I’m posting this from my Dell Optiplex 755 running Mac OS X 10.5.1. Awwwww yeeeaaahhhh.
Archive for the 'Geek' Category
Last week I mentioned a bizarre problem that occurred during an Exchange 2000 to 2003 migration for a client. Shortly after posting that little expository, I discovered another.
The customer called to indicate one of his user’s Inbox had been moved to his Deleted Items folder. I had never before seen this, as Outlook prevents users from making such “mistakes” with special folders. I’d heard rumors that previous versions of OWA would allow users to do this, however he insisted that it just appeared this way after the migration. What was really strange was that new email continued to be delivered to this seemingly “deleted” inbox. No attempt to move the folder back to the root of his mailbox would work, and Google turned up little helpful information this time. Deleting the Outlook profile and all of its offline cache goodies proved futile, and I was on the verge exporting his mailbox to a PST file and nuking it, when The Google finally answered.
Turns out some random bloke on a Technet message board had this problem when moving users from Exchange 2003 to 2007, and after some of the same steps I had taken, he had found the solution that worked equally well for me. Moving the user back to the old server, then back AGAIN to the new server put the Inbox back where it belonged. While I don’t understand the root cause of this problem, I’m glad to have solved it without the pains of nuking a mailbox. Just further proves that keeping an old Exchange server around for a few weeks after its migration is a Smart Move™.
After a nasty power outage a few weeks ago at Key, I realized that I had never installed APC’s wonderful Network Shutdown tool on our VMware server. The Network Shutdown tool is a service that runs on just about any OS, and communicates with APC’s network-enabled UPSes. When the UPS detects a power failure and reaches a battery life threshold, it will issue a command to each computer running the Network Shutdown tool to, obviously enough, shut down. I’ve installed this on many Linux boxes in the past, so I figured this would be no different.
A quick Google search turned up numerous hits about a VMware specific RPM available from APC for v2.21. A quick search of APC’s website turned up no such thing, and downloading the newest release for Linux didn’t get me very far. During the installation it through an error about VMware not being supported. After some further Google digging, I finally found a direct link to the RPM buried on APC’s FTP site. Installing the RPM worked like a champ, and once I opened up the requisite firewall ports in ESX I was able to access the web interface and get it configured.
To save others the same headaches I encountered, I’ve preserved the RPM file on my site until APC decides to support VMware in new releases again. The file is available below.
I upgraded my Verizon 8703e to Blackberry OS 4.2 about two weeks ago, one out of the desire for “new stuff”, and two because someone developed a Blackberry companion to KeePass that required 4.2 or newer. It’s a pretty nice upgrade that brings some of the look and feel of the newer Curves and 8800 series to my trusty email warrior. In particular, the newer, brighter Dimension theme, options for a Today-style screen, and a decent media player that finally lets me listen to the WAV files my unified voicemail software delivers to my inbox.
Generally, the upgrade process was smooth, but not without some hiccups, plus I had to do a fair amount of work to get the much-sought-after Today screen working. Just to help others that may experience the same pain, here are the tips and gotcha’s I encountered:
I use the Netgear WG102 access point in a few client sites, mostly small to medium business that use wifi as a secondary form of access. For about $120 you get an 802.11g access point that’s plenum rated and supports PoE, auto-channel and auto-signal strength, VLAN’s, SNMP, multiple SSID’s, and every security feature under the sun (including 802.1x RADIUS auth). What it doesn’t provide is good centralized management or any sort of serious wifi intelligence, which limits them to smaller shops.
Despite this great bounty for only $120, they do have a major weakness - they tend to lock up after about 2 weeks of normal use, which requires a hard power-cycle to resolve. After some Googling, I recently stumbled across a work-around on Netgear’s forums. It seems by setting an SNMP OID to a certain value, you can cause the access point to do a soft reboot. The trick is to schedule such an event on a weekly, or even daily, basis, so that it occurs before the AP has a chance to lock up. The command below works quite well using the Windows task scheduler and the Net-SNMP tool set.
snmpset.exe -v 1 -c private 10.10.10.10 1.3.6.1.4.1.4526.4.3.9.1 integer 1
Just change the community string (in this instance, private) to your R/W community, and of course the IP address to match your AP. I have this running at two locations each rebooting 5 of these AP’s on a weekly basis and so far no lockups.
I migrated a client from SBS/Exchange 2000 to Exchange 2003 this weekend. On the server-side, everything went quite smooth, despite my fears that SBS would really screw with my ability to work with the standard Windows and Exchange tools. Not so much on the client side.
All the clients were running Outlook 2003. Some users were seeing duplicates of many of their system-level folders (Inbox, Calendar, etc). All users were unable to access any folder but their Inbox. Trying to view the calendar, contacts, or even a user-created mail folder would cause Outlook to crash. I suspected it had something to do with offline folder files, although deleting the Outlook profile and it’s associated OST files had no affect. A bit of Googling finally turned up this post at joeware, which pointed to this post in the Microsoft newsgroups, which contained the answer.
After some work, we were able to determine why Outlook 2003 crashes after moving mailboxes off of Exchange 2000 onto Exchange 2003. The fix is to add a registry value “Guid-Replid Caching” under HKLM\System\CurrentControlSet\Services\MSExchangeIS\SERVERNAME. Under each mailbox store we added a REG_DWORD of “Guid-Replid Caching” with a value of 0.
Taking their advice, I made the change, restarted the Exchange IS service, and damn if that didn’t solve the problem.
I started using Gmail about 9 months ago when I picked up my first Blackberry, and quickly found that IMAP and POP3 via BIS are on a 15 minute delay, but Yahoo and Gmail accounts are real time push, just like a BES. I started forwarding all of my email accounts to Gmail and, after a few days of acclimating myself to labels, archiving, and other oddities, I was off and going. Nine months later, I was continually frustrated with my inability to organize myself using Gmail’s web interface. Near instance search was great, but the whole “label” concept just didn’t work for me. I desperately wanted nested folders and more keyboard driven filing abilities, and a task-list built right into the interface would be nice too.
Not willing to give up Gmail’s obvious benefits (access-anywhere ability, instant Blackberry, search search search) I decided to give Gmail’s recently added IMAP feature a whirl with Mozilla’s Thunderbird , which I consider to be the least-bad IMAP mail client out there. Using this article from Lifehacker as my guide, I began to tweak, test, and finally settle on a good configuration and a gaggle of extensions that make my life in Thunderbird SO MUCH NICER than it ever was in GMail’s (also least-bad) web interface. Here’s what I discovered.
I’ve spent the last several weeks fighting problem after problem at Key, so I’ve decided to blog about them (in reverse order) as a form of therapy. This is kind of long, but I don’t give a crap.
Today’s problem started first thing (gotta love that). Last night (mistake #1) I migrated all of our printer shares to a new server (well, VM), did some testing against the printer in my office (mistake #2), and finally modified the logon script to point all of the users (mistake #3) to the new server. I knew something was up when my Blackberry went nuts around 7:45 this morning while on Rt 2. Sure enough, almost no one could print. Once I got in the office, I swung everyone back to the old print server and spent most of the rest of the day troubleshooting what the hell was happening.
When a Windows client connects to a printer shared off another Windows computer, typically Windows Server, the spooler service on the client initates an automatic download of that printer’s driver off the server. This typically goes off without a hitch, but occasionally problems can arise when the driver being downloaded is a third-party driver or is a kernel-mode driver. Through some trial and error, I determined that printer drivers were not being installed when connecting to the new server, but I couldn’t figure out why. These same drivers (so I assumed) were being installed off the old server, so why wasn’t this server working? I’ve had the typical group policy settings required for this to work set for years.
I have yet to find a solid answer for what was going on, but I have two theories and one resolution.
Theory one: I found this in a Microsoft newsgroup posting from last year.
The default state, unconfigured, allows workstations to add a printer connection to any print server in the same AD forest. This policy applies to XP SP1 and later (I believe). In order for the desktop to comply with this policy, it must confirm that the print server is indeed in the same forest as the workstation. Apparently, it can only do this if it can find the print server via its machine object in AD.
This new print server is a domain controller running under VMware ESX. We’re a one site, one domain, one forest shop, so it stands to reason that the client should see the DC in the forest no problem. However, virtual machines have a way of complicating things, particularly with time syncronization (which I did address per VMware’s docs). Kerberos is typically used to verify a machine exists in the same forest, and of course if the time between the client and the server is off by more than 5 minutes, Kerberos authentication will fail. I’m not convinced that this was the problem, in fact I’m pretty sure it wasn’t. However, to be on the safe side, I followed step 3 in MS KB888046 to disable the forest check for “Point and Print”.
Theory two: The driver wasn’t being installed because of a version conflict or other permissions issue.
Remeber how I said I assumed the new server used the same driver version as the old? Yeah, that wasn’t the case. I had downloaded the most recent driver version off the Kyocera website for these printers and used that on the new server, assuming it was used on the old server. Turns out there’s actually a newer version on the CD that came with most of the printers, and that’s what was used to install these new printers a few weeks ago (no, I didn’t do the installs). Since the new server was using an older version of the same driver, its entirelly possible that during the connection attempt, the driver wasn’t downloading because it refused to overwrite a newer version that was already installed. Alternatively, it’s possible the client never bothered to download the driver from the server, since it already had it, but the versions were incompatible and thus didn’t work. In either case, it seems like this was the true issue.
Resolution: Pre-install the printer driver.
Windows 2000 introduced a great little file called printui.dll. This file, when run via rundll32.exe, allows you to script various printer tasks that normally would require a GUI. One of those tasks is installing a printer driver without a printer. This, combined with an Altiris Software Delivery Job, saved my day. I updated the driver on the new server with this most recent CD version, copied said CD version to my DFS netinstall share, and set up an Altiris job to copy down the driver and install it using printui.dll on all of my client machines. Presto, all connections to the new print server worked like a champ.
Remember those three mistakes I pointed out above? Let’s address them one at a time.
Mistake #1: Last night…
Never, ever, ever, make a change as wide-reaching and client facing as a printer server move late at night when you’re tired, working in your PJs at home, and have had several glasses of wine.
Mistake #2: …did some testing against (my) printer…
My printer is one of the only Dell’s left on campus. Practically everyone else is using a Kyocera printer, which are all brand new and all use the same basic driver. So why the hell wouldn’t I AT LEAST test against ONE of the Kyocera printers? See mistake #1.
Mistake #3: …point(ed) all of the users…
If there’s one thing I can never seem to learn, its to test against a control group. I was so eager to get this long-standing project off my plate I went ahead and pulled the trigger, moving THE ENTIRE CAMPUS to the new print server immediately after putting it into production with minimal testing and maximum inebriation. Dumbass.
So, now that I think I’ve solved the problem, I’ve pointed a few departments (all my non-screamers) at the new server and we’ll see how it goes. I’m also going to keep a very close eye on this server’s DC duties, just in case theory one proves true. The last thing I want is a Kerberos issue on a DC. And, for those of you in the back of the room shaking your head at the thought of a DC acting as a print server, get over it. My DC’s are low-volume machines that are wasted not doing something else. Yes, it’s a VM, but Windows licenses aren’t exactly free either.
I’ve spent years dealing with Window’s roaming profiles, a feature that allows users on a Microsoft NT 4 or Active Directory domain to have their settings and files follow them from computer to computer. A good portion of my teachers roam in that fashion, necessitating roaming profiles (they make backing things up easy too). Over the years I like to think that I’ve tuned them as best I can, yet they remain slow, cumbersome, and easily corrupted. I redirected the Application Data folder, which speeds logon times, yet puts a pretty heavy strain on the network and file server. I don’t cache roaming profiles, as caching can often bloat or corrupt profiles, yet it lengthens the logon time (seemingly undoing the advantages of folder redirection). I excluded the Recent folder, which also speeds logon times, yet causes teachers to complain about not being to find their “documents” (sigh). I had resigned myself to just living with them, as had my teachers. However, I think I may have found a light at the end of the tunnel.
In doing research on setting up profiles for my new terminal server (yeah baby!), I found a nice little freeware product called the Flex Profile Kit (FPK). It’s a compilation of scripts and the Office 2003 profile wizard which allows you to use mandatory profiles yet still retain custom settings and files. Mandatory profiles are an admin’s dream, but a user’s nightmare. They load fast and are incorruptable, yet they don’t retain user settings. The FPK gets around this conundrum by exporting registry keys (and optionally files) to an OPS file during the logoff process. During login, once the mandatory profile is loaded, the OPS file is loaded back into the profile by way of a login script. What to save and reload are defined by way of simple INI files, and there’s even a GUI to help automate the configuration and creation of the INI files. Deployment is handled by an MSI file, easily pushed out via group policy or Altiris. All of this is free of charge and well documented. Frankly, I’m amazed.
While the FPK was designed to solve profile problems in terminal server or Citrix environments, it’s perfectly usable in a traditional client/server environment like ours. If it works even remotely the way it seems to, I think I may have finally found the way out of my profile hell.
I had Verizon FIOS installed just over a week ago, and having put it through its paces, I’m giving my thumbs up.
I decided to make the jump from Comcast after debating prices vs. features and picture quality, finally settling on a FIOS package relatively equivalent in both price and features to my current Comcast package. I placed a call to Verizon, and ordered the 5/2 Internet service, the premier package television service, the “movies” add-on, 1 DVR box, and 2 standard boxes. We have three TV’s in our house, and each television requires a box with Verizon. With my order complete, and installation date scheduled (about 2 weeks out), the wait began.