Tuesday 31 December 2013

Hyper-V: Number of NUMA Nodes on a Dual Intel Xeon E5-2630 R2208GZ4GC

Here is a snip of the number of NUMA Nodes in a newly stood up Windows Server 2012 R2 Standard server with a pair of Intel Xeon E5-2630 CPUs in the Intel Server Systems Grizzly Pass 2U setup:

image

Here is the same setup showing the number of Cores/Threads:

image

Note that we do not have Hyper-Threading turned off on this particular server.

It's important to note that a VM that is set up with more vCPUs than cores on one CPU may actually perform poorer than the same VM set up with the vCPU setting equal to or one less than the number of cores available on one CPU.

This is what is meant by spanning NUMA nodes.

Suffice it to say we can spend a while discussing the performance impact of too many vCPUs assigned to one VM. Ultimately, one needs to stress test a VM setup using a variety of configurations to find what will be optimal for that particular VM.

Happy New Year's Eve everyone. All the best for 2014! :)

Philip Elder
Microsoft MVP
MPECS Inc.
Co-Author: SBS 2008 Blueprint Book

Chef de partie in the SMBKitchen
Find out more at
Third Tier: Enterprise Solutions for Small Business

Monday 30 December 2013

Windows Server 2012 R2: Intel PROSet Install Error: No Intel Adapters Present

This is a bit of a puzzle:

image

Intel Network Connections Installer Information

Cannot install drivers. No Intel(R) Adapters are present in this computer.

The OS is Windows Server 2012 R2 via the most recent build on Microsoft's Open License management site.

The server is an Intel Server Systems SR1695GPRX2AC 1U server that has a pair of dual-port 82576 series Intel Server Network Adapters plus another single shared port with the installed Intel RMM.

image

The Windows Server OS is obviously seeing the setup correctly.

So, what do do?

Well, a search via Bing lead us to the following site in the Intel Download Center:

image

We clicked through to the site and downloaded the version 18.8 PROSet driver for Windows Server 2012.

Now, the servers we are working on are Server Core. So, we have a quick cheat to get that driver onto the local machine:

  • Start Notepad [Enter]
  • CTRL+O (or File --> Open)
  • Change Files of type: to All Files
    • image
  • Navigate to the driver file
  • Right Click and Copy
  • Navigate to the destination and Right Click then Paste
    • image
  • Cancel the Open dialogue box and close NotePad

We then executed the archived file:

image

We then waited:

image

Ironically while waiting for the installer to spool up we did a search on the indicated PowerShell module and ended up here:

That in turn took us to here:

Okay, so our setup will not be supported by Intel's driver set so we will stick with the in-box drivers. That is okay as in our testing we've not seen any issues like we did with the in-box driver on Windows 7 and Windows Server 2008 R2.

On the PowerShell note we've done some digging around but have not come up with any clear documentation on Intel's PowerShell commandlets. We have a few queries out so we shall see if anything comes back. :)

Otherwise, once we stand up an Intel Server Systems R2208GZ with Server 2012 R2 we will investigate and post back.

Happy New Year's everyone! :)

Philip Elder
Microsoft MVP
MPECS Inc.
Co-Author: SBS 2008 Blueprint Book

Chef de partie in the SMBKitchen
Find out more at
Third Tier: Enterprise Solutions for Small Business

Wednesday 18 December 2013

Repeat After Me: SATA Does Not Belong In Servers Part Deux

For the last number of years we have stopped deploying servers with SATA drives installed.

There are so many reasons why we stopped but here are a few comparisons to SCSI/SAS:

  • SATA does not have the ability to manage a high I/O workload
  • SATA only offers a single inbound and outbound data port while SAS offers dual ports for redundant paths
  • SATA does not have the health monitoring capabilities with SMART certainly not cutting it
  • SATA does not offer anywhere near the capabilities and command set that SAS does for server related tasks, disk redundancy, disk sharing, and so much more

There is a reason why disk manufacturers have tacked on SAS controllers to SATA platter sets. These so-called NearLine drives offer all of the SAS goodness but with SATA capacities.

Here is the first public, that I know of, presentation from Microsoft on the _why_ SATA does not belong in servers.

To quote specifically:

1.Use the per I/O control mechanism that is known as Force Unit Access (FUA). This flag specifies that the drive should write the data to stable media storage before signaling (sic) is finished. Applications that have to do this make sure that data is stable on the disk issue FUA to make sure that data is not lost if a power failure occurs.

Server-class disk drives (SCSI and Fibre Channel) generally support the FUA flag. On commodity drives (ATA, SATA, and USB), FUA might not be honored. (emphasis added) This can potentially leave data in an inconsistent state unless the drive's write cache is disabled. Make sure that the disk subsystem handles FUA correctly if you depend on this mechanism

When listening to a discussion on this the above applies even when SATA disks are used in a properly configured RAID setup whether software (host-based) or hardware RAID on Chip.

In addition, if one were to be setting up a Storage Spaces cluster with multiple paths to the JBOD unit then one would be required to set it up with SAS based SSDs for the high performance storage tier. SATA will work in a single server and single enclosure lab like setting but _not_ in production.

We have had other posts on this topic that outline many other reasons for our decision to drop SATA in servers. The SATA category and the SAS category would be one place to start. :)

Philip Elder
Microsoft MVP
MPECS Inc.
Co-Author: SBS 2008 Blueprint Book

Chef de partie in the SMBKitchen
Find out more at
Third Tier: Enterprise Solutions for Small Business

Tuesday 17 December 2013

SMB Kitchen Subscribers: Hyper-V Q&A Chat to start in about an hour

Look in your e-mail for the link to the chat session.

Philip Elder
Microsoft MVP
MPECS Inc.
Co-Author: SBS 2008 Blueprint Book

Chef de partie in the SMBKitchen
Find out more at
Third Tier: Enterprise Solutions for Small Business

Saturday 14 December 2013

SMB Kitchen: Hyper-V Q&A Chat this Tuesday December 17th at 1800 EDT and 1600MDT

SMB Kitchen subscribers please join me on Tuesday to have a chat about all things Hyper-V.

Hyper-V Deployment and Clustering

It's time to ask Phil Elder, Hyper-V Deployment and Clustering expert, anything you ever wanted to know on the topic. He's been deploying this stuff since Longhorn (which for those not in the know was the code name for Server 2008) which is when Hyper-V really came into its own. He's shed a lot of blood, sweat, tears and lab hours to get these deployments down to a science. So if you want to ask an expert about your configuration, upcoming project, performance issues, BIOS settings, hardware selection, Phil is your man.

Need pointers in your deployment? Then this is the chat session you want to attend.

This would be a good time to jump in and get some guidance on the how/what/when/where and why Hyper-V.

Philip Elder
Microsoft MVP
MPECS Inc.
Co-Author: SBS 2008 Blueprint Book

Chef de partie in the SMBKitchen
Find out more at
Third Tier: Enterprise Solutions for Small Business

Wednesday 4 December 2013

Microsoft Downloads: TechNet Libraries PDF Downloads Search List

This link opens the Microsoft Downloads site:

image

Note the third one listed in the search results (sorted by newest publish date) is the _entire_ Windows Server 2012 R2 and Windows Server 2012 RTM TechNet Library Documentation! It weighs in at a paltry 110MB in PDF form too.

image

An example of how great it is to have one searchable document is in the search results _within_ the document for the search term "RDMA".

Try searching for Windows Server and RDMA and come up with a Microsoft product focused set of search results on any search engine.

Philip Elder
Microsoft MVP
MPECS Inc.
Co-Author: SBS 2008 Blueprint Book

Chef de partie in the SMBKitchen
Find out more at
Third Tier: Enterprise Solutions for Small Business

Friday 29 November 2013

Date Stamp on Windows Server 2012 R2 Open License Media

We keep getting caught with dropping the early bits on a flash drive to load an OS. It's not hard to figure out as soon as the server boots from the USB flash drive as it requests an Activation Key.
image
Note the date stamp above is August September 30, 2013. That is the Open bits that will not prompt for a key.
The DVD media name:
image
  • IR1_SSS_X64FREV_EN-US_DV5
UPDATE: Changed the month noted. :)

Philip Elder
Microsoft MVP
MPECS Inc.
Co-Author: SBS 2008 Blueprint Book
Chef de partie in the SMBKitchen
Find out more at
Third Tier: Enterprise Solutions for Small Business

A Server 2008 R2 Core Uptime Mark

Here is a little glimpse into one of our mid-range running Server Core setups:

image

The command: systeminfo | find "System Boot Time"

We are almost exactly three months short of two years for this particular Hyper-V server. It has been a workhorse with nary a problem.

  • Intel Server System SR1695GPRX2AC
  • Intel Xeon X3470
  • 32GB Kingston ECC
  • Intel RAID with 4x 300GB 15K SAS in RAID 10

To date we have _a lot_ of these particular Intel Server Systems in production both as standalone Hyper-V servers as well as Hyper-V Cluster nodes and we have been very happy with them.

They are rock solid and their performance is excellent.

Happy Thanksgiving to our US readers. :)

Philip Elder
Microsoft MVP
MPECS Inc.
Co-Author: SBS 2008 Blueprint Book

Chef de partie in the SMBKitchen
Find out more at
Third Tier: Enterprise Solutions for Small Business

Tuesday 26 November 2013

SBS 2003 R2 Premium Migration to 2012 R2 Domain and Exchange 2013

We are beginning our adventure migrating our last SBS 2003 R2 Premium server setup to a completely new setup.

We used the ShadowProtect backup image to restore to our Hyper-V server and utilized the Hardware Independent Restore process to inject the Hyper-V 2012 R2 VM drivers so we did not get any blue screens on the restored VM OS.

image

Our goal will be to end up with an RWA setup in 2012 Essentials R2 or we will be pitching the new Scorpion Software AuthAnvil Portal setup as an RWA replacement to this firm (and eventually all firms we manage).

Given that most accounting firms need to log into many different sites for their day-to-day routines we believe that new portal service will meet that need along with the partners that would prefer a short PIN to log on. :)

Plus it will give them a huge step up in security.

For now, we have their server up and running on one of our Server 2012 R2 Hyper-V lab setups as we will be running through the migration process a few times to make sure we have everything down.

We set up a Windows 7 Professional SP1 VM to verify that the SBS 2003 was happy:

image

The SBS Connect Computer wizard was run to successfully connect the Win7 VM to the SBS domain. From there we installed Office 2010 SP1 and reset a couple key user's passwords to hook into their profiles.

We are now ready to begin the migration process in our lab.

  1. Install: Windows Server 2012 R2 DC VM
  2. Install: Windows Server 2008 R2 OS Temp VM
    1. Exchange 2010 with current SP installed
  3. Migrate Mailboxes and Public Folders
  4. Install: Windows Server 2012 RTM VM
    1. Install Exchange 2013 and CU3
  5. Migrate Mailboxes and Public Folders
  6. Install: Windows Server 2012 R2 VM(s)
    1. LoB Migration

Once we have run through the above process we will then move on to migrating their actual production network.

Philip Elder
Microsoft MVP
MPECS Inc.
Co-Author: SBS 2008 Blueprint Book

Chef de partie in the SMBKitchen
Find out more at
www.thirdtier.net/enterprise-solutions-for-small-business

Monday 25 November 2013

Troubleshooting ShadowProtect Backup Failure 503 Fatal I/O Error

We have one SBS 2008 riding on a cluster that has started to fail its full backups but only at certain times.

The KB indicates that the problem is resident on the source if the error falls on a read or on the destination if on a write.

In this case our failure was on a write so we started to focus in on the destination.

For this cluster setup we have the backups stream across the wire to the standalone DC on an HP MicroServer that was also protected by ShadowProtect.

We looked into network connectivity as well as for disk I/O errors in the Event Logs with no results.

The last place to look was in the ShadowProtect setup on the DC itself.

Sure enough, the DC was set to run an incremental close to the same time the one backup on the SBS VM was failing.

We changed the standalone DC backup schedule to run one incremental at night to avoid any further conflicts with the VM backups that were streaming to it.

We now had a successful backup set on the SBS VM.

Philip Elder
Microsoft MVP
MPECS Inc.
Co-Author: SBS 2008 Blueprint Book

Chef de partie in the SMBKitchen
Find out more at
www.thirdtier.net/enterprise-solutions-for-small-business/

Friday 22 November 2013

Questions to ask about Cloud and Backup

Local Backup To Cloud

Okay, let's say our on-premises servers are being backed up to a local NAS or storage server.

From there they are copied up to an online Cloud backup service as the default off-site backup location. Assume at least a 10Mbit upload speed to allow for the initial image upload or a seed done via courier to the backup service provider.

Now, the on-site servers fail. The cluster or standalone host is hosed.

Then, it turns out that the backup destination NAS/storage server was also hosed.

What then?

Well, we have our off-site now don't we?

Yeah, we do ... sorta.

Even at 1Gbit/Second how long would it take to download the full backup image and its incremental images? If image consolidation was ongoing, okay fine, how long to bring down that full image and possibly the extra few incremental backups?

One would imagine that if a business is not able to tolerate at least two to three days of downtime just for the restoration process, never mind replacement hardware procurement, then one really needs to evaluate another tier of local storage for an off-site rotation.

Cloud Services and Storage

Well now, how about the Cloud service vendor's services?

An SLA is only as good as the bond paper it is printed on right? Or, at least as good as the vendor making the promise that our data will never disappear.

Oh really?

What about the mailboxes on GMail that seemingly disappeared? Did they ever get fully recovered?

What about that Cloud based ERP and accounting solution? What do they do to protect the multi-million dollar company's Solution in the event of an internal failure at the Cloud vendor's site?

Thus, that begs the question: Does the Cloud service provider facilitate the ability to back up the Cloud based data set to our own premises? If not, it may be in the company's best interest to look for other Cloud vendors that do provide a facility to back up the company's data to on-premises.

We have all seen failures of all sorts at all levels of IT Solution sets.

Given the scale of Cloud computing and its relative newness it is only a matter of time before we see catastrophic failures at the Cloud service vendor level.

When that happens what will become of the business that now depends on that Cloud service provider to restore the service _and_ data back to the way things were but that does not happen?

Please remember that when it comes to technology we are not talking about an "if it happens" we are talking about a "when it happens".

Being prepared whether the service is on-premises or in the Cloud is key to business survival in today's hybrid environments.

Philip Elder
Microsoft MVP
MPECS Inc.
Co-Author: SBS 2008 Blueprint Book

Chef de partie in the SMBKitchen
Find out more at
www.thirdtier.net/enterprise-solutions-for-small-business/

Friday 15 November 2013

Some Mobile Phone Related Security Reading and Videos

This from Susan Bradley as far as what our mobile phone can say about us:

image

Now, take that the to the next level.

MVP Doug Spindler provided links to the following very informative videos.

image

Malte went to the extent to sue the mobile phone carrier his phone was hooked up with to acquire the "Metadata" they held on him. His talk brings to light some aspects of what that data does for the NSA and other intelligence gathering agencies.

Doug also shared the following TED Playlist called The dark side of data (11 talks).

image

All of the talks are worth watching . . . and not for the faint of heart!

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

Chef de partie in the SMBKitchen
Find out more at
www.thirdtier.net/enterprise-solutions-for-small-business/

Windows Live Writer

Wednesday 13 November 2013

External Hard Disk Formatted GPT: Shows Healthy (GPT Protected Partition) in Disk Management

Okay, this was a bit of a puzzle:

image

A 2TB Seagate drive used for backups was originally formatted GPT on a Windows Server 2012 RTM Hyper-V host server.

We plugged the drive into a Windows Server 2012 R2 Hyper-V host to run backup recovery tests and ended up with the above. We tried a Windows 7 Enterprise system and the same result was to be had.

Getting a little concerned that any search results for the above stated to format the hard disk we tried one more thing. We plugged the drive into a Windows 8.0 Enterprise x64 machine to see if the VHDX files would show up.

image

Sure enough the drive received a letter and the files became available. Now to figure out how to get the newer server OS to read the drive!

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

Chef de partie in the SMBKitchen
Find out more at
www.thirdtier.net/enterprise-solutions-for-small-business/

Windows Live Writer

Our Client CryptoLocker Warning E-Mail

This is a copy of an e-mail we are sending out on a somewhat frequent basis to our clients to keep being Internet Street Smart at the top of their minds:

Hello all,

I may have mentioned this in the past while but it bears being mentioned again.

There is a really bad malware being spread via links in e-mail that take the user to a bad site or attachments in an e-mail that contain the bad software. Its name is CryptoLocker.

If the link is clicked on or the attachment is opened the software starts up and goes on to encrypt, that is make unavailable, EVERY file the user has access to. There are two ways to get out of the mess once the infected system is found and quarantined:
1.    Best Option: Recover the files from Previous Versions (Volume Shadow Copy snapshot) … may be out by a few hours.
2.    Okay Option: Recover or from Backup … may be a bit out of time in the form of hours.
3.    Worst Option: Pay the bad guys to decrypt the data and risk identity theft among other problems of handing over a credit card number.

Simple rule of thumb: NEVER click on a link in an e-mail and avoid opening attachments if at all possible (Especially ZIP archives). And, if a link must be clicked on in an e-mail hover the mouse cursor over the link to see where it leads to. If it looks suspicious please ask!

Our systems are designed to provide maximum recoverability however the snapshots and backups are timed throughout the day. So, if there is an infection some work may be lost!

As always, please be very careful and aware that bad folks out there are always on the hunt for more victims. No business large or small is exempt from these folks nefarious activities.

We are aware of firms, fortunately not our own clients, that are on the brink of possibly being lost due to CryptoLocker and bad or unavailable backups!

Thanks and have a wonderful day! :)

We do our best to keep folks aware of what is happening out there but things are getting even more nasty for e-mail transmissions.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

Chef de partie in the SMBKitchen
Find out more at
www.thirdtier.net/enterprise-solutions-for-small-business/

Windows Live Writer

Friday 8 November 2013

Cause For Pause: Accounting Firm Possibly Done In Due to Technician Error and Cryptolocker (reddit)

This article came across one of the lists I am a part of and really brought home our own experiences back when Backup Exec and Symantec spent three days working with us to recover a backup that in the end proved to be unrecoverable.

In the above case we were fortunate to have other methods in place to protect the data but we did end up losing the domain and 24 of a partner's files out of 650GB of data (the failure was progressive - garbage in garbage out).

The BUE fail taught us to advocate strongly for us to be the ones to rotate the backups (the person responsible in the above case failed to rotate the two magazines) and to do a quarterly _full_ bare metal or hypervisor restore of the backup.

It also drove us to find a different backup and restore method that gave us portability for the backed up server along with good recoverability. We came across and have been running with StorageCraft's ShadowProtect product ever since. Since then we have had some spectacular recoveries completed as a result of ShadowProtect and the skills learned via Jeff Middleton's SwingIT migration methods.

One of the other lessons we learned early in our IT careers and is exemplified in the above article is the thoroughness with which we keep our client's audit notes. We document absolutely _everything_ about their network setups. They get any updated versions after they have been updated. One can never be too sure!

A full bare metal/hypervisor restored backup is the ONLY known good backup. Period. Full Stop.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

Chef de partie in the SMBKitchen
Find out more at
www.thirdtier.net/enterprise-solutions-for-small-business/

Windows Live Writer

Thursday 7 November 2013

StarTech 7.1 USB External Sound Card for Intel NUC Driver Error on Windows 8.1

We set up our first Intel NUC only to discover that the device has no built-in sound outputs beyond the HDMI interface. For folks that do not have an HDMI based monitor with built-in speakers, basically 99% of our world, this is a big hang-up for the product ... and an added expense against competitors like the Lenovo Tiny.

image

We plugged the device into a USB port on our NUC running Windows 8.1 and it picked up immediately. Though, we had one catch: The headphone jack was not working.

The StarTech chat mechanism on their Web site was not functioning correctly so we called in and were greeted with a friendly and very helpful technician.

In the end we had to download the driver, extract it after unblocking the ZIP file, and set its Compatibility Mode to XP Service Pack 3.

After a reboot we were able to set the default output to headphones:

image

We can now listen to our Dubstep and other fun bouncy stuff without disturbing the neighbours. :)

NOTE: The StarTech technician indicated a Windows 8.1 compatible driver should be available at some point soon.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

Chef de partie in the SMBKitchen
Find out more at
www.thirdtier.net/enterprise-solutions-for-small-business/

Windows Live Writer

Wednesday 9 October 2013

SSL Certificates: CSR Decoder to Verify Settings

When it comes to creating a certificate request sometimes we can miss a character or typo something.

If the processing takes longer than expected and the certificate provider does not provide much more than a "Processing" status it may be a good idea to verify the settings in the CSR file.

The CSR Decoder site can do that:

We hit a snag with a CSR that was taking too long and sure enough there was a typo in the common name that caused it to hang up.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

Chef de partie in the SMBKitchen
Find out more at
www.thirdtier.net/enterprise-solutions-for-small-business/

Windows Live Writer

Monday 7 October 2013

Hyper-V Cluster: An error occurred while creating the cluster: Unknown error (0xc0000133)

We had just finished walking through all of the steps to set up two nodes for a Server 2012 RTM Hyper-V cluster when we got hit with the following error:

image

Create Cluster Wizard

An error occurred while creating the cluster.

An error occurred while creating the cluster 'TD-12Cluster'.

Unknown error (0xc0000133)

Our initial searches turned up very little when we included Hyper-V and Cluster in our terms.

The error code however turned up a tie into time synchronization.

These nodes were set up using Windows Server 2012 Standard in Server Core mode. And, we had missed step 9 in SConfig: Date & Time!

The time zone was incorrect on both nodes.

We also noticed that the time on the test network was about 9 minutes out from our own. So, we had missed configuring the time service on the physical DC to poll the Canadian pool.ntp.org servers.

  • Blog post here: Preparing A High Load VM For Time Skew
    1. Elevate a command prompt
    2. w32tm /config /syncfromflags:manual "/manualpeerlist:0.ca.pool.ntp.org,0x1 1.ca.pool.ntp.org,0x1 2.ca.pool.ntp.org,0x1 3.ca.pool.ntp.org,0x1"
    3. w32tm /config /update
    4. net stop w32time && net start w32time
    5. w32tm /resync /force
    6. w32tm /query /source
      1. Should be 0.ca.pool.ntp.org

Once we had the domain time in order and the nodes synchronized to the DC we were able to successfully stand up the cluster in Failover Cluster Management.

image

In the end not referring to our process manuals was the key. ;)

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

Chef de partie in the SMBKitchen
Find out more at
www.thirdtier.net/enterprise-solutions-for-small-business/

Windows Live Writer

Thursday 3 October 2013

SMB Kitchen Crew Chat Today

Sharing here because the #1 chat topic is always virtualization so thought some here might be interested.

We're holding one of our regular SMBKitchen Crew chats at 1600Hrs MST today.

At this chat we'll talk about the latest small business IT issues, answer your questions and make sure that you're aware of the latest stuff that we've published. Hope you can join us!

Click this link https://meet.lync.com/harborcomputerservices/amy/C2YB9SVC

I will be involved in this public chat today to talk a bit about what has been published by me already and to answer any questions that you may have along with the rest of the Crew!

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

Chef de partie in the SMBKitchen
Find out more at
www.thirdtier.net/enterprise-solutions-for-small-business/

Windows Live Writer

Attitude and Gratitude

To date I don’t believe I’ve ever crossed the line into political commentary.

No, this is not about what is happening South of the border (being in Canada that).

This is about our own little world here in St. Albert. We have been supporting the St. Albert Youth & Community Centre for quite a few years now.

In fact, we did what we could for them in the way of time and product as the service they provided to the youth of St. Albert touched very close to home for me.

Attitude

The attitude is in how we take full and complete responsibility for what we do in our business, in our community, and within our own personal lives.

This attitude seems to be a direct antithesis to the prevalent “blame anyone but me” we see in the news, politics, and unfortunately in business.

We seem to live in an era where the word “responsibility” is a four letter one.

The local St. Albert administration pulled a significant chunk of the Youth Centre’s (YC) funding last year. So, when the YC got into a bit of a spat with the landlord over who should fix the very leaky roof (not drips but _gallons_ the standoff ended with the YC needing a new home.

When the City Council pulled funding last year the YC decided to keep in trying to serve the Youth of St. Albert. They worked very hard to build funding from other sources to replace the well over $110K they lost from the City.

Unfortunately, due to the pulled funds when the row with the landlord came to a finish the YC did not have sufficient funds in place to find a new location.

The City Council’s and Mayor’s spin on the loss of the YC was sad to see. At no point did this council or mayor take responsibility for the fact that they pulled the funding needed for the YC to survive in a new location. It was the landlord’s fault that the YC needed to close.

We picked up the last of their equipment this Monday as they closed up shop. It was a sad day for the both of us but most especially for the youth that no longer have a safe place to go.

And, it was a first-hand experience of how folks in politics can seemingly spin anything to defer responsibility for something they were a party to. This truly saddens me as well.

Gratitude

And finally, when we receive a referral either from a client or fellow IT Provider we make a point of offering some form of thanks.

Gratitude, that is being thankful for the business referred to us is a very important thing. Folks did not have to reach out to us in the first place or could have gone somewhere else with the business.

Thus, when we reach out and bring another IT firm, or specialized service firm, or whatever they may be doing into the mix one would expect at least a “Thank you” or even a small finder’s fee to toss in the company coffee fund.

When that does not happen then what are we to think?

Suffice it to say we would probably be taking those kinds of needs to another company a lot more willing to “partner” in the true meaning of the word.

Author’s node: Yeah, it’s been a bit of a tough week.

Thanks for reading. Our clients and you make things all the more worth it to keep plugging along. :)

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

Chef de partie in the SMBKitchen
Find out more at
www.thirdtier.net/enterprise-solutions-for-small-business/

Windows Live Writer

CryptoLocker Word Of Caution

One of the things we have done from the get-go when it comes to setting up ShadowProtect to stream backups to either a drive set connected to a standalone Hyper-V host or to the standalone DC in a Hyper-V cluster setting is to set the shares to allow the Domain Admin MOD.

Inheritance on the folder’s NTFS permission set is removed/copied out then Domain Users/Machine Users group will get removed altogether.

We do this for a number of reasons

  • Users cannot connect to the ShadowProtect images
    • They are password protected and are using at least AES128bit
  • Users cannot delete the images

While we are into our client’s servers on a regular basis sometimes the occasional domain admin account password will expire in the interim.

ShadowProtect will start failing to back up to the shared folder as a result of not being able to log on so a small bonus in the mix.

We are seeing CryptoLocker problems abound lately where someone clicks on a link in an e-mail or is drawn to a compromised site. What that means is that _any_ file/folder set the user has permissions to access and modify may end up encrypted by the malware.

The _only_ way to “recover” from this situation is via Shadow Copies or backup.

If the backup drive and/or backup folder destinations for those ShadowProtect backup files, or any other product that lays down files for backup, is open for users to access then we all know what can happen.

Point of order: Any backup product that uses the volume snapshot service should have its backup times staggered over the Volume Shadow Copy snapshots as having two snapshots running simultaneously could end up with data toast on both sides.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

Chef de partie in the SMBKitchen
Find out more at
www.thirdtier.net/enterprise-solutions-for-small-business/

Windows Live Writer

Friday 20 September 2013

System Uptime on an SQL Server

We are in the process of running some maintenance on a series of servers we rarely get to touch.

image

We have the LoBs offline or in limited usage at the moment:

image

This particular physical server’s sole purpose in life is to host SQL database instances.

So, while it is has been a good run for the server we are about to terminate the close to two year run. :)

For obvious reasons it is our preference to keep things up to date in the server operating system and the server services running on top of that OS. However, sometimes business dictates that we do not touch unless there is a very good reason to.

We do have a number of such situations. In this case, the LoBs provided us with the opportunity to reboot, run some updates, reboot, and then service pack the various SQL instances.

We now have a fairly happy SQL server that will probably keep running for another year or so until we move this particular client over to a Hyper-V failover cluster.

Have a great weekend everyone and thanks for reading. :)

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

Chef de partie in the SMBKitchen
Find out more at
www.thirdtier.net/enterprise-solutions-for-small-business/

Windows Live Writer

Thursday 19 September 2013

Microsoft ID 2 Factor Authentication

If you have not already implemented the newly available 2FA for your Microsoft IDs then maybe it is time to look at doing that.

We’ve all seen the plethora of Yahoo and iTunes accounts compromised.

So, why not take a moment to update all Microsoft IDs used both within the business and personally to have up to date cell phone numbers for text verification and then download and configure the Microsoft Authentication App.

Once the app is on the smartphone enable and confirm 2FA in the Microsoft ID profile.

From then on any Microsoft ID protected property will prompt for the code that is presented in the Authentication App.

There is a check mark for don’t bug me here on those 2FA pages but it kind of defeats the purpose to check those on pretty much any online property now doesn’t it?

IMNSHO, this feature rocks!

Hopefully the banks catch up and start utilizing this kind of security beyond the second layer of personal question protection.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

Chef de partie in the SMBKitchen
Find out more at
www.thirdtier.net/enterprise-solutions-for-small-business/

Windows Live Writer

Friday 13 September 2013

Why We Never Dedicate a NIC Port to a VM

We never dedicate a NIC port to a VM. We always _team_ NIC ports. Generally there are two teams in standalone and cluster setups.

Team0: Management (Port 0 on NIC 0 and 1)

Team 1: vSwitch (Ports 1+ on NIC 0 and 1) – Dedicated

I kinda understand the logic of doing that, that is dedicating a NIC port to a VM. However, the whole purpose of virtualization is to separate the guest operating system from the hardware. So, one needs to break from that mindset.

There is no reason why the dual Intel quad-port configurations (8 ports total with 6 for the vSwitch) we do would have a problem with the in some cases 20+ VMs running on the host.

Team configuration exception to the rule would be for CAD/CAM/High Bandwidth needs:

  • Team0: Management (Port 0 on NIC 0 and 1)
  • Team1: vSwitch High I/O (Port 1 on NIC 0 and 1)
  • Team2: vSwitch General VMs (Ports 2+ on NIC 0 and 1)

That leaves a dedicated pair to the higher network bandwidth VM or VMs. We would leave VM density on Team1 at two or three maximum.

BTW, in a disaster recovery scenario having things teamed makes recovery a lot simpler. Trying to keep track of all of those vSwitch names mapped to what VM would be a real PITA when things were tense. Plus, getting all that configured would be that much more time wasted getting things back. Keep It Simple Sir

Oh, and one more thing: Why would one use a dedicated physical port on each node in a cluster for a highly available guest hosted on that cluster?

That leaves a single point of failure and yet we see that it is quite common for NIC teaming to not be used.

With NIC teaming now built into Windows Server 2012 RTM and newer there is no real reason to avoid teaming NICs or NIC Port groups to avoid that single point of failure.

So, when architecting a cluster setup please use NIC Teaming.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

Chef de partie in the SMBKitchen
Find out more at
www.thirdtier.net/enterprise-solutions-for-small-business/

Windows Live Writer

Thursday 12 September 2013

Office Pro Plus: Setup Error - Files necessary to run the Office Customization Tool were not found. Run Setup from the installation point of a qualifying product.

That was the error we had when we ran setup /admin from our Office 2013 Pro Plus distribution point.

image

It turns out that we do need to download some additional files from Microsoft's download site.

We downloaded the 32-bit version of the tools and extracted them to a folder.

Once the extraction is complete copy the Admin folder to the root of the Office distribution point.

image

We could then run the setup /admin command from the distribution point and voila:

image

We can now go on and create our MST file to allow for automatic installation, activation, and base configuration of the products.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

Chef de partie in the SMBKitchen
Find out more at
www.thirdtier.net/enterprise-solutions-for-small-business/

Windows Live Writer

Wednesday 11 September 2013

Windows Features Error: Windows couldn't complete the requested changes 0x800F0906

We hit this today:

image

Windows Features

Windows couldn't complete the requested changes.

Windows couldn't connect to the Internet to download necessary files. Make sure that you're connected to the Internet, and click "Retry" to try again.

Error code: 0x800F0906

Our search turned up the following KB:

The OS affected was Windows 8 Enterprise on a greenfield Windows Server 2012 Essentials virtualization setup.

The relevant point for us was in the WSUS settings as we set up WSUS in Group Policy with the appropriate WMI Filters for each operating system. We did _not_ make the respective changes recommended in the KB article though.

image

We made the necessary change to allow for the required files to be pulled down:

image

We then ran GPUpdate /Force on W2012E and the affected system.

image

We were then able to click the Retry button on the error window and the needed content was downloaded.

image

We were then able to move on with our tasks!

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

Chef de partie in the SMBKitchen
Find out more at
www.thirdtier.net/enterprise-solutions-for-small-business/

Windows Live Writer

Outlook: Cannot open this item. Outlook has already begun transmitting this message

We had a strange one this morning:

image

A couple of messages were stuck in the Outbox.

This site has some good troubleshooting tips:

However, after running through all of the steps Outlook eventually did step up and send the messages. Though, that happened when Outlook was _in_ Offline Mode.

It turns out that we now know why the Send/Receive process is being hung up:

image

Our Office 365 account was stuck?

image

Apparently there were no issues? Hmmm...

We tried to add the O365 account to a different system's Outlook and we hit this:

image

Using Men&Mice's awesome freebie online DIG tool we checked to make sure that AutoDiscover was indeed set up (which it was when we configured things back when).

image

So, at least at this point it is looking like the service is indeed having an issue.

And finally, after a huge pause Outlook's Send/Receive coughed up an error:

image

With the volume of e-mail we have flowing about right now having Outlook getting hung up on one of the mailboxes during Send/Receive is outright frustrating! :S

We removed the O365 account and sure enough Outlook has started sending and receiving without a hiccup.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

Chef de partie in the SMBKitchen
Find out more at
www.thirdtier.net/enterprise-solutions-for-small-business/

Windows Live Writer

Monday 9 September 2013

Windows Server 2012 and Essentials: Error 80073718 on Update(s)

We may be seeing some issues in Windows Server 2012 and W2012E:

In the end the problem points to a "servicing stack corruption" with the OP needing to re-install the operating system from scratch.

While this may be a possible suggestion for a new server setup, those that have had their systems in production for any amount of time are left in a bit of a conundrum.

At this time there is no "fix" for the "problem".

So given that Microsoft would not recommend a third party action, our suggestion for those that have a full server setup in production is to look into running a Swing Migration. Fellow MVP Jeff Middleton's methodologies will preserve Active Directory, Group Policy, and more.

If the setup is a VM then there are a number of options one can pursue to Swing the AD off and back on again.

This method would save a good chunk of time as one would not need to migrate the local profiles over to the rebuilt domain nor have to deal with Group Policy Tattoos if one rebuilds with the same domain name. Plus, if there are on-premises services running in Exchange, SQL, and other Line of Business applications the time savings would be _huge_.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

Chef de partie in the SMBKitchen
Find out more at
www.thirdtier.net/enterprise-solutions-for-small-business/

Windows Live Writer

Thursday 5 September 2013

BitLocker Encrypted Drive: Unable to Unlock

We have a number of external BitLocker encrypted drives that we use to tote around our business data with.

After plugging one of the drives into our newly stood up system with Windows Server 2012 RTM being slowly configured as a desktop we hit this:

image

Normally, a BitLocker encrypted drive gets plugged into any Windows Vista and above operating system and a prompt happens to unlock it for full access.

Double clicking on the drive in Explorer did nothing. Nada. Zippo.

In the end we had missed installing the BitLocker components on the machine:

image

Note that a restart would be required once the installer routine completed.

Sure enough, after the reboot we were prompted for the pass phrase after double clicking on the drive’s icon:

image

With BitLocker now included in Windows 8 Pro there is no reason why organizations that do move their desktop operating system platforms over to Windows 8 should not use BitLocker to encrypt every system and external storage device by default.

In fact, for any organization that has sensitive data housed on their systems the only thing stopping the migration to Windows 8 Professional would be Line of Business applications ... maybe. One could work around that with application virtualization or RemoteApps depending on the LoB.

The tools for BitLocker management are also available in Windows Server as well as a part of the Desktop OS Software Assurance and MDOP offering.

And one more thing: With the horsepower that today’s systems offer whole disk encryption as opposed to encrypting only contents is always the best option. BitLocker Content Only Encryption is a new feature in Windows 8.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

Chef de partie in the SMBKitchen
Find out more at
www.thirdtier.net/enterprise-solutions-for-small-business/

Windows Live Writer

SharePoint: Enable Check-In and Check-Out plus Major and Minor Versions

We posted a little video on how to enable the check-in/check-out system and version tracking for SharePoint Libraries on our YouTube Channel.

Enabling Check-In/Check-Out and Versioning in a SharePoint Library

Note that one needs to be signed in as site owner/admin in order to make these changes.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

Chef de partie in the SMBKitchen
Find out more at
www.thirdtier.net/enterprise-solutions-for-small-business/

Windows Live Writer

Wednesday 4 September 2013

A Small Windows Server 2012 Issue

This issue is by no means business critical or threatening to bring down a Hyper-V Cluster or the like.

However, someone somewhere in Quality Control seems to have missed the boat on selecting items in the Roles & Features wizard:

image

Note how there is a Check Mark that seemingly indicates the full Role feature set has been installed.

Yet, when we click into that option we get:

image

It seems to us that since there are features within that Role that have not been installed the top level indicator should be the same as the one beside File and iSCSI Services (Installed) no?

This may be a minor thing, but most certainly indicators should indicate the correct status.

We don’t have a Windows Server 2012 R2 version up and running right now so can’t compare the two. Hopefully this little oversight has been fixed in the soon to be released product.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

Chef de partie in the SMBKitchen
Find out more at
www.thirdtier.net/enterprise-solutions-for-small-business/

Windows Live Writer

Monday 2 September 2013

StarTech or Vantec for SuperSpeed USB 3 Enclosures and Hubs?

Hands down our choice is for StarTech.

image

The above is a 2.5" drive enclosure with a Seagate Momentus 7200 RPM SATA drive installed. Mean throughput seems to be around 60MB/Second to 80MB/Second.

image

The 3.5" enclosure has a 2TB Seagate 7200 RPM SATA drive installed. Throughput seems to be about the same as the 2.5" drive.

The following link lists all of StarTech's single drive SuperSpeed enclosures:

We also have a 2.5" SuperSpeed enclosure coming that can mount ISOs and present them to the connected device as an optical drive.

image

Both drives are connected to the above SuperSpeed USB 3 hub.

We are using the 3.5" drive to host VHDX files. We have Windows Server 2012 Essentials, Windows Server 2012 with Exchange 2013 RTM, Windows Server 2012 with SharePoint Foundation 2013, Windows Server 2012 with the Remote Desktop Services Role, Windows 8 Enterprise, and finally a Windows Server 2008 R2 OS set up with RRAS to NAT between the Internal and our own networks.

We've passed _a lot_ of data across these SuperSpeed devices without a hiccup.

The same could not be said for the Vantec SuperSpeed USB 3 hub and enclosures. They would cut out causing everything to come to a standstill. We went so far as to try a D-Link SuperSpeed USB 3 hub to see if it would work better but we ended up with connectivity issues.

In the end, we are quite happy with the StarTech products especially their stability with so much data flying around on the USB 3 bus.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

Chef de partie in the SMBKitchen
Find out more at
www.thirdtier.net/enterprise-solutions-for-small-business/

Windows Live Writer

Sunday 1 September 2013

Exchange Server 2013: IE10 on Server 2012 and Windows 8 Crashes in /ECP Exchange admin center

In our greenfield deployments getting Exchange 2013 up and running around RTM time was a bit of a challenge give the reality that IE 10 on both Windows Server 2012 and Windows 8 just did not work.

To fix that problem the following needs to be installed:

Note that some security related settings may be reset once this update is installed.

A  prompt to set IE10 security settings is also to be had after the update was installed.

It is good to see that EAC can now be accessed as expected and without interruption.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

Chef de partie in the SMBKitchen
Find out more at
www.thirdtier.net/enterprise-solutions-for-small-business/

Windows Live Writer

Exchange 2013 ECP Error: The user has insufficient access rights. Active directory response: 00002098: SecErr: DSID-03150BC1, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0

After setting up Exchange 2013 Standard on a VM we hit the following problem:

image

Server Error in '/owa' Application.

The user has insufficient access rights.

Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.DirectoryServices.Protocols.DirectoryOperationException: The user has insufficient access rights.
Source Error:

An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

Stack Trace:

[DirectoryOperationException: The user has insufficient access rights.]

System.DirectoryServices.Protocols.LdapConnection.ConstructResponse(Int32 messageId, LdapOperation operation, ResultAll resultType, TimeSpan requestTimeOut, Boolean exceptionOnTimeOut) +1904

System.DirectoryServices.Protocols.LdapConnection.SendRequest(DirectoryRequest request, TimeSpan requestTimeout) +381

Microsoft.Exchange.Data.Directory.PooledLdapConnection.SendRequest(DirectoryRequest request, LdapOperation ldapOperation, Nullable`1 clientSideSearchTimeout) +3849

Microsoft.Exchange.Data.Directory.ADDataSession.ExecuteModificationRequest(ADObject entry, DirectoryRequest request, ADObjectId originalId, Boolean emptyObjectSessionOnException, Boolean isSync) +1062

[ADOperationException: Active Directory operation failed on vW2012E.MPECSINC.local. This error is not retriable. Additional information: Insufficient access rights to perform the operation.

Active directory response: 00002098: SecErr: DSID-03150BC1, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0

]

Microsoft.Exchange.Data.Directory.ADDataSession.AnalyzeDirectoryError(PooledLdapConnection connection, DirectoryRequest request, DirectoryException de, Int32 totalRetries, Int32 retriesOnServer) +3736

Microsoft.Exchange.Data.Directory.ADDataSession.ExecuteModificationRequest(ADObject entry, DirectoryRequest request, ADObjectId originalId, Boolean emptyObjectSessionOnException, Boolean isSync) +1945

Microsoft.Exchange.Data.Directory.ADDataSession.ExecuteModificationRequest(ADObject entry, DirectoryRequest request, ADObjectId originalId, Boolean emptyObjectSessionOnException) +27

Microsoft.Exchange.Data.Directory.ADDataSession.Save(ADObject instanceToSave, IEnumerable`1 properties, Boolean bypassValidation) +2082

Microsoft.Exchange.Data.Storage.ExchangePrincipal.Save() +1078

[StoragePermanentException: There was a problem accessing Active Directory. Check your network connections and try again.]

Microsoft.Exchange.Data.Storage.ExchangePrincipal.Save() +1600

Microsoft.Exchange.Clients.Owa2.Server.Core.RequestDispatcher.HandleLanguagePost(RequestContext requestContext, CultureInfo culture, String timeZoneKeyName, Boolean isOptimized, String destination) +2072

Microsoft.Exchange.Clients.Owa2.Server.Core.RequestDispatcher.DispatchIfLanguagePost(RequestContext requestContext) +642

Microsoft.Exchange.Clients.Owa2.Server.Core.RequestDispatcher.InternalDispatchRequest(RequestContext requestContext) +620

Microsoft.Exchange.Clients.Owa2.Server.Core.RequestDispatcher.DispatchRequest(RequestContext requestContext) +297

Microsoft.Exchange.Clients.Owa2.Server.Core.OwaRequestHandler.OnPostAuthorizeRequest(Object sender, EventArgs e) +352

System.Web.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +80

System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +165

Version Information: Microsoft .NET Framework Version:4.0.30319; ASP.NET Version:4.0.30319.17929

There was not a lot that turned up in our searches.

In the end, we needed to run the following command on the Windows Server 2012 Essentials server from the Exchange 2013 install disk:

  • Setup /PrepareAD /IAcceptExchangeServerLicenseTerms
  • image

Once the above command finished running we hit refresh in IE and we were in.

image

Please note that these shots are via one of our labs we are running through in preparation for some SMB Kitchen Project content.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

Chef de partie in the SMBKitchen
Find out more at
www.thirdtier.net/enterprise-solutions-for-small-business/

Windows Live Writer