|
||||||
|
When installing a APC network management card,there are a couple of things to note for an easy install. If you are just needing to install the PowerCute Business Edition 7.xx (8.xx doesn’t come with all the features 7 does!) you can download it here http://www.apc.com/tools/download/software_comp.cfm?sw_sku=SFPCBE704 For the last few weeks I have been working on a case with Symantec on End Point Protection 11 MR4 MP1 with the reporting feature not working on a SBS 2008 server (IIS7). What seems to happen is when you log in to the SEP Management console and authenticate, you get the following error: “Unable to communicate with the reporting component.”
Upon further diagnostics, it appears that the SEP management console uses Tomcat for it’s database, and PHP for the code. On this particular server, we have IIS7 setup to host different websites, including some that use PHP as well. In this case, PHP version 5.2.8 was installed and working properly, however, SEP 11 uses PHP 5.2.6. I had PHP 5.2.8 installed at c:\inetpub\PHP and SEP’s PHP installed at C:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\Php . I don’t see why they both can be on the same server, but upon further diagnostics, it appears that SEP’s reporting engine will not work if another PHP instance is installed and the folder is called PHP. Here’s how I resolved it: Renamed my current installation of PHP 5.2.8 folder from c:\inetpub\PHP folder to c:\inetpub\PHP5.2.8\ Then edit the php.ini file in that folder and change the following line under Directory in which the loadable extensions (modules) reside. to: extension_dir =”C:\inetpub\PHP 5.2.8\ext” Ok, once done, do a quick IISRESET Now open the SEP console, and it’s working as expected. This took a lot of troubleshooting to figure this little bugger out. Thanks to Riddhi Talukdar, Support Analyst(Endpoint Security) at Symantec Corporation If you are setting up SEP, Symantec End Point Protection, make sure you open ports 9090, 8014 and 8443 to avoid any communication issues by default. Recently, I have been working a lot with SEP, also known as Symantec End Point Protection, whch is really a great product for protecting the network and computers from virus’s, and other malware. It also has a whole host of features to control your staff from getting into trouble at work. While troubleshooting an issue, I needed to manually remove the product. I wanted to highlight the links to removing it: “How to manually uninstall Symantec Endpoint Protection client from Windows 2000, XP and 2003, 32-bit Editions “ “How to manually uninstall the Symantec Endpoint Protection client from Windows Vista 64-bit” “How to manually uninstall Symantec Endpoint Protection client from Windows Vista 32-bit” http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2007080209280848 Hopefully you will never have to do this, but if you do, here it is I came across this new article today from Microsoft, and it is very imformative. On a Windows 2008 terminal server, each time I install Office 2007 OEM in it, and then run the application, I get the error “This feature is not available. For more information, contact your system administrator.
This is a very generic error. I made sure that I used the command change user /install and then once installed, change user /execute as per the KB article http://support.microsoft.com/kb/320185 which I still believes applies to Terminal Server 2008. After further research with Microsoft, we came across this article, http://support.microsoft.com/kb/924622/en-us which states you can’t use a OEM copy or retail copy of Office on a Terminal Server. Apparently, it can’t activate because of Terminal Server which is why it throws up this error. When we manufacture computers for our customers, we generally sell them with a copy of Microsoft Office, however, since 2007, Office stopped shipping with physical media. I am not sure why Microsoft did not want to ship a CD (I don’t think they cost that much to produce) but they did. We sometimes get a request from a customer who is reformatting their PC that they need the Office media to reinstall. If you open the package you will see an insert that says you have 90 days from the time you bought it to submit a fee and order the actual media via the postal service. Most people I know don’t like to wait, so this is never a good option. I believe that Microsoft heard the message loud and clear and now has a URL that you can download the media from. http://www.microsoft.com/office/backup/en-us/default.mspx
Make sure you do this within 90 days, as the 90 day rule still applies. A even better idea is to add Microsoft Software Assurance to the product within 90 days, then you will be eligible to get Office 2010 when it comes out without needing to spend any more money on the product! In Fact, Microsoft has now extended the time to get this to 180 days for Office Small Business Edition and Professional. I often have to configure SBS 2008 (Exchange 2007) to allow mail to relay from devices like APC UPS’s, network switches, copiers and other devices or programs on the local SBS SMTP server. This is not always suggested as if you get a virus on the network or bot, it can start sending all kinds of mail via the Exchange server if it uses the IP’s you allow which can lead to other issues. But sometimes you have no choice, and this is for those no choice situations. First, open up the Exchange Management Console, and navigate to Server Configuration, then Hub transport. You should see three connectors by default. They are: Default, Windows SBS Fax Sharepoint Receive, and Windows SBS receive as shown below
We are going to create another connector and configure it, and do it all by the powershell. Open up the Exchange Shell (Powershell) and type in the following command: New-ReceiveConnector -Name RelayConnector1 -usage Custom -Bindings 192.168.1.2:25 -fqdn server.domain.com -RemoteIPRanges 192.168.1.100 -server SBSESERVERNAME -permissiongroups AnonymousUsers Where the Bindings IP is your SBS Server IP followed by :25 (PORT 25), the fqdn is the FQDN of your Exchange Server and the RemoteIPRanges is the IP of the device you want to allow relaying to.
Next, we will assign Anonymous permissions to the connector by typing in Get-ReceiveConnector RelayConnector1 | Add-ADPermission -User “NT AUTHORITY\ANONYMOUS LOGON” -ExtendedRights “ms-Exch-SMTP-Accept-Any-Recipient” I suggest to also bypass the Anti-Spam filter for this, so let’s also execute the following command: Get-ReceiveConnector RelayConnector1 | Add-ADPermission -User “NT AUTHORITY\ANONYMOUS LOGON” -ExtendedRights “ms-Exch-Bypass-Anti-Spam” That should take care of it. If you ever need to add additional IP’s to allow to relay, simply open up the new connector you made in the Exchange Management Console and add the IP under the Remote IP Address’s section.
Last month, I was invited to attend a four day training at Intel’s Hillsboro Oregon campus for a program that is called NPW (New Platform Workshop). Every time Intel comes out with a whole new platform, they select key partners to come and train on the new platforms. The new platform I received training on is code named “Nehalem” . The new Nehalem Microarchitecture is nothing like it’s predecessors. During my four day training, I received valuable training on power savings. Going green is nothing new to me, but actually seeing the power savings in front of my eye’s with actual proof is what made me a believer from a skeptic.
What we see get’s most utilized is the memory and hard disks in a server. So if you have 4 servers sitting around, not using their processors, it makes sense to consolidate them into virtual servers to take advantage of what you paid for, the processing power. With the Nehalem processors, since the memory is sitting right next to the processor and has 100 lanes on the freeway for our Ferrari, you will get a major increase in performance in memory to those 4 virtual servers. Another savings you will get is the cost of parts and maintenance. If you have only one server to maintain for parts, you have less parts, which means less money you have to spend on maintenance. Today I was troubleshooting an issue with an old legacy application that requires opportunistic locking to be disabled on the server. After doing some research, I discovered, that, if you disable opportunistic locking on the server, If you disable opportunistic locking, the offline files feature in Windows Vista fails. This could be a really bad thing. Also, as in my case, the client is using all Windows Vista workstations, which by default use SMB 2.0 with a 2008 server. The registry setting for this change has also changed, per Microsoft KB article 296264 . A thought came about, what if I disable SMB 2.0 on the server, then the workstation would be forced to use SMB 1.0 and I can use the old opportunistic locking disable feature. But boy, that would certainly slow down the SMB on the network, thus resulting in another situation. I had to figure out how to disable SMB 2.0. Looking in the Microsoft Resource Kit for Vista and 2008, I found how. Here is how to disable it: To disable SMB 2.0 on Vista clients, run the following commands with elevated privileges: sc config lanmanworkstation depend= bowser/mrxsmb10/nsi sc config mrxsmb20 start= disabled To disable SMB 2.0 on Windows Server 2008, add the following registry value: HKLM\System\CurrentControlSet\Services\LanmanServer\Parameters Value name: Smb2 Value type: REG_DWORD Value data: 0 Reboot both the Vista machine and the server to cause SMB 2.0 to be disabled. Follow these steps below to enable SMB 2.0 on both Vista and SBS 2008: To enable SMB 2.0 on Vista clients, run the following commands with elevated privileges: sc config lanmanworkstation depend= bowser/mrxsmb10/mrxsmb20/nsi sc config mrxsmb20 start= auto To enable SMB 2.0 on SBS 2008, modify the Smb2 value data to 1.
I hope this helps someone else needing to do this. I highly don’t recommend disabling this, as your network communication will slow down dramatically, but if you have an old application and need to do some testing, this will certainly help rule SMB 2.0 out of the equation. |
||||||
|
Copyright © 2024 Lyle Epstein's Systems Engineer Blog - All Rights Reserved Powered by WordPress & Atahualpa |
||||||
Recent Comments