Friday, 13 November 2015

Some I.T. Professional Business Pearls

Here are some thoughts on the many aspects of running an I.T. business in today’s world that have been garnered over my 13 years in business so far.

  • Never reveal business operations
    • Financial
    • Client’s names (don’t ever reveal clients supported to others)
    • Projects, Purchases, or other such products and services WE provide
  • Never volunteer _any_ information
  • Always keep scheduling information time related
    • I’m running behind, I’ll call in 15
    • I’m working on something that went sideways, let’s delay to tomorrow please
    • Always call, text, reach out in-person versus e-mail
      • If calling follow-up with an e-mail “thanks for allowing us to delay by a day” or some such note
    • We keep a priority band that our clients are aware of
      • Priority 1: Business Critical Outage
      • Priority 2: User down or problematic app
      • Priority 3: App updates, changes and such
      • Priority 4: All of the other stuff
  • Never, ever, give a customer poop for leaving
    • I learned this one the hard way
    • Business is business no matter how the termination was handled by the now former client
      • Never, ever, take things personally
    • Respect their decision and acquiesce with grace and integrity
    • Be silent
    • Resist the urge to be defensive - shut this one right down
    • Cooperate with the next I.T. company if need be
      • Give over the keys to the kingdom with ease
  • Always, and everywhere, do everything in writing
    • “Yes, Ms. Customer, I’d be more than happy to help you do X and it’ll be done on Y” via e-mail after a conversation
    • Always confirm project add-ons and scope creep with an e-mail indicating back charges and extras as they fall out of scope
    • Keep an extensive set of audit notes for each client
    • Keep an extensive change log for all clients
    • image Snip everything, name them accordingly, and keep them forever
    • Be disciplined and document everything
  • Use a time keeper
    • Outlook Tasks or CRM with due dates and reminders
    • OneNote notebook with Surface 4/Pro and pen close at hand
    • Note keeper pocket notebook and mechanical pencils
    • Write all requests down and transfer what needs to be to Outlook or CRM

The above is the culmination of my 13 years running our I.T. company. I hope it helps! :)

Philip Elder
Microsoft Cluster MVP
Co-Author: SBS 2008 Blueprint Book

Thursday, 12 November 2015

Exchange Stall: Purging Exchange Logs

We’ve got our SBS (Small Business Solution) set up for client’s all-in-the-Cloud experience.

What we’re finding is that some vendor’s systems don’t trigger VSS within a VM running Exchange thus leaving Exchange thinking it is not being backed up. This means that the Exchange VM eventually stalls due to no space on the partition hosting the logs.

To remedy that run the following in a script say once a week, or more depending on the volume of mail, on the Exchange VM:

  1. Elevated CMD
  2. DiskShadow
  3. Add Volume C:
  4. Begin Backup
  5. Create
  6. End Backup 

Once the snapshot completes Exchange will think it’s been backed up and consolidate all of the logs.

NOTE: Make sure the VM/Server is backed up!

Philip Elder
Microsoft Cluster MVP
Co-Author: SBS 2008 Blueprint Book

Wednesday, 21 October 2015

Folder Permissions: How To Properly Disinherit Permissions

We run into a lot of ACL corruption issues and access issues when a folder has not been disinherited properly.

The following is the best method for disinheriting permissions a folder receives from its parent:

  1. Right click on the folder and click Properties
  2. Click the Advanced button
  3. Click the Change Permissions button if required
  4. Click the Disable inheritance button
  5. Click the Convert inherited permissions into explicit permissions on this object.
    • image
  6. Click on DOMAIN\Domain Users or MACHINE\Users and then the Remove button
    • This removes access to that folder to all domain users
  7. Add the necessary security groups and give them MOD
  8. OPTION: On existing folder sets one can click Replace all child object permission entries with inheritable permission entries from this object
    • Does one want to click this? If there are customized permissions _below_ the folder being disinherited those permissions would be lost.
  9. Click Apply and OK.

From there our folder would now have the necessary permissions for users in the specific security group(s) to make changes.

We enable Access-based Enumeration on _all_ shares we deploy by default. This means that users that are not in the above assigned security group(s) will not see the folder in their File Explorer.

One of the warning signs that the above process was not followed will be for domain admin or local admin accounts to get a UAC prompt when navigating the physical folder set.

As a rule we follow a trunk –> branch –> leaf structure for our folders. All users have a single point of entry with some subfolders having their inheritance blocked.

From there we prefer to _not_ disinherit any further down-level folders unless absolutely necessary because that inevitably leads to access issues and/or permissions corruption.

Philip Elder
Microsoft Cluster MVP
Co-Author: SBS 2008 Blueprint Book

Friday, 16 October 2015

E-mail NDR: #5.1.1 SMTP; 550 Rejecting for Sender Policy Framework (SPF too many lookups)

One of our clients was having issues sending an e-mail to one of our regional ISP’s e-mail servers.

  • Remote Server returned ‘< #5.1.1 SMTP; 550 Rejecting for Sender Policy Framework>’
    • SPF too many lookups

There was no further information. The specifics came from a very helpful mail technician at the ISP.

So, we started to dig around and came up with the following:

A ticket went through Third Tier’s Help Desk this week that was based on this problem with Dave Shakelford pointing to the following blog post:

So, what does all of this mean?

It means that we need to make sure all of our clients that send mail via an ISP SMTP server, third party sanitation and continuity service, or mail hosting service need to have a correct SPF record in place.

As the JangoMail blog post makes clear, we may have to jump through a few hoops to get it right, but get it right we must as our client’s mail is critical to their business.

Philip Elder
Microsoft Cluster MVP
Co-Author: SBS 2008 Blueprint Book

Tuesday, 29 September 2015

A 2 Node Hyper-V Cluster with Clustered Storage Spaces

We are in the process of finishing up a client’s migration from clustered SBS 2011 Standard to our SBS (Small Business Solution) stack solution and the following cluster configuration: image The above setup is as follows in order of appearance top to bottom:
  • 1U Intel Xeon E3 series server running as PDCe, ISO storage, and other non-essential roles
  • 1U single socket Intel Xeon E5 series Hyper-V node
    • On-Board i350T4 plus add-in i350T4
    • Dual 6Gbps Intel/LSI SAS HBAs
  • 1U single socket Intel Xeon E5 series Hyper-V node
    • On-Board i350T4 plus add-in i350T4
    • Dual 6Gbps Intel /LSI SAS HBAs
  • 2U DataON DNS-1640d JBOD
    • Connected via dual 6Gbps SAS cables per node
Operating systems across the board for all physical and virtual servers is Windows Server 2012 R2.
Storage sharing and arbitration is handled by clustered Storage Spaces. The above setup has 1.2TB 10K HGST SAS drives (DataON HCL approved) set up in a Storage Spaces 3-way mirror with the standard Space having 2 columns.
The client we deployed this cluster into had a cluster already in place based on Windows Server 2008 R2. They are all of 15-18 seats and value the uptime insurance a cluster gives them as downtime for them is expensive.
Note that the cost of this particular setup based on Intel Server Systems and the DataON JBOD is very reasonable.
Philip Elder
Microsoft Cluster MVP
Co-Author: SBS 2008 Blueprint Book

Monday, 28 September 2015

Warning: Sage 50 2016 Server Manager will Reboot Without Prompting

We were installing the database manager on the backend server for a client.

It started the .NET 4.5.2 FULL installer then suddenly disappeared after a few minutes.

So, keep in mind that this one will need to be done when no one is accessing that backend server! Or for that matter that the user that we are working on setting up or updating will have their machine reboot spontaneously.

Also, Sage released this version as an “update”. We received quite a few calls from our accounting firms when they could no longer connect to their Sage/Simply data on the server.

In the end, it turned out that no prompt was given to the user that the “update” was actually an “upgrade”. 

Yo, Sage! A little warning would be appropriate please.

EDIT: Updated a bit for specifics.

Philip Elder
Microsoft Cluster MVP
Co-Author: SBS 2008 Blueprint Book

Thursday, 23 July 2015

User Profile Tip: Windows Explorer Favorites

Some of us are big on redirecting most folders to the server.

Some of us have learned the hard way to leave AppData and its contents alone on the local desktop. ;)

By default we redirect Desktop, My Documents/Documents, and Favorites.

We recently did a profile refresh using our Event ID 1511, 1515 Profile loss to TEMP method for one of our clients. Their profile had become hopelessly corrupted.

Now, to date we’ve not encountered too many folks that avidly use the Windows Explorer Favorites (pinning):


The above is a snip of my own Windows Explorer pins.

Okay, so we don’t redirect that folder and we’ve not really had to migrate those links before.

That begged the question: Where the chicken are they?!?

Our search foo both on the local machine, via AppData where we thought they should be, and via Internet turned up nothing but one clue: %UserProfile%\Links.



We copied the files from the UserProfile–OLD folder into their new UserProfile\Links folder and they were happy to have them back.

We’ve since added this step to our checklist and will pay a bit more attention to our client’s environments to see if we need to redirect %UserProfile%\Links to save on some time later on.

Philip Elder
Microsoft Cluster MVP
Co-Author: SBS 2008 Blueprint Book