When you’re tipping a contractor that shows up to your house, after you hand the contractor the cash, never, ever unbuckle your belt buckle, unbutton your pants, and start zipping down your fly… to tuck your shirt in.  Seriously, if you need to tuck in your shirt, wait a minute or two for the contractor to leave.  Handing someone money in your house and following that up with anything involving your pants is liable to send the wrong message.  I cannot begin to stress this enough.

(Yes, this happened to me today.  That’s how my work day ended.  At least I got some dinner money out of it, though… and, to the guy’s credit, he did tuck in his shirt, and he did stop there.  Thank goodness - that almost became the first time I would have ever used my steel toed boots for defense.)

As some of you have probably guessed, I’ve been a little busy lately.  Yesterday, I had a nice server migration from hell.  Today, I got to finish that up - I got the tip not because I inspired someone to play with their pants but because I worked my ass off and got the job done.  Did it take about twice as long as it should?  Yes.  Did pretty much everything that could go wrong go wrong?  No - both servers stayed up, which is better than some of the nastier migrations I’ve been a part of - but it still wasn’t a lot of fun.

While I’m bitching about work, let’s talk about spam.  Everybody gets it.  Everybody is annoyed by it.  Simple enough.  What’s kind of fun about it, though, is that, when you’re managing a mail server, you get to experience how different people handle spam.  Some will want the spam to be segregated to a separate folder so that, if a legitimate e-mail is trapped by the spam filter, they can check the folder later and find it.  Others are mortally offended that, somewhere, even in a folder labeled “Junk E-Mail” there could be an e-mail in there that mentions (the horror!) improperly sized penises, and will immediately freak out, raining death and hysteria upon you, upon discovering that e-mail.  What’s really fun is when somebody decides they want both.  Y’know, because, if you’re going to host your e-mail on an operating system that exemplifies the wacky nature of quantum physics, the least it can do is violate said laws while hosting your e-mail, right?

Right.

While I’m here, a quick heads up - I’m visiting my son (first one) this weekend, so posting may be a little sparse.

Secondly, the ESO asked me how I felt about a middle name of “Lucas” for impending son #2.  Needless to say, I smiled a little.  Heh heh heh… if she only knew… if she only knew…

Not going to be posting much tonight - I’m involved in the server migration from hell.  It’s always fun when you migrate a server, only to discover that nobody has any idea where the installation discs are for their business-critical applications… oh, good, good times.

I’ll have something tomorrow, I assure you.

Ah, the joys of pulling a 15 hour day yesterday… it wasn’t all bad; if it was, I wouldn’t have been able to throw down a couple of posts.  That said, I’m rather ridiculously tired, so if today’s post veers towards incoherency, there’s probably a really good reason for that.

The 15 hour day was the direct result of a customer’s Exchange (e-mail, among other things) server going down.  That this particular customer was located about an hour away from where I live and normally work certainly didn’t help matters any.  However, I learned about a couple of interesting toys that can make a restore go sooooooooo much smoother.  First, though, I wish to rant for a bit about Windows, and why it absolutely sucks when it goes down.  I’ve done this before, of course, but I want to expand on it a little today.

One of the nasty side-effects of some of Microsoft’s choices in the past is that Windows is arguably much more difficult than it needs to be to restore, which means that it’s much more difficult than it really should be to back up.  The culprit, as always, is Active Directory, which, in any Windows-centric office, is essentially the glue that holds the world together.  Without Active Directory, you don’t have user accounts, which means people can’t log into their workstations, which means nothing gets done.  If Active Directory comes up missing, you are hosed.  Active Directory stores its information on a server known as a Domain Controller.  You can have just about as many Domain Controllers as you want, practically speaking, which is a very good thing - if you have more than one, you can just replicate the information to the other domain controller(s) and almost never worry about restoring Active Directory from scratch.  If you have to restore from scratch… well, let’s just say that Microsoft was apparently staring long and hard at Schrödinger’s cat; in a vain attempt at creating (or, at least, inspiring) a Heisenberg Compensator, Microsoft created a backup and restore scheme that requires your server to know not only what it was at the precise time of that backup, but also precisely where it was going to go next.  It’s a rare company that would dare laugh at quantum physics, but I suppose you can get away with it when you’re worth billions of dollars.  Needless to say, this makes my job damn near impossible… or, at least, it did, until I learned about a new toy…

That’s right - the VMWare Converter.

Now, how would this piece of software unravel quantum mechanics as we know it?  Easy - by effectively creating a byte-level backup of the server and converting it into a VMWare image, which, in turn, can be launched in VMWare as a virtual machine should the source server go down.

(Right about now is when I lost about half of the few regular readers I have around here.  It’s okay - you can come back when Rachel links to me again.  She’s a little busy with Rupert right now, though, so it’s going to be a while.)

First, a quick primer on virtual machines…

A virtual machine is a machine-in-a-machine.  To help conceptualize this, pretend that you are a computer.  Now, let’s pretend that we installed a second personality inside of you (a second soul, if you will).  It will only have access to the body parts that you grant it when and where you choose to grant it, and, if you’d like, you may grant it complete control over everything.  You may decide after a while that you want control back - if you do, you may take it back.  The result is something similar to a split personality, only you can talk with the split personality, switch them at your choosing, and it’s only as hostile to your personality’s ability to perform in the real world as you choose to let it be.

Now, let’s pretend that somebody close to you dies (say, that friendly server above you that keeps you warm at night).  Using the VMWare Converter (were you a computer, of course), we could create an image of that server before it dies and install it into you; once that server dies, we could then turn that virtualized version of the server on.  Whenever someone tries to call that server (Hey, Johnny!), instead of the dead server responding (or, for that matter, failing to respond), the new alternate personality in your head would respond (Hi!  I’m over here!).  Now, as I’m sure you can imagine, if a lot of people used to talk to this server, things are going to be a little slow for both you and your new alter-ego.  Even so, it’s sometimes better to be able to talk to the dead slowly than to not talk to them at all.

(Thus endeth the most confusing and metaphysical explanation of server virtualization ever.)

Now, the cool part for me yesterday was that, since my problem server wasn’t dead - just slowly dying - I still had time to run the VMWare Converter on it (or, as the case may have been that night, run ShadowProtect on it, then convert the resulting ShadowProtect image - it was faster than running the converter directly, believe it or not), which is why, instead of having no e-mail at all, that particular customer now has slow e-mail, a slower SQL server (it had the most free resources and was the newest server in the office), and a new server on order… and they were back up to fully functional by the end of the night, at least until I logged out, at which point I learned another important lesson:

“Always run mission-critical virtual servers as Local System, not administrator… at least not if you plan on logging out at all.”

Ah, c’est la vie.

You may now return to your regularly scheduled blogging.

Found this on the official IEBlog - long story short, your ability to uninstall your current version of Internet Explorer is entirely dependent on what version you have going into SP3.  So…

IE6: No problem.  You couldn’t uninstall this even if you wanted to.  SP3 will give you all of the latest patches and security updates.

IE7: Though you can uninstall IE7 now, you will not be able to uninstall IE7 once you get SP3 on your system unless you install IE7 after you install SP3.

IE8 Beta: Though you can uninstall IE8 now, you will not be able to uninstall IE8 once you get SP3 on your system unless you install IE8 after you install SP3.

What this means is that, if you ever want to get rid of IE7 or IE8 from your machine after you install SP3, your best bet is to uninstall them immediately before applying the service pack, installing the service pack, then reinstalling your preferred version of Internet Explorer.

To be honest, this isn’t going to be a big deal for most users, but it’s still good to be aware of.  If you like your current version of Internet Explorer, don’t worry about it.  Simple as that.

There are days when I really despise my job… I’m currently running on three straight nights of five hour nights of sleep. To say that my writing quality today is going to suffer as a result, to say nothing of everything else, is a gross understatement. You’ve been warned.

For those of you new here, I’m an IT consultant when I’m not “adding value” to company time by blogging; the company I work for handles IT needs for smaller companies that can’t afford a full-time IT staff, or, occasionally, for companies that need a decently trained extra hand around the server room. The job is fairly basic - keep servers and workstations running, install the occasional bit of software, clean off the occasional virus… it’s pretty vanilla and peaceful (if boring) most of the time. Once in a while, though, I really earn my pay, and this week has been one of those weeks. One of my coworkers was expanding a partition on a server when the server decided it would not only drop the partition but take the partitions on the backup drives with it. End result? One down server and no backup.

Great.

To add insult to injury, this particular server was special. It was running Windows Small Business Server, which meant that, not only was it important as a server, it also was responsible for making sure people could log into the system (yep - only domain controller) and also making sure people got their e-mail (Exchange). It also turned out that the server also hosted everybody’s home folders, but we didn’t know that at the time.

Now, a Windows server, by itself, is an interesting thing to restore. At its most basic, a Windows file server is functionally no harder to restore than any other server - install an operating system, grab a backup, restore some files. You may need to add it to the domain so people can access it, and you might need to tweak some file permissions if they didn’t make it across, but none of that is particularly hard or time consuming. A Small Business server, however… well, that’s a special beast, and, at least in my experience, when one of those goes south, you’re looking at up to 48 man hours (note - not two days; we’re talking six eight-hour shifts here) to get everything restored and all the kinks worked out.

What’s the difference, you ask? Of course you don’t, but I feel like ranting.

Conceptually, there are two basic ways to store information on any system. You can either store information on files, reading and writing to that file whenever a change needs to be made, or you can store information in a database. Now, a database consists of a set of files, but databases are special - they’re designed to be easy for a computer to remember. Allow me to illustrate through metaphor:

Let’s pretend for a second that you and I are working on a book. We only have one copy of the book, but both of us want to be able to work on it. We have a couple of methods at our disposal to keep things in sync:

We can hand-deliver changes to each other. This would be analogous to a file-based system - I would make the change I want to make to the book, you would look at the change, then we would get back to work. There are some drawbacks to this, though. First off, what happens if you and I want to make a change at the same time, and the change affects what the other person is doing? Whose changes take priority? Secondly, this can be rather slow - while I’m making a change in the book, you won’t be able to look at the book (seeing as I have it and all), nor will you be able to make any changes yourself. This causes a rather serious bottleneck.

We can make little notes, including the date and time we made the note, then come together periodically and make the changes together. This would be analogous to a database, and it speeds things up dramatically. We could just rely on the date to determine whose changes go first. Then, periodically, we could both get together, figure out which notes go in which order, make the changes we need to make, and go our separate ways.

Now, let’s say the book gets lost. How can we bring it back? Well, in the first model, it’s fairly simple - we could just agree to have a backup of the book that we decide to start working from. Once a day, we run the book through a copier machine or something similar. The worst that happens is we lose our changes for that day. In the second model, yes, we can still do this, but there’s a catch - what about our notes? Have we been backing up our notes as well? If not, we’re going to have a problem - we just lost all of the changes we were going to make to the book!

Let’s complicate things a little further and pretend that there’s someone else working on a different book, but they’re using our book as a source for material. They want to be able to cite our book by page, paragraph, or even sentence, so they want to keep track of what we’re doing while we’re doing it so they can keep their cites up to date. Going back to our models, there are two ways we can allow this:

Let that person take the book, make their cites, then return it to us. Again, this would be analogous to the file-based system, and it would be slow and cumbersome; we would have to wait for the book to come back before we could make any further changes. On the other hand, if that person loses it for whatever reason, we could just grab our backup, get back to work, and let the person know that we restored the book.

Alternatively…

Let that person keep a copy of the book. The copy will be updated each time we make changes in it. This would be analogous to the database model, and, as I’m sure you can imagine, it would be much faster - we could make changes while they’re citing, let the person know we made some changes, they grab a new copy of the book, life is good. Just one problem, though - what happens if we lose our copy of the book? We could restore it from a previous version, but what if our version and the other person’s version don’t match? We would need to keep a record of what version we’re each working from and compare version numbers - if they don’t match, we’re going to need to come up with some way to rectify that. Worse yet, what if they make citations based on a newer version that we no longer have and they throw away the cites to the older version? What if the citations from the newer version reference something that didn’t even exist in the old version? What if we lost the notes that led to the newer version, perhaps due to our last backup being at least two versions back?

Herein lies the trade-off between databases and files: Databases are way faster than files, but can be rather tricky to bring back to life if something happens. Files are way slower than databases, but are much easier to bring back to life if something happens. Now, guess what Windows uses for everything? That’s right - databases. Guess what happens if you don’t have a good backup of some of those databases and they all tie in against each other? That’s right - I get no sleep, and neither do my coworkers. The worst part about it, of course, is that Microsoft likes to use databases in the most convoluted way imaginable so that way they’re nearly impossible to back up correctly. Pretend, for a sec, that you lost your database for Active Directory, which is responsible for all of your user names and passwords. Fortunately, you have a backup. Can you restore it all by itself somewhere else? Of course not - that would actually make sense. Instead, you get to restore it with the rest of something called “System State”, which just happens to include your entire registry, which just happens to include all kinds of various arcane configuration settings for your hardware and any program that’s running on your computer. Guess what happens if something gets screwed up in the registry? That’s right - you don’t get to restore Active Directory, which means you no longer have user accounts.

Nice, eh?

So, that’s been my week. Once this reign of terror ends, I’ll get some good posts up here. In the meantime, regale yourself with the latest on ID requirements to prevent voter fraud at Cardozaisms. It’s not news, it’s Cardoza. Alternatively, you can also get the latest in relating Professor Chaos and politics from Morbo’s good friend, Rachel Lucas.

Hello, Morbo. How’s the family?
Belligerent and filled with numerous pork treats.
Excellent. I’m Rachel, and I’m pro-war and pro-family.

Well, she’s not pro-family, exactly, at least not in the Quantity is King! sort of way, but you get the idea. Or you don’t. I don’t even care anymore. Burn in hell, hippies!

According to the Windows Vista Team Blog, Microsoft is going to start pushing SP1 for Vista out via Automatic Updates. The good news is that, at least at work, we haven’t had any problems with it - that’s not to say that nobody is having problems with it, though. For whatever it may be worth, we run Office 2007 on Vista SP1 all over the place in here without incident, so, needless to say, your mileage may vary.

This just in: Microsoft is releasing Service Pack 3 for Windows XP on April 29th. It looks like it’s just going to be a roll-up of all of the updates up to this point, which is quite promising - Windows XP SP2 is running somewhere in excess of 80 updates by this point. It doesn’t look like Microsoft is going to be adding too much new functionality, which should make it a lot easier for people to adopt without fear of reprisal. By the looks of the whitepaper, it’s all about helping Windows XP work a little better with Windows Server 2008, which is fine by me.

Today’s going to be rather sparse on posts, partly because I just don’t have a whole lot to write about today (Oooh… is Obama still out of touch? Yawn.), and partly because I won’t have a whole lot of time tonight. So, without further ado, I’m going to subject everyone here (all five or six of you, not including the Google searchers, if Sitemeter is any indication) to a rant about work. This works out well since half of my readers are coworkers.

Lately, my schedule has been fairly lax, meaning that I’ve had a fair amount of spare time in the office. Consequently, I figured I’d pound out a few projects that I’ve been sitting on. One rather urgent project we’ve been focusing on at work is preparing to become a reseller of Asterisk-based phone systems. Asterisk is a rather neat idea - basically, some guy (Mark Spencer, to be exact) sat down one day, decided he needed a phone system, shopped around for one, discovered they were all heinously expensive, and wrote his own. He then released the product to the world at no cost (free!). Right about now, you may be asking yourself an important question: How does one resell a free product? The answer is simple - you don’t. You sell service on top of the free product and you make a killing off of that. Of course, since the only thing Mark released for free was the code for his phone system and not actual free hardware devices, you can also make a fair amount of money selling the hardware, too. It’s not a bad deal.

Back to my story, though - my employer has been harassing me to find a solution to a problem he’s been having. He wants his phone to be able to page another person, sort of like an intercom. This is fairly standard on most analog phone systems worth their salt, but can be rather tricky on digital systems - the protocol that digital telephony on Asterisk is built on (SIP) isn’t designed to handle that. See, SIP actually waits for someone to pick up the other line and answer the call - an intercom, by its very nature, has to do that automatically. Similarly, SIP is designed to go from point A to point B; many intercoms go from point A to many points B, all simultaneously.

After a bit of searching, I discovered that, yes, Asterisk does, in fact, support paging and intercoms. But, there’s a catch:

SIP phones for the most part don’t support any of these phone based paging functions.

Of course they don’t… but you can fake it. However, upon reading the instructions, I learned that I needed to update the firmware of the Polycom phones we have around the office… which brings me to the story itself.

I just spent the past five hours trying to set up a phone to accept the new firmware, watching it bomb out time after time, only to figure out, after all that time, that the reason it wasn’t updating to the new firmware was because of a stupid typo in a config file. I had it pointing to a file that existed in a different directory. That was it. Five hours, all because of one lousy digit.

It’s been one of those days, folks. One of those days.

In the corporate world, people have calendars, contacts, and e-mail. For reasonably obvious reasons, these people want their calendars, contacts, and e-mail to be uniform both on their workstations at work and on any other device they connect to the corporate network (a cell phone, for example) - this way, no matter where they are, they’ll know where they’re supposed to go, how to talk to the person they’re supposed to meet, and communicate with everybody involved.

Sounds reasonable, right?

Let’s talk about the logistics of making this happen. You’re going to need to store these appointments, contacts, and e-mails somewhere. We’ll call this a server. You’re then going to need to get the data from the server on devices that you actually control. We’ll call these clients. Now, ideally, getting information from the server is going to be as simple as having the client talk to the server and say, “Hey, I need this information.” If the client changes any information, it will push it to the server, which will then update its information, and that will be that. If we’re feeling really fancy, upon the update of its information, the server will then check to see what clients have checked in with it recently and try to tell them that the information has changed. In short, all communication will be between the server and the client.

This sounds reasonably simple. In a corporate network, it most certainly is - all of the workstations have a straight shot to the server. Once you need to connect machines to the server that are located outside of the corporate server, things get a little more complicated… but only a little. There are a couple of tried and true ways to handle this, as well. You can either use a VPN (i.e. have the client log into the corporate network in its entirety from the remote location before accessing the corporate network) or you can use a set of pre-defined protocols that provide differing access rights to various resources from a public interface (i.e. SMTP, POP, IMAP, etc.). The first approach is somewhat akin to astral planing into your office. The second approach is somewhat akin to calling the office on the phone and asking for your messages. Unfortunately, there’s one small hitch: Until relatively recently, though there have been plenty of standards that deal with e-mail, there haven’t been any that deal with calendar appointments and contacts. That’s slowly changing (iCal, for example), but we still have a long ways to go on that front. So, more often than not, you either have to use a VPN or use some clever chicanery (RPC over HTTP) to get the job done. The drawback, of course, is that, with a VPN, unless your sysadmin is both very good and very cautious, you have access to everything remotely that you would have access to in the office, which may or may not be a smart idea.

Let’s throw smart phones into the mix.

In an ideal world, smart phones should…

1. Only have access to what they can use.
2. Behave similarly to a normal client.

For example, you probably don’t want to give a smart phone access to that expensive accounting package that you have access to in the office - it couldn’t run that program even if you wanted it to. More importantly, you probably don’t want it to even have access to those files - their size alone may brick your phone. This pretty effectively rules out a VPN; there’s just too much that can go wrong. However, we still want it to behave similarly as any other client would, meaning that we want it to talk directly with the server - we just want to have the phone and the server tell each other just enough to get the mail, appointments, and contacts across.

Makes sense so far, right?

Well, a little company called Research in Motion created a device called the Blackberry that “solved” this problem. How, you ask? Easy:

First, you install a piece of software on the server that contains all of these appointments. The software then listens in on what the server is doing and, whenever there is a change, sends out that change to some servers owned by RIM. RIM, upon receipt of those changes, sends them to the smart phone’s provider. The provider then sends these changes to the phone. The process of getting information back on to the server is the inverse of what was just described - cell provider, RIM, RIM software, mail server.

Clear as mud, right?

By comparison, let’s try the Microsoft way:

Your phone has a piece of software that talks to the server directly using a set of well defined protocols (HTTP, mostly - the same stuff you’re using to read this blog right now). When information changes on the server, the server sends out a notification to anyone that it knows has logged in recently. The phone and the server talk directly to each other.

Guess which way works a little better? Guess which way is cheaper due to not having to pay a third party (RIM) to shuttle your information back and forth through its networks? Guess which way doesn’t go down across an entire continent every so often?

Exactly.

Yet, there I was today, installing a Blackberry Professional Software server, trying to get Blackberry devices to sync with it, only to find out that the Blackberries couldn’t sync with RIM because they had not been properly provisioned. Apparently, in Blackberry World, you have to tell your provider that you don’t just want to talk to RIM, you want to let RIM shuttle messages back and forth to your main server… even though, as far as the provider is concerned, everything should be coming through the same channel anyways. Oh yes. Don’t even get me started on the weird and arcane Active Directory jujitsu they made me go through when I called their support line, nor the hour and a half wait I endured on hold.

If anybody out there is listening, could somebody please explain to me why RIM is still in business? Also, could somebody please explain to me why nobody stopped them from picking such a potentially disastrous acronym? I shudder to think how employees there explain how they got a job at RIM (a RIM job, perhaps?).

From the official Microsoft Exchange blog, there’s this little gem:

Unlike previous versions of Windows, Windows Server 2008 does not include a backup utility that supports the Exchange ESE streaming backup APIs. The Windows 2008 backup application, Windows Server Backup, cannot be used to take backups of Exchange.

Exchange still includes the ESE streaming backup APIs, but the absence of an Exchange-aware backup application in Windows may come as a surprise to many. Another change we made that may also affect you is the removal of remote streaming backup support on Windows 2008.

This leaves you with two choices for taking Exchange-aware online backups when running Exchange 2007 SP1 on Windows 2008:

1. Move to a Volume Shadow Copy Service (VSS)-based backup application. You can use Microsoft System Center Data Protection Manager (DPM) 2007 or a third-party backup application that supports Exchange-aware VSS-based backups of Exchange 2007 SP1 on Windows Server 2008.

[…]

2. Use a Third-Party application that supports ESE streaming backups using a local backup agent on the Exchange server.

By itself, that’s mildly annoying - Microsoft is now pushing its own backup solution, so it’s purposefully crippling Windows Server Backup, or, alternatively, purposefully crippling Exchange so it doesn’t properly work with it. Either way, this is annoying, but not terribly fatal. What is, however, is this gem:

Known Incompatibilities

One known Exchange-related incompatibility with Windows Server 2008 is the downloadable Messaging API Client and Collaboration Data Objects 1.2.1 package. Currently this tools package operates on Windows Server 2003 or Windows XP. We’re working on validating these tools against Windows Server 2008 and expect to have an updated version released.

Why is this important? Because this package is required for Symantec’s Backup Exec to back up an Exchange 2007 server, that’s why. In other words, the one library necessary for one of the most popular third-party tools to back up an Exchange 2007 server on Microsoft’s brand new server operating system doesn’t work, making Microsoft’s backup solution the de facto viable backup solution.

Nice. Very nice.

It’s because of things like this that I’m starting to take a very serious look at Exchange alternatives. After all, let’s take a look at where we’re at with Exchange 2007:

1. It only runs on an x64 version of Windows Server. Most of the servers I maintain don’t already have that, and there’s no in-place way to upgrade them.
2. Exchange 2007 requires insane amounts of RAM (at least 4 GB). This means that Exchange is going to have to sit on a dedicated box. I am curious to see how they plan on pulling off a new version of Small Business Server with this thing.
3. Successfully administering Exchange 2007 requires mastering the PowerShell, since the GUI console is purposefully neutered.
4. .NET 2.0 and Exchange 2007 are incompatible with .NET 1.1, meaning that servers running .NET 1.1 apps (i.e. Sage Timberline Server and ACCPAC, among other things) can’t be on the same box as Exchange, even if there was an x64 compatible version of those server apps.

So, it has to run on a new operating system on a dedicated box, has to be administered from a command line, and requires me to spend time and energy learning an entirely new way of administering my servers… what’s stopping me, exactly, from finding a cheaper proven Linux-based alternative, exactly?

It’s funny - if Microsoft just kept bolting new things on to the Exchange 2000/2003 core, I wouldn’t even be talking about this. I mean, they used the same interface and the same basic methods of backing up and administering Exchange servers for the better part of seven years. Everyone knew how to handle Exchange 2000/2003… or, at least, anybody that cared did. Now Microsoft is tossing out all of that built-in knowledge and inertia. How can this possibly benefit them? If anything, I would think they’d try to keep things as close to “safe and comfortable” as possible so techs like me don’t start getting ideas about trying the competition.

Goes to show what I know, eh?

In an earlier post, I detailed some frustration I had with Exchange 2007. This post continues in that vein with some new knowledge I found…

To get the import-mailbox cmdlet, you have to have Exchange 2007 SP1. Trouble is, the 32-bit Exchange Management Tools offered by Microsoft do not include Service Pack 1, so you have to download that separately.

Total download? About 1.5 GB between the two files. Fun!

I discovered this when noticing that my backup server was unable to back up the Exchange server due to mismatched ESE.DLL files. Oh, good, good times.

Last weekend, I was tasked with installing a brand new Exchange 2007 server. For those of you not already familiar with it, Microsoft Exchange Server is what’s frequently known as a “groupware” application, meaning it provides e-mail, shared calendars, shared contacts, and all that good stuff. The nice thing about Exchange is that, historically, it includes everything, up to and including the kitchen sink. You want e-mail? It can do that. You want the ability to sync somebody’s mobile device with the exact same contacts, tasks, appointments, and e-mail that they have back in the office? No problem - it does that. You want shared calendars? Done. Do you need a web access page so that people without e-mail clients can still access important work information? Sure - it’ll do that. There are some warts with Exchange, just like any other Microsoft product. For starters, Exchange is another one of those products that continues the grand Microsoft tradition of “throw everything in a big, monolithic database file that’s unnecessarily difficult to back up or restore”. It’s resource hungry, to put it gently - it’s not uncommon for it to use a full gigabyte of RAM or more for, say, 20 mailboxes or so. It doesn’t play well with others; the Outlook Web Access page looks nicest and is fully featured in Internet Explorer on Windows, for example. But, it does work, especially for smallish companies that want a little “big company” functionality. It’s not perfect, but, like Windows and Microsoft Office, it’s what people know, and that’s frequently good enough.

Exchange 2007 still does all of this, but, like Windows Vista, there are a few differences compared to previous versions. The interface looks different. There are more features. Things are laid out differently. That’s fine and good - change happens. I’m okay with that. However, if you’re going to make changes, at least try to be consistent. For example:

1. In old versions of Exchange, if you needed to change permissions on a mailbox (i.e. say the administrator needs access to somebody else’s mailbox), it was fairly intuitive. You changed permissions on the mailbox the same way you changed permissions in the file system - you right-click the mailbox, go to “Security”, and make your permissions change. In Exchange 2007, that no longer exists - to change permissions, you have to use the new PowerShell.

2. In old versions of Exchange, there was a program called Exmerge that let you import and export mailboxes and PSTs (Microsoft Outlook data files). You could take somebody’s PST and import it into an Exchange mailbox and vice-versa. In Exchange 2007 SP1, you can still do that, but there are a couple of changes. First, the Exmerge tool, which was graphical in nature, is no longer supported. Instead, you’re supposed to use the import-mailbox and export-mailbox tools in the PowerShell. Secondly, the import-mailbox tool doesn’t work on the mail server (64-bit by requirement) - it instead tells you to use the tool from a 32-bit machine with the Exchange tools installed. Those tools are 650 MB in size. They also don’t include the import-mailbox tool. Because of this, there’s no clean or easy way to import data from Outlook into the server other than having everybody launch Outlook and manually import their data file into the Exchange server (imagine doing this for 50 people to see why this is bad).

There are two common threads to these complaints - PowerShell. Don’t get me wrong - I have no problem with PowerShell. I think it’s an incredibly useful and powerful tool, and I’m happy that Microsoft is getting serious about providing a useful command line tool for the Windows environment. However, I’m a little less excited about Microsoft arbitrarily deciding that the only way to administer one of their most popular products is through the PowerShell. The great thing about Windows is that every single part of the operating system can be administered from the graphical user interface. It may not be the ideal place to administer it, mind you, especially for more repetitious activities, but, for one-off tasks, it’s wonderful. The GUI can communicate insanely difficult concepts quickly and relatively efficiently, giving you all the information you need to conceptualize the task at hand. Command lines rarely give you that ability - you have to know what you’re doing beforehand.

Consider the following task:

Let’s say you need to check file permissions on something. Which would you rather do? Use this:

Or this:

Now imagine having to manage your file system with only the latter method. Now, to add insult to injury, imagine only being able to administer your complex mail server with just the latter tool.

Right.

This is why I’m not a fan of Exchange 2007, and why it took me 13 hours to set up that mail server last Saturday. Ugh.

For far too long, I’ve been using an RCA cable modem with wireless transmitter as my router/wireless access point. There were a couple of problems with the unit, however. Firstly, it was an 802.11b wireless router, which meant the range was terrible - I had serious difficulties getting a signal reliably in the living room (the unit was in the bedroom). Secondly, what security settings it had would get blanked out whenever I unplugged the unit, which was often because it would freeze up every week or two. After dealing with this for over a year, it finally got bad enough where I felt compelled to purchase a new wireless router. At first, I was going to find something with known DD-WRT compatibility. However, in a moment of excessive frugality (I have these moments often), I saw a Belkin F5D8233-4 802.11n wireless router on sale at Walmart for only $70. Since there were plenty of Belkins on DD-WRT’s compatibility list (albeit not this particular one), I figured I had a fighting chance of getting a cheap, long-range, possibly Linux-compatible router for my home.

Initial Setup

Getting it set up was mostly painless, at least at first. Hook it up to your network like you normally would, insert the setup CD, and follow the bouncing ball. The CD, however, is only Mac and Windows compatible - it wouldn’t run on my Ubuntu box under WINE. I settled for doing the initial setup on my old iMac. The documentation you get with the unit is extremely sparse; there’s no information in the box on the LAN IP address, passwords, or anything of that sort. The online documentation at Belkin is marginally better, in that the user guide actually includes that sort of information.

One hitch that burned me for a while was that the Belkin would not acquire a DHCP address from my cable modem. After a bit of research, I found out that the default firmware on it (3.01.10) had a glitch in its DHCP client that prevented it from successfully getting an address from DHCP on a consistent basis. Fortunately, the latest firmware on Belkin’s site (3.01.14 as of this writing) fixed that. Since you need an Internet connection before you can download the firmware, I strongly recommend either downloading the firmware before installation of the router or, in a pinch, plugging a workstation directly into a broadband modem long enough to download the firmware. That said, I don’t recommend the latter approach unless you’re really confident in your resident software firewall.

Wireless Setup

Getting the wireless setup was largely self-explanatory. It supports WEP, WPA-PSK and WPA2-PSK, just like any self-respecting wireless router of this day and age, which is nice. One thing that did burn me was the “Wi-Fi Protected Setup”, or WPS, which allows laptops to authenticate against the router with a certificate instead of a standard wireless key. Though my Ubuntu Feisty Fawn laptop was able to authenticate against the router easily enough, the same could not be said for my significant other’s Windows XP laptop. Disabling WPS caused the router to behave like a normal wireless router, authentication-wise, which was what I was looking for. With a little more time and effort, I might have been able to figure out how to use the router with WPS enabled, but I didn’t see the point.

The range was vastly improved over the RCA - where I used to get one bar, I now get three to four consistently. Better yet, the configuration doesn’t wipe itself every time the router restarts, which is also handy.

DD-WRT

Unfortunately, what I found online indicated that the F5D8233 was probably not compatible with DD-WRT or OpenWRT due to the possibility of it having a Realtek chipset. I haven’t had the guts to try it by myself, nor, at least at present, the inclination - it does work in its current configuration, after all. Belkin provides almost no information on the unit online, as far as what its chipset is or anything of that sort, which means I’d probably have to crack the thing open to find out what’s inside. For now, that’s not happening. I may change my mind sometime next week, though, depending on time and inclination.

Final analysis

For $70, it’s not bad. It has good range, it’s fairly easy to set up, and, with a little time and patience, it runs reasonably reliably and well. At least for now, I wouldn’t recommend it for the homebrew types, nor would I recommend it for those that aren’t already familiar with setting up wireless routers - it’s just not reliable enough out of the box for that. If you’re willing to spend a little extra, I do recommend going for either a more upscale Belkin or possibly even a Linksys. Think of it as something akin to a Chevy Aveo - you get what you get and that’s pretty much that.

Courtesy of Slashdot, an article about “Stupid Male Geek Culture” and how it’s keeping women from entering engineering fields. My personal favorite is the following comment posted in response to this:

I get discriminated against by stupid, pretty female culture a LOT more than women get discriminated against by stupid male geek culture. I am willing to be that most geeks feel the same way.
You want a cease fire? Fine. start playing fair with us and we might play fair with you.

In all seriousness, though, what’s so ’stupid’ about male geek culture? I mean, okay, we have All Your Base, Just Got Owned, Tanuk Tanuk Tan, and, granted, those probably aren’t the most intellectual memes in the world. But, you have to admit, it beats the heck out of The View, Britney Spears, or, really, any celebrity gossip at all. Have I mentioned Sex & The City? How about the network formerly known as the WB? I could go on like this all day.

The defense rests.

Ah, good times… it finally works.

I noticed on the LiveCD for Ubuntu that the power management actually behaved the way it was supposed to, so I wiped the install and redid it, this time not installing any kernel updates. Unfortunately, it still installed a kernel update somehow (not sure how), but it didn’t install the 2.6.20-16.1 update, which seemed to be the one that hosed ACPI. Consequently, it correctly detects battery life now. A little ndiswrapper love solved the wireless issue, which wasn’t surprising. Nvidia’s drivers installed relatively cleanly, so no complaints there.

All in all, mission accomplished! Was it more difficult than it should have been? You betcha. But, at least it works, and for that I am thankful.

Well, it would appear my first substantial post here shall be about various technical issues here. So, let’s get to it.

Comments

Turns out I accidentally required moderation on my comments, meaning I had to manually approve them before they were posted. This has been fixed. Everyone should be able to comment freely now. Of course, if there’s a comment that’s wildly out of control, I’ll be more than happy to delete it, but I doubt that’ll be too much of an issue here.

Subscribing

Blogger supports RSS subscriptions, which is a fairly nifty method of subscribing to multiple blogs without totally overwhelming your e-mail box. How it works is fairly simple - you subscribe to the blog, then you can see the blog using your browser window (assuming you’re using IE 7, Firefox, Opera, or possibly Safari) by checking that browser’s RSS feed subscriptions. Here’s some quick instructions on doing this with IE 7:

1. When you visit this blog in IE 7, a little orange icon with two white concentric circles and a white dot at the lower right hand corner will light up - it’s traditionally next to the Home button (looks like a house) in the upper right hand corner. If you click the little down arrow next to it, you’ll be given two feeds you can subscribe to. They both give you the same information, and the procedure is the same; the only difference between the two is that one uses RSS and the other uses Atom, which is a competing standard to do the exact same thing. Pick one (flip a coin if you have to) and click on it.

2. You will now see a second window and a yellow box asking if you would like to subscribe to this feed. Go ahead and click on it and follow the defaults (i.e. just click “OK” when available).

3. To confirm that you’ve subscribed, click on “Favorites” (it’s the single yellow star in IE 7, usually in the upper left hand corner). Once there, you will see something that says “Feeds”. Click on that and you should see this blog feed.

Though I haven’t tested this procedure on other browsers, I imagine it’s fairly similar. I might try Firefox out tonight and see how that works - to be honest, I don’t use RSS feeds very much, though I can definitely see how it can be quite handy if you like to view multiple blogs. In fact, I might play with this feature a little more now that I’ve been forced to pay attention to it. Coincidentally, this is similar technology that’s in play when you listen to a Podcast.

Update:

Tried it with Firefox. It’s easier than I thought. When you go to this blog, you’ll see that orange symbol in the address bar. Click on it, follow the defaults, and you’ll have subscribed. Problem solved.