A Necessary Investment for any IT Department

After spending a night at work yesterday wondering why my iDrac system was not working on my ESX hosts I found that when ordering them I never upgraded to the iDrac chip. Boy what a huge waste of productivity, time and money not having those chips. What could have been a quick, stay at home and sleep filled night turned into just the opposite.

Why are iDrac/ILO and other Pre-Boot remote tools necessary?

The quick answer is time savings. Last night instead of remotely restarting the server or checking the virtual console for the issue I instead spent time gathering my equipment, driving to work (time and gas), diagnosing the issue on site then finishing my work, and finally driving back home (time and gas). Thankfully my trip is short, but many do not have that luxury. What amounted to last nights "service call" cost half the amount of an iDrac6 Enterprise card. How many more times this year will it happen? Hopefully none before I get my 2 cards ordered. In most cases these chips will pay for themselves in the first 2 years of ownership (based on my past experiences). A worthy investment in my book.

Working in Windows 8 Preview for a Day

On friday I gave Windows 8 Preview a shot after setting up a dual boot environment on my laptop. I attempted to only use W8 and Office 2013 for the day without running back to Windows 7 to do necessary work. Unfortunately it flopped and I ended up making it through only 3/4 of the day. I will go over what made the test fail as well as my impressions of the OS as it is today.

Part 1 "Excuse me while i reboot" -

Trying to work in an SMB environment has its challenges for an OS built for home use, and in short it doesn't work. I am not quite sure what Microsoft has up its sleeve with W8 RP but unlike Office 2013 where SMB and Pro versions were available Windows 8 is a Home Premium install only. It makes it very tough then to test this OS with my programs, domain setup, administration tools and more without having to spend money on an OS that might not work. I struggled throughout the day using remote desktop to our servers to do simple administration tasks that I could have done natively, as well as logging into network shares and other machines using network file sharing. These issues were tough but did not cause me to reboot quite yet. I finally ran into a driver issue (I won't blame the OS for this fault however) and could not complete the task at hand with some software. Rebooting into Windows 7 solved this and I felt no desire to run through what is a lengthy reboot process for Windows 8 dual boot environments. In fact I have not quite sure why the bootup process has changed, yes I still get the choice to setup a 10 second choice screen for the OS I would like, but if I decide on Windows 7 the computer has to shut down, go through POST procedures again and then boot into Windows 7 adding another 20-30 seconds delay. A bit strange I do say.

Part 2 "Excuse me Sir, I seem to be lost" -

Windows 8 can be summed up in one word after Fridays immersing test, "confusing". I became quite frustrated trying to find simple programs or tasks using the Metro start screen, depending on which screen it would show up on. This problem baffled me, using a dual monitor setup I could get the desktop showing on both screens, and a task bar mirrored on each as well. This was great as I could bring up windows without having to run to the other monitor. This was not great as it felt like, depending on the operating systems mood when I would hit the Windows key the Metro Start screen would randomly pop up on one of the monitors. I think I saw the Start screen change positions over 5 times and could not for the life of me figure out why it chose the monitor it did. Then there is the all programs menu and lack of need for the Metro Start screen all together. Trying to find all the programs installed on the machine if the icon was not present in the Metro screen had you treck all the way to the corer of the screen before listing everything side by side instead of traditional list form like in previous Windows versions. I found this change more time consuming especially when Start changed monitors. Windows 7 search through the start menu which I have come to use for everything now needed me to use another function key set (Windows Key + F) to bring it up whereas before I could just hit the Windows Key and start typing, or click on the start menu in the corner. My last bone to pick on this post is the horrible App Switching interface. Trying to find the window you just had open was a flipping nightmare, I would have an App open on the left monitor then want to go back to the desktop I had before. Clicking on the desktop on the right would not bring it up, and trying to find Desktop in the Metro screen was a pain as well. This is where App Switching would be nice and efficient, but it isn't. To bring up the App Switching interface you have to go to the Start "hot" corner, then slide your mouse up the side of the screen...but dont move it out of the window that appears or it will disappear again leaving you to start from scratch. And for some dumb reason Microsoft felt the need to make your current window list start from the top, as far as virtually possible from the Start button. Because why make it close and easy and a second quicker to use?

Office 2013 First Thoughts

I have not used Office 2013 as much as I had hope by midweek, but seeing as I decided to reinstall windows and dual boot I am hoping it will have a better impact on fully immersing myself in Windows 8. In the mean time however I did get the chance to show the new Office to some co-workers and we have a short list of our first takes on the system.

1. Windows 8 integration is not as great as it should be - Live tiles, launching to the desktop, and no notifications on the lock screen just irk me the wrong way. If you can give us that Microsoft then its just Office 2013 running on Windows 7 (which is how I would rather have it)

2. WHITE! - Every office product is wrapped in a blinding white sheet of snow, or ice, or maybe a snow cone with no flavoring. I have not found any way to change the default color scheme rending my eyes blinded after a few minutes of use.

3. Missing shortcut keys - Ok so the touch things are pretty nifty I must admit, but it would be nice to be able to do some document interaction from a keyboard too. Seeing as how most companies do not hand out touch screens I would think it would be a little important to add (especially with most not moving to Windows 8)

Honestly the only big change I have noticed is in Outlook, and the movement of the task/calendar bar on the right to roll-over menus down below. Without that it really just looks like a 2010 facelift more than a complete rehab of Office.

Office 15 - Out in the "Wild"

The Microsoft Office 15 Preview was released to the public today to the collective cringe of System Administrators everywhere. Spouting a new look, tweaks to all interfaces and launching along a social storm with access to yet another completely redesigned SharePoint, this could be one of the most confusing office releases yet (based on my experience today with the preview on Windows 8). I will be testing the software piece by piece over the next week and will give my best neutral review of the software and services.

DNS Scavenging Turned On....Or Is It?

I have had lots of issues with Windows Server DNS configurations, and a good 90% of those issues circle around scavenging.

What is scavenging you ask? It is the process of removing old invalid records from the DNS index so that (especially in DHCP scopes) computer names are correctly reflected in name resolution and more commonly for an end user, the Networked Computers window.

I believe to finally have solved the problem with a final karate chop to the Windows Server 2008 R2 (in this case) GUI. I believe the graphical interface for most Microsoft products is great, but I will add DNS management to the list of not so great products.

As hard as I tried scavenging was not enabled on my server, I had it setup on each zone as well as the host (even though it was not tied to Active Directory and therefor the option shouldn't matter) but yet in the Best Practices results it always stated it was off. I was caught by good surprise when I had seen this hoping that finding a fix should solve my issues once and for all (since I know a certain users laptop does not have 5 network connections so should not be listed under as many IP addresses at once..). I followed some basic command line garble and after inputting it into the console finally had the results I was looking for (though the next week of testing will tell me if it REALLY works now). Follow the commands below on your DNS server to truly enable scavenging.

To check your setup and see if it is enabled type in : dnscmd <DNSSERVERNAME> /Info

If ScavengingInterval is set to something other than 0 it is actually enabled, if set to 0 work through the following commands.

1. Open a Command Prompt session
2. Type in the following : dnscmd <DNSSERVERNAME> /Config /ScavengingInterval 168
3. Hit Enter
4. Verify by typing in: dnscmd <DNSSERVERNAME> /Info

The 168 hour value is a default that should be assigned to scavenging (mine was set to 0 and therefor disabled)

Give Credit Where Credit is Due

Im sitting tonight at a charity boxing match between the Fire Department and Police Department and cant help but want to thank all men in women in uniform. Thank you all for your service!

And GO PD!

XCache 2.0.0 Install on Bluehost Web hosting Service

I help run the technical side of an online community for car enthusiasts and ran through an install of XCache yesterday to help with database access errors. Bluehost has a strict limitation of 15 queries per SQL User account and we were reaching that quite often with some 3rd party plugins installed. XCache helps reduce the user connections by cache queries until they can be run, below is a how to for installing version 2.0.0.

First off I want to make sure credit is given where it is due, I used an older how to from http://rk.md/2009/xcache-bluehost/ to help me through the process for my host but have some modifications for version 2.0.0 as well as the latest PHP 5.2 configuration script.

As we start the walkthrough much of the commands are the same, but replacing the version number.

To connect via SSH (on a Mac OSX Lion platform):

1. Open Terminal
2. Type : ssh AccountHostname -l Username
3. Enter in your password

Now to install XCache 2.0.0

1. cd ~
2. mkdir modules xcache
3. cd xcache
4. wget http://xcache.lighttpd.net/pub/Releases/2.0.0/xcache-2.0.0.tar.gz
5. tar -zxf xcache-2.0.0.tar.gz
6. cd xcache-2.0.0
7. phpize
8. ./configure --enable-xcache
9. make
10. cd modules
11. mv xcache.so /home/BLUEHOST-USERNAME/modules

Now go to your public_html directory and find php.ini, this configuration file needs to be modified to enable/run XCache on the server. Open php.ini in your preferred coding utility (Notepad++ for example) and find "Dynamic Extensions", this is a change from the previous setup of the file as Windows Extensions is no longer a valid heading. Inset the following code after the omitted part of this section.

zend_extension = /home/BLUEHOST_USERNAME/modules/xcache.so

zend_extension_ts = /home/BLUEHOST_USERNAME/modules/xcache.so

xcache.shm_scheme = "mmap"

xcache.size = 32M

xcache.count = 8

xcache.slots = 8K

xcache.ttl = 0

xcache.gc_interval = 0

xcache.var_size = 16M

xcache.var_count = 1

xcache.var_slots = 8K

xcache.var_ttl = 0

xcache.var_maxttl = 0

xcache.var_gc_interval = 300

xcache.test = Off

xcache.readonly_protection = Off

xcache.mmap_path = "/dev/zero"

xcache.coredump_directory = ""

xcache.cacher = On

xcache.stat = On

xcache.optimizer = Off

xcache.coverager = Off

xcache.coveragedump_directory = ""

Thats it! You have installed XCache. To check the status of XCache (if it has been loaded yet or not) setup a phpinfo.ini file and navigate to it. In the webpage search for XCACHE (the modules are in alphabetical order).

Presentations About Your Product

I had the opportunity yesterday to go to a lunch and learn for a new product and service from a fairly large company. Now I have been to one of these before on the same topic and have realized a few key differences in my experiences and hopefully passing them on could help you during your presentations.

Lesson 1: Location

Many times a company will take you out to breakfast, lunch or dinner for the showcase of their product. I have been to some fancy ones with banquet halls, while others are one on one at a local restaurant. Location is very important, and you should always check out the venue before sending our invitations. Blind scheduling of a place you think might be nice, cool, comfortable will often lead you to a situation where you have too little table space, some parts of the ceiling missing and the built in projector shaky, askew, and small. I am not saying you need a 5 star restaurant, but definitely look and ask yourself if the presentation will be added to with the room or taken away.

Lesson 2: BYOT (Bring Your Own Tech)

Yesterdays lunch and learn was definitely one of regret. A few items brought by the presenter (just one in this case) will go a long way to ensuring your presentation goes off without a hitch and just as expected. I would recommend bring your own projector, mobile wifi hot spot, laptop, and last an extra VGA cable. Projectors at the meeting location (if there is one at all) might not be setup well, yesterdays was skewed, rotated slightly, one third the size of the projector screen and was out of focus. The end result? I saw almost none of the product being demoed, and that's a bit important. Wifi at a location can be hit or miss and bringing along a 4G enabled hot spot will ensure you to have a quick connection and fast experience every time (in 4G markets at least). Your own laptop should be brought so you are not relying on a slow Remote Desktop session to show the attendees things, and an extra VGA cable since when carried in bags they tend to break and go off color. There is nothing like a green colored screen while I am trying to eat some fish to really set the mood.

Lesson 3: Hand Out Something

A guest should never be leaving an event with nothing, give out anything to help associate the product with the venue, or the venue with your company. Ideas can be limitless, I have received picture frames, cups, polo shirts, stress balls, and the list goes on. The one that always catches my eye though is a folder with some papers filled with information (on the company, and product) and a contact business card in the flap. I left yesterdays event forgetting the presenters name though he said it at least 3 times, who would I contact now if I wanted to purchase the product? From a salesman point of view I would hope he would want the credit for the catch.

When you think you won't be targeted....

Security...security, security, security...and if I have not said it enough, security!

I had time the other day to check out my company's openings as we scoured the globe to find more talent. Before sending out information into my network I wanted to peek behind the curtain of the positions and look at our skills tests (short little tests to make sure if you are applying for accounting you know what math is, oh and that green thing called money) We utilize Kwiksurveys.com for these tests, as well as end of project surveys to our customers for feedback. Kwiksurveys is just a company providing ways to get feedback and input from customers, employees, companies and more, yet this service has evidently upset someone.

As I opened a link to this neutral company I was greeted with a message, Ill copy a bit here for you to read:

"Important announcement

On the 25th of June, KwikSurveys experienced what we initially believed to be a major server failure and corruption of our data backups, which we initially attributed to hardware issues and worked around the clock to restore on a new and more reliable server. It has since emerged that this loss of data was not hardware related, but was the the work of a group of hackers targeting the company, who returned over the course weekend with the intention of completely destroying the site, our business and your data. We are currently collecting information now to pass on to the relevant authorities for further investigation.

We are working to restore access but do not have an ETA or further information at this time."

I want to bring this up to make sure everyone understands how important security is today, no matter who or what company you are. I would consider my employer to be a service oriented company for our customers, and would never think that another company we do work for would attack us, even a competitor. Then again, I don't perceive these companies to be the real threat, just as I don't believe an angry survey taker took down KwikSurveys. Everything your company does that the public can see is scrutinized, the donations you make, the work you do, the companies you work for. Just one small thing can put a target on your back that is impossible to shake off, and even harder to prepare for if you haven't been taking baby steps on increasing your security.

I would like to think that my company does no wrong, we always treat our customers and community with the up-most respect and that we would never become a target...but thats not true and I know it. I have seen random attacks to our firewall from random IP addresses in foreign countries, I have logs of data showing their attack patterns, prying to get in, to see our secrets, our precious data.

Will KwikSurveys bounce back from this attack? I hope so, but have slim hopes. A company can be killed in a day if someone can get in and find your financials, your back accounts, your passwords, and your sensitive customer data...and worst your secrets to success.

If you havent stressed security enough to your employer, your manager or anyone who will listen you must do so. While users might not like layers of precaution, increased encryption, complex required passwords and worse ones that change it is a necessary measure as you really do not know who is watching. Believe me, someone you don't know is.

Wireless Data Speeds - The Cipher Effect

While working on our WAP (Wireless Access Point) last week I came across some information that a very nice Cisco support technician was able to clarify and I would like to pass this information along to hopefully help someone out.

At the beginning of 2012 I purchased a new WAP from a reseller of Cisco technology. I ended up deciding on a Cisco 1140 Series Wireless AP with Wireless N technology as well as the ability to span the 40Mhz spectrum on the 5Ghz antenna. However months of testing after my initial setup (in which I mirrored our old access point settings) resulted in G like bandwidth (54mbps). I tried many options and read up in many places through the setup manual but could not get it any higher.

After have other issues last week I contacting Cisco support (we have a current support contract through them) and spoke with a technician as he checked over my configuration.

The end result was surprising, not only did he fix my main issue but also fixed the lack of speed as well bringing the data transmission to 72mbps. He explained to me that the chiper used will make a large difference in the amount of data that can be transferred at once, and because TKIP is an older security protocol it was not capable of producing data rates over 54mbps. AES on the other hand was built with Wireless N technology in mind and is not only a stronger chiper but also allows for larger data rates. Now in theory my WAP should be capable of higher than 72mbps data transfer but I have not enabled the 40mhz band on the 5Ghz antenna as of the writing of this blog post. I will be sure to add more once that occurs and let you know of any differences in speed it causes.

Intranet Security Certificates

If you have ever tried to setup a local intranet site you have probably come across a certificate error at least once. Many tools these days take advantage of browser only use allowing you to easily connect to and work with the sites intended software. However, security in these environments is just as essential as sites that are accessible through the public internet.

Tools like PRTG Network Monitor and Spiceworks might be things you want to access securely inside of your LAN.

When this occurs you change to Secure HTTP (or HTTPS). This however can bring about some problems, especially the inability to make a direct shortcut to the website (Pinning the site in Windows 7 for instance). The reason this occurs is for safety, how is the web browser to know that the site or server you are connecting to really belongs to this Intranet? The answer lies in the security certificate and Fully Qualified Domain Name (FQDN).

Sites and servers with a web interface do not, by default, setup the FQDN on your DNS host.

To do this and solve the restrictions prompted by browsers like IE9 but keep security intact follow these instructions.

1. Make sure the site or server has a registered host name
2. Add the host name to your DNS servers Forward Lookup list
3. Re-navigate to the website using the fully qualified domain name instead of an IP address or hostname (ex. Spiceworks.testcompany.com)
4. Re-Pin or Shortcut the HTTPS website

After following these steps you will no longer be prompted to only close the webpage when accessed. FQDN rules also apply when accessing sites and servers from the Internet through firewalls using HTTPS, in most cases you will need to change your A Record on your domain host to point to the correct IP/Port.

Edit (7/6/12): I should also add that in some cases doing the previous will still not allow for pinning of websites, at that point the issue lies in the publisher of the certificate. To resolve this issue you will need to purchase a verified certificate from a company like VeriSign and have it installed on the server. I will continue to look for other work around's and will post them as they are found (and link to them in this article).