2004-11-26 “I Can’t Get No Satisfaction”

Lot’s of posts recently on a variety of subjects — ISA vs anything else, to patch or not to patch, spyware (scumware), Raid configurations, firewalls and XP SP2 blocks applications from running, … and the list goes on.. It reminds me that we can’t satisfy all the people all the time.

So, let’s jump straight into this week’s song — which was recorded almost 40 years ago (tell me it ain’t so!) by the Rolling Stones–

I Can’t Get No Satisfaction
aka I Can’t Run No Application

I can’t run no application, I can’t run no application
‘Cause I try and I patch and I load and I cry
I can’t run no, I can’t run no

When I’m workin’ at my desk, and the boss comes on the intercom
He’s tellin’ me more and more that AOL has some useful information
Supposed to fire my imagination

I can’t get no. Oh, no, no, no. Hey, hey, hey
That’s what I say

I can’t run no application, I can’t run no application
‘Cause I can’t and I don’t but I should and I’ll try
I can’t run no, I can’t run no

When I’m watchin’ my server and the event log tells me
How bad my server looks
But, this can’t be my server ’cause it doesn’t work
like it says in Harry’s book

I can’t run no.
Oh, no, no, no.
Hey, hey, hey, That’s what I say

I can’t run no application, I can’t run no application
‘Cause I try and I try and I try and I try
I can’t run no, I can’t run no

When I’m workin’ straight thru the night,
and I’m patchin’ this and it’s lookin’ right
But when I try to reboot, and it tells me
Baby, better come back maybe next week
‘Cause you see I’m on a losing streak

I can’t run no. Oh, no, no, no. Hey, hey, hey
That’s what I say. I can’t get no, I can’t get no
I can’t run no application, no application
No application, no application


Kevin Weilbacher [SBS-MVP]
“The days pass by so quickly now, the nights are seldom long”

Which routers do you use with SBS?

Recently, I surveyed several of the SBS MVP’s to find out which router(s) they use or recommend with their SBS installations. Their answers are listed below (no names, to protect the innocent!). As with many things, there were different opinions. If you have your own personal favorite, please add it as a feedback.


 


MVP #1: I’m using low end routers (DLink DI-604) along with the Basic firewall because these clients (under 15 users; no heavy Internet activity) normally don’t need a router that has all the high end features of VPN, SPI or extensive logs.  The DLink  is really cheap, but it gets the job done. VPN works, basic logging and it appears to keep the bad boys at bay.  None of my sites require multiple simultaneous VPNs at this point.


 


MVP #2: I’ve used low end SOHO stuff too – mostly D-Link, but moving more towards MultiTech for the more wealthy clients.


 


MVP #3: I use cheap routers, Netgear mostly. The only client that requires multiple VPNs have a Linksys RV082 (which is quite good). I also have a Cisco which I don’t manage (don’t know how either J).


 


MVP #4: If we’re providing the router, we usually go low end – D-Link DI-604.  They’re cheap and work great.  We don’t have any sites with need for multiple simultaneous VPN tunnels or the like.  We do have a handful of clients that have ISP-provided Cisco routers.  As a result, I was forced to familiarize myself with the Cisco CLI.


 


MVP#5: Using Netgear mostly, and some D-Link (although not by preference).


 


MVP #6: I have a very specific dislike of DLink. They’re gear looks cheap, feels cheap and has caused me more grief than I care to remember.


 


MVP #7: The DLinks certainly don’t have the look and feel of a $300+ router, but I’ve had very few problems with the DI-604.  It’s a little long in the tooth but has been a workhorse.  Just had a client replace his defunct Sonicwall with one of these and he says his Internet downloading is faster now (not sure I could quantify that).  Occasionally the PPTP passthrough needs to be reset and the router rebooted, but that’s about all.  I had some issues with Linksys and VPN a year or so ago.  And haven’t had the need to venture out into wireless routers yet (other than playing with them for home use).


 


MVP #8: For a low end unit the DI-604 has woked well for me with 0 failures so far. Linksys used to be my product of choice but lately their QC seems to have dropped.


 


MVP #9: I acknowledge that this is a high level of overkill, but I use a SonicWall TZ170.  I had to replace my Linksys since I needed a device that supported more VPN connections.  Since I had to spend money anyway, I decided to get the SonicWall under the Susan Bradley layered security theory.  We have a mountain of confidential client docs on our Intranet, and we’re appropriately paranoid for that reason. FWIW, it works well in all respects.


 


MVP #10: I have used a bunch. I like SMC since they give you the option of saving the configuration to a file. They are also quite easy to use and configure. Adding other features like VPN, Netgear has been good to me. 3Com and Nortel are good in the high side.


 


MVP #11: I let the isp supply me with a connection I can use. Cisco router that they administer is fine. Westel or Netgear router that they supply that I can configure if I need to is fine. If for some reason they supplied just a dsl modem then I will get a Linksys, Belkin or Netgear router. I do not really sweat a router as a first line of defense. Heck, some isps give you a router wide open. You are on your own to configure ISA to do its job. I am more worried about people contaminating their own machines than someone hacking in.


 


MVP #12: Most of our sites use NetGear. The older models are better than the newer. We’re actually disappointed with the operation of several newer models. When we had to have something with VPN capability, we found the Netgear FVS we bought was a piece of junk (there’s a later model with a different mobo in it, much improved). We found SnapGear Lite or Lite+ good – they’re now called CyberGuard and the model is SG300. Good thing about them, they can act as VPN endpoint but don’t interfere with passthrough. We’re having a problem with one unit locking up occasionally though.


 


Our newer sites using ADSL we’re putting Netcomm combined ADSL modem and router into, not sure of model nb1300? Or relying on whatever the ISP can supply, we’re finding that having an ISP supplied router/modem combo is helping from the support angle, something going wrong with internet the ISP is responsible up to our external interface.


 


If we were putting Standard in (which we very seldom do) we’d like something like a WatchGuard Firebox. We have one site with a Firebox III, it’s a decent device. Not to be confused with the Firebox SOHO which was already in place when we took over another site, a capable unit but we’re glad it’s got ISA behind it. The most reliable device for Australian cable (BigPond) is the Compex NetPassage 15. It was the first unit to be available in AU with builtin login client. No other router has a login client as robust as this unit.


 


MVP #13: For my own office I use a SonicWALL SOHO TZW.  I’m paranoid about having my client data at risk, so I’ve used a Watchguard SOHO and then a SonicWALL Tele 3, and now the TZW.  For client sites I place them either behind a SonicWALL and then use Netgear or Linksys switches on the LAN, or I use ISA (SBS Premium) and place it directly behind their broadband device.  ISA only goes into offices that I don’t intend to have site to site VPNs in and I use a straight CEICW install.  If site to site VPNs are going to be happening, then I deploy SonicWALLs and do IPSec box-to-box connections between the offices.  For home users not running a server, they normally end up running a Linksys or D-Link because they are easy to get at the local office store.


 

Slow File Transfers & DELL Servers

We get a lot of posts complaining of slow file transfers from workstation to the SBS server. The first suggestion we make is to disable SMB signing, which is properly described at www.smallbizserver.net. The other thing we suggest is to switch your NIC card away from autosense/autodetect.

 

I’ve had a server that has had the same ‘slow file transfer’ symptoms for two weeks, and yet nothing I did fixed the problem. Finally, tonight, I had a chance to ‘google’ through this newsgroup looking for other ideas. I found a post from Chad Gross (in August) saying that with Dell servers in particular, that he had to set the NIC card back to autosense to fix the slow file transfer problem.

 

Well, I connected up, switched the server NIC back to autosense, and reran an 80mb file transfer that previously took 11 minutes to complete. This time it took 30 seconds!

 

Thanks, Chad!  Thanks, Google!  Thanks, Dell (not!)

 

 

2004-11-19 “Singin’ in the Rain”

I suppose the reason I like to sing, and to listen to music, is that it makes me happy. Nothing like a good ol’ rock ‘n roll song, or a broadway showtune, to lift my mind out of the day to day work issues … and whistle a happy tune!

I was standing in a very long line at the Washington DC/Reagan National Airport yesterday evening to fly back home to end one very long (21 hour) work day. I turned to the person behind me and started talking about show tunes. Before long, we had a whole group of people talking about their favorite movie and showtune. Sure made waiting in line to go through the Security Clearanace a lot a happier event.

One of my all time favorites movie musicals, now over 50 years old, is ‘Singin’ in the Rain’, with Gene Kelly, Debbie Reynolds, and Donald O’Connor.

MP3:
http://www.reelclassics.com//Audio_Video/Music4m/clips/singin_maintitle_clip.mp3
Midi: http://members.tripod.com/~bakkutteh/singing_in_the_rain.mid


Singin’ in the Rain
aka Patchin’ Once Again

I’m patchin’ once again
Just patchin’ once again
What a glorious feelin’
It’s broken once again

I’m looking for help
The boss is upset
The sun’s in my heart
And I’m ready for bed

Let the stormy clouds chase
Every bug from the place
Come on with the patchin’
I’ve a smile on my face

I load up my tapes
While I sit here and wait,
Just patchin’,
Just patchin’ once again

Patchin’ once again
Dee-ah dee-ah dee-ah
Dee-ah dee-ah dee-ah
I’m happy again!
I’m singin’ and patchin’ once again!
I’m patchin’ and singin’ once again.


Kevin Weilbacher [SBS-MVP]
“The days pass by so quickly now, the nights are seldom long”

How to “ghost” your SBS system disk

A tip of the hat to Merv for this information!


A frequent question on the NG is: can I use Ghost to make copy of my SBS system drive, and if so, which version of Ghost should I use?


Merv’s answer is: You can use Ghost 2003 (or later).

1.  Install the Ghost 2003 software on a Win2K or WinXP workstation (not the server) and then make a set of Ghost Boot floppies using MSDOS as your operating system on the floppies (requires a MS DOS bootable disk or CD to copy the files from this to your Ghost Boot Floppies). 
2. If you don’t have a Win98 boot disk, try this site: http://www.bootdisk.com/bootdisk.htm
3.  Reboot the server and make sure there are no errors in the Event Logs and that all services are started and running properly.
4.  Shut down the server.
5.  Install the new drive in the server as SCSI 1 (set jumpers on drive if necessary) and use Disk Management to format it (or Disk Administrator, depending on your operating system)  —  do a Full format (not a Quick format) as NTFS.
6.  Shut down the server
7.  If the original and the new drives are vitually the same size, remove the new drive as it can be confusing determining which disk you need to image when using the Ghost DOS interface
8.  Boot the server from the Ghost Boot Floppies and image the original drive to an external USB drive or a spare IDE drive in the server.  *
9.  Shut down the server
10.  Remove the original drive and install the new drive as SCSI 0 (set jumpers on drive if necessary)
11.  Boot the server from the Ghost Boot Floppies and then restore the image o the new disk.
12.  Reboot and “exercise” the new drive to make sure that everything works a it should and there are no errors in the event logs.

*  I find it better to use the “Partition to Image” method to create the image (selecting all partitions on the original disk) and then use the “Disk from Image” method to restore the image to the new drive.  This will allow you to resize the partitions on your new drive during the restore process,
if that’s desirable.

This process keeps your original drive intact in case there’s any problem with the image restore.

Merv  Porter  [SBS MVP]

2004-11-13 “Mrs. Brown, You’ve Got a Lovely Daughter”

Did you notice that MS released a new MSN search (beta)? You can see it here: http://beta.search.msn.com/

 

While fiddling around with the new search tool, I was listening to the oldies radio station that plays all the hits from the 1960’s and 70’s. It’s amazing how one can still remember all the words to just about every song, even though it 30-40 years ago. One of the fun songs back then that I enjoyed playing on my guitar was from the Herman’s Hermits -

 

Mrs. Brown, You’ve Got a Lovely Daughter

aka Mister Gates, You’ve Got a Lovely Server

 


 

Mister Gates, You’ve Got a Lovely Server

Disks as fast as yours are somethin’ rare
Now I’m glad, searches don’t take so long
You’ve made it clear enough that Google isn’t gone

You want to finds those links that I have searched for
Tell me all the pages and their names
Things have changed, Searchin’ won’t take much time
You’ve made it clear enough it ain’t no good to pine

Searchin’ about, even in a crowd, well
You’ll pick ‘em out, makes a bloke feel so proud

If you find that I’m still usin’ Google
I’ll tell you that I’m well and feelin’ fine
Don’t get down, don’t say I’ve broke your heart
It’s just that Google’s been good to me

 

Mister Gates, You’ve Got a Lovely Server (lovely server)

Mister Gates, You’ve Got a Lovely Server (lovely server)


Kevin Weilbacher [SBS-MVP]
“The days pass by so quickly now, the nights are seldom long”

 

Change port Exchange SMTP uses

Recent problem posted on the NG: 


We do not have a static IP. Our ISP requires that we forward mail to their SMTP server on port 1025 instead of port 25. When I look at the SmallBusiness SMTP connector there does not appear to be a choice for the SMTP port. Is there a way to specify port 1025 for just their smarthost?


The answer (provided by Henry Craven) was:


1. Shut down the Exchange services
2. Go to: %systemroot%\system32\drivers\etc\services file
3. Edit the contents for the smtp service to specify another port number
smtp   25/tcp  mail          #……

and change it to:
smtp   1025 /tcp mail      #…..

4. save the file then restart the Exchange services.


Thanks, Henry!

Sharepoint Search not working

If you are running Sharepoint with SQL (not WMSDE), you’re supposed to be able to perform full text searchies. If searching is not working for you, make sure it’s enabled. Here’s how:


1. Click Start > Administrative Tools > Sharepoint Central Administration.
2. Scroll down to the Component Configuration section
3. Click on the Configure full text search link
4. Click the box to enable full text search
5. Click OK, and then wait several seconds while it updates.

2004-11-05 “Wild Thing”

Well, it was one wild week here in the states with the Presidential elections. Fortunately for us in Florida, it was Ohio’s turn to be the center of attention. Kudos to John Kerry for not dragging out a long, extended legal battle.  It’s also a wild time as Susan Bradley has declared that the elephant (Microsoft) has decided to move quickly with new security announcements.

 

For me, it’s been a wild week with lot’s of paper work, so I’m taking my wife out to the beach for a weekend getaway. Jeff M. is going to have a wild month ‘down under’, and the SMB Nation around the world tour just kicked off. So, this week’s song was an easy one — it was the one hit wonder for the Trogg’s. Let’s all get up and sing along:
 
Wild Thing!
(dedicated to all those SBS 2000 servers waiting to be upgrade to SBS2003)
 
Wild thing, you make my disks sing
You make all my files groovy
Wild thing,
 
Wild thing, I think I need you
but I wanna know for sure
So come on and let’s upgrade you
As we did before!

Wild thing, you keep me surfin’
you keep everything purring
Wild thing,
 
Wild thing, I think I need you
but I wanna know for sure
so come on it’s Sharepoint time
before we close the door

Wild thing, you make my disks sing
you make everything groovy
Wild thing….


Kevin Weilbacher [SBS-MVP]
“The days pass by so quickly now, the nights are seldom long”
 
 

Cannot make IM Audio/Video work through ISA

The following question was recently asked on the NG:


“Does anybody know how to allow the Video/Audio in MSN6.2 through ISA firewall. I have tested it OK between 2 laptops over the internet, but when I return one back to our SBS2003 LAN and try a video conf, I get the message: Your computer, Internet provider or network may not support audio conversations or video conversations.
Any Ideas ?????

Steve Foster replied as follows:


You will not get MSN Messenger video/audio to work through ISA. I don’t think ISA2004 will support it either.

The problem is that the audio/video connections are built dynamically, on random ports, directly between the two ends of the IM conversation, without going through the MSN IM servers. Both ends need to allow incoming connections on those random ports.


Many firewalls don’t support MSN Messenger audio/video.

This is one of the [self-inflicted] problems where uPnP helps (as it allows the client to reconfigure the firewall on demand). Personally, I don’t want my firewalls dynamically reconfigured, thank you very much…

Steve Foster [SBS MVP]