It seems that although 19" rackmount gear is meant to be 19" some is more than others. In the case of our new tape unit for our new backup solution it came without rails which although not an awful problem did leave us with some issues.
Having stolen a couple of sets of rails from our old IBM rackmount servers and first trying some low profile screws to allow the deep unit to slide all the way to the back we finally ended up using a little brute force and loosening the screws on some other IBM rails to get the unit to sit on a shelf of rails.
It seems that some suppliers are better than others at allowing you to get your hardware in the rack. IBM 1 - HP 0
Friday, 29 June 2007
Wednesday, 20 June 2007
IE7 Hover styles
Part of my job is looking after an Intranet and HR Portal and one of the current tasks I have assigned myself is keeping it up to date as its starting to look a little sad.
Its going to be a long project from start to end but I have started nonetheless. With auditors due in shortly we thought it be for the best if we followed up on their observations from last time which meant sorting out our asset management.
Currently we have an old excel file that is way out of date which we just wave about when the auditors come alas it failed us last time so we thought we had better do something about it and make it more easy to look after so I started doing an asset management and tracking PHP and MySQL addition to the current Intranet.
Having done a few item entries and testing the search functionality I though a row highlighter would be good so you could hover over the item in question and it would be highlighted. Having looked through some dirty fixes and pages of endless JScript to do the task I found that IE7 has a :hover tag for all parts now similar to how it did for hyperlinks in previous versions.
Having played and failed to get it to work the fix was found in a posting on a fellow Bloggers site: http://www.bernzilla.com/item.php?id=762 , to save those too lazy to read any more basically enter:
(Remove the first and last hyphen) Add this to the start of your page even before the opening <-html-> (hyphens added to protect the innocent) tag. Just make sure that you have no existing styles on yourtag when you create your TR:Hover style.
Its going to be a long project from start to end but I have started nonetheless. With auditors due in shortly we thought it be for the best if we followed up on their observations from last time which meant sorting out our asset management.
Currently we have an old excel file that is way out of date which we just wave about when the auditors come alas it failed us last time so we thought we had better do something about it and make it more easy to look after so I started doing an asset management and tracking PHP and MySQL addition to the current Intranet.
Having done a few item entries and testing the search functionality I though a row highlighter would be good so you could hover over the item in question and it would be highlighted. Having looked through some dirty fixes and pages of endless JScript to do the task I found that IE7 has a :hover tag for all parts now similar to how it did for hyperlinks in previous versions.
Having played and failed to get it to work the fix was found in a posting on a fellow Bloggers site: http://www.bernzilla.com/item.php?id=762 , to save those too lazy to read any more basically enter:
<-!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"->
(Remove the first and last hyphen) Add this to the start of your page even before the opening <-html-> (hyphens added to protect the innocent) tag. Just make sure that you have no existing styles on your
Tuesday, 19 June 2007
Event ID 8026 on Exchange Server
After the demise of our old DC and the pheonix from the flames rebirth of our new 2003 domain I thought I had better watch the logs of some of the servers to make sure they were all happy.
Simply choosing a new domain controller in both the top level domain and subdomain all was grand and another red cross was stricken from the event logs nevcer to return.
The DC's displayed the usual ignorable events but the Exchange server had this little beauty in the application log:
The server was still trying to communicate with the old now retired server. Microsofts knowledgebase took me straight to the solution: http://support.microsoft.com/kb/272552
Simply choosing a new domain controller in both the top level domain and subdomain all was grand and another red cross was stricken from the event logs nevcer to return.
Monday, 18 June 2007
A Snap Server Update
It appears that although our upgraded Snap Servers can now see the 2003 domain and its users in the access lists if I try to connect even with full admin rights it attempts to send my username with the additional DOMAIN\ on the front which means it fails.
Users on this forum have reported various issues and currently there are two fixes available.
The first is to run with EVERYONE with full rights, this solves any need to check on rights and henceforce just works but grants everyone access to copy all our installation points and programs etc. not overly alarming but we would rather not.
The second solution which we are now having to use is mapping the NAS to a drive letter and specifying credentials when we do it. This is done via a batch file from the logon script, its a fix but its not pretty and I am not really impressed. Here is the command for those in the same boat:
net use w: \\snapserver/sharename password /user:administrator
If anyone has a way of getting this to work please help! I hear its something to do with NTLM and Vista users have no hope at all.
Users on this forum have reported various issues and currently there are two fixes available.
The first is to run with EVERYONE with full rights, this solves any need to check on rights and henceforce just works but grants everyone access to copy all our installation points and programs etc. not overly alarming but we would rather not.
The second solution which we are now having to use is mapping the NAS to a drive letter and specifying credentials when we do it. This is done via a batch file from the logon script, its a fix but its not pretty and I am not really impressed. Here is the command for those in the same boat:
net use w: \\snapserver/sharename password /user:administrator
If anyone has a way of getting this to work please help! I hear its something to do with NTLM and Vista users have no hope at all.
Thursday, 14 June 2007
Remote Control of Console Session
This has been a bugbear of mine for a while but one I had never got round to fixing and using. I spent an awful lot of time logging off sessions and logging on afresh to a new session instead of taking control of the console session and using the existing one to read current application activity etc. on apps that had to stay running.
To enable the ability to take control you first need to enable taking over the session without input from the console session.
To do that:
To enable the ability to take control you first need to enable taking over the session without input from the console session.
To do that:
- On the server you want to take control of START - RUN - gpedit.msc
- Expand Computer Configuration - Administrative Templates - Windows Components
- Select Terminal Services, find the entry 'Sets rules for remote control of Terminal Services user sessions'
- Double-click it and click the enabled radio button
- In the drop down that appears select 'Full control without user's permission'
- Click OK and close gpedit.msc
Now to take control of a console session you can use two methods, log in via terminal services to the same server and then at the command prompt enter 'SHADOW 0' this will take control of the session 0 (the console) and drop your session in the process. If someone is logged on at the console it will lock the computer.
The other method is via the client. Type 'msdtc.exe /v:computername /console' and you will go straight into the console. If like us the admin has been disabled to prevent hacking you might only be able to use the first option.
Wednesday, 13 June 2007
.Net Security Settings
Microsoft in their infinite wisdom decided not to add the configuration tools for the .NET framework with the .NET framework itself. This has resulted in some rumblings on the forums and some headaches for admins but they did add something to ease the burden.
The configuration tool is in the SDK for the .NET framework and with it is the ability to make the changes you require and then export the changes out as an MSI file for installation elsewhere in the enterprise.
Our problem was due to the increased security that .NET imposes by default, no working from network drives. Easily fixed with the .NET framework configuration tools via the MMC (mscorcfg.msc). Pull up the MMC with the .NET Framework Configuration snap-in.
The configuration tool is in the SDK for the .NET framework and with it is the ability to make the changes you require and then export the changes out as an MSI file for installation elsewhere in the enterprise.
Our problem was due to the increased security that .NET imposes by default, no working from network drives. Easily fixed with the .NET framework configuration tools via the MMC (mscorcfg.msc). Pull up the MMC with the .NET Framework Configuration snap-in.
- Navigate My Computer - Runtime Security Policy - Machine - Code Groups - All_Code - LocalIntranet_Zone
- Right-click and click 'New...'
- Enter a name and description
- For the file location in our case a mapped network drive G: we use file://G:\* The * indicates all subfolders
- Next step select 'Full Trust' from the drop down list
- Retstart your development application
Now to export it as an MSI:
- Right-click on the 'Runtime Security Policy' subtree
- Left-click 'Create Deployment Package'
- Follow the wizard to create your MSI package
Thats it in a nutshell, it certainly saves installing a 350MB download on every PC that wants to run a development tool over the network.
Tuesday, 12 June 2007
LDAP and Digital Sending settings
Here is one that has been a pain to setup, digital sending using the Active Directory for mail addresses.
To set this up, open the web front end, go into the Digital Sending tab and then into the Addressing option on the sidebar.
The settings are as follows:
To set this up, open the web front end, go into the Digital Sending tab and then into the Addressing option on the sidebar.
The settings are as follows:
'Allow Device to directly access an LDAP Address Book' = Checked.
Accessing the LDAP Server:
'LDAP Server Bind Method' = Simple
'Use Public Credentials'
Username: -AccountwithreadrightstoLDAP-
Password: -password-
'LDAP Server' = -ADDomainController-
'Port' = Either 389 for LDAP or if the server is a Global Catalog you can use 3268Searching The Database:
'Search Root': dc=mydomain, dc=com (split your domain into sections seperated by the dot and then add dc= to the start and , to the end)
'Device user information retrieval'= Custom
'Match the name entered with the LDAP attribute of' = We use 'cn' for the container of the user to match the name against
'Retrieve the recipients email address using attribute of' = mail (the mail attribute specifies the E-mail address)
Monday, 11 June 2007
Windows 2003 domains and Snap Servers
It seems now the domain is fully 2003 that Snap Servers are not supported on old releases. Our 2 Snap Servers are purely used as installation points and driver stores to aid in day to day IT and save a lot of scrabbling around after CD's.
So basically we have no install points no drivers, no patches, no IT helpful stuff of any kind! Having looked around on various forums and Adaptec (the current owners of Snap Server) it seems that there is confusion over upgrading.
To go to Snap Server v4.0.860 in the USA it looks like there is $200 fee (although there is a free upgrade if you already run a current v4 build) but talk on the forums mentions no such fee if you call in Europe and there support folks will mail you the required access.
So to Tech Support we go......and wait.....and wait....finally giving up on the support line an E-mail was not replied to so off to Google for the file name. Shock! Horror! Google failed me! tis a black day indeed.
But joy of joys and the wonders of FTP search engines found this little beauty and on an Adaptec mirror of all places: . So thanks Adaptec for letting me have it for free.
So basically we have no install points no drivers, no patches, no IT helpful stuff of any kind! Having looked around on various forums and Adaptec (the current owners of Snap Server) it seems that there is confusion over upgrading.
To go to Snap Server v4.0.860 in the USA it looks like there is $200 fee (although there is a free upgrade if you already run a current v4 build) but talk on the forums mentions no such fee if you call in Europe and there support folks will mail you the required access.
So to Tech Support we go......and wait.....and wait....finally giving up on the support line an E-mail was not replied to so off to Google for the file name. Shock! Horror! Google failed me! tis a black day indeed.
But joy of joys and the wonders of FTP search engines found this little beauty and on an Adaptec mirror of all places: . So thanks Adaptec for letting me have it for free.
Thursday, 7 June 2007
Subdomain, crash and burn! EEEEK!
Yesterday we did the final DC upgrade to 2003. This was a DC running as a virtual machine on an ESX server. We thought this would be pretty painless as we had already done the same thing on 3 other domain controllers in this forest. How wrong we were!
Following the upgrade and on the reboot following the GUI install phase BANG! blue screen of death loop with a 0x0000007B error. It looked to have been related to the driver for the virtual SCSI controller.
We tried the usual BartPE injection of 'LSI Logic' drivers into the installation but to no avail. Having tried a repair install and submitting the drivers using the floppy F6 option again we had the same problem.
Time was key and we had to decide wether we wanted to persevere with trying to resurrect the dead DC or move on with the DC we had left. The boss made the call that this server was dead.
First job was to get the other DC up and running as the master DC in the domain (read: carrying the FSMO roles) so with the aid of the handy bookmarked KB article we seized the roles:
A heads up on this is that once you have selected your server you have to 'go back one level' which is easily overlooked in the fear of losing the domain!
In brief:
The 5 roles in the forest are as follows (in terms of naming for the seizing): rid master, pdc, schema master, infrastructure master, domain naming master. This was the subdomain so we only required the seizing of the rid master, pdc and infrastruture master. Also of note is setting the global catalog, as we only had the one DC left this had to run on the infrastructure master (we moved it after we had a second DC back up).
We brought up a second virtual server image, dcpromo'd it up and got it as the GC using the 'Active Directory Sites and Services' tool:
A single checkbox on the NTDS Settings properties is all there is to set. Needless to say it was a long fretful night and today is still ongoing with changing IP's and DNS updates etc.
As far as I can tell DNS is the magic behind most of this, get that running and the network looks after itself.
Following the upgrade and on the reboot following the GUI install phase BANG! blue screen of death loop with a 0x0000007B error. It looked to have been related to the driver for the virtual SCSI controller.
We tried the usual BartPE injection of 'LSI Logic' drivers into the installation but to no avail. Having tried a repair install and submitting the drivers using the floppy F6 option again we had the same problem.
Time was key and we had to decide wether we wanted to persevere with trying to resurrect the dead DC or move on with the DC we had left. The boss made the call that this server was dead.
First job was to get the other DC up and running as the master DC in the domain (read: carrying the FSMO roles) so with the aid of the handy bookmarked KB article we seized the roles:
A heads up on this is that once you have selected your server you have to 'go back one level' which is easily overlooked in the fear of losing the domain!
In brief:
START - RUN - ntdsutil
roles
connections
connect to server MyDC
q
seize roletoseize
q
q
The 5 roles in the forest are as follows (in terms of naming for the seizing): rid master, pdc, schema master, infrastructure master, domain naming master. This was the subdomain so we only required the seizing of the rid master, pdc and infrastruture master. Also of note is setting the global catalog, as we only had the one DC left this had to run on the infrastructure master (we moved it after we had a second DC back up).
We brought up a second virtual server image, dcpromo'd it up and got it as the GC using the 'Active Directory Sites and Services' tool:
A single checkbox on the NTDS Settings properties is all there is to set. Needless to say it was a long fretful night and today is still ongoing with changing IP's and DNS updates etc.
As far as I can tell DNS is the magic behind most of this, get that running and the network looks after itself.
Tuesday, 5 June 2007
Top level domain now full 2003
The final DC in the top level domain was upgraded today which was pretty painless as this top level is simply in place for adding subdomains to if we require them in the future.
One little fun surprise was this error:
This popped up after we tried to do some uninstallation of bits we no longer needed, in this case the Windows 2000 administrative tools. Apparently this little gem comes up if you install 2003 over the top without uninstalling the tools first, thankfully installing the 2003 admin tools disposed of the 2000 tools in the process.
The second little beauty was the following error from the event viewer having installed 2003 SP1 we got this error in the system log:
This was a little worrying to start with and the only mention in the knowledgebase did nothing to calm our fears
some more probing on the net and it appears that I am not the only one. This error is one of those 'I am not ready' when starting errors that so often happen these days. I remember IIS and Exchange being famous for these. Basically whats happening is a check is being done too early in the startup and as a result is failing which means we get an error. Waiting another few seconds and the service does start and all is fine just a process getting a little ahead of itself.
No fix at present so just ignore that huge red error in your event viewer OK, its normal.
One little fun surprise was this error:
apphelp dialog cancelled thus preventing the application from
starting.
This popped up after we tried to do some uninstallation of bits we no longer needed, in this case the Windows 2000 administrative tools. Apparently this little gem comes up if you install 2003 over the top without uninstalling the tools first, thankfully installing the 2003 admin tools disposed of the 2000 tools in the process.
The second little beauty was the following error from the event viewer having installed 2003 SP1 we got this error in the system log:
Event ID 7022: The Kerberos Key Distribution Center service hung on starting
This was a little worrying to start with and the only mention in the knowledgebase did nothing to calm our fears
some more probing on the net and it appears that I am not the only one. This error is one of those 'I am not ready' when starting errors that so often happen these days. I remember IIS and Exchange being famous for these. Basically whats happening is a check is being done too early in the startup and as a result is failing which means we get an error. Waiting another few seconds and the service does start and all is fine just a process getting a little ahead of itself.
No fix at present so just ignore that huge red error in your event viewer OK, its normal.
Monday, 4 June 2007
Word takes forever printing
Today we had an old Word problem come back to haunt us again. A few years back this came up and I thought 2 Word revisions on that this would now be solved.
The problem in question was a Word document of just over 2Mb when sent to the printer would take an age to then print. We started with the obvious removing all traces of images including Visio drawings and then as the problem stayed moved on to removing GIF images and then copying and pasting the document into a new file.
Nothing solved it, finally the user with the problem changed the borders on the table that ran almost the length of the document. Changing from a dotted line to a plain standard line and printing was as fast as ever.
It appears that Word hasn't been fixed of this issue and some searching of the KB found this old article on NT4 and LaserJet 5 printers: http://support.microsoft.com/kb/163599
Just goes to show you are better off taking note of these things as you can't rely on them getting fixed no matter how many revisions are made.
The problem in question was a Word document of just over 2Mb when sent to the printer would take an age to then print. We started with the obvious removing all traces of images including Visio drawings and then as the problem stayed moved on to removing GIF images and then copying and pasting the document into a new file.
Nothing solved it, finally the user with the problem changed the borders on the table that ran almost the length of the document. Changing from a dotted line to a plain standard line and printing was as fast as ever.
It appears that Word hasn't been fixed of this issue and some searching of the KB found this old article on NT4 and LaserJet 5 printers: http://support.microsoft.com/kb/163599
Just goes to show you are better off taking note of these things as you can't rely on them getting fixed no matter how many revisions are made.
No fix (yet) for McAfee and Outlook
Having had users complain of Outlook crashing with a runtime error from time to time I thought I should try and fix this problem rather than doing the Microsoft Fix which basically entails removing your E-mail virus checker from the desktop.
Having done some browsing round the rather helpful mcafeehelp.com forums it seems we are outta luck unless you fancy talking to a call centre guy who will then pass you on to 2nd line support who will then make you run some 'diagnosis tools' and then finally give you the file you asked for to start with.
Due to having done all this before and it nearly making me want to '/wrists' I think I will await the next patch that will come one day or until the complaints become more unbearable than call centres and begging for patches.
Having done some browsing round the rather helpful mcafeehelp.com forums it seems we are outta luck unless you fancy talking to a call centre guy who will then pass you on to 2nd line support who will then make you run some 'diagnosis tools' and then finally give you the file you asked for to start with.
Due to having done all this before and it nearly making me want to '/wrists' I think I will await the next patch that will come one day or until the complaints become more unbearable than call centres and begging for patches.
Friday, 1 June 2007
FREE SSL Certificates
We are currently looking at our email 'on the go' solution and thought you might like to hear this little bit of FREE-ness. Having had a Blackberry enterprise server for a while now and the contracts up on all our mobiles we are looking at alternative solutions.
Obviously the cheaper option is the Microsoft push email using Windows Mobile 5 AKU2 or greater handsets, so not to be held back with our fiddling ways me and the boss have a new handset for playing...erm....I mean testing this possible solution.
One of the fun joyous things is getting the damn thing working on Exchange 2003 (lets pray things are easier in 2007) which requires an SSL certificate to keep it nice and secure.
Well, the short story is we got it working, I will cover the struggle at some later date when we roll more out and I can document it in more detail but as SSL is useful for more than just email handsets I thought I would point you at startcom.org, these guys are the best with a nice forum full of helpful folks so if you are in need of a cert this is the place to start. Sadly they aren't certified with IE yet but noises on the forums suggest they are working on it.
Obviously the cheaper option is the Microsoft push email using Windows Mobile 5 AKU2 or greater handsets, so not to be held back with our fiddling ways me and the boss have a new handset for playing...erm....I mean testing this possible solution.
One of the fun joyous things is getting the damn thing working on Exchange 2003 (lets pray things are easier in 2007) which requires an SSL certificate to keep it nice and secure.
Well, the short story is we got it working, I will cover the struggle at some later date when we roll more out and I can document it in more detail but as SSL is useful for more than just email handsets I thought I would point you at startcom.org, these guys are the best with a nice forum full of helpful folks so if you are in need of a cert this is the place to start. Sadly they aren't certified with IE yet but noises on the forums suggest they are working on it.
Subscribe to:
Posts (Atom)