Friday 29 November 2013

Date Stamp on Windows Server 2012 R2 Open License Media

We keep getting caught with dropping the early bits on a flash drive to load an OS. It's not hard to figure out as soon as the server boots from the USB flash drive as it requests an Activation Key.
image
Note the date stamp above is August September 30, 2013. That is the Open bits that will not prompt for a key.
The DVD media name:
image
  • IR1_SSS_X64FREV_EN-US_DV5
UPDATE: Changed the month noted. :)

Philip Elder
Microsoft MVP
MPECS Inc.
Co-Author: SBS 2008 Blueprint Book
Chef de partie in the SMBKitchen
Find out more at
Third Tier: Enterprise Solutions for Small Business

A Server 2008 R2 Core Uptime Mark

Here is a little glimpse into one of our mid-range running Server Core setups:

image

The command: systeminfo | find "System Boot Time"

We are almost exactly three months short of two years for this particular Hyper-V server. It has been a workhorse with nary a problem.

  • Intel Server System SR1695GPRX2AC
  • Intel Xeon X3470
  • 32GB Kingston ECC
  • Intel RAID with 4x 300GB 15K SAS in RAID 10

To date we have _a lot_ of these particular Intel Server Systems in production both as standalone Hyper-V servers as well as Hyper-V Cluster nodes and we have been very happy with them.

They are rock solid and their performance is excellent.

Happy Thanksgiving to our US readers. :)

Philip Elder
Microsoft MVP
MPECS Inc.
Co-Author: SBS 2008 Blueprint Book

Chef de partie in the SMBKitchen
Find out more at
Third Tier: Enterprise Solutions for Small Business

Tuesday 26 November 2013

SBS 2003 R2 Premium Migration to 2012 R2 Domain and Exchange 2013

We are beginning our adventure migrating our last SBS 2003 R2 Premium server setup to a completely new setup.

We used the ShadowProtect backup image to restore to our Hyper-V server and utilized the Hardware Independent Restore process to inject the Hyper-V 2012 R2 VM drivers so we did not get any blue screens on the restored VM OS.

image

Our goal will be to end up with an RWA setup in 2012 Essentials R2 or we will be pitching the new Scorpion Software AuthAnvil Portal setup as an RWA replacement to this firm (and eventually all firms we manage).

Given that most accounting firms need to log into many different sites for their day-to-day routines we believe that new portal service will meet that need along with the partners that would prefer a short PIN to log on. :)

Plus it will give them a huge step up in security.

For now, we have their server up and running on one of our Server 2012 R2 Hyper-V lab setups as we will be running through the migration process a few times to make sure we have everything down.

We set up a Windows 7 Professional SP1 VM to verify that the SBS 2003 was happy:

image

The SBS Connect Computer wizard was run to successfully connect the Win7 VM to the SBS domain. From there we installed Office 2010 SP1 and reset a couple key user's passwords to hook into their profiles.

We are now ready to begin the migration process in our lab.

  1. Install: Windows Server 2012 R2 DC VM
  2. Install: Windows Server 2008 R2 OS Temp VM
    1. Exchange 2010 with current SP installed
  3. Migrate Mailboxes and Public Folders
  4. Install: Windows Server 2012 RTM VM
    1. Install Exchange 2013 and CU3
  5. Migrate Mailboxes and Public Folders
  6. Install: Windows Server 2012 R2 VM(s)
    1. LoB Migration

Once we have run through the above process we will then move on to migrating their actual production network.

Philip Elder
Microsoft MVP
MPECS Inc.
Co-Author: SBS 2008 Blueprint Book

Chef de partie in the SMBKitchen
Find out more at
www.thirdtier.net/enterprise-solutions-for-small-business

Monday 25 November 2013

Troubleshooting ShadowProtect Backup Failure 503 Fatal I/O Error

We have one SBS 2008 riding on a cluster that has started to fail its full backups but only at certain times.

The KB indicates that the problem is resident on the source if the error falls on a read or on the destination if on a write.

In this case our failure was on a write so we started to focus in on the destination.

For this cluster setup we have the backups stream across the wire to the standalone DC on an HP MicroServer that was also protected by ShadowProtect.

We looked into network connectivity as well as for disk I/O errors in the Event Logs with no results.

The last place to look was in the ShadowProtect setup on the DC itself.

Sure enough, the DC was set to run an incremental close to the same time the one backup on the SBS VM was failing.

We changed the standalone DC backup schedule to run one incremental at night to avoid any further conflicts with the VM backups that were streaming to it.

We now had a successful backup set on the SBS VM.

Philip Elder
Microsoft MVP
MPECS Inc.
Co-Author: SBS 2008 Blueprint Book

Chef de partie in the SMBKitchen
Find out more at
www.thirdtier.net/enterprise-solutions-for-small-business/

Friday 22 November 2013

Questions to ask about Cloud and Backup

Local Backup To Cloud

Okay, let's say our on-premises servers are being backed up to a local NAS or storage server.

From there they are copied up to an online Cloud backup service as the default off-site backup location. Assume at least a 10Mbit upload speed to allow for the initial image upload or a seed done via courier to the backup service provider.

Now, the on-site servers fail. The cluster or standalone host is hosed.

Then, it turns out that the backup destination NAS/storage server was also hosed.

What then?

Well, we have our off-site now don't we?

Yeah, we do ... sorta.

Even at 1Gbit/Second how long would it take to download the full backup image and its incremental images? If image consolidation was ongoing, okay fine, how long to bring down that full image and possibly the extra few incremental backups?

One would imagine that if a business is not able to tolerate at least two to three days of downtime just for the restoration process, never mind replacement hardware procurement, then one really needs to evaluate another tier of local storage for an off-site rotation.

Cloud Services and Storage

Well now, how about the Cloud service vendor's services?

An SLA is only as good as the bond paper it is printed on right? Or, at least as good as the vendor making the promise that our data will never disappear.

Oh really?

What about the mailboxes on GMail that seemingly disappeared? Did they ever get fully recovered?

What about that Cloud based ERP and accounting solution? What do they do to protect the multi-million dollar company's Solution in the event of an internal failure at the Cloud vendor's site?

Thus, that begs the question: Does the Cloud service provider facilitate the ability to back up the Cloud based data set to our own premises? If not, it may be in the company's best interest to look for other Cloud vendors that do provide a facility to back up the company's data to on-premises.

We have all seen failures of all sorts at all levels of IT Solution sets.

Given the scale of Cloud computing and its relative newness it is only a matter of time before we see catastrophic failures at the Cloud service vendor level.

When that happens what will become of the business that now depends on that Cloud service provider to restore the service _and_ data back to the way things were but that does not happen?

Please remember that when it comes to technology we are not talking about an "if it happens" we are talking about a "when it happens".

Being prepared whether the service is on-premises or in the Cloud is key to business survival in today's hybrid environments.

Philip Elder
Microsoft MVP
MPECS Inc.
Co-Author: SBS 2008 Blueprint Book

Chef de partie in the SMBKitchen
Find out more at
www.thirdtier.net/enterprise-solutions-for-small-business/

Friday 15 November 2013

Some Mobile Phone Related Security Reading and Videos

This from Susan Bradley as far as what our mobile phone can say about us:

image

Now, take that the to the next level.

MVP Doug Spindler provided links to the following very informative videos.

image

Malte went to the extent to sue the mobile phone carrier his phone was hooked up with to acquire the "Metadata" they held on him. His talk brings to light some aspects of what that data does for the NSA and other intelligence gathering agencies.

Doug also shared the following TED Playlist called The dark side of data (11 talks).

image

All of the talks are worth watching . . . and not for the faint of heart!

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

Chef de partie in the SMBKitchen
Find out more at
www.thirdtier.net/enterprise-solutions-for-small-business/

Windows Live Writer

Wednesday 13 November 2013

External Hard Disk Formatted GPT: Shows Healthy (GPT Protected Partition) in Disk Management

Okay, this was a bit of a puzzle:

image

A 2TB Seagate drive used for backups was originally formatted GPT on a Windows Server 2012 RTM Hyper-V host server.

We plugged the drive into a Windows Server 2012 R2 Hyper-V host to run backup recovery tests and ended up with the above. We tried a Windows 7 Enterprise system and the same result was to be had.

Getting a little concerned that any search results for the above stated to format the hard disk we tried one more thing. We plugged the drive into a Windows 8.0 Enterprise x64 machine to see if the VHDX files would show up.

image

Sure enough the drive received a letter and the files became available. Now to figure out how to get the newer server OS to read the drive!

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

Chef de partie in the SMBKitchen
Find out more at
www.thirdtier.net/enterprise-solutions-for-small-business/

Windows Live Writer

Our Client CryptoLocker Warning E-Mail

This is a copy of an e-mail we are sending out on a somewhat frequent basis to our clients to keep being Internet Street Smart at the top of their minds:

Hello all,

I may have mentioned this in the past while but it bears being mentioned again.

There is a really bad malware being spread via links in e-mail that take the user to a bad site or attachments in an e-mail that contain the bad software. Its name is CryptoLocker.

If the link is clicked on or the attachment is opened the software starts up and goes on to encrypt, that is make unavailable, EVERY file the user has access to. There are two ways to get out of the mess once the infected system is found and quarantined:
1.    Best Option: Recover the files from Previous Versions (Volume Shadow Copy snapshot) … may be out by a few hours.
2.    Okay Option: Recover or from Backup … may be a bit out of time in the form of hours.
3.    Worst Option: Pay the bad guys to decrypt the data and risk identity theft among other problems of handing over a credit card number.

Simple rule of thumb: NEVER click on a link in an e-mail and avoid opening attachments if at all possible (Especially ZIP archives). And, if a link must be clicked on in an e-mail hover the mouse cursor over the link to see where it leads to. If it looks suspicious please ask!

Our systems are designed to provide maximum recoverability however the snapshots and backups are timed throughout the day. So, if there is an infection some work may be lost!

As always, please be very careful and aware that bad folks out there are always on the hunt for more victims. No business large or small is exempt from these folks nefarious activities.

We are aware of firms, fortunately not our own clients, that are on the brink of possibly being lost due to CryptoLocker and bad or unavailable backups!

Thanks and have a wonderful day! :)

We do our best to keep folks aware of what is happening out there but things are getting even more nasty for e-mail transmissions.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

Chef de partie in the SMBKitchen
Find out more at
www.thirdtier.net/enterprise-solutions-for-small-business/

Windows Live Writer

Friday 8 November 2013

Cause For Pause: Accounting Firm Possibly Done In Due to Technician Error and Cryptolocker (reddit)

This article came across one of the lists I am a part of and really brought home our own experiences back when Backup Exec and Symantec spent three days working with us to recover a backup that in the end proved to be unrecoverable.

In the above case we were fortunate to have other methods in place to protect the data but we did end up losing the domain and 24 of a partner's files out of 650GB of data (the failure was progressive - garbage in garbage out).

The BUE fail taught us to advocate strongly for us to be the ones to rotate the backups (the person responsible in the above case failed to rotate the two magazines) and to do a quarterly _full_ bare metal or hypervisor restore of the backup.

It also drove us to find a different backup and restore method that gave us portability for the backed up server along with good recoverability. We came across and have been running with StorageCraft's ShadowProtect product ever since. Since then we have had some spectacular recoveries completed as a result of ShadowProtect and the skills learned via Jeff Middleton's SwingIT migration methods.

One of the other lessons we learned early in our IT careers and is exemplified in the above article is the thoroughness with which we keep our client's audit notes. We document absolutely _everything_ about their network setups. They get any updated versions after they have been updated. One can never be too sure!

A full bare metal/hypervisor restored backup is the ONLY known good backup. Period. Full Stop.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

Chef de partie in the SMBKitchen
Find out more at
www.thirdtier.net/enterprise-solutions-for-small-business/

Windows Live Writer

Thursday 7 November 2013

StarTech 7.1 USB External Sound Card for Intel NUC Driver Error on Windows 8.1

We set up our first Intel NUC only to discover that the device has no built-in sound outputs beyond the HDMI interface. For folks that do not have an HDMI based monitor with built-in speakers, basically 99% of our world, this is a big hang-up for the product ... and an added expense against competitors like the Lenovo Tiny.

image

We plugged the device into a USB port on our NUC running Windows 8.1 and it picked up immediately. Though, we had one catch: The headphone jack was not working.

The StarTech chat mechanism on their Web site was not functioning correctly so we called in and were greeted with a friendly and very helpful technician.

In the end we had to download the driver, extract it after unblocking the ZIP file, and set its Compatibility Mode to XP Service Pack 3.

After a reboot we were able to set the default output to headphones:

image

We can now listen to our Dubstep and other fun bouncy stuff without disturbing the neighbours. :)

NOTE: The StarTech technician indicated a Windows 8.1 compatible driver should be available at some point soon.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

Chef de partie in the SMBKitchen
Find out more at
www.thirdtier.net/enterprise-solutions-for-small-business/

Windows Live Writer