About a year ago or so, I tried to enable SNMP monitoring on m SonicWall TZ170. SNMP is useful for monitoring things like bandwidth usage (by port… so in the TZ170’s case it would tell me how much traffic this hour/day/week/month/year/etc had been funneled through the LAN connection and each of the WAN connections) I wrestled with it for a week or so, failed and gave up. I read the documentation, I configured everything correctly (according to the docs) and… nothing.

Earlier this summer, my TZ170 started flaking out. It would stop responding (like a reboot) for 30 seconds or so. Two times this morning, another time in the afternoon, again overnight… and when it did it took down both internet connections, incoming and outgoing email and all the inter-office VPN links. Not a great situation. By the time anyone noticed and called, it would be back up again. The TZ170 has been discontinued for awhile now, and I wasn’t even able to get any more from a used/recertified reseller in California that had kept me going for awhile. Fortunately, the newer TZ210 is backwards compatible with the TZ170s AND I was able to take advantage of the competitive upgrade to get one cheap cheap, if I signed up for three years of SonicWALL services (content filtering, gateway antivirus, etc).

The TZ210 is great. Each of it’s 8 ports can be configured as a LAN or a WAN port which gives you a lot of flexibility. With the help of a local Sonicwall Partner/technician we were even able to export the settings on the old TZ170 and import it onto the TZ210 and then just re-configure a few things and be back up and running in an hour or so, rather than a day or so of re-creating all the settings and VPN tunnels manually. We even upgraded the VPN tunnels to a better encryption scheme and documented everything (now where did I save that text file…)

Now that I had 8 more-configurable ports, I decided to give the SNMP monitoring another shot. I installed PRTG freeware version on a spare computer, downloaded the MIBs from SonicWall’s support site and then converted/imported them into PRTG as OIDs (Most of these TLAs are beyond even my knowledge…) I added a new device in PRTG and then attached some sensors to it… I gave it the IP address of the SonicWall TZ210, selected SNMP and… it failed.

I went into the SonicWall web interface and confirmed that the network interface’s properties had the SNMP checkbox checked, and that on the Administration tab, that SNMP was configured and had the IP address of the PRTG computer entered and that the community string was set correctly, but it still failed.

Using some of the PRTG testing tools, there was flat-out no response from the SonicWall on port 161 or 162 (the default SNMP ports). Without breaking out a packet sniffer, I deduced that the SonicWALL was dropping the packets. I went to the Firewall config and added a rule allowing LAN to LAN using protocol SNMP. Still nothing.

At that point (late last week) I gave up (again). I did some Googling and came across a couple of entries on Experts Exchange, but even though I have a login it wouldn’t show me the answer, instead telling me I needed to become an expert or pay $12.95/month to see the answer. Lame. That’s new…

I bitched about it on Twitter, stating it was too bad that I couldn’t automatically append a “-Experts-exchange.com” to all my queries to make sure I didn’t get any (now useless) search results from their site. Someone responded that if you follow a link from Google or Bing directly to Experts-Exchange, it will show the answer if you scroll down past all the ads… which is the behavior I was used to, but wasn’t happening on these particular articles.

I tried the SonicWALL forums, and people were using SNMP, so it wasn’t broken or anything… Ultimately I opened a support ticket with SonicWALL (hey I paid for 3 years of it, may as well make use of it!) and they called me first thing this morning and got it sorted out.

I'm not sure if SonicWALL does things differently from the SNMP spec… but then again I’m not an SNMP expert who would know the difference. Here’s the gist of what Darshan the tech went over with me:

• You DO need the IP address of the system/software that’s monitoring the SNMP does have to be entered on the SNMP configuration page.
• You DO need the checkbox on the network interface page does have to have SNMP checked.
• You DO NOT need to create a firewall rule allowing SNMP traffic from LAN to LAN on the firewall. When it’s configured correctly, it auto-creates one that you can’t change.
• You DO have to use the SonicWALL MIBs that are specific to each model of firewall.

We did end up doing a packet capture and seeing that the SNMP packets were being dropped, which led us back to the Firewall config page and removal of the custom firewall rule. Once we did that (and I think this is the key) we removed the SNMP checkbox from the interface config, let the firewall save/update it’s settings and then re-enabled it. After that, PRTG magically worked.

Now I just have to figure out which settings and ports I want to monitor and get those set up in PRTG!

I’ve written before about what a huge, horrible, steaming pile of horse shit you have to wade through to install a 32-bit (x86) driver on a 64-bit (x64) server. It’s SO counter-intuitive it makes me want to scrape my eyeballs out with a grapefruit spoon and then chop off my fingers so I won’t be able to see a computer or type ever again.

In a nutshell, you need to have a 32-bit client running Vista or Windows 7, install “the full meal deal” printer driver on that client, THEN connect to the 64-bit server’s printer share (\\server\printer) and then tell it to use the existing driver. That will then UPLOAD the driver from the client machine to the server and make it available to other 32-bit clients who try to connect to it.

Today I’m in the opposite situation. I PURPOSELY set up a 32-bit Windows Server 2008 (not R2, which is 64-bit only) to run my print queues because 99.9% of my network is 32-bit Windows XP clients and I didn’t want to have to go through this rigmarole for every single one of them. *MY* laptop, however is running Windows 7 Professional 64-bit and it’s unable to connect to the shared printers on the 32-bit server.

Rather than duplicate the steps above, since I was feeling saucy and experimental, I went the other(old) way around. On the 32-bit server, I opened the printer properties, went to the sharing tab and clicked on Additional Drivers. I checked the 64-bit box and it asked me for a driver. I clicked Browse. I navigated to the folder where I had the 64-bit driver .inf file for the printer, selected it and clicked OK.

Fast-forward a few seconds and the window closed, and the box was checked. Just like that. Just how it USED to be in older versions of Windows Server. I went back to my laptop, tried to connect to the printer, and this time instead of failing and saying “Driver Unknown” or even worse, the  0x0004005 error which is one of the more generic error codes you’ll ever see. (I always thought it was “Access Denied”, but that’s just ONE of the errors it COULD be.) Up came a NEW dialog box. Do you trust this printer driver? Yes, of course I do. Just like that, it mapped the printer, using the 64-bit driver on the 32-bit server.

If it’s so bloody easy to do that with a 64-bit driver on a 32-bit server, why the HELL is it SO difficult and bass-ackwards to do it on a 32-bit driver with a 64-bit server??

Last Friday, one of the workers here in the office came over to me and said that he got an error in his inbox about a message that had been delayed. Not permanently, just delayed. I said OK, leave it, it’ll retry again for the next 48 hours and looked into it.

I connected to the Exchange 2010 server and opened Exchange Management Console and went straight to the Toolbox and clicked on Queue Viewer. There they were, pretty ducks all in a row all with DNS FAILURE errors. Huh. Interesting. I saw this happen once before when we were setting the server up. The DNS server it was set to use was offline, so no DNS resolution meant it didn’t know where to send the mail. Thinking this was the case this time, I checked the Network Adapter settings and saw that the preferred DNS server was the other VM “next to” the Exchange 2010 VM and the secondary was set to “my” DNS server here in my office.

I checked my DNS server first, just to make sure the service was running, and it was. I then checked the DNS server that was it’s primary and it, too, was running. Mystery. Nslookup queries failed and timed out even for common domain names. Not good. This was happening on both DNS servers.

I called in a support ticket (this was Friday at 4:00) and found out that the Exchange SysAdmin was on vacation and not back until Monday, and he was being covered by another Exchange SysAdmin on East Coast time. She called me back about 20 minutes later and we worked on it for a good 40 minutes with no resolution. She figured that since the DNS server was rebooted, it had been unable to contact the

PDC role holder and authorize/activate itself and that there must be a problem with the VPN between my network and hers.

This seemed like a valid diagnosis, as the other Administrator here at work told me that our router had been failing every 30-40 minutes, but recovering after a minute or two and was obviously dying. Yikes. This caused a little panic as ALL my sites use the same router/firewall and they’re discontinued and I hadn’t yet created a contingency plan to replace them.

She escalated the ticket up to tier 3 networking support, who tested the VPN and said that everything was up on their end, but they couldn’t ping my side of the VPN, therefore there was a problem with the VPN and it was on my end. (naturally). I don’t know too much about the router/firewalls we use here, I’ve been slowly learning as I went, but diagnostics and troubleshooting was beyond the scope of my knowledge beyond “well the blinky light is green, not red, so it’s up”.

Further compounding the matter was that this VPN was temporary, because we were switching it on Monday from an Internet VPN to a private, routed DSL connection into their MPLS network. That ADSL modem was plugged in to power and phone, but not into the LAN as it was just for testing.

At some point over the weekend, one of the emails from their networking people said that they could ping as far as 192.168.0.252 but no further. This was when the light bulb went off in my head. .252 is the address of the new ADSL router, NOT the VPN endpoint! Their network techs were trying to reach my network via a device that was physically unplugged! I thought it was odd, since I was connecting from home via VPN through the same device and it was up.

Monday came and I plugged the DSL modem into the LAN and disabled the Internet VPN connection from my network to theirs, created a new route for all traffic destined for their network to use this new gateway and everything seemed to be working. Outlook clients in my LAN segment were connecting via the MPLS network, verified by the IP addresses on a traceroute… I could Remote Desktop the virtual servers in their network… everything seemed to be working, but their network guys could still not ping my LAN from the MPLS gateway, even though I could ping back to my network from the Virtual servers (which was the important part anyway) so that left me with the DNS problem, which was still ongoing and some people were now starting to get NDRs because the 48 hours had timed out.

I started with my own laptop, and did an nslookup query. request timed out. Damnit! I checked the DNS server, the service was running, I restarted it, it still failed. I looked at the event log and there were a bunch of “DNS server encountered an invalid domain name” errors, but the errors were coming from all these weird IP addresses that were not in my network. I then thought that perhaps it was the forwarding that wasn’t working, based upon a few results that came up when I searched that error message online. I checked the forwarders on my DNS server and found that they were set to use two Shawcable.net servers, one of which resolved to a hostname and both of which did not respond to an nslookup query. How on earth did I end up with two (seemingly) random Shaw Cable DNS servers for my forwarders when I have a Telus ADSL connection in this office? that could explain why they didn’t respond; my IP address wasn’t in the Shaw Cable network!

I changed the two forwarders to 208.67.222.222 and 208.67.220.220 which is OpenDNS. I then restarted the DNS Server service and BAM! nslookups all worked. I then went back to the Exchange server and tried again. Still failed. OK, I have an idea of what’s going on now, so I connected to the DNS server there and checked it’s event logs. Similar messages, different addresses. I opened the DNS snap-in and went right to the forwarders. The two forwarders on this server were two Telus servers! This was a co-located (sort of) Virtual Server within an ISP, so how did I end up with Telus servers there?! I changed those two forwarders to OpenDNS and restarted the DNS Server service and as I was opening a command prompt window on the Exchange 2010 server to try an nslookup again, I could see the emails in the retry queue (which was still open) begin to flow out. I tried nslookup queries on a couple domain names that I knew were in the retry queue and they all answered lightning fast as non-authoritative responses.

SO in the end, I figured it out myself, but the million-dollar question that I can’t answer is HOW did my local DNS server get a Shaw DNS server as a forwarder, and how did the VM DNS server in the datacenter get a Telus one??

Two lies for the price of one!

This morning I took a new server out of the box for a small branch office. It’s an HP ProLiant ML150 G6 tower server: Xeon Quad-Core processor, 2GB RAM and a 250GB SATA HD. I also upped the RAM to 4GB, added a 2nd 250GB drive and a pair of 500GB drives to give me a RAID1 array for the OS & Apps and a RAID1 array for the data.

Once I configured the RAID arrays, I booted using the Easy Setup CD. The Easy setup CD is something that HP and Dell (among others?) send out with a server to speed up and make life easier on the person installing Windows. It’s Linux based and walks you through picking a drive to install it on (the HP one even comes with an admin tool for the SATA RAID controller to configure those if you hadn’t already done it in the BIOS) and then provide your Name, Company, Product Code and which version of OS you’re installing from a list incl Windows Server 2003, 2003 R2, and 2008 and different flavors (32-bit or 64-bit) The Dell one goes even further into pre-configuring IP addresses and even joining to a domain. Once it has all the information it needs, it creates partitions and copies/pre-stages drivers from the CD to the hard drive so Windows Setup knows where to find it and can “see” your drives on your RAID controller.

I went through the steps and when it came time to choose an OS, Windows Server 2008 R2 was not on the list. I figured Windows Server 2008 x64 was the closest thing and chose that. It did all it’s gyrations and then prompted me to insert the Windows OS disc. I put in my Windows Server 2008 R2 disc and… was rejected. Odd. I tried again, same response. “Please insert the Windows Server 2008 x64 OS Disc”.

At that point I realized that it was looking at the volume name on the disc and whatever my disc was, it wasn’t what was expected. Le Suck.

I got on to HP’s support site to find an updated Easy Setup CD, and eventually found the right page, but it only lists Server 2008, not Server 2008 R2. Lame. I kept looking and searching and ultimately hit the Support Chat button and got an HP Tech Support agent on the line. I explained to him my predicament and he sent me a link back to the page I was just looking at. I knew it was the same page, because the link was purple instead of blue. (ie already visited)

I explained that I already looked at that page and it wasn’t what I was looking for. Then he decided that I must have had a 2008 R2 Hyper-V error and pushed me a link to an MS KB article  that had 3 steps: 1) disable hardware virtualization. 2) install this hotfix. 3) re-enable hardware virtualization.

I calmly explained that I didn’t have Windows installed yet, so how could I possibly install a hotfix? He said I should download it, burn it to disc and then boot off the disc and apply the hotfix. I re-iterated that I did not have Windows installed, so there was nothing to patch with the hotfix.

“OK, skip step 2 then”

Riiiiight. so that leaves me with “disable hardware virtualizations” and “re-enable hardware virtualization”. Since I hadn’t turned it on yet in the first place, it was still a moot point and told him so. He had reached the end of his flowchart now and didn’t know what to do next.

At that point I booted off the Windows Server 2008 R2 disc itself and-as expected- it couldn’t see any drives. I downloaded the SATA RAID controller driver, extracted it to a USB flash drive, jammed it in the server and clicked “load driver”. I pointed it at the folder and it found a driver for an HP BI110i Embedded SATA RAID controller. Jackpot! the drives showed up, but… Windows could not be installed on the selected disk.

After searching Google with the error number that was presented, it turned up some “Windows 7/2008 R2 can only be installed to the first boot device/C drive” so I went back into the BIOS and RAID setups to make sure that Disk 1 was the first device. It was.

I got back up to the Load Driver screen and noticed that my USB flash Drive was designated C:, the DVD-ROM drive D:, Disk 1 Partition 1 was E:, and the WinPE boot drive X:. I deleted the partition on Disk 1 and tried again. Same thing.

Finally, I booted back again without the USB drive, waited for the Load Driver screen to show, clicked Browse and THEN jacked in my flash drive. It showed up as C. I picked the driver and loaded it, and then removed the flash drive, waited 5 seconds, just to be sure, then clicked “Disk 1 Drive 1 Unallocated Space”, held my breath and clicked “Next”…

It worked.

Windows Server 2008 R2 is now installed on my new server and I’m running through Windows Updates and configuring it to be part of my network. Had I done what I knew worked to begin with, I’d be sippin’ a margarita by now but instead I tried to do things “the HP way” and it wasted my lunch hour and most of the afternoon. The Easy CD way (if it had worked) would have been equally quick.

It galls me that a company the size of HP, with the volume of servers they sell, hasn’t released an update to their software yet. Windows Server 2008 R2 was released to manufacturing in June 2009 and went on sale October 2009. It’s almost June 2010 and they still have not addressed this yet. What makes it worse is that this entry-level server is aimed at the segment of the market that doesn’t really have their own IT departments that would be able to figure this out on their own.

I think I’d like that margarita now, senor, por favor!

There are a lot of blogs, classes, tutorials, how-tos, workshops, links and opinions on how to best deploy Windows 7 using the new Microsoft Deployment Toolkit 2010. What there’s a distinct lack of is how to make these tools work with XP which most of us are still using. I am planning to move to Windows 7 x64 later this year, but we have a software dependency on 32-bit Windows that we have to get past first (and no, Windows XP mode won’t cut it for this app)

I spent most of yesterday downloading software and patches. the Windows Automated Installation Kit 2.0 (which supports Win7, 2008 R2 and back to XP) was a 1.7gb iso file which took a couple hours.

Eventually last night I was ready to start the capture of an existing Windows XP box that I could then deploy to the other new machines.

This morning I tried to do it and it failed. I assumed it was permissions-based since the error was 0x00004005 which I know from past experience is “Access is denied”. After sorting that out, it still failed. Trolling through forums from a Google search, I found some people were able to get it to work by using the IP address of the deployment server, or sometimes the FQDN, rather than just "\\server\share$”

I rebooted, opened Windows Explorer and navigated to \\192.168.x.x\share$ and when it asked me to authenticate (because this is a workgroup computer and the share is a domain resource) I entered my credentials and then I double-clicked the litetouch.vbs script to kick off the imaging process. This time it seemed to work, it downloaded the WinPE files needed, ran sysprep and then rebooted to capture the image… except that’s when it failed.

Digging into the winpeinit.log I saw that there’s no NIC. Awesome. Great. I figured that the driver for the NIC would be part of the Windows image, but I overlooked the fact that the WinPE boot-time would also need the NIC in order to connect to a network share and create the disc image there, and the new machines would need the NIC driver to connect to that same share and copy the image down to the local computer.

No biggie, except that the computer is now stuck in a loop booting into WinPE rather than back into Windows XP. I injected the driver for the NIC into the deployment share’s Out Of Box Drivers and rebuilt/updated the deployment (which also adds the NIC driver to the winpe.iso file). All that’s left to do now is to PXE boot the machine which will download the new winpe (now with more NIC flavor) and start over… except now my PXE server isn’t configured properly :p

How come a “printing system” has to be a 300mb download or CD ordered by mail? I’m all for having that as an OPTION, but for servers and for shared printers, all I need is a driver and that can probably still fit on a floppy disk… if my computers and servers still had floppy drives, but that’s another post!

I already posted about 32-bit printing in an increasingly 64-bit world, and my medium-term solution for that was to stand up a 32-bit Windows Server 2008 VM and use that as a print server.

This post is the next step: printer drivers. Specifically migrating printer drivers from one server to another. For the small amount of printers I have to manage (three printers and two plotters in this office) or even the amount of printers (queues) at my last job (about 40) it’s not so difficult to do it manually. I did just that when we moved into a new building at my last job and stood up a VM just for print queues. Pretty straightforward, really: download the latest printer drivers from the manufacturers web site, unpack them to a network location, Add Printer from the printers window/control panel, new local port, new TCP/IP port, punch in the printer’s IP address, have disk, browse, click, select… done. 40 times. A wee bit time consuming. For this migration here I only had the six, so it should be even easier. But what if the newer version of a printer driver doesn’t work properly with your as-configured software?

That’s where I am right now. We have a Kyocera CM3232 photocopier/printer/scanner/fax. It’s a big one with it’s own onboard cost accounting and “proper” network scanning & faxing. It does color and black & white and prints on up to 11x17 paper (although not borderless printing). On the old OLD server, printing CAD drawings from Acrobat Reader plots properly. On the new-old server, it didn’t. There were some weird issues where drawings would not be rotated based on the settings you selected in Acrobat, but if you left Acrobat’s settings on Portrait but clicked Advanced Print Properties and changed it to landscape on the driver settings, it would work. Not very intuitive and sure to be the cause of plenty of helpdesk calls.

We tried a different driver, we tried an old driver from a CD that presumably came with the printer and nothing seemed to work. In the end, I re-pointed everyone’s printers back to the old server and removed the queues from the new-old server… but that old server isn’t going to last much longer and it’s not easy to find parts for an old IBM X-series Pentium III tower server, and having a single Windows 2000 Server in the mix is also holding the rest of the network back.

The new-old server blew up in December. No big deal for printing, but HUGE FUCKING DEAL for everything else. I managed to get it up and running again, Frankenstein-style and convert it to a virtual machine before shutting it down for good and sending the carcass to the recycling center.

That new one is here, and one of it’s roles is hosting a Windows Server 2008 32-bit VM for print queues, so I’m back to trying to make the new server play nice and plot drawings properly… the Windows Server 2008 driver for the copier is doing the same weird things the 2003 driver was doing… If only there was a way to migrate those queues, drivers and ports over to a new server… oh wait! there is! Hallelujah I think I hear a choir of angels singi—wait, what? that only really works for moving from NT4 to 2000? It wasn’t really updated for 2003, 2003 R2 or 2008? The tool has been retired? Oh good grief!

Fortunately there’s a new version built-in to Server 2008 and Server 2008 R2. You access it from Print Management Administrative Tool, as opposed to the Printers control panel applet. From there you can add the old server as a network print server, right-click it and export printers to a file… then right-click your new server and import printers from a file. I’m in the process of doing that right now, and will be testing it with CAD drawings later today. Fingers crossed.

(or a 64-bit domain anyway)

Hooray! 32-bit is dead! Long live 64-bit! … … … not exactly.

While there are more 64-bit machines out there now than there were a year ago and tons more than a few years ago, a lot of businesses are still firmly entrenched in 32-bit Windows XP. I know we are.

We’re a pretty good example of someone who SHOULD make the leap to a 64-bit OS. If there’s one segment of the market that supports 64-bit and is extremely memory-hungry, it’s CAD work. And we’re all about CAD work. I’ve recently upgraded all the computers to 4GB of RAM and standardized them on one video card (nVidia Quadro FX 580 512MB), they’re not taking full advantage of that 4GB of memory because the 32-bit XP Professional can’t address it all. Even with the /3GB switch in the win.ini file, that just means acad.exe can use more than the 2GB limit per process… but I’m getting off topic.

When I started here in Q4 of 2008, I took one look at the “datacenter” and my jaw dropped. The main file server was an old IBM x-server with a Pentium III and a whopping 768mb of RAM and a couple 160GB hard drives in RAID1. The web/intranet server was an even older one. Both were running Windows Server 2000. The Domain Controller was newer, it at least had Windows Server 2003 on it, but it was consumer-grade, non-redundant components in a 2U rackmounted case.

Before Christmas rolled around I had replaced the ancient file server with a pair of Supermicro SuperServers with Quad-core Xeons, 4GB of RAM and 5x1TB SATA2 drives in RAID5 configurations and added an LTO-4 tape backup to the mix. Between Christmas and New Years, the web server died so I replaced that one with another Supermicro identical to the first two, but with just 2x250 and 2x500GB drives in RAID1. All of these servers were running Windows Server 2008 Standard x64.

This led me to a major problem: I was able to install printer drivers for each of the printers on the servers themselves, but with the 64-bit drivers. Client computers (XP Pro SP2 x86) tried to connect and failed because they couldn’t use the 64-bit drivers. In the old days, you could go to the sharing tab of the printer properties and click “Additional Drivers” and that was pretty much that, but cross-architecture is a little more squirrelly, and the solution is counter-intuitive.

Here is how to provide a 32-bit driver in the Additional Drivers page on a 64-bit server:

Step 1: Install the 64-bit driver on the server itself and make sure that you can print.

Step 2: On a 32-bit client (I used XP Pro) download and unpack the drivers for the desired printer (in my case it was an HP Laserjet 4600).

Step 3: Open Windows Explorer and navigate to your printer share: \\64-bit_server\ and then double-click Printers and Faxes.

Step 4: Right-click the desired printer and  select Connect. It will do it’s thing and then Uh-Oh.. where’s the driver? It will ask you to provide a driver. Browse to your local folder where you’ve stashed the .inf files for the printer and let it install. Print a test page to make sure it’s working on your computer.

Step 5: On the server, right-click the printer you just added and select Properties. Click the Sharing tab, and then click the “Additional Drivers” button. Click to check the “x86” button for 2000/XP and click OK. The server will then request the x86 versions of the files FROM your local workstation and upload them TO the server.

This is the back-asswards part that tripped me up. You’re actually uploading the driver TO the server so it’s able to them DOWNLOAD it to OTHER x86 clients that request it.

Step 6: Click ok, ok, ok, all the way back out and you should be good to go.

Dingle Dangle Dongle… I’m Robert Goulet! doo da deee da dabba doooo

Seriously. It’s 2010. Who still uses Parallel port hardware locks? For that matter WHO STILL USES PARALLEL PORTS?

One of our (I thought older) software packages we use where I work has a parallel port dongle. Dongle not there? No design software for you!

What happens when you upgrade someone off some ancient AMD Athlon to a newer computer from the last few years? one that doesn’t even have a parallel port on the back anymore? Well… not much! But wait! there’s USB! People still make and use USB dongles! We’ll just ask the vendor to replace it! What? No? You don’t have anymore? But the software is still supported isn’t it? Yes? Well what happens if someone loses their dongle? What if there’s a fire? They’re SOL? Maybe? Who knows.

Eventually someone got back to us and said that since version 10.1 you don’t NEED the dongle anymore. We’re on 10.7 so we should be OK without it… right? No?

OH, you mean we have to completely uninstall the whole thing, then re-install from the non-customized version on the DVD, and then apply eight service packs plus our customizations? Sure no problem! I’ll get right on that! I didn’t have anything to do all day, nor did the operator who’s computer is out of commission all day now, either!

WSUS is a pretty cool piece of software. Basically it acts as a “Windows Update” server for your network. Rather than have all your computers download the same updates each from Windows Update, your WSUS server dowloads it once and then distributes it to all the computers that need it over your LAN connection which is much speedier than 99.9% of the internet connections out there. It also gives you a single place to go to and approve updates. Heard bad things about an update? Don’t approve it for installation and it won’t make it’s way onto any of your machines until you do (or they release an update to supersede it). A nice solution for small and medium sized networks.

You can extend it out to different geographical sites, too. Using a downstream replica server, you can have your server in another office “take it’s lead” from your server and either download the updates from you, or (and this is cool) only download updates that you’ve approved on your server from Microsoft’s servers. If you have a metered or slow connection between the offices, this is a great solution. You still only have one place to approve/deny updates, but you don’t chew up bandwidth pushing the updates from Office A to Office B.

This is the setup that I have. I have six offices (and two satellite offices but they’re not part of the corporate network) and aside from head office, there’s only one server in each location. These servers are Domain Controllers (for logins & resource management), WSUS downstream replicas for Windows Updates, and File & Print servers for that office.

WSUS uses Group Policy Objects (GPOs) to configure your clients (XP, Vista, Windows 7, Server 2003, 2003 R2, 2008, 2008 R2) to look at your own server for Windows Updates, as well as how often to check, and whether or not to allow the users to defer a restart so as not to interrupt them in the middle of something. Here’s where my setup gets trickxy.

I have a GPO called WSUS-Office A that I apply to the Active Directory Site called “Office A” so anyone who logs in at Office A will have their Windows Update Automatic Updates (WUAU) client pointed at the local server. Other offices have their own GPO assigned to their sites to keep everyone looking at the closest/fastest server/connection.

The hitch I ran into today was with my servers because of the Out Of Bound security bulletin released by Microsoft today for MS010-002. Because of the Big Scary Crisis surrounding it, and the fact that it was listed as Critical and affecting IE 6, IE7 and IE8 on Windows 2000 SP4 all the way up to Windows Server 2008 R2, I manually synchronized my WSUS with Microsoft this morning, downloaded the updates and approved them.

I also did a dirty thing to my users: I set a deadline in WSUS of noon today for the installation. That means that they’ll be notified of the download, and if they click the little yellow shield it will install it and then say “Time to restart!” but they can click Restart Later. Once the deadline passes, however, they don’t have a choice. the window comes up and says “restart your computer or I’ll do it for you” and starts a 15 minute countdown timer. I don’t do it often, so they know that I only do it for “critical” updates. Plus I emailed everyone last night and told them it was happening and posted it on the Intranet as an announcement. This morning they all got a second email that it would happen shortly.

Where the patch wasn’t installed was on some of my servers. Some of them got the update, and some of them installed it and rebooted without warning (oops, but they were warned). I started looking into why some of the servers installed it and some didn’t. My first thought was that the Server 2003 servers did but the Server 2008 & R2 servers did not. I thought perhaps that the GPO didn’t apply to/configure the Windows 2008 clients, but that was wrong, too.

Finally I compared a 2008 virtual machine’s Windows Update screen (which wasn’t working) to a 2008 physical machine’s Windows Update screen (which was). The 2008 VM said “You receive updates: For Windows and other products from Microsoft Update” and the 2008 host said “You receive updates: Managed by your System Administrator” Further investigation into the registry (HKLM\Software\Policies\Microsoft\Windows\Windows Update\AU\) showed that the settings that were specified in the GPO were applied to the 2008 Host, but not the 2008 VM.

It then dawned on me that the difference between the two was the host was a member server and the VM was a domain controller. That led me to GPresult and Group Policy Modelling. Using the DC and Administrator accounts, the GPO (identified by a GUID rather than it’s name) that was applied to the site was denied application due to SOM (Scope of Management).

I expanded the forest folders and drilled down to the Domain Controllers OU and saw a blue exclamation mark on it. Blocked Inheritance. That meant that the Domain Controllers OU was going to not inherit any settings from GPOs ‘above’ it, including sites.

So my choices at this point are to remove the block and let everything apply to the DCs. Not a very good idea. There were three policies which would have applied to the DCs: the Default Domain Policy, Remote Desktop Policy and Office 2007 File Format Policy.

The Office 2007 File Format Policy is tame, all it does is make the default filetype for saving the Office 97-2003 compatible instead of the new .docx, .xlsx and .pptx formats. Remote Desktop Policy is equally benign. It’s denied to Domain Admins and auto-disconnects clients from Remote Desktop after 10 minutes of inactivity so it wouldn’t really apply anyway.

The Default Domain Policy had a fair amount of settings in it though: Firewall settings, password policies, that sort of thing which I don’t necessarily want to apply to my Domain Controllers.

SO, removing the Block Inheritance setting probably wouldn’t be a good idea.

The other thing I could do is apply the WSUS-Office A policy to the Domain Controllers OU. It would get around the Block Inheritance issue without applying the default domain policy to them, but it would also “point” each of my offices’ Domain Controllers back here over the slow, metered internet connection. Not ideal either.

The other thing I could do is copy each of the WSUS-OfficeX policies and then apply ALL of them to the Domain Controllers OU and use filtering to make sure that each office’s policy only applies to that office’s WSUS server. That doubles the amount of work I’d have to do if I changed one of the servers though, and if I forgot, it would mean that one of the Domain Controllers was pointing at a non-existing Update Server which could leave it unprotected/unpatched. Guh. Meh. Not ideal.

SO that’s where it stands now. I haven’t done anything yet. I’m remembering in the short term to manually check the DCs for Windows Updates until I can come up with a little more elegant solution to the GPO filtering situation.

(This is a crosspost from the Autodesk Discussion/forum website that I was participating in)

Since I started here 15 months ago, I've been wary of messing with NLM because I didn't understand it. I still don't know all of it, but I know a lot more thanks to Travis and the rest of the contributors NLM isn't as big of a scary monster as it was before! There were Group Policy entries in my domain that were specifying an environment variable for the local license server (distributed model) by IP address, and then the next biggest office as a secondary, and third biggest as tertiary--by IP address. So for example if you logged in to a computer in site A your environment variable would be ADSK_FLEX_LICENSE=@192.168.1.2;@192.168.2.2;@192.168.3.2 It worked, it was working, so I had no motivation to change it.

While checking some things out on Travis' suggestions, I changed it to a server name, so on my test computer in site C, the environment variable was ADSK_FLEX_LICENSE=@SiteC_server;@SiteA_Server;@SiteB_Server and it worked. I then changed all my environment variables to computer (NetBIOS) names.

That sorted out 4 of my 5 offices, just the 3rd one, Site C users were still grabbing licenses from sites other than their own. Further investigation showed that two of the users who were using the wrong license server hadn't logged out and back in for some time. (this prompted a quick meeting with the CAD Manager and the Sustainability Committee to make changes to inactivity timers and lock computers after one hour, log users off after 2 and go to system standby after 3 hours outside of regular business hours). When one of the problem users logged back in and started up AutoCAD, they did not get a no license error, but rather Autocad seemed to hang for a good 60-90 seconds with an hourglass... after that AutoCAD started up normally and she was on the correct license server. I did the same thing to the the other user and got similar results.

So in the end, there was some sort of networking issue (which is still undiagnosed) that was causing clients to skip over their own license server, but changing environment variables from IP address to NetBIOS names fixed the problem.

Later in 2010 we may implement other changes recommended here and move to a single/redundant license server instead of the distributed model.

First post of the new decade... maybe I won't let this place grow cobwebs in 2010 like I did in 2009 ;)

Back in January I posted a few articles about Windows 7 Beta and what it did to my laptop. It’s not Microsoft’s fault, it’s a combination of Dell and nVidia’s faults. It was the perfect storm: a known design flaw in the video card that affected a boatload of Dell, HP, Sony and Macintosh notebooks. On top of that was a poor design choice by Dell to not actually have contact between the overheating GPU chip and the copper heat pipe that’s supposed to cool it. On top of that was running a Beta OS. On top of that, using a pre-beta alpha-release of a driver for said beta os on a flawed laptop with a flawed GPU. A perfect storm.

While watching a video full-screen in Windows Media Player, the GPU overheated and blew up. Not only did it crash and blue screen and completely wipe out the running OS, but somehow it managed to overwrite the GPU BIOS! That shouldn’t be POSSIBLE, but it happened. The computer would boot up, just no screen. If I watched and waited for the hard drive to stop spinning away during bootup, typed my password and hit enter, it would log me in! I could HEAR the windows startup sound, but no video. No video on the external monitor or HDMI ports, either. Ultimately, because it was under warranty, Dell sent out a technician who replaced the whole motherboard, GPU included (although they replaced it with the same broke-ass GPU chip) so the story ended happily.

One of the things I noticed in the beta was the feedback system, which I used extensively (duh, that’s what betas are for) until I couldn’t. The big huge crash dump from the video card was never sent because after the motherboard was replaced, I was too scared to put the Windows 7 hard drive back in again. I figured I would wait until another beta (or RC) came out and hopefully there’d be a newer driver from nVidia available then, too.

On another note, there’s a way to use a clean, shiny penny to sandwich between the GPU and the heat pipe which drastically improves the transfer of heat to the heat pipe and can avoid just such an occurrence. (you can google nVidia GeForce 8400M GS Copper Mod to see for yourself). On the down side, doing so invalidates your warranty. I’ve refrained from doing it because of that, but when the warranty runs out, that’s on my to-do list for the very next day. Instead of doing a recall and replacing the bum chips (and the heat pipe while they were at it) Dell instead extended everyone’s warranty by 12 months, so if your laptop blows up (like mine did) you’re covered for an extra year.. but if it happens AGAIN after that period, you’ve got a dead laptop. No one else did anything better (HP, Sony, even Apple) so I don’t want to be TOO unfair and shit all over Dell only because they and their tech support have been very good to me over the years. No, really! :)

The Windows 7 RC is out today and will work (for free) until June 10th, 2010 or about 13 months. In the fine print is that starting 2 months before that, your computer will shut down every 2 hours as a warning sign that the expiration is imminent and that it’s time to get a properly licensed copy. Hopefully there’s an upgrade path so you can punch in a new product code and activate Windows without having to re-install with the release version. I can’t see myself NOT re-installing with 100% gold code, but I’m sure there will be people out there who have tweaked and modded their user profile and software set-up JUST SO and won’t relish the thought of starting over.

Happy Valentine’s Day, ladies. I hope you had a lovely day…

This Saturday it’s your turn to return the favor. That’s right, it’s been a month already! March 14th is Steak and BJ Day. It’s pretty simple… It’s steak… and a BJ!

www.steakandbjday.com for more details (pretty NSFW content)

We’ll be celebrating this year at Little Billy’s Steakhouse in Burnaby, but the jury is out on who’s picking up the tab! ;)

I’m not sure how I could have possibly forgot, but I let this domain expire. :)

I saw the email from Network Solutions on my phone this morning and assumed it was just one of those “your services expire in six months! renew now!” semi-junkmails. Nope! this one said “Your Network Solutions Service has Expired”.

Oops.

And the DAY before payday, too. Ahh well. I suppose that’s what credit cards are for.

Since my laptop is down for the count (I’m expecting the new replacement laptop to arrive today or tomorrow) I haven't synced my iPhone for about two weeks since I installed Windows 7 to try it out so it hasn’t been syncing my calendar.

My email is downloaded via POP3 from my Exchange mailbox, so when I connect to Outlook Web Access, I don’t have contacts or calendar to remind me there, either.

In the end, no harm, no foul. I’m back up and running and the DNS servers probably didn’t even have a chance to propagate to the pending deletion landing page.

Dell now has three open service calls for me, and I sense it’s going to get worse before it gets better.The local firm that Dell contracts to do their re/re’s told me that I would be receiving a new unit. Then Dell’s national technician appointment center called me to let me know a new part had shipped out and I would be contacted by a technician to arrange a time to come and do it. Then the local tech’s dispatch called me to tell me that the parts hadn’t arrived and would call me back tomorrow (today now) when the parts arrived.

I stopped him and asked him if I was getting a new motherboard or a new system, and he didn’t know, but thought that it was odd that the delivery address was both my home address and their business address.

I got his cell phone number and name and said if nothing showed up by Friday noon I would call him back and he could sort it out with Dell. Fortunately (for both me and Dell) I’m not a one-computer household that’s relying on this one system. I’ve got Laurie’s desktop, her netbook she got for Christmas and a media server plus my work laptop all at my disposal. He thanked me for my patience and said he would be in touch shortly.

Dell’s local supply chain technician called me yesterday morning to set up a time to replace the parts on my laptop that seemingly blew up. They didn’t have the parts yet, but were expecting them later that day so they’re going to call me back this morning to arrange a time to do the repair.

I brought my laptop to work, and the tech’s office is actually just around the corner from mine, so that way he could do it whenever and when I take it home tonight it’s fixed.

I turned to my co-worker James and said “hey, do you want to see my screwed-up video card?” he came over and I turned the laptop on…. and it worked! WHAT THE HELL??

I’ll mention it to the repair tech, but I’ll still have him replace the parts. Save him a trip out again later, ESPECIALLY if he can replace the GPU with another, non-f’d up one.

Update: Well it must have been it's final hurrah. when the technician arrived, it came up with the BIOS logo screen, but then died. He began to disassemble the laptop to replace the system board (that's the motherboard in Dell-speak) and unfortunately it has the same GPU chip on it as the one being replaced. Ultimately he had to stop and make arrangements to come back tomorrow because--get this-- he couldn't get one of the screws out and has to get a different screwdriver. I have one that's the perfect size for laptops, but unfortunately I left it behind on Vancouver Island last week. He's coming back tomorrow to finish it. It's a darned good thing that I'm a huge nerd and have three other computers at home I can use until this one is back up and running.

I haven’t really been using my computer much this week. I’ve been smokin’ busy at work, so by the time I get home, the last thing I want to do is spend MORE time in front of the screen. Everything is on track now for a business trip tomorrow, so starting this weekend when I get back everything should slow down again… until Monday. :)

The last post I made about Windows 7 I mentioned that the fan was acting weird. I went to Dell’s support site and there was a new BIOS version for my specific laptop. I installed that and the fan began behaving as expected, so thank you Dell. I’ve still got i8kfangui running, but just in informational mode only so I can see the CPU temperature.

Every window has a “Send Feedback” link up next to the minimize, restore/maximize and close buttons. I read today that there’s a registry hack you can make to turn it off if it really bugs you. I don’t know why you’d find it annoying though, it’s a BETA TEST of an operating system. It’s provided free of charge in exchange for reporting metrics, crashes and other things… LIKE FEEDBACK. It’s actually pretty cool. There’s a dropdown that you can select what category you’re reporting on, and then some stars to give you a choice of how well it worked (or didn’t) and then comments.

The dropdown list itself is pretty encompassing, too. Everything from Accessibility features, printing, faxing, security settings even Tablet PC functions. Finally at the bottom there’s an “other” category.

So far I’ve sent between 12 and 15 feedback “emails” to the team. Some of them have just been “This works exactly as advertised and as expected”, a couple suggestions and a few negative ones, too. I sent one when I crashed IE the first time the other night, too. Being a beta, you’re not supposed to use this as your “main machine” and in fact, part of the terms of use specify that you won’t use it ‘in a production environment’. I WILL be implementing it in a production environment in a couple months at work. I’m planning a pilot project for myself and my co-administrator, as well as a couple people who are tech-savvy to run Windows 7 with all our line-of-business applications to iron out any kinks that come up over the next year before we start migrating to it (skipping over Vista) in early 2010 when it’s released.

I wrote on the 2009 advancement plan at work that if I tried to upgrade people to Vista that we’d have a mutiny on our hands. I’ve been running Vista on my laptop since last December when I got it, and forcing myself to use it on my desktop at my last job for almost a year previous so I could get to know it before I had to start fielding calls about it. While Vista came out of the gates flaccid with few compatibilities with existing hardware and software, it was something that needed to be done. If Vista hadn’t come out when it did and been a dog, then there wouldn’t have been new drivers and new versions until Windows 7 came out. Then *IT* would have been the dog that nobody wanted. Vista was the pain of living with no floors in your home while contractors reinforced and rebuilt your foundation and drainage. It sucks, and it’s hard, and it tries your patience, but in the end, what you built on top of it was all the better for it.

While I could have rolled out Vista Business with Aero Glass turned off and the “classic” skin/theme selected to make it look like Windows 2000 Professional, Windows 7 takes that option away. I might have been able to slip it past a few people if it LOOKED like the old Windows :)

What everyone seems to forget is that in 2001, XP was hated just as much as Vista is, with people decrying the “Fisher Price toy” interface and the new double-wide start menu but as people actually used it and adapted to it and started to reap the benefits of the new system, they liked it and ultimately loved it (evidenced by extension after extension for the availability of Windows XP for OEM systembuilders).

The difference between 2001’s hate-in for XP and 2007’s hate-in for Vista is a 24-hour news cycle and a lot more people  out there trying to justify their employment filling column-inches. Vista’s missteps were a convenient mule to whip.

Yesterday I watched from the sidelines while the Microsoft web servers were hammered into submission and ultimately failure as people tried to download the Windows 7 Beta. Someone found a direct link to the .iso files and some people reported that their multi-gig files just stopped partway through. I guess there were people physically deleting the iso file from webservers at that point. It was an epic fail; microsoft.com was down for a little bit, windowsteamblog.com was offline, eOpen (licensing site), MSDN and TechNet were all having problems as the deluge continued.

Lifehacker actually posted an opinion piece admonishing Microsoft for not being ready for it and while they DO have a point, I don’t think they anticipated just how many people wanted an alternative to Vista. To give them some credit, there’s a difference between 38 million Firefox 3 downloads and 2.5 million 2.4 gigabyte Windows 7 downloads.

By late last night and this morning they had things ironed out and brought more capacity/bandwidth online and re-opened the beta. (I wonder if they ate their own dog food and used some sort of Microsoft Azure cloud computing platform, or if they just used Amazon S3 or (doubtful) Google’s cloud computing platform. More likely they just upped their commitment to Akamai.

Earlier today I signed up for the beta and got my product code that’s good through August 31st, 2009.

Tonight I backed up my laptop (which has been having wireless connection issues almost since I got it) and then did a hard drive swap so as not to damage my vista installation that has all my data on it. On a side note, I picked up a 320gb, 7200RPM, 2.5” SATA notebook hard drive at NCIX on Friday for $104 after taxes. While not as cheap as 3.5” SATA drive, that’s still pretty cheap.

I fired up my laptop with the Windows 7 DVD in the drive, made a few selections (language, regional settings, keyboard layout, that sort of thing) and then it installed. It seems to have installed a little slower than the Vista beta did a couple years ago. Once it was “ready” it asked for my name, a computer name (for networking) and then asked me if I wanted to connect to a wireless network. Judging by that, it had a driver and installed it during setup. It asked me for my WPA password and that was it. It then checked with Windows Update and downloaded 68mb of updates. One of the updates it downloaded (probably the bulk of the 68mb) was the nVidia video driver for my laptop. (At the time, it was running at 1024x768) Once it downloaded and installed the video driver, the MP3 bug fix and a couple other updates, it rebooted and came up at the native 1280x800 resolution. There was one “optional” update yet to be installed, the Broadcom Ethernet adapter driver. I installed it, and then downloaded/installed the new Windows Live Essentials (including Windows Live Writer, which I’m using right now to write this up)

I opened up the Device Manager, to see if any drivers did not get installed and was shocked to see that there was only one device that didn’t have a driver installed: the biometric fingerprint reader. The good news was that it identified it as a biometric reader interface, rather than just “PCI device” or something like what probably would have happened in an earlier version of windows.

I opened up IE8 and navigated to Facebook, and then I opened a new tab and went to another page. When I was done, I clicked the close button and it asked me if I really wanted to close Internet Explorer, or did I just want to close the current tab? Nice touch.

The only annoyance I’ve found so far, is that my fan is cycling on and off constantly. I don’t know why yet, but it’s probably something simple.

There was a notification that came up, telling me I did not have antivirus software installed. Clicking the notification balloon where it said “click here to find antivirus software online” opened Internet Explorer and went to a Microsoft Security webpage that had links to AVG (woo!), Norton/Symantec and Kaspersky Labs websites. I clicked on AVG and the landing page said “Welcome Windows 7 users!” It had a link to download AVG Antivirus standalone or AVG Internet Security for 38.99 or 59.99 respectively.

I don’t know about anyone else in the position to beta test a new OS, but I sure as hell am not going to pay $60 for a security package for a beta install. Sure I can re-install it in Vista or XP if I go back to it, but what the hell. I clicked on “all products” and then over to “free trials” to get a copy of AVG Free.

So far, the only thing that hasn’t “just worked” right out-of-the-box (so to speak) is the Windows Live Call. I wasn’t sure how it worked or even really what to do with it, but when I clicked it in the start menu, it came up with an MSN messenger-like window with a telephone keypad on it and a text message saying that the service was temporarily unavailable.

Even IE8 seems pretty responsive. Firefox 3 has been getting on my nerves lately. Facebook, Canadian Tire, Rogers and VanCity Savings websites constantly gave me problems with connection reset and other “page cannot be displayed” type errors. If it wasn’t for AdBlock Plus, I would probably have switched back to IE7 by now.

Tomorrow I’ll install Office 2007 Small Business and use Windows Live Sync to copy my pictures, videos, data and downloads back onto this installation and start “using” it for real and contributing feedback to the beta team.

I bet you think this is going to be a product placement post… It isn’t, but it’s sure going to sound like one.

Last December, I attended a course in Tampa, FL. They had a “free gift” if you signed up for more than three days, and this course was five. The choices were an Xbox 360 Core, a PS3 40GB, Nintendo Wii, iPod Classic 80GB, a Zune, a Garmin GPS/wristwatch or a $300 Visa gift card. Since I already had the others, I chose a Wii.

Of course the Wii was out of stock, so I asked if I could wait and get one of those. They said OK. They were good about sending me updates, and then around May they emailed me and said they still were having trouble getting the Wii and would I like something else? I still wanted a Wii, so I chose the $300 Visa gift card. A few weeks later a $200 and a $100 American Express gift card showed up on my desk. I was going to use them to buy a Wii.

Of course, I never did and carried around the gift cards for awhile. Eventually I did use up the $100 card, but I still had the $200 card. I tried to use the $200 card at Ikea last week and it was declined. I think I had about $230CAD rung up, and it was $200 USD, so whatevs. Last night I tried it again at London Drugs for $150 and it was declined again. Perhaps I can only use it at a US merchant…

Just for grins, I went to www.americanexpress.com/giftcard and clicked on the Check Balance link. I punched in the card info and up came… a balance of $35.20. WTF?! I started clicking each month in the dropdown for purchase history and there it was, June 16, 2008. Two purchases at Hotwire.com for travel on the same day. My gift card had been hacked.

I tried to send a message through the AmEx website, but you had to be a registered member to do so. After three attempts to create an account with the giftcard failed, it locked me out. I called the number on the screen which was generic AmEx Customer Service and spoke with Paul from INDIAna (as if) and he gave a different number for Gift Card services.

I called them and spoke with a c/s named Cindy (no trace of an accent whatsoever) and asked her if it was too late to dispute the charges as they were nearly six months old. She said she didn’t think so and said she would transfer me to the Fulfillment team. I was put on hold, and listened to Bing Crosby xmas tunes for a few minutes, and then she herself came back on the line and apologized for it taking so long and would I like to continue to hold, or did I want the number to call fulfillment directly? I said I would wait a little longer, and then she connected me with Jose on the fulfillment team. He asked me a couple questions and before I could even ask if it was too late to dispute the charges, he said he was going to send out a replacement card for the full value.

Excuse me?

He thought I didn’t hear him and repeated it. I heard him fine, I just couldn’t believe it! I gave him my parents address, and he had to check with someone to see if they could mail it to Canada, but re-iterated that the card would only work in the US. It turns out they couldn’t, so I gave him my address in Sumas, WA and he said it would be there in 2-3 business days. That would be Boxing day, so probably not (although they don’t celebrate Boxing Day in the US)

At the end of the call, he asked me if I was an American Express cardholder. I said “No, but if this is the way you treat your customers, then I’ll be signing up for one later this afternoon!”

And now, it’s time for a “Fuck You Friday” special!

To the Translink bus driver who changed lanes into my lane when I was halfway up the side of his bus, forcing me to STOMP on my brakes and nearly get rear-ended by the morning traffic behind me and then STILL almost clipped my front end with the ass-end of his accordion bus rather than wait the 1.5 seconds until I was past him; a hearty “FUCK YOU, YOU ASSHOLE” and I hope you have a shitty weekend!

Reminds me of an old proverb(ha) I heard on a Maclean and McLean record when I was a young impressionable child:

May bloody piles torment you,

May corns grow on your feet.

May crabs as big as turtles,

Crawl up your ass and eat.

And when you’re old and feeble and become a nervous wreck,

I hope your head falls through your ass and breaks your fucking neck.

To everyone else, have a great weekend. ;)

Last week enough parts arrived that I could start putting together the first of my two new servers. In the end, I decided to buy SuperMicro barebones servers instead of HP or Dell (or IBM) servers because of the size of the hard drives we wanted. My co-worker and I came to the figure of 4TB for where we expected company-wide data storage to be in five years time, based upon the current size and the growth we’ve had and are expecting.

In order to build a RAID5 array of 4TB, we had to have five 1TB drives. Of course, 1TB drive doesn't actually HAVE 1TB of drive space on it, it’s only about 927Gb or so because of the whole 1000 vs 1024 multiplier. Sure it was fine in the days of 100Mb drives, but now it’s just ridiculous. Five 1TB hard drives yields a 3.6TB array. We are “missing” or “losing” 400Gb or almost half of one of those terabyte drives when extrapolated across the array.

The hard drives that Dell and HP (and I’m assuming IBM/Lenovo) use have custom firmware on them so that the onboard diagnostics can talk to the drive and receive information from them. This means that the same Seagate Barracuda or Western Digital Caviar 1024Gb drive that costs about $166 at NCIX or Tiger Direct costs $924 from Dell Direct or CDW. You also need the hot-swap caddy for that particular server, and they don’t sell those separately (unless you find some on Craigslist or eBay). That would have meant that I spent more on those hard drives than I ended up spending on the entire SuperMicro server.

This is the second time I’ve dealt with SuperMicro. When PC Powerhouse closed it’s doors, we (my old company) bought up their server rack, patch panels & switches and there were two SuperMicro 2U servers in there. We called it the Sharktank and used it to set up a completely separate network with a copy of our Active Directory on it to use for testing purposes. We also bought a third SuperMicro 2U server and stuffed it full of 500Gb hard drives to use as a disk-based backup solution. I was impressed with the build quality then and when I needed a cheaper alternative to brand-name servers here at my new job, I went to SuperMicro again.

Fortunately CDW carries SuperMicro servers. NCIX does as well I found out which means I have two suppliers I can have compete against each other for better pricing. The first one arrived mid-week last week and I put it together in one afternoon. These particular servers are Intel Xeon quad-core processors, 4Gg RAM and two 250Gb hard drives in a RAID1 (mirrored) configuration with Windows Server 2008 x64 Standard Edition running on it. The RAID controller is an Adaptec 3805. In addition, they also have the five terabyte drives configured in a RAID5 array. These servers have redundant 750 watt power supplies and are plugged into an APC 2U Rackmounted UPS pushing 2200VA.

So begins the headache. The maximum disk size that windows XP, 2003 and Vista (non 64-bit versions) can see is 2Tb. My array is 3.6Tb. Try as I might, I could not break through that 2Tb maximum. The drive just didn’t show up in the Disk Management snap-in. I tried everything I could think of, it just wouldn’t show up.

I deleted the array that I had created in the controller BIOS settings and re-created it in Windows using the Adaptec Storage Manager (ASM). No good. As soon as I added the 4th drive to the array, the available disk size went from 1.8Tb to 2.0Tb and ignored the remaining 1.6Tb. I searched and searched and searched all weekend and asked every SysAdmin I knew and had access to via IM, email, phone and shouting over a live band at a pub Saturday night. No one had any insight.

I found out about GPT during this time though, and how it works and what it does. There are a lot of limitations to using GUID Partition Tables instead of MBR mostly due to BIOS limitations. EFI bios can boot from GPT disks, so that means all Macs can, but only Windows XP x64, Vista x64, Server 2003 SP2 X64 and Server 2008 x64 can BOOT from a GPT. This had no bearing on my setup as I wasn’t booting from this disk, it was simply a big data drive. There’s supposed to be a way to right-click an unrecognized disk in the Disk Management snap-in and Convert to GPT (or Convert to MBR) but since my Disk1 was not showing up there, I couldn’t do it. FRUSTRATION SETS IN.

I came in over the weekend to relocate the server from my workbench into the rack and re-created the RAID5 array and initiated a Build/Verify rather than a Quick Init. After two hours of solid disk LED lights, the progress meter changed to 1%. Oi. I left and went home for the weekend, thinking that it should be done by Monday morning, and once the drive array is Optimal, then maybe it will magically appear.

No suck luck. I arrived this morning to an Optimal array but still nothing in the Disk Management snap-in. I opened the Device Manager and checked through there to make sure that the Adaptec 3805 had the correct and up-to-date driver. It did. When I clicked “check online for a new version” it returned a message that I already had the best driver for the job. Fortunately I’m not that trusting of Windows Update.

I went to the Adaptec website and navigated through to the 3805 downloads. there was a newer firmware available, but there was a new, windows-certified driver for Server 2008 x64 that was dated Oct 2, 2008. I downloaded that driver and copied it over to the server. The documentation suggested that I could either do it via rebooting the server and booting from a floppy, or I could do it via the Adaptec Storage Manager console itself. I updated the driver and Windows Server 2008 said “your new driver is installed but will not be working correctly until you restart your computer.” Since this is a new server and there’s no data on it yet (hell there’s nowhere to PUT the data) I clicked OK and when it asked me to reboot, I clicked yes.

I was disconnected from the Remote Desktop, and since I don’t have a console KVM in my rack just yet, I kept my fingers crossed and waited a few minutes for the server to come back up.

I re-connected via Remote Desktop (as an aside, as of November 19, 2008 RealVNC’s free version does not work with Windows Vista or Server 2008, just their pay versions do) I fired up the new Server Manager and expanded the + sign next to storage and clicked on Disk Management…

HOLY JUMPING JESUS ON A POGO STICK I HAVE A NEW DRIVE SHOWING!

Disk 1 unknown 3723.99Gb NOT INITIALIZED. The Initialize Disk Wizard popped up on it’s own and asked me how I wanted to initialize this disk: MBR or GPT? Even the note at the bottom is good: The GPT partition style is not recognized by all previous versions of Windows. It is recommended for disks larger than 2TB, or disks used on Itanium-based computers. Honestly, Itanium? Who even USES those? In this case, I’m going to go with GPT because I’m never going to boot off this drive, and Windows Server 2008 sees the GPT partition just fine. The XP Client computers and other Windows server 2003s that will be working with the data on these drives will all be accessed over the network via SMB anyway so it’s all good.

FINALLY the drive is ready to be formatted as NTFS (which should take another bunch of hours, even as a quick format) and I can start preparing my checklist for migrating the old file server on to this one.

Just over two years ago I came across a link that said that Rip Curl was making a rechargeable, heated wetsuit. DAMN! I posted that I did not know if it was for scuba use or it was merely “splash-proof” for kayaking and surfing.

It took two years, but this morning I saw a post on The Uber-Review that they’ve finally brought it to market.

It’s only rated to 10m so it’s not designed for SCUBA diving at all. Surfing yes, kayaking yes, SCUBA, no. They were thoughtful enough to do a bunch of testing to make sure that the electric field generated by the lithium-ion batteries and the carbon fiber heating elements wouldn’t attract sharks. Thanks guys! Hopefully they didn’t get the batteries from Sony’s laptop battery division. :)

Rip Curl’s website has a cool interactive flash site set up with videos and a neat “thermal body scanner” that shows you where the elements are and how much heat they produce when you have it switched on low or high.

Now if I could find a battery-heated wooly-bear to wear under my drysuit, I’d be back in business diving up here in the Pacific Northwest… maybe next spring :)

PS: they're just over $1000 MSRP and doesn't really say what the thickness is, although I kinda think it's a 4/3mm.

A few weeks ago I posted a rant about some dirty filthy stinking hippy who sheared off the drivers side mirror on my car, less than a month after I bought it.

Of course, it probably wasn’t a hippy, they don’t normally drive cars… the odd VW Microbus but those are few and far between.

I spent a week calling around to wreckers to see if anyone had a replacement. No, no, no, no and haha no, really! The mirror is a power/electric mirror so I had to replace it with another. There’s a little speaker in the corner on the inside, so I couldn’t even replace it with a manual one to save a few bucks.

I called a couple Honda dealers and they all quoted me $340 plus $65 for installation. Funny how the price of one is juuuuust a few dollars higher than the standard deductible for comprehensive insurance. When I got that info, I posted another rant about collusion between auto manufacturers and insurance agents.

In the end, I ordered a 3rd party replacement from PartsTrain.com for $34.99 USD. It cost me about $30 in gas to drive out to Sumas, Washington and pick it up from Package Express, the mail-drop that I use for US shipping. I installed the mirror yesterday and it fits and works perfectly. The only difference is it’s black/unpainted. My passenger side mirror is green, the same color as the car so I’ll have to get it painted one of these days. Even if it costs me $100 to get it painted, it’s STILL half the price of buying one from the Honda dealer.

As soon as I pulled away from the curb this morning without having to twist alllll the way around in my seat to see if there was anything coming, I realized just how much I missed having that mirror for the last two weeks.

Tonight I received my first SPAM message on Facebook. I had 1 new unread message and was putzing around when I went to read it and saw that  I now had TWO messages...

I clicked into my Inbox and my heart sank...

The Inbox view only showed the first line or two, but that was certainly enough. This is the first time I've seen one that referenced the 2004 Boxing Day tsunami, but the details are not the important part.

The important part is that these fucking scammers are starting to infiltrate Facebook. I suppose it was only a matter of time. They've made using Hotmail or Yahoo mail practically unusable. Hotmail at least has the 'exclusive' setting so that only people in your contacts/address book can  actually send messages through to your inbox, but I've had to abandon my Yahoo email account that I've had since 1997 because it gets about 50-60 emails a day, most of it various forms of the Nigerian 419 Scam. The sad part is that even now, in 2008 people are STILL FALLING FOR THIS CRAP. There are various names for it, I know it as a 419 scam because that's what The Register called it when I used to read that. They had a whole section on 419 scam-baiters each week it seemed. There's another one about a lottery going around to and even my mother nearly fell for, forwarding it to me to ask me if I thought it was legit. As if.

This is a pretty serious thing for Facebook, and I hope they figure out some way to nip it in the bud. The whole point of a social networking site is, well, to NETWORK. Meet new people. If everyone starts jacking up their privacy settings to the point that you can't contact anyone unless you're already friends, how are you going to get to be friends?

As soon as I saw it, I looked for and found the "report message" link right there underneath this scumbag's name. It came up with a warning that if I proceeded, the person would be put on my block list and any relationships I had with that person would be broken. The two choices were Spam or Harassment. I kind of flipped out a little bit and vented at the poor administrator who has to open that message. The next popup (remember when THOSE were the scourge of the internet?) said that the message would be forwarded to Facebook administration and that I would not be informed if any action was taken.

Unfortunately, this sets up Facebook staff for a never ending game of Whack-a-mole, where these scumbags who have nothing better to do than sit in internet cafes in Nigeria and create fake user ids and email addresses and send their spam out.