq 19 at device 19.2 on pci0
ehci1: [ITHREAD]
usbus5: EHCI version 1.0
usbus5: on ehci1
pci0: at device 20.0 (no driver attached)
atapci1: port 0x1f0-0x1f7,0x3f6,0x170-0x177,0x376,0xff00-0xff0f at device 20.1 on pci0
ata0: on atapci1
ata0: [ITHREAD]
ata1: on atapci1
ata1: [ITHREAD]
isab0: at device 20.3 on pci0
isa0: on isab0
pcib6: at device 20.4 on pci0
pci6: on pcib6
ohci4: mem 0xfe8fa000-0xfe8fafff irq 18 at device 20.5 on pci0
ohci4: [ITHREAD]
usbus6: on ohci4
acpi_button0: on acpi0
atrtc0: port 0x70-0x71 irq 8 on acpi0
ppc0: port 0x378-0x37f irq 7 on acpi0
ppc0: Generic chipset (NIBBLE-only) in COMPATIBLE mode
ppc0: [ITHREAD]
ppbus0: on ppc0
plip0: on ppbus0
plip0: [ITHREAD]
lpt0: on ppbus0
lpt0: [ITHREAD]
lpt0: Interrupt-driven port
ppi0: on ppbus0
acpi_hpet1: iomem 0xfed00000-0xfed003ff on acpi0
device_attach: acpi_hpet1 attach returned 12
uart0: port 0x3f8-0x3ff irq 4 flags 0x10 on acpi0
uart0: [FILTER]
orm0: at iomem 0xc0000-0xcefff on isa0
sc0: at flags 0x100 on isa0
sc0: VGA
vga0: at port 0x3c0-0x3df iomem 0xa0000-0xbffff on isa0
atkbdc0: at port 0x60,0x64 on isa0
atkbd0: irq 1 on atkbdc0
kbd0 at atkbd0
atkbd0: [GIANT-LOCKED]
atkbd0: [ITHREAD]
acpi_throttle0: on cpu0
hwpstate0: on cpu0
Timecounter "TSC" frequency 2812644637 Hz quality 800
Timecounters tick every 1.000 msec
usbus0: 12Mbps Full Speed USB v1.0
usbus1: 12Mbps Full Speed USB v1.0
usbus2: 480Mbps High Speed USB v2.0
usbus3: 12Mbps Full Speed USB v1.0
usbus4: 12Mbps Full Speed USB v1.0
usbus5: 480Mbps High Speed USB v2.0
usbus6: 12Mbps Full Speed USB v1.0
ugen0.1: at usbus0
uhub0: on usbus0
ugen1.1: at usbus1
uhub1: on usbus1
ugen2.1: at usbus2
uhub2: on usbus2
ugen3.1: at usbus3
uhub3: on usbus3
ugen4.1: at usbus4
uhub4: on usbus4
ugen5.1: at usbus5
uhub5: on usbus5
ugen6.1: at usbus6
uhub6: on usbus6
ad0: 152627MB at ata0-master UDMA100
uhub6: 2 ports with 2 removable, self powered
uhub0: 3 ports with 3 removable, self powered
uhub1: 3 ports with 3 removable, self powered
uhub3: 3 ports with 3 removable, self powered
uhub4: 3 ports with 3 removable, self powered
uhub2: 6 ports with 6 removable, self powered
uhub5: 6 ports with 6 removable, self powered
pass1 at arcmsr0 bus 0 scbus0 target 16 lun 0
pass1: Fixed Processor SCSI-0 device
da0 at arcmsr0 bus 0 scbus0 target 0 lun 0
da0: Fixed Direct Access SCSI-5 device
da0: 166.666MB/s transfers (83.333MHz, offset 32, 16bit)
da0: Command Queueing enabled
da0: 5722045MB (11718749184 512 byte sectors: 255H 63S/T 729458C)
ugen1.2: at usbus1
ukbd0: on usbus1
kbd2 at ukbd0
uhid0: on usbus1
Trying to mount root from ufs:/dev/ad0s1a
re0: link state changed to DOWN
re0: link state changed to UP
acpi_aiboost0: on acpi0
acpi_hpet1: iomem 0xfed00000-0xfed003ff on acpi0
device_attach: acpi_hpet1 attach returned 12

The system uses an Areca 1210 hardware RAID card (highly recommended) attached to 4 2TB Western Digital disks to provide the primary storage array. The next step is to copy the system from the current 160GB IDE drive over to an old 320GB SATA drive I have (the previous motherboard only had 4 SATA ports, all of which were used for the backup drive array).

PowerShell remoting and certificates

Trying to use PowerShell remoting to connect to a server and I see:


[servername] Connecting to remote server failed with the following error message
: The WinRM client received an HTTP server error status (500), but the remote
service did not include any other information about the cause of the failure. F
or more information, see the about_Remote_Troubleshooting Help topic.
+ CategoryInfo : OpenError: (System.Manageme....RemoteRunspace:Re
moteRunspace) [], PSRemotingTransportException
+ FullyQualifiedErrorId : PSSessionOpenFailed

Mysterious. Checking the event logs on the remote machine reveals:


A fatal error occurred when attempting to access the SSL server credential private key. The error code returned from the cryptographic module is 0x8009030d. The internal error state is 10001.

So it’s trying to read from a certificate and failing. The certificate in question is stored under:


C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys

(Found by searching for the above error message).

It looks like the certificates have rolled over, so the old certificate which winrm has a reference to is no longer valid. I’m not actually even making use of certificate-based authentication so the easiest solution is to remove the CertificateThumbprint parameter from winrm configuration:


winrm set winrm/config/service @{CertificateThumbprint=""}

Make sure you don’t try running that from a PowerShell prompt though, as it’ll complain about it being an invalid command line even when it isn’t (since the @{} syntax is interpreted by PowerShell)…

And the working winrm configuration:


C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys>winrm get winrm/config
Config
MaxEnvelopeSizekb = 800
MaxTimeoutms = 600000
MaxBatchItems = 20
MaxProviderRequests = 4294967295
Client
NetworkDelayms = 5000
URLPrefix = wsman
AllowUnencrypted = false
Auth
Basic = true
Digest = true
Kerberos = true
Negotiate = true
Certificate = true
CredSSP = true
DefaultPorts
HTTP = 5985
HTTPS = 5986
TrustedHosts = *
Service
RootSDDL =
MaxConcurrentOperations = 4294967295
MaxConcurrentOperationsPerUser = 200
EnumerationTimeoutms = 600000
MaxConnections = 15
MaxPacketRetrievalTimeSeconds = 120
AllowUnencrypted = true
Auth
Basic = true
Kerberos = true
Negotiate = true
Certificate = false
CredSSP = true
CbtHardeningLevel = Relaxed
DefaultPorts
HTTP = 5985
HTTPS = 5986
IPv4Filter = *
IPv6Filter = *
EnableCompatibilityHttpListener = true
EnableCompatibilityHttpsListener = false
CertificateThumbprint
Winrs
AllowRemoteShellAccess = true
IdleTimeout = 180000
MaxConcurrentUsers = 5
MaxShellRunTime = 2147483647
MaxProcessesPerShell = 15
MaxMemoryPerShellMB = 150
MaxShellsPerUser = 5

This does I think mean that HTTPS transport for Winrm/remoting is disabled, but that’s not important in my environment. A better fix would be to switch it to use the most recent machine certificate, or even better to use a certificate created for this exact purpose (and then update it when it expires…)