Archive for March, 2005

SP1, x64, DSI, VS Team System, ADFS, Istanbul – All at the Spring MSDN Technet brief in Rotterdam

Thursday, March 31st, 2005

Today I was at the spring MSDN Technet brief in Rotterdam, a free event that you can attend, where Microsoft and partners get you up to speed on the goings on, and where you can follow some interesting sessions and labs.

The Keynote, given my MS’ Tony Krijnen (exellent speaker) of course focused on the bran-spanking-new SP1 release for Windows Server 2003, which was last night released as RTM, aswell as going into some depth on the x64 versions of MS products that are also RTM as of today.

No mention though of the new Exchange 2006, even though that news has seen hitting the MS news crowd today also.

Followed 2 sessions on security, one was on security policies, which was terribly presented, and was nothing new for me. The other was very interesting; all on hardening and securing Exchange 2003, which I still have way too little experience with. Level 300 material does it for me! 😉

Also attended an in-depth session on Service Pack 1, with special focuse of course on the new Security Configuration Wizzard. I couln’t help but wonder weather there is now a rather large overlap in the way one can role-out security settings, and the tools one can use for it: Group Policies and the various interfaces we use to administer them, Security Templates used locally, again with associated consoles, now the SCW. I mean.. all great stuff, but i feel MS might be getting a little bit away from itself here with all these different aspects of doing basicly the same thing!


Also demo’d briefly today was Visual Studio’s new DSI (Dynamic Systems Initiative) interface, by which I actually mean the Visual Studio 2005 Team System To show it off they did a little play-act between the “sysadmin” and the “developer” , where the developer could inport a “model” of the sysadmins network, and test application design and deployment against it. This was definatly a tool that got me looking, and I would make good use of it if the oppertunity presented itself. However.. I have very rarely been directly involved with developers, because of the services-based orientation of my job.

Now it was interesting to see this particular angle of DSI, as I was more aware of it as a drive towards more interoperability and procedural administration (think MOF), amungs other things. That there is also this development integration aspect was not something I was aware of, so back to the technet site for me! (or perhaps the MSDN site? 😉

Speaking of DSI and the server products that are associated with it, I picked up the SMS2003 Administrator Companion, at 40 euros. Still my intention of getting into that.


Also demonstrated was the Office Communicator 2005 (Istanbul), the client portion of Live Communication Server 2005. I was impressed by the deeper integration it appears to offer.. also it looks dead cool with its steely gray standard skin 😉 Tried in vain to find a picture to post here, must be NDA or something 🙁

We also got a little sneak preview of Windows Server 2003 “R2” in action.. we where briefly shown the Active Directory Federation Services tool, where you can couple AD to another Identity system. Learn more about ADFS here and here . (for lack of a better resource currently). After hearing all those cool talks on Federated Identity on IT Conversations, this was pretty cool to see. Also, being the silly and backward Dutch IT crowd, I am sure this is the first time many of them even heard the word ‘federation’ ..or “Identity” for that matter 😉

[Edit this entry.] ITT: Troubleshooting some (common?) SBS 2003 issues I came across

Wednesday, March 30th, 2005

Today I am at a customer again, for whome I had set up their first network and domain, based on Microsoft Small Business Server 2003.

They have called me in today to solve some of the ‘critical errors’ their SBS server is giving them. Because they seem to be pretty generic, and probably common errors, I thought a ITT blog post might be cool, so I will be formating this post as a kind of ‘dairy’ of the day.

(The SBS installation is in Dutch, so I am forced to traslate errors ad-hoc, I try to name by English language equivelant where I can though!)


Just came in, plugged me laptop (which is not part of domain), starting coffee drip, and started me Outlook with the profile I have prepared for my mailbox here. The admin mailbox is used to send all the standard reporting and alarts of SBS too, and a rumage though it does indeed show a number of issues. Apart from any issues I find here, I have also been told the server is slow in responding most of the time.

The first error I am gonna tackle is the following:

Subject: Process (store.exe) Alert on ServerName
Alert on ServerName at date time
The store.exe process is allocating more memory than usual.
Check to see if you are having problems with e-mail. If so, stop and then restart the Microsoft Exchange Information Store service. You can disable this alert or change its threshold by using
the Change Alert Notifications task in the Server Management Monitoring and Reporting taskpad.

One of the first google results (I use google before MSKB, because MS KB is indexed well by google) I run into is Carlie Anthe’s weblog. He seems to be on the MS SBS team, so his blog is gonna prove usefull.  He also points to a link that I had not run into yet: Downloads for small Business Server 2003 (I had gotten all the updates so far from Windows Update).

Actually, I looks like his blog isnt updated that frequently, and doesnt contain that much information. There does seem to be mention of the problem I have identified already, that the store.exe process is triggering memory alerts, since the installation of Exchange SP1:

Via a trackback I quickly run into the self-proclaimed “Diva” of SBS, Susan Bradley. Very vert helpfully, Susan has provided a google search box, with her site as a pre-defined target, saving me the trouble of doing that kind of search myself this time. I do search and find quite a meriad of mentions of this issue.


It seems to me that first thing is first, lets determine how much memory store.exe is actually consuming. Also, I would like to know if it really is actually causing a problem in performance. If it is, it may explain why the server appears sluggish to some users.

Determining how much memory store.exe is using now, is not hard of course. Personally, I usually grab Sysinternals process explorer for this, cause it gives me more and better info than the default task manager app, I might grab it later, for now I only want a memory usage overview.


This SBS server has 1gb of memory. As you can see, store.exe is using about 300mb of memory. The second largest process appears to be IIS, at 50mb. Is 300mb much? Is this too much? This post, pointing to this fix, makes me wonder, as microsoft simply turns off the store.exe alert. If you are not alerted to a problem, does that make the problem go away?

This associated KB article explains a bit more.

In the original release version of Exchange 2003, the virtual memory that is allocated to the Jet database cache is allocated as “mapped bytes.” However, in Exchange 2003 SP1, the virtual memory that is allocated to the Jet database cache is allocated as “private bytes.” Therefore, the memory size that is reported as used by the Store.exe process is dramatically larger in terms of “private bytes.” For example, an Exchange computer that has about 4 gigabytes (GB) of RAM might report an increase of about 900 megabytes (MB) of private bytes memory after you install Exchange 2003 SP1.

This also gives me an estimate of what to expect in terms of private byte usage totals. 900mb for 4gb? So 300mb for 1gb sounds reasonable then. But I need to be sure. We will return to this later, lets apply the patch first, after all, I need some results before the end of the day.

Patch doesnt require a reboot (I should have checked beforehand, you never know!). I can quess what it has changed in regard to the store.exe alerting, so I check to see if it has simply disabled the alart, or upped the threshold.


Yup… it simply disabled it. Its no biggy I guess, if the server runs into serious memory issues, other alerts will start to fire. As it is, the server seems to have a reserve of 100-150mb left. Its not much, but it seems to fall within the default operating paramaters of SBS.

But I am stilll curious weather all is really fine and dandy in memory land.


Now memory and processes is not something I am super familiar with, so I need to dig some technet references on how to measure and analyze memory usage. One of the best resources I came across for this kind of this, was my paperback version of the Windows 2000 Server Resource Kit, and the digital version of the chapter I am talking about is here.

(please take note of the non-default scales)

As you can see, this system seems to be doing fine. No paging at all, loads of working set pages available, and in this view, about 200mb of unnasigned memory. If this server is slow, its not because of a memory problem, at least, not on the ‘surface’.


Coffee break. Hmm.. no more coffee. Set a new can going, will return to it later.


I examen some of the other errors in the SBS report. They are mostly referring to eventlog issues. Some are pretty mundane, such as the missing printer driver the server looks for, the moment I connect with my laptop over RDP. By default, the RDP client tries to forward printer functionality from the server to my locally connected printer on my laptop, but it cant find the driver it needs. This error can be safely igonored of course, I am not actually home, and I dont wanna print anything via the laptop anyway.

This one is definatly more interesting:

Type gebeurtenis: Fout
Bron van gebeurtenis: MSExchangeDSAccess
Categorie van gebeurtenis: Topology
Gebeurtenis-id 2102
Datum:  30-3-2005
Tijd:  4:01:13
Gebruiker:  n.v.t.
Computer: TPS1-SBS
Process MAD.EXE (PID=3784). All Domain Controller Servers in use are not responding:

A quick scan of Google reveals KB article 321318.
I doubt the mentioned scenario at the top of the article is the case here.. people are using mail without any problems, the store seems mounted and all is well. So this seems a one-off event to begin with. The timing I find curious also. 4.01am.

High workload due to backup?

Well we have the SBS NT backup starting at 23:00 every night, the Iomega backup that takes the daily SBS NT backup, and sticks it on tape (or rather: “Rev Drive” every other day.), starts every morning at 5:30am. So I cant really see a connection there.

I spend 15 minutes trying to find the backup log for this Iomega backup software, only to find that its stored as part of the backup-setup, and worse, that each backup setup is stored per user, in the user profile. I also start to doubt that the backup would function at all without the front-end Gui app being active. This means that the only reason the backup has been working at all, was that the RDP session of the director of the company, under whose session we setup the Iomega backup, was still connected.

I already had a hunch that this Iomege Rev Driver backup was not going to be an ideal server solution.

There is another backup-related error in the logs, that the remote storage manager cannot write to the medium in G. This would be the rev drive. But the issue is easily explained. It occurs every other day at about 18:00. Looks like the guy here is ejecting the drive, where he perhaps should be using a different method. I must say, I had not looked at this at all, and had assumed you could simply just eject and remove the drive. Will check the manual later on.

I send the next hour testing some backups, and messuring system performance to get an idea of what the load is. During the Iomega backup, the server runs up some pretty high page-fault scores, even though available memory doesnt seem to decrease much. Something in the way memory is handled perhaps, that I am not aware of. Backup estimates to be about 45 minutes. We break for lunch.


Backup is probably finished, but I cant log back into the directors DRP session cause of password, he is still lunching. Page faults seem to have gone again. Looks like its overload from the backup process.
Looking at the contents of the Rev Drive, it seems to have worked oke.

Time to look at the NT backup.

Well the Server manager reports that backups seems to be working well most days, however, on some days it simply fails, but distrubingly doesnt write anything to the backup log, like the monday backup:
28-3-2005 23:00
Datum: 28-3-2005
Tijd: 23:00
Gebruiker: SYSTEM

Back-up runner is gestart.
NTBackup wordt gestart: ntbackup.exe backup “@C:Program FilesMicrosoft Windows Small Business ServerBackupSmall Business Backup Script.bks” /d “SBS back-up gemaakt op 28-3-2005 om 23:00” /v:yes /r:no /rs:no /hc:off /m normal /j “Back-uptaak van Small Business Server” /l:s /f “F:Windows BackupBackup FilesSmall Business Server Backup (01).bkf” /UM
LOGBOEKBESTAND VAN NTBACKUP: C:Documents and SettingsSBS Backup UserLocal SettingsApplication DataMicrosoftWindows NTNTBackupdatabackup09.log
=============<BEGIN VAN LOGBOEKBESTAND VAN NTBACKUP>===============
=============<EIND VAN LOGBOEKBESTAND VAN NTBACKUP>===============
Er zijn fouten opgetreden tijden de back-up.

Raadpleeg het artikel over probleemoplossing voor back-ups op de volgende webpagina: voor meer informatie over mislukte back-ups.

Back-up is beëindigd op maandag 28 maart 2005 om 23:00
Back-up runner is voltooid.

The backup log refers to the standard SBS 2003 trouble shooting document, and the first issue in the document is:

The NTBackup log is blank.


NTBackup.exe is being manually ended from the Task Manager, or NTBackup.exe encountered an error during launch.

Solution:  Run NTBackup manually, and load the Small Business Backup Script.

To run NTBackup manually and load the script

  1. Click Start, click Run, type ntbackup, and then press Enter. The Backup or Restore Wizard launches.
  2. On the Welcome to the Backup or Restore Wizard page, click Advanced Mode.
  3. Click the Backup tab.
  4. From the Job menu, choose Load Selections.
  5. In the File Name box type %sbsprogramdir%backup.
  6. Click Small Business Backup Script.bks to select, and click Open.
  7. On the Backup tab, click Start Backup.

If the backup succeeds, run the Windows Small Business Server Backup Configuration Wizard from the Backup taskpad in Server Management. If the problem persists, click Start, click Server Management, click the Information Center link, and then click either Community Website or Technical Support to get information about the problem.

If the backup fails, consult the error message for further information about the problem.

Well I am able to manually run a backup oke using the SBS script, And last nights backup went well also.
There is no mention at all in the eventlog of why the backup fails, only that it fails, and then it throws eventlog errors:
I trow out the backup configuration, and use the wizzard to create a fresh one.

I have a good rummage around google for other clues. There seem to be lots of references to error 800423f2, but I cant find any mention of this error in the logs, so i dont think its relevant to my case.

1:37pm provides a possible awner.

Apon checking the rights assigned to the accounts, group membership, and group policy modeling, it looks like this might indeed be the issue. The backup is being run in the context of the SBS Backup “backup user” account. This account does not have any special rights, though, according to the above article, someone suggests that this account must have at least “log on as a service” and “log on as a batch file” rights.

Let me find an authoritive source to confirm this before I try it.

Cant find any. Cant find any resource to tell me what rights the SBS backup-user account should have.

The only thing I can do, is try to give the account some more rights (log on as a service, as a batch job), turn on Verbose logging in NTbackup, and wait to see what happens.

Another problem they seem to be having is very slow access to files and folders on the fileshare.

I try to access some shares from a laptop, and can see it is indeed very slow to respond, and to produce a directory listing.

Eventlog on the server doesnt show anything. However, the eventlog on the client shows a very common error indeed: The Redirector Failed to determine the connection type. KB article 315244

Oke..  I had turned on netbios over tcp/ip on the servers network interface. Lets turn it off and see of that helps. As far as I can tell, no services in this company depend on the netbios name resolution.


Well it didn’t help, at least not on his laptop. Turns out that no one else was really having a lot of trouble with the network, not as much as him at least. The last 2 hours I made a vbs login script to create driver mappings, thus trowing their network use back a decade, but with the upshot of pre-making sessions before they actually double click on their shortcuts, speeding things up considderably in some cases.

For him, his network slowness turned out to be the fact that on his laptop, the Windows Netware drivers where installed. We removed them and preso!


Well.. all in all not a terribly productive day. We’ll just have to see weather my teeaking of the NTbackup will create more successfull backups.

The Iomega rev drive is just a guess. If it suddenly decides to stop reading its tape in the middle of the week, there is very little I can do about it. Its just not a proper service-based backup.

The combination of Turning off Netbios over TCP/IP, making a loginscript with mappings, has speeded share access up, at least I think so. Again, time will tell.

As for the other issues he came to me with.. I have emptied the event logs. Gives SBS something new to complain about. One last tweak is that I am forwarding the SBS reports to my gmail for now, will allow me to keep a tab on things.

As for explaining all of the above to this customer. Well.. its all very much beyond them. I am sure that the next little red cross that appears, will be ample reason to call me over again.

Games and Gamers meets Business and Learning… how the new generation will 0wn you

Friday, March 25th, 2005

Two Tech Nation interviews that I really enjoyed this evening, and found myself totally identifying with.

John Beck – When Gamers Enter the Workforce

Dr. Moira Gunn speaks with John Beck, a Senior Research Fellow at USC’s Annenberg Center of the Digital Future. He warns that the “Gamer Generation” is about to enter the workforce — and that means change.

John Beck is the author of “Got Game — How the Gamer Generation is Reshaping Business Forever.”

Dr. Henry Jenkins – Video Games and Education

Dr. Moira Gunn interviews Dr. Henry Jenkins and learns how he thinks video games will revolutionize education. Dr. Jenkins is the director of the Comparative Media Studies Program at the Massachusetts Institute of Technology and the co-editor of Rethinking Media Change: The Aesthetics of Transition (Media in Transition).

I actually read up on Henry Jenkins a while ago, and found him and his work profoundly interesting. I think it was about Massively Multiplayer games, and how people deal with having an online or virtual persona, and the psychology behind it. » Blog Archive » Podcast with Robert Kloosterhuis

Wednesday, March 23rd, 2005 » Blog Archive » Podcast with Robert Kloosterhuis

Oh I almost forgat about this! I am featured on the latest security news podcast!
Its basicly a recorded Skype call.

Symantec Internet Security Threat Report Volume VII

Monday, March 21st, 2005

Its not been posted just yet, but various sites are reporting the release of Symantec’s Internet Security Threat Report Volume VII.

Here is a link to where it probably will be posted:

With this report, keep 2 things in mind:
1. Symantec has a vested interest in selling and marketing their own Antivirus/spam/spyware products.
2. Symantec is nontheless in a good position to compile statistical information on threats detected.

Reports like these are, in my experience, treaded in one of two ways by IT managers. Or they are dismissed out of hand, for reason no.1 … or they are a more trustworthy source for knowledge on these matter than myself, partly for reason two, but more cause its an ‘official report’ .. and managers often dig that kinda stuff..       Yes.. im my experience many IT managers are that shallow.

Anyway.. I will have a page thought it later on.