Block Networks

Anonymous Comments Disabled

Kieran.Block — Wed, 15 Sep 2010 04:17:00 GMT

Up until now, I left these on - getting messages from people all over the world thanking me for uploading the stuff that I did was fantastic - I thank you all for posting them.

However, as the amount of spam increases - to the point where my server failed - I have to disable them.

Feel free to contact me in other ways, register to post, think thankful thoughts, or simply do nothing at all ;)

Kieran

What do you do when you cannot login to CommunityServer?

Kieran.Block — Wed, 15 Sep 2010 03:59:00 GMT

So, it has been a while since my last post.

Basically, I was busy/lazy/whatever - life is hectic, we all know that. Additionally, however, I had a problem where I could not even login to my blog. I just ignored it and went back to real life, but today I was trying to avoid doing something else and decided to figure out what the hell was going on.

This is (if I recall correctly) CommunityServer 2008, hosted on SQL 2005, on GoDaddy

I was CERTAIN that I had my password correct, and confirmed this by opening up the SQL manager on GoDaddy and looking at the following tables;

aspnet_Membership - this confirms the username

aspnet_Profile - this confirms the password (it is hashed, but you can overwrite it)

After some googling, I saw a post by Dave Stokes - if you are having problems and see his name on a post, you are well on your way to a solution - he was pointing out the cs_Exceptions table to find more information about the error. Looking in there, I was able to find the following error;

CommunityServer.Components.CSException: Iterator Failed. Type CommunityServer.Blogs.Components.GenerateWeblogYearMonthDayListJob. Method GenerateWeblogYearMonthDayList. Reason Could not allocate a new page for database 'MyDatabase' because of insufficient disk space in filegroup 'PRIMARY'. Create the necessary space by dropping objects in the filegroup, adding additional files to the filegroup, or setting autogrowth on for existing files in the filegroup.

ORLY?!

So, how do you free up space in a SQL database that is hosted on GoDaddy? Awesome question, I am glad I asked it of myself. I started deleting individual users and posts (spam) to try and free it up, but that was beyond slow - and then I saw this command;

DELETE FROM cs_posts_deleted_archive

It looks as though CS doesn't ever empty that archive, but that command did it.

All of a sudden, I can logon, and post the solution about how I can now log on - hopefully it saves someone else the ~2 hours or so (in this sitting) that it took me

Kieran

Windows must be reinstalled to activate! Server 2008...

James.Kindon — Thu, 29 Oct 2009 02:29:00 GMT

After installing SP2 on server 2008 before activating, I found a nice little error stating i needed to reinstall windows! bah! the following works for not just Vista, but also 2008 Server

1) Open Internet Browser

2) Type %windir%\system32 into the browser address bar.

3) Find the file CMD.exe

4) Right-Click on CMD.exe and select 'Run as Administrator'

5) Type: net stop slsvc (it may ask you if you are sure, select yes)

6) Type: cd %windir%\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareLicensing

7) Type: rename tokens.dat tokens.bar

8) Type: cd %windir%\system32

9) Type net start slsvc

10) Type: cscript slmgr.vbs -rilc

11) Reboot

http://social.microsoft.com/Forums/en-US/genuinevista/thread/d8c7d689-ccb7-4dc2-ab97-40988db8524d

Apologies on Formatting

James.Kindon — Fri, 09 Oct 2009 06:59:00 GMT

Apologies on the formatting of Cisco Article....Community Server needs some work on article writing - the info is there though

Windows Server 2008 Print.exe problems - Unable to Initialize device

James.Kindon — Mon, 09 Mar 2009 21:07:00 GMT

Morning,

Problem I have been working on for the last few weeks, was running the print command from the command prompt to a 2008 hosted printer...You receive and error of "Unable to Iniatialize Device "

This problem only occurs when the printer is physically hosted on a 2008 Server

Microsoft have confirmed that this problem is due to smb2 which is new with Server 2008 and Vista, they are also currently working on a patch for the problem. There is however 2 options for getting this to work

1. Host the printer on a 2003 Server
2. Disable SMB2 and revert back to SMB1 - See this guide for Details, Again, Thank you to the Petri Website for this guide which once again has proven amazingly accurate and indepth. Whilst it doesnt specifically mention print.exe, Microsoft have vocalised the problem and I have tested this solution with success
http://www.petri.co.il/how-to-disable-smb-2-on-windows-vista-or-server-2008.htm

James

SCCM Client Domain Join Option In Task Sequence Configuration

James.Kindon — Sat, 07 Mar 2009 05:47:00 GMT

When playing with the OS Deployment tools in SCCM, we discover yet another wonderful option in the Task Sequences that allow us to automatically join a machine to a domain after the SYSPREP process runs - unreal!

A few tips when setting this up before creating your task sequence media and imaging your machines. This option is found under the network settings option in your task sequence...

1. Create an account in AD specifically for this domain join portion of the sequence. If you control who can join the domain via groups and group policy, then add this user to the required group. If not, then you can use the delegation of control wizard to allow permissions for Domain Join Only on this account

2. In the actual Task sequence option, Do not specify the default computers container in Active Directory for your machine locations....(this is a redundant point if your SCCM Server is a DC). Create a dedicated OU on the root of your Domain for Client Machine locations eg: LDAP://OU=SCCM Computer Joins,DC=Domain,DC=Local If you do not specify a specific OU, It will fail the join

3. Specify your Domain Joining account in the account options under Network settings.

Once you have OS deployment happening, SCCM's ability to continue your usual manual tasks automatically is unreal

James

System Center Configuration Manager Client Deployment Problems

James.Kindon — Sat, 07 Mar 2009 05:31:00 GMT

One of the bugs that I have come across so far with config manager, is the client installation push for the SMS agent....Whilst the collections will poll Active Directory and update thelmselves with machines, right clicking either a collection, or an actual client machine and selecting "install agent", leaves you wondering where your agent is - 24 hours later!....The same can be said when trying to manually install the client agent on a client machine or server....

After trauling and trauling, reinstalls from scratch using two different environments, I discovered this blog which resolved our issues.

http://social.technet.microsoft.com/forums/en-US/configmgrsetup/thread/24029fc2-6898-4d99-81cf-301c339f9784/

Seems that this fix so far is not officially documented by MS, but I can imagine there are a stack of people who are running into this problem on a 64 bit Windows Server 2008 Platform, Hope this can help you out in your environments

The Client install log (located in the System Centre Install Folder) will display the following
___________________________________________________________________________

From the client's CCMSetup.log

Failed to correctly recieve a WEBDAV request

Failed to successfully complete HTTP request (StatusCode at WinHttpQueryHeaders: 405)

Sending Fallback Status Point message, STATEID='301'
___________________________________________________________________________

The Solution....
___________________________________________________________________________

%windir%\System32\inetsrv\config\applicationHost.config

1. Open the applicationHost.config file to edit it.

2. Search for "Handlers accesspolicy"

3. Paste the following information on the next line

<add name="WebDAV" path="*" verb="PROPFIND,PROPPATCH,MKCOL,PUT,COPY,DELETE,MOVE,LOCK,UNLOCK" modules="WebDAVModule" resourceType="Unspecified" requireAccess="None" />
_____________________________________________________________________________________

Good luck

System Centre Glory Products!

James.Kindon — Thu, 05 Mar 2009 08:52:00 GMT

So! Some happier news on from my last not so positive post....System Centre is certainly starting to kick some serious ass....

I have just push Configuration Manager 2007 (SCCM) and Operations Manager 2007 (SCOM) Live and wow....what a system!! I am absolutely dumbfounded by how far along these programs have come, and loving every minute of it!

These tools, in particular, Configuration Manager are absolutely amazing for your client and server management needs - and are making my deployment of over 100 sites looking a far less daunting task....

I would deffinitely reccomend both of these products to anyone, but would also advise a test environment first to iron out the bugs, of which there are a few that i will post about a little later on....

On a whole, a way way better experience than that of Hyper V! Will post some advice and querks to help out along the way when I get some more time

Hyper V! - Hyper What? - Hyper Frustrating!

James.Kindon — Tue, 10 Feb 2009 23:17:00 GMT

Right, So, I'm a Microsoft Buff through and through as most of you will know and usually, I love embracing the latest and greatest that MS Has to offer.....But a small word of warning, If you are going to experiment with Hyper V, Be very very careful. I will not bad mouth it here, but i highly recommend a looooad of testing before you push this even into test and Dev Scenario's....can be exceedingly painful.....

The solution for free Virtualisation:

Enter ESXi Here.

James

Hardware Spec Lessons Learnt....

James.Kindon — Thu, 18 Dec 2008 03:29:00 GMT

So, last time I posted I was dribbling on about Hardware requirements and what to look for when choosing a vendor or partner to work with...Now I'm going to point out a couple of small things that next time I take this path, I will have under my belt...

Have Yourself, Your Solution Provider or Partner, and a 3rd party person go over your Infrastructure Solution Design....You should map out, every part of the system that you are buying, and look at what they do, how they integrate and any potential pitfalls. Dont trust any one person, you want multiple eyes on this

For Example: A Blade Centre Can hold 16 Blades (Dell or HP)....So you need adequate Bandwdith for these systems...yet a standard enclosure ships with 4Gb....You need to purchase 10Gb Modules for your internal Switches (Chassis Mounted) or else you share 4Gb of Data between 16 servers.....A small thing that is so easily looked over...

Another Exmaple: Certain Vendors (Won't wont mention names) Ship different Fibre Switches with different licences....If you dont have the appropriate licences, they wont talk, and you are in trouble...Something that again, is so small, yet hinders installation and progress and adds to out of budget costs

I can go on with a few more, but the basic point is, sit down, and map out how every component integrates. Then have it reviewed and signed before you spend the money...You dont want to be slapped around by Management when your costs blow out due to not doing it...

Finishing SAN Installation and Configuration soon, Will post on SQL optimized disk arrays once documented :)

James

WSUS Wiki to the rescue yet again!

James.Kindon — Thu, 18 Dec 2008 03:15:00 GMT

Just wanted to point out how amazing this site is...If you havent visited in the past, you really should book mark this site...I don't think i have ever come across an issue WSUSWiki hasn't already blogged....

And the latest.....You find an Event ID 364 Logged in your Application Logs with the following description

""Content file download failed. Reason: The server does not support the necessary HTTP protocol. Background Intelligent Transfer Service (BITS) requires that the server support the Range protocol header.""

http://www.wsuswiki.com/ContentFileDownloadFailedAccessDeniedNoHTTP

Again - To the rescue - a 2 second solution...unreal!

James

Corporate spammers

Kieran.Block — Sun, 14 Dec 2008 07:13:00 GMT

As I mentioned before, I was the unlucky recipient of a domain which had previously been published (accidentally).

This has led to the unique bonus of a ready-made honeypot. Honeypots, for those of you who don't know, are email addresses that have been posted onto the internet for the express purpose of being found by spammers and then added to their lists of people to sell Viagra and fake Rolex watches to.

Why do I want a few thousand Viagra emails a day? Well, I don't (yet). It does, however, lend itself to an interesting by-product - legitimate companies spamming me. How? Well, most legitimate companies send out newsletters and offers and what-not to people on their distributions lists - everytime you put a business card into a barrel at an expo, you just signed up. However, these companies do not actually send out the emails themselves, they use other companies that specialise in sending out their mail (prices go up to extortionate levels of $0.30 an email) and as with all tactics or industries less than perfect, people do stupid things to make a buck.

Some of these third party companies will, on occasion, increase their lists by using less reputable methods of getting email addresses - if you search for "email address lists" chances are you will find some hockster selling a few million email addresses for $50 - if each address you add to the list costs the customer $0.30, that is effectively free money.

Now, I was aprehensive about actually doing this - I am sure there are legal folks out there who will no doubt request removal of this page and try to sue me. What I have is undeniable proof, full insurance, and an office on a floor full of lawyers.

What I also did was offer the offending company a chance to explain themselves, which they ignored.

N-able Technologies, makers of (actually quite good) remote management software, were the most recent company to find their way into my honeypot. Twenty five times, since April, although I only just noticed.

Headers;

Microsoft Mail Internet Headers Version 2.0
thread-index: AclTyvbGK2lTvEIpQQSn81lP7LJ1yw==
Received: from mkt8.verticalresponse.com ([209.66.113.63]) by vrbl.kicks-ass.net with Microsoft SMTPSVC(6.0.3790.1830); Tue, 2 Dec 2008 02:39:13 +1100
Return-Path: <bounces-910a7023ec-ea0136bbbb@b.cts.vresp.com>
DomainKey-Signature: q=dns; a=rsa-sha1; c=nofws;s=mkt; d=vresp.com;h=X-MailerISP:Received:From:Reply-To:To:Subject:Date:Message-ID:List-Unsubscribe:MIME-Version:X-Company_ID:X-CTS-Enabled:X-Campaign:Content-Type;b=JPX3Cl2sN/FwxDVxnZmH893kxIFb86F/zm7wHH1M1JfQuJSvFk+IN4RM0w4xsdHcZ+AfCP6o3Bm+rCJvY7TmHzzroKLDgzAyVEXiDfZ32a8Vmf/nyb3xDPNiToQwlbto09KaHcbEZIPZ/FfHgW0EU4YOpClMd4BU9nhUYjRJF6E=
Content-Transfer-Encoding: 7bit
X-MailerISP: AboveNet
Received: from [10.4.7.56] ([10.4.7.56:48203] helo=mailer02.sf.verticalresponse.com) by hollister.sf.verticalresponse.com (envelope-from <bounces-910a7023ec-ea0136bbbb@b.cts.vresp.com>) (ecelerity 2.2.2.35 r(26825/26826M)) with ESMTP id A3/FA-07009-E0104394; Mon, 01 Dec 2008 07:21:50 -0800
From: "N-able Technologies" <N_able_Technologies@mail.vresp.com>
Content-Class: urn:content-classes:message
Importance: normal
Reply-To: "N-able Technologies" <reply-910a7023ec-ea0136bbbb-614f@u.cts.vresp.com>
Priority: normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.4325
To: <geos@block.net.au>
Subject: Last Chance: Webinar - Earn More Desktop Revenue with N-able & Intel
Date: Mon, 01 Dec 2008 15:21:50 +0000
Message-ID: <910a7023ec-geos=block.net.au@mail.vresp.com>
List-Unsubscribe: <mailto:reply-910a7023ec-ea0136bbbb-614f@u.cts.vresp.com?subject=unsubscribe>
MIME-Version: 1.0
X-Company_ID: 226579
X-CTS-Enabled: 910a7023ec-ea0136bbbb
X-Campaign: 910a7023ec
Content-Type: multipart/alternative;
boundary="__________MIMEboundary__________"
X-OriginalArrivalTime: 01 Dec 2008 15:39:13.0982 (UTC) FILETIME=[F6703DE0:01C953CA]

--__________MIMEboundary__________
Content-Type: text/plain;
charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

--__________MIMEboundary__________
Content-Type: text/html;
charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

--__________MIMEboundary__________--

Vertical Response seems to be the company that N-able use to send out their emails, and somehow, my honeypot address got in there.

Even more damning is the fact that the emails start "Dear Geo:" or "Hi Geo,"

This is not new either, about 18 months ago I received similar spam from a different, high profile, software company (no, not Microsoft) - I brought it to their attention on their forums, and they apologised profusely and then swept it under the rug - I am not completely happy with how that worked out, but at least they seemed to care that they had done something wrong. They did, however, try to make good - so I will not name them.

Corporate spammers beware.

-- Before posting this article, I gave N-able a week to respond to it - they opted not to.

ERP Hardware Requirements - A starting point

James.Kindon — Mon, 01 Dec 2008 00:57:00 GMT

Few thoughts on Hardware Specifications for your ERP Environment...

So you have chosen your ERP Solution and are now looking at the server design behind it...a few thoughts on my experience so far with this

1) Talk to the guys in the know...Swallow your pride, and play stupid, you want to know exactly what the guys that design the systems reccomend for hardware....If you are like myself, and are taking a microsoft path, take their minimum requirements and double it....You want to know processor, memory, and disk loads on your servers, for database setups, you really really want to spec your RAID arrays correctly

2) Reasearch for yourself - For each technology you are implementing, jump online and look at reccomendations on configuration and deployment techniques - for Example, look at the best way to configure your SAN for SQL Performance, there are many many articles online on how this should be done

3) Play the Vendors - Each of the Vendors or partners you work with, will have specialists who will give you their two cents on how your environment should be setup - Talk to numerous, and compare what they each say, you will find it very interesting to see the differences that come up, and it gives you something to research and find out for yourself the ups and downs, and then base your own design on that knowledge...

4) Choose hardware wisely. This is one of the toughest calls you will make in the infrastructure design. Most Vendors offer relatively similar offerings with some differences of course, but rarely will one not be able to do what the other can...its usually a leapfrog pattern with vendors, HP realease a new offering, IBM take over a few months down the track, DELL step in another few months down and beat IBM, Then HP come back in with a new generation which wins....and so on and so on...So my advice on this is to work with what, and who you know....For myself, I have taken the Path of A DELL Blade Centre with EMC Storage...Why? Because i know the DELL product range, And for me, they have been unbeleivable helpful and reliable since i have been working with them, EMC are pretty much the leaders in Storage and DELL Partner up with them, giving me support benefits, price benefits and a central point of call for everthing....They also at this point in time, appear to be the winning frog in the never ending pattern of the Blade Centres...3 months down the track could have seen HP in the lead...

5) Negotiate with Vendors. These guys have room to move, and if you are doing a decent size project, none of them want to see you leave....so play them against each other...! It can be hard, and you can feel like a ***, but this is business, and thousand bucks here, and a few hundred there, mean you have more money to play with coolder toys later on....Play them and play them hard

6) Support and warranty...When you are dealing with a solution that your business is depending on, then you really really need to keep support and maintenance in the front of your mind....If something falls over, you need it fixed asap or its your *ss on the line...Most Vendors will ship a 3 year warranty as part of their kit, but really, is 3 years enough - I chose 5 on everything....cost went through the roof, but the business, myself, and whoever takes my role in the future, can rest in the fact that for 5 years, everything is covered - and that is a nice feeling!

7) Virtualisation. Yes, its the craze at the moment, and rightly so...Virtualisation is amazing....it is quickly becoming a part of every day infrastructure...Scope virtualization options early in the peice....it can be a costly little venture if you dont budget for this initally as part of your plans...some cool little products like VMWare ESXi is shipped only as OEM when using bare metal HyperV's, and can save you some serious coin....Citrix is also an exceedingly good option to be looking at while Microsofts HyperV is still in baby phase and has a long way to go as yet - it will get there though

8) Plan it, Rack it and Stack it! Keep note on this! The bigger the ERP, the bigger the server requirements....bigger server requirements, the more space (even in Blade Centres), if Database driven, you are going to want Storage Arrays - which is more space...which then needs fibre or Ethernet (for ISCI) switches - more space!...And finally, all this requires power redundancy, which is a stack of space on its own...Visio has a great rack builder and visualisation tools with add-inns from most vendors now, so that you can accurately map out your hardware before shooting yourself in the foot. I managed to fill a 42RU rack in a day....and if I hadn't mapped this out with Visio, I would have been stuffed...

So thats it for now, I have my System Racked and Stacked and waiting for power.....Next update I'll discuss Storage and Blade integration with a high emphasis in SQL performance configuration :)

Cheers

James

ERP Mayhem for your Enjoyment

James.Kindon — Mon, 24 Nov 2008 05:20:00 GMT

Its been a while since i posted anything of use, and thats been due to the preparations of the new ERP rollout we are about to undertake....

We are about to undertake one of the largest Dynamics AX rollouts in Aus....Using not only the latest in Server Technologies, but the latest Microsoft Solutions and Integrating Technologies

Over the next few months I will try and blog on the process and the trials and tribulations that we face, and hopefully overcome

Ill take you through Server 2008 Rollout, ADDS 2008 (which is already in place), HyperV, SQL 2009, Microsoft System Centre and its relevant components, and cover any Integration issues that we have beteween Manhatten warehousing as well as numerous other solutions that we will be moving away from

Hopefully I will have some useful info to pass through on the project

Any requests or suggestions for articles or guides would be appreciated too, as i am out of ideas at the moment :)

Cheers

James

Why Microsoft?

James.Kindon — Tue, 14 Oct 2008 05:22:00 GMT

Why Microsoft - purely because of these two articles right here :)

http://support.microsoft.com/kb/261186

http://support.microsoft.com/kb/314458

MVP 2009 Cycle :)

James.Kindon — Fri, 03 Oct 2008 03:01:00 GMT

Woohoo - Microsoft were kind enough to bring me back into the MVP Directory Services Team for 2009 - Happy times :)

James

2008 RODC's and SQL 2005 & Backup Exec 12.0

James.Kindon — Thu, 18 Sep 2008 00:59:00 GMT

So, You have read up on the big push for the Branch office Scenario Technologies that MS have released in Server 2008 - Server Core, RODC's, Bitlocker etc etc, and all seems great and wonderful...which it is, but you start running into some interesting little issues along the way...one, being the inability to install SQL 2005 full blown or Express Versions on an RODC....nice!

Now this is a funny little one, as considering you have deployed an RODC, chances are you have a single server, with a small user base on that site, and you would really really like to stick with a single server and have it take care of everything (which means server core probably isnt feasible)....And then you cop this nice little problem (exposed to me by Backup Exec 12.0) which nicely gives you the option of using a remote instance of SQL across a WAN....Not my idela situation...

What do you do? You have a few options
1) Use a remote instance of SQL and hope for the best (chances are it will work but i dont like cross WAN options when they can be avoided)
2) Use Windows Backup instead of BackupExec - Not a bad option really considering Symantec are, well, Symantec
3) Work around the problem instead of blanketly saying it cant be done...as per the following

- Problem as per my old Nemesis Symantec:
http://seer.entsupport.symantec.com/docs/290572.htm

Cause

This issue occurs because SQL Express and SQL Server 2005 cannot be installed on a Windows 2008 computer that is configured in a RODC role. Reason being, the RODC role does not allow the use of local accounts, which are required for SQL Express and SQL Server 2005.

Resolution

To resolve the issue, select a remote SQL instance for the Backup Exec database when installing Backup Exec on a RODC.

Wow.

That doesnt sit right with me personally....So here is a real fix.

1. Demote your RODC back to a member server....
2. Install Backup Exec 12.0 with its default settings - it will install SQL Express 2005 for you (note SQL express 2008 is a no go)
3. Change the Service Logon Accounts for SQL and Backup Exec to Domain Accounts
4. Promote your Server to an RODC

Wow, it magically all works...and not all that hard to figure out why....

James

Server 2008 ADPrep Errors when preparing a 2003 Based Domain... - Adprep was unable to complete because the call back function failed.

James.Kindon — Mon, 08 Sep 2008 04:44:00 GMT

"""""

Updating change from:" International ISDN Number (Others)" to "International ISDN Number (Others)" for locale 409, object inetOrgPerson-Display and property attributeDisplayNames.

Adprep was unable to complete because the call back function failed.

[Status/Consequence]

Error message: C:\WINDOWS\debug\adprep\logs\20080903175259\LDIF.log The process cannot access the file because it is being used by another process.

(0x80070020).

[User Action]

Check the log file ADPrep.log, in the C:\WINDOWS\debug\adprep\logs\20080903175259 directory for more information.

Adprep was unable to update forest information.

[Status/Consequence]

Adprep requires access to existing forest-wide information from the schema master in order to complete this operation.

[User Action]

Check the log file, ADPrep.log, in the C:\WINDOWS\debug\adprep\logs\20080903175259 directory for more information.

""""""

So, what the hell does this error mean and why does it occur when you are running it on the Schema Master, with the Domain Administrator account, with nothing obvious to look at....and the log files are about as useful as my.....well......something useless....

Surprise Surprise - its McAfee 8.5i Enterprise edition that causes this, simply uninstall...run your adprep tools, and reinstall...

Such a simple solution for such a PITA non obvious issue...

Enjoy

Moving from ESX to Hyper-V - Part 1

Kieran.Block — Tue, 02 Sep 2008 13:18:00 GMT

So, I have my ESX server humming away nicely here -- it does what I need it to do, and I don't have too many complaints. However, with the release of Hyper-V, I think it is time to move over.

Why? Is it because I am on the kool-aide? Dogfooding? Nope, I just think it will be better.

Put down your pitchforks folks, I'm serious. I searched long and hard for an unbiased comparison of ESX and Hyper-V, and it simply doesn't exist. You either get a VMWare or MS bias, which is a shame, because I just want my test server to work as well as it possibly can. I have (free) licensing for both, and have no problems with the learning curve so I have no real reason to choose one over the other. There is a perception that MVPs are supposed to instantly side with MS, and I can tell you right now it aint so -- if an MS product sucks at something, I tell them. More importantly than that though, I tell them why. So, with that out of the way, I present _my_ comparison of ESX and Hyper-V. So far, the only meaningful reasons that I have seen for using ESX over Hyper-V are as follows;

Support for non MS guests
Live Migration over Quick Migration
Product maturity
That is it. Performance wise, I have it on good authority that "there should be no performance reason for a user who is virtualizing Windows servers to choose ESX over Hyper-V", I am yet to test that out, but it was enough for me to have a go.

Now, Live Migration is great, if you are using it. I only have one server, and Directly Attached Storage, so it is on zero value to me. That doesn't mean I disregard this lacking feature overall, just that it isn't important to me now. The same can be said for non MS guests; this is my test server, and I support MS environments pretty much exclusively. As for product maturity, it is another very valid point, but one that is unimportant to me. As I said earlier, I had an MS guy tell me it would all be fine, and I am sure I could bribe someone for his phone number so that I can hassle him to no end if it all goes pear shaped.

The problems I have had with ESX are pretty low. First, I have had a few issues with VMDKs becoming corrupted. I am not saying this couldn't happen in Hyper-V as well, but it sure took some of the shine off what I was expecting to be my love-affair with ESX. The solution was usually always a host reboot (and/or some VMDK tools) but it really took away from the whole "realiability" angle I expected (I have one of these in production as well, and it is never fun rebooting 8 servers at once...). Second, ESX had some unwieldy ways of doing things. Moving ISOs from a workstation to the host took AGES, it was so bad that I would try and line up a few at once and do it overnight (this was using FastSCP - apparently the quick way of doing it). Third was supportability, I had a stack of problems using a HP LTO3 drive attached to an ESX host that were a bear to fix. Way more importantly, Microsoft do not currently support Exchange server in a virtualized environment (edit; I believe this is changing now). Finally, it can be a bit of a pig to the linux unskilled. Changing an IP address is usually answer with "reinstall ESX". It sounds a whole lot worse than it actually is, but it is still something that I never liked (add to that, USB was a big ugly grey area).

So, my hope for Hyper-V is that I will a) have much faster access to moving things on and off the server, b) a similar speed to do everything I normally did on ESX (I have setup performance counters for seven days on my server, and I will compare them with identically configured servers on Hyper-V), selfishly c) something worthwhile to write about.

Down to planning for the actual move.

Currently, I have two critical production servers; DC-01, my Windows 2003R2 x32 DC/DNS/DHCP and EX-01, my Exchange 2003 server. These must make it over perfectly, so I am going to spend the most time on them. Additionally, I have a few less important servers; two CRM servers (CRM-01 and DB-01 (CRM3x32 and CRM4x64 respectively)) and an Exchange 2007 server that I was planning to migrate to (and had started...). Everything else was test only, and for my sanity, will be skipped. There is also a huge collection of ISOs that I don't want to have to transfer again - If I can keep them, great.

I am torn on the best approach; ideally I want to do as many different methods as possible to show what works best, practically I want to do as little work as possible to get it done. That said, I mainly just want my mail back up and running - anything else is a bonus. Currently, the server has two RAID5 arrays which means I may be able to move everything to the secondary array, install Hyper-V on the primary and then somehow get data back over. So, I am going for a multi-pronged attack which will look something like this;

Move all ISOs to secondary array
Configure another machine on the network to receive mail while the Exchange server is down (which I will publish shortly)
File backup of EX-01 (I have *never* done a backup of my Exchange server (as a proof of concept for "ultimate disaster recovery", more on that later) so I have a stack of transaction logs - I want to back all of this up exactly as it is, so that I can test it later if I need/want to.
NTBackup of DC-01 and EX-01 - moving the BKF files over to a workstation off the server, this is my "Plan Z"
Acronis Image of both servers to a virtual disk, which will then be copied over the network to a workstation
Shutdown the servers and move all the VMDK files to the secondary array, and to a separate workstation - there is a tool which will convert the VMDK files straight over to VHD here <<LINK>>. I am concerned about it, as "allegedly" Hyper-V does not support SCSI disks, and ESX does not support IDE. Fun will no doubt ensue.
Format and install of Windows 2008 x64 Core with the Hyper-V role to the primary array
Install SCVMM and try first at a direct conversion of the VMDKs, with the option to fall back on my Acronis images, and then to a more standard disaster recovery.

All in all, I can't see too many problems -- then again, I haven't started yet...

Single AD and your Remote WAN offices

James.Kindon — Wed, 02 Jul 2008 02:27:00 GMT

Over the last 12 months, I have been undertaking a centralisation of AD project across over 100 Sites. If you read through some of my previous AD design and implementation articles, you will see that i push the single AD path quite heavily inline with both Microsoft reccomendations and real world experience

Unfortunately, there are one or two small bugs that still need to be addressed in a Single AD environment, with remote sites that do not host a Domain Controller. In reality, with sites that have 4 or 5 computers, there is not a justification of cost to implement a local DC at each site. Whilst this would be a Fantastic environment to work in, its simply not something that can always be justified.

The biggest problem that i have found so far, is that when a WAN link drops at a remote site, certain functions of everyday network no longer work, the biggest is local drive mappings. For example, say you have an XP machine that hosts a small POS application, and all other clients MAP to this machine. If the WAN link drops, the user can logon with Cached Credentials, but drive mappings to other machines fail, due to no local GC being contactable to provide authentication. This may be ok for an hour or so, but when you start talking of days without a Link being restored, this becomes a very serious matter

The ony work around to date that i have found is to emulate a workgroup environment temporarily. When i say emulate, i mean drop back to the Authentication of mapped drives occuring at a SAM level, rather than AD. This isnt as bad as it sounds, considering that cached computer security settings from a GPO still apply so your security isnt breached

Basically, i have created a small script that runs as a startup script within GPO whilst the link is up, that creates a local user account on each machine. When the Link drops and is not returned to an operation state (time period set by internal SLA's) we simply guide the local staff in logging in with the local account, and mapping drives to the appropriate machine - to enhance efficiency, you can even create a set of batch or vbs files to take care of this all for your users depending on your environment. a local logon script still runs and makes life much easier. This must be run as a startup script rather than a logon script as local users do not have permissions to create users

This runs on all local machines, uncluding terminal services, and includes the appropriate group membership for the loca user to allow both local, and TS access when no link is present.

2008 Server introduces RODC's, which will start taking care of a lot of these problems, especially for sites that may contain a local 2008 file and print server. 2008 Group Policy also allows for local user create via GPO, which will make this script redundant (yay!) and make life much easier

Here is the code that i am currently using - its simple and easy - feel free to use it as you see fit

James

DIM strUserName
DIM strFullName
DIM strDescr
DIM strPassword
DIM strComputer

Set WshNetwork = WScript.CreateObject("WScript.Network")

strUserName = "LanLogon"
strFullName = " WAN Down"
strDescr = "Local Logon Account WAN Link is Down"
strPassword = "PassWord0099"
strComputer = WshNetwork.ComputerName

Set colAccounts = GetObject("WinNT://" & strComputer & "")
colAccounts.Filter = Array("user")
result = false
For Each objAccount In colAccounts
if (objAccount.Name = strUserName) then
result = true
end if
Next

If result= false Then
set objSystem = GetObject("WinNT://" & strComputer)
set objUser = objSystem.Create("user", strUserName)
objUser.FullName = strFullName
objUser.Description = strDescr
objUser.SetPassword strPassword
objUser.SetInfo

Set objUserGroup = GetObject("WinNT://" & strComputer & "/Users")
Set objRemoteGroup = GetObject("WinNT://" & strComputer & "/Remote Desktop Users")
objUserGroup.Add(objUser.ADsPath)
objRemoteGroup.Add(objUser.ADsPath)

End If

HP ML Series Server - Unknown Devices

Kieran.Block — Sat, 28 Jun 2008 14:41:00 GMT

While installing a new server here, I came upon one of the more annoying problems in installs, missing drivers. This is a brand new HP ML150 with Windows 2003 Standard x32, I installed all the drivers that came on the support CD, and did all my windows updates.

Still, the problem remained of two unknown devices with ID ACPI\HPI0002\0 and ACPI\IPI0001\0

After much looking around, I ended up tracking the two items down - they are not located on the CDs, and one of them is not even available for download without calling HP! The files are now located here -> http://www.block.net.au/help/files/HPDrivers.zip

That zip file contains the drivers necessary for most HP Servers with this problem, including the ML150 and ML110 - the readme.txt file is effectively just the instructions of which is which.

One driver has an executable that will install it for you, the other must be done the old fashioned way.

Good luck!

Kieran

edit: Anonymous comments now disabled - sorry for the inconvenience, but thank you all very much for your appreciation :)

Server 2003 R2 - Server 2008 File Screening

James.Kindon — Mon, 23 Jun 2008 23:09:00 GMT

One of the most underused and most powerful (and awesome) features of the R2 release of Server 2003 and standard in 2008, is file screening.....This is a really really cool feature that gives you complete control of what is stored on your server - the control is unbeleivable, you can block on file types, size, user, etc

A great run through as usual from the guys on the windowsnetworking site is worth a read

http://www.windowsnetworking.com/articles_tutorials/Implementing-File-Screening-Windows-Server-2003-R2.html

Have a try of this on your own servers, i guarrantee you will find a use for it, and tie it in with storage quotas etc, and your control over your file servers takes a step in a whole new direction

James

Group Policy Security Filtering

James.Kindon — Mon, 02 Jun 2008 05:33:00 GMT

One of the common requirements of GPO is making sure it only applies to certain servers or objects, you may have a terminal server that you dont want certain GPO's being assigned to, yet this server sits in the same OU as multiple other servers that do need to GPO in question to be applied

What are your options? Basically there are two

1) Create an additional OU for the objects in questions that you do not want the policy to apply too, move the object to it (If its a sub OU then you will need to block policy inheritence from above) and you are done

In a more complex environment, segmenting OU's like this may not be an acceptable solution, so we have a second option that allows you to keep your AD structure as is, yet allows more control on which objects get what policy. This is known as Security Filtering

2) Group Policy Security Filtering

This is pretty much a self explanatory procedure. Basically, you control the security on the Policy, the same as you would on a NTFS share. You can allow or deny permissions on users and groups, to actually apply the persmission.

Best practices on this are similar to NTFS permissions, the primary being, dont use the deny permission. A basic simple set of steps is as follows

I would also reccomend using Group Policy Management Console for this task

1) Create a Group
2) Add your objects to the group (Users, Computers, Servers)
3) Create your GPO
4) Under the delegation TAB of the GPO, Advanced, Remove the groups you do not wish the policy to apply to and add your newly created group that you do want the policy to apply to)
5) Assign the allow read and apply group policy settings
6) Link the GPO to the OU that holds the objects.

You have now ensured that users within your group, can apply the policy, you have also ensured that no other objects will

Simple Yes

For the "how to" and some more in depth reading, this is the best link I have found
http://www.windowsnetworking.com/articles_tutorials/Group-Policy-Security-Filtering.html

James

Active Directory Sites and Services

James.Kindon — Wed, 28 May 2008 06:29:00 GMT

The long forgotten configuration of Sites and Services - amazing how many times its not actually configured, yet its the crux of Active Directory replication and control of rogue and uncontrolled logon traffic across your WAN links... Figured it would be a good time to document the basics on some of the configuration and why it should be done - not a hugely indepth article, but enough to give some understanding of how it works, why it should be done, and the problems you will get if you don't do it...

Enjoy

http://www.block.net.au/help/AD-Sites/

James

Active Directory & Why You Should Use It

James.Kindon — Mon, 26 May 2008 04:44:00 GMT

I banter regularly across forum posts about why Workgroups are Evil and why Active Directory is the source of all things good in the Windows World....Why do like it? Because it makes me happy....I have virtually no overhead adminstration for management of users, groups, Printers, Shares, Drives, Resource Assignment etc....Active Directory is A logical, Efficient and Easy way of making me look good in my job - And the best thing is, you can use it in any environment - from 2 users, to 50,000 users - its perfectly scalable for businesses of all Shapes and Sizes...no limits! All you need is your Server Operating System and away you go...

Need help convincing management of why you should implement Active Directory - hopefully this will help

http://www.block.net.au/help/Why-AD/

Enjoy - as always, anything i have missed, let me know

James