Thursday, December 30, 2010

Windows Server 2008 R2 on an HP Proliant DL380 G5

Here is a long story about the problems I encountered trying to build a quick lab environment at the office. For a little background, back in the days of Compaq Proliant servers and the early days following the HP merger, I knew this hardware pretty well. But anything after the G2 era, my focus was not on the server hardware, but on the applications and storage.

I pulled two HP Proliant DL380 G5 servers out of the storage room, installed eight gigs of memory and filled the drive bays with a mix of 72 and 146 gigabyte drives. Except for the minimal ram, they seemed like they would make fine lab servers.

I popped in a trusty Windows Server 2008 R2 DVD and let the install begin, and walked away. I returned to what seemed like a minor glitch, an error message that read "The computer restarted unexpectedly or encountered an unexpected error. Windows instlation cannot proceed. To install Windows, click "OK" to restart the computer, and then restart the installation"



What seemed minor was not so, a simple reboot didn't fix it, and I got the same error when trying to install on the other server, but this time I didn't walk away during the instillation, I watched, and realized that I had a bigger problem, the dreaded blue screen of death.



BUGCODE_USB_DRIVER

Stop: 0x000000FE (0x0000000000000008, 0x0000000000000006, 0x0000000000000006, 0xFFFFFA8006ffa000)

A bigger problem, yes, but it seemed simple enough, as these issues are normally just a driver problem and I figured that installing with the HP Proliant SmartStart CD would do the trick. I didn't have one handy, so I downloaded the latest version, 8.6, from HP's web site. Unfortunately, a whole new problem emerged as the SmartStart installer could not detect the HP SmartArray P400 controller and no drives were available for installation. Easy, I thought, I'll just try the previous version of SmartStart, 8.5, but that didn't work either. I decided to try one more version of SmartStart, the earliest version that supported Windows Server 2008 R2, which was 8.3, which successfully recognized the controller and let me continue with the installation. Unfortunately, the outcome was the same as my previous attempts with just the Windows DVD, a blue screen failure during setup.

Thinking back to the day when I worked with server hardware more regularly, I figured I should update the BIOS, Firmware, etc. as I knew they were quite out of date. The DL380 G5 was at BIOS Version P56 with a date of 11/8/2006 and the SmartArray controller was at version 1.18.

I thought that HP had released bootable CDs that you could use to update your firmware components, but I wasn't able to find it in my time frame, so I did the next best thing, downloaded the 32 bit edition of the SmartStart CD, keeping with the 8.3 version that recognized the array controller before. I installed Windows Server 2003. Windows Server 2003 installed just fine and I was able to use that as the base operating system for installing all the firmware updates the server needed.

Once the hardware had been updated, I returned to the 64 bit HP SmartStart 8.6 CD to install Windows Server 2008 R2. As I expected, the 8.6 CD recognized the array controller, and I was able to install Windows Server 2008 R2 without a hitch. Finally, I can do what I had planned to do during this slow week between Christmas and the new year.

I don't miss this, but I'm glad I had the past experience to call upon.

Old Firmware:
BIOS Version P56 11/8/2006
HP Smart Array P400 v 1.18
HP NC-Series Broadcom NIC v1.9.6
Disk Drives HPD9
Disk Drives HPD5

New Firmware:
BIOS Version P56 04/26/2010
HP Smart Array P400 v 7.22
HP NC-Series Broadcom NIC v2.1.5.9
Disk Drives HPDA
Disk Drives HPDD(C)

Saturday, September 04, 2010

Scout Popcorn 2010

Last year Alex sold about $2800 in popcorn, and wow, it sure was a lot of work. We still have popcorn from last year that we can't deliver, people moved, incorrect address recorded for the sale, etc. Since it was our first year selling any sort of fund raiser, I learned a lot of lessons, of which one is to be sure that you get all the information on the order form and double check it :).

The $2500 goal we set last year was specifically to earn the scholarship and to get a free week (well, for Alex, weekend) at camp. A free week at camp would be a big plus this summer, especially since he will be old enough for a week long resident camp, which will be more expensive than last year.

Alex's online orders can be placed here:
http://www.trails-end.com/estore/scouts/email_referral.jsp?id=3228729
Be sure it says supporting Scout Alexander D. in the green box near the upper right. If it doesn't, click change and enter the Scout ID 3228729

Now, to find time to work on some video sales messages :)

Sunday, June 20, 2010

Freecycling my car!

Its an old car that served me well, but the repairs are too much for me to do myself and too expensive for me to pay someone to do it. I would take it on the occasional local trip before I took the tags off of it, but it only has 2nd gear forward, so I couldn't take it very far, plan to have it towed to wherever you want it. It is an old car, but the right person could probably get it fixed up or make some good money on the parts that still work.

I'm the original owner, and I have the original title and loan release.

Here are some pictures for your reference




I'd like it gone by the end of the month! If you are interested, please e-mail me.

Monday, May 10, 2010

Microsoft’s many uses of the word “Virtual”

From Mike Crowley's Blog: I often refer to this when explaining to others the differences between Microsoft virtualization products.

It’s really amazing how many smart people are misusing the various product names of Microsoft’s virtualization technologies. I blame this partly on Microsoft’s lack of effort to clarify, but also the topics are just confusing. Here I just wanted to provide a short list of Microsoft’s “virtualization” technologies and a description in easy to understand language.

Presentation Virtualization
This is a fancy name for Terminal Services, which is now called Remote Desktop Services in Server 2008 R2.

Official site: microsoft.com/rds

Hardware Virtualization
Products include, Virtual PC, Virtual Server and Hyper-V. These technologies allow a complete computer operating system to run within another operating system.

Official site: microsoft.com/hyperv

Now the confusing ones:
Virtual Desktop Infrastructure (VDI)
Use of abovementioned RDS combined with abovementioned Hyper-V. In Server 2008 and earlier Microsoft VDI wasn’t an actual product. It was a licensing scheme that allows use of these technologies:

· Hyper-V for hosting your desktops
· System Center Virtual Machine Manager for managing your VMs
· System Center Operations Manager for monitoring everything
· System Center Configuration Manager for building and managing your desktop images
· The Microsoft Desktop Optimization Pack so you can use App-V to virtualize your applications
· All the Remote Desktop infrastructure components, like RS Web Access, RD Session Broker, RD Gateway, etc.

In Server 2008 R2, the licensing still applies, but there is now a “Server Role: Role Service” called “Remote Desktop Virtualization Host”. This role also adds the Hyper-V role and should not be virtualized, as it is to be considered a virtualization host itself.

Using the RD Virtualization Host role, you can create pools of virtual windows desktops (such as Windows 7) for users to access over Remote Desktop Services. The use of Hyper-V allows for many computers to reside within a single server, but it also can employ snapshots to automatically revert a PC back to its administrator-defined state when a user logs off.

To connect to this magical environment, you can use another computer with the Remote Desktop Client (yes even MAC), or you can use a thin terminal sych as a Wyse WinTerm.

IMO: This is what most people mean when they say “we want to virtualize our desktops”

There are 3 videos that cover this in just the right amount of detail here:

1. http://edge.technet.com/Media/Microsoft-VDI-Part-I-Server-Side-Configuration
2. http://edge.technet.com/Media/Microsoft-VDI-Part-II-Virtual-Desktop-Configuration
3. http://edge.technet.com/Media/Microsoft-VDI-Part-III-Client-Side-Experiences

Official site: microsoft.com/vdi

Microsoft Enterprise Desktop Virtualization (MED-V)
MED-V is the most confused in this list. While it sounds like this is a product that allows you to do what I just described in the above VDI section; this is actually far from the truth.

MED-V addresses the issue of application to operating system incompatibility. However before you walk down the MED-V road, you should realize that applications that don’t seem to be compatible with the operating system may actually be “fixed” with ACF. I’m not going to get into ACF here, but you can read about it here: Application Compatibility Factory (ACF) Program

MED-V used to be called “Virtualization Player” before Microsoft bought Kidaro, the parent company. MED-V allows a given workstation to run a modern operating system such as Windows Vista or Windows 7 while also running otherwise incompatible applications on Windows XP which is hidden in the background.

This is accomplished by first installing Virtual PC on the workstation, and then the MED-V client. When a user access an application that the administrator configures to run from the XP environment, it is seamlessly merged into their Windows Vista/7 experience without knowledge of a full XP installation running in the background.

If you are familiar with Windows 7’s “XP Mode” you have a head start into this concept. XP Mode is a derivative of MED-V. The “E” in MED-V stands for enterprise, so of course this means the environment can be controlled in a way that is suitable for large environments. This is done by centralizing the images used for the background environments, and controlling their level of interaction with client computers who run the client.

In addition to incompatible applications there could also be incompatible websites. An example here would be when a user types http://oldsite IE6 is called to access the URL when all other applications would run from IE7 or 8. Applications and URLs that are defined as incompatible are configured within the MED-V management application.

MED-V requires better hardware for workstations that run it; however it does not require virtualization support from the CPU architecture like Hyper-V does.

This software is only available through the MDOP (Microsoft Desktop Optimization Pack) offering via Software Assurance.

Official site: microsoft.com/medv

Microsoft Application Virtualization (App-V)
This product was purchased from Softricity who named it SoftGrid. It has since been renamed to App-V 4.6

App-V, like MED-v is an MDOP offering that deals with application incompatibility. The difference is that MED-V addresses application to operating system incompatibilities, whereas App-V solves application to other application incompatibility issues.

Java for example can only exist once on a computer. If a user requires an older AND a current version of Java, they cannot run them both from the same computer. App-V changes this rule.

App-V creates a sort of “bubble” for an application to reside within. The bubble itself interacts with the operating system but not with other bubbles. This allows us to put Java v.old and Java v.new into separate “bubbles” and then run them both on the same computer. At the same time if desired.

This bubble means the application is never “installed” onto the computer.

Another cool thing about App-V is its ability to stream these bubbles to the client. App-V uses RTSP to send the application to the client. App-V is Microsoft’s “application streaming” technology. The advantage of streaming an app is that the computer is able to run the app while all the program bits are being sent over the wire as necessary.

With App-V all application processing and workload is done on the client. I mention this because many people believe the “stream” or the streaming server somehow assists the workstation. This is not true. If you run an application within App-V you need the same hardware you would need without App-V. This also means an app that is incompatible on Windows 7 will remain incompatible with Windows 7 even if packaged via App-V. Remember, this is MED-V’s job.

Official site: microsoft.com/appv

I hope this helps you in your future discussions with customers or at least your own personal understanding of Microsoft’s Virtualization offering!

Sunday, April 18, 2010

Constitutional Surprise

Robin posted on facebook that she had an assignment in her American government class to write a 750 word essay explaining what you find to be the most surprising aspect of the United States Constitution. Since this is one of my most favorite subjects, I figured I'd do one for myself. Starting with deciding that I'd have a hard time choosing which aspect of the constitution is the most surprising, but that I'd use a topic that I'd recently studied.

I think a very surprising aspect of the Constitution of the United States of America is that it doesn't deal with the aspect of secession. While today, this doesn't mean much to your average Joe, in the mid to late eighteen hundreds, this was a big deal. Was this subject left unwritten for a reason, do the flies on the wall of the Philadelphia Constitutional Convention in 1787 know if there was debate on this very subject? With my limited resources, I wasn't able to find record of such debate in the time leading up to that convention.

Supreme Court decisions in the late eighteen hundreds, examples: United States v. Cathcart, 25 F. Cas. 344, 348 (C.C.S.D. Ohio 1864) (No. 14,756) & White v. Hart, 80 U.S. 13 Wall. 646 646 (1871), conclude that states may not secede. Citing the preamble, and specifically the phrase "… in order to form a more perfect union …". Since the United States of America as we know it existed under the Articles of Confederation before the constitution we live by today was ratified, was this the union that they wanted to make “more perfect”? Reaching back to Article XIII from the Articles of Confederation, specifically the phrase “... and the Union shall be perpetual ...” we find a very powerful statement. Why wasn't this language included in today's Constitution? Did the founding fathers intend for states to be able to secede or was it assumed that the more perfect union would also be perpetual?

We know today that the consequence of this ambiguity was the Civil War. I happen to think that the perpetual union is what was intended by the founding fathers, and that a little clarity on this issue would have prevented the Civil War. But what if I'm wrong (which I'm not, but hypothetically), and that the perpetual union was never intended, where would we be today?

I know it isn't 750 words, but hey, I'm not being graded and I'm short on time!

Friday, March 26, 2010

Microsoft Product Names

  • Windows

  • Office

  • System Center

  • Forefront
Many in the IT community are confused by the way Microsoft names their products, especially some of the latest releases coming out of Redmond. Most of us know that there are different flavors of Windows in server and desktop products, but that is where the general understanding stops. This won’t be your complete guide to every product name, but just a note to show how the average IT person can be confused.

Microsoft Office

  • Microsoft Office, you know, Word, Excel, PowerPoint, etc.

  • Microsoft Office Communications Server

  • Microsoft Office SharePoint Server
Everyone knows what Microsoft Office is, right? What many people don’t realize is that the Microsoft Office brand is applied to SharePoint server as well. While I personally understand this branding since Microsoft wants to make SharePoint an integrated part of Microsoft Office day to day activities. I don’t really understand why the Office name is applied to Office Communications Server. Still, the Microsoft Office branding isn’t all that confusing.

Microsoft Forefront

  • Forefront Identity Lifecycle Manager

  • Forefront Security for Exchange

  • Forefront Client Security

  • Forefront Threat Management Gateway
Under the forefront name are several wildly different products, while they are all loosely related to some sort of information security function, the products are used for different things entirely. Identify Lifecycle Manager (ILM), formerly known as Microsoft Identity Integration Server (MIIS) (formerly Microsoft Metadirectory Services, MMS, but most people don’t remember that) is basically a directory management and synchronization system, while Forefront Client Security is the antivirus software you’d install on the desktop. An area of confusion for my customers of late has been between Forefront Security for Exchange and Forefront Threat Management Gateway (TMG, formerly Microsoft Internet Security and Acceleration Server, ISA), since any good Exchange system should have both. Security for Exchange is your e-mail antivirus/antimalware/antispam solution, TMG is what allows for secure access to the internal messaging system from the internet.

System Center

  • System Center Configuration Manager

  • System Center Operations Manager

  • System Center Data Protection Manager

  • System Center Virtual Machine Manager
System Center is a little more closely tied together than Forefront, but it is not without its confusion, especially between Configuration Manager (SCCM) and Operations Manager (SCOM), while Data Protection Manger (DPM), Microsoft backup software solution, and Virtual Machine Manager (SCVMM) are not as often confused since they are new product spaces for Microsoft. SCCM is what replaces the old Microsoft Systems Management Server, SMS while SCOM, replaces Microsoft Operations Manager, MOM. The wording of these product names and their previous names are where most of the confusion is caused. If you think about it, maintaining system configuration is an operations responsibility in most IT shops, and managing systems also means monitoring their performance and health. More than one of my customers has assumed that since they bought “System Center” licenses, they have software that gives them the functionality of both SCCM & SCOM, and I have to explain why they don’t.

Wednesday, March 24, 2010

Microsoft Technet Forums Recognition System

I just figured out what the little medals next to your avatar on Microsoft’s Technet forums, it is a recognition system to let others know how helpful you are on the forum. Well apparently, I’m not very helpful. As forums go, I probably post most messages on www.qrz.com, an amateur radio forum, but coming in a close second would be the Technet forums, but I only have one medal, and all you have to do to get that is to reply to one question. To get to two medals, I need 750 points, and so far I’m only up to 213. For five medals, you need 15,001 points or more, wow. A reply to a question is worth two points, having your reply marked as an answer is worth 10, and having your post marked as helpful counts as 5 points. My guess is that you’d have to have the answer to a good 750 to 1000 questions to end up with 5 medals. I’ll just keep doing what I’m doing and one of these days, I might get up to two, but I’m not very worried about it. The main point of this blog post was just to post something because I hadn’t posted something in a while and my blog was brought up in an interview today.

Thursday, January 28, 2010

Configuring your ISA for RSA SecureID authentication to web applications

The first time I did this, I found a great blog post to help me:
Strengthening OWA Authentication with ISA 2006 and RSA SecurID by Aaron Parker

Here is the short version for the basic setup
On the RSA Server
-Create new 'Net OS Agent' type Agent Host entry
-Check Open to All Locally Known Users
-Node Secret Created should not be checked
-Obtain sdconf.rec file

On ISA Server
-Put sdconf.rec file in C:\windows\system32
-Use the sdtest.exe utility to test authentication, if this doesn't work, keep reading

On the properties of your listener
-Choose the Authentication tab and ensure that ‘HTML Form Authentication’ is selected as the authentication method
-Enable the tick-box labelled ‘Collect additional delegation credentials in the form’
-Then select the radio button labelled ‘RSA SecurID’
-Click OK and apply your configuration changes.

I've had it work just fine following these directions, and I've had it not work so well, here are some of the fixes I've used

Web form authentication doesn't work, but sdtest.exe utility does
On the ISA server
-Delete all the files in c:\program files\microsoft ISA server\sdconfig
-Copy the following files from c:\windows\system32 to c:\program files\microsoft ISA server\sdconfig
-sdconf.rec
-securid
-sdstatus.12 (not sure you need this one, but while I'm copying, I grab it anyway)
-Restart the firewall service
-It should work

If neither the sdtest.exe utility or the web authentication form work
On the RSA Server
-Uncheck the Node Secret Created box on the Agent Host

On ISA Server
-Delete from c:\windows\system32
-sdconf.rec
-sdstatus.12
-securid
-Delete from c:\program files\microsoft ISA server\sdconfig
-sdconf.rec
-sdstatus.12
-securid
-Reboot ISA Server
-Copy new sdconf.rec file to c:\windows\system32
-Run the sdtest.exe utility and authenticate
-Copy the sdconf.rec file & securid file from c:\windows\system32 to c:\program files\microsoft ISA server\sdconfig
-Authenticate via web listener

Blogging?

I haven't blogged in a while, not on here, or my internal work site. I wrote something up for work tonight, I'll need to change a few things to protect the innocent and I'll post it here too.