Random Disconnected Diatribes of a p&p Documentation Engineer
I guess there are at least two people out there who may be interested in hearing about my latest upgrade experiences. One of them I know is just about to experience hyper-ventilation. Perhaps if I sprinkle it with some useful tips and pointers I can make it at least partly worth reading. And maybe mix in some wry comments and general grumbles about the life and times of a reluctant network-basher (that's a bit like a metal-basher, but with a smaller hammer).
Overture: "Where the Story Starts"
So, the story so far is that my network consists of a mixture of old machines acting as servers (only one of which actually is a "proper" server - the rest is a sad selection of aging desktops) that - together - support an internal and an external domain, ISA and mail servers, DNS, DHCP, file storage, backup, time synchronization, and pretty much everything else. A while ago I upgraded the internal domain from Windows 2000 Server to Windows 2003 Server (mainly because I wanted to use media streaming) - see Say Hello to DELILAH for more excruciating detail about that episode.
But the really important stuff (external domain, ISA, Exchange, etc.) is still on an old Dan Technology desktop running Windows 2000 Server, with an identical box available as a "cold swap" emergency backup. As support for 2000 will no doubt disappear in the near future, and the boxes are looking exceedingly delicate with the never-ending stream of patches and updates, I decided to do a full replacement with virtual server technology on Windows Server 2008.
Yes, I did check the Windows Hardware Compatibility List (HCL) to ensure that the new servers I selected will run Windows Server 2008 and are Hyper-V compatible. And I ordered them with three network cards so I can have separate host, internal, and external connections as Microsoft recommends. Mind you, looking back now, it's a shame I was a bit mean about ordering bigger disks. I have no idea how two 160 GB disks can fill up so quickly, and without any real effort on my behalf...
Scene I: "The First Day"
This started with installing Windows Server 2008 on the two new boxes. I actually did read the instructions about how to install an O/S on the servers, and followed the steps in the Dell OpenManage utility right up the point where it reported that my Windows installation disk was not "valid media". So, instead, just do the obvious and stuff the Windows 2008 DVD into the drive and reboot. Try and stay calm (the first Hyper-Ventilation moment) as the loader furkles about inside the server to see if it can match a SATA driver with the various bits of wire and plastic that make up the hardware, and -"YES!" - it installs without a problem.
Repeat on the other server, and then install the Hyper-V role on each one. Ah - forgot to edit the BIOS settings to enable the processor virtualization technology (it's disabled by default). Then use Hyper-V Manager to allocate the two extra network connections on the extension card (an Intel PRO/1000 PT Dual Adapter) to provide virtual "internal" and "external" connections to my network. The built-in network adapter provides a separate connection to the parent or base Windows 2008 O/S instance that runs the Hyper-V role, as suggested by various Hyper-V experts.
Scene II: "Looking Hopeful"
The next day's main task was to set up one of the Hyper-VMs as the main domain controller for my internal domain. Amazingly, ADPREP ran perfectly on the existing Windows 2003 domain controller so it was time to create my first Virtual Machine (VM). I wanted fixed size disks, as Microsoft recommends for production servers, and so had to use the New | Disk option to create the disk first, then New | Virtual Machine to create the VM with the existing disk. The Hyper-V Manager automatically enables the CD-ROM for it, so you just shove the 2008 setup disk in and start the new VM to get installation under way.
However, when I get to the bit where you join the domain, the new VM can't see the network, or even its host. Look in the "Manage Network Connections" list and there aren't any there to manage. It seems that the Hyper-V stuff was a Beta in the release version of Windows 2008, but got upgraded on the host when I applied all of the service packs and patches. Problem is that the new installation in the VM doesn't have the corresponding patches, and can't see the network to fetch them from WSUS or Windows Update.
What you have to do, it turns out, is go into the Settings for the VM in Hyper-V Manager with the VM turned off and remove the Network Connection and replace it with a "Legacy Network Connection" that simply nails the physical NIC to the side of the VM. You can almost image Hyper-V shoving it's nose up to the O/S in the VM and saying "Now can you see it?" in a threatening kind of tone... At least this gets you a network connection you can use to fetch and install the release version of the Hyper-V integration components. Then replace the Legacy Connection with a Virtual one. At this point, if you are installing something other than Server 2008 in the VM, you'll also need to use the Action menu to install the Integration Components (just like with Virtual PC).
Scene III: "Distant Sirens Calling"
Now I can join the new VM to the domain controlled by the old Server 2003 box. Except I can't because the Active Directory installation complains that it cannot find the domain controller - even though NSLOOKUP finds it and PING works on the IP address. But PING no longer works using the FQDN of the machine (as in "name.domain.com"). Why not? It did before.
Turns out that Windows Server 2008 is showing off already by using the funky new IPv6 protocol over the network; which, to the old DNS server in the Windows 2003 box, just sounds like "nah-nah-nah" noises. After another perusal of the fancy new-look KB pages on Technet, I found this note: "The DNS Server service in Windows Server 2008 and Windows Server 2003 supports the storage, querying, and dynamic registration of IPv6 host resource records. DNS messages can be exchanged over either IPv4 or IPv6. To enable the DNS Server service in Windows Server 2003 to use DNS over IPv6, use the dnscmd /config /EnableIPv6 1 command, and then restart the DNS Server service."
That cured it, but it sure would have been nice to be forewarned. Probably it's in little writing at the bottom of one of pages in the increasing stack of printouts I'm now carrying around. I'll soon need to look out my old briefcase from the days when I was "a sales executive". Probably have a shave and wear a suit and tie as well to see if that helps.
Anyway, after that fix, I quickly joined the new virtual box to the domain and took over the FSO and other roles. I also set up the various folders, batch files, and other links so that the parent O/S would act as a file store to back up working documents en-route to the NAS (unless Buffalo come and take it away in a huff after they read last week's post) and then on to my secure backup facility (which is actually a separate USB drive).
Flushed with success, I even managed to move my Windows Server Update Services (WSUS) facility over to the new box and get that sorted as well, along with retargeting all the clients to it. Only about nine hours to get all this sorted!
More next week...
Microsoft takes security seriously. I take security seriously. I don't have simple one-lever locks on my doors that you can open with a hairgrip, and I wouldn't use the name of my cat as my system administrator password. Well, maybe I would if my cat was called "g&e7532%dH$7", but imagine the fun I'd have calling it in for its supper at night if it was. Besides, I've got two cats, so it would only get confusing. That's why I wanted to call them "Bev" and "Kev" (but I was over-ruled by my wife).
Anyway, this article is not about cats, it's about Buffalo. Or, to be more precise, the Buffalo LinkStation network drive. I've used one of these for some time, and I love it. It is joined to my internal domain as a computer, and it's easy to access from any machine while maintaining security and protecting the content. Though now it's not. Why? Because I switched my domain controllers from Windows 2003 Server to Windows Server 2008 (and why are the names the other way round now?).
After the move, I just couldn't manage to connect with my Buffalo. While it might sound like something that demands counseling, I thought I could fix it by reconnecting to the domain - even though none of my other machines complained about the upgrade to the servers. Aha! It seems that the drive remembers the NetBIOS name of the domain controller (why?). So I set it to "WORKGROUP" mode and then filled in the details to connect to Active Directory. Just enter the DNS domain name, the name of the domain controller machine, and the credentials to connect to AD. Press Submit, and you get the message "ERROR: The Administrator password can contain 256 alphanumeric characters, a hyphen, and an underscore." My secure domain admin password is rejected because the guy who built the Web-based admin interface, while he might have been an expert in Linux operating systems, had no idea how to build Web stuff.
So, I create a new domain account named "TEMP" with the password "temp" and give it every permission I can find. But it still fails. So I try the "Join NT Domain" option, but that fails too. As does delegating to an external SMB server. Even though my domain is still in "2003" mode and not "native 2008" mode. In the end, I'm stuck with having to use the built-in admin account to access the content. Oh, and by the way, you can stop trying to hack my server 'cos I did remember to remove the "TEMP" account again.
Later I did the "visit our support forum" thing on the Buffalo Web site and discovered dozens of posts from people with the same problem. Some are of the opinion that Buffalo are "working on a fix", others report that they were told it wasn't due to be resolved and it was their own fault for upgrading to Server 2008. I suppose as the O/S in the drive is Linux, you're supposed to fix it yourself.
As a temporary solution I just created a local user account on the drive with read/write access to the contents and got each machine to remember the login details. It's not ideal but it works. Except that all of my backup batch files now failed because they run under a domain account that accesses the source on the disks to be backed up. Thankfully, I remembered the NET USE command, which allows you to specify the credentials for accessing a remote machine. My batch files look something like this now:
NET USE "\\LinkStoreName\ShareName" password /USER:usernameXCOPY "C:\MyFiles\Data\*.*" "\\LinkStoreName\ShareName\DataBackup\" /s/y/c/a
You can even get the command to create and use a drive mapping, for example as drive Z:, like this:
NET USE Z: "\\LinkStoreName\ShareName" password /USER:usernameXCOPY "C:\MyFiles\Data\*.*" "Z:\DataBackup\" /s/y/c/a
However, now all I got was "Access denied" messages when XCOPY tried to access existing folders - though the actual error message is "Cannot create folder", which is a little confusing because it did create new folders where there wasn't one already. After fiddling about for a while, it was obvious. The existing folders were created under the domain account I used to use. I renamed the existing folders in Windows Explorer and XCOPY quite happily created the new ones. Where I knew the server still had all of the data in the backup folders, I just deleted the whole folder tree and allowed XCOPY to recreate it using the credentials of the new local Buffalo drive account specified in the NET USE command.
OK, so it's not a great idea having credentials in the batch file, but at least these files are secured on the server away from public view. And it works. At least, it does until Windows Server 2010 comes out. Mind you, I calculated that I am due to retire the same week that support for Windows Server 2008 ends, so maybe I'll never have to upgrade again! I even asked Dell for a 10 year guarantee on the new servers so I was covered all round, but they seemed a bit reticent about that...
So, the only bad news is that over the next few weeks my blog is likely to be full of boring stuff about the issues involved in moving to Windows Server 2008, configuring Hyper-V, getting your head round Virtual Networks and the Windows Time Service, migrating a domain from Windows 2000 Server (that might be two weeks' worth), and other related stuff.
So they had an election ages ago in the US, but I still keep seeing that nice Mr. Bush on TV and in the newspapers. It seems like the even nicer Mr. Obama doesn't actually get the keys to the Oval Office until this year. I suppose that kind of makes sense. I mean, if you were employing a new airline pilot, you probably wouldn't want to give him or her the keys to a 747 until they'd had a few goes at landing one on a simulator, and proved that that they know which door to go in through when it comes time to do it for real. Especially if they haven't actually flown a plane before.
Maybe Mr. Obama has spent the last few months getting up to speed on his new job. He's probably been taking part in reruns of "The West Wing", rushing about being talked at by six people at once. Or perhaps he's been locked away with a headset on working through a "presidency" simulator where he has to balance the economy and try not to start too many wars. I guess with a job as important as he's got, you need to be reasonably good at it from the start rather than spending the first few months messing about installing the software you need on your laptop, trying to remember important people's names, and discovering where the restroom is.
All this contrasts with our somewhat lackadaisical approach on this side of the pond. When we have an election, we don't get to know the result until the next day. That's mainly because we don't actually trust anything that isn't written down on paper with a stumpy and blunt black pencil (usually tied to the voting booth desk with a piece of string for security reasons), so they have to get a heap of people to count them all by hand afterwards. Still, at least it gives the TV presenters plenty of time to play with their "swingometers" and other fancy CGI stuff. But I suppose they've had two years of that already in the US, so people are losing interest by the end of the process.
Meanwhile back in the UK, once they do decide who won, the boss of that party has to drop in for breakfast with the Queen and see if it's OK for him or her to form a Government. Providing she says yes (I'm not sure what happens if she says no), the new Prime Minister can wander down the road to Number 10 and start running the country. Presumably, if they don't need any training, it must be relatively easy. Mind you, as they were most likely to have been up all the night before partying, they'll probably have a bit of a hangover. Probably best not to make too many huge impact major decisions on the first day. And ask someone where the restroom is.
One thing I never discovered about the US election process is what the difference is between a "Soccer Mom" and a "Hockey Mom" (other than the lipstick). I'd assumed that Sarah Palin doesn't actually play hockey, and that the name comes from her transporting the kids to and from their hockey games. Then I found this post in which Lynn Wilhelm explains that there are other less well-known categories of parenting that I wasn't aware of. Such as the "NASCAR Dad". And as Obama is a basketball devotee, we'll presumably soon be seeing the newspapers full of "Basketball Mom" stories. Lynn even goes to the lengths of explaining that ice hockey is more popular in Alaska than it is in Florida (which doesn't seem surprising), and that ten times more "casual participants" (I assume she means kids) play soccer and basketball than hockey.
Here in the UK, we've already had a political focus on "Mondeo Man" (Mondeo is the name of a mid-range Ford motorcar, and supposedly refers to the middle-class amongst the population). Though, if everyone is downsizing to save money and be green, maybe next time it will be "Focus Man" or even "Fiesta Man". Or maybe, instead, we'll continue our USification by seeing an increasing election-time focus on sectors of the population based on their kid's pastimes? Perhaps politicians will start to aim their policies at "Cricket Mom", "Rounders Mom", "Xbox Mom", "Reading Harry Potter For The Fifth Time Mom", or even "Hanging Around On Street Corners Getting Drunk Mom".
And, after all this, I hear from a colleague in the US that their election might not actually be over yet. It seems that some people are waiting for the Supreme Court to rule that Mr. Obama isn't actually eligible to be President because his Dad was Kenyan, had a British passport, and dual nationality at birth. But don't panic - we can send over our nice Mr. Blair (he's not busy at the moment) to handle things until you make up your mind.
So by now you're probably wondering what, other that a brief mention of Xbox, all this rambling has to do with computers, documentation, and software. To be honest, I don't have any idea either...
I'm not much into wearing daft T-shirts, or T-shirts with logos that proclaim my technical proclivities (such as being a Windows user, or knowing how to configure a DNS server), though one of my favorites is a T-shirt with a big picture of an organ donor card. It carries the slogan "DONER CARD" with the tagline "I want somebody to eat my kebab when I die". However, one of my other daft T-shirt logos came to mind the other day as my wife was trying to adjust from the relative warmth of a week away in Madeira to the distinct chill of an English December.
The T-shirt in question explains that there are 10 kinds of people in this world - those who understand binary and those who don't. Now, I've rambled on many times over the years about our digital generation (see Derbyshire Does Digital and I Hear Voices - From The Planet Rock for examples), but I'm not sure I grasp all of the consequences. And it certainly seems increasingly clear that many other people just don't get that some things are resolutely digital in nature. Such as central heating systems.
You see, my wife (and I'm sure many other people like her) seem able to judge the outside temperature by touching one of the central heating radiators in our house. I'll accept that she is an amazing woman with all of the talents that those of her gender tend to exhibit. As well as the ability to discuss three different subjects at once while preparing a five course meal and sending a text message on her phone, she remembers everyone's birthday and knows where I put the car keys.
So how is it that, no matter how often I try to explain how central heating systems (and similar technological marvels) work, she still has this analog approach to things? She'll tell me that it must be cold outside "...because the radiator in the hallway is really hot". Or, it must be warmer than usual for the time of year "...because the bedroom radiator is only lukewarm". How do I explain that radiators are either on or off? They're digital. They go from cold to hot when the thermostat detects that the temperature in the hallway is below some preset level, and it turns the pump on. They go from hot to cold when the thermostat reaches the other extreme of its hysteresis loop and it turns the pump off again.
Likewise, when we're watching TV at night and it's a bit chilly, she'll tell me to turn the thermostat knob up to full on the grounds that "...it will get warm quicker", and then turn it down to nothing when my chocolate biscuits start to melt. I've noticed the same in my car, in airplanes, and in most other places. Some people seem to insist on turning the knob all the way in the expectation that it will do stuff faster (or slower) than if they just set it to the required level in the first place, or delicately adjust it to meet changing requirements.
Ah, but maybe this is "agile environmental management". Let's face it, agile is the big thing these days. Maybe this is how agile is supposed to work. You take a wild stab at what you might need to design and build, and throw it together as fast as possible (the programming equivalent of turning the knob to "full"). Then, when it performs like a goldfish in custard, you strip all of the gunk out of the code until it goes quick enough, like turning the knob to zero. Finally, you stabilize it by gradually adding and removing bits until it does what you need, and still tends to run fast enough to prevent users from falling asleep.
Mind you, talking of falling asleep, I still can't figure why the digital controls for the lights in the p&p offices work like they do. If you stop moving for a while (such as drifting off to sleep) the lights go out. Surely they ought to work in a reverse hysteresis way. Come on really bright and beep a few times to keep you awake...?