Thursday, February 28, 2008

APC metered switches - remote power off

If you've got some old stubborn legacy hardware that sometimes stops working unless you fully unplug it and power it down then you can relate to the pain of having to physically go onsite or call someone else to unplug the device. This clunky but functional arrangement works fine during normal work hours but can be a pain at 10pm on a weekend. My solution was to get some APC metered switches. Give it an IP address and custom name each outlet port to match the device that's plugged into it through the built-in web interface. If you're offsite and you need a reboot, just vpn into work, open a web browser to the APC's IP, and give commands to the individual ports to power down, then 30 seconds later, tell them to power back on.
This also works well for servers if they bluescreen or run into a hardware failure and just won't restart.

And as a unrelated side bonus, the APC switch has an amperage meter which is useful for measuring how many amps those ancient devices are pulling.

Link the APC 7900 Switched PDU series:
http://www.apc.com/products/family/index.cfm?id=70

Saturday, February 23, 2008

Upgrading to Exchange 2007 SP1 with Symantec Mail Security

*UPDATED - Read all updates before trying this - See Below*

I'd been holding off on applying SP1 for Exch 2007 for a while now until I had upgraded my backup exec to version 12 and to see if there were any issues with Symantec Mail Security which I have running on the exchange server. So after I got BE 12 up and running I figured it was time.

The download of SP1 was much larger than I was expecting as it was around 870MB. In fact after running this upgrade I'm under the impression that it pretty much just reinstalled the whole server while retaining all my settings and data. Make sure you perform the usual precautions like backing up your data and have a recovery plan in place before starting. And of course, stop all antivirus, backup exec, automatic update services, etc prior to starting. (leave the exchange and IIS services running)

The first machine you should upgrade is the server(s) with the Client Access Role installed. During my upgrade, the pre-requisite check failed with a "you must be a member of the exchange organization administrators group" which occured because the user I was installing it as was not a member of the Exchange Organization Group. To remedy this, go into the Exchange Mgmt Console and under Organization, click on Add Exchange Administrator and add in the account you are installing as. Then restart all exchange services for changes to take effect. After the pre-req tests pass, click Next and the upgrade will start. You'll see a lot of disturbing messages like 'uninstalling files', 'pre-compiling binaries', etc and wonder if you're running the right installer or not. Fear not, this is normal behavior for the service pack. My Front-End server took about 17 minutes. (Server specs: Win2k3 x64 SP2, dual 2.0Ghz, 4GB ram)



At this time, I went ahead and re-installed the backup exec agents on the server just as a precaution.

Now with that roaring success beneath our belts, we move onto the back end server. Now if you got that exchange organization admin error earlier, make sure you rebooted the back end server too for changes to take effect. Repeat the same precautions of backup up, stopping unnecessary services, etc.



After that's done, you may want to change a registry key for a feature that's disabled by default as part of Microsoft's new security initiatives. The downside is that by turning off "Remote Streaming Backup" is that programs like Backup Exec will have problems. To Enable this key, go into Regedit and navigate to:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSExchangeIS\ParametersSystem

Create a DWORD key - "Enable Remote Streaming Backup" with a value of 1. At this time, I went ahead and re-installed the backup exec agents on the server just as a precaution. Reboot.

My Symantec Mail Security 6 appears to still be working properly and I tested my smtp server and it's still accepting messages so we're looking stable.

SP1 has some nice improvements such as being able to export a .pst file (very useful for archiving ex-employees for evidence), the rewritten OWA interface with lots of new features like server side rules, personal distribution lists, office 2007 support, etc.

And now you can change Send-As and Full Access rights from the GUI for those days when you just don't fell PowerShell-ish.



For details on the new changes, go to:
http://technet.microsoft.com/en-us/library/bb676323.aspx

Update 2/25/08: After applying SP1, the event logs are now starting to flood with Event ID:
8206 - EXCDO - "Calendaring agent failed with error code 0x8000ffff while saving appointmen". I went ahead and rebooted the server and that error went away. An odd issue occured with some recurring calendar entries. As users opened up invites and/or meeting entries in their calendar on monday, some of them ran into an error. This error triggered Exchange to do a repair/integrity check on their mailboxes and effectively locked them out of their calendar for a while. The corresponding error in the Application log looked like:

Event Type: Warning
Event Source: EXCDO
Event Category: General
Event ID: 8230
Date: 2/25/2008
Time: 4:49:12 PM
User: N/A
Computer: EXCHANGE_server_name_here
Description:
An inconsistency was detected in user@maildomain.com: /Calendar/Pinpoint Testing for blah blah.EML. The calendar is being repaired. If a problem persists, please recreate the calendar or the containing mailbox.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Everything appears to go back to normal after the ExchangeIS process finishes checking the mailbox out.

If this persists for a few days, I may have to take the Information Store down and run a manual Eseutil /G integrity check.
http://technet.microsoft.com/en-us/library/aa998361(EXCHG.80).aspx

Updated 2/27/08 - Calendar issues seem to have sorted themselves out during the first 2 days. Now I'm getting:
Unexpected error 0x50a occurred in "EcProcessVirusScanQueueItem"

After researching the web I see that it's not limited to Symantec as users of Trend, Forefront are also reporting the same error post SP1.

Friday, February 22, 2008

Dell Remote Console Switch 2161DS-2 and Vista SP1

Prior to SP1, I'd been having a heck of a time getting the Dell Remote console software for the kvm to work on Vista. Of course, this was to be expected as Vista wasn't even listed as a platform option for the downloads. Now after upgrading to SP1, the XP version of the software went right on and actually works properly. (version 3.1.0.320)

Wednesday, February 20, 2008

Tested - D630 Vista SP1

Test platform: Dell Latitude D630 BIOS A06. Fresh Vista build, latest intel drivers, AHCI enabled, Nvidia 135 vid chipset.

Prep - disabled Symantec A/V as a precaution. Downloaded RTM version of Vista Service Pack 1 from Technet Plus.

Total Time to apply SP1 - 34minutes including reboots.

Results: No apparent issues operating system issues, all device drivers appear to be working fine. No errors during upgrade. Symantec did not start after the final reboot but came back fine after another reboot.

Tuesday, February 19, 2008

Installing 2008 Server Core - VMWARE Server 1.0x

When you go to create the new virtual machine, choose the "Vista" option for OS type (It's about as close as you're going to get). Insert the 2008 CD or mount the ISO as a CD instead. Server Core installs without a hitch. Click Other when the GUI comes up, login as Administrator and it'll force you to choose a new password.

To get VMWARE Tools installed, do the usual step in the VMWARE console of clicking VM-> Install VMWARE Tools which will mount d:\ to the vmware tools iso. Go to the command prompt in the VM and cd to d: and then run VMWare Tools.msi (add a /qn for silent install).

To rename the server, first run HOSTNAME to confirm the current name, then run
netdom renamecomputer InsertOldNameHere /NewName InsertNewNameHere
*Note, this will require a reboot to kick in fully. (Shutdown /r for those who still haven't gotten their old GUI-less legs back). Shutdown /r /t 0 for the impatient.

To update the license key for the server:
slmgr -ipk InsertKeyHereWithDashes

Then slmgr -ato to activate windows (may take several minutes)

To enable Remote Desktop (hehe, seems odd for a gui-less install but yet it does have its uses). This command should add firewall rules for RDP inbound for you.

"Cscript %windir%\system32\SCRegEdit.wsf /ar 0" Enable for vista/2k8 clients
"Cscript %windir%\system32\SCRegEdit.wsf /cs 0" Enable for older clients
This worked fine for me until I added it to a domain at which point RDP stopped accepting connections. So I added a manual rule for it:
netsh firewall set portopening tcp 3389 "Remote Desktop"

Now if you're like me and the 640 * 480 resolution is killing you and you're feeling brave there is a way to change it. Run regedit from the command prompt. . Navigate to the following keys:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Video\GUID\0000\DefaultSettings.XResolution
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Video\GUID\0000\DefaultSettings.YResolution

Just to make this confusing, there will be multiple GUIDs. Pretty much check them all and see which one has the XResolution set to Hex 280 and YRes set to 1e0. Figure out the Hex equivalent of what your desired resolution is (use calculator on another box if needed). I just went with 320*258 Hex (800*600 decimal) but you could probably run 400*300 (1024*768). Close out the registry editor and reboot for changes to kick in.

At this point you've got a good base VM image to backup and then start playing around with.

Tips from the guys at microsoft:
http://blogs.technet.com/server_core/

Tuesday, February 12, 2008

BCM, Internet Explorer 7, Java, and the disappearing Telephone menu tree

So for a while I'd been having problems with IE7 and the Management Interface on the BCM (3.7). The tree below 'Telephone' would completely disappear but would show up fine on a box with IE 6 or an older version of Java. While I was talking with a Nortel tech about an RCC problem, we got into discussing the java problems and he mentioned that there’s a way to get the latest java to work with IE 7 and the BCM management interface.

Close all browsers, then go into Control Panel -> Java -> Advanced Tab -> Default Java for Browsers and remove the checkbox for Microsoft Internet Explorer. Yeah, it seemed goofy but I changed that setting and went into the system and voila, works fine now.

*Updated* For those of you who've been asking about the 3.6 version, the only way I found to make that work without downgrading IE or Java is to use Opera. http://www.opera.com