IT Work

Looks like it's NOT 64-bit

Tim Robichaux — Wed, 29 Oct 2008 22:56:44 GMT

So, there's been all this hooplah (created by me) about the MacBook Pro that I'm using at the moment. I have been really enjoying my time spent with it, and I've been able to overlook some of the minor issues that I've run into. I do wish that it had more RAM. I do wish that Excel could open my timesheet. I do wish that I could easily sync offline files (Paul tipped me on a product, but I don't want to write about it until I've fully tested it).

Those are all small issues, but what I've run into now is bigger than that. Apparently, I am running a 32 bit operating system <pausing for the collective gasps>! I made the attempt to create a new virtual machine running Windows Server 2008, so that I could run a couple of the management tools that I can't run in OSX. My attempt resulted in this screen:

Shocking, I know. Now, I also understand that with a smaller amount of RAM in my system, it's really not a big deal to not have all 64 bits of addressable space, but the outrage is justified. In doing some research, I found out that the chip that was shipped was 64 bit CAPABLE, just not ENABLED. I'm not going to futz around and try and make it work, but that is something that I want to make sure my next hardware purchase can handle. I know this sounds silly, but I try to research these things, and I've walked away from buying hardware because it lacked a single feature that I wanted. NOTE: This should be taken with a hearty understanding that a) this is a WORK laptop and that I didn't pay for it and b) I am very grateful for the chance to use it and experience the goodness that is a MacBook Pro.

That all being said, I'm off to dig up my 32 bit version of Windows Server 2008 to install. Whee!

Mac Stuff

It's a difficult decision

Tim Robichaux — Fri, 24 Oct 2008 20:57:31 GMT

I'm getting ready to head out to PDC to do some support work and I'm faced with a very difficult decision, in my mind. As I stated in my last post, I just got a shiny, new (old) MacBook Pro. I've been using it for two days now and the only thing I've found that was kind of wonky has been working on my timesheet in Excel (the Mac Office 2008 version). The dilemma, to cut to the quick, is that I am worried that something will come up at the PDC where the MacBook Pro will not suffice. If there was an issue I could be concerned about, straight up, I would address it, but this is more of a nebulous fear.

I currently use a Lenovo Thinkpad T61 with 8GB of RAM and a 160GB drive as my primary work machine. It's been doing "OK," but there are always quirks. The new MacBook Pro has less RAM, and a slightly slower processor, but it also has much more hard drive space. Most of these things are a non-issue, but that is where the fear comes into play.

I think that what I'm going to do is just end up taking both machines with me. The nice thing about working backstage is that I'll be able to (mostly) set up my stuff and then not have to worry about it. I don't think having a "backup" Thinkpad is going to be an issue, but I can have it there as a security blanket, just in case things go belly-up. If someone DOES point out that I'm a huge geek and I should just pick one machine and stick to it, I can claim that the Thinkpad is a backup for the demo! Woo! I win!

Mac Stuff

Living with DPM - Part 2

Tim Robichaux — Tue, 16 Sep 2008 16:53:32 GMT

Lately I've been working with System Center - Data Protection Manager from Microsoft and I have to say that while it's a nice product, there are some areas that need improvement. One of the things I've been wanting to do is talk about some of the issues I've had and open up a forum to discuss those issues. To start this off, I'm taking some of the problems that I've had with DPM's tape handling.

Note: I don't want it to look like I'm just bashing DPM. I DO like parts of it. If you know of ways to resolve these issues, PLEASE let me know. I'll post those fixes as updates.

Tape Issue El Five:

Inconsistency in tracking tape movement. When I use the tape device to remove a tape or multiple tapes (since this is the only manner to eject or load tapes), DPM does not see that I’ve done anything; it never actually talks to the tape library. When I try to resync, the progress bar completes but no updated information is produced. If I re-run a Detailed Inventory, it then finds out what tape slots are actually occupied. This seems like a lot of tape movement just for DPM to see that a tape has been removed.

Tape Issue Number VI:

The whole OMID and barcode thing. I know there has been talk about getting this fixed, but it is a big stopper when I can’t erase the tapes or generate an OMID on my own to pop in there. Until this gets resolved, I’ve just turned off the barcode reader in the tape library.

Tape Issue Number 7:

I can’t figure out how to allow multiple protection groups to get written to a single tape. This may just be me missing something pretty obvious, but I would like to be able to put multiple, smaller protection groups all on one tape so that I don’t have the huge number of extra media just to back up a bunch of 600MB – 20GB protection groups.

Yes, Number 4 is missing. When I was writing this, originally, I was doing it in the heat of irritation. That leads to many things like snarky humor and missed counts.

Living with DPM - Part 1

Tim Robichaux — Fri, 12 Sep 2008 21:43:01 GMT

Note: I don't want it to look like I'm just bashing DPM. I DO like parts of it. If you know of ways to resolve these issues, PLEASE let me know. I'll post those fixes as updates.

Tape Issue Numero Uno:

No tape controls in DPM. When I am using DPM to back up data to tape in a library, it would be nice to be able to eject and load tapes using DPM, instead of having to navigate through the menus on the front of the tape library.

Tape Issue Number Two:

Lack of success at erasing ANY tape. Whenever I try to put in a new tape and erase it, it fails. It does not matter if it is a new tape, fresh from the plastic or one that has been used for backups before, I’ve never had a tape get successfully erased. As far as I know, erasing the tape using DPM is the way to get around the issues of media with no OMID.

Tape Issue The Third:

Lack of success identifying any tape. This is the situation, I have five tapes.

Tape 1 – Fresh out of the box
Tape 2 – Fresh out of the box
Tape 3 – Used on the old system (has data)
Tape 4 – Used on the old system (has data)
Tape 5 – Used on the old system (has data)

Every tape is put into the loader and then once a Detailed Inventory is run. Here are the results:

Tape 1 – Unknown
Tape 2 – Unknown
Tape 3 – Unknown
Tape 4 – Unknown
Tape 5 – Unrecognized

I try to Erase or Identify any of the individual tapes. The jobs all fail, but when a particular tape gets put back, it changes from Unknown to Unrecognized and I can “Mark as Free…” So now, I have:

Tape 1 – Unknown
Tape 2 – Free (Contains Data)
Tape 3 – Unknown
Tape 4 – Free (Contains Data)
Tape 5 – Free (Contains Data)

So now, out of 5 tapes, I have three that I can use. This seems like a lot of work with little return.

I know that DPM is supposed to be very different from traditional backup systems, but I think that the change has been too radical. It is hard to educate IT organizations to the point where they are comfortable migrating to a new technology when something as important as backups are concerned. I'm looking forward to see where Service Pack 1 will take us in the future.

Microsoft ISA 2006

Tim Robichaux — Thu, 14 Aug 2008 23:01:57 GMT

Recently we picked up a big project in the Platform team. We were all excited about it, and pretty soon we were all working hard at making it a success. One of the things that was a little bit broken was that were trying to come up with a good way to make files available to customers and team members who were not local. Sure, the team members could VPN in, but the customers couldn't. We looked at a couple of solutions like Microsoft Groove and publishing a Sharepoint site, but everything seemed to have a problem or issue that we really didn't like. What we ended up deciding on as a solution was using our existing TeamPlain Web Access for Team System. We had used that solution before to give access to another client to access the bug tracking list for a code project and everyone seemed to be happy with how it turned out.

Projects were created, permissions assigned, and then the fun started.

It seemed that people were able to log into the system and navigate with no problem, but they couldn't download any of the files. I looked into TFS and TeamPlain and I couldn't find anything that would prevent this issue. Looking at the error that was coming up on the client, I thought that it looked a lot like an error tossed out by ISA 2006.

Error Code: 500 Internal Server Error. The request was rejected by the HTTP Security filter. Contact your ISA Server administrator. (12217)

After some googleing, I found that this error is often seen in OWA implementations behind ISA 2006 and there is an option in the HTTP configuration on the publishing rule in ISA that you can set to prevent this error. I whipped open the ISA Server Management tool and started right-clicking. The only problem was that the "Configure HTTP" option that should have been there on that rule was missing. When I opened up the rule, on the "Traffic" tab, I should have been able to click the "Filtering" button and get to the same setting (which the fix is, for the impatient, turning OFF the "Verify normalization" and "Block high bit characters"). This was something of a big problem since without that switch, I wouldn't be able to share these files in the way that we had decided.

Sidenote:
The problem with the file download, at it's root, seems to be that the title of the file has some extra characters in it. What is supposed to be a %20 in the URL gets converted to %2520 and ISA chokes on this and says, "Not YOURS, no file for YOU." As you can guess, this is a pretty big problem when trying to use the system to deliver documents and foster collaboration.

Back to ISA 2006. It didn't work. Now, I had been unhappy with our ISA server for quite a while. It never got patched right, and all sorts of odd things have happened with it. I couldn't troubleshoot it, since it was a production system, so I did the second best thing, I built a new one. I lovingly patched it, and coddled it and configured it the best I was able. The neat thing was that I created a bunch of test rules, and they DID have the options that I needed to configure. The final step was to import the rules from the old ISA server. Oddly, when I imported them, the RULE WAS BROKEN on the NEW server. After much swearing, I wiped ISA from the box and started over. This time, at the suggestion of our Head of IT, I took an exported set of the rules from the old (BAD) server and imported them into the (NEW) server AFTER making a backup of the rules that worked. This time, when I imported the rules from the old server, everything WORKED.

I've been working with Microsoft products for a number of years, and this kind of behavior is quite common. I remember installing Windows 2000 Professional on the same hardware a couple of different times and getting different configurations each time. I wasn't surprised, but I was just glad that it worked. After some more configuration, I thought that I had everything the same as the existing firewall, and after some convincing of the Head of IT, at 6:00PM we switched over to the new system. The only problem that I was able to find was this morning, VPN was broken and one of the sites (http://getsharp.3sharp.com) was unreachable.

Now, I don't have VPN totally ironed out (I just switched us back to PPTP which is FINE when you are using strong passwords, which we are), but it looks like everything is doing well. Just because I am so happy about these, I will now list the things that used to be broken that now work:

Pandora Internet radio.
Performance Monitor on the ISA machine
Updates and patches on the ISA machine
File transfers using the TeamPlain web access

So, next on my list of things to do is building a new Edge server for our OCS deployment. We have been having some issues with this and it's due to us running out of IP addresses. I just got 13 more, and I'm totally pumped about the stuff we'll be able to publish with them!

Subtext 2.0

Tim Robichaux — Thu, 14 Aug 2008 21:31:05 GMT

Hey! Apparently, a new version of Subtext is coming out! I've been waiting for this for a while, and I'm going to get it put on the IT list of things to get done. I don't think it will change the way we do business, but I am really looking forward to some of the refinements that it incorporates.

Update:
One of the things that is mentioned is improved integration with Windows Live Writer. This is one of the really exciting things, since the is a product I can't say enough nice things about. I'm VERY happy with it.

Just a short shout out

Tim Robichaux — Thu, 17 Jul 2008 00:05:50 GMT

I don't want to get into the middle of a huge flame war, but I wanted to say that I think Apple did an awesome job with the split-disk install of Leopard that I'm working with right now. I've had to install operating systems a number of times, and installed software all over the place, and one of the things I've noticed is an inconsistency in checking to make sure you have all the disks. I just got done walking through the wizard for installing a fresh copy of Leopard, and the last thing that I was asked was if I had the Mac OS X Install Disc 2 handy, since I would probably need it. The nice thing about this was that it was done just before the format, so it was the last little check, just to make SURE that you were ready to wipe things out.

Once more, not trying to incite a flame war, but I found this MUCH more comforting than when I tried to install Windows Media Center 2005 back a few years ago and only realized that I was missing a disk when halfway through installing files, I was told to insert Disc 2. It was my own fault for not checking before I started, but we don't reinstall every day, so it is nice to have little reminders, sometimes.

I don't remember when it was that I first saw it in Linux, but I do remember on Red Hat or Fedora, being given a list of the CDs that I would need to install the packages I had chosen. I remember at the time lamenting the fact that I couldn't install a base system off of one CD (which, as far as I know, is still the case if you don't download the DVD). Now, I use Ubuntu for all my Linux-licious needs, so one CD is all that I need and all that I want.

P.S. If you didn't know, you can install a small jailed copy of Ubuntu Desktop 8.04 on an existing NTFS partition. I just installed it on my co-worker's Server 2008 box for him to find in the morning. With getting the OS installed and dual monitors working and ready for a reboot back into Server 2008, I invested about 10 minutes in the prank. That's some nifty software!

How To Set Up Phone Paging on a Mitel 3300

Tim Robichaux — Thu, 10 Jul 2008 23:53:36 GMT

Our Story So Far

I am not an expert in traditional telephony. I am at peace with this, but there are times where I need to step up to the plate and take one for the team. I've been managing and maintaining our Mitel 3300 ICP for a while now, and I am constantly struck as to how difficult it can be. For a large number of years, telephony of the traditional type, has been full of terms and concepts that may not be quite comprehensible to someone who is not well steeped in the lore of the big Bells.

Earlier today, I was working at my desk and I was asked if I could page some people to help move some equipment from the office across the hall. I'll admit that I was actually stumped. This was something that I had never thought about, and I had no idea how to go about it. With all of the phone systems that I had worked with, previously, there was normally a button on the phone that would page everyone else with a phone. This worked well in a small office where people were often not at their desks. Since just pushing the button seemed to work (and I was not responsible for the PBX), I washed it from my mind. Now that I am in charge of making our PBX sing, it's a bit of a different matter. Delving into the (meager) documentation that I have on the 3300, I found what seemed to be the thing to do. There was already a paging group set up.

I added myself to the group (there were a few members in it, but none since we took over the PBX from our vendor), and then looked to see how to add a button to my phone. Navigating to the Multiline Set Key Assignment, finding my set than then finding an open button, I was presented with a large number of options. I selected the "Paging" option, saved and preceded to fail at paging people.

Looking into the help files, I was only able to find information on Loudspeaker Paging, which I was to find out, is very different from paging directly to the phones. After much searching around and digging, I found a refrence to a concept called "Direct Paging." I didn't see it when I was searching the help files (I actually found it in a 3300 User Guide, under the Advanced Features). I tried the steps contained in the instructions, but it looked like they weren't working.

Thinking that this might be a problem with how I set up my buttons, I looked back through my key settings and, lo and behold, I found an actual option to assign a button the "Direct Page" function.

With everything saved, I was able to pick up the handset, hit my new page button, dial the Page Group number, and send my shining voice out to the masses.

Back to the Good Stuff

It looks like in the telephony industry, there is a big difference in using the phone to send a message to an actual paging system and just sending a message to all the phones lying around in the company.

It looks like there are quite a number of parallels between the two, however. The way the Loudspeaker Paging works is through an actual port or card that connects to a loudspeaker system. Depending on the level of complexity of the system, the 3300 can support up to 16 zones (well, it can really support 15 zones with one [00] reserved for the dreaded "Page All Zones" type of function). On the Direct Page side of the fence, the administrator has the option of setting up multiple Page Groups and all management and pages are handled by the 3300, instead of outside hardware. I'm not sure of the maximum number of Page Groups, but it seems like it is probably quite a few.

I don't want to spend a lot of time becoming an expert on Mitel. There are people who work with the hardware much more than I do, and I would rather focus on the specifics of integrating it with OCS 2007. Now, having said that, for the record, I love learning the little ins and outs of these systems. It's quite interesting and I've learned a lot about how PBXes work, and that's help me understand the link between the telephony world and VoIP.

Well, back to the phone closet!

Windows Server 2008 Core

Tim Robichaux — Thu, 19 Jun 2008 18:25:03 GMT

I just recently started on my journey to learn about and build a server based on Windows Server 2008 Core. I've installed the bits and I'm just now starting to get into the configuration. The first thing that I had to do was change the hostname:

netdom renamecomputer <OldName> /NewName:<NewName>

This gave me a much easier way to refer to the computer (the auto-generated name was WIN-<LongString>, the new name is griddle). The second thing I did was to enable remote administration by setting the firewall rules to allow the remote administration:

netsh advfirewall firewall set rule group="Remote Administration" new enable=yes

In my reading, I found that you can enable or disable the ability to remotely administer each set of servies individually (e.g. File Sharing, or Hyper-V), but since I'm just playing around, I opened them all up. The next part of the equation was to enable the Remote Desktop. I really haven't looked too far into this, but one of the things that I really like about the Linux distributions that I've worked with was that once I've set them up, I turn on ssh and then I can just connect directly to the command line in a secure and user friendly manner (well, friendly to me). I haven't found out how to do this in Server 2008 Core yet, so I'll stick to using a command prompt window in a GUI for now. To do this, we have to change the registry and then open the firewall:

cd C:\Windows\system32
cscript scregedit.wsf /ar 0
netsh firewall set service type=remotedesktop mode=enable

The main reason why I like to use ssh or Remote Desktop is because I spend a lot of time doing things that I'll only do once or twice to any particular machine. To make it easier, I like to plan out what commands I'm planning on running and then putting them in a text file. Then, I can just copy and paste, line by line, when I'm sure I have everything I need. That it a lot easier than trying to remember a sequence of commands and switches and options. The second (and to me, more important) reason why I do it this way is that I LOVE to multitask. It is quite rare that I ever have fewer than 3 remote server connections going at any time, along with a couple of instances of Internet Explorer, Excel and Word. Not to mention Outlook, Notepad++, Office Communicator, Pidgin, Powershell, and assorted others.

Well, that is the current setup of my Windows Server 2008 Core. The next steps will be to install Active Directory services, Hyper-V, and everything else I need for a little lab environment.

Note: I would prefer to have the AD server be running on a host, but I've been advised that it's not wise to have the host joined to a Domain Controller that is running as a guest. It's fine for the DC to be virtualized, but you want to make sure that you have a DIFFERENT DC running somewhere as well.

DPM - Pick Your Cleaning Tape Well

Tim Robichaux — Wed, 18 Jun 2008 18:51:14 GMT

Some important things to note when using DPM. If you are told that the drive needs to be cleaned, you need to make sure that you put the right cleaning tape in there. When we got our new Autoloader (Quantum SuperLoader 3 with a DLT-V4 drive), we ordered all of the tapes we needed, including several cleaning tapes. Once the SuperLoader was loaded, we started to run with DPM and configured Agents and Disks and all the assorted sundries that a good backup scheme needs. (If you want to know more about setting DPM, I recommend this book)

Once things were setup, I noticed that the drive was reporting that it was in need of cleaning. Loading a cleaning tape through the mailslot, I followed the standard procedure of attempting to clean the drive. For some reason it kept failing, and I couldn't figure out why. After three or four attempts, I pulled the tape out and took a really good look at it and then looked at the packaging. Almost at once I saw that it was not the right cleaning tape; we had been sent the wrong tapes. Wanting to get things up and running we RMA'ed the bad tapes and overnighted the good ones. It turned out that they only had one of the tapes we needed in stock, so we had them ship it anyway.

Now that I had the right tape, I ran the cleaning procedure again, and the gnarly orange light on the front panel went away, and the LCD reported that all was well. This was not the case, however, as every tape operation I tried in DPM failed. Erase, Clean, Create Restore Point On Tape, all returned errors that the device was not ready. I tried rescanning. I downloaded the diagnostics from Quantum. I tried power cycling. Nothing worked.

As I dug further into the problem, I found that there weren't many people who had similar problems so as a last resort, I started to look up the actual error codes that I was getting. Most of them appeared to be generic errors, but when I searched for one particular error (24052), the first result from Google caught my attention.

Google Search on the Error

Looking through the post, it seemed that this person was having the same problems that I was having, but with different hardware.

Forum post that contained the information

It appears that this is not a problem with the hardware or the tapes, but rather a bug in DPM. For some reason, it looks like what is happening is that in the DPM database, when you try to clean using an incorrect cleaning tape (or the cleaning fails, I suppose), the "OperationOccuring" state in the "tbl_MM_Drive" gets stuck in a state (state 3, whatever that is) that prevents DPM from seeing that device as ready to use, even though in the Management tab, the device is being reported as idle.

While I hate to hack a database to fix a problem, that seemed to be the quickest way, so taking the advice of the post, I whipped out my l33t SQL skillz and ran an update to that row that changed the state to "0".

UPDATE tbl_MM_Drive
SET OperationOccuring = 0
WHERE DriveID = '<My Device's GUID>'

Once this code was executed, I re-scanned the Library in DPM and then erased a tape as a test. It worked, and I danced around the office, just a bit (everyone else was gone by this point).

While this is not a thing that most people would come across in the day-to-day operation, it is something that was almost a show stopper for us. Backups are extremely important- I've already used DPM to restore some accidentally deleted files -and for our peace of mind we need those tapes for off-site archiving. This fix took me a while to find, simply for the fact that ruling out the autoloader and drive takes a lot of time. Now that it's out there, I hope that anyone else who has this problem has a quicker time!