Posted Network and Internet Configuration, Windows Servers, Windows 2003 Server on Saturday, February 25th, 2006.
While upgrading Windows 2003 servers to the new R2 feature pack, we brought a newly-imaged Windows 2000 test server into the main domain as a backup while one or more Windows 2003 servers were upgrading. About 2 days after we started the upgrades we noticed some unexpected email non-delivery (NDR) messages. The email wasn’t being delivered because the target domain wan’t found even after 2-days or retries by our Exchange servers. Yet the NDR’s primarily happened with email sent to major domains (like yahoo.com, aol.com, gmail.com, etc.) and a majority of messages to those domains were delivered successfully. Initially I expected that our own or our ISP’s DNS servers were being attacked. A type of attack know as DNS cache poisoning is used to either deny outbound services or even to redirect traffic to the attacker’s own systems (usually in hopes of searching it for personal or financial data).
After a good deal of time dealing with our ISP and getting nowhere, one of our sysAdmins found an obscure note that Windows 2003’s DNS server supports Extended DNS (EDNS - UDP packets of more than 512 bytes) by default. Windows 2000 server doesn’t support EDNS (also, some older routers or severely hardened firewalls refuse to pass UDP packets over 512 bytes) and the recently installed Windows 2000 server was acting as a backup DNS server for our WAN. The sysAdmin removed the Windows 2000 DNS services and the NDR’s stopped immediately.
In this case we had actually caused our own problem by adding an older system to backup “non-essential” domain services. With Windows 2003 installed throughout the domain we were advertising that we could handle EDNS, but the Windows 2000 server couldn’t handle it. The few email messages that, by chance, repeatedly requested DNS info from the Windows 2000 server failed to be delivered to domains that had probably cached our EDNS usage.
Note: It’s also possible to disable EDNS on Windows 2003 server to make them compatible with older router and firewall systems that don’t support large UDP packets, or with firewall policies that don’t allow those large UDP packets. Just run “dnscmd /Config /EnableEDnsProbes 0” at the command line (click for details).
You can leave a response, or trackback from your own site.
Posted Help Desk Attitude, IT Customer Service on Monday, February 20th, 2006.
Informal “rules” to make MashupCamp more constructive are pictured on the ZDNet’s article Around the MashupCamp fire. I love their “Law of Two Feet” …the basic priciple being to “learn, contribute, or move on to something new”. It’s simple advice that can help keep any IT department, Help Desk, or development team focused and productive.
Stupid jokes and viral videos aside, developers and IT staff spend a lot of time rethinking the “best” ways to solve the 20+/- similar problems. Each time slight differences in the exact situation (often vendor- or service provider-related) and resources available force you to put in so much extra effort. Just an informal posting of this rule on the intranet, code repository, and in conference rooms would server as an excellent reminder to keep things constructive. Taken one step further with the support of management and the concept to learn, contribute, or move on could help even the most junior staff members to gracefully refocus a discussion if starts a too frequent death-dive into a gripe-fest.
You can leave a response, or trackback from your own site.
Posted Remote Desktop & Terminal Services, Software - Microsoft Programs on Friday, February 17th, 2006.
As I said in a previous remote desktop reboot article, it’s worth getting to know the default Microsoft tools because they’re always around when everything else is crashed or broken. Here are two additional methods of rebooting a remote PC that has been accessed via Microsoft’s Remote Desktop client (RDC).
The easiest method I’ve heard of (even easier than my method of using msconfig to force a reboot prompt) is to click on a blank area of the remote machine’s desktop and then press Alt + F4. Assuming you have Admin rights on the remote PC this brings up the “normal” Windows XP/2000 Shut Down/Reboot dialog. …but there’s a catch - the Remote Desktop window to the remote machine has to be in full screen mode or Alt + F4 will just close something on your own PC. …odds are that if you run an extremely high screen resolution (I do) or have a wide-screen monitor (I have that too), then you’ll have a hard time running the RDC in full screen mode.
There is also a “shutdown” command that I wasn’t aware of. Try entering “shutdown -r -f” on the remote PC’s command line (Start button > “Run…” option > enter in the text box & click “OK”) to force-close open programs and reboot. Other parameters are available for user logoff, shut down, and even logging the reson for shutting down into the event log, see them here: in the online Windows XP documentation. Like the other options it only works if you have Admin rights on the remote PC.
You can leave a response, or trackback from your own site.
Posted Software - Microsoft Programs, Anti-Virus, Anti-Spyware & Desktop Security on Tuesday, February 14th, 2006.
Microsoft’s newest antispyware package was just released. This is beta 2 and it’s now branded “Windows Defender” instead of Microsoft Antispyware - download Windows Defender beta 2 here. The biggest changes in this new release appear to be to the program’s interface, with a lot of simplification and streamlining. Dwight Silverman’s TechBlog has a good review of the changes and screenshots of the new interface.
Unlike most Microsoft Beta software, Windows Defender Beta 2 automatically detects an earlier version of Microsoft Antispyware and upgrades it without the need to uninstall the earlier version first.
You can leave a response, or trackback from your own site.
Posted Windows Servers, SAN & NAS Storage, Windows 2003 Server, Microsoft Active Directory on Tuesday, February 7th, 2006.
The new Windows Server 2003 R2 operating system upgrade is a bundle of several separate feature-packs with Windows Server 2003 SP1. This is supposed to mean that W2k3 R2 is compatible with everything that ran correctly on the SP1 version of the OS. However, a quick round of testing is in order for any operations that have had problems caused by any post-SP1 security updates. Many security updates released since SP1 was released are already bundled into R2.
As for real features added to R2: Microsoft’s hype-machine-generated list of features added to R2 highlights several technologies, including the .NET 2.0 libraries and upgraded identity managment (Active Directory Federation Services), as “new”. Nonetheless, it looks like R2 does have some hype-worthy features that should have been better marketed. These features include the new WAN communication algorithms, for better network synchronization with less bandwidth use, and more granular storage management & SAN configuration tools.
You can leave a response, or trackback from your own site.
Posted Server Hardware, Network and Internet Configuration, IT Customer Service on Monday, February 6th, 2006.
This secure, NOC-style, home network isn’t just a geek’s dream network, but a great example for small businesses. The distribution of hardware and software across several inexpensive servers (or Mac mini desktops with a few upgrades in this case) is a far better use of the small IT budgets that are typical at most small businesses I’ve worked with.
Buying the single biggest, fastest server that can be afforded may seem attractive to small business owners (who may also brag about how fast their server is later). The big problem with having only one big server is that it usually leaves no alternatives when there are conflicts between important software tools, can create contention for hardware (usually disk drive access), and a frequent need to kick everyone entirely off the system whenever a patch requires a reboot. Even for companies running on Windows Small Business Server software it’s usually cheaper both up front and, especially, in the long run to install two less expensive servers running different features from the Small Business Server package. Of course, even on a budget the one thing worth spending extra on in any server is for multiple, fast hard disks and a simple hardware RAID setup. Hard drive space is reduced, but speed and data protection is far greater with RAID.
In the cited article “Mini Network with a Big XServe Style” the author, Ken Collins, separates the most important functions of his systems on to three separate servers; with a database, web, and mail/DNS/router/everything else server. Only one change is necessary in an average business, especially when running Microsoft’s Exchange Server, the e-mail server should be on its own box because mutiple email client programs checking for mail continuously can really be hard on a server. The other important thing Ken does is to run separate internal and external networks which adds a huge level of security, plus some speed in a busy office, beyond what a non-customizable firewall (ie: Cisco Pix or similar programmable systems) provides.
The one huge shortcoming of Ken’s described system is the use of WiFi networking to connect the servers together. In a business use cabling for both security and speed (which is quite slow with this setup, since WiFi shares it’s 45mbps speed between all connected systems). With gigabit switches getting much cheaper there is no reason not to at least install a small gigabit switch just to connect the servers together - I’ve seen disk and memory usage drop on server communicating via gigabit connections because there is less data sitting in queues each time files are saved or transferred.
You can leave a response, or trackback from your own site.
Posted Outlook, Software - Microsoft Programs on Friday, February 3rd, 2006.
A question about repairing Outlook .PST files on another forum was followed up with several questions about the file-size limit of Outlook 2003’s new .PST (Unicode) format. More details than you’re likely to need are below:
An Outlook 2003 .PST is capable of going way beyond 2GB in size (details below). These bigger .PST files no longer lock you out at 2GB - they just slow the system down more as they get ever larger. Regardless of file size you should know about the scanpst.exe utility in order to correct any problems with corrupt .PST’s, details below.
If you do experience frequent corruption in a .PST file near 2GB in size it’s likely due to the hard disk (and other PC “things” that cause file access and string-processing latency) being too slow to store all those big message attachments at the same time you’re viewing, writing, and downloading other messages from/to the .PST. The quick solution to cut .PST file size - make a new .PST file, call it “archive2002-5″, load it as an Archive folder in Outlook 2003’s folder view, and drag all those worthless, old messages over from your primary .PST’s set of folders.
Fixing .PST corruption: Corrupt .PST files can be repaired using the ScanPST utility. It is usually installed when Outlook is first installed and can be found at one of these locations:
- C:\Program Files\Common Files\System\Mapi\1033\scanpst.exe
- C:\Program Files\Common Files\System\MSMAPI\1033\scanpst.exe
To use scanpst.exe, just close Outlook, make sure you have about 2GB of free hard disk space, and then run the scanpst.exe file. It is generally able to rebuild corrupted .PST files without much, if any, data loss. The biggest drawback is that any items it does recover from corrupted areas have to be manually dragged from the “Deleted Items” folder later. Here is Microsoft’s KB article on running scanpst.exe.
Fixing older .PST’s at the 2GB limit: Pre-2003 .PST’s the have hit the 2GB file size limit usually need a second tool, PST2GB, to be completely repaired. Microsoft’s PST2GB download and details on running it are here. BEWARE that this utility “fixes” a 2GB .PST by deleting messages until the file is about 1.98GB - and you do not have control over what messages are deleted.
Size Limit of Outlook 2003 .PST’s: Using a Unicode database, instead of ANSI, allows the 2003 .PST file to reach a size of about 32TB (yes, terabytes!). The problem is that this is a file-based database and not a database server that properly indexes, caches, and allocates memory carefully. The result is that larger files just require more and more system resources to deal with. I am not aware of any utility currently available for dealing with 32TB Unicode .PST’s hitting their maximum file size (or any system that could efficiently use a .PST file that large either).
Scanning SharePoint Team Service .PST’s with scanpst.exe: The error “Internal errors found…” message is because ScanPst always looks for a “Deleted Items” folder, which SharePoint .PST’s don’t have. You can safely ignore the message, Microsoft KB details here.
You can leave a response, or trackback from your own site.