Monday, January 28, 2008

Using SMS Trace to View Log Files


I wind up looking at a lot of text logs during troubleshooting. While opening a log in Notepad is quick, it’s also tough to look at a lot of log entries that way. I use the SMS Trace (aka, Trace32) log viewer from the Configuration Manager 2007 Toolkit.

With it, you can easily:

  • Find any log line with a specific text

  • Highlight lines with specific text

  • Filter out lines that contain text to reduce the volume of what you see
Lines with the word "warning" are automatically highlighted in yellow and lines with the word "error" are highlighted in red. It even updates the log every 500 milliseconds to get new entries, which you can adjust.

The System Center Configuration Manager 2007 Toolkit is available here. There is an exe which unpacks to two msi packages. Use the CcmTools.msi which installs the core tools.

When you launch the SMS Log Viewer for the first time, it will prompt you with:

Do you want to make SMS Trace the default log viewer?
I always make it my default viewer.

Friday, January 25, 2008

Random Photos from TechEd 2007



Here are some photos taken last year at TechEd 2007 in Orlando. Maybe this will give you some idea of the scope and size of the event.

Windows Mobile 6 for the Samsung BlackJack - FINALLY!

Finally! After almost a year waiting, AT&T and Samsung have released Windows Mobile 6 for the original BlackJack. I nominated WM6 for the BlackJack as the year's biggest vaporware product on Wired Magazine's annual list. It was voted the #6 spot.

Head on over and get it here!

Append Operations on Large Files

My team and I were discussing the time it takes for append operations to perform on large files, such as log files. Some suggested that the operation will take longer the larger the file becomes. Others thought the size of the file has no bearing.

I decided to create an experiment. I created a 3.5GB log file using a script and renamed the log file so as to remove any possibility of caching. I ran another script that appended a single line to the logfile. It appended the new line in less than 1 second.

Next, I copied the 3.5GB logfile to a remote server (took 3 minutes to copy), renamed it and tested again. Again, it took less than one second to append a new line. I had another user do the same test from his workstation with the same result.

Conclusion: File size has no bearing on the length of append operations.

TechEd 2008 Tips

This year will be my fifth TechEd. Here are my tips for a happy and productive experience.

  • Book your hotel through the MS TechEd site. These are the best rates and any of these hotels will have guaranteed (free) bus service to the conference (unless TechEd is being held in Boston. Those of you who were there know what I'm talking about.). I like the Embassy Suites on Jamaican Court. It's close, nice rooms and has a great free breakfast (although food is NEVER a problem at TechEd).

  • Pack your suitcase inside another suitcase to travel to TechEd. That way you will have a another BIG suitcase to bring back your swag.

  • Don't rent a car unless you need one. Some hotels offer transportation to/from the airport, otherwise take a cab. Most hotels have car rentals in the lobby, so you can always rent one if needed.

  • When the TechEd courses go online on the Connect site, review them and sign up for all the ones you want to attend, even if they overlap times. That way, you can always leave a session that doesn't live up to your expectations for a different one. Be aware that some sessions book up full.

  • Wear comfortable clothes and shoes. The venue is climate controlled, so dress for 20C/72F.

  • Try to stay a couple of days before or after the event to visit some sites. I HIGHLY recommend renting a car and visiting the Kennedy Space Center in Cape Canaveral (about 40 minutes away). We got to see Atlantis launch last year and it was absolutely awesome!

  • Plan on and attend the appreciation party on Thursday night.

  • Visit this blog often for pictures, reviews and commentary.

  • If you're from Europe and you're a guy, DO NOT wear capris. I will point at you and laugh out loud.
Got more tips? Leave them as a comment below!


Thursday, January 24, 2008

New Microsoft Certifications for 2008

As you may know, Microsoft has revamped its certifications this year. These changes bring up a lot of questions about past and present certifications, so I'm writing this to hopefully clear up some confusion.

First, the MCP, MCSA, and MCSE certifications are not being continued with the 2008 product line. However, these certifications are not being removed -- if you're an MCSE on 2000/2003, you're still an MCSE. The MCSE 2003 exams will not be retired until mainstream support for Windows 2003 ends. Considering most of the work I’ll do over the next couple of years will involve 2003 servers and migrations, it's still very relevant that to have an MCSE 2003 certification in addition to the new 2008 certifications.

The new certifications favor specialization -- depth, not breadth. These are the Microsoft Certified Technology Specialist (MCTS) certs. In the past, if you passed any Microsoft exam you became a Microsoft Certified Professional (MCP). Microsoft heard from hiring managers that they couldn't tell if an MCP had the skills they were looking for, so they decided to create certifications based on specific abilities and technologies. For example, you can become an MCTS: Windows Vista Configuration or MCTS: Managing Projects with Microsoft Office Project 2007.

The MCSA/MCSE certifications are being replaced with the Microsoft Certified Information Technology Professional (MCITP) certs. These are based more on job role than specialized in a particular technology (although you need to have MCTS certifications to get your MCITP). MCSA maps to the new MCITP: Server Administrator and MCSE maps to the new MCITP: Enterprise Administrator. There are also some specialty MCITPs, such as MCITP: Messaging Administrator, Database Administrator, Database Developer, etc. If you're interested in upgrading your MCSE to the new 2008 certifications, the MCITP: Enterprise Administrator is the premier certification you should work toward.

The following exams are required to earn an MCITP: Enterprise Administrator:

  • 70-640: TS: Windows Server 2008 Active Directory, Configuring

  • 70-642: TS: Windows Server 2008 Network Infrastructure, Configuring

  • 70-643: TS: Windows Server 2008 Applications, Configuring

  • 70-620: TS: Windows Vista, Configuring -or- 70-624: TS: Deploying and Maintaining Windows Vista Client and 2007 Microsoft Office System Desktops

  • 70-647: PRO: Windows Server 2008, Enterprise Administrator
If you have a current MCSE 2003 certification you're eligible to take an upgrade exam, 70-649: TS: Upgrading Your MCSE on Windows Server 2003 to Windows Server 2008, Technology Specialist. This single exam takes the place of 70-640, 70-642 and 70-643. Then, to get your MCITP certification you must take 70-620 or 70-624, and the 70-647 PRO: Enterprise Administrator exams.

If you’re still working toward your MCSE 2003 from MCSE 2000, be aware that the MCSE 2003 upgrade exams, 70-292 and 70-296, are being retired on March 31, 2008.

Note: The 70-647: PRO: Windows Server 2008, Enterprise Administrator exam has not been released yet. It's still in beta through the end of January and will hopefully be released around March 2008. I'm taking the beta exam today, but won't know if I passed for up to 12 weeks(!)

Other notes about the exams and certifications:

  • All exams are administered by Prometric. It's pretty easy to schedule, reschedule or cancel an exam from their website.

  • You will know the results immediately after taking the exam. Passing score is 700 out of 1000.

  • Exams are between 55-65 questions and you are given about 2.5 hours, depending on the exam

  • Most questions are multiple choice or pick the two correct answers. Usually there's a couple of drag and drop or click the right area questions.

  • The MCSE certification is no longer being used in future certifications. The term "Engineer" is a protected term used by several nations and states. Microsoft was sued in 12 countries and admonished in several states for use of this designation.

  • MCSE certifications are not being retired and will remain on your transcript indefinitely

  • MCTS/MCITP certifications expire and are removed from your transcript when the technology is no longer generally supported by Microsoft

  • MCITP certifications must be renewed every three years

  • Exams can be taken in any order, but Microsoft recommends taking the required MCTS exams before the MCITP exam
Microsoft has several resources on the web that describe the certifications beyond what I've covered here, and provide an overview of the knowledge you should have to take the exams.

What are your thoughts on the new certification framework? Leave your comments below!

Tuesday, January 22, 2008

TechEd 2008 Registration is Open!

TechEd 2008, the premier Microsoft IT learning experience, opened today for registration. I signed up as soon as the website came live. As you may know, TechEd is divided up into two separate events this year, Tech·Ed U.S. Developers (June 3-6, 2008) and Tech·Ed U.S. IT Professionals (June 10-13, 2008).

I'm thrilled to see that Marcus Murray is presenting a pre-conference seminar, "A Step-By-Step Guide to Hack-Proofing Your Microsoft Network." I wrote about Marcus at last year's TechEd, where he scared the living bejezus out of everyone in packed conference rooms. I can't wait to see what he's going to show off this year. I've removed the NIC from all my servers just to be safe. :)

As Brian Marble reported, TechEd 2008 will also be one of Bill Gates last public speaking engagements before he retires from Microsoft and embarks on his full time gig of giving money away. Bill and Melinda's philanthropy astounds me and warms my soul.

I'll be attending the Tech·Ed U.S. IT Professionals session. Let me know if you'll be going, too!

Imagine Cup 2008 - Time is Running Out!

As I mentioned in an earlier post, the Imagine Cup 2008 competition is underway. The last quiz for round 1 is scheduled for January 31.

The Imagine Cup is one way Microsoft is encouraging young people to apply their imagination, their passion and their creativity to technology innovations that can make a difference in the world – today.

If you're a student, this is your last chance to qualify for round 2 and possibly make it to the finals in Paris, France. Sign up, take the quiz, and you could maybe even win an Xbox 360 game just for trying!

Monday, January 21, 2008

Windows Server 2008 SP1

You know all those IT guys who won't deploy a new technology until the first service pack is released? Well, it looks like the Microsoft marketing team has figured out a way to boost early deployments by skipping the RTM release entirely and going straight to Windows Server 2008 SP1.

I filed a bug report on this when RC1 was released. That was when Microsoft merged the Windows Server 2008 codebase with Windows Vista SP1. It's been that way in every build since then, including the latest pre-RTM build.

Bug or clever marketing scheme? You decide.

EXPTA Server Upgrade

I ordered a new server this weekend to replace my existing Windows Server 2003 infrastructure. This new server will run the same roles as my existing server, but will have twice as much RAM and will be "green." It will utilize the new AMD Athlon X2 BE-2400 Brisbane 2.3GHz 45W Dual-Core CPU, less cooling (due to the low wattage CPU), and a smaller power supply. Should be fun. I haven't built my own hardware since the 90's. :)

I'll be building it with x64 Windows Server 2008 Enterprise edition and utilize Hyper-V for my virtual DC and Exchange 2007 servers, instead of VMware. The host server will function as my Exchange 2007 Edge server and host the www.expta.com blog on IIS 7.

The plan is to bring up the the new W2K8 server, build new virtual DC and Exchange servers, move the mailboxes to the new Exchange server, install the Exchange Edge role, and move the blog to the new server. Once I know everything is working properly I'll decommission the old Windows 2003 and Exchange 2007 servers.

Hopefully, there will be very little downtime. I only expect brief outages as I update my router configuration. As usual I'll post my experiences with the upgrade, as will as any troubleshooting tips and gotchas I discover along the way.

Friday, January 18, 2008

Exchange ActiveSync Policies

Exchange Server 2007 provides ActiveSync mailbox policies to allow administrators to manage the Windows Mobile devices that attach to the network. This allows you to apply a common set of policy or security settings to a group of users or even an individual user.

Exchange 2007 RTM included 16 policy settings. That number climbs to 27 in Exchange 2007 SP1 for the Exchange 2007 Standard CAL. The SP1 Enterprise CAL offers an additional 16 settings. Settings that only exist in the Enterprise CAL, such as controlling POP and IMAP, Bluetooth, WiFi, the camera and text messaging, make that CAL a compelling choice for some customers.

The Exchange Team blog has an in-depth explanation of ActiveSync policies, as well as a great chart that shows the different policies for each version and CAL. Read What's New for Exchange ActiveSync Mailbox Policies in Exchange Server 2007 SP1? Microsoft also has a policy reference on MSDN, Understanding Exchange ActiveSync Mailbox Policies. Keep in mind that these settings only apply to devices that support them. Some only work on Windows Mobile 6 and some mobile device vendors may strip support for them from their mobile devices.

Another important change in SP1 is that it now publishes a default EAS policy, where RTM requires you to manually apply the default policy.

Tuesday, January 15, 2008

DEP and Virtual Machines

Data Execution Prevention (DEP) is a security feature included in all versions of Windows since XP SP2. It’s intended to prevent an application or service from executing code from a non-executable memory region. This helps prevent certain exploits that store code via a buffer overflow, for example.

DEP runs in two modes: Hardware-enforced DEP for CPUs that support it, and software-enforced DEP for CPUs that don’t. Software DEP is performed by the operating system, and as such, has a (small) performance hit.

It may make sense to disable DEP in virtual machines (especially test VMs) to eek out a little more performance. Read on for an explanation of how to do this.

Software DEP configuration is controlled through switches in the Boot.ini file.

There are four options to set the DEP mode are:

  • OptIn - Enables DEP only for OS components, including the Windows kernel and Windows drivers. Administrators can enable DEP for selected executable files with the Application Compatibility Toolkit (ACT).
  • OptOut - Enables DEP for the OS and all processes, including the Windows kernel and Windows drivers. However, administrators can disable DEP on selected executable files with the Control Panel System applet.
  • AlwaysOn - Enables DEP for the OS and all processes, including the Windows kernel and Windows drivers. All attempts to disable DEP are ignored, and all DEP configuration options are disabled.
  • AlwaysOff - Disables DEP. Attempts to enable DEP selectively are ignored, and the DEP GUI is disabled.

In Windows Server 2008 and Vista, you use bcdedit to set the DEP mode. The DEP configuration can be viewed using the bcdedit /enum osloader /v command. To configure DEP, use the /set nx switch. For example, to set the currently booted OS to DEP AlwaysOff, you would use the command:

bcdedit /set nx AlwaysOff

You configure DEP in other operating systems from the Advanced tab Performance Settings of the System Control Panel applet.

Saturday, January 12, 2008

Call Me Certifiable



This morning I passed the TS: Upgrading Your MCSE on Windows Server 2003 to Windows Server 2008, Technology Specialist exam (70-649) with a perfect score of 1000. Peesacake exam. Now I get to add another logo and more alphabet soup to my resume.

The exam was 55 questions divided into three sections. The time allotted for the exam was 2 hours, 15 minutes. I spent 32 minutes including the NDA, section reviews and commentary sections. Anyone with a current MCSE and Windows Server 2008 experience should have no trouble with this exam. Good luck!

-----------------

On a side note, Prometric (the sole Microsoft testing center) sucks. They weren't going to let me take the exam because I wasn't on their "list" to take the exam today. I showed them my confirmation page and had to get a manager to confirm that one of the computers was setup for my test. This happened to me a few years ago when I was going for my 2000 MCSE and I wasn't able to take the test. I would not have been a happy camper if that had happened again!

Thursday, January 10, 2008

Fix for SCOM 2007 Health Script failures


I had a problem with a couple of Windows Server 2003 domain controllers that were constantly showing as unhealthy in SCOM. The Health Explorer showed that the AD Op Master Roles monitor was failing. The Operations Manager event log would show the following events:

Event Type: Warning
Event Source: Health Service Script
Event Category: None
Event ID: 1
Date: 1/10/2008
Time: 5:50:05 AM
User: N/A
Computer: SADC01
Description:
AD Op Master Response : The script 'AD Op Master Response' failed to create object 'McActiveDir.ActiveDirectory'. This is an unexpected error.
The error returned was: 'The specified module could not be found.' (0x8007007E)

and

Event Type: Warning
Event Source: Health Service Script
Event Category: None
Event ID: 1000
Date: 1/10/2008
Time: 5:55:05 AM
User: N/A
Computer: SADC01
Description:
AD Lost And Found Object Count : The script 'AD Lost And Found Object Count' failed to create object 'McActiveDir.ActiveDirectory'. This is an unexpected error.
The error returned was 'The specified module could not be found.' (0x8007007E)

The solution is to run the OomADs.msi file in the C:\Program Files\System Center Operations Manager 2007\HelperObjects folder on the server having the problem. In my case, the domain controllers. Installation is quick and will not require a reboot. Once that's done restart the OpsMgr Health Service and you're good to go.



Saturday, January 5, 2008

Winter Storm 2008 Slideshow (Pacifica, CA)



Here are some pictures I took today around my neighborhood and other parts of the town. The third storm is due sometime tomorrow and is supposed to bring some arctic winds with it. Joy.

These photos can also be viewed here.

Second Blackout

We lost power again this morning at 8:00am PST for another four hours. Grrrr!

Storm #2 is here now with heavy rains and hail. The house sure cools off quickly when the heater can't come on.

I'm convinced my kids would never survive life in the 1800s.

Friday, January 4, 2008

That was some storm!

A major storm system is moving through Northern California this weekend. The first of three came with 70-80 mph winds that took out the electricity for most of Pacifica (where I live), taking the http://www.expta.com/ server offline for more than 12 hours.

I apologize for those of you who may have tried to get to any of my articles linked from TechedBloggers.net during this outage.

Fortunately, there was no damage to our home or property. Several of our neighbors lost trees and fences here along the Pacific coast.

The second storm is supposed to move in later tonight and I have my fingers crossed that we won't loose power again. It's still rather windy, but it's not raining yet. I better take the dog out for a flight... er... I mean walk.

Thursday, January 3, 2008

Imagine Cup 2008

I'm very proud to be a co-captain for this year's Imagine Cup IT Challenge in Paris, France. Last year I participated as an exam writer and round 2 judge for Imagine Cup 2007 that was held in Seoul, Korea.

The Imagine Cup started five years ago, and already more than 100,000 students from over 100 countries and regions have competed. This year, more students than ever will be looking for victory in the nine competitions set up under three main categories, each reflecting this year’s theme.

The IT Invitational highlights the art and science of developing, deploying, and maintaining IT systems that are efficient, functional, robust and secure. In most scenarios, IT professionals have a base set of tools and techniques, but still have to work through custom needs and configurations that require an intimate understanding of how all the pieces fit together. IT professionals also have to know how to manage, administer, monitor, and maintain the systems for ongoing network security and reliability.

The IT invitational challenges students to demonstrate their proficiency in understanding not only the theory of how Microsoft Windows-based networks and applications work, but also how to keep them working. This includes core file and print services, e-mail messaging, database systems, document collaboration and sharing, network virtualization, unified communications, and systems management.

Round 1 of the IT Challenge runs now until January 31, 2008.

Students can register for the IT Challenge on the Imagine Cup 2008 Competition Website. Check it out and good luck!

2008 Scripting Games

February 15 - March 3, 2008

The third annual Scripting Games are coming to the Microsoft Script Center February 15 – March 3, 2008. Mark your calendars now, this will be the biggest scripting competition of the year.

I won my very own Dr. Scripto bobblehead doll at last year's TechEd in Orlando. I can't wait to compete for a matching set!

Wednesday, January 2, 2008

Fix for Problem Storing Email Attachments on Storage Card

I frequently try new ROMs for my Windows Mobile device. On my last ROM I came across an issue that prevented me from storing Email attachments on my 2GB microSD storage card. The Storage error says, "No unlocked storage card detected. Make sure an unlocked storage card is inserted and try again."

The problem occurs when Windows Mobile thinks the extended ROM is your storage card, and the extended ROM is locked (the default behavior).

Notice in the screenshot above that WM6 says I have only 8.52MB free (the extended ROM), not 2GB as it would be if it were looking at the storage card.

The fix is to hide the extended ROM, restart the mobile device and reconfigure email to store attachments on the storage card. You can then re-show the extended ROM if necessary.

Fixing Incorrect Directory Permissions in WSUS 3.0

I have a client with a fairly large WSUS deployment, comprised of 36 WSUS servers servicing over 10,000 computers and servers in a distributed environment. Recently, we upgraded the entire WSUS 2.0 SP1 infrastructure to WSUS 3.0. I noticed the following event on many, but not all, of the WSUS downstream servers:

Event Type: Error
Event Source: Windows Server Update Services
Event Category: Core
Event ID: 10012
Date: 1/2/2008 Time: 7:30:49 AM
User: N/A
Computer: SAFS01
Description: The permissions on directory D:\WSUS are incorrect.
For more information, see Help and Support Center at blah, blah, blah

These servers also suddenly began to fail its synchronization from the upstream server. Strangely, they all had been working fine for a few weeks after the upgrade. The solution is to modify the directory permissions as follows:
  • The root folder of the local content directory must have at least Read permissions for the Users security group and the NT Authority\Network Service account. In other words, if the WSUS content directory is D:\WSUS\WSUSContent, the D:\WSUS directory must have the correct permissions. The BITS service will fail if these permissions are not set.
  • The content directory itself (in the above example, the WSUSContent directory) must have Full Control permissions for the NT Authority\Network Service account.
  • The temporary ASP.NET directory (%windir%\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files) must have Full Control permissions for the NT Authority\Network Service account.
  • The system %TEMP% directory (usually %windir%\TEMP) must have Full Control permissions for the NT Authority\Network Service account.

After the permissions have been set correctly restart the Update Services service and check the Application event log for errors. You should be able to perform a synchronization successfully now.