How come a “printing system” has to be a 300mb download or CD ordered by mail? I’m all for having that as an OPTION, but for servers and for shared printers, all I need is a driver and that can probably still fit on a floppy disk… if my computers and servers still had floppy drives, but that’s another post!

I already posted about 32-bit printing in an increasingly 64-bit world, and my medium-term solution for that was to stand up a 32-bit Windows Server 2008 VM and use that as a print server.

This post is the next step: printer drivers. Specifically migrating printer drivers from one server to another. For the small amount of printers I have to manage (three printers and two plotters in this office) or even the amount of printers (queues) at my last job (about 40) it’s not so difficult to do it manually. I did just that when we moved into a new building at my last job and stood up a VM just for print queues. Pretty straightforward, really: download the latest printer drivers from the manufacturers web site, unpack them to a network location, Add Printer from the printers window/control panel, new local port, new TCP/IP port, punch in the printer’s IP address, have disk, browse, click, select… done. 40 times. A wee bit time consuming. For this migration here I only had the six, so it should be even easier. But what if the newer version of a printer driver doesn’t work properly with your as-configured software?

That’s where I am right now. We have a Kyocera CM3232 photocopier/printer/scanner/fax. It’s a big one with it’s own onboard cost accounting and “proper” network scanning & faxing. It does color and black & white and prints on up to 11x17 paper (although not borderless printing). On the old OLD server, printing CAD drawings from Acrobat Reader plots properly. On the new-old server, it didn’t. There were some weird issues where drawings would not be rotated based on the settings you selected in Acrobat, but if you left Acrobat’s settings on Portrait but clicked Advanced Print Properties and changed it to landscape on the driver settings, it would work. Not very intuitive and sure to be the cause of plenty of helpdesk calls.

We tried a different driver, we tried an old driver from a CD that presumably came with the printer and nothing seemed to work. In the end, I re-pointed everyone’s printers back to the old server and removed the queues from the new-old server… but that old server isn’t going to last much longer and it’s not easy to find parts for an old IBM X-series Pentium III tower server, and having a single Windows 2000 Server in the mix is also holding the rest of the network back.

The new-old server blew up in December. No big deal for printing, but HUGE FUCKING DEAL for everything else. I managed to get it up and running again, Frankenstein-style and convert it to a virtual machine before shutting it down for good and sending the carcass to the recycling center.

That new one is here, and one of it’s roles is hosting a Windows Server 2008 32-bit VM for print queues, so I’m back to trying to make the new server play nice and plot drawings properly… the Windows Server 2008 driver for the copier is doing the same weird things the 2003 driver was doing… If only there was a way to migrate those queues, drivers and ports over to a new server… oh wait! there is! Hallelujah I think I hear a choir of angels singi—wait, what? that only really works for moving from NT4 to 2000? It wasn’t really updated for 2003, 2003 R2 or 2008? The tool has been retired? Oh good grief!

Fortunately there’s a new version built-in to Server 2008 and Server 2008 R2. You access it from Print Management Administrative Tool, as opposed to the Printers control panel applet. From there you can add the old server as a network print server, right-click it and export printers to a file… then right-click your new server and import printers from a file. I’m in the process of doing that right now, and will be testing it with CAD drawings later today. Fingers crossed.

(or a 64-bit domain anyway)

Hooray! 32-bit is dead! Long live 64-bit! … … … not exactly.

While there are more 64-bit machines out there now than there were a year ago and tons more than a few years ago, a lot of businesses are still firmly entrenched in 32-bit Windows XP. I know we are.

We’re a pretty good example of someone who SHOULD make the leap to a 64-bit OS. If there’s one segment of the market that supports 64-bit and is extremely memory-hungry, it’s CAD work. And we’re all about CAD work. I’ve recently upgraded all the computers to 4GB of RAM and standardized them on one video card (nVidia Quadro FX 580 512MB), they’re not taking full advantage of that 4GB of memory because the 32-bit XP Professional can’t address it all. Even with the /3GB switch in the win.ini file, that just means acad.exe can use more than the 2GB limit per process… but I’m getting off topic.

When I started here in Q4 of 2008, I took one look at the “datacenter” and my jaw dropped. The main file server was an old IBM x-server with a Pentium III and a whopping 768mb of RAM and a couple 160GB hard drives in RAID1. The web/intranet server was an even older one. Both were running Windows Server 2000. The Domain Controller was newer, it at least had Windows Server 2003 on it, but it was consumer-grade, non-redundant components in a 2U rackmounted case.

Before Christmas rolled around I had replaced the ancient file server with a pair of Supermicro SuperServers with Quad-core Xeons, 4GB of RAM and 5x1TB SATA2 drives in RAID5 configurations and added an LTO-4 tape backup to the mix. Between Christmas and New Years, the web server died so I replaced that one with another Supermicro identical to the first two, but with just 2x250 and 2x500GB drives in RAID1. All of these servers were running Windows Server 2008 Standard x64.

This led me to a major problem: I was able to install printer drivers for each of the printers on the servers themselves, but with the 64-bit drivers. Client computers (XP Pro SP2 x86) tried to connect and failed because they couldn’t use the 64-bit drivers. In the old days, you could go to the sharing tab of the printer properties and click “Additional Drivers” and that was pretty much that, but cross-architecture is a little more squirrelly, and the solution is counter-intuitive.

Here is how to provide a 32-bit driver in the Additional Drivers page on a 64-bit server:

Step 1: Install the 64-bit driver on the server itself and make sure that you can print.

Step 2: On a 32-bit client (I used XP Pro) download and unpack the drivers for the desired printer (in my case it was an HP Laserjet 4600).

Step 3: Open Windows Explorer and navigate to your printer share: \\64-bit_server\ and then double-click Printers and Faxes.

Step 4: Right-click the desired printer and  select Connect. It will do it’s thing and then Uh-Oh.. where’s the driver? It will ask you to provide a driver. Browse to your local folder where you’ve stashed the .inf files for the printer and let it install. Print a test page to make sure it’s working on your computer.

Step 5: On the server, right-click the printer you just added and select Properties. Click the Sharing tab, and then click the “Additional Drivers” button. Click to check the “x86” button for 2000/XP and click OK. The server will then request the x86 versions of the files FROM your local workstation and upload them TO the server.

This is the back-asswards part that tripped me up. You’re actually uploading the driver TO the server so it’s able to them DOWNLOAD it to OTHER x86 clients that request it.

Step 6: Click ok, ok, ok, all the way back out and you should be good to go.

WSUS is a pretty cool piece of software. Basically it acts as a “Windows Update” server for your network. Rather than have all your computers download the same updates each from Windows Update, your WSUS server dowloads it once and then distributes it to all the computers that need it over your LAN connection which is much speedier than 99.9% of the internet connections out there. It also gives you a single place to go to and approve updates. Heard bad things about an update? Don’t approve it for installation and it won’t make it’s way onto any of your machines until you do (or they release an update to supersede it). A nice solution for small and medium sized networks.

You can extend it out to different geographical sites, too. Using a downstream replica server, you can have your server in another office “take it’s lead” from your server and either download the updates from you, or (and this is cool) only download updates that you’ve approved on your server from Microsoft’s servers. If you have a metered or slow connection between the offices, this is a great solution. You still only have one place to approve/deny updates, but you don’t chew up bandwidth pushing the updates from Office A to Office B.

This is the setup that I have. I have six offices (and two satellite offices but they’re not part of the corporate network) and aside from head office, there’s only one server in each location. These servers are Domain Controllers (for logins & resource management), WSUS downstream replicas for Windows Updates, and File & Print servers for that office.

WSUS uses Group Policy Objects (GPOs) to configure your clients (XP, Vista, Windows 7, Server 2003, 2003 R2, 2008, 2008 R2) to look at your own server for Windows Updates, as well as how often to check, and whether or not to allow the users to defer a restart so as not to interrupt them in the middle of something. Here’s where my setup gets trickxy.

I have a GPO called WSUS-Office A that I apply to the Active Directory Site called “Office A” so anyone who logs in at Office A will have their Windows Update Automatic Updates (WUAU) client pointed at the local server. Other offices have their own GPO assigned to their sites to keep everyone looking at the closest/fastest server/connection.

The hitch I ran into today was with my servers because of the Out Of Bound security bulletin released by Microsoft today for MS010-002. Because of the Big Scary Crisis surrounding it, and the fact that it was listed as Critical and affecting IE 6, IE7 and IE8 on Windows 2000 SP4 all the way up to Windows Server 2008 R2, I manually synchronized my WSUS with Microsoft this morning, downloaded the updates and approved them.

I also did a dirty thing to my users: I set a deadline in WSUS of noon today for the installation. That means that they’ll be notified of the download, and if they click the little yellow shield it will install it and then say “Time to restart!” but they can click Restart Later. Once the deadline passes, however, they don’t have a choice. the window comes up and says “restart your computer or I’ll do it for you” and starts a 15 minute countdown timer. I don’t do it often, so they know that I only do it for “critical” updates. Plus I emailed everyone last night and told them it was happening and posted it on the Intranet as an announcement. This morning they all got a second email that it would happen shortly.

Where the patch wasn’t installed was on some of my servers. Some of them got the update, and some of them installed it and rebooted without warning (oops, but they were warned). I started looking into why some of the servers installed it and some didn’t. My first thought was that the Server 2003 servers did but the Server 2008 & R2 servers did not. I thought perhaps that the GPO didn’t apply to/configure the Windows 2008 clients, but that was wrong, too.

Finally I compared a 2008 virtual machine’s Windows Update screen (which wasn’t working) to a 2008 physical machine’s Windows Update screen (which was). The 2008 VM said “You receive updates: For Windows and other products from Microsoft Update” and the 2008 host said “You receive updates: Managed by your System Administrator” Further investigation into the registry (HKLM\Software\Policies\Microsoft\Windows\Windows Update\AU\) showed that the settings that were specified in the GPO were applied to the 2008 Host, but not the 2008 VM.

It then dawned on me that the difference between the two was the host was a member server and the VM was a domain controller. That led me to GPresult and Group Policy Modelling. Using the DC and Administrator accounts, the GPO (identified by a GUID rather than it’s name) that was applied to the site was denied application due to SOM (Scope of Management).

I expanded the forest folders and drilled down to the Domain Controllers OU and saw a blue exclamation mark on it. Blocked Inheritance. That meant that the Domain Controllers OU was going to not inherit any settings from GPOs ‘above’ it, including sites.

So my choices at this point are to remove the block and let everything apply to the DCs. Not a very good idea. There were three policies which would have applied to the DCs: the Default Domain Policy, Remote Desktop Policy and Office 2007 File Format Policy.

The Office 2007 File Format Policy is tame, all it does is make the default filetype for saving the Office 97-2003 compatible instead of the new .docx, .xlsx and .pptx formats. Remote Desktop Policy is equally benign. It’s denied to Domain Admins and auto-disconnects clients from Remote Desktop after 10 minutes of inactivity so it wouldn’t really apply anyway.

The Default Domain Policy had a fair amount of settings in it though: Firewall settings, password policies, that sort of thing which I don’t necessarily want to apply to my Domain Controllers.

SO, removing the Block Inheritance setting probably wouldn’t be a good idea.

The other thing I could do is apply the WSUS-Office A policy to the Domain Controllers OU. It would get around the Block Inheritance issue without applying the default domain policy to them, but it would also “point” each of my offices’ Domain Controllers back here over the slow, metered internet connection. Not ideal either.

The other thing I could do is copy each of the WSUS-OfficeX policies and then apply ALL of them to the Domain Controllers OU and use filtering to make sure that each office’s policy only applies to that office’s WSUS server. That doubles the amount of work I’d have to do if I changed one of the servers though, and if I forgot, it would mean that one of the Domain Controllers was pointing at a non-existing Update Server which could leave it unprotected/unpatched. Guh. Meh. Not ideal.

SO that’s where it stands now. I haven’t done anything yet. I’m remembering in the short term to manually check the DCs for Windows Updates until I can come up with a little more elegant solution to the GPO filtering situation.

Dell’s local supply chain technician called me yesterday morning to set up a time to replace the parts on my laptop that seemingly blew up. They didn’t have the parts yet, but were expecting them later that day so they’re going to call me back this morning to arrange a time to do the repair.

I brought my laptop to work, and the tech’s office is actually just around the corner from mine, so that way he could do it whenever and when I take it home tonight it’s fixed.

I turned to my co-worker James and said “hey, do you want to see my screwed-up video card?” he came over and I turned the laptop on…. and it worked! WHAT THE HELL??

I’ll mention it to the repair tech, but I’ll still have him replace the parts. Save him a trip out again later, ESPECIALLY if he can replace the GPU with another, non-f’d up one.

Update: Well it must have been it's final hurrah. when the technician arrived, it came up with the BIOS logo screen, but then died. He began to disassemble the laptop to replace the system board (that's the motherboard in Dell-speak) and unfortunately it has the same GPU chip on it as the one being replaced. Ultimately he had to stop and make arrangements to come back tomorrow because--get this-- he couldn't get one of the screws out and has to get a different screwdriver. I have one that's the perfect size for laptops, but unfortunately I left it behind on Vancouver Island last week. He's coming back tomorrow to finish it. It's a darned good thing that I'm a huge nerd and have three other computers at home I can use until this one is back up and running.

Ahh the joys and risks of running beta software.
This morning I fired up an xvid video that I downloaded and partway through the video, the audio stuttered and then froze and the screen froze. The screen went black. then it came back, then went black again. i tried to hit escape, out of full screen so maybe i could catch it and click close, but before that happened, I got a Blue Screen Of Death (BSOD). No big deal, they happen from time to time and it IS beta software.
The problem was when the computer restarted, I didn't get the Dell logo screen. I didn't get the Windows logo startup screen. I didn't get a login screen. What I got was a series of lines running top to bottom mostly on the left side of the monitor... multicolored but slowly becoming all white. The rest of the screen slowly started showing vertical lines until eventually the whole screen turned white. Not good. What the hell? How could a crash physically damage hardware? I tried turning it off and on again, same thing.
Watching closely, I could see and hear the BIOS POST (Power On Self Test). After a minute or two, the hard drive activity light blinked out. On a hunch, I entered my password and hit enter. Hard drive activity resumed and it logged me in. Of course, I couldn't see anything so all I could do was shut down gracefully.
Using my other computer, I checked Dell's support site and did the diagnostics they suggested. Turns out my LCD monitor is fine, but the video card is hosed. How on earth did watching a video cause a crash in the driver that resulted in not only a BSOD but a physical corruption of the card itself? That's unheard of!
In hindsight, I think it was a combination of things. My laptop has the nVidia GM8400 video card in it which is known to have a major design flaw. This affected Dell, HP, even Apple's MacBook Pro laptops that had this chip in it. Ultimately Dell extended the warranty of every system with this chip in it for free. The combination of a flawed video chip and a beta driver for a beta OS was a recipe for disaster.
Ultimately I had to call Dell. The NEXT major obstacle is that I bought this laptop through my corporate account... through Dell Latin America. I'm now in Canada and have to have the system transferred. I called the Dell XPS tech support line (XPS has it's own tech support department, which is one of the nice things about paying a premium for a product) I got through to a technician with a slight FRENCH accent, which leads me to believe the call center is here in Canada, rather than Panama for Dell Latin America or India for Dell US and A.
I explained what happened, and what steps I had already taken. (Having dealt with Dell Tech Support for issues for the hundreds of systems I had at my last job, I learned how to work WITH them rather than them having to rely on their flowcharts) I also told him that since this was the known-bad GPU, that I'd prefer to have a technician come on-site and replace the GPU rather than send my laptop in for depot service. You just never know if you're going to get your own computer back, with a freshly-installed OS and no data, photos, emails, contacts or anything else on it. They said no problem, got my address and-waitasecond. This address isn't in Grand Cayman.
Uh-oh. He processed the dispatch for me and then said he was transferring me to customer care to update my records, since tech support has read-only access to customer records. He gave me the case number and transferred me to Customer Care reception. I gave them my case number and said I needed to transfer from Latin America to Canada, and he put me through to someone. Someone else picked up right away (I think I spent less than 2 minutes on hold this whole time so far) and I explained my situation to him. This person, who DID have an Indian accent told me that it was purchased through a corporate account and would have to be dealt with by the corporate sales department, not customer care and would transfer me. I tried to stop him, and he listened to what I had to say and then repeated his script and transferred me... to an automated message saying that the department I was trying to reach is currently closed, and please try again on the next business day. ARRRRRRRGH! I hung up and the call was 19:44 seconds.
I re-dialed the XPS number, and again got a technician, Robby, who sounded Canadian. I said I had just called a few minutes ago, spoke to a tech, got a case number and then was transferred to Customer Care who sent me down a rabbit hole into a dead end. He apologized, asked for my case number, re-confirmed my name, address, email and phone number. Then he said he would re-submit it to dispatch and could he put me on hold for 3-5 minutes. He came back on in about 3 minutes and told me everything was set, he gave me a dispatch number and told me a technician would be calling me sometime early next week (because it's 5:00 PST on a Saturday) to schedule the best time to come and replace the part. Just like that. I asked him if they were going to replace it with the same GPU, the nVidia 8400 that's known bad or were they going to replace it with something that wasn't borked by the factory. He said he didn't know, it would be up to the technician. If they had a better solution at the time of install then yes they would replace my GPU with a different one.
SO. Windows 7 beta: out. nVidia GS8400m: out. Dell XPS tech support: big thumbs up. The worst part is going to be getting through the next week or so with only my desktop, Laurie's desktop and Laurie's netbook in the apartment :)

I haven’t really been using my computer much this week. I’ve been smokin’ busy at work, so by the time I get home, the last thing I want to do is spend MORE time in front of the screen. Everything is on track now for a business trip tomorrow, so starting this weekend when I get back everything should slow down again… until Monday. :)

The last post I made about Windows 7 I mentioned that the fan was acting weird. I went to Dell’s support site and there was a new BIOS version for my specific laptop. I installed that and the fan began behaving as expected, so thank you Dell. I’ve still got i8kfangui running, but just in informational mode only so I can see the CPU temperature.

Every window has a “Send Feedback” link up next to the minimize, restore/maximize and close buttons. I read today that there’s a registry hack you can make to turn it off if it really bugs you. I don’t know why you’d find it annoying though, it’s a BETA TEST of an operating system. It’s provided free of charge in exchange for reporting metrics, crashes and other things… LIKE FEEDBACK. It’s actually pretty cool. There’s a dropdown that you can select what category you’re reporting on, and then some stars to give you a choice of how well it worked (or didn’t) and then comments.

The dropdown list itself is pretty encompassing, too. Everything from Accessibility features, printing, faxing, security settings even Tablet PC functions. Finally at the bottom there’s an “other” category.

So far I’ve sent between 12 and 15 feedback “emails” to the team. Some of them have just been “This works exactly as advertised and as expected”, a couple suggestions and a few negative ones, too. I sent one when I crashed IE the first time the other night, too. Being a beta, you’re not supposed to use this as your “main machine” and in fact, part of the terms of use specify that you won’t use it ‘in a production environment’. I WILL be implementing it in a production environment in a couple months at work. I’m planning a pilot project for myself and my co-administrator, as well as a couple people who are tech-savvy to run Windows 7 with all our line-of-business applications to iron out any kinks that come up over the next year before we start migrating to it (skipping over Vista) in early 2010 when it’s released.

I wrote on the 2009 advancement plan at work that if I tried to upgrade people to Vista that we’d have a mutiny on our hands. I’ve been running Vista on my laptop since last December when I got it, and forcing myself to use it on my desktop at my last job for almost a year previous so I could get to know it before I had to start fielding calls about it. While Vista came out of the gates flaccid with few compatibilities with existing hardware and software, it was something that needed to be done. If Vista hadn’t come out when it did and been a dog, then there wouldn’t have been new drivers and new versions until Windows 7 came out. Then *IT* would have been the dog that nobody wanted. Vista was the pain of living with no floors in your home while contractors reinforced and rebuilt your foundation and drainage. It sucks, and it’s hard, and it tries your patience, but in the end, what you built on top of it was all the better for it.

While I could have rolled out Vista Business with Aero Glass turned off and the “classic” skin/theme selected to make it look like Windows 2000 Professional, Windows 7 takes that option away. I might have been able to slip it past a few people if it LOOKED like the old Windows :)

What everyone seems to forget is that in 2001, XP was hated just as much as Vista is, with people decrying the “Fisher Price toy” interface and the new double-wide start menu but as people actually used it and adapted to it and started to reap the benefits of the new system, they liked it and ultimately loved it (evidenced by extension after extension for the availability of Windows XP for OEM systembuilders).

The difference between 2001’s hate-in for XP and 2007’s hate-in for Vista is a 24-hour news cycle and a lot more people  out there trying to justify their employment filling column-inches. Vista’s missteps were a convenient mule to whip.