December 2024
S M T W T F S
1234567
891011121314
15161718192021
22232425262728
293031  

About

I am The Cyberwolfe and these are my ramblings. All original content is protected under a Creative Commons license - always ask first.
Creative Commons License

Archive for the 'Work' Category

No servers in Network Browser

Posted in Geekery, Work on February 2nd, 2014

So there you are, you’ve just updated the last of your servers to Server 2008, 2008R2 or even 2012, and you’ve gotten all of your client PCs up to at least Windows 7. Feels pretty good, eh?

Unfortunately, your users are hounding you because their tried-and-true Network Browser doesn’t show any of the servers. They can see all of the other PCs on-net, but the servers just don’t show up. You can of course type in the hostname manually, but what user is ever going to remember how to do that? Why does this simple thing fail?

Well, it turns out that there is a specific service that tells other systems what shared resources are available on a particular system – and for some completely unfathomable, dumb-as-fuq reason, Microsoft doesn’t enable this service by default on servers. The service in question is Function Discovery Resource Publication (FDResPub), and all you need to do is set this service to auto and start it – and within seconds you can refresh that Network Browser window and see results.

The mind, it boggles.

Here’s the even dumber thing about this: Windows 7 and server 2008 share a whole ton of code, right? Well, Win7 includes this service – and it is set to automatic by default! 

Now, I can understand not necessarily wanting this enabled on all servers – there’s no need to show the servers that don’t have shares on them, like the SQL server.   If this was some option that would pop up sometime during the server configuration stages, like a check box offering to “Advertise this server in Network Browser” (the list of options in the File Services Role would seem an ideal spot), this would make sense – but nope.

I’m guessing the planning for this move went something like this: “well, on PCs, we have to set things up by default for the Dumbest Common Denominator, which is going to be the workgroup user – you know, the shlubs that can barely check their email and have no idea how a computer actually works, so they would never be able to make a PC advertise to the Browser. We’ll enable file sharing by default and set the FDResPub service to auto. But on servers, we’ll leave it off, because surely a server admin will be smart enough to figure out a service we never talk about anywhere by digging up a single reference in an obscure forum post. Yeah, that sounds about right!”

Gee. Thanks, guys.

HP ML350/370 G6 Expansion Drive Cage Installation problem

Posted in Geekery, Work on November 5th, 2011

So, you’ve just bought the expansion drive cage (8 more SFF drives! W00t!) and you’ve got the SAS RAID controller Expansion Card as well. Great! Only one problem – HP forgot to include a crucial bit of information regarding how you wire the damn thing in.

Step 1: remove the existing SAS cables from the existing drive cage and motherboard. Discard these short cables.

Step 2: Take the shorter pair of cables from the expansion card kit, and route them from the SAS ports on the motherboard to ports 8 and 9 on the card. Then proceed with running the remaining cables from the two drive cages to ports 2-5 of the card.

The instructions that came with my kit left these two steps out, and I wasted about an hour trying to figure out what I did wrong (Whaddya mean there’s no new drives in the ACU?). Finally found an article with pictures in the HP site, but they could have saved me the trouble by just printing the above two lines in the kit.

How’d the rest of it go? Rather smashing, actually. That server now has 60GB (!!) of RAM and another 900GB of RAID5 storage.

Your test failed the test

Posted in Work on September 27th, 2011

So one of our  Partner suppliers requires that a certain number of our staffers be certified in their product line. It’s been a couple years since the last time we took the test, so our certs have expired and we need to re-certify our people. No problem, right? I mean, we all passed the test last time we took it…

Well, the test is technical in nature, and the guys who work with us understand that the certification itself is kind of a silly marketing/buzzword thing, so they made it possible to take the test directly from their website without a proctor. Us being the devious techies we are, we cheated outrageously – three of us got together in the conference room, threw the test up on the projector, grabbed our copy of the study materials and brought up a Google search window. Then we got serious about cheating and recorded the entire session for reference.

We got through the first taking of the test pretty well – 82%, where 80% is required to pass. Not bad – especially considering there are only 62 questions. (That’s right, 62. No idea why that many.)

Since each time the test is brought up it grabs a different collection of questions from the pool of all possible questions, the second taking was of course different. Sometimes we got the same question with re-arranged answers, sometimes the answers were completely reworded. And sometimes, the questions were pulled from deep in the bottom of the WTF? bucket.

Now here we have three previously-certified techs, taking a test that has not changed in two years, with a full copy of all the study materials, and this thing brought up several different questions that we had never seen anywhere. One even went so far as to use terminology we’d never heard EVER and had to look up in Wikipedia before we had a clue what the question is about.

We failed the test: 79%.

Now, it seems to me that if three previously-certified techs cheating for all they’re worth can still manage to fail your test after already passing it an hour before, then something is wrong with your test.

Legacy Email Relay in SBS 2008 with Exchange 2007

Posted in Geekery, Work on February 5th, 2011

As can be expected, Microsoft made a lot of changes in the SBS 2008 / Exchange 2007 combination, and while it has been out for several years now, I have yet to find any articles or HOWTO’s that specifically address the problems of getting ancient, legacy code to reliably send email alerts with the new systems.

With Exchange 2003, it was simple and mostly just built-in, all you had to do was add the IP address of things like your scanners and other fairly dumb systems (or even advanced ones, like Backup Exec and APC Powerchute) to allow them to relay email alerts through Exchange.

Well, in Exchange 2007, they made things a little more difficult and force you to create new Receive Connectors with specific restrictions to allow these systems. It has been well documented before, so I’ll just include a link: http://msexchangeteam.com/archive/2006/12/28/432013.aspx

I will point out one thing, however: my experience (and a blog posting I cannot find again today) says that to make this actually work, the remote network range for this connector must be 0.0.0.0-255.255.255.255, and not limited to the single machine or short range of IP addresses. I tested this extensively, and always came up with the same result: narrow IP range = no workee. This means that you must create rules on your firewall to strictly limit incoming SMTP traffic to make sure you don’t set up an open relay on the Internet. You should already be doing this anyhow, considering how cheap Postini spam filtering is.

There’s also one other small problem: SBS 2008 only allows you a single NIC, and therefore a single IP address for the server, which means that you’ll have to assign this new relay connector to a non-standard port (like 26) to make it work. (The trick of adding a second alternative IP address to the NIC will not work – it disappears after a reboot.) Here’s a series of pics with my setup:

Now to use this, you’ll obviously have to configure your legacy systems to point to the specific port as well as the IP address. Usually, this is done by tacking a :26 (or whatever port you chose) on the end of the IP address or server name. (192.168.x.x:26 or servername.domainname.local:26).

Sometimes, however, those legacy systems will be so entirely stupid that you can’t point them at a non-standard port. This is where stuff gets damned annoying.

If you are lucky enough to have another server on the network, you can install SMTP on that server, and tell it to use Exchange (at the special port you made) as a Smart Host, and then you can point your legacy systems at this SMTP server and allow it to do the relaying for you. For example, my client has another Server 2008 machine handy, so I added the SMTP Feature and created a new SMTP Virtual Server called Relay 1 and set it to allow anonymous connections.

Instead of 15 pictures, I’m going to give you a hundred words of settings description:

General Tab:
Select your IP address, nothing unusual here.

Access Tab:
-Authentication button – select Anonymous access only.
-Connection Control button – select “All except the list below”
-Relay Restrictions button – Select “Only the list below” and give it your network range. This one should accept the restriction of single entries, unlike the Exchange 2007 connector. I also checked the box for “Allow all computers which authenticate…” just for grins.

Messages Tab:
-Set your favorite limits here, as well as the location of the Badmail directory.

Delivery Tab
-Set more limits and timeouts here. I usually expire messages at 2 hours.

LDAP Routing and Security tabs:
-Probably no changes needed here.

Lastly, go into the Services management area and set SMTP to Automatic Start.

Hopefully, I’ve just saved at least one other person from having to figure all this out the hard way. May the Force be with you.

How things change

Posted in Geekery, Work on January 19th, 2010

Currently building a server with 20GB of RAM. My first personal computer didn’t have 20GB of hard drive space.

Recognition – I has it

Posted in Politics, Work on June 23rd, 2009

So the Bossman takes a moment this morning to read my response to La Grenouille to the entire crew at our weekly meeting. Said crew makes approving noises, and then Bossman slides a fifth of Captain Morgan’s Private Reserve across the table at me.

I love my job.

Exchange 2003: mail stuck in local delivery queue

Posted in Geekery, Work on April 26th, 2008

This one was a bitch, and since the closest thing I could find to a remedy online was to delete the store and create a new one (not bloody likely) I’ll publish the results of a call to MS Critical Support for the benefit of the masses.

The problem was one user had almost 50 emails stuck in the local delivery queue. They could send email inside and out, but incoming would never get there. I believe the problem was a corrupted mailbox.

To fix the user’s mailbox, I exported their account to a .pst using Exmerge. I then deleted the user’s mailbox and created a new one, adding back in all of their aliases. This got new mail flowing again without too much fuss. The mail in the local delivery queue, however, was still stuck.

To get this going to the right mailbox, we had to ‘recategorize’ the existing mail to the new mailbox.

  1. Stop the SMTP service.
  2. Open Regedit and navigate to the following key:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SmtpSvc
  3. Creat a subkey named “Queuing”
  4. Select Queuing and on right hand pane create new dword value with name “ResetMessageStatus� with value 1 in hexadecimal.
  5. Restart the SMTP service – check the queues and see if mail is being delivered. Also check the account mailbox at this point.
  6. Once all the mails are delivered to that user, stop the SMTP service and change the value for �ResetMessageStatus� to 0 and start the SMTP service.

That should do it. Seems simple, right? HA! I bashed on it for almost two hours, then called crit support and tech#1 bashed on it for an hour, then called in tech#2 who took another half-hour to come up with the registry fix. We still ended up losing a handful of emails, but that was because it took the user two full days to tell me something was wrong, and our queue alarm didn’t catch the problem.

Which, of course, will be step 3 of this process…

 

*Update: comments closed due to excessive spam. Glad I could help all of you with this post.

Whaddya mean you don’t support this?!?

Posted in Geekery, Work on February 18th, 2008

A new client was sold a block of 5 static IP addresses for their business by Qwest.

I was dispatched to the client to set up their firewall to make use of these.

Pretty straightforward so far, right? Little do you know.

So I call up Qwest support, because the DSL modem is currently configured to offer DHCP and NAT translation, which is not the end result we want – we need it to just act as a gateway. Strangely enough, I get Bill on the line, who actually used to live around here. (No idea where he is now, he never said.) He promptly tells me that while he understands what I want and has a vague idea of how it is done, it isn’t actually supported by Qwest to do so.

Uhm, excuse me? you mean to tell me that while your company has sold me this product, they don’t really support it, and you have no official instructions on how to configure the modem to make it work?

“Uhm, yeah.” Sez Bill.

Oi.

Being the nice guy he is, however, Bill does his best to help me get things going. I’m pretty sure that at some point he did not actually understand what I was aiming for, but we plowed on nonetheless trying a number of different combinations of settings. During the course of this, Bill let’s me know that one of his supervisors wandered by a few minutes previously and commented that “we don’t really support that”, intimated that it shouldn’t take that long to do, and then wandered off.

“What? Bill, go lasso that man and get his ass onna phone. If he knows how to do it, why the hell are the two of us floundering around with this crap? Track him down!”

It takes a few minutes, but Bill does manage to convince him to get on the phone. And guess what – 10 minutes later, we’re up and running.

Total time on the phone: 2 hours, 15 minutes. Time actually needed for the whole call: 15 minutes, had Bill had proper documentation for this config.

Bill, thanks for being a sport – sorry I killed your stats for the day.

For the rest of us, here’s what you do:

HOWTO configure a Qwest DSL modem for static IP range

1.) Default the device. Maybe not necessary, but it won’t hurt you. Stick a pen in the reset hole until the power light turns amber, then release. The unit will reboot to factory settings, which include serving DHCP.

2.) Run IPconfig, and point a browser to the Gateway IP address. No password required, you will get straight to the config page. Select “Non-Windows Setup”. (This is just a misnomer, nothing about this modem has anything to do with Windows. Just their way of keeping out the reg’lar folks who would be scared by it.)

3.) On that page, tick the radio button for PPPoA and enter the username and password supplied by Qwest. It will be in the < $username>@qwest.net” format – see figure 1. Save and reboot. When it finishes, you should get green lights across the board.

4.) Go back to the config page and select “Advanced Setup” and then click the button for “Begin Advanced Setup”. On this page, make sure it is again selecting PPPoA, and put a check in the box for “Unnumbered Mode” and enter your Gateway IP and Subnet Mask info – see figure 2. Save and reboot again.

5.) You should have Internet access at this point, and your computer should have received one of your static IPs via DHCP. Go back to Advanced Setup and find the DHCP settings, and turn them off. (Remember to go to the external gateway IP, not 192.168.0.1)

That should be it – your firewall should be able to use any of your static IP’s at this point.

modemconfig1_mod1.jpgFigure 1

modemconfig2_mod1.jpgFigure 2

Holy Crap! This thing is still here?!?

Posted in Life, Work on November 29th, 2007

Uh, yeah. Sorry ’bout ‘dat, I really should ramble more.

Entertainment of the Week: 5 (count ’em, 1-2-3-4-5) 45-mile round trips to a rural client. One trip was used to install RAM in 4 machines and replace a power brick on a laptop.

That one was funny all on it’s own. Box was delivered to user and open on her desk when I got there. What was the laptop pluged in to? You guessed it, the bad power brick. Fucking nitwit.

So, what were the other 4 trips for? Rebuilding a single computer.

That’s right, something like 15 hours of labor for ONE FUCKING MACHINE because the owner of the company is such a FARKING PERFECTIONIST that he is truly incapable of using a computer unless it works EX-FUCKING-ACTLY like the previous model.

Okay, some of that labor was spent in an Edisonian pursuit: I found a method to do something that doesn’t work the way I wanted it to. Restoring an Acronis image to another machine can be useful, but when the original machine has a few problems related to Windows, you’re better off building it from scratch. This solution is best used in “Oh fuck! The server is tits-up!!” situations, not mere workstation migrations.

But I swear to you, if I hear that ancient little frog mutter “this is unacceptable” one more time, I’m a-gonna break his legs.

The bitch of it is, the guy retired from an engineering job. I KNOW he has a decent brain in his skull, and at one point in time he was exceedingly capable of figuring shit out. (There is a circuitboard mounted in his living room with about a half-mile of solder trace on it, and he commented once that that board had kept him busy for a while.)

So why in HELL’S half-acre can he not deal with change on a computer?

I think the worst part of this is the fact that the Bossman has been enabling this client for years and not putting the smack down on him earlier. Most of these headaches would be greatly lessened if Bossman had simply said “it will take you ten minutes to learn how to do this differently, and it will take me three hours to break this new machine the same way the old one was. Which is more efficient?”

Of course, Bossman is also the guy who wrote our 398-line login “script” at the office…

Spelling is important

Posted in Geekery, Work on August 8th, 2007

Mental note: when setting up a new mail server, double-check your spelling of names. Because sure as shit, the one name you mispell is going to be the one person who will neep about it incessantly until you go through and clear the names cache out of every email client in the organization.

Luckily for this particular idiot, there are only 5 computers in the org, so it didn’t take that long. But still.

Oi.