Pages

5/22/2003

Life in the internet age


Having http://images.google.com is marvelous.
Today I was able to confirm that a part number was actually the cable I wanted.
CAB-SS-V35MT
Not long ago I'd have to find a catalog and hope it had a detailed picture (and none of the catalogs I ever used back in the "paper" days had useful pictures.

T1 Crossover Cable


It's nice to setup routers in advance with CSU's back to back to have everything configured and working before the circuits are installed and routers shipped out to remote site.
I've done this with RJ45 T1 crossover cable:

Exchange::Archive


Another vendor choice: http://www.kvsinc.com/

DNS


"Ted's tools" at http://www.mob.net/~ted/tools/index.html
has some good utilities.
I like the MXLookup that will lookup MX records from several DNS servers.

5/21/2003

Network Security::Spam


I only skimmed this article, I want to go back and read it more thoroughly later. But so far it really creeps me out.
http://gray-world.net/papers/spamdoor.txt
It is a "black hat" article about back door communications. The proposition is using e-mail communication disguised as spam to relay information between a back door creator and it's creator.

5/20/2003

Exchange Data Archive Tools


There are HSM/Exchange archive tools available from at least 3 vendors: Veritas, CommVault, & C2C.
Rumors from others who've tested them are:
- CommVault product is better from the administrators perspective - more flexible scheduling of jobs and ability to delegate more granular permissions to the point a helpdesk role could be allowed to restore an Exchange item.
- Veritas exchange storage manager - has more cleaner client integration, not as flexible admin
- C2C Archive1 is much simpler and uses an Exchange Public Folder store on a separate server. And archival jobs are separate from backups.
Veritas has a free Exchange storage evaluation tool:

http://www.veritas.com/products/listing/ProductDownloadList.jhtml?productId=storagemigratorwin#utilities

5/15/2003

NT::Event lookup


A great new link to information about NT event log errors:
http://eventid.net/

5/14/2003

Internet Mail::MailSweeper


MailSweeper Issue
I want to ONLY receive mail from a single host and block mail from everybody else. (We are using a spam filtering service provider and I want to force all mail to go through them.) The tricky thing with MailSweeper (4.3.patched) is the banned host feature doesn't work when you try to restrict everyone then make an exception for the one that is allowed to send mail.
Fix (partly)
To work around this I removed all the relay target domains (to which relaying is allowed from any host) and setup the IP address of the desired server into the list of relay hosts. This explicitly defines what servers are allowed to relay off this server.
Additional issue
But this only worked for all my "secondary" domains. The primary domain still allowed inbound relaying to that domain from any host. Under the "SMTP Relay" policy folder the "domain object" specifies our "primary" or "default" domain. It doesn't seem to be necessary because I have used forced routes to get the mail delivered. I renamed this domain to NORELAY(domain).com and it worked. It accepted relays to the primary domain from the desired host(s) but when it generated Non-Delivery Receipts (NDR's) it showed up as from "postmaster@NORELAY(domain).com"
Getting rid of the domain object
There were no useful properties of this object and there is no way through the policy editor interface to delete it.
- close MMC
- edit MAILSWP.CFG file
- find and delete the following section:
[MailServer\(domain).com]
- find and delete the following line from the [MailServer] section:
k:(domain).com=Domain


But there are still some NDR's that seem to use that address. The silly thing is there is a configuration setting where I tell it the address for the administrator = postmaster@(domain).com

ClearSwift MailSweeper is a Windows internet mail relay server product that will apply content policies/etc.
See more at: http://www.mailsweeper.com/products/msw/smtp/default.asp

Perl::Regex::Regular Expression Coach


I have got to get this and play with it!
RegEx Coach (http://weitz.de/regex-coach)
Thanks nf0 (http://www.10500bc.org/)
If it's description is close to how it really works this will be a marvelous way to hone my understanding of regular expressions. The better we understand their in's and out's the more likely we will be to have on the tip of our tongue an elegant solution to a complicated problem.

5/13/2003

Collaberation tools


Thanks to MErana for these links:
Free Request Tracker: http://www.bestpractical.com/rt/index.html
Free Forum: http://www.invisionboard.com/
Both of these cheap/free tools look very useful. Hopefully we will hear more about how they turn out in practice at http://eo.dyndns.info/mt-meblog/

5/12/2003

Essentials


Stuff everybody needs:
Handheld labeler: http://www.brother.com/usa/label/info/pt1180/pt1180_ove.html
and 1/4" black on white cartridges: TZ211
- label cables, data center devices, etc.

a few of these: http://www.pccables.com/01912.htm
- Make adapters from DB15 to RJ45 - or make a T1 crossover for use with *any* RJ45 CAT5 cable (don't have to build a T1 crossover RJ45 cable...)

General PC Toolkit:
http://www.tigerdirect.com/applications/SearchTools/item-details.asp?sku=B20-1503

Compact Cable Tester:
http://www.compucable.com/toolkits_testers/se_tester_body.html
CTK-PTCT 10 Base-T Network Cable Tester


rechargable flashlights

Marker boards

Digital Camera

AntiSpam Service Providers


http://www.edoxs.com
http://www.postini.com

The Postini site has interesting statistics. Something like 65-70% e-mail received by their clients is blocked as spam!

Internet e-mail is fast becoming a big joke and a total waste of time for corporate users.

T1::Wiring::DB15 to RJ45 adapter for T1



From: http://support.baynetworks.com/library/tpubs/html/router/soft1100/114072C/A_65.HTM#MARKER-9-78


CSU(DB15 Male)Router (RJ45 Female)
SignalPin # to Pin #Signal
Send +15Send +
Send -94Send -
Receive +32Receive +
Receive -111Receive -


Thing to make it: http://www.pccables.com/01912.htm

5/09/2003

Security::P2P::Ports


List of P2P stuff to block:
From: http://www.zensecurity.co.uk/resources/HowTo.asp?URL=morpheus%20napster

Service Target network serversTarget ports
Kazaa213.248.112.0/24TCP 1214
Morpheus206.142.53.0/24TCP 1214
E-Donkey?TCP 4661 - 4665
Audiogalaxy64.245.58.0/23TCP 21, TCP 9000
WinMX?TCP 6699


See also, great info at: http://www.oreillynet.com/topics/p2p

Security::P2P::Ports


WinMX - yet another pain in the butt peer to peer file sharing program.
By default it uses: TCP 6699 and UDP 6257
But unfortunately the client has options to change these ports.

5/08/2003

Career::Fight to Survive

"Fight To Survive" from Fast Company Magazine
http://www.fastcompany.com/magazine/69/fighttosurvive.html
S U R V I V E =
S Size up the situation.
U Use all your senses.
R Remember where you are.
V Vanquish fear and panic.
I Improvise.
V Value living.
A Act like the natives.
L Live by your wits.

This is a great article on it's own about the training of special operations soldiers. The correlation the reader is supposed to draw is that of surviving in your career overall and/or surviving in the corporate environment in tough times.
There wasn't much in the way of reader commentary in the talkback forum. I would like to hear about other peoples application of this article to surviving in the business world.
Rule 1: Only the Mentally Strong Survive
I believe the biggest one is Attitude. "If you have a guy with all the survival training in the world and a negative attitude and another guy who doesn't have a clue but has a positive attitude, I guarantee you that the one with the positive attitude is coming out of the woods alive. Simple as that" - Gordon Smith Special Forces instructor. I've also heard someone say "90% of life is showing up, dressed and ready to play ball, and the other 10% is attitude." Of course this philosophy leaves some gaps - I'd put a bigger than 0% emphasis on training & execution - but the principle is the same. The training and execution also depend 100% on attitude as a prerequisite.
Rule 2: You can Condition Yourself to Stress
I found this section interesting and entertaining. However, in business, what stress are we supposed to put ourselves under to prepare for survival? What is our "possom crawling with maggots" that we have to make ourselves hungry enough to eat? Often mine is dealing with confrontation and adversity on the people side of the job. But I don't think my "training" ought to be jumping into the most hostile and confrontational circumstances I can find.... I do take this as motivation, though, to ease into more people situations I would have otherwise avoided to build up my Mental Strength in that area.
Rule 3: Keep your priorities straight (and simple.)
I believe this is true, however I believe it is much more blurred in business. Different people at various levels of management are interacting with different departments and most of the time they all have a different idea about what priorities are. This is due to a variety of reasons. Often politics and back channel relationships drastically affect the priority things take. In a "fight to survive" situation a business needs clear goals and priorities communicated to all levels of management. And they need a measurement and feedback system to know how long it is until they are dead -- or even if they already are dead! (and just twitching until all neural activity(cash/capitol) is spent .)
Rule 4: Survival takes practice
I think they covered this is #1. But again I also strain to apply it to a business situation. What is our fire that we take for granted but cannot live without and how can we practice it? What tools/materials can we prepare ourselves with for when the time comes for more primitive methods of "lighting the fire?"
Rule 5: You can live off the land
But it ain't always fun. And "before you are deployed to an area, you need to study the flora and fauna there." What's the nasty stuff that is found most everywhere that we can keep the business going on? I believe this speaks to #1-attitude and not being "too good" to dig in there and eat bugs you dig up under a log, but lerking in here is a good story or case study that is missing to *really* apply this to business. And, in business, we pick where we are deployed. Today it just happens there aren't too many choices out there. One of these days the economy will heat back up and there will be a serious bunch of IT (and other) people finding a new "land to live off of." Because they have been screwed by their present companies with economic cutbacks as the excuse. There *are* survival times for every business. But many of us swim in a pool of sharks that will take economic news and twist it into justification to pound staff into dust and run the infrastructure to ground -- and get a bigger bonus for "tightening their belts and meeting budget." To thrive, companies need to be diversified and well capitalized to take advantage of slowdowns and turn them into future growth. When operations is somewhat quiet is the best time to study where you want to go and make investements to get you there--positioned ahead of the "just barely survivers" when things pick back up. In an upturn, those companies with improved processes, modernized infrastructures, and motiviated staff will be taking the best talent away from their competition along with a bigger share of the market. Waiting for an upturn to make capital improvements at the same time as pushing to increase production with a team of people you've demoralized the past 3 years isn't going to cut it. Your old crappy plant run by the people you've beat down yet can't find greener pastures won't be good enough for first place, or even second place.
Rule 6: Survival Takes Imagination
This is definitely true. Many people stuck in the ruts of our corporate world stick themselves there by complaining that things don't go as planned, are not planned well enough, or they weren't given warning or some other excuse they can't or won't do their job. Some issues are indeed roadblocks out of the control of the workers' and require someone in authority to act to remove it. But in more situations than we admit, a creative, intelligent person could dig in and accomplish a lot even in the face of obstacles.
Another point here is that when you are in "survival mode" (which is often all the time in new companies, in IT organizations, Sales/customer service organizations, etc) there is a "good enough" point to planning and preparation past which it is a waste of time. By the end 1/2 of the plan is out the window due to either scope creep or other issues that crop up requiring imaginitive workaround. Being able to go with the flow and improvise is very important in IT and becoming more important for business people in general.
Rule 7: Survival is the Norm
That is really the truth. Yeah, "Get over it. Life has been hard for everybody for all eternity -- your mamma isn't going to bail you out." Dig in for the long haul. I thought the quote was inspiring "Ask McKay how long he could survive if he walked into the woods right now without supplies, and he doesn't hesitate: 'the rest of my life,' he says." (the cynical side of me says, "Yeah, that's true for us all, but how long will your life be compared with anybody else...") But seriously, it would be nice to have confidence to say that whatever comes, I can make my company survive - on bugs and boiled creek water if I have to.

5/07/2003

Windows Installer


Tool to modify MSI files.
http://www.advancedinstaller.com/
Darwin says to watch for the next version:
Article from Desktop Engineer's Junk Drawer
He has a TON of great stuff about Windows Installer and other topics.
http://desktopengineer.com

Exchange::Moving users between servers


From Google Groups:

From: Eric Cooper
Subject: Re: Moving mailbox using Exchange Administrator's Tools--->Move Mailbox
Newsgroups: microsoft.public.exchange.admin
Date: 2001-07-25 15:03:57 PST

if you are moving a large amount of data or if the
Exchange servers are connected across a WAN link. Perform the move from the
destination server console. It will occur much more quickly. At the very
least try to avoid using a separate workstation to do the moves, as this
will really slow things down. My 2 cents from experience.

Exchange 2000::Moving Server


From Google Groups:
Subject: Tested and True - Move Server Method for Exchange 2000
From: "David Nandell, MCP"
Newsgroups: microsoft.public.exchange.admin

For anyone who needs to move an Exchange 2000 server from one hardware
server to a new one, here is how I did it. Minimal problems (mostly
Anti-Virus software issues) and everything works just fine.

Move Server Method for Exchange 2000
*Environment: 2 Dell PowerEdge servers, both running Windows 2000 Sp1, DNS,
and Active Directory.

1. Make sure all conditions for installing Exchange 2000 on the new server are met:
-Active Directory is functioning properly.

-DNS functioning properly.

-Windows 2000 Service Pack 1 installed.

2. Install Active Directory Connector from the Exchange 2000 CD onto the new server. I had un-installed ADC after upgrading to Exchange 2000 as it is not needed afterwards. However, to install Exchange 2000 YOU MUST HAVE ADC INSTALLED! You do not need to create any connector agreements however. Once you are done with the initial install, you can un-install ADC again.

3. Install Exchange 2000.

4. After the installation successfully completes make sure all services are running in the Services MMC.
Check System Manager - Administrative Groups - Group - Servers
to see if your new server has been added.

5. Reboot.

6. Install hotfix roll-ups provided in Q291222.

7. Reboot.

8. Open System Manager - Administrative Groups - Group - Servers and make sure Properties are the same for both servers. Make sure all the settings for Protocols, Mailbox Store and Public Folder Store are the same on both servers.

9. Open System Manager - Recipients - Recipient Update Service. On the right hand side of the MMC window Right click on the object for your server and choose Properties. Change the server to the new server. Right click on the service again and choose Rebuild. You need to do this in order to add new users.

10. Open System Manager - Administrative Groups - Group - Folders - Public Folders and:
-Right click on ALL of your Public Folders and choose Properties. Go to Replication and add the new server as a replication
partner.
-Right click on Public Folders and choose View System Folders and do the same with ALL System Folders. Make sure they are replicated to the new server.

**I waited 24 hours for things to replicate.

11. Open System Manager - Tools - Monitoring and Status and make sure your notifications and status monitors are the same for both servers.

12. Unless you have an Exchange 5.5 server, don't worry about Routing Groups. Exchange 2000 Native-mode relies on SMTP virtual server for mail transport.

13. BEFORE YOU MOVE MAILBOXES!
-Shut down ANY AND ALL anti-virus software on BOTH servers! This will interfere with Active Directories Move Mailbox wizard. You will get 80004005 errors moving mailboxes!

14. To move mailboxes:
-Open Active Directory Users and Computers.
-Right click on a User object and choose Exchange Tasks
-Choose Move Mailbox - NOT DELETE MAILBOX! and then Next
-Choose the new Mailbox store you want to move the mailbox to
and choose Next.
-The Wizard will complete the mailbox move.
-When you are all done moving mailboxes run Cleanup Agent on
both Mailbox stores. Once replication is complete Users will be able to
access their mailboxes.

15. Restart your antivirus software.

16. Make sure your users can connect to the new server. If they are having trouble:

-Go to their machine and Start - Settings - Control Panel -Mail
and make sure the Exchange settings properties are pointing to the new server. I have found that removing the Exchange Server and then re-adding it improves performance

17. You are done. You can delete the old server from the Administrative
Group and shut it down.

5/06/2003

Video Conferencing::Bridging IP & ISDN


Today somebody asked us if they can link up with our video conferencing unit(Tandem ISDN video conferencing system) from home with their webcam. If you believe it, we are going to have to go to great lengths to convince them they can't do it....
In the vein of video conferencing:
http://www.vcs-ltd.com/manu.htm has a great list of Video Conferencing manufacturers.
RadVision has a decent product line, I hear. http://www.radvision.com/NBU/Products/INVISION+Network+Appliance/INVISION+100/ They have a component based offering that can size a solution to exact ports/etc to reduce cost for midsized businesses.
RidgeWay has a product to "fix" NAT and other firewall issues: http://www.ridgewaysystems.com/

Citrix::Metaframe::Terminal Services License


Microsoft Terminal Server is licensed per seat which means every computer you access a TS from the internet burns a license. There's some "timeout" that allows a license to be released after a period of time. There is also some over the internet MS Licensing service changes that will release it.
To skip this for a temporary fix, create a .REG file from the info below and merge it on the client machine:

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSLicensing\HardwareID]
"ClientHWID"=hex:02,00,00,00,05,d9,74,7e,a0,d4,cc,9e,87,b2,61,75,9e,a9,d5,05

Citrix XP Info


I think I got this from the Citrix KB.
XP Technical Information

Misc Registry Tips


I'm cleaning house and found this great PDF of registry tips. I'm not sure where I got it and it isn't "signed" by it's author. If it's yours, e-mail me and I'll gladly delete it or give you credit.

Registry Tips

Exchange 2000::Allow rule generated messages to internet


To permit rule generated and Out of Office messages to get to the internet:
Open Exchange System Manager and go to:
Global Settings > Internet Message Format
Click "Default" item in the right pane and go to properties
Check "Allow out of office responses" and, if desired, check "allow automatic forward"

Exchange 2000::Disclaimer


How do I make a disclaimer at the end of each e-mail message?
I believe there was some registry entry that could be created that did this in Exchange 5.5.
We do it with a 3rd party internet mail server that all our mail passes through.
This product at http://www.ssgtechnology.com/solutions/smtpdisclaimer.asp will do this for you for Windows 2000. $150 per server.
Another product is http://www.exclaimer2000.com/ "From $139..."

5/05/2003

Spam::Relay::Blacklists::Perl


Perl script to test for open relay:
http://www.monkeys.com/mrt/
A very interesting resource to test for open relay using serveral methods yourself without queuing a relay test someplace like:
http://www.ordb.org/

5/01/2003

Cisco::Router::Clear counters


why is it so difficult for me to remember?
clear counters

answer Yes and it resets the interface statistics.
DUH

Citrix::Outlook::PDA's::T1 Communication:: and Life In General


A glimpse into my life.
Background
We use Citrix MetaFrame machines to serve our remote offices. This saves the money and administrative pain of remotely administering application servers, domain controllers, etc for an office of 15 people. We have some issues. Most surrounding large print jobs. But it was a decent plan with tradeoffs supposedly made clear up front and users were "trained" how to act for this all to work out fine over a T1 connection. I am told after the users logon they open a Citrix session that is maximized on their screen and they were trained not to work outside of Citrix. Now, 18 months into it people forget (or don't care) what they swore to and want to fit a round peg into a square hole.
User Issue
Below is an e-mail thread quoting an IT manager, me, and a user. All of us will go nameless to hide the shameful stupidity that is their lives and is becoming mine.
From: [IT Manager]
To: [Me]
CC: [about 10 other people, 2 of which might actually care or be remotely involved....]
Mr. _________ has reported the following issue.
He has a laptop and opens his Outlook on the local PC. (For
a reason that I can not remember, I believe we instruction
the [remote] office LAPTOP users to open e-mail on
their local PC.)

He is the local counsel for [blah blah] in the [blah blah]
case, so he is getting e-mails with 2MB to 5MB attachments.
It is taking a long time (35 seconds in above e-mail, up to a
minute on others) to open just the e-mail, not the attachment.

When he opens the e-mail at home (or in the office) on
Citrix, it opens immediately.

Is there a setting on his e-mail system that would improve
this response time? Is there a cause for this slowness.

[He] also had an e-mail in his inbox that showed as being 5MB.
When he forwarded that same e-mail to me the size showed as
only 2MB. This defies my explanation.

From: [me]
To: [them all]
1. Regarding the size difference you observed:
- Exchange 2000 accepts and stores internet messages in "internet mail format" to save time converting the message to "microsoft mail format." Internal messages are created in and stored in "microsoft mail format" so when you forwarded the message it was converted from one format to the other and compressed some as a result.
- I sent test messages to myself from internet accounts and recreated a similar size reduction when I forwarded the message to an Outlook/Exchange recipient.

2. Regarding the speed of opening an attachment:
- When opening an e-mail the entire message (2MB or 5MB) must be transferred to the machine where it's being opened. So regardless of whether you open the attachment or not, the whole thing, including the attachment is copied to your computer.
- So when a message is opened from Outlook running on the laptop across the interoffice connection the whole thing must be transferred over the slower link. At the best possible connection speed sharing the connection with noobody else 5MB will take about 54 seconds to be transferred. At an average connection rate (about 70% of max) 5MB would take about 76 seconds to transfer.
- Also during the time Outlook is downloading this message and it's attachment across the network link performance is degraded. The larger the file, the longer the download time, and the more noticable this diminished performance will be to the other users. This drop in performance would also be apparent if laptop users forget and use the laptop window to browse the internet, download internet documents, etc. Using the Citrix server to perform these operations reduces the amount of information that must be transferred over the network link. In the case of the Outlook message, the Citrix machine opens the message and only shows you it's screen, it doesn't have to transfer the entire message file over the network link to the laptop.
- I was not aware laptop users were instructed to use Outlook from their laptop computer intstead of Citrix. If anyone uses offline folders or is synchronizing Palm pilot, that is possibly the reason for this recommendation - because those operations require transferring the data to the laptop. However, once these synchronizations have completed, it is not necessary to continue working in Outlook off the laptop the entire day - only at the beginning or end of the day to synchronize. I realize that can be confusing and also easy to forget.

User Response:
Thank you for the response and I think I understand. I'll try not to shoot the messenger, but now I remember why I didn't like this rigged-up system for the satellite offices at the inception of the conversion. If I'm sitting at my desk working on the Citrix screen and somebody calls to schedule a conference call for next Thursday and I put it in on my calendar and then an hour later I leave to go to a meeting at another firm and they ask if I'm available next Thursday for another meeting, unless I remembered to go back to my blue screen and sync my PDA (which now automatically syncs to Outlook whenever I enter a change on my desktop), I run the risk of double booking meetings. You may think this is a remote possibility, but I'm here to tell you that it's not.

For a firm our size with our resources, I can't believe we can't come up with a better plan.

This brings out a lot of issues. One is that no matter what "management of expectations" you do, it wears off over time. And another is the total disconnect in how things, big things, run in a medium size company. One group of penny-pinchers runs the up front part of a project and then dumps it off on people who do the real work. Somehow everybody agrees to it all in the beginning. Then people start complaining about "the level of support" they get. Forget that my "level of support" is greatly dependant on how the big picture was conceived and implemented. Then people start asking why this and why that and how much would be if we just . . . . . .
And on it goes until people just start whining behind our backs and drop it or we spend the money to do it right.
On the technology front, it would be nice if I had time to research Microsoft Mobile Information Server and get a straight answer on when it will support "pushing" updates to wireless clients. (I was told it would by a MS rep.) And if this guy would get a Blackberry I think we can get him setup so his calendar syncs wirelessly, but not his contacts. But this guy has had about 8 different PDA's in the past 20 months so he's probably got some whiner reason not to use it. And Good Technology has some decent looking devices that will wirelessly sync everything.
Another thought would be to block traffic on the routers to *only* allow them to get to Citrix. This would undoubtedly lead to a lot of other apps being blocked that nobody else knows are going on.
This also brings to the front of my mind that when users (or worse management) asks a direct question like "would it work if..." or "how much would it cost to _____" they don't *really* want the truth. Every one of these questions I get 10 times a day really requires a day of consulting (and possibly therapy) to get to the true need behind the question. But the few times that happens they don't like the answer. They a) don't believe you and move on to another sucker b) can't make it fit into a scenario in which they can resolve a big problem and take credit so they drop it (costs too much, requires actually committing to a list of desired deliverables, and/or they can find a bigger sucker to allow a piddly question to scope creep into a nightmare and get blamed for failure)
I've got to work on my mind reading skills.