Archive for Observations
I saw a little e-mail the other day that linked to an article at ZDNet about a new app for the iPad – OnLive Desktop – which promised to deliver a virtual Windows 7 desktop and Office applications over the air. Of course, I popped right on over to the web site at OnLive and signed up to be notified when the service was opened up. Well, this morning I received my e-mail that my account was ready to go, so I fired up my iPad, downloaded the OnLive Desktop app, and got going. Here’s a very quick overview of the service, because I had very little time to really investigate this morning.
First, I launched the OnLive Desktop app:
While doing some testing on the restore capabilities of SBS 2008 using the native Server 2008 backup and restore tools, I ran cross an interesting tidbit regarding the restore process. Once I thought about it, it made sense, but not having tested a full system restore yet, I hadn’t run across it just yet.
When doing a bare metal restore of SBS 2008 using the native Windows Backup tools, your restore system must match the disk configuration of the source server as closely as possible. Specifically, if you have your backup from a server with two partitions on a single volume, you must restore to a single volume whose size is at least as large as the source volume. You cannot restore the two partitions from the original backup to a system with two volumes and expect that one partition would restore to one volume and the second partition would restore to the second volume. If your backup came from a system with a single volume and two partitions, you must restore to a system with a single volume so the backup can put two partitions on it.
I’m assuming that the reverse is true (if you have two volumes as the source for the backup, you must have two volumes for the restore) but have not had the ability to test this yet.
Again, this holds for a bare metal restore using the recovery method available when booting from the SBS 2008 installation CD. Using the native tools when SBS 2008 is running, you have the option to restore to alternate locations.
I recently was contacted by a partner who was having trouble with a migration. They had been working all night because they ran into trouble and had to start over. In the second pass, they could not get Active Directory to sync between the two servers. That’s when they called me in.
After getting a status report about the error, the first place I had them look was the ipconfig on both servers. As soon as they looked at the output from one of the servers, they knew what the problem was: the server was pointing to a non-existent system for DNS. There was no way that box could sync anything since it could not get valid DNS entries for AD.
The moral of the story: always check the basics. Even if you KNOW that the settings are what you are expecting, confirm them when you hit a snag.
There are a lot of changes happening in the backup industry as the space begins to move away from tape as the primary backup medium and starts using hard disks or network storage instead. Several vendors are now offering backup tools that rely on imaging technologies instead of file-based backups. I have started migrating many of my clients over to image-based backup tools, in fact.
But there’s still one thing that you really, really need to do when working with image backups – System State Backup. This is a special backup process that backs up Active Directory and other key server information such as the registry and other Windows configuration settings. I can’t count the times I’ve run across a situation that would have been easily resolved by restoring a system state backup. AD corruption, GPO corruption, etc. Sure, you could restore the entire C: image with your imaging tool, but then you lose any other data that was added to the drive following the backup.
But there are also some cases where an image-based backup fails to do its job. I spoke briefly with someone today who was having trouble because the image-based backup tool he was using was not correctly restoring the data to the system partition and the system was not bootable. He had gone around and around with the vendor of the backup software, and they could not get it to work. My first question to him was “do you have a system state backup?” Unfortunately, no. If he’d had a system state backup, he could have done a core install of the server OS, restored the system state, then gone into the backup software and done a file-based restore of the remaining contents of the system partition.
A system state backup can be captured very easily from ntbackup on a server, and can be saved to a file on local disk or on a share to another machine on the network. Either way, the backup file should be stored someplace that it can be easily accessed in case a restore is needed.
Some lessons are learned once, some you learn over and over and over again. Case in point:
A client needed assistance installing an SBS 2003 server into an existing Windows 2003 domain. He had looked at the documentation in the Microsoft KB 884453 but decided he wanted my assistance with the process. So I get to the site and start going through the process.
There’s one key piece of information missing from the KB, however, when you use the SPS 2003 SP1 integrated installation media. When installing the server portion, the setup enables the Windows firewall on the NICs in the server so that no bad stuff can get in. This is a wonderful change from the original install media where you really had to disconnect the NICs from any live network when doing the install to make sure that the box didn’t get hammered by Blaster of Slammer or any other other threat that was protected against with SP1. But I overlooked it. So when I did the dcpromo, the box came up into the network correctly. When I installed DNS, it installed correctly. But I could not get the two DCs to replicate.
Fortunately my friend Wayne helped me find what should have been an obvious step in the process for me – can you ping both machines by FQDN from each other? I could ping the existing server from the new server, but the old server could not ping the new server. When I went in and disabled the Windows Firewall on the NIC in the new server, replication started happening immediately and the remainder of the installation process finished successfully.
So add this one to your hat – when you follow MS KB884453 and you’re using SBS 2003 SP1 integrated installation media, you need to turn off the Windows Firewall on the NICs to let replication complete.
I fielded a call recently from someone who was having trouble joining a set of Macintosh workstations to the domain in his SBS-based network. He had followed the instructions on this blog as well as in the SBS 2003 Unleashed book, but was still having issues.
We went through the usual suspects: DNS (configured correctly, got lookups from AD just fine), SMB signing (able to access shares on the server with no hccups), and the Directory Access configuration. No matter what he tried, when he clicked the Bind button in Directory Access to join the domain and entered the administrator username and password, Directory Access would get to step 3 of the process and give a password error.
I asked if he was using any special characters in the Administrator password, and that’s when he told me that the Administrator password was blank. As soon as we set the Administrator password to something other than blank, the Mac joined the domain immediately.
This is not the first time I’ve run across network encounters that break when there is no password on the Administrator account. I didn’t ask if he was using a blank password while setting up the system, or if they use a blank Administrator password as normal practice. Bottom line, the password on your Administrator account shoudl be the most complex and most secure password on the network. This is the account that hackers will try first when attempting to compromise security on your network, and an empty password is one of the first that they will attempt to use.
Iâ€™ve been a little out of pocket this week with the holidays and family in from out of town, but I went through several mailing lists this morning and saw several messages asking for clarifications about the Microsoft Small Business Server 2003 Unleashed book. In this post, Iâ€™ll briefly discuss some of the structure and thought processes behind the book, which will hopefully address most of the questions that have been asked.
Another relatvely useful technology goes “boom.”
My earlier post on the outbound mail woes I’ve had was delayed a couple of hours because I had to completely rebuild my blog site. Completely. Reinstalling the blog software and everything. Fortunately, Movable Type has a nice little import/export feature that I was able to use to back up (export) my blog contents to a text file before I blew away the installation and started over. And, after I got Movable Type reinstalled and reconfigured, I was able to restore (import) my blog posts in one step and it was as if the site never had a hiccup.
But it got me to thinking about my web space provider and what type of backups they provide for the site. In this case, since this is dynamic content generated by Movable Type and not by Dreamweaver, I don’t have a local set of files I could re-upload in case of server drive failure. so I’m off to explore the backup/restore options my web host provides should there be a catastrophic error someday. In the meantime, I’m doing an export of my blog contents before every blog post for the time being, just to make sure.
If I were to ask you where your biggest computer security threat was for your organization, what would your answer be? Viruses? Spyware? Internet attacks? Spam? Weak passwords?
All of these items are valid security threats to your organization, but you may be surprised to know that even though you have protected yourself at your server and your connection to the internet, you are still vulnerable to each of these threats. Your biggest risk comes not from external attacks, but from within – at the internal desktop or laptop PC.