Networking basics course starts tomorrow

It’s not too late to sign up for my latest Networking Basics course to be held at Macquarie Community College on Marsden Road Carlingford from 7-9 pm over the next three weeks.

The upcoming Networking Basics course will provide you with a solid foundation to understanding the technologies around things like TCP/IP, Windows Network and Internet programs and protocols. Each attendee will have access to their own machine to work with and the sessions are highly interactive with a focus on understanding the concepts through questions and hands on work.

For more information about this course (or any others that I run at Macquarie Community College visit :

http://www.macquarie.nsw.edu.au/index.php?action=course&course_action=list&cat=IT+TRAINING&subcat=NETWORKING

I am also happy to announce that from term 3 I will now be presenting networking courses at Chatswood, also through Macquarie Community College. More details on these courses as the time nears.

If you would like to know the content of any of my courses and whether they would suit your needs, please don’t hesitate to contact me.

SQLVDI and Shadowprotect errors

Do you have ISA 2004 and Shadowprotect installed on your SBS2003 server? Seen these types of errors in the logs?

VSS 6013
Sqllib error: OLEDB Error encountered calling ICommandText::Execute. hr = 0x80040e14. SQLSTATE: 42000, Native Error: 3013 Error state: 1, Severity: 16 Source: Microsoft OLE DB Provider for SQL Server Error message: BACKUP DATABASE is terminating abnormally.

SQLVDI: Loc=SVDS::Open. Desc=Open(control). ErrorCode=(2)The system cannot find the file specified. . Process=1908. Thread=8372. Server. Instance=MSFW.

It would appear that the MSDE database used by ISA2004 for logging (as demonstrated by Instance=MSFW) isn’t very VSS compliant! Worse still given the right set of circumstances the ISA Services would fail and the whole server would be brought to grinding halt.

The best solution seems to change the logging in ISA2004 from MSDE to text file. To do this:

1. In the Microsoft ISA Server Management console click ‘Monitoring’ -> ‘Logging’ tab in the centre pane.
2. In the right pane, click the ‘Tasks’ tab, and then click the appropriate task:

- To log the Web Proxy service data to a file, click ‘Configure Web Proxy Logging’.
- To log the SMTP message screener service to a file, click ‘Configure SMTP Message Screener Logging’.
3. On the ‘Log’ tab, click ‘File’.
4. In the ‘Format:’ field, ensure that ‘W3c Extended log file format’ is selected.
5. Click ‘Options’ to confirm or to modify the following parameters: (This step is optional.)
- ‘Store the log files in’
- ‘Log file storage limits’
- ‘Maintain log storage limits by’
- ‘Delete log files older than’
- ‘Compress log files’

Hopefully that way when Shadowprotect runs, since nothing is being logged to the MSDE database, hang ups won’t occur. The general result I found on the Net is that logging of ISA 2004 should be set to text file only as it is more stable.

The Great Game

Did anyone else out there ever play Spycraft: The Great Game? I did, probably 10 years or so ago now but I still remember not eating or sleeping until I finished it! Now. I have played plenty of fantastic computer games over the years but Spycraft must rank as in top three.

So what is Spycraft about? Well you can look it up on Wikipedia but basically you are a CIA operative having to solve a case that leads you through a maze of twists and turns, requires complex solutions and choices. Best part is the outcomes change depending on what decisions you make. Thus, you can play the game over and end up with a different result. Even better the game plays like a movie because it is extensively filled with video interaction which back then was truly amazing. Don’t be fooled, this was a quality production that included many top listed actors of the age.

Anyway, I could drone on and on about how great this game is but I will refrain. After playing the game, I lent it to a friend who also loved it but promptly lost it after playing (isn’t that always the way?). That was until recently when it turned up during a clean up. Now, as everyone knows the world has moved on and we have Windows XP as the standard PC platform these days. Guess what? Spycraft won’t run on XP. DAMM. Since my friend couldn’t get it running they returned it to me.

Now I am not that easily defeated. So I tried it on my XP machine and sure enough, no go. The problem has something to do with the video drivers. Back then Spycraft needed a pretty flash graphics card so it could do the videos and perhaps that ability has been removed now in XP. Who knows? Bottom line is it won’t run. I checked the Internet and had my worst fears realized, Spycraft and XP = no go.

Hmmm…I wonder. The games was designed for Windows 98/95 so my next idea was to use Windows 98 in a Microsoft Virtual PC. Unfortunately, I didn’t have a Windows 98 Microsoft Virtual PC at the ready. I wonder if it run in Windows 2000 Professional which I did have at the ready? Guess what? It does!

So the solution is to download Microsoft Virtual PC , which is free, install that on your XP machine, then install Windows 2000 Professional into Microsoft Virtual PC, which you didn’t hear from me, doesn’t need activation but hey you are only evaluating it right? Next, install Spycraft. Sure you get a few warnings during the install and one when the game runs but from what I’ve seen so far everything WORKS! Magic. If you need help with Virtual PC see my Youtube clip on Microsoft Virtual PC.

Guess what I’ll be doing this weekend? Reliving my Windows 98 gaming days. They just don’t make ’em like this any more.

Lean and mean

Now that I have one of my Windows XP workstations running full time on a Microsoft Virtual PC I decided that it was time to reduce the amount of RAM that it consumes. Nearly everyone knows there services in Windows that you can turn off to save memory and generally improve performance. What most people don’t know (including me) was exactly what services you can and can’t disable.

That is now all solved with the Black Viper site. You can choose any current version of Windows and see which services can be disabled. You’ll find a table that gives you options for each version and allows you to customize your settings based on what type of system you want to run ( i.e. minimal, power user, etc).

After using the information on the Black Viper site, I was able to reduce my Windows XP RAM usage from 415MB down to 305MB. Sure 100MB of RAM may not sound like much but that is greater than a 25% reduction! Best part was that after a reboot the system didn’t complain and everything I needed ran.

So if you are looking to pare down the amount of RAM Windows is using take a look at the Black Viper site.

The Vista debacle

Seems like the angst over Visa and Visa Service Pack 1 just won’t go away. Have a look at this article from the Australian and take the time to read some of the comments posted by people. Then go and read this posting from Susan Bradley which kinda illustrates that we have seen this sort of karfuffle before.

I agree that Microsoft hasn’t done a very good job getting Vista out to the market but I do think you have to take a step back and look at the reality of the situation here. Microsoft is a commercial organisation. The reason it releases new software is to make money. The sooner it gets people to buy this software the sooner it makes money. Sad, but true. If you want to run Vista and avoid potential issues, get it with a new PC that has enough grunt to run it (i.e. 2GB of RAM). If you upgrade on existing hardware or over the top of a previous version of Windows, sorry, but you are going to have problems. Sad, but true. If you think that all your old software is going to run on Vista, it ain’t. You are going to need to upgrade. Sad, but true.

Look technology is all about change. If you want to use the latest features and benefit from the latest advances then you gotta upgrade. You can’t usually retro fit airbags to a 1960’s car can you? If you want airbag protection then you gotta go and buy a new car. Sad, but true. It is important not to over look the fact that these issues aren’t solely the fault of Microsoft. Other companies that run under Windows have been slow to modify their programs to suit the changes in Vista. Why? Like Microsoft they are commercial organisations. They aren’t going to spend money on developing something until it is worth their while. They are clearly waiting until there are enough Vista systems out there before they act. Sad, but true. Does this create a viscous circle, where everyone one is waiting for some critical point at which enough Vista is shipped? Yes. Sad, but true. Ladies and gentlemen, this is a commercial world we live in. If these companies don’t make money, they go out of business and then who is going to write the applications your require? It’s all about money. Sad, but true.

Sure Microsoft could have done a better job but they are working under a number of restrains here. Are other software companies failing to do their part to make Vista compatible software? Yes. Are hardware companies failing to provide driver updates for their products because they don’t deem it commercially viable? Yes. Are people failing to appreciate that they really need to upgrade to new hardware (and software) if they want to go to Vista? Yes. And so on and so on.

Bottom line? If you want to reduce your chance of issues with Vista get new hardware and be prepared that some of your old software may not work. Is that fair? Nope. Sad but true. That that is the way with technology. So maybe it is just time to accept the fact that you are going to HAVE to move to Vista sooner or later and you are PROBABLY going to experience some issues. That’s life with technology, so just get over it so you can on with it.

Here’s an interesting observation

Of late we have been removing ISA 2004 (and 2000) from our clients SBS servers and implementing dedicated firewall devices that also do any spam and web content filtering. There are a lot of reasons for this, increased reliability, less load on the SBS box, more flexibility and so on. Once we learned that the new version on SBS (SBS2008) won’t be supporting ISA on the same box as the other SBS software we decided that was further confirmation that this is the right thing to do moving forward. So the only reason that you’ll be selling a client SBS Premium in future is if they want SQL Server?

Interestingly, after removing ISA from these SBS boxes we no longer see all these strange kerberos and failed authentication errors in our SBS monitoring reports. Now, all the client workstations did have ISA Firewall client installed but in our experience certain software (especially printer monitoring software) always wanted to get to the Internet and usually via it’s own method (resulting in authentication errors). So remove ISA out of the loop and this software simply goes to the Internet out the default gateway. Whether that is good or bad is still debatable but interestingly in some cases we have had servers with thousands of authentication errors per day disappear to almost none. Interesting eh?

Now ISA did serve a purpose but lately we have found it to be more of hindrance than help. If you need to configure port forwarding sometimes you got issues, many of the usage reports didn’t show totals correctly or in order or with actual user names and so on. Now I’m sure all of these could be solved but it is much easier to get the whole firewall function off the SBS box and onto a dedicated device. It also improves reliability in the fact that you can fiddle with the Internet without affecting the SBS box.

So, if you have a whole lot of authentication and kerberos errors in your monitoring reports and you are running SBS with ISA and two NIC’s then have a look at ISA maybe being the cause of the errors. What you can do to prevent these errors I’m not 100% sure but I have found that perhaps taking ISA out of the loop is an effective solution. Today, if we sell a client SBS Premium because they SQL server we won’t install ISA or WSUS for that matter (why we don’t do WSUS is whole other story). Unless a client specifically wants SQL Server we’ll sell SBS Standard with a stand alone firewall device, much easier and much cheaper for the client.

The more I do, the more I learn

Just learnt some more important lessons recently after being involved in another SBS Migration. In most cases these days we migrate existing clients using the SBS Swing Migration kit put together by Jeff Middleton. If you are in the business of upgrading Windows networks then I strongly suggest you take a look at Jeff’s site (www.sbsmigration.com) and invest, since it is going to save you hours of work.

During the forklift of Exchange Server databases from the old server to the new server we discovered that they wouldn’t mount. The reason was that the distinguished name of on the old server was different than the new server. The old server looked like /o=first organization /ou=first organization.. while the new server read /o=business name /ou=first organization. The reason for this? Well, it turns out the old server was an OEM installation which meant that Exchange had been configured BEFORE the client details had been entered. Thus, even using the Swing Migration kit, the same server name and domain name there was an issue. The situation can be rectified using LegacyDn, which allows you to change these values. Now, you have to be careful using this tool as the following Microsoft KB article says and make sure the values from the old server match the new server. We also found that after making the changes you need to reboot the new server so that the values will be flushed through the AD.

After the reboot you will also probably need to disconnect all the existing user mailboxes and then re-connect them so that all the details are correct. A pain, I know but it did the trick. So the lesson here is that if you are migrating from an OEM installation of SBS then more than likely you should run LegacyDn to record the Exchange database details just in case there is name mismatch after the migration.

Now, during the migration process we had some issues with Exchange public folders and I was trying to mail enable them while using Remote Desktop from a workstation. Now for some reason the option to run the Exchange tasks wasn’t being displayed when I hit the right mouse button on the public folder. Turns out that it won’t display unless I am using Remote Desktop as the console session. To to this you need to run:

%SystemRoot%\system32\mstsc.exe /console

It seems that there are somethings that just don’t work unless you are remoted in as the console session. So lesson two is that if you plan to do any administrative work on a server via remote desktop (especially during a migration) always remote in as the console session.

Video 41 – Configuring SBS monitoring

Our latest video is now available as always on YouTube. You’ll find it by clicking here. This video focuses on configuring monitoring on Small Business Server 2003, which will email health reports and alerts from your server. Sure, it isn’t that hard to configure but many people don’t even know that this feature is available.

As always, we are trying to improve the quality and professionalism of what we provide but that is hard without any revenue for our efforts. As such we can only continue to offer these videos whenever we get some free time. Initially we thought that perhaps asking for a donation from viewers would provide at least some low level of assistance. However, to date we have been very disappointed with the response (thanks to those that did donate – the small number of you – we really appreciate it). We are not asking for hundreds of dollars, AUD $5-$10 from people would really go a long way if enough people saw fit to donate.

So in light of this poor response we have opted to now provide a set of show notes on each video we do for a minimum of AUD$5 donation. The show notes will cover what the video covers but also provide some more advanced information about the topic at hand. We hope that perhaps this enticement will encourage people to support the work that we do by helping us fund our planned improvements. You can find a list of these by clicking here.