Shivering on the 49th Parallel
Friday, October 26, 2012
this is quick & dirty just to get you installed, maybe one day I'll refine it and add screen shots... but probably not :)
Friday, October 26, 2012 1:16:14 PM (Pacific Standard Time, UTC-08:00) | Comments [2] | Microsoft | Windows#
Tuesday, March 20, 2012
First post of the new year! also can't be arsed to install WL Writer so doing this in the web form. blech. :) One of my "projects" for 2012 is to suss out DirectAccess, a transparent "VPN-less" secure connection back to the mother ship from a roaming corporate laptop. On paper it sounds pretty good, but from a demonstration point of view, it ranks up there with watching grass grow or paint dry. When set up and configured, a laptop (or desktop I suppose) out of the office and off the corporate network can access network resources behind the firewall. Going the other way, IT can centrally control corporate laptops out in the field via Group Policy, WSUS and other technologies. To give a demo, you'd take your laptop off-campus, fire it up, log in... and... use it... not much of a demo :) the stuff going on behind the scenes is interesting, but not for the average person. My engine, however, gets running. I ordered up an HP Microserver last month to try this out on. I suppose I could have installed 2008 R2 on any old computer kicking around, provided it had two network ports on it, but I also wanted to do a hands-on with this little server. The HP Microserver is ridiculously cheap for what it is: an HP ProLiant server. it's about half the size of a breadbox and has four non-hot-swap SATA drive bays, two memory slots, a PCIe x16 and and a PCIe x1 half-height slot, a 5.25" drive bay for an optical or tape drive and one large low-rpm fan on the back so it's really quiet. All that for about $400. I bumped up the price somewhat by doubling the RAM and adding a server NIC card to get a few more network ports on it, but it was still under $1000. Putting a copy of Windows Server on it is where most of the expense comes from. Since this is a test, I put a TechNet/MSDN copy on it and fired it up. There are a lot of pre-requisites for setting up DirectAccess including a good CA/PKI setup, and probably the most difficult part: 2 consecutive public IP addresses that don't end in 09-10. I've got all that covered now, so my next step will be to make some changes to Active Directory, my edge firewalls and then I can try it out!
Tuesday, March 20, 2012 8:28:53 AM (Pacific Standard Time, UTC-08:00) | Comments [2] | Active Directory | Hardware | Microsoft | Networking | Servers | Windows#
Thursday, September 8, 2011

Well this is interesting. First of all, do not move any vhd or avhd files around, whether your guest VM is running or not.

I came back from a week’s vacation to find that my VMs were pretty much all broken. Awesomesauce. What happened was that the server that I run SCVMM on is also the Backup Exec server, and due to a mistake by some end-user, the size of the weekly backup jumped about 600gb and the backup2disk folder ran out of space and halted all backups. All the Virtual Machines paused themselves too because the host was out of hard drive space.

To alleviate the situation, a co-worker found 100gb or so of files in a “snapshot” folder under the VM’s folder and moved them elsewhere. What he didn’t know or realize was that these VM files have very specific ACLs that are tied to a username called NT Virtual Machine\{SID}.

When you move a file in Windows, if you’re copying on the same volume (say from My Pictures to My Pictures\vacation 2011) it will take it’s permissions with it. When you move a file to a different volume (to a D drive, or a flash drive or a network drive) it will inherit the permissions of it’s new home. Normally that’s a good thing, but for these snapshot files, it’s a bad thing. a very bad thing.

I discovered this when I found & moved the files back to where they were. The VM still would not start up and was giving all kinds of cryptic errors. unable to mount, unable to start virtual controller, things like that. I should have made a note of the exact errors and put them here for people to find, because figuring out what to do was a bit of a pain. Ultimately I found a KB article that described how to re-set the permissions and re-assign full control to the NT Virtual Machine\GUID user to the folder and then each of the avhd files directly using your favorite tool and mine: icacls.exe

This allowed the machine to re-start up and everything seemed to be OK so after 24 hours I thought I’d figure out how to get rid of those snapshot files and free up that space “the right way”. The first problem was that I did not have any snapshots of this VM, so how could I have snapshot files??

I found this article called “Hyper-V: What are these *.avhd files for? Snapshots? But I have no snapshots!” while Googling around and at first was stumped, because what he was displaying I could not see. I followed his directions to shut down the VM and power it off (the guest) and realized that yes it had been paused and rebooted, but it had never been shut down in nearly two years. I powered it off (it’s an MDT and WSUS server, so no “production” data on it) and looked around for the “merging 1%” to show up and it didn’t. I couldn’t figure it out! why couldn’t I see this happening in my SCVMM administrator’s console? On a whim, I decided to try the “local” Hyper-V MMC snap-in, so I fired up the Server Manager and drilled down to it. There it was, on the main screen under “Operations”: Merge in progress: 11%

I watched it for a few minutes and saw that one of the AVHD files disapeared! it was working! Awesome! so now it’s merging “the big file” which is where all the deployment images and WSUS download data was and is taking a while longer. As soon as the first AVHD file disapeared, I looked at the drives and saw that there was now 80GB free and the backup jobs resumed their steady march.

Once this is done, I’m going to have to do the same to the other Guest VM on this machine, which IS a production machine and probably has even more data in it, so that will have to wait for 5pm and run overnight.

Thursday, September 8, 2011 9:27:09 AM (Pacific Standard Time, UTC-08:00) | Comments [0] | Microsoft | Servers | Windows#
Tuesday, June 28, 2011
Like the sword of fucking Excalibur, only the anointed, chosen one can pull the Export-Mailbox cmdlet out of the stone.
Tuesday, June 28, 2011 1:58:04 PM (Pacific Standard Time, UTC-08:00) | Comments [0] | Rants | Mail Server | Microsoft | Servers | Windows#
Tuesday, June 7, 2011

Last year I set up a Windows Server 2008 Core server. It was a Hyper-V virtual machine, it was minimum-spec, it didn’t do much other than be a second Domain Controller on the network so I hardly ever had to interact with it. Based on that criteria, and because I wanted to see what it was like, I installed Windows Server 2008 Core.

Windows Server 2008 Core if you’re not familiar is a Windows server with no windows: when you log in, you get a command prompt, and that’s it.

Configuring it after installing was a bit of a bear, because instead of clicking anything, you had to learn, know and type the commands into the terminal, along with all the arguments/switches. I got it set up, configured, joined to the domain and then promoted to be a domain controller and that was pretty much it. I set it up so that I could use Remote Desktop to connect to it, but what I really wanted to do was use the Server Manager on another server to connect to it and manipulate it that way.

I found out the hard way that you can’t really do that. I did find a piece of software written in Visual Basic called CoreConfigurator which created a text-menu-based configuration helper and it was pretty good. They also had a Version 2 which was written in Powershell that had a bit of a GUI to it… but it wasn’t compatible with Windows Server 2008 (the Vista server, if you will) only Windows Server 2008 R2 (the Windows 7 server). I pretty much dropped it after that, since it was running and I didn’t need to do anything to it.

Eventually I upgraded it to Server 2008 R2 when my licensing allowed me to and then I could use CoreConfigurator V2.0. Remote management still wasn’t working, despite the server’s command-line status updates to the contrary. Again, it was working and I had more important things to do.

Today I was trying to track down something (seemingly) entirely unrelated. Some clients could access a DFS share on the domain, and others could not. I followed the trail to the Domain Controller (DC1) and checked DNS services, and they were all fine. I then looked at DC1’s DNS servers and it was pointing at DC2 (the Server Core) so I opened it up and checked it out. I thought to myself “Wouldn’t it be nice if I could control DC2 with the Server Manager on DC1?” so I decided to take another run at it.

On DC2 I entered winrm quickconfig to see what was configured. As expected, it said:
WinRM already is set up to receive requests on this machine.
WinRM already is set up for remote management on this machine.

So I tried “Connect to another computer” in Server Manager and… bonk. “Server Manager cannot connect to server_name. Click retry to try to connect again.” opening the details tab had more detail, but it’s pretty much all gibberish even to me. “Connecting to remote server failed with the following error message: The WS-Management service cannot process the request. The resource URI ...:// was not found in the WS-Management catalog. The catalog contains the metadata that describes resources, or logical endpoints.” Right.

I started with the error code, and then the hex code and ultimately ended up at a Microsoft KnowledgeBase article that hit the nail right on the head.

Error message in Windows Server 2008 R2 or in Windows 7 when you try to connect to a remote server: "Server Manager cannot connect to <server_name>"

Following this article, I typed sconfig from the command-line on the server core, chose item 4 “Configure Remote Management” and then option 3 “Allow Server Manager Remote Management”. It then re-configured Win-RM (which was already configured correctly) but interestingly added three new rules! It didn’t say what those rules were, but after restarting the server (because I had to enable PowerShell) I was able to connect to the server using Server Manager from any of my other servers or my Windows 7 laptop.

Tuesday, June 7, 2011 12:35:39 PM (Pacific Standard Time, UTC-08:00) | Comments [0] | Tech | Active Directory | Microsoft | Networking | Servers | Windows#
Wednesday, January 19, 2011

I started out the task flying pretty high. I worked on a deployment for some new HP laptops and Windows 7 Pro x64 and things were working out as planned.

Once I got it to where I could PXE boot the laptop, connect to the deployment share and lay the Windows 7 x64 image down on it, I was time to get down to the nitty gritty: Drivers. Applications. Packages. Automation.

Drivers were fairly easy, I’ve been importing them for awhile now, but what I wanted to do was to segregate them into distinct little piles, rather than one motherlovin’ huge pile of inf files and I wanted a computer to only get the drivers it needed for itself, not the whole lot of them.

MDT 2010 provides for this, and there are plenty of good tutorials out there on the net waiting to be found, so I won’t “waste ink” posting it here again. I highly recommend you use the Readability bookmarklet before going to any of the articles on that site, though. They have ads and crap on all 3 sides and a narrow column in the middle with small text for the actual article.

So we got a bare-bones Windows 7 install at this point, with a bunch of Unknown Devices in the Device Manager. Windows 7 is smart enough that most of them have drivers advertised through Windows Update so right-clicking them and selecting “update driver” will find it… but that’s not why we’re using deployment tools, I want it to come out the other end of my process shiny and clean and ready to be used. Following information in those links above and elsewhere, I was able to have WindowsPE detect the make & model of the laptop, and then look that up in my deployment database and download the drivers I specified. Awesome! All but one… one sticky wicket that wouldn’t work because the manufacturer chose to make the driver file a software installation, instead of just a driver. (hate)

On to the Applications settings in MDT 2010 then! Applications don’t work as well as the drivers do. There’s no Selection Profiles for applications like there are for Drivers. Sure you can set MandatoryInstallation <guid> in the customsettings.ini file for the whole deployment share, but then they get installed on every machine that connects, not just the one laptop model that needs this particular driver, so that’s out, too.

Searching around on this topic led me to the Make & Model settings under Advanced Settings>Database. I created a new entry using the Make and Model of the laptop using the data I got from the BIOS. To find out what yours is, drop to a command prompt and type ‘wmic csproduct get vendor’ or get name. Once you’ve created an entry, you can double-click it to open it’s properties and assign things like Applications, Roles and Administrators. Applications is the one we’re looking for here so I clicked on that tab and then clicked Add. I then selected the Driver software.exe that I had set up (as a silent install… another topic!) and then clicked OK. I updated my deployment share and… it didn’t work.

I tried a few different things, I checked, double-checked, and triple-checked that I got the Vendor and Name correct, I tried moving the application around within the deployment share, but nothing worked. Because I was working with a physical machine, it took about 30 minutes to test out each iteration. While it was doing that, I opened the ZTIGather.log on my virtual machine that I had deployed to yesterday, which is in C:\Windows\Temp\DeploymentLogs and using the Vendor and Name in there, I created another entry in the database and assigned it a very small application (most of the apps I have in the repository are huge… Autocad, Office, etc.) to try that one out. I updated the deployment share and this time, just in case, I also went into Windows Deployment System and replaced the boot image with this newly generated one.

I booted the VM up, let it PXE boot, selected x64 boot image and stepped through the Wizard and when I got to the Applications screen… Holy smokes it was there! pre-checked! I tried un-checking it and then clicked next, but then went back and it was re-checked, so it was treating it as a mandatory application, but only on that make & model of computer! I then rebooted the laptop into the same x64 boot image to see if it was working for my original problem. If it wasn’t, at least I had proved that it wasn’t an error with my database. I flipped through the screens to Applications and the driver was there and pre-checked! Hooray! hurried through the rest of it and let it deploy. Once it got to the Windows 7 desktop and the last stages of the deployment were running, it installed the driver software. I rebooted (windows update kicked in right away) and when it restarted, I checked out the device manager: Nothing was showing as Unknown Device! Hooray! One machine down, 2 more to go, get a few more apps in there and my MDT 2010 deployment share will be ready to kick out the Win7 Pro x64 jams to all comers! (well, within my company and licensing agreement, anyway) Open-mouthed smile

Wednesday, January 19, 2011 4:57:01 PM (Pacific Standard Time, UTC-08:00) | Comments [0] | Deployment | Microsoft | Servers | Windows#
Thursday, November 25, 2010
The weird thing is that the server continued to, well SERVE the whole time it was in that compromised state, so the users didn’t know anything was wrong. In the meantime my ass was puckered so tight I was pulling the fabric of my seat right up into my ass leaving little rosebuds everywhere I sat.
Thursday, November 25, 2010 6:27:56 PM (Pacific Standard Time, UTC-08:00) | Comments [0] | Microsoft | Servers | Windows#
Wednesday, October 20, 2010

Last night I logged into work from home to initiate a reboot of all the servers. Windows Updates were pending, and had been pending for about a week, but it’s hard to reboot production servers in the middle of the day when people are using it. Throw in some Flex Hours, and they’re in use from 6am to about 8pm.

The Domain Controllers have their own policy for updates, and they’re still required to be initiated manually, and then “restart now” clicked to reboot them.

When new “critical” patches are released and there are known 0-day flaws being exploited, I’ll use the ‘deadline’ feature in Windows Software Update Services (sort of a mini Windows Update server you can run on your own, approve and distribute updates around your own network but only downloading it once from Microsoft) where if a deadline passes and a user has been clicking “restart later” it will disable that button and start a 15 minute countdown before it forcibly reboots.

There was no deadline on this latest batch of updates from the last Patch Tuesday, so the (member) servers were politely asking to be rebooted. I logged into each of them one by one and clicked “restart now” and then waited for them to shut down, restart, and start back up again.

All of them worked and came back up (according to pinging them for responsiveness) except one. It SEEMED to come back up. I could ping it and it responded, so I moved on to the next and the next and the next.

It wasn’t until this morning when I walked in the door and had four people waiting for me saying “the network is down” (which of course was a misnomer, the network wasn’t down, it was just the shares on THE MAIN FILE SERVER that were disconnected) I poked my head into the server room, and the KVM was already set to that server and on the screen (which was blue, but not that Blue) was “Configuring Updates stage 3 of 3 0% Do not turn off your computer” I watched it for a minute to see what happens, as the hard drive LEDs were blinking away, so it WAS doing SOMETHING… then the screen went black.

The cursor was flashing up in the upper-left, so I waited some more… then the BIOS splash screen came up. The server had rebooted itself.

Turns out it had been in this startup, stage 3, fail, reboot loop since 9:00 last night.

Step 1, try a cold-boot. I waited for it to fail again, and then I held down the power button until it powered off. I removed the power cables and let it sit for 30 seconds to make sure everything had powered off, plugged it back in and tried again. Same result.

Step 2, try Safe Mode…. Applying Computer Settings… Configuring Updates stage 3 of 3… reboot. Crap.

Step 3, Last Known Good Configuration. This resets key windows files back to how they were the last time you successfully logged in. You would think that this would break it out of a bad update loop. You would be wrong.

Step 4, booted from the Windows Server 2008 x64 DVD and clicked on Repair. There’s a new “Startup repair” tool that’s incl-wait, it’s not? only in Server 2008 R2 that’s based on Windows 7 and NOT in Server 2008 that’s based on Vista? There are NO repair options for Server 2008 other than re-imaging of the system from the latest full-system-image? You DO have one of those, right?

Step 5, Uncle Google suggested I click through to “Get Vista out of the Infinite Reboot Loop” and the comment there by Tribus was:

I know a different way to resolve this issue without using a restore point.
1. Insert your Vista Media into your dirve and boot from it.
2. Select "Repair your Computer" from the list.
3. Select "Command Prompt" from the recovery choices.
4. At the command prompt change your directory to C:WindowsWinSxS
5. Type: del pending.xml
6. Exit and reboot
This will fix all Windows update reboot loops and does not require you to restore your PC to and earlier state.

Figuring I had nothing else left to lose, I gave this suggestion a shot, even though it was for Vista. If this didn’t work, then I’d be getting on the horn to Microsoft Support for some help. Instead of deleting it, I renamed it pending.xml.old and then exited and rebooted.

“Applying computer settings…” OK so far so good…

“Configuring Updates stage 3 of 3 0%. Do not turn off your computer…” FUCKBURGERS!!!

“Press Ctrl+Alt+Del to Begin” WHAAAAAAAAAAAT? it worked.

Once it was up and running the first thing I did (other than tell the users they could access their files again) was to look in the event log and see what happened. On the first reboot last night at 9pm, there was an event from source Winlogon, Event ID 6004 “The winlogon notification subscriber <TrustedInstaller>failed a critical notification event".”

So the next step is to research that error and see if I can figure out WHICH update caused it… it could be a moot point though because my co-worker turned up some early results that once you do this, you’ve pretty much broken Windows Update on this computer forever. I can live with that for now, because people are working and the data is intact. If I figure out that that is the case, and figure out a workaround, I’ll post a follow-up.

Wednesday, October 20, 2010 9:07:51 AM (Pacific Standard Time, UTC-08:00) | Comments [0] | Microsoft | Servers | Windows#
Wednesday, August 18, 2010

I’ve written before about what a huge, horrible, steaming pile of horse shit you have to wade through to install a 32-bit (x86) driver on a 64-bit (x64) server. It’s SO counter-intuitive it makes me want to scrape my eyeballs out with a grapefruit spoon and then chop off my fingers so I won’t be able to see a computer or type ever again.

In a nutshell, you need to have a 32-bit client running Vista or Windows 7, install “the full meal deal” printer driver on that client, THEN connect to the 64-bit server’s printer share (\\server\printer) and then tell it to use the existing driver. That will then UPLOAD the driver from the client machine to the server and make it available to other 32-bit clients who try to connect to it.

Today I’m in the opposite situation. I PURPOSELY set up a 32-bit Windows Server 2008 (not R2, which is 64-bit only) to run my print queues because 99.9% of my network is 32-bit Windows XP clients and I didn’t want to have to go through this rigmarole for every single one of them. *MY* laptop, however is running Windows 7 Professional 64-bit and it’s unable to connect to the shared printers on the 32-bit server.

Rather than duplicate the steps above, since I was feeling saucy and experimental, I went the other(old) way around. On the 32-bit server, I opened the printer properties, went to the sharing tab and clicked on Additional Drivers. I checked the 64-bit box and it asked me for a driver. I clicked Browse. I navigated to the folder where I had the 64-bit driver .inf file for the printer, selected it and clicked OK.

Fast-forward a few seconds and the window closed, and the box was checked. Just like that. Just how it USED to be in older versions of Windows Server. I went back to my laptop, tried to connect to the printer, and this time instead of failing and saying “Driver Unknown” or even worse, the  0x0004005 error which is one of the more generic error codes you’ll ever see. (I always thought it was “Access Denied”, but that’s just ONE of the errors it COULD be.) Up came a NEW dialog box. Do you trust this printer driver? Yes, of course I do. Just like that, it mapped the printer, using the 64-bit driver on the 32-bit server.

If it’s so bloody easy to do that with a 64-bit driver on a 32-bit server, why the HELL is it SO difficult and bass-ackwards to do it on a 32-bit driver with a 64-bit server??

Wednesday, August 18, 2010 10:09:35 AM (Pacific Standard Time, UTC-08:00) | Comments [0] | Tech | Deployment | Hardware | Microsoft | Networking | Servers | Windows#
Tuesday, July 13, 2010

Last Friday, one of the workers here in the office came over to me and said that he got an error in his inbox about a message that had been delayed. Not permanently, just delayed. I said OK, leave it, it’ll retry again for the next 48 hours and looked into it.

I connected to the Exchange 2010 server and opened Exchange Management Console and went straight to the Toolbox and clicked on Queue Viewer. There they were, pretty ducks all in a row all with DNS FAILURE errors. Huh. Interesting. I saw this happen once before when we were setting the server up. The DNS server it was set to use was offline, so no DNS resolution meant it didn’t know where to send the mail. Thinking this was the case this time, I checked the Network Adapter settings and saw that the preferred DNS server was the other VM “next to” the Exchange 2010 VM and the secondary was set to “my” DNS server here in my office.

I checked my DNS server first, just to make sure the service was running, and it was. I then checked the DNS server that was it’s primary and it, too, was running. Mystery. Nslookup queries failed and timed out even for common domain names. Not good. This was happening on both DNS servers.

I called in a support ticket (this was Friday at 4:00) and found out that the Exchange SysAdmin was on vacation and not back until Monday, and he was being covered by another Exchange SysAdmin on East Coast time. She called me back about 20 minutes later and we worked on it for a good 40 minutes with no resolution. She figured that since the DNS server was rebooted, it had been unable to contact the

PDC role holder and authorize/activate itself and that there must be a problem with the VPN between my network and hers.

This seemed like a valid diagnosis, as the other Administrator here at work told me that our router had been failing every 30-40 minutes, but recovering after a minute or two and was obviously dying. Yikes. This caused a little panic as ALL my sites use the same router/firewall and they’re discontinued and I hadn’t yet created a contingency plan to replace them.

She escalated the ticket up to tier 3 networking support, who tested the VPN and said that everything was up on their end, but they couldn’t ping my side of the VPN, therefore there was a problem with the VPN and it was on my end. (naturally). I don’t know too much about the router/firewalls we use here, I’ve been slowly learning as I went, but diagnostics and troubleshooting was beyond the scope of my knowledge beyond “well the blinky light is green, not red, so it’s up”.

Further compounding the matter was that this VPN was temporary, because we were switching it on Monday from an Internet VPN to a private, routed DSL connection into their MPLS network. That ADSL modem was plugged in to power and phone, but not into the LAN as it was just for testing.

At some point over the weekend, one of the emails from their networking people said that they could ping as far as but no further. This was when the light bulb went off in my head. .252 is the address of the new ADSL router, NOT the VPN endpoint! Their network techs were trying to reach my network via a device that was physically unplugged! I thought it was odd, since I was connecting from home via VPN through the same device and it was up.

Monday came and I plugged the DSL modem into the LAN and disabled the Internet VPN connection from my network to theirs, created a new route for all traffic destined for their network to use this new gateway and everything seemed to be working. Outlook clients in my LAN segment were connecting via the MPLS network, verified by the IP addresses on a traceroute… I could Remote Desktop the virtual servers in their network… everything seemed to be working, but their network guys could still not ping my LAN from the MPLS gateway, even though I could ping back to my network from the Virtual servers (which was the important part anyway) so that left me with the DNS problem, which was still ongoing and some people were now starting to get NDRs because the 48 hours had timed out.

I started with my own laptop, and did an nslookup query. request timed out. Damnit! I checked the DNS server, the service was running, I restarted it, it still failed. I looked at the event log and there were a bunch of “DNS server encountered an invalid domain name” errors, but the errors were coming from all these weird IP addresses that were not in my network. I then thought that perhaps it was the forwarding that wasn’t working, based upon a few results that came up when I searched that error message online. I checked the forwarders on my DNS server and found that they were set to use two servers, one of which resolved to a hostname and both of which did not respond to an nslookup query. How on earth did I end up with two (seemingly) random Shaw Cable DNS servers for my forwarders when I have a Telus ADSL connection in this office? that could explain why they didn’t respond; my IP address wasn’t in the Shaw Cable network!

I changed the two forwarders to and which is OpenDNS. I then restarted the DNS Server service and BAM! nslookups all worked. I then went back to the Exchange server and tried again. Still failed. OK, I have an idea of what’s going on now, so I connected to the DNS server there and checked it’s event logs. Similar messages, different addresses. I opened the DNS snap-in and went right to the forwarders. The two forwarders on this server were two Telus servers! This was a co-located (sort of) Virtual Server within an ISP, so how did I end up with Telus servers there?! I changed those two forwarders to OpenDNS and restarted the DNS Server service and as I was opening a command prompt window on the Exchange 2010 server to try an nslookup again, I could see the emails in the retry queue (which was still open) begin to flow out. I tried nslookup queries on a couple domain names that I knew were in the retry queue and they all answered lightning fast as non-authoritative responses.

SO in the end, I figured it out myself, but the million-dollar question that I can’t answer is HOW did my local DNS server get a Shaw DNS server as a forwarder, and how did the VM DNS server in the datacenter get a Telus one??

Tuesday, July 13, 2010 8:44:13 AM (Pacific Standard Time, UTC-08:00) | Comments [0] | Tech | Active Directory | Mail Server | Microsoft | Networking | Servers | Windows#
Friday, May 28, 2010

Two lies for the price of one!

This morning I took a new server out of the box for a small branch office. It’s an HP ProLiant ML150 G6 tower server: Xeon Quad-Core processor, 2GB RAM and a 250GB SATA HD. I also upped the RAM to 4GB, added a 2nd 250GB drive and a pair of 500GB drives to give me a RAID1 array for the OS & Apps and a RAID1 array for the data.

Once I configured the RAID arrays, I booted using the Easy Setup CD. The Easy setup CD is something that HP and Dell (among others?) send out with a server to speed up and make life easier on the person installing Windows. It’s Linux based and walks you through picking a drive to install it on (the HP one even comes with an admin tool for the SATA RAID controller to configure those if you hadn’t already done it in the BIOS) and then provide your Name, Company, Product Code and which version of OS you’re installing from a list incl Windows Server 2003, 2003 R2, and 2008 and different flavors (32-bit or 64-bit) The Dell one goes even further into pre-configuring IP addresses and even joining to a domain. Once it has all the information it needs, it creates partitions and copies/pre-stages drivers from the CD to the hard drive so Windows Setup knows where to find it and can “see” your drives on your RAID controller.

I went through the steps and when it came time to choose an OS, Windows Server 2008 R2 was not on the list. I figured Windows Server 2008 x64 was the closest thing and chose that. It did all it’s gyrations and then prompted me to insert the Windows OS disc. I put in my Windows Server 2008 R2 disc and… was rejected. Odd. I tried again, same response. “Please insert the Windows Server 2008 x64 OS Disc”.

At that point I realized that it was looking at the volume name on the disc and whatever my disc was, it wasn’t what was expected. Le Suck.

I got on to HP’s support site to find an updated Easy Setup CD, and eventually found the right page, but it only lists Server 2008, not Server 2008 R2. Lame. I kept looking and searching and ultimately hit the Support Chat button and got an HP Tech Support agent on the line. I explained to him my predicament and he sent me a link back to the page I was just looking at. I knew it was the same page, because the link was purple instead of blue. (ie already visited)

I explained that I already looked at that page and it wasn’t what I was looking for. Then he decided that I must have had a 2008 R2 Hyper-V error and pushed me a link to an MS KB article  that had 3 steps: 1) disable hardware virtualization. 2) install this hotfix. 3) re-enable hardware virtualization.

I calmly explained that I didn’t have Windows installed yet, so how could I possibly install a hotfix? He said I should download it, burn it to disc and then boot off the disc and apply the hotfix. I re-iterated that I did not have Windows installed, so there was nothing to patch with the hotfix.

“OK, skip step 2 then”

Riiiiight. so that leaves me with “disable hardware virtualizations” and “re-enable hardware virtualization”. Since I hadn’t turned it on yet in the first place, it was still a moot point and told him so. He had reached the end of his flowchart now and didn’t know what to do next.

At that point I booted off the Windows Server 2008 R2 disc itself and-as expected- it couldn’t see any drives. I downloaded the SATA RAID controller driver, extracted it to a USB flash drive, jammed it in the server and clicked “load driver”. I pointed it at the folder and it found a driver for an HP BI110i Embedded SATA RAID controller. Jackpot! the drives showed up, but… Windows could not be installed on the selected disk.

After searching Google with the error number that was presented, it turned up some “Windows 7/2008 R2 can only be installed to the first boot device/C drive” so I went back into the BIOS and RAID setups to make sure that Disk 1 was the first device. It was.

I got back up to the Load Driver screen and noticed that my USB flash Drive was designated C:, the DVD-ROM drive D:, Disk 1 Partition 1 was E:, and the WinPE boot drive X:. I deleted the partition on Disk 1 and tried again. Same thing.

Finally, I booted back again without the USB drive, waited for the Load Driver screen to show, clicked Browse and THEN jacked in my flash drive. It showed up as C. I picked the driver and loaded it, and then removed the flash drive, waited 5 seconds, just to be sure, then clicked “Disk 1 Drive 1 Unallocated Space”, held my breath and clicked “Next”…


It worked.


Windows Server 2008 R2 is now installed on my new server and I’m running through Windows Updates and configuring it to be part of my network. Had I done what I knew worked to begin with, I’d be sippin’ a margarita by now but instead I tried to do things “the HP way” and it wasted my lunch hour and most of the afternoon. The Easy CD way (if it had worked) would have been equally quick.

It galls me that a company the size of HP, with the volume of servers they sell, hasn’t released an update to their software yet. Windows Server 2008 R2 was released to manufacturing in June 2009 and went on sale October 2009. It’s almost June 2010 and they still have not addressed this yet. What makes it worse is that this entry-level server is aimed at the segment of the market that doesn’t really have their own IT departments that would be able to figure this out on their own.

I think I’d like that margarita now, senor, por favor!

Friday, May 28, 2010 2:35:35 PM (Pacific Standard Time, UTC-08:00) | Comments [4] | Hardware | Microsoft | Servers | Windows#
Wednesday, March 17, 2010

There are a lot of blogs, classes, tutorials, how-tos, workshops, links and opinions on how to best deploy Windows 7 using the new Microsoft Deployment Toolkit 2010. What there’s a distinct lack of is how to make these tools work with XP which most of us are still using. I am planning to move to Windows 7 x64 later this year, but we have a software dependency on 32-bit Windows that we have to get past first (and no, Windows XP mode won’t cut it for this app)

I spent most of yesterday downloading software and patches. the Windows Automated Installation Kit 2.0 (which supports Win7, 2008 R2 and back to XP) was a 1.7gb iso file which took a couple hours.

Eventually last night I was ready to start the capture of an existing Windows XP box that I could then deploy to the other new machines.

This morning I tried to do it and it failed. I assumed it was permissions-based since the error was 0x00004005 which I know from past experience is “Access is denied”. After sorting that out, it still failed. Trolling through forums from a Google search, I found some people were able to get it to work by using the IP address of the deployment server, or sometimes the FQDN, rather than just "\\server\share$”

I rebooted, opened Windows Explorer and navigated to \\192.168.x.x\share$ and when it asked me to authenticate (because this is a workgroup computer and the share is a domain resource) I entered my credentials and then I double-clicked the litetouch.vbs script to kick off the imaging process. This time it seemed to work, it downloaded the WinPE files needed, ran sysprep and then rebooted to capture the image… except that’s when it failed.

Digging into the winpeinit.log I saw that there’s no NIC. Awesome. Great. I figured that the driver for the NIC would be part of the Windows image, but I overlooked the fact that the WinPE boot-time would also need the NIC in order to connect to a network share and create the disc image there, and the new machines would need the NIC driver to connect to that same share and copy the image down to the local computer.

No biggie, except that the computer is now stuck in a loop booting into WinPE rather than back into Windows XP. I injected the driver for the NIC into the deployment share’s Out Of Box Drivers and rebuilt/updated the deployment (which also adds the NIC driver to the winpe.iso file). All that’s left to do now is to PXE boot the machine which will download the new winpe (now with more NIC flavor) and start over… except now my PXE server isn’t configured properly :p

Wednesday, March 17, 2010 11:27:45 AM (Pacific Standard Time, UTC-08:00) | Comments [0] | Tech | Deployment | Microsoft | Networking | Servers | Windows#
Tuesday, February 23, 2010

How come a “printing system” has to be a 300mb download or CD ordered by mail? I’m all for having that as an OPTION, but for servers and for shared printers, all I need is a driver and that can probably still fit on a floppy disk… if my computers and servers still had floppy drives, but that’s another post!

I already posted about 32-bit printing in an increasingly 64-bit world, and my medium-term solution for that was to stand up a 32-bit Windows Server 2008 VM and use that as a print server.

This post is the next step: printer drivers. Specifically migrating printer drivers from one server to another. For the small amount of printers I have to manage (three printers and two plotters in this office) or even the amount of printers (queues) at my last job (about 40) it’s not so difficult to do it manually. I did just that when we moved into a new building at my last job and stood up a VM just for print queues. Pretty straightforward, really: download the latest printer drivers from the manufacturers web site, unpack them to a network location, Add Printer from the printers window/control panel, new local port, new TCP/IP port, punch in the printer’s IP address, have disk, browse, click, select… done. 40 times. A wee bit time consuming. For this migration here I only had the six, so it should be even easier. But what if the newer version of a printer driver doesn’t work properly with your as-configured software?

That’s where I am right now. We have a Kyocera CM3232 photocopier/printer/scanner/fax. It’s a big one with it’s own onboard cost accounting and “proper” network scanning & faxing. It does color and black & white and prints on up to 11x17 paper (although not borderless printing). On the old OLD server, printing CAD drawings from Acrobat Reader plots properly. On the new-old server, it didn’t. There were some weird issues where drawings would not be rotated based on the settings you selected in Acrobat, but if you left Acrobat’s settings on Portrait but clicked Advanced Print Properties and changed it to landscape on the driver settings, it would work. Not very intuitive and sure to be the cause of plenty of helpdesk calls.

We tried a different driver, we tried an old driver from a CD that presumably came with the printer and nothing seemed to work. In the end, I re-pointed everyone’s printers back to the old server and removed the queues from the new-old server… but that old server isn’t going to last much longer and it’s not easy to find parts for an old IBM X-series Pentium III tower server, and having a single Windows 2000 Server in the mix is also holding the rest of the network back.

The new-old server blew up in December. No big deal for printing, but HUGE FUCKING DEAL for everything else. I managed to get it up and running again, Frankenstein-style and convert it to a virtual machine before shutting it down for good and sending the carcass to the recycling center.

That new one is here, and one of it’s roles is hosting a Windows Server 2008 32-bit VM for print queues, so I’m back to trying to make the new server play nice and plot drawings properly… the Windows Server 2008 driver for the copier is doing the same weird things the 2003 driver was doing… If only there was a way to migrate those queues, drivers and ports over to a new server… oh wait! there is! Hallelujah I think I hear a choir of angels singi—wait, what? that only really works for moving from NT4 to 2000? It wasn’t really updated for 2003, 2003 R2 or 2008? The tool has been retired? Oh good grief!

Fortunately there’s a new version built-in to Server 2008 and Server 2008 R2. You access it from Print Management Administrative Tool, as opposed to the Printers control panel applet. From there you can add the old server as a network print server, right-click it and export printers to a file… then right-click your new server and import printers from a file. I’m in the process of doing that right now, and will be testing it with CAD drawings later today. Fingers crossed.

Tuesday, February 23, 2010 11:43:52 AM (Pacific Standard Time, UTC-08:00) | Comments [0] | Microsoft | Networking | Servers | Windows#
Friday, February 12, 2010

(or a 64-bit domain anyway)

Hooray! 32-bit is dead! Long live 64-bit! … … … not exactly.

While there are more 64-bit machines out there now than there were a year ago and tons more than a few years ago, a lot of businesses are still firmly entrenched in 32-bit Windows XP. I know we are.

We’re a pretty good example of someone who SHOULD make the leap to a 64-bit OS. If there’s one segment of the market that supports 64-bit and is extremely memory-hungry, it’s CAD work. And we’re all about CAD work. I’ve recently upgraded all the computers to 4GB of RAM and standardized them on one video card (nVidia Quadro FX 580 512MB), they’re not taking full advantage of that 4GB of memory because the 32-bit XP Professional can’t address it all. Even with the /3GB switch in the win.ini file, that just means acad.exe can use more than the 2GB limit per process… but I’m getting off topic.

When I started here in Q4 of 2008, I took one look at the “datacenter” and my jaw dropped. The main file server was an old IBM x-server with a Pentium III and a whopping 768mb of RAM and a couple 160GB hard drives in RAID1. The web/intranet server was an even older one. Both were running Windows Server 2000. The Domain Controller was newer, it at least had Windows Server 2003 on it, but it was consumer-grade, non-redundant components in a 2U rackmounted case.

Before Christmas rolled around I had replaced the ancient file server with a pair of Supermicro SuperServers with Quad-core Xeons, 4GB of RAM and 5x1TB SATA2 drives in RAID5 configurations and added an LTO-4 tape backup to the mix. Between Christmas and New Years, the web server died so I replaced that one with another Supermicro identical to the first two, but with just 2x250 and 2x500GB drives in RAID1. All of these servers were running Windows Server 2008 Standard x64.

This led me to a major problem: I was able to install printer drivers for each of the printers on the servers themselves, but with the 64-bit drivers. Client computers (XP Pro SP2 x86) tried to connect and failed because they couldn’t use the 64-bit drivers. In the old days, you could go to the sharing tab of the printer properties and click “Additional Drivers” and that was pretty much that, but cross-architecture is a little more squirrelly, and the solution is counter-intuitive.

Here is how to provide a 32-bit driver in the Additional Drivers page on a 64-bit server:

Step 1: Install the 64-bit driver on the server itself and make sure that you can print.

Step 2: On a 32-bit client (I used XP Pro) download and unpack the drivers for the desired printer (in my case it was an HP Laserjet 4600).

Step 3: Open Windows Explorer and navigate to your printer share: \\64-bit_server\ and then double-click Printers and Faxes.

Step 4: Right-click the desired printer and  select Connect. It will do it’s thing and then Uh-Oh.. where’s the driver? It will ask you to provide a driver. Browse to your local folder where you’ve stashed the .inf files for the printer and let it install. Print a test page to make sure it’s working on your computer.

Step 5: On the server, right-click the printer you just added and select Properties. Click the Sharing tab, and then click the “Additional Drivers” button. Click to check the “x86” button for 2000/XP and click OK. The server will then request the x86 versions of the files FROM your local workstation and upload them TO the server.

This is the back-asswards part that tripped me up. You’re actually uploading the driver TO the server so it’s able to them DOWNLOAD it to OTHER x86 clients that request it.

Step 6: Click ok, ok, ok, all the way back out and you should be good to go.

Friday, February 12, 2010 5:00:00 PM (Pacific Standard Time, UTC-08:00) | Comments [2] | Tech | Microsoft | Networking | Servers | Windows#
Thursday, January 28, 2010
About a week later the server died. I diagnosed over the phone that it was the power supply and rather than travel over for 5 hours & a ferry ride and then have to stay over just to replace a $100 power supply, I had them take it to a local computer store and have them replace it.
Thursday, January 28, 2010 11:23:10 AM (Pacific Standard Time, UTC-08:00) | Comments [0] | Tech | Active Directory | Hardware | Microsoft | Servers#
Friday, January 22, 2010

WSUS is a pretty cool piece of software. Basically it acts as a “Windows Update” server for your network. Rather than have all your computers download the same updates each from Windows Update, your WSUS server dowloads it once and then distributes it to all the computers that need it over your LAN connection which is much speedier than 99.9% of the internet connections out there. It also gives you a single place to go to and approve updates. Heard bad things about an update? Don’t approve it for installation and it won’t make it’s way onto any of your machines until you do (or they release an update to supersede it). A nice solution for small and medium sized networks.

You can extend it out to different geographical sites, too. Using a downstream replica server, you can have your server in another office “take it’s lead” from your server and either download the updates from you, or (and this is cool) only download updates that you’ve approved on your server from Microsoft’s servers. If you have a metered or slow connection between the offices, this is a great solution. You still only have one place to approve/deny updates, but you don’t chew up bandwidth pushing the updates from Office A to Office B.

This is the setup that I have. I have six offices (and two satellite offices but they’re not part of the corporate network) and aside from head office, there’s only one server in each location. These servers are Domain Controllers (for logins & resource management), WSUS downstream replicas for Windows Updates, and File & Print servers for that office.

WSUS uses Group Policy Objects (GPOs) to configure your clients (XP, Vista, Windows 7, Server 2003, 2003 R2, 2008, 2008 R2) to look at your own server for Windows Updates, as well as how often to check, and whether or not to allow the users to defer a restart so as not to interrupt them in the middle of something. Here’s where my setup gets trickxy.

I have a GPO called WSUS-Office A that I apply to the Active Directory Site called “Office A” so anyone who logs in at Office A will have their Windows Update Automatic Updates (WUAU) client pointed at the local server. Other offices have their own GPO assigned to their sites to keep everyone looking at the closest/fastest server/connection.

The hitch I ran into today was with my servers because of the Out Of Bound security bulletin released by Microsoft today for MS010-002. Because of the Big Scary Crisis surrounding it, and the fact that it was listed as Critical and affecting IE 6, IE7 and IE8 on Windows 2000 SP4 all the way up to Windows Server 2008 R2, I manually synchronized my WSUS with Microsoft this morning, downloaded the updates and approved them.

I also did a dirty thing to my users: I set a deadline in WSUS of noon today for the installation. That means that they’ll be notified of the download, and if they click the little yellow shield it will install it and then say “Time to restart!” but they can click Restart Later. Once the deadline passes, however, they don’t have a choice. the window comes up and says “restart your computer or I’ll do it for you” and starts a 15 minute countdown timer. I don’t do it often, so they know that I only do it for “critical” updates. Plus I emailed everyone last night and told them it was happening and posted it on the Intranet as an announcement. This morning they all got a second email that it would happen shortly.

Where the patch wasn’t installed was on some of my servers. Some of them got the update, and some of them installed it and rebooted without warning (oops, but they were warned). I started looking into why some of the servers installed it and some didn’t. My first thought was that the Server 2003 servers did but the Server 2008 & R2 servers did not. I thought perhaps that the GPO didn’t apply to/configure the Windows 2008 clients, but that was wrong, too.

Finally I compared a 2008 virtual machine’s Windows Update screen (which wasn’t working) to a 2008 physical machine’s Windows Update screen (which was). The 2008 VM said “You receive updates: For Windows and other products from Microsoft Update” and the 2008 host said “You receive updates: Managed by your System Administrator” Further investigation into the registry (HKLM\Software\Policies\Microsoft\Windows\Windows Update\AU\) showed that the settings that were specified in the GPO were applied to the 2008 Host, but not the 2008 VM.

It then dawned on me that the difference between the two was the host was a member server and the VM was a domain controller. That led me to GPresult and Group Policy Modelling. Using the DC and Administrator accounts, the GPO (identified by a GUID rather than it’s name) that was applied to the site was denied application due to SOM (Scope of Management).

I expanded the forest folders and drilled down to the Domain Controllers OU and saw a blue exclamation mark on it. Blocked Inheritance. That meant that the Domain Controllers OU was going to not inherit any settings from GPOs ‘above’ it, including sites.

So my choices at this point are to remove the block and let everything apply to the DCs. Not a very good idea. There were three policies which would have applied to the DCs: the Default Domain Policy, Remote Desktop Policy and Office 2007 File Format Policy.

The Office 2007 File Format Policy is tame, all it does is make the default filetype for saving the Office 97-2003 compatible instead of the new .docx, .xlsx and .pptx formats. Remote Desktop Policy is equally benign. It’s denied to Domain Admins and auto-disconnects clients from Remote Desktop after 10 minutes of inactivity so it wouldn’t really apply anyway.

The Default Domain Policy had a fair amount of settings in it though: Firewall settings, password policies, that sort of thing which I don’t necessarily want to apply to my Domain Controllers.

SO, removing the Block Inheritance setting probably wouldn’t be a good idea.

The other thing I could do is apply the WSUS-Office A policy to the Domain Controllers OU. It would get around the Block Inheritance issue without applying the default domain policy to them, but it would also “point” each of my offices’ Domain Controllers back here over the slow, metered internet connection. Not ideal either.

The other thing I could do is copy each of the WSUS-OfficeX policies and then apply ALL of them to the Domain Controllers OU and use filtering to make sure that each office’s policy only applies to that office’s WSUS server. That doubles the amount of work I’d have to do if I changed one of the servers though, and if I forgot, it would mean that one of the Domain Controllers was pointing at a non-existing Update Server which could leave it unprotected/unpatched. Guh. Meh. Not ideal.

SO that’s where it stands now. I haven’t done anything yet. I’m remembering in the short term to manually check the DCs for Windows Updates until I can come up with a little more elegant solution to the GPO filtering situation.

Friday, January 22, 2010 5:00:00 PM (Pacific Standard Time, UTC-08:00) | Comments [0] | Tech | Microsoft | Servers | Windows#
Tuesday, May 5, 2009

Back in January I posted a few articles about Windows 7 Beta and what it did to my laptop. It’s not Microsoft’s fault, it’s a combination of Dell and nVidia’s faults. It was the perfect storm: a known design flaw in the video card that affected a boatload of Dell, HP, Sony and Macintosh notebooks. On top of that was a poor design choice by Dell to not actually have contact between the overheating GPU chip and the copper heat pipe that’s supposed to cool it. On top of that was running a Beta OS. On top of that, using a pre-beta alpha-release of a driver for said beta os on a flawed laptop with a flawed GPU. A perfect storm.

While watching a video full-screen in Windows Media Player, the GPU overheated and blew up. Not only did it crash and blue screen and completely wipe out the running OS, but somehow it managed to overwrite the GPU BIOS! That shouldn’t be POSSIBLE, but it happened. The computer would boot up, just no screen. If I watched and waited for the hard drive to stop spinning away during bootup, typed my password and hit enter, it would log me in! I could HEAR the windows startup sound, but no video. No video on the external monitor or HDMI ports, either. Ultimately, because it was under warranty, Dell sent out a technician who replaced the whole motherboard, GPU included (although they replaced it with the same broke-ass GPU chip) so the story ended happily.

One of the things I noticed in the beta was the feedback system, which I used extensively (duh, that’s what betas are for) until I couldn’t. The big huge crash dump from the video card was never sent because after the motherboard was replaced, I was too scared to put the Windows 7 hard drive back in again. I figured I would wait until another beta (or RC) came out and hopefully there’d be a newer driver from nVidia available then, too.

On another note, there’s a way to use a clean, shiny penny to sandwich between the GPU and the heat pipe which drastically improves the transfer of heat to the heat pipe and can avoid just such an occurrence. (you can google nVidia GeForce 8400M GS Copper Mod to see for yourself). On the down side, doing so invalidates your warranty. I’ve refrained from doing it because of that, but when the warranty runs out, that’s on my to-do list for the very next day. Instead of doing a recall and replacing the bum chips (and the heat pipe while they were at it) Dell instead extended everyone’s warranty by 12 months, so if your laptop blows up (like mine did) you’re covered for an extra year.. but if it happens AGAIN after that period, you’ve got a dead laptop. No one else did anything better (HP, Sony, even Apple) so I don’t want to be TOO unfair and shit all over Dell only because they and their tech support have been very good to me over the years. No, really! :)

The Windows 7 RC is out today and will work (for free) until June 10th, 2010 or about 13 months. In the fine print is that starting 2 months before that, your computer will shut down every 2 hours as a warning sign that the expiration is imminent and that it’s time to get a properly licensed copy. Hopefully there’s an upgrade path so you can punch in a new product code and activate Windows without having to re-install with the release version. I can’t see myself NOT re-installing with 100% gold code, but I’m sure there will be people out there who have tweaked and modded their user profile and software set-up JUST SO and won’t relish the thought of starting over.

Tuesday, May 5, 2009 9:04:58 AM (Pacific Standard Time, UTC-08:00) | Comments [6] | Links | Tech | Microsoft#
Tuesday, January 20, 2009

Dell’s local supply chain technician called me yesterday morning to set up a time to replace the parts on my laptop that seemingly blew up. They didn’t have the parts yet, but were expecting them later that day so they’re going to call me back this morning to arrange a time to do the repair.

I brought my laptop to work, and the tech’s office is actually just around the corner from mine, so that way he could do it whenever and when I take it home tonight it’s fixed.

I turned to my co-worker James and said “hey, do you want to see my screwed-up video card?” he came over and I turned the laptop on…. and it worked! WHAT THE HELL??

I’ll mention it to the repair tech, but I’ll still have him replace the parts. Save him a trip out again later, ESPECIALLY if he can replace the GPU with another, non-f’d up one.

Update: Well it must have been it's final hurrah. when the technician arrived, it came up with the BIOS logo screen, but then died. He began to disassemble the laptop to replace the system board (that's the motherboard in Dell-speak) and unfortunately it has the same GPU chip on it as the one being replaced. Ultimately he had to stop and make arrangements to come back tomorrow because--get this-- he couldn't get one of the screws out and has to get a different screwdriver. I have one that's the perfect size for laptops, but unfortunately I left it behind on Vancouver Island last week. He's coming back tomorrow to finish it. It's a darned good thing that I'm a huge nerd and have three other computers at home I can use until this one is back up and running.

Tuesday, January 20, 2009 8:57:30 AM (Pacific Standard Time, UTC-08:00) | Comments [1] | Tech | Gadgets | Microsoft | Windows#
Saturday, January 17, 2009
Ahh the joys and risks of running beta software.
This morning I fired up an xvid video that I downloaded and partway through the video, the audio stuttered and then froze and the screen froze. The screen went black. then it came back, then went black again. i tried to hit escape, out of full screen so maybe i could catch it and click close, but before that happened, I got a Blue Screen Of Death (BSOD). No big deal, they happen from time to time and it IS beta software.
The problem was when the computer restarted, I didn't get the Dell logo screen. I didn't get the Windows logo startup screen. I didn't get a login screen. What I got was a series of lines running top to bottom mostly on the left side of the monitor... multicolored but slowly becoming all white. The rest of the screen slowly started showing vertical lines until eventually the whole screen turned white. Not good. What the hell? How could a crash physically damage hardware? I tried turning it off and on again, same thing.
Watching closely, I could see and hear the BIOS POST (Power On Self Test). After a minute or two, the hard drive activity light blinked out. On a hunch, I entered my password and hit enter. Hard drive activity resumed and it logged me in. Of course, I couldn't see anything so all I could do was shut down gracefully.
Using my other computer, I checked Dell's support site and did the diagnostics they suggested. Turns out my LCD monitor is fine, but the video card is hosed. How on earth did watching a video cause a crash in the driver that resulted in not only a BSOD but a physical corruption of the card itself? That's unheard of!
In hindsight, I think it was a combination of things. My laptop has the nVidia GM8400 video card in it which is known to have a major design flaw. This affected Dell, HP, even Apple's MacBook Pro laptops that had this chip in it. Ultimately Dell extended the warranty of every system with this chip in it for free. The combination of a flawed video chip and a beta driver for a beta OS was a recipe for disaster.
Ultimately I had to call Dell. The NEXT major obstacle is that I bought this laptop through my corporate account... through Dell Latin America. I'm now in Canada and have to have the system transferred. I called the Dell XPS tech support line (XPS has it's own tech support department, which is one of the nice things about paying a premium for a product) I got through to a technician with a slight FRENCH accent, which leads me to believe the call center is here in Canada, rather than Panama for Dell Latin America or India for Dell US and A.
I explained what happened, and what steps I had already taken. (Having dealt with Dell Tech Support for issues for the hundreds of systems I had at my last job, I learned how to work WITH them rather than them having to rely on their flowcharts) I also told him that since this was the known-bad GPU, that I'd prefer to have a technician come on-site and replace the GPU rather than send my laptop in for depot service. You just never know if you're going to get your own computer back, with a freshly-installed OS and no data, photos, emails, contacts or anything else on it. They said no problem, got my address and-waitasecond. This address isn't in Grand Cayman.
Uh-oh. He processed the dispatch for me and then said he was transferring me to customer care to update my records, since tech support has read-only access to customer records. He gave me the case number and transferred me to Customer Care reception. I gave them my case number and said I needed to transfer from Latin America to Canada, and he put me through to someone. Someone else picked up right away (I think I spent less than 2 minutes on hold this whole time so far) and I explained my situation to him. This person, who DID have an Indian accent told me that it was purchased through a corporate account and would have to be dealt with by the corporate sales department, not customer care and would transfer me. I tried to stop him, and he listened to what I had to say and then repeated his script and transferred me... to an automated message saying that the department I was trying to reach is currently closed, and please try again on the next business day. ARRRRRRRGH! I hung up and the call was 19:44 seconds.
I re-dialed the XPS number, and again got a technician, Robby, who sounded Canadian. I said I had just called a few minutes ago, spoke to a tech, got a case number and then was transferred to Customer Care who sent me down a rabbit hole into a dead end. He apologized, asked for my case number, re-confirmed my name, address, email and phone number. Then he said he would re-submit it to dispatch and could he put me on hold for 3-5 minutes. He came back on in about 3 minutes and told me everything was set, he gave me a dispatch number and told me a technician would be calling me sometime early next week (because it's 5:00 PST on a Saturday) to schedule the best time to come and replace the part. Just like that. I asked him if they were going to replace it with the same GPU, the nVidia 8400 that's known bad or were they going to replace it with something that wasn't borked by the factory. He said he didn't know, it would be up to the technician. If they had a better solution at the time of install then yes they would replace my GPU with a different one.
SO. Windows 7 beta: out. nVidia GS8400m: out. Dell XPS tech support: big thumbs up. The worst part is going to be getting through the next week or so with only my desktop, Laurie's desktop and Laurie's netbook in the apartment :)

Saturday, January 17, 2009 5:17:34 PM (Pacific Standard Time, UTC-08:00) | Comments [2] | Tech | Gadgets | Microsoft | Windows#
Wednesday, January 14, 2009

I haven’t really been using my computer much this week. I’ve been smokin’ busy at work, so by the time I get home, the last thing I want to do is spend MORE time in front of the screen. Everything is on track now for a business trip tomorrow, so starting this weekend when I get back everything should slow down again… until Monday. :)

The last post I made about Windows 7 I mentioned that the fan was acting weird. I went to Dell’s support site and there was a new BIOS version for my specific laptop. I installed that and the fan began behaving as expected, so thank you Dell. I’ve still got i8kfangui running, but just in informational mode only so I can see the CPU temperature.

feedback Every window has a “Send Feedback” link up next to the minimize, restore/maximize and close buttons. I read today that there’s a registry hack you can make to turn it off if it really bugs you. I don’t know why you’d find it annoying though, it’s a BETA TEST of an operating system. It’s provided free of charge in exchange for reporting metrics, crashes and other things… LIKE FEEDBACK. It’s actually pretty cool. There’s a dropdown that you can select what category you’re reporting on, and then some stars to give you a choice of how well it worked (or didn’t) and then comments.

feedback_dropdownThe dropdown list itself is pretty encompassing, too. Everything from Accessibility features, printing, faxing, security settings even Tablet PC functions. Finally at the bottom there’s an “other” category.

So far I’ve sent between 12 and 15 feedback “emails” to the team. Some of them have just been “This works exactly as advertised and as expected”, a couple suggestions and a few negative ones, too. I sent one when I crashed IE the first time the other night, too. Being a beta, you’re not supposed to use this as your “main machine” and in fact, part of the terms of use specify that you won’t use it ‘in a production environment’. I WILL be implementing it in a production environment in a couple months at work. I’m planning a pilot project for myself and my co-administrator, as well as a couple people who are tech-savvy to run Windows 7 with all our line-of-business applications to iron out any kinks that come up over the next year before we start migrating to it (skipping over Vista) in early 2010 when it’s released.

I wrote on the 2009 advancement plan at work that if I tried to upgrade people to Vista that we’d have a mutiny on our hands. I’ve been running Vista on my laptop since last December when I got it, and forcing myself to use it on my desktop at my last job for almost a year previous so I could get to know it before I had to start fielding calls about it. While Vista came out of the gates flaccid with few compatibilities with existing hardware and software, it was something that needed to be done. If Vista hadn’t come out when it did and been a dog, then there wouldn’t have been new drivers and new versions until Windows 7 came out. Then *IT* would have been the dog that nobody wanted. Vista was the pain of living with no floors in your home while contractors reinforced and rebuilt your foundation and drainage. It sucks, and it’s hard, and it tries your patience, but in the end, what you built on top of it was all the better for it.

While I could have rolled out Vista Business with Aero Glass turned off and the “classic” skin/theme selected to make it look like Windows 2000 Professional, Windows 7 takes that option away. I might have been able to slip it past a few people if it LOOKED like the old Windows :)

What everyone seems to forget is that in 2001, XP was hated just as much as Vista is, with people decrying the “Fisher Price toy” interface and the new double-wide start menu but as people actually used it and adapted to it and started to reap the benefits of the new system, they liked it and ultimately loved it (evidenced by extension after extension for the availability of Windows XP for OEM systembuilders).

The difference between 2001’s hate-in for XP and 2007’s hate-in for Vista is a 24-hour news cycle and a lot more people  out there trying to justify their employment filling column-inches. Vista’s missteps were a convenient mule to whip.

Wednesday, January 14, 2009 9:34:50 PM (Pacific Standard Time, UTC-08:00) | Comments [2] | Tech | Microsoft | Windows#
Saturday, January 10, 2009

Yesterday I watched from the sidelines while the Microsoft web servers were hammered into submission and ultimately failure as people tried to download the Windows 7 Beta. Someone found a direct link to the .iso files and some people reported that their multi-gig files just stopped partway through. I guess there were people physically deleting the iso file from webservers at that point. It was an epic fail; was down for a little bit, was offline, eOpen (licensing site), MSDN and TechNet were all having problems as the deluge continued.

Lifehacker actually posted an opinion piece admonishing Microsoft for not being ready for it and while they DO have a point, I don’t think they anticipated just how many people wanted an alternative to Vista. To give them some credit, there’s a difference between 38 million Firefox 3 downloads and 2.5 million 2.4 gigabyte Windows 7 downloads.

By late last night and this morning they had things ironed out and brought more capacity/bandwidth online and re-opened the beta. (I wonder if they ate their own dog food and used some sort of Microsoft Azure cloud computing platform, or if they just used Amazon S3 or (doubtful) Google’s cloud computing platform. More likely they just upped their commitment to Akamai.

Earlier today I signed up for the beta and got my product code that’s good through August 31st, 2009.

Tonight I backed up my laptop (which has been having wireless connection issues almost since I got it) and then did a hard drive swap so as not to damage my vista installation that has all my data on it. On a side note, I picked up a 320gb, 7200RPM, 2.5” SATA notebook hard drive at NCIX on Friday for $104 after taxes. While not as cheap as 3.5” SATA drive, that’s still pretty cheap.

I fired up my laptop with the Windows 7 DVD in the drive, made a few selections (language, regional settings, keyboard layout, that sort of thing) and then it installed. It seems to have installed a little slower than the Vista beta did a couple years ago. Once it was “ready” it asked for my name, a computer name (for networking) and then asked me if I wanted to connect to a wireless network. Judging by that, it had a driver and installed it during setup. It asked me for my WPA password and that was it. It then checked with Windows Update and downloaded 68mb of updates. One of the updates it downloaded (probably the bulk of the 68mb) was the nVidia video driver for my laptop. (At the time, it was running at 1024x768) Once it downloaded and installed the video driver, the MP3 bug fix and a couple other updates, it rebooted and came up at the native 1280x800 resolution. There was one “optional” update yet to be installed, the Broadcom Ethernet adapter driver. I installed it, and then downloaded/installed the new Windows Live Essentials (including Windows Live Writer, which I’m using right now to write this up)

I opened up the Device Manager, to see if any drivers did not get installed and was shocked to see that there was only one device that didn’t have a driver installed: the biometric fingerprint reader. The good news was that it identified it as a biometric reader interface, rather than just “PCI device” or something like what probably would have happened in an earlier version of windows.

I opened up IE8 and navigated to Facebook, and then I opened a new tab and went to another page. When I was done, I clicked the close button and it asked me if I really wanted to close Internet Explorer, or did I just want to close the current tab? Nice touch.

The only annoyance I’ve found so far, is that my fan is cycling on and off constantly. I don’t know why yet, but it’s probably something simple.

There was a notification that came up, telling me I did not have antivirus software installed. Clicking the notification balloon where it said “click here to find antivirus software online” opened Internet Explorer and went to a Microsoft Security webpage that had links to AVG (woo!), Norton/Symantec and Kaspersky Labs websites. I clicked on AVG and the landing page said “Welcome Windows 7 users!” It had a link to download AVG Antivirus standalone or AVG Internet Security for 38.99 or 59.99 respectively.

I don’t know about anyone else in the position to beta test a new OS, but I sure as hell am not going to pay $60 for a security package for a beta install. Sure I can re-install it in Vista or XP if I go back to it, but what the hell. I clicked on “all products” and then over to “free trials” to get a copy of AVG Free.

So far, the only thing that hasn’t “just worked” right out-of-the-box (so to speak) is the Windows Live Call. I wasn’t sure how it worked or even really what to do with it, but when I clicked it in the start menu, it came up with an MSN messenger-like window with a telephone keypad on it and a text message saying that the service was temporarily unavailable.

Even IE8 seems pretty responsive. Firefox 3 has been getting on my nerves lately. Facebook, Canadian Tire, Rogers and VanCity Savings websites constantly gave me problems with connection reset and other “page cannot be displayed” type errors. If it wasn’t for AdBlock Plus, I would probably have switched back to IE7 by now.

Tomorrow I’ll install Office 2007 Small Business and use Windows Live Sync to copy my pictures, videos, data and downloads back onto this installation and start “using” it for real and contributing feedback to the beta team.

Update: I downloaded and installed i8kfangui which originally was written to control the fans on the Dell Inspiron 8000. It works with the XPS m1330 and Windows 7 (as well as Vista 32-bit) and my fans are silent now until temperature thresholds are reached at which point they kick in until the temp is back below the threshold.

Another thing I just noticed is that IE8 will not run the "rich" text editor on my blog, so if there's any funky formatting, it's because I'm doing this update and manually inserting HTML tags into it :)

UPDATE 2: Clicking around the "Action center", I found the "Check for solutions to problem reports" and clicked it for grins. To my surprise, it popped up a Yellow notification saying "Solve a problem with your Fingerprint Reader" A new driver is available for your Fingerprint Reader. Go online to install this update. I clicked the Problem Response Button and it brought up an explanation and a link to UPEK, the manufacturer of the hardware. I clicked the link and it took me to a page titled "UPEK biometric software for Windows 7 - Preview version (32bit) Well holy crap! I'm downloading it now.

Saturday, January 10, 2009 9:34:49 PM (Pacific Standard Time, UTC-08:00) | Comments [3] | Tech | Microsoft | Wireless#
Monday, November 17, 2008

Last week enough parts arrived that I could start putting together the first of my two new servers. In the end, I decided to buy SuperMicro barebones servers instead of HP or Dell (or IBM) servers because of the size of the hard drives we wanted. My co-worker and I came to the figure of 4TB for where we expected company-wide data storage to be in five years time, based upon the current size and the growth we’ve had and are expecting.

In order to build a RAID5 array of 4TB, we had to have five 1TB drives. Of course, 1TB drive doesn't actually HAVE 1TB of drive space on it, it’s only about 927Gb or so because of the whole 1000 vs 1024 multiplier. Sure it was fine in the days of 100Mb drives, but now it’s just ridiculous. Five 1TB hard drives yields a 3.6TB array. We are “missing” or “losing” 400Gb or almost half of one of those terabyte drives when extrapolated across the array.

The hard drives that Dell and HP (and I’m assuming IBM/Lenovo) use have custom firmware on them so that the onboard diagnostics can talk to the drive and receive information from them. This means that the same Seagate Barracuda or Western Digital Caviar 1024Gb drive that costs about $166 at NCIX or Tiger Direct costs $924 from Dell Direct or CDW. You also need the hot-swap caddy for that particular server, and they don’t sell those separately (unless you find some on Craigslist or eBay). That would have meant that I spent more on those hard drives than I ended up spending on the entire SuperMicro server.

This is the second time I’ve dealt with SuperMicro. When PC Powerhouse closed it’s doors, we (my old company) bought up their server rack, patch panels & switches and there were two SuperMicro 2U servers in there. We called it the Sharktank and used it to set up a completely separate network with a copy of our Active Directory on it to use for testing purposes. We also bought a third SuperMicro 2U server and stuffed it full of 500Gb hard drives to use as a disk-based backup solution. I was impressed with the build quality then and when I needed a cheaper alternative to brand-name servers here at my new job, I went to SuperMicro again.

Fortunately CDW carries SuperMicro servers. NCIX does as well I found out which means I have two suppliers I can have compete against each other for better pricing. The first one arrived mid-week last week and I put it together in one afternoon. These particular servers are Intel Xeon quad-core processors, 4Gg RAM and two 250Gb hard drives in a RAID1 (mirrored) configuration with Windows Server 2008 x64 Standard Edition running on it. The RAID controller is an Adaptec 3805. In addition, they also have the five terabyte drives configured in a RAID5 array. These servers have redundant 750 watt power supplies and are plugged into an APC 2U Rackmounted UPS pushing 2200VA.

So begins the headache. The maximum disk size that windows XP, 2003 and Vista (non 64-bit versions) can see is 2Tb. My array is 3.6Tb. Try as I might, I could not break through that 2Tb maximum. The drive just didn’t show up in the Disk Management snap-in. I tried everything I could think of, it just wouldn’t show up.

I deleted the array that I had created in the controller BIOS settings and re-created it in Windows using the Adaptec Storage Manager (ASM). No good. As soon as I added the 4th drive to the array, the available disk size went from 1.8Tb to 2.0Tb and ignored the remaining 1.6Tb. I searched and searched and searched all weekend and asked every SysAdmin I knew and had access to via IM, email, phone and shouting over a live band at a pub Saturday night. No one had any insight.

I found out about GPT during this time though, and how it works and what it does. There are a lot of limitations to using GUID Partition Tables instead of MBR mostly due to BIOS limitations. EFI bios can boot from GPT disks, so that means all Macs can, but only Windows XP x64, Vista x64, Server 2003 SP2 X64 and Server 2008 x64 can BOOT from a GPT. This had no bearing on my setup as I wasn’t booting from this disk, it was simply a big data drive. There’s supposed to be a way to right-click an unrecognized disk in the Disk Management snap-in and Convert to GPT (or Convert to MBR) but since my Disk1 was not showing up there, I couldn’t do it. FRUSTRATION SETS IN.

I came in over the weekend to relocate the server from my workbench into the rack and re-created the RAID5 array and initiated a Build/Verify rather than a Quick Init. After two hours of solid disk LED lights, the progress meter changed to 1%. Oi. I left and went home for the weekend, thinking that it should be done by Monday morning, and once the drive array is Optimal, then maybe it will magically appear.

No suck luck. I arrived this morning to an Optimal array but still nothing in the Disk Management snap-in. I opened the Device Manager and checked through there to make sure that the Adaptec 3805 had the correct and up-to-date driver. It did. When I clicked “check online for a new version” it returned a message that I already had the best driver for the job. Fortunately I’m not that trusting of Windows Update.

I went to the Adaptec website and navigated through to the 3805 downloads. there was a newer firmware available, but there was a new, windows-certified driver for Server 2008 x64 that was dated Oct 2, 2008. I downloaded that driver and copied it over to the server. The documentation suggested that I could either do it via rebooting the server and booting from a floppy, or I could do it via the Adaptec Storage Manager console itself. I updated the driver and Windows Server 2008 said “your new driver is installed but will not be working correctly until you restart your computer.” Since this is a new server and there’s no data on it yet (hell there’s nowhere to PUT the data) I clicked OK and when it asked me to reboot, I clicked yes.

I was disconnected from the Remote Desktop, and since I don’t have a console KVM in my rack just yet, I kept my fingers crossed and waited a few minutes for the server to come back up.

I re-connected via Remote Desktop (as an aside, as of November 19, 2008 RealVNC’s free version does not work with Windows Vista or Server 2008, just their pay versions do) I fired up the new Server Manager and expanded the + sign next to storage and clicked on Disk Management…


Disk 1 unknown 3723.99Gb NOT INITIALIZED. The Initialize Disk Wizard popped up on it’s own and asked me how I wanted to initialize this disk: MBR or GPT? Even the note at the bottom is good: The GPT partition style is not recognized by all previous versions of Windows. It is recommended for disks larger than 2TB, or disks used on Itanium-based computers. Honestly, Itanium? Who even USES those? In this case, I’m going to go with GPT because I’m never going to boot off this drive, and Windows Server 2008 sees the GPT partition just fine. The XP Client computers and other Windows server 2003s that will be working with the data on these drives will all be accessed over the network via SMB anyway so it’s all good.

FINALLY the drive is ready to be formatted as NTFS (which should take another bunch of hours, even as a quick format) and I can start preparing my checklist for migrating the old file server on to this one.

Monday, November 17, 2008 11:11:40 AM (Pacific Standard Time, UTC-08:00) | Comments [0] | Tech | Microsoft#
Wednesday, November 5, 2008
“Cannot retrieve the URL specified in the XML Link property. For more assistance, contact your site administrator.” I AM THE BLASTED ADMINISTRATOR! TELL ME WHAT THE FUCKING ERROR IS!!!
Wednesday, November 5, 2008 4:01:04 PM (Pacific Standard Time, UTC-08:00) | Comments [1] | Links | Microsoft | SharePoint#
Monday, November 3, 2008

Today’s frustration is brought to you by… SharePoint! WSS 3.0: when it absolutely DOESN’T have to be done overnight!

The other day I received a request to set up a blog in SharePoint to replace an old-school email newsletter that was distributed throughout one of the divisions at work. Sure it’s the beginning of SharePoint Sprawl, but this is a good reason to USE SharePoint and to get people used to spending more time in it.

WSS3.0 comes with a Blog site out of the box. It’s very, very basic though. Perhaps I’ve been spoiled by using DasBlog for the last five years or so, but the WSS 3.0 blog only allows ONE category per post and it just looks so plain. There’s a free third-party add-in called Community Kit Enhanced Blog Edition available at CodePlex which allows multiple blogs, theme/skin-ability and more than one category per post but I didn’t feel the need to start experimenting with a new solution on the production site. It’ll do for now.

The good news is that Windows Live Writer works with the SharePoint Blog right out of the box (as it were, it’s a download).

More good news is that like every other thing in SharePoint, it generates an RSS Feed.

The BAD news is that Windows SharePoint Services 3.0 (WSS3.0) does NOT come with an RSS Viewer out of the box. What the shit? It comes as part of Microsoft Office SharePoint Server, but not WSS3.0.

Back over to CodePlex, there’s a free third-party add-in called Feed Reader. I downloaded it and installed it to my test SharePoint site… and it doesn’t work 100%. There’s a broken image link for the icon, a broken image link for each bullet-point image and a broken “refresh feeds” link down at the bottom. Other than that, it works pretty well, but I’m not about to go and start messing around with the production server with something that’s only 90% working. It’s PURELY a visual problem, but it’s enough to generate calls to the helpdesk and minimizing those is of course, job #1.

Falling back to the things that come with SharePoint, there IS an XML web part. I thought I’d give that a try, because what is an RSS feed anyway? It’s an XML file! I even found an XSL example that would display it the way I wanted to that was as simple as copying and pasting. Just when you thought everything was going to work out, there it is. The Rub. The RSS feed generated by SharePoint is a a file called listview.aspx?List={Gigantic Guid} and not a .xml file. Because of that, SharePoint cannot resolve the listview.aspx GUID to an XML file and it fails, even though IE7 resolves it and displays it as a newsfeed properly. Le Sigh.

It HAS to work, other people are using it, and even some comments on the page with the XSL file said “it works great, thanks!" so I don’t know what my problem is, other than the obvious: I’m not 10% smarter than the program is.

Monday, November 3, 2008 3:21:57 PM (Pacific Standard Time, UTC-08:00) | Comments [2] | Microsoft | SharePoint#
Thursday, October 30, 2008

Have you ever clicked “cancel” during an installation wizard, or managed to hose something on your computer or one of your servers by manually messing around with settings because you think you’re smarter than you really are? If you’re like me, you have. :)

Yesterday when I was messing around with SharePoint Services 3.0 on our development server, I managed to not only hose IT, but I also hosed our Windows Software Update Services server.

WSUS is like having your own Windows Update server. Rather than have all your computers check and download updates from Microsoft’s servers (chewing up all your bandwidth and/or ISP’s quota) you download them to one central location and then having all your computers download from that server on your network. As the Administrator, you can approve updates and they will automatically be available to your clients, but new updates that you haven’t approved won’t be available. In the event that you come across a Windows Update that breaks an application on your computer, you can prevent your computers from downloading and installing it.

It runs as a web site, it uses a SQL database for it’s backend and then it uses some local storage for the actual updates (in whatever languages you specify you will support)

If one of those parts gets hosed (like when you’re mucking about in IIS admin and break the WSUS website, or you manually delete the database instance that it’s using), then there’s not much you can do but uninstall and reinstall the application.

What happens if WSUS has disappeared from the Control Panel’s “Add/Remove Programs” list? If you think you’re a smart cookie, you’ll re-run the installation program which (depending on the program) will give you repair or uninstall options. In the case of WSUS, there’s no “repair” option and re-running the setup program launches the uninstall routine. If some piece of WSUS is missing however, then it fails with a generic error. Stumped.

I found a similar post on Experts Exchange and the accepted solution was a Microsoft Office utility called Windows Installer Cleanup Utility. The utility’s home page on Microsoft Support explains that it wipes out the registry information for uninstalling. If you have a corrupted installation or un-installation it MAY allow you to re-install the application successfully. With nothing else to lose, I downloaded it, installed it and fired it up.

It showed a list of all the programs that were installed on the server, based on the registry information. I found Windows Software Update Services v3.0 SP1 in the list, clicked on it and then clicked "Remove”. It ran successfully and then I closed the application before I did any other unintended damage and then ran the WSUS setup program again. This time instead of starting the uninstallation routine, it came up with the fresh install screen. Choosing the same locations that were set up before installed the software “over” the old locations. The installation created the web server over again using the same ports and the downloaded updates are in the same place.

Because all the clients were either pre-configured or receive their Windows Update configuration info via Group Policy, everything “picked up where it left off”

The Windows Installer Cleanup Utility is a last-ditch effort when you’ve exhausted every other process to remove a corrupted installation. It’s a nuclear attack on the registry and Microsoft’s warnings and as-is and disclaimers highlight that. If you find yourself in this kind of a situation, it makes a handy addition to your Bat Utility Belt. If you try it and you do more harm than good, well, too bad. :)

Thursday, October 30, 2008 1:41:07 PM (Pacific Standard Time, UTC-08:00) | Comments [0] | Microsoft | SharePoint#

I referred to it earlier, but haven’t elaborated on it (at least on here) but I did land a job earlier this month after spending a month re-adjusting to Vancouver. I waited to look for an apartment until after I started working so I could find somewhere that wasn’t a huge PITA to commute. I had a 15km radius in mind so as to reduce my auto insurance footprint as ICBC has a “15 km or less” category.

As I did before, whenever I refer to work, I’m only going to refer to it in a general sense without any specifics or names (to protect the innocent… and compared to me, everyone is an innocent!)  People who know me well or know me through other social networking sites will be able to figure it out pretty easily but people who end up here randomly or from a search engine, I’ll still be somewhat anonymous. There’s no HR policy on blogging in the Employee Handbook, and I don’t want to force them to make one.

At my previous job, we deployed a small-scale SharePoint Portal 2007 site. Those of you who are familiar with SharePoint are probably laughing right now but seriously, it was a small deployment with one site and only a few pages. At least it was when I left!

When I took an Exchange 2007 course in December of 2007, the instructor referred to SharePoint as a cancer. It starts off small… one site, a little collaboration but as people start using it and hearing and reading about some of the things it can do, then the feature requests start coming in and the sprawl begins. Before you know it, you have an entire datacenter just to support SharePoint.

That portal we set up was mostly about a KPI dashboard for the Board of Directors. We had a specialist from Toronto fly down for a few weeks and help us set it up and do some custom coding to draw specific data from our SQL databases (Mo Paul represent!)

At my new job there was already a SharePoint portal in place. In fact it there were a couple. There was a SharePoint Services 2.0 portal up and running using an Access database as it’s backend and some serious line of business applications custom-written to run on it. There was a SharePoint 3.0 portal running that we are slowly migrating to that was SQL Express based but each of those line-of-business applications had to be re-written to run from SQL instead of Access and because they were so intertwined, we couldn’t migrate them one at a time, but rather all at once so it became a pretty gigantic project.

There were also some other sites and a document management system in place that was running either WSS 2.0 or a custom application that those authors wanted integrated into SharePoint as well.

All of this required me to get up to speed on SharePoint pretty quickly. In the past, my experience with SharePoint was “it’s a cancer upon my network, growing uncontrollably and sucking up all my resources.” I referred to it to my brother as “the ominous black cloud on the horizon of IT and developers” and went so far as to quote Colonel Kurtz “Horrors” soliloquy to a friend via IM who then remarked that “being this far north is affecting my mind”

I’ll probably start posting more stuff about SharePoint as I learn it and cross-post it to the IT Team Blog I set up in SharePoint (See? the sprawl is starting already!) to help document my descent into madness.

Thursday, October 30, 2008 9:00:49 AM (Pacific Standard Time, UTC-08:00) | Comments [0] | Microsoft | SharePoint#
Wednesday, October 8, 2008
If *I* had that much trouble "fixing" the streaming from WMP11 to Xbox360, how the hell are mere mortals expected to be able to figure this out? Ork had a similar problem and he ended up installing TVersity to make it work, and I initially installed Orb to get around it before fixing it the first time, too.
Wednesday, October 8, 2008 2:45:06 PM (Pacific Standard Time, UTC-08:00) | Comments [4] | Links | Tech | Gaming | Microsoft | WWW#
Saturday, February 2, 2008
Nothing sucks quite as hard as having to move... I suppose the blessing in Cayman is that 99% of rentals are furnished so you don't have to rent a truck and move all that heavy shit around. Still, all that packing and unpacking is a pain in the arse.
Saturday, February 2, 2008 3:36:33 PM (Pacific Standard Time, UTC-08:00) | Comments [0] | Cayman | Movies | Scooter | Tech | Gadgets | Gaming | Microsoft | Wireless#
Sunday, November 18, 2007
It turns out that I'm being actively blocked from downloading any content from XBL Marketplace because my IP address identifies me as residing outside of the US and A. That's right, region coding. "This content is intended for US residents only".
Sunday, November 18, 2007 12:43:21 PM (Pacific Standard Time, UTC-08:00) | Comments [1] | Tech | Gadgets | Gaming | Microsoft | Wireless#
We've started receiving computers from Dell now with Vista Business edition on them. Fortunately it's only been ten so far and they're all Optiplex 755s, the new ones. Microsoft has a program in place to allow you to buy new machines with Vista Business stickers/COAs on them and then receive a free product code to "downgrade" it to XP, then when your company is ready to roll Vista out, you already have the license and don't have to pay anything to upgrade.
Sunday, November 18, 2007 12:17:02 PM (Pacific Standard Time, UTC-08:00) | Comments [0] | Rants | Tech | Microsoft#

Vista's been out almost a year, and SP1 is right around the corner. I've been running it at work on my personal machine for about seven or eight months now, just to try and get used to it so when we don't have the option of getting new computers with XP anymore, I'll be able to answer the inevitable questions from the users "where did x y and z go?" Because technically you can install an OS license on two computers if you really read into the fine print, I took the Express Upgrade disc from my computer at work home and installed it on my desktop computer.

Home Computer Work Computer
P4 2.4Ghz Core 2 Duo 2.0Ghz
1gb RAM 4gb RAM
80gb PATA OS, 2x250gb SATA data array 80gb SATA
ATI Radeon 9600 256mb nVidia GeForce 7300 256mb
Acer 22" widescreen (1680x1080) Two Dell 17" LCDs
SB Audigy+ 7.1 channel audio Intel integrated audio
LG DVD +/- RW dual layer Sony DVD +/- RW dual layer


My work computer rolls right along with multiple applications open, Symantec Corporate Edition 10 in the background, WMP 11 in toolbar mode playing MP3s, Outlook 2007 open, Active Directory Users & Computers MMC snap-in open, Foldershare satellite in the taskbar and then whatever else I'm working on at the moment.

My home computer runs AVG Free version in the background, uTorrent in the background, Foldershare satellite and iTunes. Generally there's an explorer window or two open, as well as iTunes minimized when I'm not there and open and playing MP3s when  I am around. That's all.

My average processor usage is around 65%. 65% of my computer's resources are used up while it's sitting "idle" or doing something I consider extremely low-key, like playing MP3s through iTunes. It's so bad that iTunes actually starts "skipping" while trying to play MP3s. Doing anything, skipping forward to another song, opening a window, changing folders in Explorer, renaming a file, ANYTHING causes the processor usage to spike to 100% and slow everything down to a crawl. Heaven forbid I try to listen to music while doing anything file intensive.

Oddly enough, as resource intensive as it is, watching videos with Nero Showtime (I'm forcing myself to use it instead of VLC right now because I paid for Nero 7... right before Nero 8 was released and offered me the chance to upgrade for a low 39.99) doesn't seem to be a problem for the system at all.

I was watching the processor usage today while iTunes was skipping, trying to see WHAT was causing the processor usage and skipping. It didn't add up... I was using maybe 30% of the processor, but the reported usage was 65-70%. I checked "show processes from all users" box and there it was: Audiodg.exe was hogging up 30-65% of the processor cycles, iTunes went between 6% and 30%. What the hell is audiodg.exe? Is it something to do with the new Sound Blaster Audigy card I put in a few weeks ago?

I looked around online and found a pretty good description of it here

The short answer is that audiodg.exe hosts the audio engine for Vista.  All the DSP and other audio processing is done in audiodg.exe.  There are two reason it runs outside of the windows audio service.

The first is that there's 3rd party code that gets loaded into audiodg.exe.  Audio hardware vendors have the ability to install custom DSPs (called Audio Processing Objects or APOs) into the audio pipeline.  For a number of reasons (reliability, serviceability, others) we're not allowed to load 3rd party code into svchost processes (svchost.exe is a generic host process for services that's used inside Windows). So we need to move all the code that interacts with these 3rd party APOs outside the audio service (that way if an APO crashes, it won't take out some other critical part of the system with it).

The second reason for using a separate process for the audio engine is DRM.  The DRM system in Vista requires that the audio samples be processed in a protected process, and (for a number of technical reasons that are too obscure to go into) it's not possible for a svchost hosted service to run in a protected process.


UGH. So this piggy process was introduced in Vista to allow audio processing to run in a protected process because of DRM. Double-ugh. Everything in my iTunes library are plain-Jane VBR MP3s that I ripped from my own CDs. There is no DRM on them, there does not need to be any DRM on them, but they have to be processed through this audiodg process so they CAN. Lame. All it's doing is chewing up resources and making my audio playback skip. It's what the French call "Le Suck".

Vista's vaunted new User Account Control sucks, too. I left it all on to force myself to get used to it. I installed EAC to rip a couple new CDs that I bought, and it installed fine. I navigated to C:\Program Files\EAC and created a new folder called LAME and then unzipped the LAME_enc.dll and exe files into it and told EAC to use the external compressor... but it wouldn't. It would inexplicably fail. I dropped to a command line and tried it myself and got "Access Denied". Turns out that even with an administrator account, you can't execute an .exe file in the program files folder unless Windows/msiexec has put it there itself. If you have a program that didn't come in an .msi installation file, then it won't be able to run. On a whim, I went to Control Panel and turned off UAC. It warned me three times that it was a bad idea, and then asked me to reboot. After a reboot, EAC worked as expected, and I now have a red shield with an X over it in my system tray that periodically reminds me that I've left my system open to unauthorized use and click here to turn UAC back on. At work it's even worse. I had to disable UAC right off the bat in order for ScriptLogic to even run my logon script.

There's a whole laundry list of all small, niggling things that just don't work in Vista. My USB TV Tuner is unsupported in Vista and now has been discontinued. My Microsoft(!!) branded keyboard with the integrated UareU biometric fingerprint scanner doesn't work. The keyboard works, but the fingerprint scanner doesn't.

Probably my biggest gripe with Vista at work (aside from the UAC business described above) is the lack of adequate management tools. I'm a Network Administrator. I spend a lot of time in the Microsoft Management Console (MMC). Active Directory Users and Computers in particular just doesn't work very well. I don't have icons telling me if an object is a user, group, disabled, computer, contact or anything. EVERY icon looks like a text file. Exchange 2003 System Manager won't run, so I can't do anything mailbox-related without VNC'ing to the server or using Remote Desktop to one of the Domain Controllers. ISA management doesn't work (2004 OR 2006), Websense Manager won't run and ScriptLogic Desktop Authority sort of works, but is pointing at the wrong server (although that's not a Vista gripe)

I'm at the point now where I'm ready to declare my experimentation phase with Vista over and roll back my desktop computer at home to XP SP2. Fortunately when I installed Vista, I used an extra hard drive, and I can go back as easily as opening the case, pulling the drive and putting the old one back in. There will be a little work after that, Windows updates and a few driver changes for new hardware. At work it's a little more work to downgrade, but because they're new machines, I've been proactive and made a Ghost image of the new Optiplex with XP SP2. That's another post though :)

Sunday, November 18, 2007 12:06:11 PM (Pacific Standard Time, UTC-08:00) | Comments [1] | Links | Rants | Microsoft#
Wednesday, September 26, 2007

Monday night after my meeting with Noble House, I stayed on the Dolphin Expressway, passed my hotel by and went to the Circuit City in Doral. HALO 3 was on sale at midnight, but I wasn't going to stick around for that, that's crazy! I did want to pick up an Xbox 360 Elite and thought there might be a run on them, so I went in early to do that. I also wanted a second controller and the VGA HD cable (since I don't HAVE a TV to play it on, I'm going to plug it into my Acer 22" widescreen monitor). I spoke with a sales rep and he told me he couldn't sell me the game before midnight. Duh. I was going to get the console and then go back the next day to get the game.

The sales rep told me the "event" started at 10:00, and it was 8:45. "Ten? What happened to midnight?"

"Well, the event runs from ten until two A.M." Well that's a whole different ballgame... I asked him if he could put the console aside for me, and he hemmed and hawed, and finally he printed some receipt tape and wrote "Reserved for Mark" and took it in the back. I headed across the (flooded) parking lot to Chili's and bellied up to the bar to have a bite to eat and a couple drinks and wait for 10.

At ten I wandered back over to Circuit City and there was a healthy lineup outside the door, along with two tv station trucks and a radio station doing a remote. What I DIDN'T realize til about 10:30 was the "event" started at ten, but they still weren't letting people in til midnight. They had raffles and came out and gave away some swag throughout the next two hours. The tall dorky guy next to me won an Elite console and the game! Two numbers off my raffle ticket! Argh! At midnight opened the doors and let people in about ten or so at a time, then as people exited, they let more people back in. I got through in about 45 minutes. When I got up to the counter, I asked if they had any Elite consoles left, and the kid at the register laughed at me. Seriously, he laughed right at me. The other dorkasaurus next to him asked what was so funny, and he said "he asked if we had any Elite consoles left" and he laughed too, like it was all a big joke.

"Do you have one in the back that says Reserved for Mark?" They both instantly stopped and said "ohhh we were wondering what that one was doing back there" and dork #2 went into the back and brought it out. w00t! It's good to be the king!

I was exhausted and it was about 115 when I got back to the hotel room, so I just dropped everything on the kitchen counter and went to sleep. Last night when I got 'home' from work and dinner, I set about connecting the 360 to the 37" LCD tv in my room and tried it out.


I'm not sure what the resolution of this TV is, but I assumed it was 720p, so I set it for that and man, even the Xbox360 splash screen is gorgeous! I played the first couple levels on normal difficulty, just to get the feel for the controller and the new buttons and weapons, and I have to say, it's pretty cool. Once I get back to Cayman I'm going to have to re-up my Xbox Live subscription and start getting schooled and teabagged by 12 year old trash talkers again! Next stop will be putting a big widescreen LCD on the shopping list :)

Wednesday, September 26, 2007 8:08:49 PM (Pacific Standard Time, UTC-08:00) | Comments [2] | Gadgets | Gaming | Microsoft#
Sunday, August 26, 2007
I got the usual screen, validation required, so I clicked on Validate Now and of course it couldn't run because I was using Firefox and it used an ActiveX control to test your system. At least it's smart enough now to recognize that you're using a browser other then IE and prompt you to download the plug-in for Firefox to allow it to run. I downloaded it, installed it, ran it and.. validation failed.
Sunday, August 26, 2007 10:19:17 AM (Pacific Standard Time, UTC-08:00) | Comments [1] | Rants | Tech | Microsoft#
Monday, June 4, 2007
The new version that was released a few days ago now supports dasBlog natively, which is the software that this website runs on. The best feature of the new Live Writer is that now it supports uploading of photos via HTTP. Before, it was kind of clunky as I had to upload the pics to flickr, navigate to the page, click all sizes, click the small link, then copy the html, come back here, go to HTML view and paste it in, THEn I could mess with the alignment settings and whatnot. Very labor intensive.

With the new version, I can click "insert photo" nav to the folder in my My Documents\My Pictures folder, select it and it automatically inserts a smaller version of it along with a drop shadow. Pretty cool stuff. I did the two posts about Rome last night using the new Windows Live Writer to try it out. You can set the picture to be a link to the jpg itself (default) or none, or a URL and put in a new URL. That way I could insert it locally and then make the picture link to something else, such as all the photos on flickr with the same tags (ie the picture of St Peter's square panoramic yesterday could itself be a link to which would take you to all my photos that are tagged with panoramic).

There are some other neat things in there that it does, or does better than before, but this is by far the one feature that was worth the upgrade. Maybe it has to do with the recent upgrade of the software we're running here, but we upgraded that for the Aksimet spam filtering plugin more than anything else. I also enabled Feedburner instead of the built-in rss thing. If you're using the built-in RSS feed, might I suggest you re-add it as ?

Next up, get this place re-skinned, clean up the categories and figure out how to re-tag everything that's tagged as "Cayman" because that's 95% of the posts. I liken it to putting a label on your monitor that says MONITOR and one on your mouse that says MOUSE. :)

Monday, June 4, 2007 1:30:35 PM (Pacific Standard Time, UTC-08:00) | Comments [0] | dasBlog | Microsoft | WWW#
Tuesday, May 22, 2007
The problem arose when I tried to sysprep the machine. I ran Sysprep and got an error that said There is an incompatibility between this tool and the current operating system. WTF?!
Tuesday, May 22, 2007 8:20:21 AM (Pacific Standard Time, UTC-08:00) | Comments [3] | Tech | Microsoft | WWW#
Saturday, November 11, 2006

Wizmo is a neat little utility written by Steve Gibson, the guy who wrote Spinrite and Shields Up!. He's doing a podcast called Security Now! on the TWit network and while sometimes it's a bit dry, I'm usually able to listen to the whole thing through.

I'd heard about Wizmo before, read what it does and then moved along. It's a Swiss Army Knife for Windows. You run wizmo.exe either from the command line or as part of a desktop shortcut. After Wizmo.exe you put what they refer to in the notes as "action verbs". There are a bunch of action verbs available, and I believe that it's extensible, so you can write your own action verbs if you want. There's Wizmo Blackout which blacks out your screen (it doesn't turn it off, just blacks it out like a screensaver), wizmo blank starts your currently selected screen saver, wizmo standby to send your computer into standby mode (if it doesn't have a suspend button or it's not a laptop). Other commands are hibernate, logoff, exit, reboot, shutdown which are all self-explanatory, monoff which shuts your screen OFF into standby mode and gravitron, the GRC screensaver with all it's own settings.

The reason I was looking at it again was because my new monitor, my Acer AL2216WB 22" widescreen didn't always shut itself off. I don't know if it's something in the system tray, or maybe one of the Yahoo Desktop Widgets preventing it, but if I was laying in bed watching TV (either from my AverMedia Ultra300 USB tuner or uhh, recorded shows) I'd have to get up and push the button to shut off the monitor and go back to bed. How 1980...

I started searching Google for some way to programatically send a "standby" command to the monitor and two or three links down was Wizmo. WTF? Cool! I went back to and downloaded it and configured a shortcut on my desktop to shut off the monitor. Now when I'm done, I fire up VNC, double click the Shutoff Monitor shortcut and close VNC and it's nice and dark and off I go to sleep.

Saturday, November 11, 2006 11:47:35 AM (Pacific Standard Time, UTC-08:00) | Comments [0] | Links | Tech | Gadgets | Microsoft#
Monday, August 21, 2006
I do a lot of desktop support at work. That means I do a lot of drive re-imaging and re-installing of Windows. I used to rely heavily on Norton Ghost and Ghostcast server, so that when we got a new flock of machines, I could set one of them up the way we wanted it, run Sysprep and then make an image of the hard drive. Once I had that, I could use Ghostcast to push that image out to the other machines (the highest # of machines I ghosted at a time was 15, using a 16 port switch). It was a great solution, and if one of those machines got buggered with a virus or spyware, I could re-ghost it and have it back in service in about 25 minutes.

The downside of that is Windows XP's product code/licensing and now Windows Genuine Advantage. Every time I ghosted a machine and started the install process, it would not accept the XP license code that was on the sticker on the computer. Even if I got past that, the OS would not activate. That meant a phone call to Microsoft, waiting on hold forever and then getting the joy of trying to understand Sandeep or whoever was on duty in the call center in India. I would have to read them off a 25-digit code, then they would verify it, then they would read me back a 25-digit response code, I would verify it, punch it in and then it would activate ok. It was a colossal pain in the ass and drove me to looking for cracks and patches for XP on more than one occasion. Ultimately it got to the point where it was faster for me to install Windows from scratch, manually, and then download all the security patches and whatnot (last time I did it earlier this month, it was 54 updates worth abut 80megabytes of downloads) and then install our applications, join it to the domain and all that sort of thing. There had to be an easier way.

Fortunately there is. As I was Googling around, I came across this site who's title was Automatically Slipstream Windows XP with SP2 and All Post-SP2 Security Hotfixes with a Single Command. Sounds like just what I was looking for. On top of that, this guy Ross updates it every month after Patch Tuesday! He has a windows script/batch file that will copy all the files from your source CD, then download ALL the patches and slipstream them into the folder structure. It's a bit of manual labor/clicking, but it sure beats having to download all that crap everytime I have to do a reinstall. There's also a make file for if you have Cygwin installed to run the script, download the patches, verify the downloads using an MD5 hash, integrate them to the folder structure and then burn it to CD, all in one step. I figured I'd give that a try, I installed cygwin and it didn't work. Then I went back and reinstalled some of the packages for Cygwin, and it still didn't work. I finally gave up on Cygwin and the make script and went back to the Windows batch file, which worked. If you're a Linux command-line freak, Cygwin will probably work for you, but for me it's just one more reason why Linux just won't catch on for the mom n pops and grandmas.

The next step was to create a bootable floppy disc which, even in 2006, is still a pain in the ass and easy to screw up. I've done it before, but I couldn't remember exactly how to do it. I made about a half-dozen coasters last month trying before I "stopped and asked for directions". Enter The Elder Geek. I've been to his site both directly and ended up there from Google a few times in the past and he has good stuff there in simple, easy-to-understand steps (at least for me). His tutorial on making a bootable CD-Rom has instructions for both Roxio and Nero 6. I was using Nero 7, but the dialog boxes were close enough that I could figure it out. The reason I kept making coasters was that I had the "number of loaded sectors" set to the default of 1, and on the tutorial it says to make it 4, or they won't boot. What "number of loaded sectors" means, I have no idea and would not have thought to try and 2, 3 or 4 by trial-and-error. I burned the new image to a disc and popped it in a cow-orker's unsuspecting computer and the Windows XP autorun menu came up. Good, but I'd seen that before. I rebooted and saw the magic "Press any key to boot CD" message come up, pressed The AnyKey and saw the Windows Setup screen come up and start loading files. Woohoo! As I type, I'm making 3 more CDs so that two of us can do the install on two machines at once. Once Windows Setup finishes, there might be a few downloads left, but a few downloads is better than 80mb of downloads.

Monday, August 21, 2006 9:50:39 AM (Pacific Standard Time, UTC-08:00) | Comments [2] | Tech | Microsoft | WWW#
Thursday, January 26, 2006

Pucker factor: 9

We got eight new computers at work, all identical Dell Optiplexes that are going to one department. Generally what happens in situations like this is that one machine is opened up, started up, configured & apps installed and then I take a Ghost snapshot of the hard drive, and push that image out to the other machines using Ghostcast Server. That way we end up with 8 identical machines, and then Scripts and Group Policy futher refine the settings and restrictions on those machines based upon where they are going and who is going to be using them.

Since these ones are going to be going into a controlled environment where we want to absolutely minimize any downtime caused by people surfing the net on them and putting them at risk to drive-by downloads and other forms of crapware, we lock them down pretty tight.

On that note, I've been playing with the Microsoft Shared Computer Toolkit and it's pretty cool. You can lock down a machine so tight that it squeaks when it tries to fart. It's also geared towards computers that are operating alone, and not part of a domain. There's a whole chapter related to using the MSCT in a domain environment and I read over that this morning. Basically what you need to do is set the initial security settings on the machine (or the machine prior to imaging it in this case) and then use the included Administrative Template for Group Policy rather than the Shared Computer Toolkit interface.

So after talking it over with the other network admins this morning, I created a new Group Policy on our domain and called it “%machinename% Experimental Group Policy” and applied it to the machine name that I was working with. That way the changes and restrictions and lockdowns that I was experimenting with would ONLY be applied to that computer. That's where I made the fatal error.

In Windows 2003 Server SP1 and the 'new' Group Policy Management Console SP1, when you create a new policy, it defaults to the Authenticaed Users group (practically everyone). In this case, the ACL said Authenticated Users and machinename-01. I went about locking down machine-01 and testing it, not realizing that the changes I was making were affecting the entire domain, in every country we operate in. Bad. Very bad.

I realized that it was locked down too tight for one of our critical applications to work, so I backed off, and then backed off some more, testing each step to make sure it worked. After a few rounds of that, I noticed it was getting late and went for lunch. Second fatal error. By the time I got back from lunch, the changes had replicated to all the other servers and were trickling down to client machines.

I got an email from a user asking why their homepage had changed in Internet Explorer, but I was just getting back from lunch and ready to crack back into the testing of this new machine and didn't really clue in. I hit the Windows key on my keyboard to bring up the Start Menu... and it was blank. I had my last few programs opened, Internet Explorer and Outlook up at the top where they belong, but the only thing on the right-hand pane of the start menu was Administrative Tools. No Control Panel, no My Computer, no My Documents, no nothing. I thought to myself “that's weird, I don't remember making any changes to MY machine... and even went so far as to ask the other admins who was pulling my leg. No one fessed up, so I tried to open Group Policy Management Console to check it and change it back when I got a Windows Critical Error and the message “Access to the Microsoft Management Console has been disabled. Please see your Network Administrator”. Not good, I AM the network administrator, don't tell me to go ask myself! OK, well I'll VNC the console of the PDC... Log in there, hit Start Button... and it's empty.. To quote $imdb(Ralphie Parker) “Only I didn't say "Fudge." I said THE word, the big one, the queen-mother of dirty words, the "F-dash-dash-dash" word!”

That's when the email about the changed homepage popped back into my mind, and a frenzied attempt to get into GPMC via any DC in the datacenter and a phone call from another admin who had gone offsite about 20 mins before all happened at once. He was not amused when i told him what happened. We hit up Google with a passion, looking for a way to “un-fuck” ourselves. We found a couple things: registry keys, some obscure MS command-line tools, and ultimately, the same situation we found ourselves in and what saved our (mine especially) bacon in a newsgroup post. Someone had done exactly the same thing as me. His solution? He was lucky. As was I. The offsite location that the other admin was at had not been updated yet due to a slow WAN link. Getting in there and making the change to the GPO and saving it caused it to have a newer timestamp, and therefore it replicated ITSELF back to the network here rather than be overwritten itself by the “bad” GPO. If that had not happened, I would probably be on the phone with Microsoft for most of the night while the rest of the guys made plans to roll back the entire AD to a previous state.

We waited five minutes and then I got antsy so I did a gpupdate /force on my machine, and once it was refreshed, I hit the start button and everything was back to normal on my machine. After that I relaxed a little, and was still searching for a solution in case it ever happened again (not bloody likely) or it happened to someone else and asked me for help.

I found a message thread in Usenet/Google Groups about the same thing that I did. The solution that he found was the same thing that saved my ass: one of the other domain controllers hadn't updated yet. If it did, he would have been screwed. (as would I)

This could have been one of those COLOSSAL fuckups that define a career (or at least the downward trajectory of one) had it not been for a slow WAN link. It's one of those mistakes you only make once, as the fear of it actualy happening again/for real is SO MUCH that it will make you pause and check the settings every friggin time you go into Group Policy Management Console for the rest of your life.

Thursday, January 26, 2006 1:26:20 PM (Pacific Standard Time, UTC-08:00) | Comments [0] | Tech | Microsoft#
Sunday, June 26, 2005
I found a new XP Powertoy today, it's for viewing and thumbnailing RAW image formats for Canon & Nikon cameras.
Sunday, June 26, 2005 5:51:01 AM (Pacific Standard Time, UTC-08:00) | Comments [0] | Links | Pictures | Microsoft | WWW#
Wednesday, June 15, 2005
...You might end up administratively locking yourself out of Windows
Wednesday, June 15, 2005 7:00:52 PM (Pacific Standard Time, UTC-08:00) | Comments [0] | Tech | Linux | Microsoft | Travel#
Monday, May 9, 2005

Well, I'm still not entirely sure WHAT happened to my hard drive. The drive was still there, but Windows wouldnt recognize it and said “Drive F: is not formatted, would you like to format it now?” uhhhh NO! I figured I'd give Knoppix a whirl, as I had read about it last week. I downloaded the torrent of it (686mb in about 60 mins) and burned the image to a CD, popped it in and booted up.

Knoppix came up and found all my hardware, even my USB drives that were plugged in. The only gripe I had with it at that point was that the resolution was low, 640x480 I think. I probably could have entered one of the “cheat codes” that comes with it to up the resolution on startup, but whatever, it worked.

The odd thing was that it found my hard drive at /dev/hdb1 and it showed the entire file structure and all the files... my biggest gripe of the day came when I found out that I couldn't write to an NTFS disk with it. Apparently there is a way to do it, and I googled around for a bit. You're supposed to click on the K, go to Knoppix, Utilities and there's a program called CaptiveNTFS that lets you read and write to an NTFS partition, but it wasnt there. I read something about Windows XP SP2 “breaking” captive NTFS with a new version of the NTOS kernel file, so I was pretty much dead in the water. I thought about doing it 1gb at a time with my USB drive but gave up on that after one revolution through that process. I thought maybe I could do it 4 times, burn a DVD, do it 4 more times, burn a DVD but if that was the case, I'd still be sitting there now with cobwebs in my ears trying to copy off all the data.

In the end I used the network to do it. Knoppix had enough Samba stuff built into it that I could connect to a share on my network and copy-and-paste the files over the network. I got a full 11mbps when I was copying from my Knoppix desktop to my XP laptop and then via USB2 to another hard drive (even though I have an entirely 802.11g network capable of 'theoretical' 54mbps throughput) and was getting 1MB/sec throughput. I turned off my wireless radio on my laptop and plugged it in via cat5 ethernet to theoretically get a max of 100mbps speed. I DID get 20mbps and 2MB/sec transfer rate, so I was content with that.

I managed to save all the TV shows I haven't watched yet, and all the data files I had stored on the drive as well. I sacrificed a few movies I had stored on the drive, my backup of my Mp3 library, my backup of my photo library and a bunch of other “assorted” video clips that I was storing there for network sharing purposes.

Once all that was done, I rebooted back into Windows and used disk manager to delete the partition and create and format a new partition on that HD. It seemed to work, and the disk is now a pristine, empty 155gb again, but I'm not sure that I trust it with 'critical' data. I don't know why it failed. The weird thing is that my previous Maxtor 160gb drive that was in this enclosure failed the same way, about a year ago. I'm wondering if maybe it's because we're approaching summer, and the tempurature in the apt is too high during the day when there's no A/C on and the computer is still running. I'll have to look around for some temperature monitoring software and run some tests on it to see if I can get a baseline on the temperature in my case during the day compared to at night.

Monday, May 9, 2005 5:51:36 AM (Pacific Standard Time, UTC-08:00) | Comments [1] | Tech | Linux | Microsoft#
Wednesday, March 30, 2005

So I'm off to Miami tomorrow. I started making a list of things I need to do (starting with DONT FORGET YOUR PASSPORT THIS TIME, SCHMEEB) with a reminder at 6:30am. It has things like “stop at Tiger Direct” pick up HD in it's details, stop at Circuit City and try and find a 1gb Shuffle for Seb, Fix so-and-so's machine, pick up time card blanks, check/set IP address on photocopier/printer, G's laptop IP address and “check on computers in Ft Lauderdale” with various reminder times to help keep me on-task and maybe get back here tomorrow night on the last flight. (im taking my toothbrush and an overnight bag, just in case though)

I then remembered that I'm a card-carrying übergeek and to put them into Outlook which (since it's connected to an Exchange Server), will be available to me via Outlook Web Access anywhere I happen to be) but that won't do me any good in the airplane, in immigration or in a rental car. Wait! I have a smartphone! I'll just sync the tasks to my phone (and since the phone is unlocked, I can use it with a Cingular SIM card in Miami and retain my contacts, emails, etc on one device). I went into the registry and turned off the “force guest mode” and then set up a new partnership to my phone so I could sync my tasks list to it when I plug it in for charging here at work.

Except that it didn't sync my tasks list to my phone in the Options screen, and there was no checkbox next to tasks as if it were unsupported or something. A quick Googling turned up that Activesync 3.7.0 did not quite support EVERYTHING in Outlook 2003/Exchange 2003, but that 3.7.1 did. Next stop: Microsoft Download Center. Right there, smack in the middle of the screen, without any searching: ActiveSync 3.8.0. I downloaded it, installed & upgraded my 3.7.0 installation, selected tasks and synced them over.

Good to go.

Wednesday, March 30, 2005 12:33:22 PM (Pacific Standard Time, UTC-08:00) | Comments [0] | Links | Gadgets | Microsoft#
Monday, January 31, 2005
There are a number of ways to draw comparisons between Xbox Live and Las Vegas, here's one.
Monday, January 31, 2005 1:14:50 PM (Pacific Standard Time, UTC-08:00) | Comments [0] | Gaming | Microsoft#
Tuesday, January 25, 2005

Steve (see the blogroll to the right) and Rich (same) are involved in a charity auction to raise money for tsunami victims in Southeast Asia. Basically you're bidding on an hour of consulting time from one of the group. It's pretty much a who's-who of software development professionals. I haven't clicked on all their names in Steve's post, but I recognize a lot of the names from various posts at various sites over the last year or so. Rich posted about it on his blog yesterday as well, and there are references to it on Microsoft Watch as well.

I can count the number of things I know about software development on one hand and still have enough fingers left to bowl with, so the only thing I can do is try to help drive some traffic to their eBay auction. Go bid, even if you just want to chat with one of them for an hour. I know some of you have paid more than $100 to be someone's friend for less than an hour. Less than 20 minutes if I remember correctly... Lordy pants did Colin's 25th birthday present ever backfire on us. (smack forehead)

Tuesday, January 25, 2005 7:19:23 AM (Pacific Standard Time, UTC-08:00) | Comments [0] | Links | Tech | Microsoft | WWW#
Tuesday, December 14, 2004
Finished Halo 2 last night. The ending sucked. No spoilers if you haven't finished it yet, it's safe to read on.
Tuesday, December 14, 2004 5:33:39 AM (Pacific Standard Time, UTC-08:00) | Comments [0] | Rants | Gaming | Microsoft#
Thursday, December 2, 2004

MSN Music has an RSS Feed to their “top downloads” chart. It's beta, of course (or maybe I just have an old feed) so you get some weird instances.. usually it has to do with songs popping up with weird dates on them. Maybe it's because that was the date it was added to the Music Store, or whatever, but it shows up funky in my RSS Reader because I have them arranged by publication date.

This morning after my feeds all updated, there were two new songs on the MSN Most Downloaded chart. One was by Kelly Clarkson, and the other was Blue Oyster Cult's (Don't Fear) The Reaper.

Why on EARTH would an old song (but a good one) by Blue Oyster Cult be on the top downloads at the MSN music store in December, 2004? I guess a lotta people gotta have more cowbell, baby!

Thursday, December 2, 2004 6:10:13 AM (Pacific Standard Time, UTC-08:00) | Comments [0] | Microsoft | WWW#
Thursday, November 11, 2004

I got HALO 2 tonight, Joanne was in Miami and picked me up a copy of it. I read over the little instruction booklet while the roomies were finishing up a movie, and then when they were done, I went and plugged in the Xbox and fired up HALO 2.

That was many hours ago.

Only by sheer willpower did I force myself to put the controller down and step away from the Xbox. Seriously, it's such a cool game. Thankfully the controls are the same as the first one, so I could slip right back into it. I played about 3.5 hours tonight, I think I made it to the 3rd “level” or so, Im not really sure yet. I got as far as the part with the warthog and the tunnels leading to the bridge. Im glad now that George & I spent so much time screwing around with the Warthogs that I was able to tuuune my driving skills and get through the level relatively unscathed.

Now, however, it's sleepy-time. I don't wanna get into work tomorrow all red-eyed and lack-of-sleep zombie-lookin. :-)

This weekend I'll get some of the boys over for some Slayer deathmatch. Maybe throw some things on the grill, fill up the cooler with beer & ice and WREAK HAVOC ON THEM. OH YEAH!

Thursday, November 11, 2004 9:08:30 PM (Pacific Standard Time, UTC-08:00) | Comments [0] | Gaming | Microsoft#
Tuesday, November 9, 2004

According to PC Magazine, over 60% of xbox owners have purchased HALO since it was released in 2001. I can't speak for other people, but two years ago when I went home for my 30th Birthday, I went to a BBQ and someone brought over an Xbox and plugged it in to a Sony 70” projection TV and we played 4-player Slayer mode deathmatch.

Needless to say, I got my ass handed to me that night, but as I was driving home I said “oh man... I am SO getting an xbox...” the next day I went to EB in Brentwood Mall and got an XBOX, extra controller, HALO,Splinter Cell and Project Gotham Racing. Since then the # of games I have has swelled to about 10 or so, but I was always waiting for HALO 2 to come out.

I think it's first projected date was supposed to be last March or so and Todd was going to bring it down for me. Then it was delayed, and delayed again, and delayed again. I was starting to think that HALO 2 was turning into “the next Duke Nukem sequel” that's been years and years in development and is turning into vaporware.

Joanne is up in Miami at the mo, and if she finds a copy she's going to grab it for me! w00t!

The icing on the cake is not just that we have power back, and a/c back, but we re-installed the home theatre 5.1 speakers, the dvd player, my bigscreen TV, the prismiq media hub and the wireless network. Woohoo! HALO2 deathmatch party at Oceanside this weekend!

Tuesday, November 9, 2004 1:05:40 PM (Pacific Standard Time, UTC-08:00) | Comments [1] | Cayman | Gaming | Microsoft#
Tuesday, October 12, 2004

OK, so some of you were checking here (either by RSS or old-fashioned web surfing) in the days leading up to, during, and after the storm, looking to see if we'd all made it through. I won't beat any dead horses about lack of coverage of the Cayman Islands in the news, because it's moot now.

A few days ago I posted an article about how I had figured out a way to get Mobile Web working on my Motorola MPx200 SmartPhone, and mentioned how handy it would have been to have that during the storm, as Cable & Wireless' GSM network did not go down through the hurricane (you just sometimes had to go to places where the signal was strong enough to make a call) unlike other providers who took up to six or seven days to come back up.

With that setup, I would have been able to surf on over here via the built-in version of Internet Explorer, log-in, and post a “we're OK” message. Probably not much more, because typing a long message with a cell-phone keypad is probably the same sort of sensation as masturbating with a cheese grater: slightly amusing, but mostly irritating.

I've now taken it one-step further by figuring out how to access my email from the phone. It wasn't hard, it was just one of those things that I never got around to setting up. I can now download headers of my email and if something is important, download the message and respond to it right away. Other than that, it won't automatically check my email and download anything, because I only get ONE MEGABYTE of data per month, and then I get charged PER KILOBYTE after that. In an emergency, I would use it, but not for casual emailing.

Not only can I check/receive email on the phone, but I can send it out as well. I've also configured my website to accept posts from me via email. I can write an email (see above about message length) to the website and it will show up here as a new post automagically! Wicked-cool, huh? (OK, it's cool if you actually own a propeller beanie)

So NEXT TIME a Category Five Storm-Of-The-Century comes along and happens to hit Cayman right in the nose, I'll be able to post a message while sitting on the roof behind the chimney to stay out of the 225mph+ winds! (except we werent sitting on the roof, and no one HAS chimneys down here... who the hell has a fireplace in the tropics? Besides Barrie & Leslie that is)

Tuesday, October 12, 2004 12:14:08 PM (Pacific Standard Time, UTC-08:00) | Comments [2] | Hurricane | Gadgets | Microsoft | WWW#
Monday, September 6, 2004
The Man, The Myth, The Legend: Mark Minasi's free powerpoint slideshow (PDF) boiling down all 1000+ pages of MS Documents on XP SP2 to about 60 or so slides.
Monday, September 6, 2004 1:14:45 PM (Pacific Standard Time, UTC-08:00) | Comments [0] | Links | Wireless | Microsoft#
Wednesday, June 23, 2004
I installed it on my machine at work yesterday to give it a whirl...
Wednesday, June 23, 2004 7:41:28 PM (Pacific Standard Time, UTC-08:00) | Comments [0] | Microsoft | WWW#
Monday, June 21, 2004
Got my pigs all in a line now... read on for the solution.
Monday, June 21, 2004 5:35:27 PM (Pacific Standard Time, UTC-08:00) | Comments [0] | Microsoft | Wireless#
Monday, June 7, 2004
or How I Learned To Stop Worrying And Love The Bomb
Monday, June 7, 2004 9:15:08 AM (Pacific Standard Time, UTC-08:00) | Comments [0] | Links | Microsoft#
Admin Login
Sign In
Pick a theme: