Having issues accessing Commerce Server 2007 performance counters remotely? We were too. It seemed like only specific ones were able to be remotely accessed. Well, it turns out that is “by design” (bullet point #2). However, you can get around this by allowing the Remote Registry service run as an account that has access to the database. Down side to that is I’m not exactly sure what permissions are actually required for the Remote Registry service (something above a normal user), and who knows what that breaks.
Category: work
-
Visual Studio Test Load Agent Brain Dump
On my current project, I’m doing a lot with performance testing using Microsoft Visual Studio 2008 Test Load Agent. Now, there’s not a whole lot of things on Microsoft’s site about it, and blog postings are fairly sparse too. Hopefully some small nuggets listed here will be beneficial.
The first thing to note is that there is some documentation for 2005, but very little about the 2008 version. Do not use the 2005 version if possible. It has many blocking issues you probably will encounter. Use 2008 as many have been fixed. Many of the guides below are for 2005, but work just as well for 2008.
Installation:
- Installation Guide for VS Test Load Agent
- Firewall Visios
Configuration:
- Misc Good Configuration”
- In the installation documentation, it talks about if you have a domain or workgroup. However, in many test scenarios you will have multiple domains with no trusts in place (i.e. controller sits in one domain while the machines to be tested and monitor sit in another). Don’t panic. Simply create the Controller service account with the same username and password in all the domains. Make the Controller service account a member of the Performance Log Users and Performance Monitor Users groups, and it will do synchronized pass-though.
How-To’s and Walkthroughs:
- Video How-To’s
- Codec for above video
- Introduction to testing with Visual Studio Load Test Agent
- Creating web tests
- Authoring and Debugging Web Tests
- Analyzing Load Test Results
FAQs and Indexes:
- MSDN Forum FAQ
- Ed Glas’s Content Index
Hopefully those links will help people. This is usually the set of links I send people who are knew to the whole Visual Studio Load Test Agent stuff.
-
WCF Extensions and .NET 3.0 SP1
Having issues installing the WCF Extensions on Visual Studio 2005 when you have .NET 3.0 SP1 installed? Getting an error message the looks something like the following?
Setup has detected that a prerequisite is missing. To use Visual Studio 2005 extensions for .NET Framework 3.0 (WCF & WPF), November 2006 CTP you must have the .NET Framework 3.0 runtime installed. Please install the .NET Framework 3.0 runtime and restart setup.
Well, instead of just installing the application by double clicking on the MSI, run it the following way. This ends up bypassing the prereq checks and it installs successfully. Yay to broken installers!
msiexec /i vsextwfx.msi WRC_INSTALLED_OVERRIDE=1
-
SQL 2005 and Windows 2008
Having troubles running SQL Server Manager on your shiny new Windows 2008 installation? Make sure you right click and do a “Run as administrator” on it. Took me awhile to figure this one out. Otherwise you’ll just get the error “Login failed for user domainuser. (Microsoft SQL Server, Error: 18456)” even if you’re a member of the local administrators on the SQL box.
Yet another instance of where UAC sucks.
-
Exchange 2007 after Windows 2008 Upgrade Part 3
After having issues with a potential bug on Feb the 29th, I’ve finally gotten things straightened out.
Today I attempted to move the mailboxes again, but received the same error message.
Summary: 1 item(s). 0 succeeded, 1 failed.
Elapsed time: 00:00:08User’s Mailbox
FailedError:
The address list service on the server ‘servername.fqdn’ is not running. The Exchange server address list service failed to respond. This could be because of an address list or email address policy configuration error.The Exchange server address list service failed to respond. This could be because of an address list or email address policy configuration error.
Exchange Management Shell command attempted:
‘fqdn/Managed Users/User’ | move-mailbox -BadItemLimit ‘10’ -TargetDatabase ‘servernameFirst Storage GroupMailbox Database’Elapsed Time: 00:00:08
It turns out that all I needed to do was restart the System Attendant service on the machine I was trying to move the mailboxes to. After I did that, everything moved successfully. I then attempted to hit OWA on the new machine and it was successful! So I finished moving all the mailboxes over, changed ISA to point to the new server name, imported the right certificate and I’m good to go. Almost 5 days of downtime, but no email lost, yay!
Now I just need to decommission the old Exchange box and give the new one more RAM. Not a bad few days work.
-
Exchange 2007 after Windows 2008 Upgrade Part 2
Well, I’ve got the new Exchange box up and running. However, I can’t move the mailbox from one machine to the other. Thankfully, I’m not the only one having this problem today. It appears as though because it is the 29th of February (leap year), there is a bug in Exchange 2007 preventing certain things from completing. There’s a nice TechNet thread on it, and it appears by setting your date to tomorrow fixes it. I think I’ll just wait to move the mailboxes till tomorrow or later then š
-
Exchange 2007 after Windows 2008 Upgrade
I know it has been well documented that you cannot upgrade Windows 2003 to Windows 2008 with Exchange 2007 installed and expect Exchange 2007 to keep functioning. However, letās say you may have accidentally done the upgrade on a standalone Exchange 2007 box you have, you know, just in case it were to happen (like it did to me).
Prior to doing the upgrade, you’ll notice a few things. First of all, you’ll be prompted that you need to uninstall Powershell. However, no where does the compatibility checker say anything about needing to uninstall Exchange 2007 prior to upgrading. I found this hilarious (in a sad, pissed off way) because I had tried to upgrade my WSUS virtual machine first, and it had told me that I would need to uninstall Powershell and WSUS prior to upgrading. I’m so glad that I wasn’t told anything about Exchange in a similar fashion. Ugh. By the way, I was running Exchange 2007 with SP1 prior to the upgrade…of death!
The first stumbling block, which should have caused me to stop the upgrade process, was uninstalling Powershell. Since I had installed it prior to installing SP2, uninstalling it becomes a pain. This is because Powershell is a windows update and if you install a service pack you can’t uninstall any updates prior to the service pack. Lovely. Well, in another unsupported way you can uninstall it. You have to browse to %windir%$ntuninstallkb926139$spuninstall and run the spuninstall.exe. Now, this may or may not be on your machine anymore either. On some of my virtual machines it was there, but on my Exchange server it was not, so I copied it over and ran it.
Ok, so now I can upgrade, yay! Windows does its thing and upgrades everything and restarts successfully. I was actually fairly impressed when it booted up. It looked like it actually worked. However, then I went into the services snap-in. I usually do this with this machine because it is slightly RAM starved and sometimes all the Exchange services don’t start. Sure enough, they hadn’t all started. So I went through and tried to start them all. All started but the information store and the system attendant service because of a dependent service. Crap, of course it’s the important ones.
Well, first thing I tried was to reinstall Exchange 2007 SP1, just to see if that would work. Of course this required me to reinstall Powershell, since that’s a pre-req. No big deal, installed that easily. Then when I tried to actually install SP1 it just bombed saying it couldn’t upgrade. Looking through the eventlogs it was because it was trying to spin up those two services. Great.
Well, doing some quick registry editing, I found that the service it was dependent on was NtlmSsp. Needless to say, this service does not exist on Windows 2008, hence the issue. Two seconds later, I removed that dependency from within the registry and restarted the machine. The machine reboots, and low and behold all of the services start. And all the email that was in the queue on my Edge Transport machine left the queue and made it into Exchange. Downside is that I was doing this all remotely and OWA still didn’t work.
Honestly, I wasn’t that worried about OWA. I mean, as long as I can get my emails back and then do the correct upgrade (aka, no upgrade at all) I’d be a happy camper. Heck, even after installing Powershell back on it, I was able to open up Exchange System Manager. Really, if I didn’t know all about the services and didn’t use OWA, I would’ve never known it wasn’t working. Oh, well, maybe the exceedingly high CPU utilization, but oh well.
When I got home, I had to test to see if I would be able to access my email. Sure enough, Outlook worked like a charm. I received all the queued email that had been sitting there for a day, and I was even able to send an email. Pure craziness.
What makes this even better is that the Exchange team actually decided (well, they actually went into it knowing what they were getting into) to try this same thing too. However, they weren’t able to get things working. I think the large mess-up was re-installing SP1. I’m glad I didn’t decide to go down that path, especially since mine worked. Needless to say I’m working on building a new VM with Windows 2008 and then going to add it t the ORG and move the mailboxes over to the new one. However, in the meantime, at least my email is functioning š
I’ll be sure to post again on if I ran into any more issues with the mailbox move. Worst case I suppose I could just do an ExMerge (actually Export-Mailbox for 2007) on the mailboxes or dump the email out of outlook to a PST. I’d rather not do that, but if that’s what it takes…
-
Commerce Server 2007
I swear, could the Commerce Server 2007 documentation be any more cryptic? You really need to know what you’re doing to even get the Starter Site up and running (thankfully I’m fairly well versed in 2002 so it wasn’t that bad). Oh, but then getting the starter site load balanced is fun too. Nothing like the encryption they setup automatically, only there’s no encryption key stored anywhere. Thankfully we realized this early on as we have to re-key everything, and since we don’t have the original key file, that means we basically start from scratch for profiles.
Fun!
-
DAS vs NAS vs SAN
Something that is making me very angry with the current project I’m on is the difference between DAS, NAS, and SAN technologies. The worst is that I’m working with these people on a specific thing not related to storage infrastructure, but instead development architecture and the people that are dealing with the storage infrastructure are the people that don’t know what the hell their talking about. In particular, the hosting provider that does all of the storage infrastructure work for us doesn’t know what the differences are. Oh, and don’t get me started on a VMware paper that we had that didn’t know the difference either. It just drives me nuts.
For those of you keeping score, I’m going to outline this out.
DAS = Direct Attached Storage. These are disks that are physically located in your host machine.
NAS = Network Attached Storage. NAS is file based. For example a CIFS or NFS share. This is typically TCP/IP based access. The NAS device “owns” the data on it. That is, the NAS device administers the data. For example, you connect to a NAS device from a windows machine by accessing servernameshare.
SAN = Storage Area Network. SAN is block based. This is when LUNs (logical unit numbers) are involved on a host. The host “owns” the data. The host is in charge of the partition, formating, and access to the LUN. You can access a SAN via two protocols: iSCSI (TCP/IP) and/or Fiber Channel (FC).
I’m so sick of seeing people talk about iSCSI NAS. There’s no such thing because in a NAS scenario you are sending CIFS or NFS protocols over TCP/IP while in a SAN solution you’re sending SCSI protocols over TCP/IP. Huge difference.
And yes, you can have a device that serves both NAS and SAN from one filer. This is called Unified Storage. All NetApp devices can do this.
Are we clear now?!
-
More ISA Site-to-Site IPSec VPN Configuration
The last two months, traffic on this site has increased by almost 50%.Ā Honestly, I donāt know specifically what itās related to, but my number one search item is āISAā followed by #4 which is ā2006ā.Ā Therefore, I thought Iād post a little bit more, since there are still some issues that I had run into.
First thing is the issue I discussed last time, which was about IPsec not creating the filters it needed to.Ā I think I may have found the solution to that, but I havenāt verified it (which I may do this week while Iām on the bench, in between various training).Ā Now because of the fact that ISA relies on Windows 2003 IPsec, there are some pretty awful problems.Ā The first being āadjacent rangesā in your IPsec rules.Ā Windows IPsec does not allow you to have two adjacent IPSec policies.Ā Instead it believes it should be one continuous policy.Ā When you attempt to create an adjacent policy in ISA 2006 you will recieve the error message below.
As an example, letās say that you need access to the individual hosts 10.10.10.150 and 10.10.10.151 at the remote site (or two ranges like 10.10.10.0/24 and 10.10.11.0/24).Ā Now, if the remote site happened to have a Cisco Concentrator, they would be able to publish each of those hosts (or subnets) as separate IPsec policies.Ā However, with ISA, they have to be in the same remote networks range.
Many times, there isnāt a problem, especially with a small number of hosts or ranges like this.Ā However, the problem comes into play with subnetting.Ā Typically hosts are designated with a 32 bit mask (255.255.255.255).Ā However, since weāve now created a range, we may see a different mask (255.255.255.254).Ā Itās when the different, unexpected mask comes into play, that we have issues.Ā If the mask is wrong, Phase II negotiations fail, and youāll not be able to create a Phase II tunnel.Ā However, if you donāt put the the hosts into the range and ignore the warning that ISA gives, the IPsec policies wonāt be created, and youāll have to manually create them whenever the IPsec service restarts (specifically if/when the machine restarts).
Finally, thereās yet another IPsec issue with Windows 2003, that again manifests itself with ISA.Ā There are multiple ways you may see this.Ā One way is that no matter what you set as your Phase II timeout policy from within ISA, youāre seeing Phase II rekeying happen about every 300 seconds.Ā Another way is that you IPsec Site-to-Site VPN connections drop a lot and in the logs you see the error ā0xc0040014 FWX_E_FWE_SPOOFING_PACKET_DROPPEDā.
The first thing I tried was to disable IP Spoof Detection.Ā However, that didnāt seem to fix it, plus, since this is an external firewall, I wanted to keep the spoof features on to do application filtering.Ā The part that was really frustrating was that rekeying was happening every 300 seconds, instead of the 3600 I had specified in ISA.
Well, it turns out itās a bug with ISA and/or Windows 2003 IPsec.Ā This was actually a bug with ISA 2004, but apparently it wasnāt deemed big enough to fix with 2006, since thereās a workaround that works well.Ā Microsoft KB article 917025 goes over exactly what to do, but the gist of it is, is that you need to edit the SAIdleTime registry key and change it to 3600 (default is 300).Ā The downside is that 3600 is the max (trust me, Iāve tried to set it higher, it doesnāt work at all), so plan your IPsec Site-to-Site VPNs accordingly (let your peer know that the max will be 3600 seconds).
Hopefully those two nuggets will help anyone having other issues.Ā Iām sure Iāll post more things too, as they come up.