Google Search Appliance

GSA's were personal Google engines, it would index all the documents on your network and make them searchable.  They were leased for a few years after which the hardware found its way onto eBay. A quick BIOS flash from Dell and they were restored to a normal PowerEdge.

I bought this on eBay in 2012, sniping it for $100. Other PowerEdge 2950's was going for >$500, so this was a steal. They're still on eBay, mostly newer models and some 1U SuperMicro models which still look appealing.

At the time it was a beast and a perfect lab machine.  Now it feels like a lumbering hulk.  It's still ridiculous looking which is the hardest reason to give this up and I need the space and I don't have time (parenthood!)

I'm also giving it up because I haven't turned it on in 3 years.

During POST it draws ~300w with idle of around 240w.  Powered down is still draws 40w. All of this is with only one of the PSU's connected.

It's listed on Craigslist and if I don't get any hits in week it'll go to the e-waste. Here are the specs before I sell:

• Dual Xeons
• 12 GB RAM
• DRAC
• PERC 5/i
• 2 x 80GB velociraptor in RAID 1
• 4 x 500GB Seagate in RAID 5
• Dual 750w PSU
• Dual Gb ethernet LOM
• Dual Gb ethernet PCI-E 

Uninstalling applications with GPO that were installed manually or during installation.

I installed applications with MDT during deployment.   I always assumed I could uninstall or update  it easily with a GPO later.  This is not the case. The GPO for software management works for uninstallation but only if it was installed with GPO.

Here's how I removed a few outdated apps.  On a machine with the applications that you want to remove, run:

WMIC product where "name like  '%application name%'" get Name, Version, IdentifyingNumber

The part in bold is the name of your application, run the command for each application.  This will give the product ID.  Use the product ID for a startup script that looks like this:

msiexec /x {XXXX-XXXXX-XXXXX} /qn

The open and close brace are mandatory, this wasn't clear to me in my research.  

Create a GPO in  GPO/computer configuration/Policies/Windows Settings/Scripts (Startup/Shutdown). 

Simple tools to secure browsing.

Here are some the tools that I use in my browsing habits.  

• Pry-Fi - Changes your MAC randomly while connected to WiFi. Good for public WiFi.

• Tor Browser - Does not need to be installed. Makes your traffic anonymous. It runs on Firefox and comes with HTTPS Anywhere. Don't torrent over it.  

• Orbot -  This creates a connection to the Tor network on Android. It goes hand in hand with Orbweb or a Firefox plugin.

• HTTPS Anywhere - Browser plug-in developed by the EFF. A good idea for any browser.

• Incognito / Privacy mode - This is the most basic of protections.  Useful if you ever sit down on someone else's computer.   The browser doesn't remember anything locally.  It does not protect your Internet traffic it just covers your tracks on the computer you're using.

Metro effectual

I've had Windows 8 on my laptop for over a year.  It's an i5 with 8gb RAM. It has a capacitive single touch screen.  Metro didn't make any sense, I navigate it with mouse / touchpad and keyboard.  I found myself actively avoiding the Start page and it's been annoying to use Windows.  
A friend purchased a Venue 8 Pro on Black Friday and I got to play wit it and Metro finally made sense!  When used with a touch interface then it's just fine. Even the MS Store showed some value.  Having a one size fits all OS does seem to work in my opinion.

There's too much confusion and blurring of product lines:

• Windows 8 for desktop, laptops and tablets.
• Windows 8 for ARM tablets
• Windows 8 mobile for phones

The Metro interface has no business being on a server.  That's the worst way to get people to move to a core install.  Especially if the Server Manager only runs on current edition of the client.

Device Mangler

Windows 7 SP1.  Fresh install. It has most of the drivers from the MDT pool which is nice but it's missing two devices:

• network controller
• unknown device

The network controller properties says Manufacturer: Unknown.  Toshiba's site lists three different possible vendors for Wifi on that model: Atheros, Broadcom and Realtek.   What about unknown device? How are you supposed to troubleshoot that?  What I really want to know is why. Why are you supposed to troubleshoot that?  

Those are major vendors.  The laptop has a Windows 7 certification sticker.  Even after SP1 Windows doesn't even know who built the NIC? I know MS doesn't make the hardware but surely it should be able to ID the major manufacturers of product that carry a Windows 7 sticker.

I hate it when people say "It's 2013, c'mon already!" but that's how I feel right now.  

At work I manage a lot of Apple products and these are problems that don't exist.  I have a lot of other problems with Apple but driver issues are not one of them.

Google Apps Migration for Microsoft Exchange

I recently took a contract to migrate a non profit from GoDaddy email to Google Apps. Despite a good deal of research and assurance from Google Enterprise support we ran into several problems, enumerated here.

The GAMME tool likes to run on a machine set to Greenwich Mean Time.  It will not run in Hawaiian Standard Time. In Win8 it will not run at all, Win7 gives and error message until the time zone has been changed.  The Irish Google support guys figured that one out.

Do not change the MX records until the mail migration is complete. If MX records are changed from GoDaddy's servers then the GAMME IMAP authentication will fail.  In hindsight this seems logical, at the time it was not obvious and was not documented.

The GAMME tools looks for a migration.txt with the format:

[ORIGIN ACCOUNT@DOMAIN.COM]#[PASSWORD], [DESTINATION ACCOUNT@DOMAIN.COM].

GAMME will only migrate mail if the destination account exists, it will not create a new account. I'm not sure what you're supposed to do if you can't change everyone's passwords. There's supposed to be support for using an admin's credentials instead of the user's but that was never successful. Documentation says to run it for no more than 25 users at a time, the realistic number is more like 3 or 4.  More than that and it would error out.

We ran GAMME against a particular user several times because their account had over 10,000 emails and kept failing. Each time we ran, the tool counted a different number of emails to migrate.  The user should have pruned before migration, but GAMME should be able to give a precise count.  There's no way to know if it got all that mail.

Google support indicated IMAP server type to use is Gmail.  That's if you're migrating from gmail to Google Apps. The most success was had with Cyrus IMAP migrating one or two users at a time.

Most accounts in GoDaddy were paid accounts which gives the users IMAP support.  Free email accounts in GoDaddy do not support IMAP, migrating them is not possible using GAMME.  Account must be elevated to a licensed account.



Folder structure was supposed to migrate and be translated into folders, this did not happen. Folder structure was lost.

There is no straight forward, accurate procedure for migrating from GoDaddy to Google Apps.  Many of the instructions from Google support were wrong or ended up being trial and error troubleshooting. Most of documentation is for an actual MS Exchange or Lotus Notes Domino server.

Google Enterprise support is often just as disorganized as others' support teams.  The Irish team seemed to be the most technically minded but you don't get to choose who answers your call. Each team we spoke with has a different approach.

I will continue to help institutions use Google Apps but I will never promise to migrate mail, it's just not worth the heartache and difficulty.

Pushing Wifi profile in MDT 2012

Surprisingly undocumented how to deploy a WiFi profile.  I guess best practices says to use RADIUS but that is beyond the scope of most SMB Sysadmins ability.  This will do in a pinch when you just need to skip the step of manually entering in the wireless key for each machine.  Keep in mind that this will store the key in clear text, as configured by the key=clear switch. Pretty much everyone already has access to the Wifi anyway, we only have security to keep the general public at bay.

Thanks to Serverfault for helping me put this together


Show the network profiles:
c:\netsh wlan show networks

Identify and export WLAN profile to XML
c:\netsh wlan export profile name=”SSID” key=clear

Copy the XML file to MDT DeploymentShare\Applications

In MDT create a new Task Sequence for Run Command Line:
netsh wlan add profile filename=WiFi 

Start in:
%deployroot%\Applications\

March of the machines

Most machines and interfaces available to the public are designed for simplicity, if not to be intuitive.

I often think of that when faced with a new set of controls with which I'm unfamiliar.

Tonight I was able to use a cash register.

Scan to email with the WorkCentre

UPDATE 8/2014 - For some reason Scan to Email stopped functioning.  Login Credentiasl for the Machine to access the MSTP server stopped authenticating, changing its value to none.  It's a radio button so it shouldn't be difficult to reinstate but it would not commit when using Chrome.  So, YMMV, but I highly recommend using IE when making configuration changes.
 

At work I've been struggling to get scan to email working for two Xerox WorkCentre MFPs, the 7125 and 7545. We use Google Apps for Education and I want to use the Google SMTP server, but I had a very difficult time getting it to actually work despite following Google's guide and the Administrator's guide from Xerox.  I found very little useful information on the web when troubleshooting, some people suggested STunnel which may have worked but would have added an additional layer of complexity.  


The solution was different for each model. For the WC 7125, SSL has to be enabled before being configured on the SMTP page.


WorkCentre 7125

• Set the 7125 to use SSL: 
• Properties 
• Security 
• SSL / TLS Settings 
• SMTP - SSL / TLS Communication [Set to] SSL/ TLS 

Configure SMTP server

• CentreWare IS, click Properties > Connectivity > Protocols > SMTP Server 
• SMTP Server Setup: STATIC 
• SMTP Server IP Address / Host Name: smtp.gmail.com 
• Port number sending email: 465 
• SMTP - SSL / TLS Communication: *SSL / TLS 
• Machineʻs email address: [dedicated service account]
• Scroll down
• Login Credentials for the Machine to access the SMTP Server to send automated e-mails: SMTP AUTH 
• Login Name: [dedicated service account] 
• Login Credentials for E-mail Send: System

The WorkCentre 7545 was just being a jerk. All the correct setting were in place but it still could not send email. The solution was a firmware upgrade and restoring defaults to the SMTP config page. I reentered the settings after restoring defaults and both of those together restored scan to email functionality. I guess Xerox excels at printing, not webpage management.

WorkCentre 7545

• Properties -> General Setup -> SMTP (E-Mail) 
• Required Information 
• Specify SMTP server manually, Hostname: smtp.gmail.com:465 
• Multifunction Device E-mail Address: [dedicated service account] 
• SMTP Authentication 
• SMTP Login credentials: System 
• Login Name: [dedicated service account] 
• Connection Encyrption: SSL / TLS

Cylon tablets

25 minutes to enroll with Google Apps.

Choosing a NAS

I want a NAS.  I want something rackable to fit in with my PE 1950. The 1950 has been sitting dormant for the last few months. It's kind of loud and I do'nt really have the time to get it up and running until I complete my CCNA.

Currently I have a machine running WHS v2.  I am pretty disappointed with it.  It's stopped doing PC backups nightly and I don't' really know where to begin troubleshooting it. WHS isn't 2008R2, so it lacks a lot of the features I really want to learn about, Hyper-V, DHCP, GPO, AD and DCpromo.  It has 3 x 1 TB drives, a quadcore with no VT  and a handful of DDR2 ram.  It's currently using the motherboard RAID controller for a RAID 5.

I want a NAS. I waffle between building and buying.  My budget is about $100.  My wants:

• Low power
• rackable
• SATA / SAS drives
• dual NICs
• Streamlined driver support

If I build, I can bring along a few drives from my WHSv2, memory and a CPU that is not low power. I have an Adaptec 2610SA RAID card, so I'd probably only need a case and an Atom.  If I build, then each piece is from a different vendor, with different support and warranty.  I'm kind of over building PCs from scratch.  I want centralized scalable management.

If I buy, I am quickly priced out of my budget.  Ideally I'd get a Dell, this would allow for centralized management through OMSA. Documentation, drivers and support are easily managed. It's probably not upgradeable.  

Another option, do I really need a NAS and server as separate devices?  Could I get a PE 2950, which supports 6 SATA drive, 32 GB of memory.  If I go that route I'd like to get a the Google Search Appliance build on the 2950, 'cause it looks silly. They go for ~$200 which is out of my price range right now.  It would mean only one device instead of two which limits the power draw and points of failure.  Part of this is to learn, and it's another thing to learn if they're on separate devices.

I wish Craigslist and eBay netted some amazing deals instead of what they have.

Nice Rack

I aquired this little AV half rack from work a couple of months ago and have slowly been consolidating my tech into it ever since. It's not a perfect fit for everything, the PE 1950 sticks out the back about 8" or so and is sitting on a shelf because Dell rails don't fit threaded holes. The printer is too big.

The Cisco gear is:

• Catalyst 2950 switch
• Catalyst 2960 switch
• Cisco 2600 router

It's a beginner CCNA lab. I'd like to have at least one more router and another switch but this is working for now. It's nice to walk through the CBT Nuggets videos with and that's what matters.

The before picture is no gem, but the after picture is not much better.  I reorganized the shelf but to what end?  

a clean desk is a sign of a sick mind

Thing a Day v2 begins.  An easy first one because I'm already balancing several large projects in life and at work.

My desk has two monitors! Yep, that's a mismatched Samsung 226BW and a Dell 2007FP in portrait. A Dell keyboard with media controls, the audio knob being its best feature, as the two USB ports on it are only 1.1.

I cleaned paperwork that was 3 months old. The only remaining paperwork is taxes which will be sent out in the next few days I guess.  The Cisco book can't go far as I'm knee deep in studying for the ICND2.

Hyper-V Server core

I found a Poweredge 1950 on eBay for $130.  Bells and whistles include:

• DRAC
• PERC/i5
• redundant PSUs
• Dual CPUs

It does not come with drives or caddies. Caddies I borrowed from work, drives I had.  I installed Hyper-V Server via USB drive by designating it a Virtual Floppy drive in the BIOS (also a good time to verify Intel VT is enabled). Initial config of HyperV server can be done from the console and is pretty straight forward. I verified some of my steps with a Dell Youtube video.

The first issue I had was connecting the Hyper-V Manager from the RSAT tools on my client to to the Hyper-V Server. I received the error: [Hyper-V Manager: Access denied. Unable to establish communication between ‘Hyper-V Server’ and ‘Hyper-V Manager]:

http://blog.mpecsinc.ca/2009/06/hyper-v-error-access-denied-unable-to.html


Settings firewall rules:

C:\>netsh advfirewall firewall set rule group="Windows Management Instrumentatio
n (WMI)" new enable=yes

Open Component Services [dcomcnfg.exe] on client. This allows HyperV server in Workgroup mode to connect to my client and mount an ISO.  I think in a domain the trust is already there.

1. Choose Component Services
2. Computers
3. Right Click My Computer
1. Select COM Security tab
2. Under Access Permissions, click Edit Limits
1. Select ANONYMOUS LOGON
1. Allow Remote Access

Navigating drives in DOS
c:\fsutil fsinfo drives

Downloading Broadcom drivers and BACS

Installing BACS

During installation I was prompted to enable TCP Chimney Offload.  An unusual name for a useful technology. Offload some of the processing to the NICs from the CPU.

Dell has a nice procedure for Installing BACS from DOS (for me BACS installed to Program Files\Broadcom\BACS\BACS.exe)


Most of this is just for my own notes. At this point I've built my first 2008R2 VM and about to run dcpromo to build my first domain controller.
I'd rather be working on this than CCNA, maybe I'll feel diferently when I'm working on the next cert.

There's a little more blood on my knuckles.

 I've been busy at work and home.

 Last Friday I completed a production Lion Server with Profile Manager as a Mobile Device Management server. It pulls users from Active Directory and allows enrolling iOS devices and downloading of configuration files.  I will be speaking at NERCOMP in the Spring about the experience and process. After that seminar I will try to publish my guide here for other folks trying to do the same thing.

These are the most boring teaser pictures, I think.  The least glamorous display of 10 iPads and the other picture is $20,000 of them.  Now when snarky students ask "Is this what my tuition is paying for?" I can say it's for iPads.

Today I passed the CCENT. This is the first step in realizing the CCNA, a certification I started but never finished 10 years ago in Blacksburg. The test was brutal and I'm not proud of my score, but if they want me to wear 25 pieces of flair then they should make the minimum 25 pieces of flair.

I could not have done it without my friend Greg who also earned his CCENT a week ago.  In a couple of weeks we'll start the INCD2 books and work toward the CCNA together.  This has been a really beautiful chapter of our friendship.

Windows Deployment Services

Here is my response to a colleague when he asked about our imaging procedure:

   We use Windows Deployment Services. It's a role in Windows Server. Using the Windows Automated Installation Kit, you create an answer file which allows an unattended install. Our procedure is based on this guide.  We also include scripts to install Sophos Antivirus and the Deepfreeze seed.  Neither can be included in the base image because each instance needs to be unique for communicating to their respective consoles. 

   A driver pool is necessary. This is a collection of all relevant drivers from each model of PC you are deploying to. 

Features I like:

It is hardware independent which allows us to only maintain a few images for many different hardware types.

Deploying the image automatically joins it to the domain

If you use a Virtual Machine to create the deployment image it's easy to update with any changes in the future.

Features I do not like:

Cannot automatically deploy to a computer lab.  There may be a way to do this, but we have not looked into it yet. We have to boot each PC from the network and choose the correct deployment image. 

Sometimes a new model of PC will have a new NIC or disk controller whose driver is not included in the boot image. Isolating the correct driver and inserting it into the boot image can be difficult and tedious. As long as you make a backup of the boot image before making any changes you leave yourself a safety net and it's not too bad.

Some hardware requires more than just a driver to work. Finger print readers on Thinkpads have given us this trouble. You either need to include the software suite in the deployment image which goes to all machines, install it manually on each Thinkpad or not install it at all.

I think WDS is an excellent solution for Faculty / Staff PCs and situation where you do not need to update large quantities of PCs at once. For a classroom or lab Ghost or other static image management might work better.

Server upgrade pt 3

Found more RAM that the server likes. 8gb total.

Turns out the NIC driver for my EP45-DS3R is not friends with 2008R2. After installing that driver update, it hangs on classpnp.sys.  I tried renaming it, deleting it and chkdsk but with no success. Chkdsk wouldn't run because the volume was locked? Thanks for helping me sort that one out, MS.
Ninja edit. the NIC driver is not hte only incompatible with R2.  The intial 80+ updates apply successfuly, the second round of 5 updates do not.  I have'nt been able to roll back, so it's a fresh install each time. Slow going.

Lots of Dell Poweredge server on eBay for reasonable prices, usually missing one piece of the puzzel i need. What I want in a server:
x64 bit CPU
CPU with Virtualization
at least DDR2 RAM.
SAS compatibility so I dont have to purchase SCSI drives. SCSI drives are high performance, low capacity, which is is great for a large number of users with small amounts of data. I have a small number of users and a large amount of data. I want large capacity and low performance (thinking of WD Green drives).

I've seen a Poweredge 2950 for $90 on eBay which lacks the CPU with Virtualization which I can over come with new CPUs but it only support SCSI, so no dice using preexisting drives. My search continues for a reasonably priced Poweredge.

Server upgrade pt 2

I got all my data backed up to a few external drives to reconfigure the data array.

Installed 2008R2, but when I went to add the HyperV role I get an error saying my CPU doesn't support hardware assisted vitalization. Sadministrator. This is a hard stop for this project. It is not possible to get creative for a work around.

My options are to either not run any VMs, and install everything locally on one server or to buy a new server. The goal of having the VMs was to learn, to have a practice environment not in production. I can't test in a production environment.

Now I'm waiting for a Poweredge on sale. They used to have a entry level servers for $200, so that's what I'm looking for now. I'll run the server and when another machine comes along it'll be a good time to learn server migration.

Right?

Server upgrade pt 1

Before putting the 6 year old RAID controller into production I had to update the firmware. I downloaded the driver, update tool and firmware. Everything sorted and organized for future upgrades. Updating through CLI is fun, most days it's done through an executable from Dell.

I finally convinced the server to take 2 x 2 GB of ram.

Organized in a spreadsheet how I will backup the data from the 3 x 1TB drives onto spare 750 and 2 x 320GB drives while I rebuild the array.

I think by the time I need to expand storage I will be ready for a new server.

End goal:
OS drive: RAID 1 onboard controller
Data drive: RAID 5 controller card.

HyperV server hosting at least 2 servers: production and test.
Keeping my eye out for a cheap Dell rack mounted server that I can put into a lack rack.

My server only likes one stick of ram. A specific one. I've tried five other sticks and it won't POST with them.

The stick in question is a 2GB 6400 DDR2 FATAL1TY brand RAM I got with a year of NOD32 for $10 about 3 years ago.

Samsung, Hynix and Nanya brands, like my motherboard does not. The goal is to get 4GB of RAM to comfortably install a Hyper V server and one or two virtual servers to start learning at home all the things I want to do at work.

Main goal is to provide roaming profiles for our accounts. I want Jessie to log into any machine and have the same experience, this does make it difficult when she stores DVD rips to the desktop, but she probably just needs training.

Other goals include File server, Group Policy, Printer Server, DHCP, DNS and Windows Deployment Services. These are pretty standard things, but I need to understand them thoroughly.

I'm planning on RAID 1 boot drives, 3 x 1TB RAID 5 file server. I have a 640GB for backups, I will need to expand that. Currently I have 2 x 1TB WD Green & 1 x 1 TB WD Black. for the RAID 5 I want matching drives and I'm OK with using Green for the array, I'm don't need a lot of performance.  It does seem like a waste to use a Black drive only for backups though. And purchasing 1TB drives now is not very cost effective, but purchasing 3 x 2TB drives is not in my budget.

I wish work would shed a few drives my way.

What  I really want is a new server, but that's certainly not in my budget. A nice little Poweredge would do me just fine.