ZFS on Linux with native encryption finally released

The title really says it all, https://github.com/zfsonlinux/zfs/releases/tag/zfs-0.8.0 was released 13 hours ago. Check it out!

Categories: Linux

Quick guide to typeperf for Windows performance monitoring

The typeperf command is an underused gem in the Windows world. It is basically iostat/vmstat/sar for Windows on steroids and is available out of the box from Windows 2000 and up.

With typeperf it is possible to sample any performance counter on the local computer or by all means remotely and write it to the console or to a file at a specified rate, by default once per second. That is perfect when you want to instrument something during a performance test and keep the raw data afterwards.

To get the names of the available counters, run:


typeperf -q >counters.txt

This gets all the installed counters without instances. The same command but with -qx gets the counters with instances. An example of a counter with an instance is \Process(notepad)\% Processor Time which gets the processor time for the notepad process specifically. Without instances notepad becomes *.

To write to a file, include -o. To change the sample rate, use -si. To stop after a given number of samples, use -sc. To connect to another computer, use -s.

To check the total processor time every second:


typeperf "\Processor(_Total)\% Processor Time"

Available memory every ten seconds:


typeperf "\Memory\Available Bytes" -si 10

Pid, processor time and working set for notepad every second (no newlines):


typeperf "\Process(notepad)\ID Process"
  "\Process(notepad)\% Processor Time"
  "\Process(notepad)\Working Set"
  "\Process(notepad)\Working Set - Private"

Disk queue length every second :


typeperf "\PhysicalDisk(*)\Avg. Disk Queue Length"

This just scratches the surface. Happy monitoring!

Categories: Windows

Delete StatefulSet in Kubernetes fails with NotFound

I have created a stateful set with MongoDB databases in Kubernetes with AKS. In order to test the persistent volumes I tried to delete it, but to my surprise that failed:

Error from server (NotFound): the server could not find the requested resource

What? Getting the resource worked, but kubectl describe failed. What to do? I finally found out that my kubectl client was incompatible with the server. Apparently Kubernetes supports one version higher or lower, but kubectl is at 1.10 and the server at 1.8.

Categories: Kubernetes

Terminal in docker exec a mess

Fairly recently the terminal for docker exec has started to misbehave. When I enter a running Wildfly container to view the logs the output becomes garbled with less, vi and other tools. It appears the reason is that the terminal size is not detected (#33794). The solution on Linux/Mac is to pass in the size:


docker exec -e COLUMNS="`tput cols`" -e LINES="`tput lines`" -it imagename

Unfortunately that doesn’t work on Windows. The mode command can provide the columns, but not the number of lines, which must be hard-coded.

Categories: Docker

Azure SQL Server VM backup failures

SQL Server VMs in Azure can be backed up using the SQL Server configuration blade in the portal. When this has been enabled the logs can be swamped by errors similar to:

2018-06-04 11:44:59.88 Backup BACKUP failed to complete the command BACKUP LOG master. Check the backup application log for detailed messages.

Fear not, it is only temporary. A SQL Server backup consists of two parts: a full backup of the database(s) and transaction logs. When no full backup has been done the transaction log backups fail with the error above. The errors should go away when the first full backup has been completed successfully.

As a side note there is no “application log”, the message refers to the calling application and in this case that is the Azure SQL Server extension. It doesn’t log anything useful.

Categories: Database

Biztalk 2016 wants to disable private key protection

Biztalk 2016 failed to receive AS/2 messages with this error:

The MIME encoder failed to sign the message because the certificate has private key protection turned on or the private key does not exist. Please disable private key protection to allow BizTalk to use a certificate for signing.

Sounds straightforward except that private key protection was disabled already. And the user profile for the Biztalk user was loaded, nothing wrong there. I went through the documentation several times, nothing wrong. Finally I found that it was the cryptographic provider.

Basically the problem is that Biztalk 2016 still relies on the ancient .NET 3.5, which lacks support for KSP. Check the certificate:


certutil -p password cert.pfx

If it says “Provider = Microsoft Software Key Storage Provider” then Biztalk will fail and complain about private key protection. Fix it with openssl:


openssl pkcs12 -in my-original-cert.pfx -out temp.pem
openssl pkcs12 -export -in temp.pem -out my-fixed-cert.pfx

Import my-fixed-cert.pfx to the personal certificate store (and if self-signed also import as CA key). Update Biztalk to use the updated certificate and hopefully the problem should be solved. If you are starting from scratch, specify the old provider instead:


New-SelfSignedCertificate -Provider "Microsoft Strong Cryptographic Provider" ...
Categories: Windows

Install .NET 3.5 on Windows Server 2016 for Biztalk

Why would Windows Server 2016 need .NET 3.5? Well, ask Microsoft as it is needed for Biztalk 2016, a product that also requires an old SQL Server version (will not install on 2017) with Windows authentication. Anyway, put that aside. We need it and it should be a simple thing to add the feature. Unfortunately it is not. The wizard complains that it can’t find the files.

After some digging I managed to get it to work. First of all, open the group policy editor (gpedit). Navigate to Local Computer Policy -> Computer Configuration -> Administrative templates -> System -> Specify settings for optional component installation and component repair. Change the option to Enabled with “Download repair content…” on. Exit the application and run in a command prompt as administrator:


dism /online /enable-feature /featurename:NetFX3 /all /LimitAccess

Hopefully that should do the job. Phew!

Categories: Windows