Month: January 2009

When Does Windows 2000 Server Extended Support End?

I just saw someone asking for help at removing Conficker from an NT4 server.  Extended support for that ended back in 2004 or thereabouts … with a lot of notice.  That means no patches, no support and no security fixes for that operating system.

That made me think; When does extended support for W2K Server end?  I looked it up and found the date for termination of extended support is 13/July/2010.  That means MS will fix security issues until then.  Normal bug fixes ended back 2005 with the end of mainstream support.

So if you have Windows 2000 Servers you should get planning.  Talk to your application vendors and apply pressure for W2008 support.  You’ll need new hardware or virtual machines because you cannot do an in-place upgrade.  If you don’t upgrade then you face the risk of not only MS not supporting you but others as well, e.g. anti-malware or backup software vendors.  Imagine not having a security patch that every other OS has, not having protection of your system and/or data and catching something like Conficker.  That’s a pricey gamble if you ask me.

MS Update on Licensing MS Servers In Virtual Environments

Licensing Microsoft Server Products in Virtual Environments is an overview of Microsoft licensing models for the server operating system and server applications under virtual environments. Licensing Microsoft Windows Server 2008 to Run with Virtualization Technologies (Word file, 1.39 MB) describes how Windows Server 2008 and other Microsoft server products are licensed when they are used with other virtualization technologies. 

Group Policy Reference Sheet For Internet Explorer 8

This spreadsheet lists the policy settings for computer and user configurations included in the administrative template files (admx/adml) delivered with Windows Internet Explorer 8. The policy settings included in this spreadsheet cover Internet Explorer 5, Internet Explorer 6, Internet Explorer 7 and Internet Explorer 8. These files are used to expose policy settings when you edit Group Policy objects (GPOs) using Group Policy Object Editor (also known as GPEdit).

Core Configurator Is Back!

Sick of trying trying to learn messy NETSH commands and the like and just want to do your job of deploying W2008 Core Installation servers?  Back when W2008 was first released a free tool call Core Configurator was released to the Net.  Using a very simple and lightwight GUI, it translated your clicks into commands.  This allowed you to configure your Windows Server 2008 Core Installation servers with the minimum of fuss.  Unfortunately, the author left his employers and they enacted a little used Intellectual Property clause in his employment contract.  The product disappeared off the download location but with a little hard work you could find it elsewhere.

Read your employment contract.  You’ll see that it often has an IP clause saying that anything you generate, even outside of work on your own machines, is the property of your employer if you sign the contract.  Yeah, I know, it sucks.  I made sure my employers waived that one for the writing work that I’ve been involved with before I joined the company.  What I do in my own time is mine to do with what I want.

The owners of the IP rights to Core Configurator have released a new version.  It’s free for non-commercial use and costs $99 for a site license – they included product activation GRRRR!

Tolly Report: Performance of SMB2 In Vista and W2008

The Tolly group has written a new report (there was a previous one back in the pre-RTM days) on the performance of SMB2 in Windows Vista and Windows Server 2008.

If you didn’t know, there’s a serious amount of changes in the TCP stack and SMB2 to improve the performance of data and particularly file transfer between W2008 and Vista machines, e.g. W2008-Vista, Vista-Vista, W2008-W2008.  I’ve written a chapter in the Mark Minasi book, "Mastering Windows 2008: Essential Technologies", on the subject.  Between a new TCP stack that handles more data transfer with less overhead and a new SMB protocol to handle those greater loads as well as doing some meta data caching, things are much better over latent (e.g. WAN or Internet) links.

The benefits are seen across many scenarios.  Using a Vista client to use Outlook over HTTPS access of a W2008 hosted Exchange server over the Internet is faster.  Using Sharepoint over the WAN is faster.  Using a W2008 iSCSI based server is much faster.  I recently did a test when I was at TechEd EMEA in Barcelona with a proof-of-concept box that I had hosted in our data centre in Dublin.  It was running W2008 Server Std with WSS 3.0.  I used my vista laptop to browse and upload/download files.  It was almost like I was in the same building as the server.  I was very impressed.

I’m not saying that the improvements will be a cure-all for centralising all your servers out of the branch office.  But it’s definitely an improvement and improves some services which are already suitable for consolidation and centralisation such as Exchange and SharePoint.  You might want to look at things like VDI, Terminal Services (and the TS based solutions) and web interfaces as end-user access technologies if you have other services to centralise or consolidate.

Windows 7 and Windows Server 2008 R2 are bringing things to another level.  I was chatting with Mark Minasi at TechEd after one of the presentations and he thought that these were the branch office solution releases.  I’d agree with that.  Windows Vista and W2008 gave us the foundation in the new TCP stack and W7 and W2008 R2 build on that to give us the solutions.

The most interesting of these is BranchCache.  The idea is pretty simple.  In a server-less office, when a Win7 client accesses a remote W2008R2 hosted file or HTTP service it can cache the files that are downloaded.  Each file is uniquely identified using a caching algorithm.  If another W7 client in the same office network requires files from a remote W2008R2 server it broadcasts on the network with the ID’s (in synch with the server telling it what blocks make up the download).  If another W7 client has cached the data then it’s transmitted from one W7 client to the other over the LAN – no unnecessary data transfer over the WAN.  Data security is maintained by ensuring the user/client accessing the data have rights on the download’s ACL.  You can optimise this by using a W2008 server in the branch office to act as a caching server.  Instead of wasteful LAN broadcasts, the branch office client will just consult the caching server to see if it has the files and downloads from there (if it has permission based on the original hosting server).  This process is not used for saving changes.  That’s not perfect but most cross latent network data transfers are read only anyway.

This has the potential to really change branch office infrastructure on a Windows network.  It will be interesting to see how cross WAN data transfers will compare between Windows 7-Windows Server 2008 R2 with BranchCache and Windows XP-Windows Server 2003.  If you’ve used Windows Server DFS-R with Cross File Replication and monitored the results then you’ll have an idea of what to expect.  It hopefully won’t be too dissimilar to the results from appliances provide by Riverbed and Citrix (although they optimise all unencrytped and unsigned TCP traffic; not just SMB and HTTP.  They also do it in both directions).

OpsMgr Alert: Service Check Data Source Module Failed Execution

I got this alert from the SQL 2005 management pack this afternoon.  A quick google and I found some answers on the TechNet forums.  This alert will occur on SQL servers that don’t have full text indexing installed.  An MS engineer posted that the SQL management pack mightn’t be the cleanest of them.  True enough; I’ve overridden a few unnecessary alerts today.

Error: 0x8007007b

Details: The filename, directory name, or volume label syntax is incorrect.

One or more workflows were affected by this.

Workflow name: Microsoft.SQLServer.2005.DBEngine.FullTextSearchServiceMonitor

VMM 2008: Adding a SCSI Disk To A VM

I previously talked about SCSI virtual disks in Hyper-V.  Yes, you can have them but you can’t boot from them.  However, it’s worth while using them for other volumes to improve performance and resource utilisation, e.g. place database log files and data files on SCSI disks.

How to add a virtual SCSI disk to a VM in VMM 2008 isn’t immediately obvious.  Power down the VM.  Open the hardware configuration.  Now add a SCSI controller.  You now can add a disk.  At first it looks like you’ve just added another IDE disk.  It doesn’t appear under the SCSI controller.  That’s a bit confusing.  However, you can alter the properties of the disk so that the Channel is set to one of the available 64 SCSI ID’s.  Now your data disk (not your OS disk because that won’t boot from SCSI) is set up as a SCSI disk and it will perform better.

MS: Best Practice Guide for Securing Active Directory Installations.doc

This guide contains best practices for securing Active Directory installations. The intended audience for this document is IT professionals who are responsible for maintaining the security of their Active Directory environment.

This guide contains recommendations for protecting domain controllers against known threats, establishing administrative policies and practices to maintain network security, and protecting Domain Name System (DNS) servers from unauthorized updates. It also provides guidelines for maintaining Active Directory security boundaries and securing Active Directory administration.

VMM 2008: New Machines Cannot Be Added After Adding ESX Cluster

One of the benefits of adding VMM 2008 is that you can manage an ESX cluster from your MS network integrated management platform.  In fact, you can manage many Virtual Center servers from a single VMM 2008 console/server.  I’ve not tried it but based on the demo’s I’ve seen, you can do pretty much everything in the day-day side of managing VI3.

There’s a bug where this can happen.  You add an ESX cluster to VMM 2008 but you are no longer able to add VM’s

Problem Description: Get this error:
VMM cannot find VirtualHardDisk object .
Ensure the library object is valid, and then try the operation again.
ID: 801

MS has published a hotfix for this … but it’s critical that you install this hotfix before adding ESX to VMM.  If you didn’t and you get this bug then you should install the hotfix and run the script from the MS VMM blog.

Credit: MS VMM Blog.

What Is BizSpark And Why Should You Care? A Reminder

Microsoft launched the BizSpark program last year to assist start up IT services businesses get off the ground.  The cost of buying development software, operating systems, applications and hosting services are substantial.  Every small business needs to focus it’s time and budget on developing the product and marketing it’s services.  Any distractions or drains on budget will reduce the chances of success.  A big part of that success is making the right contacts.  BizSpark helps there by making it possible to meet the right people and raising your market profile.

The Irish economy is on a downturn.  Heck, I’ll say the "R Word", we’re in a recession.  We had a Celtic Tiger economy and it was clearly mismanaged and was allowed to inflate by vested interests of a certain industry.  Between globalisation, the property bubble bursting and the global banking credit crisis we’re seeing two things happen.  Foreign investment is moving east.  That’s hammering the supporting businesses in those local economies because their client’s have moved east.  We’re seeing massive unemployment in the construction industry.  Domestic purchasing is falling and it’s not being helped by an Irish government that’s sucking money out of the economy and sending us up to Northern Ireland where we can make massive savings.  The credit crisis has hit the small business worst of all.  Between demand being down and not being able to get credit from their banks, small indigenous businesses are having a tough time.

Every time I listen to economic experts talking about Ireland I hear the same thing.  We can no longer rely on German or American investment.  We need to encourage Irish small businesses.  Those who are being made redundant from the likes of Dell will have to look at starting up businesses.  College graduates are stuck in a chicken and egg scenario where they need experience to get a job … to get experience.  The advice for them is to find something unique that they can sell.  But who’s going to give them credit?

Microsoft may not be giving them credit but it is willing to help.  If you own a small start-up business then you can enter the BizSpark program through a sponsor.  To qualify:

  • Your business must be less than 3 years old.
  • Must make less than $1,000,000 per year.
  • Must be privately owned.
  • Is looking to develop an IT product/service, e.g. a game or the next salesforce.com, on a Microsoft platform.

When you enter the program you get access to the following for 3 years and a cost of €100 (yes, one hundred Euros!) at the exit of the program:

  • Free MSDN development software including Visual Studio.
  • Free support from MS PSS.
  • Free publicity and networking via the BizSpark portal.
  • Free production software, e.g. MS Windows Server, SQL Server, and more.  This list is growing as the MS product teams see the benefits of entry into the program.
  • Access to discounted hosting services from MS partners.

That’s quite a lot for €100 … when you exit the program.  The cost of a single Windows Server Standard license off the shelf is around €800 plus tax!  That’s a huge leg-up for a business that’s either starting up or has recently gotten off the ground.

The last benefit is a critical one.  The online presence is the shop window for businesses these days.  We all know that IT is changing.  If you’re not in Software-as-a-Service very soon then you’ll face the serious prospect of being irrelevant in 10 years time.  The folks who have the best chance of deploying a SaaS application are the start-ups because they have no baggage or existing systems to convert.  The iron is hot and this is the time to strike it.

That online presence is often misunderstood.  There’s a lot of crap on the net about cloud computing and virtual private servers (VPS).  Hosting in Ireland is a minefield.  Whether it’s people making claims about 100% SLA’s (which their frequent outages obviously bring many things they say in to question), claims being made about tier IV data centres by ISP’s that have awful 9-5 phone support, the quality of their staff (who were responsible for implementing the aforementioned "outage house"), or building and "infrastructure" on a platform of bailing twine and duct tape, you sometimes feel like you’re tap dancing on landmines when talking to their sales people.  A quick tip … do you ever get to talk to a techie during pre-sales?  If not, do you ever wonder why?  Simple answer … salesmen don’t exactly have a problem with "distorting" reality and techies are honest because they’re the ones who have to live up to the promise.

Getting a stable, secure and managed online presence is key to your online business being well regarded.  If you’re service uptime is unpredictable then customers will go elsewhere.  And here’s something I learned in marketing classes in college (we had to take them in 3rd year to make sure we weren’t 100% geeks).  If you have a happy customer they tell 3 people.  If you have an unhappy customer they tell 13 people.  OK, think about that for a moment.  That was before we had the Internet.  If I’m unhappy and post it in 13 online forums or review pages, just how many people will read that?  Forums tend to score very highly in Google search results.  Do you really need that negative SEO?  Just search outage and the name of an Irish hosting company and you’ll see what I mean.

I don’t like to do this on my blog because I feel I have to now.  If you are interested in BizSpark then contact my employers.  Not only are they partners but the run the most professional server hosting service in Ireland.  You deal with techies and with hardware, software and services that are legally purchase, installed and supported by the manufacturers with 4 hour response times.  Unlike others who make claims, we do have things like an MVP and a CCIE looking after things.  With a focus on business challenges and regulatory compliance, we’ve not cut any corners.  And BizSpark customers will get a nice welcome.