June, 2008

Server consolidation

There is one commonality here in Winnipeg, Manitoba. Lots of servers, using a lot of power. Being a province that generates our own Hydro, we have pretty cheap electricity without having to worry about the expense of power like other provinces or states do. However this doesn’t mean we shouldn’t be a little more green to help out the rest of the world.

It is quite often I will see server rooms filled with racks and racks of servers with no heed paid to virtualization at all. A lot of people believe it or not, still haven’t even heard of it as they are busy focusing on other things in their business and don’t keep their ear to the ground in the IT world. It’s at times like these that I like to point out the benefits of virtualization.

You can easily take an HP C3000 blade enclosure (this enclosure, aka the “shorty” is targeted at the SMB market) and fill it with server blades, a tape blade and a storage blade, and consolidate racks worth of servers down into 6U of space. Then you can install VMWare ESX Server on the server blades and potentially have tons of virtual machines per blade server. If you haven’t looked into these technologies lately I suggest you do, they are the next big thing in IT and have just been getting better and better.

 By doing this you can save your company money on power, thermal, physical space constraints, and sheer amount of servers and racks you have to buy. Also by implementing VMWare on a blade enclosure, you increase the level of redundancy you have greatly over what you would typically have in standard configuration of one server installation per rack mounted server by taking advantage of the features available to you in VMWare and in the blade enclosure.

 -RP

The value of taking the time to image servers…

Hello again! Today I wanted to talk a little bit about the value of imaging servers. What I mean by this is using a software product like Ghost or Acronis to take an exact image of the disk partitions so you have a nice “point in time” copy of a server.

You see there are times when you need to perform maintenance or patching to a server in order to fix something but you might be unsure of what the outcome will be. I have seen lots of small patches or upgrades bring down a server to the point where the technician needed to reinstall the operating system and restore data from backup. Normal backups are great, however they typically take a lot longer to restore which in the end causes more down time for the client. If you just take an image of a server then you can easily restore that image in a short amount of time if whatever you did causes an issue.

I have been on tech support calls with certain software vendors before where the technician on the line has told me to do certain things and that it shouldn’t affect anything. Then I make the recommended change and it instead blew up everything! If it wasn’t for the image I took beforehand I would have been faced with a long recovery time.

My personal favourite imaging software is Acronis True Image Echo Server for Windows. I’ve used it many times for imaging servers.

-RP

Any doesn’t always mean Any…

Hi folks, here’s another little tidbit from the wonderful world of firewalls. In the consulting world I have had to work with my fair share of firewall products. From SMB based devices all the way to the larger Enterprise products. There is one thing that I have run into time and time again and that is the dreaded “Any” rule/object. The reason I say dreaded, is because sometimes what is assumed by Any can end up causing you a ton of headaches.

A lot of firewalls have the ability to create a rule where you can specify to allow Any traffic from Any to Any. Unfortunately as people have found, Any doesn’t always mean Any. What I mean by this is that despite what Any implies, what in actuality happens is that the firewall still ends up blocking some things. When this happens, a network administrator might end up troubleshooting everything and still come up short trying to figure out why things aren’t working properly in the network. I have heard lots of network admins tell me “But I have the firewall configured with an all-open any to any rule for testing! It should work!” and of course it doesn’t. Now not all firewalls are this way but there are some where you will run into this.

So what’s the solution? Turn on detailed logging, and watch the logs for denied traffic. Also using a packet sniffer like Wireshark or Microsoft’s own Network Monitor (found on your server CD by using add/remove components) can help you to determine how the traffic is flowing and what is happening to it. At that point you will be able to determine if a firewall is blocking the traffic or not and be able to fix your problem by creating a rule to allow that type of specific traffic through.

-RP

Terminal Services and Citrix printing issues

One of the most common issues in a Terminal Services or Citrix environment tend to be printing. If I were to survey people that use either of these technologies I can almost guarantee you that’s what they’d say. The reason that printing has been such a problem is because not all printers were made to work over Terminal Services/Citrix.

IMO Citrix does a much better job with printing than just using Terminal Services, however you still won’t be error free if you aren’t careful with what you buy. Luckily their is a regularly published list of HP printers that are supported with Citrix. If you stick to the supported printers list you will be happy to see your printer woes go away. When deploying Terminal Services/Citrix in an environment one of the policies you should have is an approved list of printers that people are allowed to buy so you aren’t stuck supporting a printer that isn’t up to the task.

You can find the supported list of printers here: http://support.citrix.com/article/ctx110571

FSMO Roles in Active Directory

It is important to note that when removing an old domain controller from the environment that holds the FSMO roles and bringing in a new DC, that you transfer the FSMO roles. Unfortunately I have run into many a person who haven’t even heard of them before. The FSMO roles are the 5 major roles in Active Directory that need to be hosted by an Active Directory domain controller. It is very important that you transfer these roles during this process otherwise Active Directory functionality will cease to function.

I have seen many a network administrator think they have somehow botched their Active Directory installation of a new DC and then started fresh because they didn’t know they had to transfer the FSMO roles.

If a domain controller dies on you (for example the hardware fails), and you don’t have a way to transfer the roles, than you can “seize” the roles using the same utility. This utility is called “NTDSUTIL” and is used to either transfer or seize roles in Active Directory. It is a command line utility you can use on a domain controller.

The five roles in question are:

1. Domain naming master
2. Infrastructure master
3. Relative ID (RID) Master
4. PDC Emulator
5. Schema Master

You can read more about these roles here: http://support.microsoft.com/kb/197132

You can transfer them using the instructions here: http://support.microsoft.com/kb/255504

 Finally, understanding FSMO roles and how they affect Active Directory can help you to solve many an Active Directory related problem.

-RP

Tuning VMWare

One of the most common mistakes I see when out in the field with VMWare, is incorrectly configured VMWare ESX servers. It is very common to see people configure virtual machines as if they are physical machines. If you are going to implement VMWare in your environment I highly suggest going through the VCP training. The knowledge a VMWare instructor can share with you during your course can be invaluable. They can tell you about all those little things you just can’t find in a book.

In the mean time you can follow this simple guide from VMWare on performance tuning. It is quite helpful in guiding you along the path on how to get the most out of it. Check out this link:http://www.vmware.com/pdf/vi_performance_tuning.pdf

 -RP

Citrix Published Apps woes

So the other day we ran into an interesting problem for a client. One of the published apps in Citrix Presentation Server 4 wasn’t launching properly. Everytime we clicked on it the users were getting an “Invalid Working Directory” error.

I checked the settings on the published application and the working directory was set correctly. Even if I deleted it out of the field and then retyped it. We eventually figured out that by deleting the published application completely and then recreating it in Citrix we were able to solve the problem.

 It’s possible that their might have been some sort of bug or corruption where the settings for the published application is stored. If I ever find out more about this error I will post it here on my blog.

 -RP

RSS Reader for BlackBerries

I’ve had a few clients asking me about how to get RSS feeds on their BlackBerries. I have tried out a few and I seem to really like the Viigo reader. It’s completely free and easy to use. The best part about it? I can add all of the blogs here at IT Knowledge Exchange to the reader so I can read them on the go.

You can get a copy of Viigo for your BlackBerry device by opening up your BlackBerry web browser and going to the link: http://getviigo.com

Save time setting up printers

During new network implementations, one of the most tedious tasks that comes up is setting up printers on my client’s workstations. With Windows 2003 R2, Microsoft has made it extremely easy to do this.

 Using the new print management capabilities of R2, you can deploy printers via group policy to Vista client computers. You can also do this with XP client computers if you use an executable file called pushprinterconnections.exe which you can find on the server you installed the print management component on.

 Once you’ve used this component you’ll never go back. It’s quite easy to setup and deploy. You can find more information regarding the print management component at the following links.

http://technet.microsoft.com/en-us/magazine/cc160946(TechNet.10).aspx

http://www.microsoft.com/downloads/details.aspx?FamilyID=83066ddc-bc96-4418-a629-48c8abd2c7a0&displaylang=en

-RP

What’s the time?

Hi folks, a lot of the time when I’m out on consulting engagements I get questions regarding how to setup network time in Windows Server 2003. By default the servers are setup to sync without using NTP. You can change the servers you need to use NTP easily enough by using the directions at this link: http://support.microsoft.com/kb/816042.

Then you can specify NTP servers from whichever source you desire. If you’re not sure which source to use, you can use the servers at the NTP Pool Project. They have been around for a few years and are the source for time for millions of users. You can find information about them at: http://www.pool.ntp.org

You can specify multiple servers in the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters registry key. Just make sure that you append 0×1 to the end of DNS names if you’re using DNS names instead of IP addresses otherwise it won’t work.

After you’ve followed the instructions, make sure you’ve configured the neccessary rules in your firewall for NTP traffic to flow between your server and the time servers. You will know you are successfull if you see successful events in your event viewer after you’ve stopped and started the w32time service.

-Cheers, RP