How not to get stuck at Precopy preparation during a Dell system build

So I unpacked the mini cardboard crate that my new Dell Poweredge R700 came in and did the usual inventory (BTW, it's a sweet, sweet machine). I noticed that they hadn't shipped the usual Dell Openmanage CD pack and since I was going to do some testing, I kinda needed it to do some OS reloads. I went to the website and downloaded the two ISO files (1.9GB and 1.8GB) thinking they were two different DVDs. The nifty thing about ISO files is that you can split them up any way you want and your dvd burning software will burn DVDs for you no matter how broken the result may be.
Anyway, I popped in the first DVD and booted off of it and then choose the System Builds and Update Utility. Then went through and choose my 2008 x64, time zone, etc and told it to apply. Then it stopped dead 15% into it at Precopy preparation.



Then began the troubleshooting. Suffice it to say that it wasn't any of the usual things. So I went back to the website to look for an older version of the OpenManage DVD. While digging through, I noticed an interesting comment buried down under 'Additional Information'.

To address a browser limitation around downloading large files (see Microsoft KB article 298618: You cannot download files that are 2 GB or larger - http://support.microsoft.com/kb/298618), the Dell Systems Management Tools and Documentation DVD as a single ISO file is no longer available for web download. You can do one of the following to get the content:

1) If you recently bought a server, please use the DVD that shipped with your hardware.

2) Download the two ISO file segments to a new, empty folder and concatenate them. Create a single DVD image file using the following commands:
Windows: copy /b OM* OM_610_SMTD_A00.iso
Linux: cat OM* > OM_610_SMTD_A00.iso

CONCATENTATE. Yes, this critical piece of information was neither located under "Description" nor was it under "Important Information". Nay, it was located under "Additional Information" due to it not being important... Still at the end of the day it technically qualifies as a RTFM moment.

Imagine my surprise when I actually followed the instructions and then re-burned the DVD, my install worked correctly.

The unequivocal joy of sharepoint and one way trusted forests

Sharepoint is one of those products that's great once it's installed and configured. The configuration of Sharepoint, however, remains a real pain...

Today's challenge was setting up a WSS 3.0 server in the testing lab. The testing lab has a separate AD forest that only has a one-way trust to the production forest. The requirement was to have the WSS 3.0 server be part of the LABTEST domain AND be able to add users from both PROD and LABTEST to the application. Now that seems simple enough since the server already sees both domains as evidenced by the logon drop down box showing both domains. However, as I found out that doesn't mean that the web app will see both as well...

Finding the right command to run was a relatively easy google search which sent me to technet. Getting the syntax right and figuring out how to use the command correctly, now that was the fun part. With the assistance of these two blogs I got it to work:

http://blogs.msdn.com/joelo/archive/2007/03/08/cross-forest-multi-forest-configuration-additional-info.aspx

http://blogs.msdn.com/sharepoint/archive/2006/03/15/552331.aspx

First, in several discussion groups I got differing answers over whether or not the Sharepoint Application Pool Identity needed to be set to "Network Service" or as a domain user account in the domain (in my case, the LAB domain). I used a domain user account myself but had to make changes to the DCOM because my pool wouldn't start. (Component Services - Computers -> My Computer -> COM+ Applications -> DCOM CONFIG -> IIS WAMREG -> Properties -> Security Tab -> Edit Launch and Activation and just give the domain user permissions).

Next it's time to go to a command prompt and go to C:\Program Files\Common Files\Microsoft Shared\web server extensions\12\BIN . Now don't do what I did and think that just because you don't have a full web farm that you can skip the first instruction

stsadm.exe -o setapppassword -password SomeRandomPassword

Literally, it doesn't matter what is set to, as long as it's the same on all your front end servers. Even one lonely standalone installation...

The second command is a bit on the long side. The full syntax I ran (names and passwords have been changed for security purposes).

stsadm.exe -o setproperty -url http://WSSVM1 -pn "peoplepicker-searchadforests" -pv "forest:AD.PROD.COM,TrustUser,3t9sz9$b20pz;forest:LAB.LOCAL;domain:AD.PROD.COM,TrustUser,3t9sz9$b20pz;domain:LAB.LOCAL"

Where AD.PROD.COM is the FQDN of my forest and root domain and LAB.LOCAL is the FQDN of the forest and root domain. (keep in mind LAB.LOCAL is the domain that the WSS server is joined to. You'll notice that I had to use a domain user account in the Trusted domain in order to be able to search it since it's only a 1 way trust. Also, while digging I found on one of the forums that you DO need to include the domain the server is joined to as well as the domain you want to add to the search. I'm not really sure if it's necessary to include both the forest: and domain: for each but it works this way so I'm sticking to this method.

On a related note, there's also an alternative way to set this up that involves setting up shadowed, non-login accounts in the resource domain that map to the real users in the production domain. It's a bit more than I needed for this project but you might find it useful.

http://blogs.msdn.com/sharepoint/archive/2006/03/15/552331.aspx

vmrun - the grown up pain in the b** replacement for vmware-cmd

Back in the VMWare Server 1.x days stopping and starting up VMs from the command line was easy with 'vmware-cmd'. Now with Version 2.0 on my win2k3 boxes, I was forced to learn how to use the replacement - VMRUN.

I do understand that those who use the 'real' VMWARE products - ESX, vSphere, etc are quite used to using VMRUN. But if you're used to the old easy way and you're still stuck on the free versions, it's a bit tricky to get to work.

1. First off, you'll want to make sure your %PATH% variable is updated for the path to the vmrun command. ("C:\Program Files (x86)\VMware\VMware Server" on my x64 box)

2. Now open a command prompt and enter in vmrun list. This will show you a listing similar to this:

Total running VMs: 5
[standard] MYWEB2B/Win2k3R2STD_vmsrv2.0.vmx


where [standard] is the name of the default datastore in VMWare 2.x, MYWEB2B is the immediate folder under that in the file system, and then you have the filename. IT IS CASE SENSITIVE. The whole @#$% thing. If you mess that up, it will just tell you that "The virtual machine cannot be found".

3. Now that we know how to reference the vm files properly, now we need to specify the -T, -h, -u, and -p parameters. For some unknown reason, they don't appear to have a 'just run it as the server I'm sitting on and as the users I'm running this as' setting'.
Since you're using VMWare Server 2.0, you'll use -T server -h https://YourServerNameOrIP:8333/sdk (yes, it needs the sdk at the end)
and then provide a username/password (-u,-p) that is part of the administrators group on the host machine. (or if you've setup custom permissions in vmware, use one of those).

At this point, we should be able to construct this command to stop a VM gracefully:

vmrun -T server -h https://MyVMHostServer:8333/sdk -u vmadmin -p thepassword stop "[standard] MYWEB2B/Win2k3R2STD_vmsrv2.0.vmx" soft

You'll note that I introduced the 'stop' and 'soft' parameters. I'll give you three guesses what 'stop' does. The shutdown type option 'soft' will run the shutdown scripts for you for the VM to gracefully power it down. If you wanted to drop it uncleanly, just use 'hard' instead.

4. To Start it back up:
vmrun -T server -h https://MyVMHostServer:8333/sdk -u vmadmin -p thepassword start "[standard] MYWEB2B/Win2k3R2STD_vmsrv2.0.vmx"

Now combine this will some old style batch files and robocopy or xcopy and you've got a cheap way to make VM backups using Task Scheduler.

Note 1: Sometimes it just doesn't like netbios names.

Additional References:
VMRUN reference:
http://www.vmware.com/pdf/vix162_vmrun_command.pdf

Tips and Tricks for vmware server 2.0:
http://www.google.com/url?sa=t&source=web&ct=res&cd=1&url=http%3A%2F%2Fcommunities.vmware.com%2Fservlet%2FJiveServlet%2FpreviewBody%2F9394-102-2-6307%2FVMware%2520Server%25202.0%2520Tips%2520and%2520Tricks.pdf&ei=O4ItStbKI5WEtweRtM2vCA&rct=j&q=VMware+Server+2.0+Tips+and+Tricks.pdf&usg=AFQjCNH0ZvlIVPIrc8N_UQ64Y1efSoIO_Q

SoftOSD and Dell latitude laptops with the Nvidia chipset

I haven't confirmed it yet (and you'll understand why after I explain it) but I was told that the Dell Client Manager agent that comes with the Dell Management Console was causing issues on some D620 units that had the Nvidia chipset. On those units the entire LCD stopped working and require Dell to replace the motherboard and LCD. While this series of laptop has been plagued by Nvidia related issues, I was assured that these units had been running fine for a few years already and the sheer quantity of them failing at the same time was unlikely. The current suspect is the SoftOSD component which gets installed as part of the Dell Client Manager Agent. I looked up this component and it appears to be directly related to video card/output manipulation which only adds to our suspicions.

Also, these units seemed to all have been docked for at least some of the time prior to their failure and caused odd resets on the external monitor.

While this hasn't been verified yet, I would recommend that you uninstall the SoftOSD component off any D620 with the Nvidia chipset until we know one way or another. I'm not exactly willing to offer up any of my D620's for testing sacrifice. :)

KB 968078 (MS09-016) broke RDP on my ISA 2006 server

I really shouldn't be surprised since the last time I installed a hotfix for my ISA 2006 SP1 (win2k3 sp2 with all offloading, etc turned off) it broke RDP as well. I've already seen other forum hits on this now as well. I uninstalled it for now as being without RDP access to that server is not an option right now. Others have reported VPN problems and problems starting up standard edition with 4+ cpu cores. I'm not going to fool with it until I see a new patch come out or a resolution for this problem.

some other references to this issue:

http://forums.isaserver.org/m_2002085188/mpage_1/key_968078/tm.htm#2002085188

http://blogs.technet.com/isablog/archive/2009/04/18/ms09-012-and-isa-server-standard-edition-14109-failures.aspx

Symantec Mail Security for Exchange Named Piped Error updating license

Yes, you read that right, "The Named Piped could not be found" and because of that misspelling, you won't find the answer on their knowledge base.

I was trying to Add my new updated license files through the management console for Symantec Mail Security for Exchange and I got that error. The real error should read named pipe instead of piped and that's how you'll find it in their KB. When you get this cool error, you'll also notice the checkbox for "Enable Premium Antispam" gets whacked and your users start complaining about spam.

http://service1.symantec.com/support/ent-gate.nsf/docid/2007072606354254

Basically they'll have you stop both the services and manually wipe out the existing license files that are there. Then restart the services and try to add them again. Fortunately, this actually worked for me. Make sure to re-enable the premium antispam checkbox if you have that service.

Dell Management Console - free as in beer

So if you're like me and your budget this year doesn't seem to cover anything more than replacing machines that are on fire and burning to ashes and you happen to have a mostly or all Dell infrastructure, then the new DMC (Dell Management Console) may be for you. It's based on the Altiris Server platform and can help you with everything from hardware inventories to pushing bios updates and even individual bios settings such as enabling bitlocker support. It slices, it dices, and can even manage your dell kvms, network switches, etc. If you want to find out more, click the link below.

DMC:
http://www.dell.com/content/topics/global.aspx/sitelets/solutions/management/openmanage_console?c=us&cs=555&l=en&s=biz

Dell DMC FAQ:
http://en.community.dell.com/groups/dell_management_console/wiki/dmc-faq.aspx

When you're ready, just fill out the short registration on their website and get your two sets of license keys that you'll need for the install to activate the Dell Client Manager and the Dell Management Console. You'll also be provided with a link to download the ISO to install it.
http://www.dell.com/openmanage/register

First off you'll need a halfway decent box. Symantec/Altiris/Dell recommends a dual processor box with 4GB of RAM in it. It also has to be running some variant of Windows 2003 Server and it has to be a 32 bit version. To top it off, they also only current support IE7. A copy of SQL 2005 Express edition is included in the installer but the docs and the installer deem it necessary to remind you at every corner that the performance will be much better with a real copy of SQL server. You'll also need to have .net framework 3.5 installed. (I've currently got it running on a Octiplex 755 until I'm done testing.)

So next we're off to the install portion and the first opportunity to trip you up. One of the first things you'll notice in the screenshot below is that the Altiris Server product is listed in addition to the Dell components. If you check that it'll install an eval license and a bunch more junk that you don't really need.



Here's a screenshot if you had gone that route. You'll notice the boatload of Trial licenses. If you didn't choose that Altiris checkbox you should only seen 1 Trial one. (yeah, I don't know why either)



Prior to the screen above, you'll have been prompted for the license text files that you received earlier. It's pretty straightforward for the rest of the install; stuff like smtp server, user account to use, etc. As with all Symantec installers the pre-install checks will have some yellow warning triangles left. Since they're only warnings and not Errors you can proceed. (Don't get me wrong, their installer is nice but I just can't ever seem to get all the warnings to go away.)



So it's installed, what now? Well, if it didn't do it for you, you'll need to open an IE7 window to https://yourservername.withfullfqdn.domain/ (provided you set up SSL ahead of time. (see README on the CD). Depending on whether or not you've ever used Altiris you may find the number of options and menus Daunting. Let's cut to the chase and click on the Home icon, then Dell Client Manager.



On the left you'll see a Quick Start tree which will walk you through network discovery, pushing the Altiris Agent, Agent settings, and quite importantly the Dell hardware client which will run on the Agents and collect hardware data for you. There's also some tutorial videos buried inside somewhere but I figured out more stuff just by clicking around and using the online help. You also have to keep in mind that the DMC only uses a fraction of the Altiris Server's abilities so you may see references to functions that you don't have.

You'll also notice that most things are turned off by default which is good. The idea is that you configure and enable them as you need them. To turn them on, just click on the red button and change it to On and then the Save button at the bottom.



Provided you've made it past the agent installs, you'll soon see them show up in the dashboard. Below you'll see the 5 test machines in my environment listed.



Click on it and it'll open up a series of Reports that allow you to drill down into each machine. (double-click in some places)





And yes, I too suffer from a 2 to 4 second delay on each page load.



And as you can see it gives you quite a bit of information about the client machine. Sometimes it's useful to know things like video card models, bios version, etc prior to working on a desktop call.

I was also impressed with the granular control it provides over bios settings:



*note - while it does support bios passwords, it doesn't like passwords with special characters or spaces.

Well, that's all for today. I still have to play around with it a bit more to see what else it can do.

Notes:
1. The free DMC edition is what they call Standard edition. Which I'm under the impression means that there's a Pro version that has more bells and whistles for the right price.
2. I haven't played with any of their other recent IT openmanage products so I can't tell you how many of these features are new in comparison.

Word 2007 (winword.exe) won't open, no gui, process dies quickly

So I had a user report that they were having problems opening any office programs. They weren't being shown a GUI and when I checked the Task Manager I could see the process flash up for a few seconds then die. Running winword /a manually had the same effect. So I started troubleshooting:

1. Logged on as a different user - worked fine
2. Rebuilt the user's profile - still not working
3. Tried removing various Office registry keys as suggested on some web sites. - no change
4. Reinstalled office 2007 completely - no change.
5. Started using brain, downloaded Process Monitor from the old sysinternals site.
http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx

I started the capture, tried to open word, then stopped the capture. I then set the Filter to show Process Name - winword.exe and then went down the list. And then noticed about a hundred errors related to opening this one registry key.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-632034446-1996701954-922709458-10172\Components

(Note: On your computer, the SID will be different). It had some weird file in it with rgb in the name so I backed up the key and then ripped out the SID entry completely. And then Voila, I was once again able to open office applications as that user.