The first thing I noticed was the fact that you can setup different groups (to be used as a lab manager) or you can add an entire server list as I did. A great feature of this tool is that credentials can be inherited directly from the top of the server list (global), as well as local resource settings, gateway, file, connection, security, and display settings.
 
This tool really rocks, and I probably won’t ever go back to using the standard “remote desktops” tool. I love the thumbnail view and at a moments glance can view all servers that are either in a connected or disconnected state, as you can see from this screenshot:

One quirk I noticed though is that in thumbnail view you can actually click inside an open server, which is live in thumbnail view. The problem I see with this is that one could easily open, close, or delete items without being fully aware of their actions. I quickly learned this as my first inclination was to double-click to expand the thumbnail window and noticed I was about to remove a database! The resolution is simply to click on the live server in the left pane.

Check out some more details here: http://msexchangeteam.com/archive/2010/06/11/455115.aspx 

and you can download the too here:  http://www.microsoft.com/downloads/details.aspx?FamilyID=4603c621-6de7-4ccb-9f51-d53dc7e48047&displaylang=en

Enjoy!

The VMWare cluster implementation is complete and I will add some posts about that. As I move towards a full IMAP to Exchange 2010 implementation, I will add posts regarding those processes as well.  I moved from my iPhone to Droid recently and quite honestly, will probably never go back . I will post my findings on that as well.

Stay tuned…

Assuming you’ve logged into your esx server you will need to copy the windows.iso file to the datastore of which you installed the server core installation. In our case, we run four clustered esx servers and the datastore is named esx4.local. 

A simple cp /vmimages/tools-isoimages/windows.iso /vmfs/volumes/esx4:local/ did the trick. Once this is completed, mount the iso file in Virtual Center, selecting the windows.iso file from the local esx datastore.

Next, path to the following directory: D:\program files\VMware\VMware Tools\Drivers\vmxnet\win2008\64bit  (where D: is the CD drive).

To install the drivers you need to run the following: pnputil -i -a vmxnet.inf 

You should see the following output: 
 

If all went well you can run a simple ipconfig /all to view your ip configuration if you have DHCP configured on your network, otherwise run: netsh interface show interface to see that you have a “Local Area Connection” listed.

Set the ip address to static: netsh interface ip set address “Local Area Connection” static 192.168.1.101 255.255.255.0 192.168.1.1

Set dns: netsh interface ip set dns “Local Area Connection” static [ipaddress of your dns server]

That’s it. Next I will post my adventures in promoting this server to the first domain controller in a forest…stay tuned.

1. Shutdown ADMangerPlus if it is currently running
2. Open a command prompt and navigate to C:\AdventNet\ADManagerPlus\jre\bin
3. Execute the following command:keytool -genkey -alias tomcat -keyalg RSA -keystore admp.keystore   

4. Enter a keystore password. Instead of “your name”, use the FQDN of the server that ADManagerPlus runs on. If a typo is entered just hit CTRL+C to kill the process and the keystore will not be created (until the very end). If at the end and the keystore is fubar’d just delete and start over.
5. Execute the following command:
   keytool -certreq -keyalg RSA -alias tomcat -file certkey.txt -keystore admp.keystore
6. Enter the keystore password from step 4.
7. In steps 8-13, access the private CA with domain admin credentials or higher in order to view server-based certificates, otherwise only user based certificates will be available (user, basic EFS).
8. Open Internet Explorer (using domain admin privileges) and select the private CA address (http://mycertserver/certsrv where mycertserver is the Windows server hosting Certificate Services).
9. Next, get a copy of the Root CA and save it to the same path as seen in the command prompt: Select the link “Download a CA certificate, certificate chain, or CRL” then select “Download CA certificate” and save it (certnew.cer) to C:\AdventNet\ADManagerPlus\jre\bin.
10. Next, request a certificate from the CA. The easiest way to do this is to just hit the “back” button in Internet Explorer. Select “Request a certificate” and then “advanced certificate request”.
11. Now select “ Submit a certificate request by using a base-64-encoded CMC or PKCS #10 file, or submit a renewal request by using a base-64-encoded PKCS #7 file.”
12. Now open the certkey.txt file (from step 5) and copy and paste the contents into the first text box. Next, under ” Certificate Template” select “Web Server” and then click the Submit button at the bottom.
13. The page will now present download links to the certificate. Select the “Download certificate chain” link and save the file (certnew.p7b) to C:\AdventNet\ADManagerPlus\jre\bin.
14. Now go back to the command prompt and execute the following command:keytool -import -alias tomcat -keystore admp.keystore -trustcacerts -file certnew.p7b   

15. It is requisite that the private CA’s root certificate is added to the list of trusted CAs in the Java cacerts file. The Java cacerts file uses the standard changeit password for access. Type the following command (selecting any desired alias name):keytool -import -alias admpcacert -keystore ..\lib\security\cacerts -file certnew.cer   

16. Verify the certificate signing by entering the following command:

keytool -list -v -keystore admp.keystore -storepass password (password from step 4)

Two certificates should be listed, the first being the ADManagerPlus web server certificate and the second being the Root CA certificate. Syntax will be as follows:

Entry type: keyEntry

Certificate chain length: 2

Certificate[1]:

Certificate[2]:

If the certificate chain length is 1, go back through the steps to determine potential errors. Do not proceed with these final four steps or the ADManagerPluse server service will hang (and lock) at startup.

1. Once the certificate signing is verified, open Windows Explorer and rename both the server.xml (to serverxml.old) file and the server.keystore (to serverkeystore.old) file in the C:\AdventNet\ADManagerPlus\conf directory.
2. Now copy the admp.keystore file from C:\AdventNet\ADManagerPlus\jre\bin in to C:\AdventNet\ADManagerPlus\conf directory.
3. Edit the server.xml file from C:\AdventNet\ADManagerPlus\conf using any text editor. Scroll to the bottom of the file and look for the line that begins with  “<Connector acceptCount”.
4. Scroll to the section of the line that says “keystoreFile=”./conf/server.keystore” keystorePass=”adventnet” . Change the server.keystore to admp.keystore and change the password to match the one set in step 4. Save and close the file.

 That completes both the Root CA installation and the certificate keystore installation. Re-start ADManagerPlus service and access the FQDN of the ADManagerPlus server via web browser.

Open the file and type:

 :%s/^M//g

To enter the ^M, press the control key then keys V and M

First, I chose to not install /usr/src (to speed up the install) at initial setup on my test box, I added it later by simply running sysinstall. Then I  loaded the “Configure” option which gives me post-install tasks, then “Distributions”, then “src”. After it loaded all sources, I ran the following commands:

# cd /usr/src/lib/libsmutil

# make cleandir && make obj && make

# cd /usr/src/lib/libsm

# make cleandir && make obj && make

# cd /usr/src/usr.sbin/sendmail

# make cleandir && make obj && make && make install

Now, these commands worked perfectly without STOP errors on the make commands. I ran these exact commands previously on my new production box which led to missing “.a”, “.o”, and “.h” files and also exacerbated the SMTP localhost issue. Since this worked on my test box I decided to have a go of it on my production box.

Since I created a new installation and knew that /usr/src was probably the culprit (and no changes occured to /usr/src outside of the new install), I deleted it by simply running # rm -r /usr/src . I then followed the same procedure as before by loading sysinstall. After it completed I ran the same commands previously stated, and this time the make install from /usr/src/usr.sbin/sendmail worked without any STOP errors.

I restarted sendmail, ran a “netstat -a” and there it was:

tcp4       0      0  *.smtp                 *.*                    LISTEN

Sendmail was working perfectly without having to add the host IP to the mc file, go figure!

The first problem I had was that sendmail could not find the proper lib files so it would fail on build (from ports, with an updated ports tree). Before running a ’make’ in /usr/src/usr.sbin/sendmail/,  I compiled saslauthd (cyrus-sasl2-saslauthd). When running ‘make’ for sendmail it failed with a STOP error stating it could  not find sasl.o .

Okay, I have run across this type of thing before and simply copied the ‘.a’, ‘.o’, or ‘.h’ file from its source directory to the directory which the building app needed. I did copy the sasl.o file and was able to restart the compile with yet another STOP error and missing ‘.’ files. Copying ‘.’ files is fine, but what if the file is nowhere on the system?

Digging a little deeper, I noticed that lib files that should have compiled did not, such as libsmutil.a which was missing. To resolve, I simply ran  ‘make’  in its respective directory (/usr/src/lib/libsmutil/ in this case) and then copied the missing’.’ file the file into the directory which the sendmail build was pointing to. This obviously points to a munged Makefile config but I have found that copying ‘.’ files is sometimes easier than editing the config files.

The second problem was simply that I could not get the smtp port to bind correctly on boot up for sendmail to listen to other than the loopback address.  Log files revealed:

sm-mta[760]: NOQUEUE: SYSERR(root): opendaemonsocket: daemon MTA: cannot bind: Can’t assign requested address

And:

sm-mta[760]: daemon MTA: problem creating SMTP socket

Which would end in:

sm-mta[760]: NOQUEUE: SYSERR(root): opendaemonsocket: daemon MTA: server SMTP socket wedged: exiting

A netstat command showed the following:

tcp4       0      0  localhost.smtp            *.*                    LISTEN

and a sockstat command revealed something similar:

sendmail     sendmail   762   6  tcp4   localhost:25                  *:*

Now, oddly a Google search revealed very little to even point me in a viable direction to resolve the issue. I knew the problem was that sendmail called from rc.conf was attempting to start on port 25 when port 25 was already bound to another instance of sendmail. This baffled me as I’ve never had sendmail configured as a server (MTA) not work to eliminate the local sendmail smtp port binding

Having taken a sendmail training several years back, I broke out my trusty sendmail training material authored and taught by Hal Pomeranz (Deer Run Associates). In it I found a little help that pointed me in a direction to resolve the problem. Editing the myhostname.mc file in /etc/mail/ I found the line that reads:

DAEMON_OPTIONS(`Port=smtp,  Name=MTA’)dnl

and added:

Addr=192.168.1.109 (my particular host’s IP address)

the entire line looks like this:

DAEMON_OPTIONS(`Port=smtp,Addr=192.168.1.109, Name=MTA’)dnl

I ran a “make all install” without restarting sendmail. I rebooted the host so sendmail could be called correctly from rc.conf and the problem was resolved. I am still baffled as to why sendmail needs this parameter now as it did not previously, but will eventually figure it out Hope this helps someone as very little documentation is out there on this issue.

Most hotels boast their Wireless internet access as an added convenience during your stay. Many hotels scrambled in the early part of this decade to deploy wireless to gain advantage over their competition. Unfortunately, they did so without much planning or forethought for scalability. So when my new Vista laptop (HP) ran across the hotel’s legacy devices, nothing but problems ensued. Double-checking the wireless settings to ensure the built-in Atheros wireless card was speaking in both 802.11 “b” and “g”, ultimately the issue could not be resolved.

I usually come prepared when I travel and since wireless networks are so ubiquitous these days, I opted not to grab a network cable before leaving home. It was absolutely laughable to me as I had to request a cable from the front desk and plug into one of the hotel’s RJ45 wall plugs in the lobby just to gain internet access. Even the owner of the hotel said I should go back to XP as he quipped “that’s what I did”. I am committed to using this OS, but at what point will the diminished useability factors outweigh the need to get work done. Again, I see an OS that was pushed to the public when it is not ready for prime time.

Unfortunately, M$ is so used to doing this and we as consumers are so used to taking what they give us that I don’t think the cycle will end. When consumers stop buying M$ products and refuse to be M$ pool of beta testers on products that are obviously not ready for public consumption (and should have stayed in beta testing much longer!), then and only then will M$ feel the pain that we all do.

So this past weekend I decided to fire up my home system on the Vista drive that I configured some time ago. My primary system is a home-built AMD 4800+, 64×2, with 4 GB of RAM on an MSI Neo2 motherboard. I run a PCI-e promise RAID card that allows for my two 500GB SATA data drives to run in a mirror. I also have one 160 GB SATA drive which runs Vista Ultimate and a 250GB ATA drive that runs XP. I do most of my work on the XP drive but really like how UT2004 runs on Vista.

Switching between the two drives is as simple as booting to BIOS and changing the boot drive order, a couple of arrow key hits, an F-10 to save and I am off and running. So, back to this Vista experience…After booting to my Vista drive I am working in PowerPoint 2007, Word 2007 and doing some web surfing on both IE and Firefox. Out of the blue (excuse the pun) comes the BSOD. I reboot and proceed to attempt to debug. Vista is so nice, it tells me of course that it has recovered from a “serious” error (not unlike XP), so I then send to M$ to see if there is a solution. Vwaallaaa, the problem is recognized as one that can be resolved by installing SP1.

So, since I did not have SP1 as an option under windows updates (go figure as to the exact reason, M$ gives you several scenarios to why it might not show up, of which I do not fit into any of them), I find the direct link to SP1 and download it. I then install it, which takes about 40 minutes to complete. After all of this I am back up and running. I fire up PowerPoint 2007, Word 2007 and IE and I am off and running. Within in fifteen minutes I BSOD again. Okay, how am I supposed to get any work done when this OS is obviously unstable?

I again reboot the machine and get the nice little message that Vista has recovered from a serious error. Do you want to check online for a solution? Sure, I click the button and absolutely nothing happens. No indicator of a problem resolved or a problem still existent. Since I must get my work done, I decide I have had enough and reboot into my XP drive…no BSOD’s whatsoever. I work the rest of the weekend on my XP drive and boot back to my Vista drive to play a little UT2004 when all is done, and yet no BSOD’s.

Do I really have time to go run down the reason the system BSOD’s while running native M$ applications? I think not. I can see why Vista is getting all the bad press. Unlike a Mac, it just doesn’t work, no wonder Apple is having a field day with Vista and they continue to make headway into the market share of M$. With problems like this, I say to myself: “If this is a typical experience, no wonder businesses are running away from Vista”. Everywhere I look I read blogs about why folks are backgrading to XP. M$, what the heck happened?

I recently bought an HP laptop that is “built for Vista” and it runs Vista Home Premium. I shall see if I fare any better in the Vista world with a machine that is designed to run Vista. If I experience the same instability with this laptop, XP may stay on my horizon for some time. So much for M$ most secure operating system ever. If you can’t run it, then you don’t get to experience the new security features now can you?

After almost a year of running Vista in a production environment and dealing with what I felt to be major performance pitfalls, I resolved to install Server 08 as my primary desktop. First, let me explain some of the performance issues that I was seeing with Vista. My primary work machine is a Dell Optiplex GX270, 3.2GHZ and 2GB RAM, which ran XP at a blaze. Upon installing Vista, the painful three to five second delay in program launch (and yes this was before adding AV) could be felt almost immediately, but because I really wanted to learn the new OS, I dealt with it. I would often have applications hang, or they would be extremely slow to respond. Such was the deal when working within the GPMC or ADUC. On average, I would need to reboot Vista about once per week just to gain some performance back.

A coworker of mine decided to test out Server 08 on his MacBook and I watched as he launched app after app without any slowness. I decided to wipe Vista and give Server 08 a try since the GUI’s are pretty much identical. In order to clean up some of the Server 08 nuisances, I followed the tips at http://www.win2008workstation.com which really helped. I have been running Server 08 for about a month now and have not had to reboot it since first updating it. I notice no slowdown of apps and application launch is usually under one second, a far cry from Vista. There is a lot of information on the net regarding the use of Server 08 as a workstation and my personal experience just adds to the fodder. So far Server 08 appears to be rock solid, and more time may dissuade my high opinion, but for now I am very content!