Thursday, November 5, 2009

Windows 7 UAC articles

This is really upsetting me. I keep seeing this as I read my news tonight:

http://www.betanews.com/article/Sophos-study-suggests-Windows-7-UACs-default-setting-is-selfdefeating/1257455306

I was one of the only ones who seemed to think Vista was a good user interface and OS upgrade from XP, of course it could have been more optimized and even better, which is what windows 7 is. I also found the UAC feature in Vista to be very good, and similar to those of us who use unix are used to working. You su to root when you need to do something elevated, otherwise you operate at user level. The typical end user complained "it keeps asking me to elevate so often, I don't understand what this means". On windows 7, Microsoft decided to elevate only under certain cases (by default), and of course the inconvenience of the extra click, otherwise known as security, was removed essentially. This makes Windows 7 in its default setting much less secure than vista.

Being a systems and infrastructure guy, we get the same Vista feature in Windows Server 2008 (based on Vista), and R2 (based on 7). They kept the same escalation we had in Vista enabled out of the box on both platforms. This is especially good for a server OS. I have been seeing some of the admins (not in my group, but DBAs) disable this feature, and I always implore them to turn it back on. I explain the reason it's there, and it will save them, either from doing something by accident, or by something running in their session they aren't aware of.

Then you get other poorly designed software such as HP's Quicktest Professional which still cannot run with any level of UAC enabled. It takes 4 years to make your application work with UAC? Really?

So basically, user feedback promoted Microsoft to reduce the nags (otherwise known as security), and then the press and AV vendors are touting Windows is less secure? Seems like a catch 22 for Microsoft, they want to sell operating systems, but they also need to placate people like me who would like a secure OS. I understand they are shipping the servers hardened, and the clients less so, but is that a good idea? I think my mom will thank them J
Posted by jkowall at 11/05/2009 07:00:00 PM 0 comments Links to this post

We did it

We finally launched the new platform, its been pretty difficult both pre and post launch supporting the business, developers, QA folks, doing perf testing. Lots of stuff to fix, and I'm really looking forward to the cleanup part. Its always fun to recover space and processing power which is not needed on the new platform. Things are progressing well.

http://www.techcrunch.com/2009/11/02/mfg-com-takes-off-the-cuffs-with-manufacturing-marketplace-redesign/

We have to move a couple offices in the near future, and we're trying to open one in India. All of that planning and work is keeping us busy as well.

I am very happy to have a new global helpdesk manager onboard. Great addition to our team!
Posted by jkowall at 11/05/2009 12:09:00 PM 0 comments Links to this post

Wednesday, October 21, 2009

Ipmonitor, spiceworks, and vendor maintenance

I'm happy that solarwinds has released a major upgrade to ipmonitor. Too bad they didn't notify me my maintenance expired about a month ago. I'm renewing it now, and looking forward to v10. This product is excellent, cheap, and does a great job with agentless monitoring. You can also tweak it to monitor pretty much anything as needed. Such a good deal for a great all around product.

Speaking of maintenance, I also just investigated and found out that our F5 Big-IP maintenance expired in April. Glad we have a HA pair in case of issues in the next little while, but I don't understand why vendors and resellers don't keep on top of customers. It's essentially free money they aren't going to get if they don't chase folks about it.

Vendors who do a good job with maintenance:

  • IBM
  • Oracle
  • Sybase
  • HP Software
  • Cisco

Vendors who are horrible with maintenance in my experience:

  • HP hardware
  • Dell
  • F5

What cisco does that's really cool is they integrate maintenance into other tools so when you have inventory such as HP Network Automation System (Formerly opsware nas) as well as Cisco's own Ciscoworks.

Another thing we do because we are cheap and love good free software is we leverage this awesome product called Spiceworks. I can't believe what you can do with the product, we've been using it for over a year now, and it's completely free:

  1. System inventory
  2. Hardware details and changes
  3. Software installs and changes
  4. Up/down monitoring
  5. Event log monitoring
  6. Disk monitoring (only used as a blanket monitor, non production)
  7. Exchange monitoring
  8. Antivirus definitions monitoring
  9. Active Directory integration
  10. Interface graphing (firewalls, routers, switches)
  11. Network mapping (relationships of devices and switches)

Its very easy to find a users system based on the login, its very easy to see changes in software and hardware, its also easy using this script:

http://community.spiceworks.com/how_to/show/197

This awesome script populates the inventory with the warranty expiration on dell devices. (including servers, printers, switches, desktops, and laptops)

Right now we have 5 collectors feeding one instance, so I can do global scanning and aggregate the results in a single repository.
Posted by jkowall at 10/21/2009 03:31:00 PM 4 comments Links to this post

Wednesday, September 16, 2009

Netapp SATA perf

I decided that when we built out the netapp gear that we would put low volume and QA data on the SATA disks and save the FC disk for databases, VMware, and other intensive stuff. Now looking at performance on the QA VMware boxes with the SATA disks and I'm thinking I shouldn't have done that. It's been quite good in general, but when there is a backup running or other disk intensive actions occur it grinds to a halt. I really need to figure out a way to move onto a FC aggregate at some point.
Posted by jkowall at 9/16/2009 05:07:00 PM 0 comments Links to this post

Vmware issues resolution

I had support on the line for a while to fix my errors with the reports. They finally fixed it, it was some obscure bug which is fixed the the next major patch for Vsphere 4. It was a complex fix they had to do, but it works finally. Nice job by support.
Posted by jkowall at 9/16/2009 04:40:00 PM 2 comments Links to this post

Friday, August 28, 2009

Sonicwall Sonicpoints

These things are still having issues. We got them stable for 2 weeks, but now one of them is on the fritz again. The N access points seem to be more problems than the G ones. I have another service case open with Sonicwall, their support is pretty unresponsive in general. Annoying.

Too bad, because the product is great!
Posted by jkowall at 8/28/2009 04:31:00 PM 0 comments Links to this post

Vsphere server issues and upgrade progress

So I found out that using the host update tool versus Vcenter update manager is much easier and more reliable when moving from ESXi 3.5 to 4.0. Before I was using the update manager and it wasn't working all that reliably. So far I haven't had any issues using the host update tool. I've done many upgrades now, and I only have 4 left, 3 of which I am doing this weekend.

Whenever I speak to vmware they always think I'm using ESX, when I prefer and expect that people should move to the more appliance model of ESXi. With 4.0 they are pretty much on par, and I'm going to stick with ESXi.

On one of my vsphere 4.0 servers (virtualcenter) its doing this annoying thing when I try to use the performance overview:


 

Perf Charts service experienced and internal error.


 

Message:

Report application initialization is not completed successfully. Retry in 60 seconds.


 

In my stats.log I see this.


 

[28 Aug 09, 22:28:07] [ERROR] com.vmware.vim.stats.webui.startup.StatsApplicationLauncher : Task execution produced an error. Re-initialization attempt #26 will startup after 60 seconds...

java.util.concurrent.ExecutionException: java.lang.IllegalStateException: com.vmware.vim.stats.webui.StatsReportException: Unable to open VC DataSource.

    at java.util.concurrent.FutureTask$Sync.innerGet(FutureTask.java:205)

    at java.util.concurrent.FutureTask.get(FutureTask.java:80)

    at com.vmware.vim.stats.webui.startup.StatsApplicationLauncher$1.run(Unknown Source)

    at java.lang.Thread.run(Thread.java:595)

Caused by: java.lang.IllegalStateException: com.vmware.vim.stats.webui.StatsReportException: Unable to open VC DataSource.

    at com.vmware.vim.stats.webui.startup.StatsApplicationLauncher$1$1.run(Unknown Source)

    at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:417)

    at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:269)

    at java.util.concurrent.FutureTask.run(FutureTask.java:123)

    at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(ScheduledThreadPoolExecutor.java:65)

    at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:168)

    at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:650)

    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:675)

    ... 1 more

Caused by: com.vmware.vim.stats.webui.StatsReportException: Unable to open VC DataSource.

    at com.vmware.vim.stats.webui.startup.VcDataSourceInitializer.init(Unknown Source)

    at com.vmware.vim.stats.webui.startup.StatsReportInitializer.createInitializers(Unknown Source)

    at com.vmware.vim.stats.webui.startup.StatsReportInitializer.init(Unknown Source)

    ... 9 more

Caused by: org.apache.tomcat.dbcp.dbcp.SQLNestedException: Cannot create PoolableConnectionFactory (The connection to the named instance has failed. Error: java.net.SocketTimeoutException: Receive timed out.)

    at org.apache.tomcat.dbcp.dbcp.BasicDataSource.createDataSource(BasicDataSource.java:1225)

    at org.apache.tomcat.dbcp.dbcp.BasicDataSource.getConnection(BasicDataSource.java:880)

    at com.vmware.vim.stats.webui.startup.VcDataSourceInitializer.openVcDataSource(Unknown Source)

    ... 12 more

Caused by: com.microsoft.sqlserver.jdbc.SQLServerException: The connection to the named instance has failed. Error: java.net.SocketTimeoutException: Receive timed out.

    at com.microsoft.sqlserver.jdbc.SQLServerException.makeFromDriverError(Unknown Source)

    at com.microsoft.sqlserver.jdbc.SQLServerConnection.getInstancePort(Unknown Source)

    at com.microsoft.sqlserver.jdbc.SQLServerConnection.connect(Unknown Source)

    at com.microsoft.sqlserver.jdbc.SQLServerDriver.connect(Unknown Source)

    at org.apache.tomcat.dbcp.dbcp.DriverConnectionFactory.createConnection(DriverConnectionFactory.java:38)

    at org.apache.tomcat.dbcp.dbcp.PoolableConnectionFactory.makeObject(PoolableConnectionFactory.java:294)

    at org.apache.tomcat.dbcp.dbcp.BasicDataSource.validateConnectionFactory(BasicDataSource.java:1247)

    at org.apache.tomcat.dbcp.dbcp.BasicDataSource.createDataSource(BasicDataSource.java:1221)

    ... 14 more


 

I have an open case with vmware right now. See if I can get it fixed.
Posted by jkowall at 8/28/2009 04:29:00 PM 2 comments Links to this post

Friday, August 14, 2009

Ahh my favorite

So we pay a LOT for support on some software, you are talking about 30-50k. I just got this email from one of my vendors. They happen to be one I am not fond of which I have commented on before:

Only 2 months and 10 days for a ticket reply for a new license.

Date of email reply - 8/20/2009 3:37am

Dear Jonah

Please find attached the license requested

Kind regards,



From: support.emea@somecompany.com [mailto:support.emea@somecompany.com]
Sent: Wednesday, June 10, 2009 03:22
To: Support EMEA
Subject: INC000000007516 License-request
Posted by jkowall at 8/14/2009 08:22:00 AM 0 comments Links to this post

Tuesday, July 28, 2009

Uverse hell

Day one - Thursday

I got my uverse installed, install went okay, took about 5 hours to get it running. Once the tech left I switched from my Clear Wimax connection to the uverse. Looked good, then I got on the PTPP connection at work, and it started dropping me every 5-9 minutes. I called them and worked with support for 2 hours and tried lots of settings on the router. These included lowering the MTU and upping the timeout. Nothing fixed it at all, they were keeping my case open in case I wanted to call back. Then I was playing with it later on and lowered the timeout and it seemed to fix the issue. The router has a very small connection table which is a known issue, I think with the 1 day timeout there were lots of open connections which weren't being cleaned up.

Day two - Saturday

Turned on the TV to start setting up some of the DVR recordings, and the DVR wasn't working. I called ATT and the box was dead, we tried to do a factory reset and OS reload several times and the box was toast. They promptly sent out a tech a few hours later. He tried with 4 different boxes and was unable to get it working. He was there for about 3 hours, and he was out of ideas. It was 8:30PM on Saturday. He also reset my router since the TV connects to the router and uses the line that is shared.

Day Three – Sunday

I reset up the router with the same settings I had before, but I started once again to get PTPP issues and drops. I messed with it for a while and gave up again.

Day Four – Monday

I turned on the DVR, and what do you know, it started working perfectly, makes no sense to me. I called support once again on my VPN issues, I gave them my case number and they told me they don't work on VPN issues and regardless of my case and the tech I worked with I should go away. I spoke to the shift supervisor and she told me the same thing, but was nicer about it. I told them I would disconnect service if I wasn't able to use a simple VPN. They were happy to lose me as a customer, and transferred me to the disconnection line. When I got someone there, I asked them if I could have TV only, and they said I need to have internet as well. I told them I would work on it some more, and let them know if I wanted to disconnect.

We happen to have firewalls which give us SSL VPN as a free option, so one of my co-workers set it up, and it worked perfectly. No drops, and no issues. At least I have a fix for now, so I can work at home if needed.

I called customer service and got a credit for my outage time and a discounted rate for the next 6 months. All in all I've wasted about 20 hours on this mess, but glad its working now. The customer support has been good, aside from the lady who refused to help me.

Service impressions

The base 6down/512up is decent, but no better than the clear wimax service. The TV seems very good, and the DVR is better than others I have seen, but I still miss my Tivo HD XL. Nothing beats Tivo!

I wish I had my FIOS like I had back in Boston L
Posted by jkowall at 7/28/2009 03:38:00 PM 0 comments Links to this post

Wednesday, July 22, 2009

Move - clear wimax - uverse

I haven't been posting becuase I just moved, and I'm also getting married in the next few weeks, but enough of the personal stuff. Lets get into some good tech talk :)

I have a verzion wireless card in my laptop which comes in handy when I don't have other ways to access the internet. Its a good connection, and usable for working as needed. The main issue is there is some lag/latency in the connection.

We have a clear Wimax device at work which is our backup internet connection if we lose the fiber link. I decided to borrow this connection during my move to deal with my lack of internet. All I have to say is that the connection quality and speed is amazing. The lag is almost non-existant, and the throughput is superb. I can even download a lot on it without an issue.

In my new location I can get ATT uverse, which is similar to the Verizon FIOS connection I had back in Boston. I loved FIOS, and was very sad when I had to move down to Atlanta and get on Comcast. I had a stuggle getting the FIOS installed, but eventually it worked and was rock solid for the duration of my service. It was also about $35 per month less than comcast.

Uverse costs as much as comcast, which is fine if the quality is there. I've had a small struggle so far getting uverse installed, but tomorrow is the big day when my place will be fully provisioned hopefully. I will post more on the quality of the connection and the TV capability compared to Comcast, Verizon (FIOS/Wireless), and Clear.

Another major difference is that on FIOS they ran standard cable from the Fiber demarcation point to the TV, so I used my Tivo HD XL box with cablecards, which was perfect! On Uverse they use a full IPTV device, which means my TIVO isn't going to work, but the picture quality and features should be better. The Uverse box also supports recording 4 channels at once, versus my TIvo's capability to record 2 channels at once. http://www.att.com/Common/totalhomedvr/

We'll see if it works well, more on that this weekend.

So I should be posting more, telling you all how it is to deal with vendors and technology we use in every day work and home life.

Leave comments, I like a good dialog!
Posted by jkowall at 7/22/2009 11:36:00 PM 0 comments Links to this post
Subscribe to: Posts (Atom)