Category: electronics

  • SQL 2005 and Windows 2008

    Having troubles running SQL Server Manager on your shiny new Windows 2008 installation?  Make sure you right click and do a “Run as administrator” on it.  Took me awhile to figure this one out.  Otherwise you’ll just get the error “Login failed for user domainuser.  (Microsoft SQL Server, Error: 18456)” even if you’re a member of the local administrators on the SQL box.

    Yet another instance of where UAC sucks.

  • Windows 2008 How-To Guides

    Microsoft released a bunch of how-to guides for various things new to Windows 2008.  You can grab them all from the MS Download page.

    Things I would definitely check out are:

    • Deploying SSTP Remote Access Step by Step Guide.doc
    • Server_Core_Installation_Option_of_Windows_Server_2008_Step-By-Step_Guide.doc
    • Windows Server 2008 TS Gateway Server Step-By-Step Setup Guide.doc
  • Exchange 2007 after Windows 2008 Upgrade Part 3

    After having issues with a potential bug on Feb the 29th, I’ve finally gotten things straightened out. 

    Today I attempted to move the mailboxes again, but received the same error message.

    Summary: 1 item(s). 0 succeeded, 1 failed.
    Elapsed time: 00:00:08

    User’s Mailbox
    Failed

    Error:
    The address list service on the server ‘servername.fqdn’ is not running. The Exchange server address list service failed to respond. This could be because of an address list or email address policy configuration error.

    The Exchange server address list service failed to respond. This could be because of an address list or email address policy configuration error.

    Exchange Management Shell command attempted:
    ‘fqdn/Managed Users/User’ | move-mailbox -BadItemLimit ‘10’ -TargetDatabase ‘servernameFirst Storage GroupMailbox Database’

    Elapsed Time: 00:00:08

    It turns out that all I needed to do was restart the System Attendant service on the machine I was trying to move the mailboxes to.  After I did that, everything moved successfully.  I then attempted to hit OWA on the new machine and it was successful!  So I finished moving all the mailboxes over, changed ISA to point to the new server name, imported the right certificate and I’m good to go.  Almost 5 days of downtime, but no email lost, yay!

    Now I just need to decommission the old Exchange box and give the new one more RAM.  Not a bad few days work.

  • Exchange 2007 after Windows 2008 Upgrade Part 2

    Well, I’ve got the new Exchange box up and running.  However, I can’t move the mailbox from one machine to the other.  Thankfully, I’m not the only one having this problem today.  It appears as though because it is the 29th of February (leap year), there is a bug in Exchange 2007 preventing certain things from completing.  There’s a nice TechNet thread on it, and it appears by setting your date to tomorrow fixes it.  I think I’ll just wait to move the mailboxes till tomorrow or later then πŸ™‚

  • Exchange 2007 after Windows 2008 Upgrade

    I know it has been well documented that you cannot upgrade Windows 2003 to Windows 2008 with Exchange 2007 installed and expect Exchange 2007 to keep functioning.  However, let’s say you may have accidentally done the upgrade on a standalone Exchange 2007 box you have, you know, just in case it were to happen (like it did to me).

    Prior to doing the upgrade, you’ll notice a few things.  First of all, you’ll be prompted that you need to uninstall Powershell.  However, no where does the compatibility checker say anything about needing to uninstall Exchange 2007 prior to upgrading.  I found this hilarious (in a sad, pissed off way) because I had tried to upgrade my WSUS virtual machine first, and it had told me that I would need to uninstall Powershell and WSUS prior to upgrading.  I’m so glad that I wasn’t told anything about Exchange in a similar fashion.  Ugh.  By the way, I was running Exchange 2007 with SP1 prior to the upgrade…of death!

    The first stumbling block, which should have caused me to stop the upgrade process, was uninstalling Powershell.  Since I had installed it prior to installing SP2, uninstalling it becomes a pain.  This is because Powershell is a windows update and if you install a service pack you can’t uninstall any updates prior to the service pack.  Lovely.  Well, in another unsupported way you can uninstall it.  You have to browse to %windir%$ntuninstallkb926139$spuninstall and run the spuninstall.exe.  Now, this may or may not be on your machine anymore either.  On some of my virtual machines it was there, but on my Exchange server it was not, so I copied it over and ran it.

    Ok, so now I can upgrade, yay!  Windows does its thing and upgrades everything and restarts successfully.  I was actually fairly impressed when it booted up.  It looked like it actually worked.  However, then I went into the services snap-in.  I usually do this with this machine because it is slightly RAM starved and sometimes all the Exchange services don’t start.  Sure enough, they hadn’t all started.  So I went through and tried to start them all.  All started but the information store and the system attendant service because of a dependent service.  Crap, of course it’s the important ones.

    Well, first thing I tried was to reinstall Exchange 2007 SP1, just to see if that would work.  Of course this required me to reinstall Powershell, since that’s a pre-req.  No big deal, installed that easily.  Then when I tried to actually install SP1 it just bombed saying it couldn’t upgrade.  Looking through the eventlogs it was because it was trying to spin up those two services.  Great.

    Well, doing some quick registry editing, I found that the service it was dependent on was NtlmSsp.  Needless to say, this service does not exist on Windows 2008, hence the issue.  Two seconds later, I removed that dependency from within the registry and restarted the machine.  The machine reboots, and low and behold all of the services start.  And all the email that was in the queue on my Edge Transport machine left the queue and made it into Exchange.  Downside is that I was doing this all remotely and OWA still didn’t work.

    Honestly, I wasn’t that worried about OWA.  I mean, as long as I can get my emails back and then do the correct upgrade (aka, no upgrade at all) I’d be a happy camper.  Heck, even after installing Powershell back on it, I was able to open up Exchange System Manager.  Really, if I didn’t know all about the services and didn’t use OWA, I would’ve never known it wasn’t working.  Oh, well, maybe the exceedingly high CPU utilization, but oh well.

    When I got home, I had to test to see if I would be able to access my email.  Sure enough, Outlook worked like a charm.  I received all the queued email that had been sitting there for a day, and I was even able to send an email.  Pure craziness. 

    What makes this even better is that the Exchange team actually decided (well, they actually went into it knowing what they were getting into) to try this same thing too.  However, they weren’t able to get things working.  I think the large mess-up was re-installing SP1.  I’m glad I didn’t decide to go down that path, especially since mine worked.  Needless to say I’m working on building a new VM with Windows 2008 and then going to add it t the ORG and move the mailboxes over to the new one.  However, in the meantime, at least my email is functioning πŸ™‚

    I’ll be sure to post again on if I ran into any more issues with the mailbox move.  Worst case I suppose I could just do an ExMerge (actually Export-Mailbox for 2007) on the mailboxes or dump the email out of outlook to a PST.  I’d rather not do that, but if that’s what it takes…

  • Fixing the 360

    My last post about my 360 was way back in February.  In it I described how, after purchasing Crackdown, and attempting to play it, my Xbox360 died.  At the time, I called Xbox Support and haggled with them to fix it for free, eventhough it was out of warranty.  I just had to pay for shipping.  Anyways, about a month after I had called, and then didn’t actually ship it in, Microsoft actually extended the warranty of the original lot of Xbox360s and they now send you a box to ship it back in with a pre-paid UPS label.  At the time, I didn’t think that I actually qualified for the extended warranty, so I still wasn’t really in a hurry to ship it back.

    Well, I never followed up with that story, mostly because I never sent it in.  In fact, it’s still broken, sitting in my new place.  Last Friday, one of the guys I work with on my new project (he’s an from a different company than I am, but not the client) came to the my company’s main office because we needed to meet.  Well, turns out he’s a pretty damn good Halo 2 player.  Needless to say we played a few games on Friday.  Ever since then, I’ve been itching to play again.  Sadly, at the customer site, there’s not a game room (lame, I know).

    Anyways, I had told him about how Crackdown had broken my Xbox, and that my laziness was preventing me from utilizing my $400 piece of gaming awesomeness.  For the last 3 days, he’s been hounding me about getting it fixed, and why I haven’t called it in.  Then I hear, on all place NPR, about Halo 3.  I had completely forgotten that it comes out in Sept. 

    Needless to say, something needed to be done.  I still had the old reference number from when I had called in before, just in case they gave me a hard time.  Well, I called them up.  It was amazing how easy it was to deal with the people this time.  Last time I called, there was this huge long voice mail redirection service.  All of that was gone.  I actually didn’t have to push any buttons at all before talking to a support person.  She simply asked for my serial number and address, which I gave her.  I then told her the issue, and she asked if I had been through all the troubleshooting steps.  I had, back in February, so I said yes, and she didn’t harp on it!

    Unfortunately, with the move, I had to give her my old address.  It needed to be changed, so I let her know.  The address change procedure apparently takes 2 hours to do, so she said to call back 2 hours later.  Ugh, but whatever.  I suppose I can wait two hours.

    Another new feature I was told about when I first called in was the self-service website.  You can go to service.xbox.com and actually do all of this over the web.  So, after hanging up with her, I figure I’d at least check it out.  I signed in with my Passport ID and mapped my Xbox serial number to it.  Low and behold, my address showed up there as my new one.  It must have propagated through the system already (2 minutes later), so I called back.

    Sure enough, it had.  The gentleman asked me to verify it, and we were all set.  Another thing I noticed on the website, was that my Xbox was still under warranty (score!).  That means I definitely don’t have to try to wrangle free work again either.  He updated his system so I get one of the pre-paid boxes in the mail, and that was that.  As soon as he did it, I could even see the warranty status change on the webpage. 

    That was slick.

    Sadly, for Microsoft, my two reference numbers between the two calls increased by 1,354.  That’s a lot of support issues within a total of about 15 minutes.  Still, not nearly as bad as between February and today where the reference numbers increased by 13,122,883.  Regardless, in 4-6 weeks, I may have a functioning Xbox360 again, in the form of a repaired or new one.  It don’t think it’ll be in time for the launch of Halo 3, but it’ll be damn close.

    I’m just so glad that MS has listened and made their customer support 100x better now.

  • The Internet

    I love buying things on the internet.  For a lot of things, it doesn’t make sense, and for others you have to take a bit of extra time.  However, you usually always find a better deal online.  Plus there’s the challenge of finding that better deal, and still try to use a somewhat reputable retailer.

    Oh internet, I love you so.

  • DAS vs NAS vs SAN

    Something that is making me very angry with the current project I’m on is the difference between DAS, NAS, and SAN technologies.  The worst is that I’m working with these people on a specific thing not related to storage infrastructure, but instead development architecture and the people that are dealing with the storage infrastructure are the people that don’t know what the hell their talking about.  In particular, the hosting provider that does all of the storage infrastructure work for us doesn’t know what the differences are.  Oh, and don’t get me started on a VMware paper that we had that didn’t know the difference either.  It just drives me nuts. 

    For those of you keeping score, I’m going to outline this out.

    DAS = Direct Attached Storage.  These are disks that are physically located in your host machine.

    NAS = Network Attached Storage.  NAS is file based.  For example a CIFS or NFS share.  This is typically TCP/IP based access.  The NAS device “owns” the data on it.  That is, the NAS device administers the data.  For example, you connect to a NAS device from a windows machine by accessing servernameshare.

    SAN = Storage Area Network.  SAN is block based.  This is when LUNs (logical unit numbers) are involved on a host.  The host “owns” the data.  The host is in charge of the partition, formating, and access to the LUN.  You can access a SAN via two protocols: iSCSI (TCP/IP) and/or Fiber Channel (FC). 

    I’m so sick of seeing people talk about iSCSI NAS.  There’s no such thing because in a NAS scenario you are sending CIFS or NFS protocols over TCP/IP while in a SAN solution you’re sending SCSI protocols over TCP/IP.  Huge difference.

    And yes, you can have a device that serves both NAS and SAN from one filer.  This is called Unified Storage.  All NetApp devices can do this.

    Are we clear now?!

  • Crack Kills

    Well, Crackdown that is.  That’s right, it’s killed my Xbox 360.  Binford bought it and apparently tried to play it on my Xbox, and it locked up.  Resetting the box resulted in the red three lights.  I came home later, not realizing what had happened, and the Xbox booted up, I attempted to play Crackdown, I downloaded a needed update, and it locked up again.  Restarting it gave the red three lights.  After some fiddling, I got it to work again.  I then booted it without a game, put in the Halo 2 disc, and it worked fine.  Put Crackdown back in, and it locked up again.  Some more fiddling, it comes back on.  Play even more Halo 2, everything’s fine.  Put in Crackdown disc, locks up.  Unfortunately now, no amount of fiddling has gotten it to turn back on again.

    Damn.  So I called Xbox support.  They run through everything to make sure it’s not the hard drive or the power supply.  It’s not.  I give him my serial number.  He comes back and says that it’s not under warranty anymore.  Well, it needs to be sent in because he can’t fix it over the phone, he asks if that’s alright.  Of course, I tell him no.  The damn thing worked fine before Crackdown, and now it doesn’t.  Hell, it even worked with Halo 2 just fine, but stopped as soon as I put the Crackdown DVD in.  Obviously this has nothing to do with my console and a whole lot to do with the game. 

    He talks to his supervisor.  They won’t charge me for the repair, but I’ll have to pay to ship it there (normally Microsoft pays for that too, at least, when it’s under warranty).  I say that that is acceptable, and he gives me all the details I need.  I’m thinking about shipping it from work, that way Microsoft still ends up paying. 

    This definitely gets me wondering how non-sensical this machine is.  It comes with a hard drive.  Actually, some do, not all.  Why are the updates not being applied to the hard drive?  That way, when something happens, you can just wipe the drive and start over.  Also, how is a game causing the thing not to boot anymore?  It’s just a piece of software that runs at a very high level.  There is no reason it should be able to influence how the machine runs.  And then there’s the fact that it is a closed system.  Everyone has the same thing, and the peripherals that do come out have to go through Microsoft.  How I’d love to be able to QA programs that only have to run with one configuration, and yet, they seem to not be able to do that.  Makes you wonder…

  • ISA Site-to-Site IPSec VPN

    I wasn’t necessarily going to post this, but since ISA seems to be the most linked to thing on this site because of only 2 articles, I figure it can’t hurt to talk about it. Especially since it was a very strange problem I had with it and I’m sure I won’t be the only one with it.

    Anyways, at work I am utilizing ISA 2006 Std edition in a front and back wall scenario. Site-to-Site VPN terminate on the external firewall, and all of our local VLANs (55 of them) are routed off of the internal firewall. So far, nothing that complex. It’s just a simple DMZ between the external and internal network setup.

    Anyways, I had a site-to-site VPN (IP pre-shared key) between a customer and us. Basically, we just need to hit a single machine, so the remote network contained two IP addresses, one for the client’s gateway (this is added by default in ISA 2006, DO NOT delete it, also be sure that the remote site has added your gateway in as a remote network too!) and another for the machine we needed to hit on their local network. Anyways, it was working fine. Well, actually, nobody was using it quite yet, but testing had been completed, and I was able to access everything that the developers would need. Anyways, the customer decides that they need to add another IP address that we’ll need to access. Again, no big deal. I’ll just add the IP to the network list for this client. Just to make sure everything’s working, I test it. Nothing works to the new IP. However, the old IP still works fine. What the hell?!

    For those of you unfamiliar with ISA, it’s not like I created a new VPN for this new IP addition, or anything like that. I simply added the new IP to the existing network. All the routing and firewall rules remained the same. Adding the new IP to the list of remote networks should have allowed it to work.

    Working with the IT person at the customer, I learn that when I try to hit the new IP address, the Quick Mode authentication was failing because the ISA server was sending the wrong local network that the request was coming from. The local network that was defined in the rule (by putting a subnet destination in the network rule) was 10.254.95.192/27. However, on the client’s side, he was seeing the request coming from 10.254.64.0/19. In order to create the IPsec tunnel, both the local and remote networks on each end of the tunnel must be identical, but switched (i.e. my local is his remote, and his local is my remote). Needless to say, this 10.254.64.0/27 was screwing everything up. However, when I connected to the original IP that worked, it was sending the correct network of 10.254.95.192/27.

    Of course, no where in ISA 2006’s logging can you see it making the IKE requests. All I could see is that requests were being routed correctly from the internal ISA to the external ISA, and then from the external out to the correct network for the customer VPN. In essence, traffic was going in to a black hole. I could also see that the VPN connection (Main Mode) was up and running. I was completely reliant on the customer to let me know what was coming down the pipe to him. That right there is not really something I’m comfortable with, but he seemed to be OK with it. I’m sure it’s because he knew it wasn’t on his end, but on mine.

    After deleting the VPN multiple times and recreating it to no avail, restarting the machine, etc, I knew that I would have to get some help from someplace else. Thankfully we have an awesome community of people at work that I could bounce ideas off of. Unfortunately, I never received a response. Also, ISAServer.org is a great place to get information. They have forums there that people keep an eye on. Unfortunately, ISA 2006 is still quite new and not as many people deal with it. I also did not receive a response from there. Needless to say, I was on my own for this one. Not a place I really wanted to be, since I thought I was at the end of my ability.

    Actually, the IP isn’t really done in ISA server at all. Much like everything else that ISA server does, it’s just an application that sits on top of the OS and utilizes things that are already built into the OS (in my case Windows 2003 R2). This means that all IP policies, rules, etc are done by Windows and this can be monitored using the IP Security Monitor MMC Snap-in.

    Since the VPN tunnel was being created successfully, I knew that Main Mode IKE Policies were correct, it was the Quick Mode policies that were causing me grief. Since we have multiple VPN connections terminating on this firewall, there are a lot of Quick Mode IP policies in place. Especially since all of them use pre-shared keys, which require that two IP policies are created, one for inbound and outbound (otherwise you can have one policy that does both inbound and outbound).

    Scanning through the policies I was able to find the inbound and outbound policies for the original customer IP address to the 10.254.95.192/27 network, but I wasn’t able to find it for the new customer IP address. Alas, the problem! The next best policy for the new IP address was for the 10.254.64.0/19, since this policy encompasses the 10.254.95.192/27 subnet. Finally, I felt like I was making progress. Unfortunately, ISA should have been creating these policies when I edit the customer VPN networks. Actually, I still have no idea why ISA isn’t creating these policies. This is why I think there’s a bug which I’m going to submit to Microsoft (via this post actually).

    Now that I knew the source of the problem, I had to fix it. Some days diagnosing the problems take longer than fixing them, and some days it’s the other way around. Since it had already taken me about a day to find the problem, I hoped that it wouldn’t take that long to actually fix it.

    Needless to say, you can’t add IP policies from the IP Security Monitor MMC Snap-in, because, well, it’s a Monitor not an editor. The IP Policy Manager MMC Snap-in was no use either, as it defines computer level policies. Doh. Well, I can finally say that one of my certifications actually came in handy. That “+ Security” portion of my MCSE gave me the knowledge that there is a way to edit IP policies from the command line. Going on this, a quick Google search gave me exactly what I was searching for. Now which command to actually use?

    At first I tried to just create a filter. However, I didn’t know of any filterlist, and none of the current filters were a member of a filterlist. Thankfully you can just make up a name and it creates on. Unfortunately this didn’t solve anything. Nothing showed up in the Quick Mode filters. Lets try again, yeah?

    Turns out it’s not a static setting, but a dynamic setting, which makes more sense. Anyways, you can add Quick Mode rules pretty much the same. In that I mean, the command is just as long and gross. Just be aware, that since I wanted to add a Quick Mode rule and not a Main Mode rule, I had to put in the Quick Mode Policy variable.

    Another thing that made this so confusing was that in IP Monitor, they are called Quick Mode Filters and at the command line they’re called Rules. Ugh. At least it’s taken care of. And now I think I know more than I ever wanted to about ISA and IP.