Posted on No Comments on Installing Proxmox on a Dell PowerEdge R240

Installing Proxmox on a Dell PowerEdge R240

Hi there!

2024 started out with the VMware-Broadcom acquisition being completed. Once the sale was completed, Broadcom did not hold back in reorganizing and restructuring a once stable and fantastic company.

If you are reading this, it’s likely because you are exploring alternative Hypervisors, be it for your home lab or for your organization.

This guide is a very basic one and it just covers how to setup Proxmox on a Dell PowerEdge R240 which has the PERC S140 RAID controller.

When deciding how to configure the server for installing Proxmox, you have the choice of using the PERC S140 RAID controller in RAID-1 or to leave the drives running without RAID and configure Proxmox with ZFS.

This guide will focus on not using the Dell S140 RAID controller. There are many discussions about how to prepare the server for the OS install and it seems to be not recommended to load ZFS on top of hardware RAID.

My R240 came with RAID-1 enabled on the PERC S140 with two 960GB SSD drives. I am doing all of this work remotely using Dell OpenManage Enterprise. My Dell R240 did not have an enterprise license so I am using a free 30-day trial license from Dells Trial Licenses iDRAC page here.

***Before you do anything with the following settings, backup any data that you require as modifying the server from RAID to AHCI mode will cause data loss on your disks.***

Booting up the server, press F2 to enter System Setup. Once the System Setup page loads, select the System BIOS option. On the next screen, select SATA Settings.

Once the SATA Settings page loads up, you will need to set the Embedded SATA setting to AHCI Mode. We want the serve to present the disks to Proxmox as a bunch of drives without any RAID control. We will allow Proxmox to protect our disks with a ZFS Mirror.

Acknowledge the Warning alert about the data loss and press OK.

You will be taken back to the System Settings page. Click the Finish button and confirm it with Yes.

To install Proxmox, we need to load up a Proxmox ISO and reboot the server. I am doing this all by using Dell OpenManage Enterprise.

We need to load up the Virtual Media section. If you see the option at the top of the page, click Virtual Media.

The Virtual Media section will now load up. You will see a few options on the left. We are going to make sure we are under the Connect Virtual Media setting. It should indicate that virtual media is disconnected. Click Connect Virtual Media.

Next, under the Map CD/DVD section, click on Choose File and select the Proxmox ISO you will be using. Then click the Map Device button. You will no see that the ISO file is mapped to the CD/DVD Drive.

We will reboot the server and tap F11 to enter the Boot Manager setting. With Boot Manager loaded, select the option One-Shot BIOS Boot Menu and on the next page, select the *Virtual Optical Drive setting.

The server will boot using the Virtual Media we loaded up previously. After a few moments, you should now see the Proxmox installation menu.

I am going to install Proxmox with the Graphical installation. Use the arrow keys to select your option. You will next have the opportunity to review the EULA.

After the EULA, you will be asked to select the Target Harddisk. In my case, I have both of my SSDs listed but I am going to proceed into the Options section.

Once the Harddisk Options menu loads, you can choose your filesystem. In my case, I will use ZFS (RAID-1). With the filesystem selected, click on the OK button.

You should see the Harddisk Options menu confirming your selection. If you have selected ZFS, you will a message within the window that indicates that ZFS is not compatible with hardware RAID controllers, and to reference the documentation for further information. Press the OK button to confirm your settings.

The next few screens will ask you to set your country, time zone and keyboard layout. Press Next when you are ready to continue.

You will now see the Administration Password and Email Address configuration page.

Set a secure password. This password is for the root account, so it will need to be complex and secure. When ready, click Next.

The last and final page will be the Management Network Configuration section.

Select your Management Interface, in my case it is Eno1, the only interface with a LAN connection.

Set your Proxmox hostname in FQDN format. You can use something like PVE01.Lab.com.

Set the IP networking. I’m setting my installation to be static IP addressing and I know what addressing I will use. If you have DHCP enabled and your network port is untagged/access configured or you are using a basic switch, you may have this information already prefilled based on the DHCP settings. Click Next when ready.

The last screen of the install will be the formatting of the drives and the installation process. Proxmox will be installed and will load up shortly. The installation process should be fairly quick.

When the installation completes and the server reboots, you should see a welcome message, which provides you the management IP and port of this nodes Proxmox installation. You will also see a local logon prompt.
At this time, you can just open up the browser and go to the https://IP:8006 and access your Proxmox web gui, seen below.

There are many good guides out on the internet for Proxmox. Below I will link some official documentation along with a few other technical sources that you can use to learn Proxmox.

Proxmox Wiki Main Page

Proxmox Installation (Wiki)

Proxmox Forum

Proxmox Roadmap

Official Proxmox Training

r/Proxmox

Learn Linux TV has a fantastic Proxmox Course

Hope this helps some of you out there. I’ve migrated my homelab from VMware to Proxmox so I will be focusing heavily on Proxmox content. I still work with VMware environment(for now) so I will cover VMware related items that I see fit, but I imagine it won’t be much as we are exploring our options of alternative Hypervisors.

Thank you!

Posted on No Comments on %DTLS-3-HANDSHAKE_FAILURE: openssl_dtls.c:860 Failed to complete DTLS handshake with peer

%DTLS-3-HANDSHAKE_FAILURE: openssl_dtls.c:860 Failed to complete DTLS handshake with peer

As a Systems Administrator, I support a few global locations for the organization that I work for. One of my locations has a Cisco 2500 Series Wireless Controller.

Last night while investigating some power related issues, I had reports from users indicating that wireless network wasn’t working.

The end users reported a red light on the Access Point. I connected to the Wireless Controller and started to look around for any abnormalities and see what the log will show.

I noticed that when I connected to the controller, that I didn’t have any access points being detected.

I decided to see what the logs were showing. I clicked on the Management option at the top, expanded Logs, and clicked on Message Logs.

I noticed that my logs showed a bunch of Handshake Failures. I have removed my IPs and replaced them with x.x.x.x. I had many of these entries.

*spamApTask4: Jan 01 12:47:56.843: %DTLS-3-HANDSHAKE_FAILURE: openssl_dtls.c:860 Failed to complete DTLS handshake with peer x.x.x.x
*spamApTask5: Jan 01 12:47:55.919: %DTLS-3-HANDSHAKE_FAILURE: openssl_dtls.c:860 Failed to complete DTLS handshake with peer x.x.x.x
*spamApTask7: Jan 01 12:47:55.915: %DTLS-3-HANDSHAKE_FAILURE: openssl_dtls.c:860 Failed to complete DTLS handshake with peer x.x.x.x
*spamApTask0: Jan 01 12:47:54.995: %DTLS-3-HANDSHAKE_FAILURE: openssl_dtls.c:860 Failed to complete DTLS handshake with peer x.x.x.x
*spamApTask3: Jan 01 12:47:54.750: %DTLS-3-HANDSHAKE_FAILURE: openssl_dtls.c:860 Failed to complete DTLS handshake with peer x.x.x.x
*spamApTask1: Jan 01 12:47:53.758: %DTLS-3-HANDSHAKE_FAILURE: openssl_dtls.c:860 Failed to complete DTLS handshake with peer x.x.x.x

The first thing that stood out is the date, Jan 01. It was Sept 15th 2023 when I received reports of this issue.

I then decided to go into the Commands option and look at what Set Time has entered.

The time was completely off and this was the cause for the APs to not be able to complete their handshake with the controller.

After setting the local time and timezone, I saved the settings and the configuration so that the next reset, it will boot with the latest changes.

Reviewing the logs again, I now see connectivity entries between the Cisco wireless controller and the Cisco Access Points.

Reviewing the list of Radios being detected, I now see all of my access points listed and functional.

As this wasn’t a complex issue and just required the time to be reconfigured, I wanted to share this solution incase anybody comes across the same problem I have.

Posted on No Comments on QNAP Release Notes

QNAP Release Notes

MERRY CHRISTMAS!

I ran into this while logging into my QNAP. The GUI notified me of a new available firmware update.

Often, it’s just a firmware update and there are no selections. This is what I have available.

Right, this is new to me. This is my first time seeing an option for Security Update or Feature Update. Both seem to show the same version and build ID.

Lets see what the security update contains so that I can understand what changes it will perform.

The Realease Notes link points to the following URL:

https://www.qnap.com/en-us/release-notes/qts/5.0.1.2248/20221215?ref=nas_product

This is what we have under security updates:

Jackie Chan Meme by FireFox2014 on DeviantArt

Is that not just too vague? I found it strange and odd. Why even add anything in there if you aren’t going to shed light on what is being changed.

For anybody wondering about the Feature Update, it is listed as:

Not terrible, at least some details.

Anyways, Merry Christmas and Happy New Year!

Posted on No Comments on The trouble with hacks

The trouble with hacks

/rant

I want to rant. I’ve been working as an IT/Sysadmin for about 2 years now and there are two things that I am haunted by.

  1. DNS
  2. Group Policies

Now, I am always learning and I am by no means an expert at windows systems administration. I took on more and more responsibilities that removed me from the ‘IT Support’ role and let me grow into Systems Administration and I continue to learn daily.

Now, not get into specifics, but taking over a AD infrastructure that was neglected by hacks is terrifying. I refer to hacks, as in people that neglect the network, that don’t have a proper vision for documentation and structure and that don’t understand how AD and GPOs work.

Within the IT SysAdmin community “It’s always DNS” is a common phrase and a joke at times. Well god dam, I can’t believe how accurate it is or how powerful DNS is in a network.

You know what irks me? People that use crafty stupid hostnames for critical servers or any server at that. Stupid names such as “Sugar Baby” “Super Man” “Bat Man”, etc… you get the gist.

When you take over a network and have critical servers with stupid naming conventions like that, it can get very easy to shut down the wrong server or make changes because all of the names are so irrelevant. Especially when nothing is documented and you are left to your own to research and investigate carefully.

Not that I’ve had that happen, but I have had a mishap with a DNS record that was named something ridiculous. The server wasn’t even around anymore but a critical server was using that DNS record for a link to an IP in it’s hostfile. Something I never thought to check nor look into.

The other thing that annoys me is the ignorance of not knowing how to properly setup GPO’s and push them out to AD. You do NOT need to enforce everything. Stop doing that. After spending time looking around and cleaning up GPO’s, you wonder what would drive a person to just enforce everything.

Sure, if it’s a critical policy that you want in every OU regardless if it has Inheritance blocking or not but don’t enforce everything just because you are trying to push the policy out faster or believe that it will guarantee that the policy will get to the clients.

I cannot believe that a novice admin is correcting domain wide issue that a senior IT director of many years had made.

I can spend the rest of my afternoon ranting about stuff that I’ve come across but that’s not the point of this post. I wanted to get DNS and GPO’s off my chest only.

I suppose you will find this in any job/career. People that want to take initiative, drive, pride in their work and do the best with what they can. Others will just let things fall into disarray and not bother.

/rant