sKatterBrainZ

Sometimes I want to go back to bed

After reading this post, I had to shake my head.  There's nothing inherently "wrong" with the post itself, nor with what Shawn says.  It's with the number stated by the NGC software survey of 368,000.  I don't care about the mitigation caveate of 4% either, it's just insane!  That many SQL Server instances running open on the net is like casually saying 368,000 Taliban have just entered the U.S. Capital building.  I don't see any difference at all.  Same thing.  Shawn's post on MSDN Blogs covers some really useful information about configuring the Windows Firewall on WS08 to deal with SQL Server issues like this.  I often wonder why there isn't a strict licensing requirement to run a computer like their is for operating on humans or flying aircraft.  It might help to alleviate some of the stupidity that seems so prevalent.

Share this post:                                       

Oh No. Say it ain't so! WSUS is choking on updates?!

According to Microsoft advisory 954960, Microsoft is "investigating public reports" of a problem reported with WSUS 3.0 and something stopping the deployment of updates when there are clients in the environment installed with Office 2003.  Anyone know of any of these?  Hah!  I thought so, there are more than a few of those out there.  This would have to be HUGE.  I would say more customers are running Office 2003 than any other version of Office, but I don't have any official numbers to back that up.  Just anecdotal bragging and a half empty can of warm beer (and a hairy gut sticking out, sorry).

From the sounds of this I would expect a rapid response from Microsoft and something to patch WSUS with (and hopefully nothing more complicated than that).

Share this post:                                       

Windows Server 2008: Pitchforks and Torches

I'm really trying to be stupidly poetic for some unknown reason.  Maybe because I'm really, really REALLY tired right now.  Commuting an hour each way to work (2 hours on Fridays) at 44 years old is very taxing.

Ok, on to the subject...

Like many wonderful IT folk, I work in an environment called "big corporate WAN place" which is built (mostly) on Windows Server 2003.  Like many big corporations, they're slow to adopt new technologies and products.  Not because they just don't want to, but because most places like this have developed meticulous methods and processes for handling what we all love to call "change management". The real reason behind that is "stability" (ok, you could also say "reliability" or "availability" or "sensibility" or even "lack of humility" - any will do).  That's not a bad reason either.  You can't expect to maintain consistent services for 20,000 "customers" if you develop a habit of tossing new things into the mix because "they're cool" (dude!).

But, like most IT folk that actually don't fear change (ok, we frigging die for it, but we have to be patient to earn the almighty paycheck), we will be powerless to resist the urge to propose something like this at a staff meeting, most likely on a friday....

"Hey guys, I was playing with Windows Server 2008 and it's really cool!  Maybe we...."

Dead stop, Sound of brakes skreetching and trash cans getting knocked down.

And you get THE STARE of death.  You know what I mean.

So what gives?  Why is it that the reaction is expected before the question is posed?  And why does it seem that it's even more pronounced with WS08 than it was with WS03?  Do you remember when you first had discussions about going from WS2K to WS03?  Or even NT4 to WS03?  I'll bet it really wasn't that horrific of a discussion.  Now, try that same approach with WS08 and watch the response.  If you're lucky (and if you are, please hire me?) your coworkers and boss all say "cool!  yes!  let's get a beer first and then start working on that idea!"  Man, I would need a box of tissues.

No, really though, it seems more often than not, there is increased resistance, actually, more appropriate would be to say there's increased "distrust" regarding WS08.  This is extremly unfair in my humblest opinion.  WS08 really is amazing.  I'll avoid sounding like Billy the OxyClean guy, but if you haven't actually tried it on, you really should.  Go download it and throw it into a VM and start beating it up.  You will be amazed.  It is simply the best server product (OS-wise) Microsoft has ever produced.  Period.  Hands-down.  End of story.  Umm, er, not so fast, I'm not done telling my story yet...

After some digging and questioning, I've found that it's almost always related to Vista.  Yes, Vista.  The FUD surrounding Vista, particularly in business environments, has spilled over into WS08.  Corporate IT folk have heard the market slathering of how great Vista is and what Vista can do and all that, but that sweet smell has faded considerably in the face of mounting opposition from many directions, even from mixed marketing signals coming out of Redmond itself.  So they've all developed a distrust for Microsoft marketing and this really wraps around operating system products it seems.  I can't say this evident with Office, System Center and database products (among others), just with regards to their operating systems.

Unfortunate indeed.  Microsoft really needs to regroup, rethink and redirect their efforts away from the shiney robot magazine ads, the monotonous voice tone TV ads espousing business ROI crap and get down to what sells the product: impressing the IT guys.  That's what works.  Because even when the CxO golfing buddy crowd isn't down with the 4-1-1 of something new and exciting, the IT folks are already there and they will find clever, creative, and inventive ways to stealthily weave it into the environment regardless of bureaucratic obstacles.  Don't believe me?  What has happened with Linux in the past 10 years?  Hmmmm?  I doubt 1 in 100 CEO's gave explicit directives to put Linux into the data center, yet it got there somehow.  I rest my case.

Microsoft:  The product is cool.  It's worthy.  Let it sell itself.  Stop with the dumb ads aimed at MBA people.  Adjust your sites and get to work.  We're waiting.

Share this post:                                       

Let's ask Mr. Owl: How many licks does it take to get to the max limit of WSUS 3.0?

Ok, I'm dating myself horribly here.  For anyone that figured out that tagline, great.  I'll see you in the pudding line at the retirement home.  For the rest of you:  It was an old cartoon TV advertisement for Tootsie Roll Pops.  Oh well.  I shall digress (because that's about the only thing I'm really good at it seems).

Brian Tucker posted a great blog article about setting up a SUP role on SCCM 2007 using WSUS 3.0 of course.  Read Brian's post if you want the good stuff.  The mention of how many clients you can support with a WSUS server node brought back a memory from a webcast session a while back, in which someone asked that very same question of the Microsoft wizard.  Ok, the wizard is the one talking, but they have a few background guys fielding the chat questions.  I'll paraphrase the answer and embellish it a bit (another thing I'm good at).

The party line is "20,000 or thereabouts".  However, and this is a BIG however, the answer really is....

IT DEPENDS

On what? You ask?  Well, on several factors, actually more than several, but I can't think of what comes after couple, few, several...  Oh well.

Some of the obvious ones are NIC capabilities, LAN link characteristics, WAN links, switches, routers, fiber quality, rodents chewing on cables, cables crimped in door jams, cable terminators installed by idiots, a poorly maintained server, a poorly maintained network, a poorly maintained staff.  I could go on, but those are the obvious items.  The not-so-obvious items are:  the size and quantity of updates (even with BITS, it doesn't really do much since BITS can't really "See" your network traffic loads, only what's happening with the local NIC(s) and such).  Also, the mix of local versus remote clients matters (LAN vs WAN = switches versus routers, etc).  There really is no one-size-fits-all answer for this question.  The same formulaic response has to be applied to many questions like this (i.e.  File server performance with respect to various client groups at various locations and times of day).

Ponder this for a moment (be thankful I didn't try to sneak the work pontificate in there): Supporting 10,000 concurrent clients from a single WSUS server might work for most Windows security updates, but what about Vista Service Pack 1, or Office 2007 Service Pack 1?  If you knee jerked and said "no problem!" you're drinking too much.  Remember, I said "concurrent".  Anyone that's experienced the painful burn and itch of such an attempt knows you need to stage things, either by time blocking or by hierarchical distribution (aka dissemination).  So, again, the answer is really "it depends".

If you're really bent on getting a factual-based answer, I'm sure you can do it.  I don't have the patience (or time it seems), but maybe you do.  If so, please feel free to post a feedback comment here for others to enjoy? 

Share this post:                                       

More Windows Server 2008 Links

Planning and Deploying WS08 RODCs

Windows SBS 2008 Help

SCDP 2007 Feature Pack for WS08, SQL 2008, more

WS08 Active Directory Features Overview

Share this post:                                       

Windows Server 2008 Links

How to install SC Data Protection Manager on Windows Server 2008

Multi Site Failover Clustering Connectivity and Windows Server 2008

Windows User Profile Policies on Windows Vista and Windows Server 2008

Share this post:                                       

WSUS System Event 13001: Part 2 - Sending Notifications

I was asked by a few readers (I can't believe I have a "few", I thought it was just "one") about how to setup the notification I mentioned.  It's very easy but depends on what operating system is used.  If you're on WS08, just create an Event-based Scheduled Task.  If you're on WS03, just create a scheduled task to fire off a VBScript file that sends an email using CDOsys.  Below is an example VBScript that will send an email for you WS03 users.  Be sure to edit the mailServer value, as well as the Send-To and Send-From values to make it work properly.  Another reason to go with WS08: simplicity.

'------------------------------------------------------
Const mailServer ="myMailServer.MyDomain.com"

Sub SendMail(sendto, sendfrom, subjectline, msgBody, msgFormat)
    Dim objMessage
    If (sendto <> "") and (sendfrom <> "") and (subjectline <> "") and (msgBody <> "") Then       
        Set objMessage = CreateObject("CDO.Message")
        objMessage.Subject = subjectline
        objMessage.From  = sendfrom
        objMessage.To = sendto
        If msgFormat = "TEXT" Then
            objMessage.TextBody = msgBody
        Else
            objMessage.HTMLBody = msgBody
        End If
        objMessage.Configuration.Fields.Item _
            ("http://schemas.microsoft.com/cdo/configuration/sendusing <http://schemas.microsoft.com/cdo/configuration/sendusing> ") = 2
         objMessage.Configuration.Fields.Item _
            ("http://schemas.microsoft.com/cdo/configuration/smtpserver <http://schemas.microsoft.com/cdo/configuration/smtpserver> ") = mailServer
         objMessage.Configuration.Fields.Item _
            ("http://schemas.microsoft.com/cdo/configuration/smtpserverport <http://schemas.microsoft.com/cdo/configuration/smtpserverport> ") = 25
         objMessage.Configuration.Fields.Update
        objMessage.Send
        Set objMessage = Nothing
    Else
        DebugPrint "error: Insufficient parameters (sendmail)"
    End If
End Sub
 

SendMail "you@MyDomain.com", "sender@MyDomain.com", "WSUS is having a bad day", "Computers are being bad - Go spank them now!"

Share this post:                                       

WSUS System Event 13001

Something I'm finding many WSUS admins are ignoring is that when you start seeing problems in the WSUS console as far as computers failing to install updates, there's also a corresponding Windows System event log entry 13001.

Log Name:      Application
Source:        Windows Server Update Services
Date:          6/23/2008 4:09:57 PM
Event ID:      13001
Task Category: 6
Level:         Warning
Keywords:      Classic
User:          N/A
Computer:     wsus01.davesnetwork.home
Description:  Client computers are installing updates with a higher than 10 percent failure rate. This should be monitored.

Why would I mention this?  Because if you really want to make your IT administration life simpler and more "automated" (don't we all), you can look to this for sending alerts.  There are many, many ways to leverage event logs for notification processing.  From EVENTCREATE to SCHTASKS to about a hundred shareware and freeware utilities, to plain old fashioned scripting (VBScript, KixTart, PowerShell, etc.)  If you don't fancy making a daily ritual out of opening up the WSUS console to hunt for problems like this, you can make them come to your Inbox or cell phone.  Keep in mind that this error repeats quite a bit, so you'd probably want to set things up using a scheduler or batch job, rather than making it event driven.

Share this post:                                       

Guess How Old: Hypervisor, VMM, Virtualization

Catchy, huh?  So, maybe you're younger than me (probably) and think all this Virtualization is "new stuff" and really "new" and "cutting edge".  Take a guess at what year all this stuff was first widely blabbered about:

1. 1995

2. 1974

3. 2001

The answer is (B), oops, I mean (2).  Don't believe me?  Read this and dig through the cited references: http://iase.disa.mil/stigs/stig/esx_server_stig_v1r1_final.pdf

Share this post:                                       

WS08 RODC Compatability Update Issues

As posted on several blogs, including those by Brian McCann and Jane Lewis, this update resolves issues with XP and WS03 clients when they are within scope of DC management for a site using an WS08 RODC.  The MS Support article is interesting (and humorous, sort of) in how it says you can install the update, or implement some manual workarounds.  It's worth noting that not all of the issues have available workarounds.  Why you'd want to bother with introducing a WS08 RODC and not consider deploying this update is beyond me, unless of course, you have an environment with nothing but WS08 and Vista machines. Issue #10 in particular is enough to make me suggest to anyone that you shouldn't even bother with a mixed AD environment (WS03/WS08) and just go directly to WS08 (parallel migration or whatever).  Every mixed AD environment I've seen entails painful issues.  If you can avoid it: avoid it.

Share this post:                                       

WS08-Core Scripts: 99 yards so far. 1 yard on your own?

It's very nice that the Server Core folks took the time to package up a few WSF script files to help with CLI management tasks.  Very nice.  However, I'm really confused why they got to the 1 yard line and decided to not score a touchdown.

Case in point:

cscript \windows\system32\scregedit.wsf /ar 0

Nice.  But why not just dump the above into a BAT or CMD file and just name it something like "ToggleRDP.bat" ?

Or why not wrap "cscript scregedit.wsf /AU /v" into something like "ShowAutoUpdate.bat" ?

Some scripts won't benefit from this, such as the script for invoking WMI to reset the page file setting: wmic pagefileset where name=”” set InitialSize=X,MaximumSize=X

They could have dumped a large portion of the WSF script features into much simpler wrapper files and put them in a folder within the default path.  Maybe these are already there and I'm just not seeing them?  Who knows.  If I'm wrong, let me know and point me in the right direction?

Share this post:                                       

Windows Server 2008 Core Command Reference

While this is not "new" by any means, it is very nice regardless.  This post is broken into separate pages which you must click through using the drop-down form list to navigate.  If you are planning to run WS08 Server Core, or already are running it, you should take a minute to look at this.  It might save you some time later on.

Share this post:                                       

Blog Splitting

In an effort to avoid posting irrelevant material here, which I'm prone to doing (remember, my nickname is skatterbrainz), I have revived my old blogger blog.  Say that ten times as fast as you can.  Blogger blog.  The link is http://skatterbrainz.blogspot.com

I plan to continue posting more relevant material here as time permits, but I'm currently being pulled in multiple directions.  None of which allow me much time to compile useful, meaningful information about WSUS or WS08.  I promise that I will soon but for now I have to focus on getting up to speed at my new job and dealing with the 1-2 hour commute each way every weekday.  That leaves me with just enough time to say hi to my wife, four kids, dog, cat, eat, shower, sleep, wake up and repeat it again.  Today was my oldest daughters' (the older two of them) last softball game, and my son finished up baseball the prior weekend, so now it's Summer time and time for daddy to fire up the charcoal grill and cook anything with four legs that can't escape fast enough. I still have my fledgling web development business going and that's getting tougher to squeeze in on the after hours and weekends but I need to keep it going.  Gas is not getting cheaper after all.  Neither is food.

So, anyhow, don't think I'm vacating the premises.  I'll be posting more stuff soon, just hang on and check back every now and then.

Share this post:                                       

WSUS is 2-Legit 2-Quit?

In case you don't read the WSUS Team Blog (you should by the way), there is a rather ominous posting regarding the WinVerifyTrust update for WSUS 3.0.  To summarize: It will be MAN-DA-TOR-Y.  That's right: required.  You must pay $200 to pass Go.  No free lunch.  Now, before you start moaning and complaining, read up on why they are doing this.  It's for a very good reason.  Read the details here.

Share this post:                                       

Links of the Week

Here's a few links that might be useful to someone...

Update for SCCM 2007 for WSUS offline scan catalogs

WS08 Security Confg Manager 2007

Scott Lowe on MAP toolkit from TechEd

Getting PowerShell on WS08 Core

Update for SMS 2003 and R2 for Vista/WS08 Update Packages

Also, I'm dropping support for DCIS and my aging book "The Visual LISP Developer's Bible".  If anyone still needs to get at it, do so quickly.  I'll be removing them this weekend probably.

Share this post:                                       

WS08 RODC Info and Tips

Ulf puts this so well, that I really can't add anything better to it.  Just read this blog post. 

Share this post:                                       

Vista SP1 using WSUS 3.0

 For anyone using WSUS for patch management, who doesn't already keep their eyes glued to the WSUS Team Blog, they posted a reminder about being sure to install KB938759 before you attempt to approve installing SP1 for Vista clients.  As they note: failing to do so will cause you great pain.  The net result would be that your WSUS servers would repeatedly download the binaries indefinitely due to an issue with the WinVerifyTrust component.  For more information about this, check out http://blogs.technet.com/wsus/archive/2008/06/05/windows-vista-sp1-available-to-wsus.aspx

Dave's note: As I typically say about such matters...

If you use WSUS to manage your patch efforts and you get that itch to "push" or "deploy" service packs which are relatively "large" (as are those for Windows, Office and so forth), scratch very carefully.  Review your WSUS hierarchy, WAN links, LAN health, disk space on your WSUS servers, disk space on your clients, and how much beer you have in your small stealth fridge under your desk.

Probably the best way to summarize WSUS, as compared to things like SMS or SCCM, would be to say that WSUS is like swatting flies with a brick, whereas SMS/SCCM/etc is like targeting them with a robotically-controlled LASER device with nightvision goggles.

Share this post: