Thursday, August 19, 2010

Notes on Amazon EC2 Image Creation Fails for Windows Machines

Disclaimer:
  • This is my notes on the topic and not necessarily a complete solution. In fact, probably it contains some very inaccurate information (but you can help to rectify this via your comments.)
  • This article also pertains to EBS Backed Windows EC2 running instances.
One of the things all of us should do is that once we have a stable machine running, we'd want to save the image of it so that if, for some reason, we completely trash the running image, we have something to go back to without spending a lot of time putting the machine back from the scratch.

Obviously I have tried this with varying degree of success and information on this is scattered around the Amazon AWS forums and on the web. The most common of the errors would be that the Image creation begins and then after a long while it says "Failed" but without much explanations why. Some people on the net are saying the success rate is 40%. I was actually relieved to find this because I thought it was just me that's suffering this much failure rate!

The Amazon documentation is not very clear to me as to what and how to do these things. It seems to require you have gained some more "under-the-hood" knowledge of this. And as a just a casual user of the system I expect that I should not need to learn everything to use it.

In addition to that as a "basic" user, I don't get any direct support from Amazon. That's at least $100/mo or much more for silver or gold support privilege even in these kind of the situations when the failure (even just to explain what to do) is on their side.

I also highly suggest you install Elasticfox on your browser. Since the following descriptions will be based on how I'd do things on Elasticfox.

My Findings on Creating a Copy of Running Image
  • To do this on Elasticfox, go to the Instances list, right click and select Create Images (AMI) item.
  • Many people reported that when creating a copy from the running image, it will stop and restart the instance. This does happen. Worse yet, it will be stopped for the entire duration of when it is taking the snapshot, depending, this could be 10s of minutes. You'd probably want to schedule a down time. I should have done this just as soon as I have created the initial instance before went into production. Elasticfox does have a menu item not to reboot the instance I have not yet tried this.
  • Some people say it has to be a Running instance, but that seems to be not true. I can image from a stopped instance as well and I have made images successfully this way via Elasticfox. In fact, that has more success rate than doing it on a running instance.

Some of The Issues I Have Discovered That Cause Failures
  • Again, copying the running instance will cause a restart, so be prepared for the downtime.
  • If you have already stopped the instance, it is at least more likely the imaging will succeed. A few caveats on this are that, at least in my case, the Elastic IP will get disassociated with the instance as shutting down the instance will detach the Elastic IP (wish they did not, at least for a short time), and also the machine's local addresses will change after restarting. This means that if you are locally pointing systems, for example, SQL, then the that address have to be re-configured in each application.
  • Processes like SQL or other high I/O or CPU consumer items should be stopped. In fact, you should pare down the services to essentials (like SQL, agents, browser etc.) before taking the image copy. The one exception to this is not to stop the Amazon's EC2 services that came with the original Windows image whichever they exist.
  • If you have other volumes mounted that also leads to a failure. Stop all services and applications you don't need to be running then dismount any "drives" and then make the image copy. This seems not be an issue if you are imaging a stopped instance.
Well, good luck and if you find this article correct or wrong, please let me know in the comments so that I can actually improve it.



Wednesday, August 18, 2010

IIS 6: Installing Duplicate Certificates to Multiple IIS 6 Servers For Server Farm Implementation

Symptom:

You have more than one servers that are hosted through a load-balanced router. The external address is assigned to (obviously) a single Fully Qualified Domain Name (FQDN). You want to install the same server certificate that represents the same domain name across all your IIS 6 based servers.

Procedure:

First off, yes you can do this. The procedure is very clearly explained in this Microsoft article:


Just in case we lose above article, here is the gist of how it is done.
  • Request and install the cert on the first server as you would normally do. Don't do the request from other servers, if you do, remove any pending cert requests.
  • Open the MMC and add the Certificate module.
  • Open the Computer Account then Personal certificate folder.
  • Navigate down to the Web Certificate you want to export.
  • Right click tasks and Export.
  • In the wizard select to include the Private Key and include all certificates in the path in the next page.
  • Copy the exported result to another server
  • Do the same MMC stuff
  • Import the stuff you exported into the Personal store
  • From the IIS certificate section of the Directory Security, do the "Assign an Existing Certificate"
That's basically all you need to do.



Getting an XmlNode (or XmlElement) Out of XPathNodeIterator (C#)

Symptom:

You have a code you iterate through a group of Xml Nodes (for most people that's XmlElement). You have however noticed that once you get to a specific spot, there is no easy way to perform the complete node operations against the iterator since Casting of the iterator to XmlElement results in a compilation error.

So, you cannot cast the Current of the iterator like

XmlNode node = (XmlNode) i.Current;

(I really think this is a poor design myself since it goes against all our intuition.)

Solution:

Well, there actually is a way to "cast" this to an element, but the syntax is a bit more involved.

XmlNode node = ((IHasXmlNode) i.Current).GetNode();

Or in most cases you can cast this to XmlElement by

XmlElement node = (XmlElement) ((IHasXmlNode) i.Current).GetNode();

Get a Permission Error When Creating A New Scheduled Task

Symptom:

You tried to create a new Scheduled Task on Windows XP (may be other version of Windows) and you get a Permission Denied error even though you are logged in as the local administrator.

Fix:

The Schedules are stored under C:\Windows\Tasks Unfortunately if you try to alter the permission on the specific folder you may not be able to.

In order to get around this, you can 'Mount a Network Drive" of the path \\[YourComptuerName]\c$\Windows\Tasks

Be sure that Tasks is the top level of the share.

Now you can right mouse click the mounted drive and you can change the permissions.