Mike

Mike

(0 comments, 27 posts)

This user hasn't shared any profile information

Posts by Mike

Windows 8 Server

After a great evening with James Akrigg at Microsoft on Thursday I spent the weekend really pushing Windows 8 Server.

The test rig is an HP Microserver with 4x2Tb drives and 2Gb Ram. The Ram will get increased later – but I’m to lazy to open up the case again at the moment.

Issues we are testing: Windows Distribution Server

I want to test Windows 8 “To Go” and so I need to get the installations out from the ISO files.

Gotcha: You need to install the “Desktop Experience” in order to get Win8 to mount an ISO file.

Once the server is added to the domain and WDS installed we added the files from the Win8 Consumer and Server Previews. This gives us both 64 bit and 32 bit boot environments.

Next we need the AIK – so lets download 1.6Gb of the the kit. This is going to be installed directly on the server. Usually we would install this on another server, but as the server has a limited life (I would be surprised if it did not get reformatted in the next week) we are going to throw everything all on the same box.

Now the AIK was taking forever to download so I got bored and took the files from another machine.

So with a copy of ImageX in hand I go to the WDS console and Export the .wim file I want – in this case I call it Win2GoCP

imagex.exe /apply Win2GoCP.wim 1 g:\

Give this about a week to install (it might be done before RTM on Win 8)

bcdboot.exe g:\windows /s  g: /f ALL

Now to test it.

The plan is to get rid of the ERD disks we use daily and start using “2Go” instead. Lets see how that goes shall we …

How NOT to share your screen

We have just had a sales call from YELL and the guy was really pushing and adword campaign. He even did a remote session to show us what they could do for us.

Now remembering that we are an IT company and have been building web sites since about 1993 it was interesting that he offered us so little for so much. But his biggest mistake – when he finally got of the phone – was to leave his screen share running while he wrote up the call.

We watched as he went into SAP and entered the details of the call. He was rather detailed in that he thought we needed to spend at least £1000 to get any return on an “investment” and that we would probably be out of business soon. He added that he was going to send us a follow-up email but did not expect us to take up the offer – you think?

So when using remote tools remember not to INSULT the client while they are watching.

Also – if your name is James Miller and you work for Yell and you are told that the person you insulted last time is OUT of the OFFICE – please believe us that frankly we cannot be bothered to lie to you. If you cannot leave a contact number then how can we get back in touch with you to tell you how much of a great customer services job you are doing.

Managing through a Power Outage

On Friday night (13th) there was a localised powercut at about 11pm and we got to see if all the APC kit worked as intended. In our main server room we have a number of systems including Hyper-V Hosts and NAS devices.

After first finding a candle I walked into the office heard that distinctive buzz of APC batteries off the mains. We had clusters of lights flashing in parts of the room as the workstations sat silently. After checking outside to see that the power was off in about 3 blocks all round us I went back in and wondered how the servers would cope.

A few minutes later it was obvious that this was not just a quick blip so it was time for the network to go down. At about 5 minutes the NAS boxes powered down – leaving about a half charge in the units supporting them. This is important as the devices are not active units with detailed battery status so I would rather keep them charged and under load than flat for any period of time. If power cuts were more common (which thankfully they are not) then this would have a long term effect on the life of the battery units. A full discharge seems to take a few % of the total capacity each time.

Now the servers started to busy themselves with activity. The noise levels rose as the APC units triggered the boxes to shutdown. Now if they had been all physical boxes I would have put them all into hibernate mode earlier, but you cannot run Hyper-V and hibernation on Server 2008 R2. All the hosted servers were quickly suspended and then the systems did a full managed shutdown.

With silence all around it was a good oportunity to see what re-cabling could be done, although with no mains lighting any work was not a good idea.

About an hour later the power came back on and all the servers started to roar!! Remembering that a virtual box has to startup twice I watched as everything settled down, modems, routers,l access points, NAS boxes, and even a workstation. About 10 minutes later my phone buzzed at me to tell me the email was back and flowing – now for bed.

The next day most of my servers were happy and unconcerned about the previous nights “issues”. Only one little server in the office had no APC unit (well it had but there was no battery in it!) and it complained about the power state. So with a little bit of planning I can trust the network to handle a power outage with no interaction and no real disruption.

SBS Essentials 10 User Limit

With SBS Essentials there are some specific rules:

1) Thou shalt have no more than ONE SBS Server

2) Thou Shall follow ALL the Wizards

3) Thou Shalt have no more than 25 users

4) Thou Shalt have no more than 25 concurrent connections.

Now this is all fine until you hit an error implying that you have run out of users –

[2656] 111202.065215.3944: ClientSetup: JoinDomain failed:
System.ComponentModel.Win32Exception (0x80004005): Your computer could not be joined to the domain.

You have exceeded the maximum number of computer accounts you are allowed to create in this domain.
Contact your system administrator to have this limit reset or increased

at Microsoft.WindowsServerSolutions.ClientSetup.NativeMethods.NativeMethodRetryWrapper(…)
at Microsoft.WindowsServerSolutions.ClientSetup.NativeMethods.NetJoinDomain(…)
at Microsoft.WindowsServerSolutions.ClientSetup.ComputerMgmt.JoinDomain(…)
at Microsoft.WindowsServerSolutions.ClientSetup.ClientDeploy.JoinDomainTask.Run(…)

[2656] 111202.065215.5348: ClientSetup: Exiting JoinDomainTask.Run
[2656] 111202.065215.5348: ClientSetup: Task with Id=ClientDeploy.JoinDomain has TaskStatus=Failed

At this point you count the users (in this case 20), then count the machines (in this case 16) then look at the NAS boxes (3) and start to panic.

After a bit of digging we found that there is another limit in windows of 10 users – which is tied into Active Directory. So when a user tries to take ownership of an 11th desktop the error comes up. In 10 years of installing SBS and servers we have never seen this error, but if you use the same user to add all the workstations to SBSE then you very well might.

The solution is to open up the ADSI Edit MMC Snap-in and increase the value of ms-DS-MachineAccountQuota for the domain.

http://support.microsoft.com/kb/251335/EN-US

This is a change from SBS 2003 where the wizard created the users on the server, and 2008 where the wizard running as the administrator account creates the user.

Microsoft Scams as a Service

I just call from a company called Commandra telling me that this was a FREE checkup call for all Microsoft Windows users (bless). John was ringing me to let me know that they wanted to check that my computer did not have lots of “malicious parts” corrupting it.

Now I have had a lot of stories about these scams, but I have never been rung directly so I put the phone onto speaker, got all the staff in the office to gather round and then followed his instructions.

I was first told to turn on my PC (he did not register that I was typing on my system as he spoke to me) so I went and got out a Tablet PC running Windows 8 Developer Preview. He talked me through pressing the “windows button” on the keyboard – although I explained there was no keyboard on the device. He started to get confused so I just told him I have the menu up. Next I was instructed to bring up the “Run” box and type in “Eventvwr”, which I did.

Now this brought up the event viewer which shows what alerts the system is generating and for each alert tries to provide a link on how to resolve it. Nothing major and I have never seen a machine without at least one alert or another. I was told not to click on ANY of the entries as doing so would cause my computer to stop working. I was then asked to count the number of red crosses and warning triangles that I could see. At this point John got rather excited. Apparently the Errors are “very dangerous corrupting software” and are affecting the “applications and system parts with much very badly“.

If I don’t fix these problems apparently my computer will stop working and “20 errors are enough to corrupt your computer“. Just out of interest the machine I am typing on currently has 7313 of these alerts and is working fine. I started reporting to John that I had a full page of errors (There is a smart card reader in the tablet, but the W7 drivers do not work in W8) and he started to panic. “OMG OMG OMG you have more than 50! If you don’t fix up your problems your computer will stop working. There are lots of errors and your computer has a very critical condition – it will stop working in a few days.”  

John then told me that his company can fix all these errors for FREE. It will be working like a “Brand New Computer” and he will put me through to a Microsoft Certified Systems Engineer who will help me. I thanked John for his time and was put on to Ricky.

This is great, now Ricky is going to sort all my problems. Ricky said that the computer is “affected by lots of warnings and errors and if they persist for a long time then it will stop functioning” – am I glad these guys rang me.

Ricky explained to me that once I put in the code to activate the Software Warranty on the computer then the computer will run “10 to 20 x faster“. With the help of this code all the corrupt software on the computer, scanner, camera, printer and TV will be taken care of. Also on my iPod and tablet – this sounds great.

Ricky then got me to type in the address for LogMeIn and then it came up with a screen asking for a code. Now LogMeIn is a good product, it just needs to be used with trusted people. Now to get my code I needed to speak to Prince – we’re nearly there now.

Prince said that for only £89 they would provide 1 years software support for all machines in our household. I asked what happens if we get disconnected and he said just to ring him back on 0191 645 1644 for all free support and ask for Prince – strange that they didn’t sound like they were in Newcastle, more like Mumbai.

Now I do have a few servers that need reconfiguring and while that price did seem attractive I did not want to hand over my credit card details at that point. Prince then told me “Don’t worry, we use 256bit encryption and are covered by the trade descriptions act so its very secure. All data is recorded.”

I did think about letting them struggle for a while trying to get an ActiveX plugin to install on a browser which does not support it, and it would have been great to see their faces when they hit the Windows 8 start menu remotely. It was time to end this. I was asked for a name and an email address, so I gave a false name, but a genuine email address, so lets see if anything arrives on that for me. I then put the phone down and had a quick conversation with a) the police, b) the Microsoft Partner team.

So if you get a similar phone call then by all means see how long you can stay on the phone. Or if you get free local calls then why not give them a ring and ask them to fix your computer remotely before you wipe it.

I really do hope they ring back, that way I can get a Terminal Server box ready so I can record what they do.

 

SMB MVP Community Roadshow

We have been proud to assist in the organisation of the SMB MVP Roadshow which landed in Edinburgh this week.

Taking over the Corn Exchange for the day we had about 50 IT professionals from as far as Aberdeen and Liverpool attending to give our visiting MVP’s a warm welcome.

The tour now continues across Europe and America, so if you missed it then check out the details at http://mvptour2011.sbsmigration.com/

 

SBS Virtualisation – the hard way …

So the Raid 1 pair on our main server (sbs08) had an error – which got worse when the UPS failed in a spectacular fashion resulting in the rebuild sticking at 99.83% for a week. This would have been fine it not for the fact that everytime the backup process ran it triggered alerts every 4 seconds as it tried to read bad sectors and before long the server was out of action for all network traffic.

At first we tried Disk2VHD from sysinternals, but after a few attempts it would not sucessfully copy the partition with the bad data on it. So we did a bit of pruning, moved out all the data files we could and then moved other non-core files (like WSUS). Disk2VHD still failed so we needed a different approach.

Now to try with shadow protect. Using the IT edition we were able to image the drives, but again the 2nd partition (the one with exchange on it) got stuck. After waiting for 2 hours for ShadowProtect to try and complete the data transfer rate had fallen from “30Mb/s with 10 sec to go” to “8Kb/s with 3 sec to go”. It was time to accept some data loss and we quit the process. We then ran the .spf to .vhd conversion tool and hit a new problem – a corrupt .spf.

From the command line you can run shadow protect to convert a corrupt image from one which has no EOF to a brand new one which is closed at the end – although there is a good chance of data loss. Based on the data rate above there should only be a loss of 24Kb out of 600Gb – not that bad.

So now to bring up the 2 new drives in a virtual machine and wait while all the drivers get installed. This always takes a lot longer than you think, but after about 30 minutes we had the correct drivers installed and all the missing hardware removed. Now this should have been it, email was now flowing and network traffic was resonable, but there were a lot of errors in the log.

While this was a really messy migration it left a lot of issues with no apparent cause. The companyweb site would not come up, and the monitoring database would not start. The resolution took the best part of another day and the highlights were:

1) certificate managment database got corrupted – we brought up the old server in isolation and migrated across.

2) Microsoft##SSEE database corruption – one of the internal tables got corrupted and needed overwriting with a known good copy.

3) All the networking tweaks the BPA recomend had to be re-done. These seemed to have been re-set when the network cards were replaced with virtual cards. Running the wizards again seemed to fix all of this.

Only a Rootkit?

Every day we are seeing machines with more and more insidious spyware and some items are rootkits. We are getting machines handed into our Edinburgh workshop all the time in various states of infection. A rootkit is a program designed to silently take control of a machine and then do whatever the installer wants on that machine.

Today we saw our first rootkit on a Vista box, but this was on a box without patches. So how did we deal with it?
1) Identify the cause – we have a name, type and filename
2) Analyse the symptoms – we know what to expect on the machine
3) Design a solution – after running all the usual removal tools we patch with about 1Gb of patches, 2 Service packs for the operating system and patches for Office, Firefox, iTunes, and lots of other programs.
4) Implement the solution – we get to work as planned, after this we delete all non-essential files and scrub the remaining space. Even at this stage the rootkit may become active again.
5) Evaluate the solution – this is the most important part, can we now trust the machine?

With monitoring in place we can watch for all internet activity on the machine, both incoming and outgoing. Updated antivirus and firewall software is installed and then from another machine all internet passwords need to be changed. If the machine is proved to be clean then we can keep on using it, otherwise it’s time for a reformat – but even then the machine still needs watching.

What is really important in this situation is not to panic and for us as the professionals to have a proper plan.There is no product out there that can prevent this sort of thing happening as long as end users can be tricked into installing unknown software.

With our managed clients we monitor every file change on every system which gives us warning if unexpected things happen. This week there will also be a bumper crop of patches for servers and desktops, so a busy week all round.

Windows 7 and Virtualisation

Now that Windows 7 is now almost fully ready to go we are getting asked about the system requirements.

While the requirements for basic functions are similar to Vista, the reality is that with a more substantial machine you will get a much better experience. Now with the new version of Virtual PC there is a REQUIREMENT for hardware virtualisation support. What is interesting about this is the number of systems an processors that do not support this.

So far we know that every machine we have supplied with Vista has hardware virtualisation support, but we are finding out that a lot of other people have not been so lucky. Most of the cheap netbooks do not support this as do some of the cheaper models from the popular brands.

We are now moving to a point where we have more Windows 7 systems than Windows XP systems across our offices and it has been an interesting migration. Now the technologies of Windows Server 2008 are starting to shine and there are some interesting performance gains.

The next step is to wait for the public Beta testing of the next version of Office as that will have another major impact on our clients.

IE7 Security

It’s not very often that it happens, but when Microsoft stops everything to work on a security issue then we should all take notice. http://www.microsoft.com/technet/security/bulletin/ms08-078.mspx

So what do we do? Well within an hour of the release we started to deploy it for testing internally and after some testing we continued to deploy the patch to all out clients. The result will be that within 12 hours all our clients will be patched (desktops at least) and their servers will get the patches out of hours.

How can you tell if you are patched – well when did you last rebot your machine? If it’s before the 17th December 2008 then you’re not protected. If you patch and you machine says not to reboot, then reboot anyway.

So with engineers patching away on systems (most within a 200 mile raduis) we can relax again and keep an eye out for the next time.

Mike's RSS Feed
Go to Top