Calyptix, IP blocks, and SMTP servers

Calyptix Access Enforcer firewalls are great.  I’m writing this post from behind our AE1000 right now.  I’m a big fan of theirs and intend to deploy many more at our customer sites as we refresh their existing firewalls and servers.  That said, there is a bit of an issue with the SMTP aliasing right now.  If you are using a single IP, or have it behind another NAT device (normally a DSL or cable broadband endpoint) then you are okay.  But if you have a block of IPs configured in the Calyptix be careful.  If you have x.x.x.21 as the Calyptix WAN address and your SMTP server is at x.x.x.22 then your outbound mail is going to have reverse DNS issues because all mail passes through the Calyptix and reflects the Calyptix external IP, not the SMTP server’s public IP that you’ve mapped.  It is a very simple fix to flip the external IP of the Calyptix over to the x.x.x.22 and you’ll already have the ports mapped properly (those don’t change) if you were doing mapping, at least that was the case with the one I took care of earlier today.  Nothing else had to change on the LAN or any other settings on the Calyptix, at least for our situation.  Calyptix recommends that partners check out https://partners.calyptix.com/node/131 for gotchas to watch out for when doing this too.


Calyptix is aware of the issue (they recommended the IP swap to us) and have a fix in the works that will erase the need for the steps above, but if you have recently deployed an AE with multiple IPs assigned to it and are running into hassles, check your mail headers and try the IP swap.

Does Doyenz have their head in the clouds you ask?

The REAL Cloud City


“Suspended high among the pastel clouds of Bespin, held aloft by huge repulsorlifts built into its curved frame, is a floating metropolis of sophisticated beauty and political freedom. Cloud City exists not only as a mining colony, extracting valuable Tibanna gas from the depths of the giant planet, but also as a sanctuary for those trying to escape the turmoil gripping the galaxy.” Oh, sorry, wrong cloud.  ;-)


Ran across a post regarding Doyenz today by Joe Panettieri over at MSPmentor, Will Small Business Server Move Into the Clouds?  I do not work for Doyenz, have not signed a partner agreement with them as of yet, and do not know where Doyenz may ultimately go as a company, but I do know what I’ve heard from them over the past twelve months and I don not think that their initial concept/business model has changed in the past five of those months.


Doyenz first showed up, in the form of their CTO, Przemek Pardyak, as an attendee at a PSSBS user group meeting back in November of 2007.  At that time, I had no idea who Przemek, or the company was.  Przemek emailed me in December to introduce himself again and but I didn’t pursue a conversation at the time.


Jump ahead to March, 2008, when a customer of mine emails an introduction to Doyenz CEO, Ashutosh Tiwary, over to me:


—–Original Message—–
From: C…
Sent: Thursday, March 27, 2008 11:24 AM
To: ‘Ashutosh Tiwary'; Steven Banks
Subject: Intro btw CEO Doyenz & Steven Banks


Steven,


This morning I had the opportunity to spend an hour with Ashutosh, an
opportunity you should mirror.  He created a startup that uses the notion of
a virtual machine to automate the provisioning of SBS-like services to small
and medium sized companies.  He is super passionate about the segment and
knows that he wants to build a product that you and your community will
adopt and promote.  As such he needs a community of like-minded souls for
feedback and guidance.  Please take the chance to meet with him; I know
you’re both very busy but each of you has a lot to offer the other.


Regards & thanks,


C…


Based off of my client’s introduction and a subsequent meeting in person with Ashutosh at a Starbucks in Bellevue, I set up an event for our Puget Sound Small Business Server user group that coincided with the last night of Microsoft’s 2008 MVP Summit, and Ashutosh had what I believe to be his first public presentation of his company, what they had envisioned for their service offering, and a rough time-line of when they would have something tangible to show us, and how he saw it as a progression in how those in the room had been doing business up to this point in the SMB / SBS space.


While there were many heated, sparked discussions that night, especially a very enjoyable devil’s advocate “what-if” game played by Jeff Middleton and Henry Craven across a few rows of seats from each other, complete with choosing others in the room to represent their employees and businesses effected by their scenarios, one thing came out of that discussion that really hit home.  This was reiterated by Ashutosh in October, when he met with us again prior to his launch at SMB Nation in Seattle.  This is my translation of what I heard:  Doyenz is not looking to be a cloud hosting company.  They are creating a service offering that leverages economy of scale and deals with different providers, like Kaseya, to offer the SMB space a low cost solution that funnels services through Doyenz.  They are positioning themselves as a servicing corporation to the SMB partner community.  By going to Kaseya, the example mentioned by Panettieri in his article, and to others they are striking agreements with, they are signing deals based on an estimated number of potential end users, then bundling the services and providing the SMB partner/reseller an opportunity to use those services as part of the Doyenz virtualized delivery system as a whole package.  Doyenz adds to the services by giving the partner/reseller a scripted vending machine type of approach where you go to the vending machine, I mean Doyenz Website, you place your order for an SBS 2003 Server, and you then pick up your end product out of the slot at the bottom of the machine in a few hours.  What you do with that end image is completely up to you.  You can run it on a customer premise server(s), you can host it at a collocation facility of your choice, or you can host it at your own facility.  They really don’t care, and are not in the “cloud” business.  They are in the business of collecting a monthly revenue stream resulting from the collection of services they are packaging for your usage and the ability for you to take the server they created for you and to update it in a virtual sandbox that Doyenz does host, where you can make changes and test things out before dropping them on a live production box, and then at night or an off-time you choose, you can shut down the production virtualized box, and update the image with the changes you have instructed it to do by your actions performed on the sandbox machine.  Doyenz does not want you to run your boxes in their sandbox as a cloud based service.  The only individuals making the choice of whether Doyenz is part of a cloud solution are you and your end customer.  If you really wanted to, you could take a Doyenz virtualized deployment and do a virtual to physical move and be done with them.  But the beauty of their solution lies in their package of services for a very low monthly cost, with the incredible opportunity to use scripts and test updates on a “live copy” if you will, of your customer’s production server, and then with the click of a mouse, instruct the Doyenz system to apply those scripts and updates after hours to the customer’s box.


So while the MSPmentor article is correct in that Doyenz does have, and I’m sure are still creating, quiet relationships in the background with Kaseya and others, their motive is not to put SBS in the cloud.  Their motive is to put SBS into a Doyenz virtualized environment on whatever hardware or hosted solution you choose, and then for Doyenz to be the value-add you will be excited to pay a monthly service fee to for the life of that server because you are getting a great amount of value from the bundle of those quiet relationships they have created and from their own technology that drew you to Doyenz in the first place, the ability to test and apply changes in an automated fashion without having to risk damage to the actual server.


I welcome your comments and ideas around this.


Steve

Have a Calyptix and Microsoft Updates are failing?

Setting up a new Windows 2008 x64 Server and loading updates on a customer’s Vista notebook.  Having updates fail on the server with an 802002b error stating “Windows Update encountered an unknown error” on the 2008 box.  I have also been having an IE 7 update failing consistently on our SBS 2003 box.  Decided to try turning off the Web monitoring/filtering our office’s Calyptix AE1000.  All updates completed without any trouble.  I like the Calyptix, but if you are running into similar errors, either on Calyptix, or other firewalls for that matter, try turning off the monitoring / outbound filtering.

Do not install IPv6 on your SBS 2003 box

I owe the .NET team an apology for blaming them as the original cause of the problems described in this post.  The pro and con of blog posting is that we can fire off a post and later find out there was a different cause for the effect we were hit with.  So sorry guys and gals for coming down on you so hard.  Figured with the SBS 2008 issues we’ve been seeing after 3.5 SP1 that they were spilling over to SBS 2003 as well. – Steve


This post was originally called – .NET Framework 3.5 Service Pack 1 when I wrote it last Saturday, the 21st of February.  While I still recommend running the .NET family updates mentioned below, the reason the SBS box went into a tail spin turned out to be installation of IPv6 we did while testing an app on the box that happened to coincide within the same week the .NET SP had been applied.  Confirmed this today.  With the application vendor on the phone, I re-ran their installer and configuration tool and the server decided it was time to restart:


—————————


System Shutdown


—————————


The system is shutting down.  Please save all work in progress and log off.  Any unsaved changes will be lost.  This shutdown was initiated by NT AUTHORITY\SYSTEM.  Shutdown will begin in 44 seconds.  Shutdown message: Windows must now restart because the Remote Procedure Call (RPC) service terminated unexpectedly.


—————————


OK  


—————————


This looked extremely familiar to last week’s issue, so now we had a culprit.  What we looked at next was that the application (we’re in pre-beta testing so can’t give out the name at the moment) was using Teredo to tunnel out over IPv6 and would install IPv6 if it didn’t see it installed.  By going into netsh we were able to remove the protocol.  I’m including the command to remove IPv6 from your SBS 2003 if you by chance decide to install it on your box too and need to get it off of there.  It broke RPC over HTTP, POP3, and IMAP4 Exchange Protocols in addition to the box “forgetting” it was an SBS box as shown below in the original post.  Here’s what you need to type to remove it (do not remove from SBS 2008 boxes, you need it on there).


type: netsh <ENTER>

at the prompt type: interface ipv6 uninstall <ENTER>

You will be prompted to restart the server after it completes.

So, again, sorry to the .NET team for the error in placing blame.

 

Microsoft Visual StudioFor those of us in the SBS world, we have a love/hate, with mostly hate, relationship with .NET Framework updates.  Seems they are always causing trouble with our boxes.  Turns out the recent .NET Framework 3.5 Service Pack 1 is no exception, both on Small Business Server 2008 and Small Business Server 2003.  While it is supposed to fix 25+ issues in .NET, my personal SBS 2003 production box reacted so badly with it that the box had no idea it was running SBS anymore.  When I attempted to run the CEICW in an effort to bring back my RPC over HTTP / Outlook Anywhere functionality that had died after running with the update for a few days, here’s the error it came back with:

 .NET stole my SBS!

I was also having “issues” with POP3 and IMAP4 (we use SSL on each of these for specific tasks at our office) protocols stopping after either an iisreset or a full restart of the server.  Strange thing with those protocols was that their respective services were still running.  Figure that one out.

I restored the system drive from a StorageCraft ShadowProtect image last night to get the machine back on its feet.  I personally have left 3.5 SP1 on our box and added the update patches that are supposed to resolve the problems the Service Pack is causing with our boxes; using our company’s server as a guinea pig before putting the service pack or subsequent update suite of three patches into production at client sites.  Personally, I will not install .NET Framework 3.5 Service Pack 1 without these fixes on any box I touch now.  I’d recommend you do the same for any machines you admin and ensure you have a very good back up before playing with these or any updates.  ;-)

Steve