Category Archives: 887

Calling all network manager type people

Put this onto your radar:


http://www.microsoft.com/systemcenter/essentials/default.mspx


Had a meeting with some bodies here at the MS Australian partner conference just a while ago, in particular the lovely Frederique Dennison (Product Marketing Manager, Secfurity and Management) where we were discussing network management tools and processes.


Microsoft is certainly ramping things up for the SME end of town and if you work in this space then you need to start getting familiar with System Center Essentials (SCE) before the guy up the road does. It’s going to change the way networks are maintained moving forward – making things easier, more visible, more pro-active rather than reactive (aka waiting for the phone to ring).


You can download a VHD of SCE to play with so you’re not installing it into your production environment to begin with, and being a virtual machine you could even play with it whilst flying home from the conference [8-|]


Hint: SCE is part of the wave hitting a network near you next year (http://msmvps.com/blogs/calvert/archive/2007/08/31/aussies-add-this-to-your-rss-feed.aspx), so get your board waxed and ready ahead of time.


 

Watch your bindings order

Just got back from installing an additional NIC in an ISA2004 firewall. The ole network bindings order gotcha hit me yet again so I thought it was time to write this down to remind me – and hopefully save you from this grief.


When adding a new network interface (phyiscal, wireless, 1394 etc) to a Windows machine (and I’m considering XP & Windows Server 2003 here but the same may well apply to other versions) you need to make sure you set the bindings order for all the network cards correctly in order to maintain proper operation.


For example, in your typical SBS2003 server there are 2 netowrk interface cards (NICs) and the server, when performing operations such as DNS lookups etc, needs to check with the internal NIC first because that’s where things like DNS and WINS are bound first. Get the network card binding order wrong and you’ll find DNS lookups will fail (this is why you ALWAYS USE THE WIZARDS!!! (excuse the shouting)).


Anyway, back to the story at hand. I installed an additional NIC into this firewall, giving it 3 interfaces in total. All appeared to be OK so I left the site. Got a call about 10 minutes later to be told “I can’t browse the Internet from my computer”. After spending some time RDP’d into the server (using my new Telstra Next-G card which totally rocks!!) I thought I’d disable the new NIC for now. Also noticed an error in the event logs about the proxy service not being able to bind to the internal NIC.


It was about this time that I thought of those darn network binding order settings. I checked them and sure enough the new NIC (for the DMZ) was at the top of the list. Moved it down to the bottom, restarted the ISA services but that didn’t fix it.


We restarted the server and this proved the winner as everything was then able to start up & bind appropriately.


So, the lesson here is when installing an additional NIC into anything, in particular a server, check the bindings order. “Where is that?” I hear you ask?


Open your network connections folder and select the “Advanced” menu item. Click on “Advanced Settings…”.


Check the list of connections for the order of the network cards – make sure the internal NIC (the one things are bound to) is the top one. {and one of these days I’ll work out how to attach images to this thing so I can show you what to look for}.


Remembering this would have saved me from sitting on the side of the road for 25 minutes and let my client get out of the office a bit ealier.


 

Got “companyweb” prompting you to log in?

This one has been bugging me for a while.


Nice shiney SBS2003 Premium and the network clients can happily access the companyweb intranet site. When we introduce a W2K3 terminal server into the mix though, whenever we go to access the companyweb it prompts for a username and password.


Hmmm – check event logs, security permissions etc etc but nothing makes sense. Even played around with ISA despite knowing this couldn’t be part of the equation.


In chatting with some fellow SBSers, most of them would suggest I check DNS and making sure companyweb is in the Internet Explorer “trusted sites” site. But it already was!!!


OK, thinking about this….it’s actually part of our own network, which we naturally trust anyway, and more specifically it’s our intranet. Check that site – nup, not there. So I added it in (got prompted about moving it from the trusted sites to the intranet sites – hit the OK button and you’re in) and voila – prompt removed.


I can now happily open and close my companyweb from my terminal server (aka remote desktop server) without being prompted. Time to go check group policy to see if I can have this done automatically for TS users.


So – remember the enhanced W2K3 Server IE security settings and that even though you can TRUST your SBS, you want it in your INTRANET site.

It’s been a while since my last post…

actually it’s been waaaay too long, but I guess it’s OK when I consider how busy the last weeks have been.


I was just reading one of Chad’s older posts (http://msmvps.com/cgross/archive/2004/12/02/22108.aspx) and it made me think of one of the swing migrations we did a couple of weeks ago – this was a new client who’d had SBS2003 Premium installed for them by another provider but had not followed the wizards to any extent.


To begin with, the users on the network were still using PSTs for their email so they didn’t have any of the cool Exchange features available to them. Next, some of the machines on the network (XP based notebooks) were still in workgroup mode, so there was no possibility for them to take advantage of the power of group policy.


The “server” (which is just a PC acting as a server – a BIG no-no in my books) had a hardware IDE RAID card in it, but the 2 120Gb drives in the server were using software based mirroring which was placing a huge load on the server performance, so much so that at times their software became quite unusable.


The list went on and on. I had my first visit on new years eve to investigate a problem where the server would not boot properly – it would present a boot menu which the other providers had setup to allow booting from the mirrored drive, but the default boot option for SBS just didn’t work. Quick fix of the boot.ini file and restarts were fine again.


I investigated further – another problem was email had stopped coming in and was in fact bouncing back to the senders. I found an incorrect primary MX record for their domain and managed to get the owner of their ISP on the phone and arranged for their DNS records to be updated accordingly.


As I went through tidying things up I came to the conclusion that I was applying bandaids to the system and it really needed to be rebuilt. I simply told my client “You know what I’d really like to do with this server? I’d love to just wipe it clean and build it properly for you, so that I know it will work”. She was keen and after a brief discussion of when & how we agreed on my rebuilding the following weekend.


I knew I was going to use Jeff’s swing methodology to allow me to keep the Active Directory information which would mean the notebooks that were actually part of the domain could remain relatively untouched.


To make a long story short, we rebuilt the server whilst maintaining the AD settings, all notebooks are part of the domain complete with Exchange based mailboxes (with IMF happily running), anti-virus (went with Trend CSM on this one) and backups that work.


My client is very happy with the end result and I know that yet another SBS is running as it should.


So what’s the moral to this story? I guess if you’re an IT provider and you’re asked to install SBS for a client, if you don’t understand how SBS really works and why you need to use the wizards, please take your hands off that server and step away. If you just jump in like it’s “normal” Windows you’ll most likely break it, break the client, break yourself and damage SBS’s great reputation. There is a whole community out there to help you understand WHY you need to do things the SBS way, as well as HOW. (Also see here)


At the very least find and join your local SBS users/partners group where you can safely ask the hows and whys. Oh, that reminds me, need to promote the next Adelaide SBS UG meeting…