Further progress on my first SBS 2011 migration project was slowed today by another interesting discovery...
The AVG Online Shield and Resident Shield components interfere with the launch of the Exchange management components on the local machine.
Initial thoughts were that I'd bricked it by playing around with certificate bindings. Cue furious investigation of IIS application pools, checking that all IP addresses were bound to the default website and that the IPV6 ::1 address could be accessed.
Eventually I discovered this article
http://www.avgforums.com/viewtopic.php?f=5&t=1275
This was my issue - WinRM being blocked and the EMC timing out when trying to find the local server.
Disabling the AVG components one by one, eventually the EMC launched, to my significant relief as the thought of doing an IIS reinstall mid way through a migration really didn't appeal.
I guess what's happening here is that the "safe search" components are manipulating the stream of data between the EMC and the Powershell virtual directory which is used heavily by Exchange 2010.
It transpires from a colleague that using the email server or sharepoint server edition will install only very basic components of AVG, minus all the user mode crap that's not required in server installs...Strange, but true. I see a reinstall happening tomorrow.
Life certainly is a learning curve, and this SBS 2011 sure is a steep curve, despite 15 years IT experience!!!!
- Posted using BlogPress from my iPad
Friday, 15 July 2011
Thursday, 14 July 2011
The increasing margins of Hardware and Software vendors
I read with great interest tonight that VMWare have introduced a new pricing model for their latest iteration of VSphere. Instead of pricing per CPU or per machine the new version will price their product on the amount of RAM spread across the virtual environment. Doubtless in this scenario the only winner will be the software vendor.
As margins for the sale of hardware drop and products become more and more commodity, vendors are dreaming up ever more imaginative ways to eat into the average IT budget. The last recent example of this I came across was Avaya's change of model for licensing their IP telephony. Traditionally the number of IP handsets connected to a PBX was potentially unlimited, and you paid for the number of channels of VoIP you wished to convert into calls to be placed across the PSTN by licensing the voice compression channels. This recently got changed so that the number of compression channels are only limited by the hardware capacity and you get the privilege of paying per handset for anything more than a very modest quantity. A minor change in model which has added several hundred pounds to the cost of an SME sized installation.
From a reseller perspective it is also becoming increasingly difficult to obtain products on a Not for Resale or demonstration basis without massive limitations to the product which, IMHO is not doing anything to aid "The Channel" which the majority purport to require desperately as their primary route to market.
Left unchecked, I suspect ultimately one day the entire IT market place will be controlled by a handful of conglomerate organisations that govern every aspect of our technical lives.
Corporate generated IT socialism . . . .not on my watch!
Wednesday, 13 July 2011
Sonicwall UTM upgrades - if only everything were so easy
To temper the little rant regarding the rather unsuccessful Microsoft migration I've been attempting today, I thought I would stick a nice positive post up. SonicWALL products have not been stress free for me at all times, but the process to upgrade their UTM firewalls has surprised me several times now.
In this example, I'm upgrading an outdated Pro 3060 appliance with a nice shiny new NSA 3500 - probably a comparable model, but that doesn't seem too relevant.
In my experience, anything running EnhancedOS can have a backup / restore methodology applied to it with almost perfect success. The assumption here is that the target device has an equal or greater number of Ethernet interfaces than the source.
I've also proved this in the case of serious model disparity - an NSA 240 successfully migrated to an NSA E5500 using this exact technique.
While, for some, this might not be anything to write home about, but for me, it's the accuracy with which this process completes - today's unit had 5 of 6 interfaces populated, some complex NAT and firewall rules, SonicPoint wireless, a variety of VPNs and user accounts. All migrated successfully and the process of installing in the rack actually took longer than anything else. 5 minutes after boot up, the SonicPoints had reprovisioned, VPN tunnels had established and it was as if nothing had changed.
Good work SonicWALL, at least your UTM stuff works fantastically. Now, if you could just make your CDP work properly, my life would be so much simpler :-)
#sonicwall
- Posted using BlogPress from my iPad
In this example, I'm upgrading an outdated Pro 3060 appliance with a nice shiny new NSA 3500 - probably a comparable model, but that doesn't seem too relevant.
In my experience, anything running EnhancedOS can have a backup / restore methodology applied to it with almost perfect success. The assumption here is that the target device has an equal or greater number of Ethernet interfaces than the source.
I've also proved this in the case of serious model disparity - an NSA 240 successfully migrated to an NSA E5500 using this exact technique.
While, for some, this might not be anything to write home about, but for me, it's the accuracy with which this process completes - today's unit had 5 of 6 interfaces populated, some complex NAT and firewall rules, SonicPoint wireless, a variety of VPNs and user accounts. All migrated successfully and the process of installing in the rack actually took longer than anything else. 5 minutes after boot up, the SonicPoints had reprovisioned, VPN tunnels had established and it was as if nothing had changed.
Good work SonicWALL, at least your UTM stuff works fantastically. Now, if you could just make your CDP work properly, my life would be so much simpler :-)
#sonicwall
- Posted using BlogPress from my iPad
The unrelenting joy of SBS Migration Mode
Once again, thanks to Microsoft for another splendid effort at automating tasks with no manual procedure should it fail.....
Today's joy is an attempt to provide a migration from 2003 full version to SBS 2011. It's only a 20 user company with a single file, print and email server so in theory SBS is the perfect product for the job. I'm now very close to wishing I'd gone full product for the small disparity in cost.
In accordance with documentation, the "source" server has been prepared by running the Migration Wizard tool. This has run without a hitch, the forest and domain functional levels raised and adprep run to extend the active directory schema as required.
Goody, thinks me, in the kind of misguided way that I did when I attempted this process a couple of years ago when 2K8 first hit the market. This whole automated thingy might just save me some time and effort. How wrong I was.
Fundamentally, there's nothing wrong with the idea of scripting the domain joining, FSMO role relocation and such tasks, but it is an annoyance when such things fail to perform the task as well as a human with some IT skills.
My migration is failing with errors joining the source domain, I'll post the actual text from the sbssetup.log when not on the train, but it appears that for some reason the .net method of domain join is unable to read the list of domains from the AD forest. Several solutions have been proposed in Forumsphere, including the following:
- edit the default domain controller security policy on the source domain and under local policies add the domain admins group for them domain to the value "trust user and computer accounts for delegation" then GPUpdate /force. In my case, this makes no difference.
- check for dual homed NICs and other similar traits, including such things as any VMnet adapters that might be used in case there are issues with the target server contacting the source - in my case, I. Have HP Network Teaming enabled and I suspect my solution will lie somewhere in this arena. My annoyance here is that a test server running 2K8 R2 Standard can join the domain using the traditional method without issue and that all the clients are able to communicate correctly with the source server. DCDiag reports no errors of consequence and Event Viewer shows no errors of the Directory Service or File Replication nature.
So far though, I have learnt a couple of useful things:
Unlike SBS 2008, 2011 does at least prompt you during the initial stages of Setup to determine if you want migration mode or a regular install. This is a massive advance as I've wasted many hours reinstalling from scratch when 2008 blindly refused to admit that a USB device was attached and merrily sailed it's way through the installation to proudly announce (some 2 hours later) that a regular install had been completed.
Running sbssetup.exe from C:\program files\Microsoft small business server\bin can save you much time - the default assumption here would be that you would need to reinstall. However, if you've not actually even joined the domain yet then you can safely re-attempt from here. I'm tempted to try and join the domain manually and then re-kick sbssetup and see what happens - nothing really to lose.
I will update on progress and my eventual solution when I know more. Hoping desperately that a PSS call isn't part of the bargain.......
Today's update on this is that I did a complete install from scratch over night. Still no joy in getting the migration wizard to actually join the domain. I blew the box back to nothing, including deleting and re-creating the array and deploying again using SmartStart. Same error, at exactly the same point.
To satisfy my curiosity, I did cancel out of the wizard, join the machine to the domain using Control Panel, System, reboot and run a DCPROMO. Suffice to say that this completed without error....
Sadly, re-running sbssetup.exe didn't get me anywhere - with 2K3 you always had the option of completing the various components of SBS setup manually as a backup option but this doesn't appear to be the case here.
So . . . (cue drum roll) - I've bitten the bullet and called Microsoft PSS. 50 of my life which I'll never get back while being on hold and trying to set up the case with a guy who sounded like he was standing in the bottom of a sewer in Western Samoa. When he was asking me about the credit card details I actually wondered if he had seen a credit card in his life........
As I'm typing, I'm 46 minutes into the actual call. To be fair to MS I got a call back within 20 minutes and my representative (Kumar, whose email footer proclaims he is in the US . . .yeah right!!) is chewing through the DCPromoUI logfile. So far, the best has has come up with is that the password for the domain account I'm using to do the migration doesn't meet the complexity requirements for SBS 2011 . . . I mean really, if such a thing is going to be an issue then it should have error trapping. It's a 12 character alphanumeric password, just DOESN'T HAVE A CAPITAL LETTER IN IT.....GRRRRRRRRRRRRRRRRRRRRRRRRRRRRR
Update on this one, migration installation 5 did in fact complete successfully using a new administrative account. I do have respect for Microsoft PSS as if you get a good agent then the chances are you'll get the issue resolved fairly swiftly. However - WTF Microsoft, surely the whole premise of migrating from a previous iteration of a product is that it might contain weaker security than the target product. Allowances should be made for this. At least trap the error intelligently at the point of running the migration tool - it inserts the password into the XML file in plain text for god's sake - wouldn't take a genius to analyse the complexity requirements before allowing submission from the source preparation tool.
I'll post the dcpromoui.log later so those affected can hopefully find their way here. Finally, 3 days after the initial attempt, I can now get the migration under way!!
- Posted using BlogPress from my iPad
Today's joy is an attempt to provide a migration from 2003 full version to SBS 2011. It's only a 20 user company with a single file, print and email server so in theory SBS is the perfect product for the job. I'm now very close to wishing I'd gone full product for the small disparity in cost.
In accordance with documentation, the "source" server has been prepared by running the Migration Wizard tool. This has run without a hitch, the forest and domain functional levels raised and adprep run to extend the active directory schema as required.
Goody, thinks me, in the kind of misguided way that I did when I attempted this process a couple of years ago when 2K8 first hit the market. This whole automated thingy might just save me some time and effort. How wrong I was.
Fundamentally, there's nothing wrong with the idea of scripting the domain joining, FSMO role relocation and such tasks, but it is an annoyance when such things fail to perform the task as well as a human with some IT skills.
My migration is failing with errors joining the source domain, I'll post the actual text from the sbssetup.log when not on the train, but it appears that for some reason the .net method of domain join is unable to read the list of domains from the AD forest. Several solutions have been proposed in Forumsphere, including the following:
- edit the default domain controller security policy on the source domain and under local policies add the domain admins group for them domain to the value "trust user and computer accounts for delegation" then GPUpdate /force. In my case, this makes no difference.
- check for dual homed NICs and other similar traits, including such things as any VMnet adapters that might be used in case there are issues with the target server contacting the source - in my case, I. Have HP Network Teaming enabled and I suspect my solution will lie somewhere in this arena. My annoyance here is that a test server running 2K8 R2 Standard can join the domain using the traditional method without issue and that all the clients are able to communicate correctly with the source server. DCDiag reports no errors of consequence and Event Viewer shows no errors of the Directory Service or File Replication nature.
So far though, I have learnt a couple of useful things:
Unlike SBS 2008, 2011 does at least prompt you during the initial stages of Setup to determine if you want migration mode or a regular install. This is a massive advance as I've wasted many hours reinstalling from scratch when 2008 blindly refused to admit that a USB device was attached and merrily sailed it's way through the installation to proudly announce (some 2 hours later) that a regular install had been completed.
Running sbssetup.exe from C:\program files\Microsoft small business server\bin can save you much time - the default assumption here would be that you would need to reinstall. However, if you've not actually even joined the domain yet then you can safely re-attempt from here. I'm tempted to try and join the domain manually and then re-kick sbssetup and see what happens - nothing really to lose.
I will update on progress and my eventual solution when I know more. Hoping desperately that a PSS call isn't part of the bargain.......
Today's update on this is that I did a complete install from scratch over night. Still no joy in getting the migration wizard to actually join the domain. I blew the box back to nothing, including deleting and re-creating the array and deploying again using SmartStart. Same error, at exactly the same point.
To satisfy my curiosity, I did cancel out of the wizard, join the machine to the domain using Control Panel, System, reboot and run a DCPROMO. Suffice to say that this completed without error....
Sadly, re-running sbssetup.exe didn't get me anywhere - with 2K3 you always had the option of completing the various components of SBS setup manually as a backup option but this doesn't appear to be the case here.
So . . . (cue drum roll) - I've bitten the bullet and called Microsoft PSS. 50 of my life which I'll never get back while being on hold and trying to set up the case with a guy who sounded like he was standing in the bottom of a sewer in Western Samoa. When he was asking me about the credit card details I actually wondered if he had seen a credit card in his life........
As I'm typing, I'm 46 minutes into the actual call. To be fair to MS I got a call back within 20 minutes and my representative (Kumar, whose email footer proclaims he is in the US . . .yeah right!!) is chewing through the DCPromoUI logfile. So far, the best has has come up with is that the password for the domain account I'm using to do the migration doesn't meet the complexity requirements for SBS 2011 . . . I mean really, if such a thing is going to be an issue then it should have error trapping. It's a 12 character alphanumeric password, just DOESN'T HAVE A CAPITAL LETTER IN IT.....GRRRRRRRRRRRRRRRRRRRRRRRRRRRRR
Update on this one, migration installation 5 did in fact complete successfully using a new administrative account. I do have respect for Microsoft PSS as if you get a good agent then the chances are you'll get the issue resolved fairly swiftly. However - WTF Microsoft, surely the whole premise of migrating from a previous iteration of a product is that it might contain weaker security than the target product. Allowances should be made for this. At least trap the error intelligently at the point of running the migration tool - it inserts the password into the XML file in plain text for god's sake - wouldn't take a genius to analyse the complexity requirements before allowing submission from the source preparation tool.
I'll post the dcpromoui.log later so those affected can hopefully find their way here. Finally, 3 days after the initial attempt, I can now get the migration under way!!
- Posted using BlogPress from my iPad
Location:Carlisle Pl,London,United Kingdom
Sunday, 10 July 2011
Random Kernel Panics
Something amusing for a Sunday night - I clearly have way too little to do sometimes. For entertainment I seem to be taking pictures of crash dumps in weird and wonderful places. More as I get them - feel free to mail me if you find any of interest....
BSOD - perhaps this is why you can never "pay at pump" at the bloody Shell garage?
![]()
Kernel Panic - I feared for my life a little in this lift (Broadgate Tower, London) - hopefully the notification system and the lift telemetry aren't running the same OS!
![]()
Rather sad, I know. I promise to find some more interesting items to post soon :-)
BSOD - perhaps this is why you can never "pay at pump" at the bloody Shell garage?
Kernel Panic - I feared for my life a little in this lift (Broadgate Tower, London) - hopefully the notification system and the lift telemetry aren't running the same OS!
Rather sad, I know. I promise to find some more interesting items to post soon :-)
Saturday, 9 July 2011
Tooway Satellite Broadband - fast Internet finally?
This seems like a wierd topic to start my blogging escapades with, but nonetheless an interesting one.
Living in a rural(ish) area I've been besieged with awful broadband for a number of years now. Despite being in the centre of a popular village, the best I've ever been able to expect is about 2.3Mbps download with 448Kbps upstream being optimistic at the best of times. I'll save my ranting about a two stage UK Broadband economy for another post, as frankly, life's too short to spend endless hours worrying about BT's ineptitude and inability to deliver services to anywhere that's not vaguely urban.
I was quite excited when some recent Google searching revealed the existance of Tooway. I've known about satellite based broadband services for some time now and always associated them with a high latency, backhaul via an analogue line, service of last resort type of connectivity used by those stuck halfway up a Welsh mountain with no prospect of DSL sync in a million years. When I saw 10Mbps download and up to 4Mbps upload I knew it warranted further investigation.
Some frenetic browsing activity proceeded and I discovered that the launch date was around 31st May and that distribution was being provided by (among others) Avonline who I've dealt with before for satellite services. (http://www.tooway-direct.co.uk) a quick call to a very knowledgeable guy (called Basil, but we won't hold that against him!) convinced me to give this whole thing a try.
For interest, I work from home, providing IT support and other online services, so getting decent connectivity is fairly paramount to me. I've opted for the 10+ service which at £99.00 a month may well put others off - there are however a range of options which are significantly less costly with some slower speeds and lower bandwidth caps.
So here I am, about six weeks later, blogging to you via the service. There were some initial provisioning delays as I think I've not been the only one to show some interest in the service so the launch was put back to about June 15th and it's taken a couple of weeks to get the hardware. I was kept informed so no great shakes.
I opted for self install, which for some maybe a very brave option - not quite fully there yet as the supplied wall bracket only catered for a wall facing the direction of the satellite and not one perpendicular to it - again, easily sorted by Avonline who are sending me one suited to the job.
The dish itself is a 78cm slightly concentric design, and some may find the neighbours aren't too impressed. It's a lot larger than your standard Sky dish and being white is a little more obtrusive in most environments. The LNB on the end is something to behold, looking like the sort of thing that would befit Goonhilly Earth Station rather than your average 3 bed semi and the whole thing weighs a ton. The LNB, which Tooway call a TRIA is about 5-6Kg and when coupled with the industrial strength mounting kit will require a very sturdy mount to ensure reliable operation. That being said, I've got mine temporarily mocked up on a small aluminium tripod designed for use with caravans and motorhomes and it's working nicely at ground level. This also impressed me somewhat, as the thought of being able to have this kind of access pretty much anywhere in Western Europe with half an hour of setup time was very appealing (now I just need the motorhome).
Install was relatively straightforward - required components were almost all provided, with the exception of 1 x stepfather with drill and ladder for aborted wall mounting attempt and 1 x concerned girlfriend ensuring I didn't do anything too stressful having helpfully decided to undertake the installation a couple of hours after oral surgery....
The dish takes about 45 minutes to put together, and you'll need a Pozi screwdriver and a 13mm spanner, or ideally socket and ratchet. Sadly, I didn't take photos all the way through the process, but you get a poster like this one which shows you how to put it all together - think Ikea bookcase on steroids . .. . . .
Dish install poster, "á la Ikea"
Once it's all together, you get the interesting task of trying to find where to point it. The service is provided via Eutelsat's KA-SAT which is located at 9 degrees East. (http://www.eutelsat.com/satellites/9e_ka-sat.html for the geeks that want to know) and has a pretty small beam size so this was going to be no mean feat. I wish I'd done some video of Charles' and my first attempt using a fence post strapped to my garden bench. It clearly wasn't going to happen, and yesterday was blowing about Force 5 which made things even more interesting......
I found a couple of really useful tools to aid with positioning. The first is provided by Tooway and is a GMaps overlay to get the right azimuth and declination angles based on your address or GPS co-ordinates - http://finder.tooway-online.com - this will tell you the bearing you need to point at and the angle of elevation you need to set the dish to.
The next two are iPhone tools which helped massively. The first is DishPointer.com's Augmented Reality tool for iPhone (DP AR Pro) which gives you the bearing and elevation figures (you use the ones from the Tooway finder app to line up) and then handily shows you where in the sky to point at - taping your iPhone to the end of the TRIA device gives you a good first indication of where to go:
Dishpointer.com's really helpful AR App
The other app which was massively beneficial was the plaincode.com Clinometer app - held against the back of the dish mount it provides a very accurate elevation setting which was enough to find the heartbeat beacon to allow for setup.
Accurate angles from the Clinometer app
Tooway helpfully provide some videos on YouTube (search for Tooway Install) which shows you how to proceed from here - the TRIA device has a sounder built into it, which indicates signal strength. When connected to a satellite modem placed into install mode it beeps when it finds the heartbeat from the KA-SAT service and works rather like a metal detector - as you get closer the beeps get higher and faster until you eventually get a static tone to indicate a signal lock. This took me a while, and required the removal of several objects from in the way (Charles, his van, several cats etc) but was quite simple to achieve. Once that was done, I locked off the bolts on the dish, clicked next, waited a few minutes et Voilà, I got an IP address from the service. A quick call to Avonline got me activated and we're ready to go.
I'll do the proper install on the wall when I get the new bracket, but suffice to say, I'm suitably impressed. There's still the usual latency which you'd expect from a satellite service, but you're bouncing the signal about 30,000 miles there and back so it's somewhat unavoidable but I'm getting over 11Mbps download and about 2.8 upload - a massive improvement on the my BT provided services.
Right, I'm off to do other things now as "the other half" has just awoken from her slumber and I'm very concerned she's been barbecuing in her sleep - how can your hair smell of smoky BBQ by any other method. . . .Enjoy the photos below of the install. If anyone would like some help installing this then please drop me a mail at will.kennedy@netvector.co.uk
Temporary install on handy Motor Home stand
Alignment surfaces on back - place your iPhone here!
The TRIA or "LNB from Hell"
A not very sexy Skylogic satellite modem!
Subscribe to:
Posts (Atom)