So this week was pretty busy. From my last post I was in a server closet rebuilding a network and as I was updating SBS Premium 2003 with service packs I updated my blog.
After I was finished with the updates I continued with the process of adding users and computers, configuring reports and backups as is typical with the SBS To Do List. Well, well, well.... wouldn't ya know it - none of the wizards worked.
This wasn't the only problem with the install I also had issues with Exchange not installing or some of the other Support Tools. So the first thing I did was to reinstall the Server Tools/Console.
To reinstall the Server Tools do this:
Place Disk 1 in CD player and either through autoplay or by drilling down to the setup.exe file choose the Set Up Windows Small Business Server on the SBS Splash Screen.
It will run through it's processes and end up on the Welcome to Microsoft Windows Small Business Server Setup page. Click Next three times until you are at the Setup Requirements page.
Here you will click on the down arrow next to the Server Tools list and choose the Maintenance option. This will open up the secondary options. Next to Administration
click the down arrow and choose Reinstall.
Click Next twice and then Finish. Once it is done it will ask you to restart the computer go ahead and log on as Administrator to finish the install. Try the wizard again.
In my case it didn't work for the wizards. So I went ahead and switched the DEP settings to Turn on DEP for all Windows Programs and Services only. This has happened to me a couple times and it soooooooooo frustrating to have Microsoft break their own equipment with Service Packs and Upgrades, but it is not that uncommon with them.
To turn on DEP as stated above:
Go to My Computer, right click and choose Properties. Click on the Advance tab and click on the Performance Settings button. Choose the Data Execution Prevention tab and choose Turn on DEP for all Windows Programs and Services only.
Restart the Computer. Log on as Administrator and try the wizards again.
Both these steps worked for me with the last one being what allowed for the wizards to function properly again. I was able to finish the install and get the clients back into the network properly with a User Migration from the //servername/connectcomputer set up tool.
DO NOT, DO NOT, DO NOT add users and computers like you do in Windows Server 2003 from the AD. If you do the first thing you will notice is authentication problems, next you will see your Default Domain Policy is not being recognized by the clients, due to no authentication within the directory. With SBS you MUST use the wizards for everything.
J
Wednesday, November 26, 2008
Sunday, November 23, 2008
Windows Install Stuck at 31 Minutes
I am writing this from a server closet on a Sunday night. I know I will not have anytime tomorrow for a blog update so I'll get to it right now.
If you have ever done a Windows installation of any type you know that every once in a while you will get a frozen install. One of these day's Microsoft will realize that it is OK to install a bare application system and add the rest later as most if not all Linux installs do. Anyways.....
If you see on the left side of the screen something like:
Setup will complete in approximately: 31 minutes and you have a green bar at the bottom saying Installing Network Components or something and it hasn't moved in like 4 hours. There are some things you can do as Windows installs.
To get a better look at what is being installed press Shift + F11. This will pop up a installation window with better information as to what is being installed and what is really going on.
Another thing you can do is bring up a command prompt with Shift+F10. Depending on where you are in the installation you will be defaulted to the C:\Windows\System32> prompt. If you are in something like C:\Windows\System32\inetsrv do a folder change with the ( ../ ) command and come back a folder or two if need be.
From the System32 folder you can now open things like Task Manager (taskmgr.exe) and get to a GUI for visible files and folders. From the Task Manager you can also see what is taking so long in the processes tab and maybe stop the process to finish the install. Here you will find the errorlogs and other files that could help you with troubleshooting your installation.
Well back to work for me I have a long night ahead.
J
If you have ever done a Windows installation of any type you know that every once in a while you will get a frozen install. One of these day's Microsoft will realize that it is OK to install a bare application system and add the rest later as most if not all Linux installs do. Anyways.....
If you see on the left side of the screen something like:
Setup will complete in approximately: 31 minutes and you have a green bar at the bottom saying Installing Network Components or something and it hasn't moved in like 4 hours. There are some things you can do as Windows installs.
To get a better look at what is being installed press Shift + F11. This will pop up a installation window with better information as to what is being installed and what is really going on.
Another thing you can do is bring up a command prompt with Shift+F10. Depending on where you are in the installation you will be defaulted to the C:\Windows\System32> prompt. If you are in something like C:\Windows\System32\inetsrv do a folder change with the ( ../ ) command and come back a folder or two if need be.
From the System32 folder you can now open things like Task Manager (taskmgr.exe) and get to a GUI for visible files and folders. From the Task Manager you can also see what is taking so long in the processes tab and maybe stop the process to finish the install. Here you will find the errorlogs and other files that could help you with troubleshooting your installation.
Well back to work for me I have a long night ahead.
J
Friday, November 21, 2008
Gmail, Vista and Remote Tools
The other day I posted about switching your Gmail account to a secured connection. If you have the Gmail notifier program running also, it will not work with HTTPS unless you add a registry key/value.
Here are the steps directly from Google on making both the HTTPS connection and Gmail notifier work properly:
1. Download http://www.google.com/mail/help/downloads/notifier_https.zip
2. Open up the folder.
3. Double-click on the file called notifier_https.reg to install it.
4. Click 'yes' when you're asked to confirm if you want to add the
information to the registry.
5. Restart the Notifier.
There are two files in that download and they come compressed or zipped. You can run it from the zipped folder without unpacking it into another folder. The first file is the one you want to use.
Vista and Remote Log In:
You cannot remotly log into Vista Home Premium and you cannot *Upgrade* to Vista Business from VHP for the log in capabilities. It is considered a downgrade going from VHP to VB. You have to upgrade to Vista Ultimate to have the ability of remoting into the machine. I figured this out the hard way at 4 A.M. 13 hours into a very long day.
There is a hack that someone created pre Vista SP1. It worked great then MS plugged that hole and the second release of the hack didn't work so well. If you want to attempt to use that hack google Vista Home Premium Remote Hack and it will turn up.
If you would still like to remote into your VHP computer without adding hacks or spending the extra $$$$$ for Vista Ultimate try LogMeIn.
It is a free service for one computer account and offers a ton of other options if you would like to buy. It has a slick interface and the ease of use is off the charts.
You will have to go to the site and install the software onto the computer you would like to connect to. LogMeIn will add this computer to the account and then you can connect to your computer from any place that has an internet connection.
For those people out there who are not the most computer savvy LogMeIn offers support files to download if you would like more information on how to use the software.
I've also used LogMeIn's Hamachi a long, long time ago. It worked as a secure VPN tunnel that was needed while I replaced a router and allowed for production to continue while I waited for my new router to come in and get configured for the sites VPN.
J
Here are the steps directly from Google on making both the HTTPS connection and Gmail notifier work properly:
1. Download http://www.google.com/mail/help/downloads/notifier_https.zip
2. Open up the folder.
3. Double-click on the file called notifier_https.reg to install it.
4. Click 'yes' when you're asked to confirm if you want to add the
information to the registry.
5. Restart the Notifier.
There are two files in that download and they come compressed or zipped. You can run it from the zipped folder without unpacking it into another folder. The first file is the one you want to use.
Vista and Remote Log In:
You cannot remotly log into Vista Home Premium and you cannot *Upgrade* to Vista Business from VHP for the log in capabilities. It is considered a downgrade going from VHP to VB. You have to upgrade to Vista Ultimate to have the ability of remoting into the machine. I figured this out the hard way at 4 A.M. 13 hours into a very long day.
There is a hack that someone created pre Vista SP1. It worked great then MS plugged that hole and the second release of the hack didn't work so well. If you want to attempt to use that hack google Vista Home Premium Remote Hack and it will turn up.
If you would still like to remote into your VHP computer without adding hacks or spending the extra $$$$$ for Vista Ultimate try LogMeIn.
It is a free service for one computer account and offers a ton of other options if you would like to buy. It has a slick interface and the ease of use is off the charts.
You will have to go to the site and install the software onto the computer you would like to connect to. LogMeIn will add this computer to the account and then you can connect to your computer from any place that has an internet connection.
For those people out there who are not the most computer savvy LogMeIn offers support files to download if you would like more information on how to use the software.
I've also used LogMeIn's Hamachi a long, long time ago. It worked as a secure VPN tunnel that was needed while I replaced a router and allowed for production to continue while I waited for my new router to come in and get configured for the sites VPN.
J
Thursday, November 20, 2008
Loopback Plug's (T1 and Ethernet)
The other day I was installing a router and switch that needed to be trunked to a preexisting switch and a new firewall.
There were two T1 lines that needed to be routed before the VLAN's could be configured. Well the one T1 was not working and I had to trouble shoot what was going on. In doing so I created loopback plugs on the fly to test the ports for connectivity.
Loopback plugs are not only great for loopback tests, but they can save a little bit of time to see if a port is working without consoling in. That was one part of the trouble shooting was to see if the T1 module on the router was operational. I plugged in the loopback plug and the status was green. With the cable coming from the jack to the router it was red.
In the end it was an ISP issue. They inadvertently crossed the tip and ring set and it was an easy fix.
To make a T1 loopback plug do this:
Cut about 1 foot cord of twisted pair and strip off the casing that holds all the pairs together. Usually it's blue, grey, yellow or green. Untwist on paired color. I like to use the dark colors just so I can see where they are going in the RJ45 end.
Get a RJ45 end. The slots are numbered with the clip facing down towards your feet 1 - 8.
Insert one wire into slot 1 and the other wire into slot 2.
Insert slot 1's other end into slot 4 and slot 2's into slot 5 and terminate or crimp the end.
So the short description is 1 to 4 and 2 to 5 and you will have about 6 inches of wire hanging out. I put masking tape on these wires just for easy handling when removing it from the port. I would label it also for future use.
To make an Ethernet Loopback Plug do this:
Follow the exact same steps above. The only thing that changes is the pin count.
Place a wire end into slot 1 and another into slot 2.
Take slot 1's end and place it into slot 3 and take slot 2's and place it into slot 6.
So the pin count is 1 to 3 and 2 to 6. Crimp, tape and label.
Remember: A T1 loopback plug is for T1 ports it will not work with Ethernet ports and vice versa.
These are very easy to make and will save you a little bit of time and money in the long run.
J
There were two T1 lines that needed to be routed before the VLAN's could be configured. Well the one T1 was not working and I had to trouble shoot what was going on. In doing so I created loopback plugs on the fly to test the ports for connectivity.
Loopback plugs are not only great for loopback tests, but they can save a little bit of time to see if a port is working without consoling in. That was one part of the trouble shooting was to see if the T1 module on the router was operational. I plugged in the loopback plug and the status was green. With the cable coming from the jack to the router it was red.
In the end it was an ISP issue. They inadvertently crossed the tip and ring set and it was an easy fix.
To make a T1 loopback plug do this:
Cut about 1 foot cord of twisted pair and strip off the casing that holds all the pairs together. Usually it's blue, grey, yellow or green. Untwist on paired color. I like to use the dark colors just so I can see where they are going in the RJ45 end.
Get a RJ45 end. The slots are numbered with the clip facing down towards your feet 1 - 8.
Insert one wire into slot 1 and the other wire into slot 2.
Insert slot 1's other end into slot 4 and slot 2's into slot 5 and terminate or crimp the end.
So the short description is 1 to 4 and 2 to 5 and you will have about 6 inches of wire hanging out. I put masking tape on these wires just for easy handling when removing it from the port. I would label it also for future use.
To make an Ethernet Loopback Plug do this:
Follow the exact same steps above. The only thing that changes is the pin count.
Place a wire end into slot 1 and another into slot 2.
Take slot 1's end and place it into slot 3 and take slot 2's and place it into slot 6.
So the pin count is 1 to 3 and 2 to 6. Crimp, tape and label.
Remember: A T1 loopback plug is for T1 ports it will not work with Ethernet ports and vice versa.
These are very easy to make and will save you a little bit of time and money in the long run.
J
Wednesday, November 19, 2008
Exchange, ESEUTIL and the Dirty Shutdown
It is pretty easy to tell when your Exchange server bit the dust. Nobody is getting emails and your ear is ringing from the everyone letting you know this. You get to the Mailbox Store and Public Folder Store and they are unmounted with a big red X covering them. You right click and mount the volume only to be denied.
This is when you have to check for a dirty shutdown and corrupt files in the Exchsrvr folder.
I am forewarning you though. This tip sometimes has the ability to make things worse due to file scrape and deletion. MS support will not like to hear you did this this trick that was created by them. So make sure you have TWO backup copies of the files we are going to work with. So if the first one dumps and you need MS support you can use the second copy and they will be none the wiser.
Here is what to do if you cannot mount your stores:
Find the location of all the important files:
C:\Program Files\Exchsrvr\MDBDATA
Stop all the MSExchange Services on the server then copy the folder MDBDATA to the desktop. Inside this folder is the store files.
From the same location as the MDBDATA folder copy the bin folder and paste it to the local C:\ this will make is much easier to run the eseutil tool from the command prompt.
Now start a command line session and get to the bin folder and use the eseutil tool:
C:\bin\eseutil /p "C:\Program Files\Exchsrvr\MDBDATA\priv1.edb"
C:\bin\eseutil /p "C:\Program Files\Exchsrvr\MDBDATA\pub1.edb"
This will check the database integrity and repair any problems it may find. If you want a real in depth definition of what is going on look on the Microsoft Web Site or google eseutil.
It will give you a running percentage of the check status on the command line screen. You may also get prompted as to whether or not you really want to do this. As long as you have a second copy of your MDBDATA file you will be OK.
Now that the scans are finished delete the .log and .chk files located in the C:\Program Files\Exchsrvr\MDBDATA one by one. Resist the temptation of selecting them all and deleting. You will run into a problem and won't be able to delete them. At least this is my experience.
Now run a defrag on the pub1.edb and priv1.edb files with the commands:
C:\bin\eseutil \d "C:\Program Files\Exchsrvr\MDBDATA\priv1.edb"
C:\bin\eseutil \d "C:\Program Files\Exchsrvr\MDBDATA\pub1.edb"
Once this is complete go back to your Exchange Services and restart them. Then go back to your Mailbox Store and Public Folder Store and remount them. Send out some test emails and pray for the best. If you get to the point where you will need to call MS support you can copy the files from the original MDBDATA folder from the desktop back into the one you were working on at anytime.
I hope this helped somebody out there. It took me about three days to figure this out, but once I knew it I never forgot it and I've used it more than once.
J
This is when you have to check for a dirty shutdown and corrupt files in the Exchsrvr folder.
I am forewarning you though. This tip sometimes has the ability to make things worse due to file scrape and deletion. MS support will not like to hear you did this this trick that was created by them. So make sure you have TWO backup copies of the files we are going to work with. So if the first one dumps and you need MS support you can use the second copy and they will be none the wiser.
Here is what to do if you cannot mount your stores:
Find the location of all the important files:
C:\Program Files\Exchsrvr\MDBDATA
Stop all the MSExchange Services on the server then copy the folder MDBDATA to the desktop. Inside this folder is the store files.
From the same location as the MDBDATA folder copy the bin folder and paste it to the local C:\ this will make is much easier to run the eseutil tool from the command prompt.
Now start a command line session and get to the bin folder and use the eseutil tool:
C:\bin\eseutil /p "C:\Program Files\Exchsrvr\MDBDATA\priv1.edb"
C:\bin\eseutil /p "C:\Program Files\Exchsrvr\MDBDATA\pub1.edb"
This will check the database integrity and repair any problems it may find. If you want a real in depth definition of what is going on look on the Microsoft Web Site or google eseutil.
It will give you a running percentage of the check status on the command line screen. You may also get prompted as to whether or not you really want to do this. As long as you have a second copy of your MDBDATA file you will be OK.
Now that the scans are finished delete the .log and .chk files located in the C:\Program Files\Exchsrvr\MDBDATA one by one. Resist the temptation of selecting them all and deleting. You will run into a problem and won't be able to delete them. At least this is my experience.
Now run a defrag on the pub1.edb and priv1.edb files with the commands:
C:\bin\eseutil \d "C:\Program Files\Exchsrvr\MDBDATA\priv1.edb"
C:\bin\eseutil \d "C:\Program Files\Exchsrvr\MDBDATA\pub1.edb"
Once this is complete go back to your Exchange Services and restart them. Then go back to your Mailbox Store and Public Folder Store and remount them. Send out some test emails and pray for the best. If you get to the point where you will need to call MS support you can copy the files from the original MDBDATA folder from the desktop back into the one you were working on at anytime.
I hope this helped somebody out there. It took me about three days to figure this out, but once I knew it I never forgot it and I've used it more than once.
J
Tuesday, November 18, 2008
Gmail SSL, bad start, and stress induced coma's
Wow..... What a day.
Started off late and it set the tone for the day. Cell phone died right in the middle of a tech support call with a spectacular customer of mine. I was on the road and didn't have my charger with me.
Got on site to another spot and was 5 minutes late. I thank the Lord for understanding people.
While on site I remoted into my other customers server only to find that Active Directory was destroyed due to a power surge and a dirty shutdown. They were dead in the water and I was 100 miles away. In the end I got them up to a working state, but not how I would like to have left it by any means.
It just got better from there.... At one point I swear my brain shut down and I went into a coma or was that auto pilot?
Anyways on to the good stuff:
If you own a Gmail account I highly recommend you turn on the SSL in the settings. Back in August of 2008 Some ingenious technological aficionados showed the world that it was very easy to hack Gmail accounts. Especially if you surf on an unencrypted network like the one at your coffee shop or the airport.
I won't go into great detail about it, but if you are interested here is a link:
http://www.hungry-hackers.com/2008/08/gmail-account-hacking-tool.html
To turn on SSL for your Gmail account do this...
Log into your Gmail account and go to settings (upper right hand corner)
Scroll down until you see Browser Connection
Choose Always Use HTTPS
Click on save button and log back in
I'm bringing this up because I was on an unencrypted network today and was thinking "What if the computer I was using had a key logger? What if my Gmail got cracked.. Well at least I got half of it covered with SSL"
This brief thought came between my stress induced coma and my coffee fueled awakening.
J
Started off late and it set the tone for the day. Cell phone died right in the middle of a tech support call with a spectacular customer of mine. I was on the road and didn't have my charger with me.
Got on site to another spot and was 5 minutes late. I thank the Lord for understanding people.
While on site I remoted into my other customers server only to find that Active Directory was destroyed due to a power surge and a dirty shutdown. They were dead in the water and I was 100 miles away. In the end I got them up to a working state, but not how I would like to have left it by any means.
It just got better from there.... At one point I swear my brain shut down and I went into a coma or was that auto pilot?
Anyways on to the good stuff:
If you own a Gmail account I highly recommend you turn on the SSL in the settings. Back in August of 2008 Some ingenious technological aficionados showed the world that it was very easy to hack Gmail accounts. Especially if you surf on an unencrypted network like the one at your coffee shop or the airport.
I won't go into great detail about it, but if you are interested here is a link:
http://www.hungry-hackers.com/2008/08/gmail-account-hacking-tool.html
To turn on SSL for your Gmail account do this...
Log into your Gmail account and go to settings (upper right hand corner)
Scroll down until you see Browser Connection
Choose Always Use HTTPS
Click on save button and log back in
I'm bringing this up because I was on an unencrypted network today and was thinking "What if the computer I was using had a key logger? What if my Gmail got cracked.. Well at least I got half of it covered with SSL"
This brief thought came between my stress induced coma and my coffee fueled awakening.
J
Monday, November 17, 2008
Cisco Login Banners
One thing you see a lot when working with routers and switches are the banners at the top of the page or window when you telnet or console into them.
Some of the funnier things I've see where:
Warning! You are about to enter the Matrix. There is still time to take the Blue pill and disconnect from this madness.
another one I remember:
Incorrect passwords will result in a virus being uploaded into your computer. Please type carefully...
Password:
and the oh so simple:
I do not like you. Go away.
If you ever wanted to add a banner to your router or switch it is a simple thing to do. You must use delimiter character such as # or $ before and after the message. This character (*) can out line your text for some extra flavor.
After consoling into the device and enabling it type:
(Example)
router#config t
router(config)#banner motd #
**********************************
This is where you put in your message
**********************************#
After some playing around you'll get the layout correct and have yourself a very witty banner for all to see in no time.
J
Some of the funnier things I've see where:
Warning! You are about to enter the Matrix. There is still time to take the Blue pill and disconnect from this madness.
another one I remember:
Incorrect passwords will result in a virus being uploaded into your computer. Please type carefully...
Password:
and the oh so simple:
I do not like you. Go away.
If you ever wanted to add a banner to your router or switch it is a simple thing to do. You must use delimiter character such as # or $ before and after the message. This character (*) can out line your text for some extra flavor.
After consoling into the device and enabling it type:
(Example)
router#config t
router(config)#banner motd #
**********************************
This is where you put in your message
**********************************#
After some playing around you'll get the layout correct and have yourself a very witty banner for all to see in no time.
J
Sunday, November 16, 2008
First Post and Random Thoughts...
Hi,
This will be my first post for this blog. I am setting this up to possibly help others out there with some of the everyday odd things I come upon in my travels and possibly save other some time, stress and money.
My passion is computer networking on a small scale. I am not interested in large corporate networking models and how they interact across the globe. I've worked and learned in those environments and it does not fulfill my curiosity as does the small networking environments do.
I enjoy working with small business owners in creating networks that rival some of the larger industries I've worked with. Securing the network and making a work of art from pure chaos. I find fulfillment in repairing home users computers and being able to explain what happened, how it was fixed and how to avoid it in the future.
In my blog I intend to post information about everything from Cisco Routers and Switches all the way down to thermal paste for your computers processor. The only rhyme or reason to my posting will come from what I had been doing that day. If one day I am configuring a Cisco or Adtran Switch I will probably blog about it and if on the next day I am uninstalling McAfee I might blog about that.
I assume most who start blogging feel the same as I do now. I am not too sure how this is going to work, but I'm not afraid to try....
J
This will be my first post for this blog. I am setting this up to possibly help others out there with some of the everyday odd things I come upon in my travels and possibly save other some time, stress and money.
My passion is computer networking on a small scale. I am not interested in large corporate networking models and how they interact across the globe. I've worked and learned in those environments and it does not fulfill my curiosity as does the small networking environments do.
I enjoy working with small business owners in creating networks that rival some of the larger industries I've worked with. Securing the network and making a work of art from pure chaos. I find fulfillment in repairing home users computers and being able to explain what happened, how it was fixed and how to avoid it in the future.
In my blog I intend to post information about everything from Cisco Routers and Switches all the way down to thermal paste for your computers processor. The only rhyme or reason to my posting will come from what I had been doing that day. If one day I am configuring a Cisco or Adtran Switch I will probably blog about it and if on the next day I am uninstalling McAfee I might blog about that.
I assume most who start blogging feel the same as I do now. I am not too sure how this is going to work, but I'm not afraid to try....
J
Subscribe to:
Posts (Atom)