Archive for March, 2007
Ran across one today that hasn’t been documented to death in the ether, so it’s worth sharing. Bottom line, if you install Windows Sever 2003 SP2 and have ISA on the box, you dang well better follow KB927695 and disable Receive Side Scaling on your NICs. even better, don’t do the hack in the registry, just modify the properties of the NIC to disable the setting. Here’s another reason why:
I was working with someone who was having a number of problems on his new SBS box. We got a number of them fixed, then we were trying to join a workstation to the domain. He had tried many variations of this previously, but all had failed. Once we resolved his IIS issues, we decided to see what would happen with the ConnectComputer wizard.
Problem 1: You can’t get to the ConnectComputer wizard. We continually got a “page cannot be found” error when trying to connect to http://server/conectcomputer, just like the Add Client Workstation wizard says to do. We could access the page at http://internalIP/connectcomputer, but this doesn’t always work, either. We were finally able to get the page to load and at least get through the main portion of the wizard using https://server/connectcomputer/
Problem 2: The ConnectComputer wizard encountered errors and could not complete. This happened at the end of the wizard as it was trying to change network settings to initiate the reboot that would join the machine to the domain, etc., etc., etc. We looked in the client-side log for the ConnectComputer wizard (which is in C:\Program Files\Microsoft Windows Small Business Server\Clients\SBSNetSetup.log, by the way) and found the following error in the log:
NetJoinDomain() failed 
Google found only a few posts about this specific error, mostly having to do with trying to join a workstation over a VPN when ISA is involved. Well, this server had ISA installed, but this is a local workstation and not over a VPN. Also worth noting is that it’s the first workstation to join the domain. But I digress. We followed the advise about turning off Strict RPC checking in ISA (which I regularly forget to do and hate that I have to in the first place) but that had no effect. Just when I was about to punt, I discovered that SP2 had been installed on the box.
Yes, the dreaded Windows 2003 Server SP2. The one that has actually been causing more issues than MS cares to admit right now. And the only reason he installed it when he built the server? Because it was listed in Microsoft Updates through the web, and since it’s up there, it must be safe to install, right? In this case, I certainly wouldn’t have installed it, but that’s just me. Oops, digressing again.
So I reviewed the Official SBS Blog for stuff about SP2 and found the note on the Receive Side Scaling. The server had broadcomm NICs (which have issues in themselves), so I went into the NIC settings through Network Connection Properties and disabled Receive Side Scaling on both the internal and external NIC. Viola! ConnectComputer not only ran successfully, but we were able to access it through http://server/connectcomputer without SSL.
I’ll be darned if I can understand exactly why changing this setting when SP2 and ISA are on the box had this type of impact on local networking, but as soon as I changed it, everything worked. I liken this to the other bizarre resolution where changing the internal name on a security group allows the Connect to the Internet wizard to run correctly (look down at the last entry in the thread for the real resolution) – can’t explain fully why it works, but it does.
Moral of the story – read everything about SP2 on the SBS blog and even if you think you may not be affected, look at each one of the items listed there. Or don’t put SP2 on any of your boxes just yet. The latter is the direction I’m taking when I have an option.
A couple of days ago, I ran across a couple of very handy little tools that I had previously been unaware of: the
IIS Diagnostics Toolkit, and the
SSL Diagnostics Toolkit. Technically, the SSL Diagnostics Toolkit (ssldiag) is part of the IIS Diagnostics Toolkit (iisdiag), but it’s actually been updated since iisdiag was released, and if you’re trying to troubleshoot SSL issues, you’ll want to download and install it separately. The tools are small and straightforward to use, and they’re free!
I ran across these tools trying to troubleshoot an OWA problem – after a rebuild on an Exchange box, OWA and Exchange ActiveSync would not work. A bit of digging revealed that IIS didn’t seem to be responding to any HTTPS requests at all. After digging around a bit and finding these tools, I ran a quick SSLDiag check, and it immediately told me that the SSL certificate that had been installed in IIS did not have a private key associated with it, which meant that IIS could not generate any encrypted information to send back to the requesting client. We installed a new cert, and the site started working as expected.
So now I have another set of tools that I’m going to include as defaults to install on a new server build in addition to the Support Tools from the server install CDs. Very handy tools to have.
If you’ve updated to Mac OS 10.4.9 since it was released last week, you may have fallen victim to an update that wasn’t highly publicized by Apple. To address a problem where PoweBook and MacBook users have been ejecting the CD by accidentally pressing the Eject key (which, granted, is dangerously close to the function keys and not really separated on the Power/MacBook keyboard layout), the 10.4.9 update introduced a “key delay” for that key to curb accidental ejections. Unfortunately, they didn’t really tell anyone about it, and there’s no setting to adjust for desktop Mac users who have a completely separate key and are less prone to accidental ejection.
Now, if we were talking about the ejector seat in a car or plane, I’d absolutely want to prevent accidental pressing of the key. But this is a CD. If you eject it accidentaly, yeah, you may lose a few seconds, but is the fix worth the frustration this has caused some Mac users who are suddenly thinking their keyboards (or minds) are on the blink?
Apple’s Doc on the subject explains the behavior, but doesn’t give much background. There’s also the unusual “This document will be updated as more information becomes available” line at the end of the document. Maybe that means there’s a fix for the fix underway? Who knows at this point…
I just learned the hard way that some Dell on-board PERC RAID controllers, in particular the PERC5/i, do NOT have an audible alarm that will sound when the controller card detects an alertable condition. I just found that one of my servers had a bad drive, but have no idea when the drive went bad, becuase the Alarm I configured in BIOS failed to sound. Only after working with Dell to deal with the failed drive did I find out that this particular on-board PERC controller actually has no alarm, despite what the controller BIOS says.
I don’t rely exclusively on the audible alarm for notification when a drive or array fails, but it is a nice fallback plan, and if you’ve been thinking that your on-board controller supports this, you might want to doulbe-check to make sure. Just because there’s an option there in the BIOS to enable an alarm doesn’t mean that there’s actually an alarm supported.
Just when you thought you weren’t going to get any updates from Microsoft in March of 2007 (some speculated this was a result of the DST fiasco, but maybe not), Microsoft announced on March 13 that Windows 2003 Server SP2 was available. Not only is it available on Windows Update, but two other updates are present as well.
For more information about the SP2 release, see my post on my business blog. There are some interesting gotchas related to SP2, and not just on the SBS platform…
Given everything else that’s going on with DST and calendaring, Entourage 2004 is actually fairly straightforward to deal with. However, what if you’re running an older version of Entourage, say Entourage X? Well, MS no longer officially supports that product, so while the default response might be to say “deal with it” or “upgrade to Office 2004, some folks in the Entourage community have put together a workaround to deal with the issue.
It’s worth noting here (they also note this in their posting, but this is important) that this workaround has not been sanctioned or approved by Microsoft, and you do this at your own peril. But it’s actually a fairly straightforward adjustment and has a script developed as well, so compared to the potential damage versus just having all your appointments off by an hour, it’s not too bad. Plus, recovering from a failed modification is easy.
Worth checking out if you’ve got that particular challenge.