What I Use

Applications I use everyday:

• Microsoft Windows Vista Ultimate (32-bit) – If you pump enough RAM into Windows Vista it can be very usable. 
• Microsoft Outlook 2007 – I started using Outlook Express because it came with Windows, but when I saw the power and integration of Outook 97 I was sold.  Since then I’ve used every version.  I was even more hooked when I began using Outlook with an Exchange server.  Although I have tried many other PIM’s, still nothing compares to the productivity and utility of Outlook.
• Mozilla Firefox – Hands down FireFox is the best cross-platform browser. 
• Digsby – multi-protocol instant messenger app with social networking
• Winamp – tried and true media player with great keyboard shortcuts
• Google Chrome – the fastest browser for start times and load times, lacks extensibility of FireFox, but the features redefine browsing like Gmail redefined email
• Microsoft Virtual PC running Windows XP Professional – If you run Windows Vista and your a sysadmin, you have to run Windows XP too.  Just keep it clean and give it about 512 MB of RAM and it’s just like having a second computer around.
• andLinux – unique hybrid-virtualization of Ubuntu linux that allows me to run KDE apps natively in Windows (like Konsole for Linux server management)

 

Utilities/Tools

• Putty – for ssh/telnet management of servers, routers, and switches
• Launchy – application launcher to free you from the Start menu
• Switcher – Expose-like application for Vista, requires AERO
• reSizer – window placement and sizing with a mouse can be tedious, using reSizer I can move windows between monitors and resize to fit the screen without leaving the keyboard
• Remote Desktop Connection – remote management of all of those Windows servers out there

 

Server Applications I use regularly:

• Microsoft Windows Small Business Server 2003
• CentOS 4.x and 5.x
• Exchange 2003/2007
• Active Directory
• Sendmail
• Nagios
• Cacti
• SharePoint

FireFox Extensions

• GrandCentral Click to Call
• PDF Download
• Adblock Plus
• CyberSearch
• Delicious Bookmarks – delicious.com/wasserja
• Google Gears
• Tiny Menu

Why Does Windows Azure Matter?

Microsoft hosted their irregularly scheduled Professional Developers Conference (PDC) recently. (PDC events only occur when Microsoft are releasing new platform.) As the event grew closer we knew that Windows 7 would be a topic as well as their Live Services, but the “Cloud” OS was probably causing the most buzz around the tech industry. Thankfully we live in an era where we don’t have to sit through the long, dry Microsoft keynotes to get the lowdown on what Microsoft is up to. Microsoft announced their cloud platform called Windows Azure. Enterprise IT has been administering servers for years attempting to not only keep those end users happy, but also keep their servers in working order. Maintaining software and hardware on servers that are mission critical can be very costly and difficult. The arrival of virtualization for the Enterprise has dramatically increased the ability for IT staff to manage and maintain the server farms while decreasing costs including energy costs. The next step in the evolution of IT is hosted services. Microsoft and third parties have already been offering various hosted services for some time at varying levels of success. With Windows Azure Microsoft hopes to combine virtualization with hosted services by providing a cloud-based platform for developers, businesses, and the enterprise. In the future the everyday sysadmin will no longer responsible for server hardware and OS patches because Microsoft Exchange, SQL, Dynamics, Sharepoint, et. al. will be hosted by Microsoft on their Azure platform which is globally distributed. Of course not all current IT or business decision makers are going to want to start paying monthly fees for software they paid good money for. As the services Microsoft provides through Azure makes business sense they can migrate in a hybrid fashion to say hosting their Exchange "server" to the cloud while keeping their Sharepoint in house. The advantage comes to the small to medium sized businesses who may be thinking about upgrading their own servers and find that it would be more advantageous to pay for the software as a service instead of maintaining their own server(s) in house or paying a consultant.

So how does this affect the everyday sysadmin? How will the role and responsibilities of the IT staff change if we no longer have to maintain server software and hardware? Will we all become Helpdesk staff or will Microsoft take on that as well? I am assuming someone will still need to maintain accounts or maybe there will be a fancy web portal for the designated "technical" employee to add accounts and reset passwords. Downsizing may be in our future, or we will need to change along with everyone else in this fast-paced industry.

Useful Links:

• Microsoft's Azure website
• Paul Thurrot's take on Azure
• Mary Jo Foley's Summary
  

Internet Explorer 6 Comes to Windows Mobile

That headline has to be the most misleading one I’ve ever wrote.  Yes Internet Explorer 6 is coming to Windows Mobile.  It is not the version 6 that we have grown to loathe as system administrators, but it is based on current desktop IE 7 and maybe even 8.  The browser will support rich media such as Silverlight and Flash as well as AJAX.  Page rendering will be more close to the desktop alternative which of course has been around for years with Opera Mini (available for WinMo via Java) and recently with Safari for the iPhone.

And the bit about it coming to Windows Mobile is misleading because they just announced the availability of the updated mobile browser, but it will not be available on current handsets only future handsets.  Future here meaning many months until you see them overseas since carriers are not as strict and controlling about the devices.  Then maybe sometime in 2009 we may see WinMo handsets using the browser.  Alternatively the hardworking folks at ppcgeeks.com have been providing kitchens and ROMs for WinMo phones to help you keep your WinMo device running the latest software.  Flashing your phone with unsanctioned ROMs is not an easy process, but you may find yourself taking the plunge if your mobile drives you crazy like many other users.

The upside is that Windows Mobile is finally going to have a decent browser which may mean more developers coding websites to be friendly to Windows Mobile based devices. 

Here is a video of the browser in action. 

 

Keep in mind that Opera Mini, Opera Mobile, Safari, and Skyfire have already beat Microsoft to the punch so they will not get a lot of positive reviews for their efforts.

Cacti Breaks When RRDTool is Updated

Running updates can cause any sysadmin to break out in a cold sweat, especially when that service you and your users rely stops working.  Today I ran my updates on my CentOS 5.x server and noticed that the rrdtool package had been updated.  Like any good sysadmin I keep a log of the updates I install on each server so that I know what has been installed and so I know services to check later to make sure everything is still working. 

Since I have spent so much time with my Cacti monitoring system I knew that it was dependant upon the rrdtool.  When I logged into my Cacti everything appeared normal until I looked at my graphs.  All of the text on the graphs were missing.  I still had the pretty colors and the graphs, but there were no numbers, labels, headers, etc.  After searching around I found the solution in the Cacti forums.  The problem was related Cacti not being able to pass the default font variable to the specific version of the rrdtool 1.2.28.  So you have to put the path to the rrdtool font file in the Paths section under settings as well as the Font File fields under the Visual field.

The font path on my CentOS system is: /usr/share/rrdtool/fonts/DejaVuSansMono-Roman.ttf

Having a monitoring system like Cacti paired with Nagios can really help you and your IT department implement proactive measures to maintain your network.  If you would like assistance in putting together your own monitoring setup with Cacti and Nagios please contact me.

Nagios 3 Comes to CentOS

I manage quite a few CentOS servers of the 4.x and 5.x versions.  When I ran my yum updates this week I noticed that there was a Nagios update.  When I restarted Nagios I saw that it had been upgraded to version 3.  So far nothing broke because of the new version, but with the new version comes new features.  You can read the changelog here.

 

NOTE: The beauty of Linux is that you don’t have to restart your system when you install updates (except for the kernel).  But if the package manager (yum, apt, etc.) doesn’t restart the service the old binaries will still be running.  So for example when I installed the Nagios update today version 2.x was still running so I had to restart Nagios to actually be running 3.x (command: service nagios restart).

SSL Certificates and Outlook Anywhere with Exchange 2007 on Windows Server 2008

I have been setting up an Exchange 2007 server on Windows Server 2008. The outright drastic change of Exchange from the previous version both in the administrative user interface and underlying infrastructure is enough to make you second guess your Exchange expertise. Running Exchange 2007 on top of Windows Server 2008 more than doubles the learning curve. Two main points gave me quite the headache that I was able to overcome with lots of research and patience: SSL certificates and Outlook Anywhere.

SSL Certificates

Exchange 2007 introduced a lot of new ways for the Outlook client to be setup and connect quickly and seamlessly…for the end user. For the system administrator however one must purchase expensive, specialized certificates called a Unified Communications Certificate that allow for more than one URL in the certificate (Subject Alternative Names). For example if your exchange server is named “ex2007” you may need to have the following alternate names:

• ex2007
• ex2007.domain.local
• autodiscover.domain.local
• mail.domain.com
• autodiscover.domain.com

Microsoft was kind enough to include a certificate that will allow mail processing and other functions to work internally, but not externally. Generating the certificate also requires you to get your hands dirty in the Exchange Management Shell, a superset of the Power Shell. Since the server I was working on used split DNS I considered getting a wildcard certificate instead of a UCC. Unfortunately I read online that the Exchange 2007 POP3 and IMAP does not support wildcard certificates and neither do Windows Mobile devices. So I was about to give in and purchase a UCC when I saw a post saying that you can use a tricky SRV DNS entry in your public DNS zone to allow you to get away with a regular SSL certificate.

• _autodiscover._tcp IN SRV 0 100 443 mail.domain.com.

By placing this record in your public DNS zone the Outlook client will redirect the autodiscover.domain.com lookup to mail.domain.com. This allows the OWA webmail, Outlook Anywhere, POP3S, IMAPS, and SMTPS to all use the same simple SSL certificate of mail.domain.com.

TIP: Here is a tool to generate a EMS command for your certificate request: https://www.digicert.com/easy-csr/exchange2007.htm

Outlook Anywhere

Now that I tackled the overly complicated certificate issue, I ran into an issue in getting Outlook Anywhere to work. Outlook continually prompted me for my credentials and then told me Outlook must be online or connected to complete this action. After reviewing the Exchange configuration settings hundreds of times and making sure it was set according to Microsoft’s specifications I gave up. I assumed the unique setup I was working on just wouldn’t allow Outlook Anywhere to work. Then I noticed a Microsoft KB article highlighted in the msexchange.org newsletter: http://support.microsoft.com/default.aspx?scid=kb;en-us;954389&sd=rss&spid=10926. The article described the exact issue I was having in the exact scenario of my setup. I followed method 2 in the article and the issue immediately cleared up.

UPDATED:

Microsoft just released Exchange 2007 SP1 Rollup 4 which addresses the wildcard certificate problem (KB948896) as well as the Outlook Anywhere problem.

Blackberry Services Fail to Start

I was working with a customer who was having trouble with their Blackberry Enterprise Server not sending and receiving email. Apparently their server had lost power and ever since then the Blackberry Controller service would not start.

The Event log picture is displayed above, but for indexing purposes I will list the event details below:

Event Type: Error

Event Source: Service Control Manager

Event Category: None

Event ID: 7024

Date: 9/3/2008

Time: 3:14:48 PM

User: N/A

Computer: SSIN2K3

Description:

The BlackBerry Controller service terminated with service-specific error 5003 (0x138B).

 

I determined the executable file from the services snap in and decided to run it from the command line.  It gave me the following error:

C:\Program Files\Research In Motion\BlackBerry Enterprise Server>BlackBerryController.exe

Starting ...

Could not connect to Service Control Manager. Using console mode ...

'BlackBerry Controller' - console mode (enter 'x' or 'X' to exit)

Starting Controller

Found Dispatcher for server SSIN2K3 as 'BlackBerry Dispatcher' at '\\127.0.0.1',

PID=9552

Failure, see log for details

Stopping BlackBerry Agent Controller...

BlackBerry Agent Controller Stopped

 

I found the logs located in C:\Program Files\Research In Motion\BlackBerry Enterprise Server\Logs.  Choosing the folder named for today’s date, I looked through the logs and found one of the logs mentioned that it “could not start the syslog receiver subsystem.”  On a whim I remembered an issue I have had recently with SBS servers of the DNS Server service randomly taking high port numbers and locking them out.  So I stopped the DNS Server service, started the Blackberry Controller service and it worked.  Then I started the DNS Server service again, and the Blackberry mail is flowing again. 

 

UPDATED:

Some have asked how to permanently fix this issue because every now and then the DNS service will usurp those “random” UDP ports.  Here is Microsoft’s KB article on the fix. It involved editing the registry and specifying the range of ports the server can use.