# Sunday, August 25, 2013

After replacing a Hyper-V (windows Server 2012) host, DHCP started to have issues. Unpredictable results so to say.

The old host had a teamed dual-port Intel PT1000. At the network side, a Link Aggregation Group was defined on the Cisco SG300 switch.The new host is equipped with an on-board Broadcom NetXtreme controller and an additional dual-port NetXtreme II adapter. The onboard controller was configured as IP-interface for the host, for the dual-port adapter I installed the Broadcom Advanced Control Suite 4 (BACS4, Version 15.6.31.0) and an additional LAG was defined on the SG300. Well, it wasn’t a clear victory! When pinging between hosts, packets between physical and virtual hosts seemed to be dropped, DHCP wasn’t renewing and RDP-sessions to virtual systems were having response issues (can happen when packets are dropped). The main difference to me was the Hyper-V host, where in the old situation the Intel PT1000 was shared between the host OS and the guests (as external virtual switch). In the new situation the dual port Broadcom was dedicated for the virtual switch.I must admit knowing little more than the basics on Hyper-V thus one Googles in all directions. And thus I stumbled upon SR-IOV. It’s late, SR-IOV made sense to my new situation thus I gave it a try by replacing the old virtual switch with a new SR-IOV based virtual switch. Hurrah, everything seemed to work now; ping, stable RDP sessions and DHCP renewals.

However after a couple of days, I wanted to use my Android tablet, but it did not receive an IP-address. Pressed for time, I switched to my laptop. A few days later, I turned on a Windows 8 system that had been unused for the last couple of weeks and it too did not get an IP-address… so I still did have a DHCP issue! I blamed the switch configuration for a while, as well as the firewalls on the Windows systems. Wireshark showed the DHCP Discover leave at Windows 8 hosts and never arrive at the virtual DHCP server. But other DHCP packets (renewals) were observed, both at the unwilling client and at the server. When I put a static IP on the Windows 8 host, it still couldn’t ping the DHCP Server (or any other virtual system). The MAC of the Windows 8 host did however show up in the MAC table of the switch (but so did the MAC addresses of the virtual servers). I must have reconfigured the switch 13 times, disabled the firewalls and still no result. Oh my… do I now have one of those nasty interoperability issues between switches of different vendors (Cisco and Microsoft)… I needed to learn more about virtual switches in Hyper-V and luckily one of the first links I hit was Hyper-V and VLAN’s by Aidan Finn. I especially want to quote him on:

“I must warn anyone reading this that I’ve worked with a Cisco CCIE while working on Hyper-V and previously with another senior Cisco guy while working on VMware ESX and neither of them could really get their heads around this stuff.  Is it too complicated for them?  Hardly.  I think the problem was that it was too simple!  Seriously!”

That was comforting, it must therefore be that the solution should be simple. At the bottom of Aidan’s post was yet another link that seemed useful Windows Server 2012 NIC Teaming Part 6 – NIC Teaming In The Virtual Machine, and it was! The final part of a series useful articles, which led me to the Microsoft un-support statement of third party NIC teaming: Microsoft Support Policy for NIC Teaming with Hyper-V

Bottom line: the Broadcom Advanced Control Suite could be the source of my problem. I uninstalled it from the Hyper-V host and then configured NIC Teaming from Hyper-V. And the result of ipconfig /renew on the Windows 8 computer: Discover, Offer, Request, ACK. Just the way it should be.

Sunday, August 25, 2013 10:08:07 PM (W. Europe Daylight Time, UTC+02:00)
# Wednesday, August 5, 2009
 #
 

Bram_StanI knew this was coming and still I was taken by surprise; my son Bram was born last week (July 27th). An event like that turns your life upside down, forever. I'm not in the habit of putting personal stuff on the net, but this is worth the exception. So here they are, a proud father and his one day old son.

Wednesday, August 5, 2009 2:39:29 PM (W. Europe Daylight Time, UTC+02:00)
# Wednesday, June 17, 2009
 #
 

I've been holding this one off for quite some time, but finally bit the bullet... migrate the server.Coming from Windows Small Business Server 2003 (32-bit) going to Windows Server 2008 with Exchange 2007 (both x64), including transferring the web site. There were a few nasty pieces in the process and I didn't have/take the time/resources to test it all though before jumping in... so I got a disruption of about one hour for the blog and inbound smtp.

First issue I encountered was the installation of the server, which I ordered from Dell without operating system. I am a Microsoft Action Pack subscriber, so I slammed the 64-bit Windows Server from the Action Pack on the system, entered the Product Key and then went on to phone based activation. After putting in the last confirmation code and pushing the next button... my activation wasn't accepted!!! ... to cut a long story short, after dozens of voice menu selections and 4 persons, I found the guy who could help me out: Philip. Though it still toke Philip and me about 20 minutes to find the actual problem... I wasn't an Action Pack subscriber anymore!!! Technical story here, but it happened when Action Pack was integrated more tightly with the Partner Program. Somehow I didn't complete the Action Pack renewal transaction completely in February, but the partner site didn't show that (it only showed I'm still good for the Partner Program).

Couple of days later, I could go ahead with the migration process. It turned out to be easier than I expected after I found a very useful document about Upgrading Small Business Server 2003 to Exchange 2007. Some pointers on using the document though;

  • Transferring the the other FSMO's (Schema Master is described); Determining FSMO Role Holders
  • With Windows Server 2008 you NEED the Exchange 2007 SP1 DVD, Exchange 2007 without SP1 will not pass installation checks.
  • Section Migrate mail send does not cover migrate mail receive. This caused me a bit of downtime... The issue was
    SMTP error from remote mail server after MAIL FROM:<abcd@efg.hi> SIZE=2703:
    host abcdef.ghi [10.10.10.10]: 530 5.7.1 Client was not authenticated

    And can be solved in the following manner in Exchange Management Console:
    • Go to the Server Configuration, Hub Transport. Select your server and add Anonymous to the Default SERVERNAME Receive Connector. While you're there, you can increase receiving message size here too.

And there were parts I did different;

  • I continue to rely on Vamsoft's ORF for the anti-spam. Version 4.3 is fully compatible with Windows Server 2008 and Exchange 2007 and an ease to configure.
  • Since I will continue the same DNS name for OWA and Windows mobile Active Sync, I transferred the Self-signed certificate from the SBS2003 (find it in your IIS, web site, directory security tab) to the new server.

My other bit of downtime was the blog... simply copy from the old server to the new one didn't cut it. So I downloaded the latest release of dasBlog from Codeplex, copied it into the virtual director of new server. Next I had to;

  • Copy my own theme
  • Compare (and adjust) the \SiteConfig files
  • Transfer \Content files and \Logs files
  • Make sure the account running the Application Pool has read on all dasBlog folders and change on \SiteConfig, \Content and \Logs.
  • The Application Pool is running in Classic Managed Pipeline Mode

Guess I can say I didn't plan for the blog to be upgraded... that just had to happen.

Wednesday, June 17, 2009 9:31:05 PM (W. Europe Daylight Time, UTC+02:00)
# Monday, January 14, 2008
 #
 

... or at least didn't feel things were important enough to post, at least that's the excuse for not writing here for well over a month.

In the mean time, beta-season is opened again and I registered for the 71-647. However, I won't go trough the same depth of preparation as I did for the 70-649... I'll just go in and try to make it on my Windows 2003 and 70-649 prep-knowledge ;-).

The other exam I registered for is the 70-445 and I'm planning to take the 70-446 later this year. Just to get myself started for the preparation of this exam, I collected some links to hold on to:

and I'll be using the Microsoft courseware for the courses 2791, 2792, 2793, 2794 and the MCTS Self-Paced Training Kit (Exam 70-445): Microsoft® SQL Server™ 2005 Business Intelligence—Implementation and Maintenance.

That should keep me busy for a while again...

Monday, January 14, 2008 8:49:23 PM (W. Europe Standard Time, UTC+01:00)
# Wednesday, July 11, 2007

Hmm, did this about half a year ago and didn't blog about it... stupid, because now I had to figure it out again. The unfortunate event was the phone on my PDA (T-Mobile MDA Vario II) had a bit of a malfunction. It either didn't connect to the GSM-network or when it did, calls would be disconnected after a couple of minutes. So I called T-Mobile and after having determined the problem was the phone (not the SIM), they collected it for repair. Naturally, I made a backup of my personal stuff and then removed the personal stuff and security settings from the device before it was picked up (hey, I do security training occasionally).

Well today I got my device back... software update, all information gone (but I have a backup)... I just had to restore my stuff and configure network settings and Exchange synchronization again. No problem until: 0x80072FD; indicating the certificate on the Exchange Server (my Small Business Server) was invalid.

The solution is to add my SBS self-signed certificate to the trusted root certificates of the PDA. How?

Well first make sure you environment is set up for synchronization. Not my issue, but it never hurts to check on it. See Petri for the overview.

Now obtain your SBS self-signed certificate, in all cases this will be located on the virtual directory Exchange on your web server. From IIS Manager you can directly export the certificate (without private key) to the required DER encoding. Execute following steps, which are derived from kb841060:

  1. Export the root certificate to a computer that is running Microsoft Windows in DER encoded binary X.509 format with a .cer file name extension.
  2. Create a root-folder Storage on the Windows Mobile device.
  3. Download and extract SmartPhoneAddCert.exe package on your Windows Computer.
  4. Use ActiveSync (Windows XP and earlier), Windows Mobile Device Center (Windows Vista) or the storage card to transfer the DER-encoded certificate and the SPAddCert.exe (from the downloaded package) to the \Storage folder on your Windows Mobile device.
  5. On your Windows Mobile device, start SPAddCert.exe from the \Storage folder. It will give a warning that the application is not verified (or something the likes), ignore the warning and proceed. The application will now show you the certificate you exported, continue by confirming all actions.
  6. Restart your device.
You can check the trusted root certificates under Settings, System, Certificates, Basic (in my case (Dutch) Instellingen, Systeem, Certificaten, Basis). After executing above procedure you should see the SBS-cert here.

I'm not sure if Windows Mobile 5 really required the restart, but that's because before I restarted I received the error 0x85010014 from ActiveSync on my SmartPhone. After restart (still the same error) it turned out to be a connection issue. Due to firewall restrictions I had to use another interface on my multi-homed SBS Server (hey, it's been a couple of months!!).

Next error I encountered from ActiveSync was 0x85020013, but since I had that funny feeling I mistyped my password (big fingers, small keys), that one was quickly resolved.

Device details:

Windows Mobile 5.1.195 (Dutch)

T-Mobile MDA Vario II (device modelnr: HERM300)

Hardware | ReSQueL | SBS
Wednesday, July 11, 2007 4:11:56 PM (W. Europe Daylight Time, UTC+02:00)
# Sunday, July 8, 2007

Just returned from two weeks of relaxing under the Spanish sun and yes, I've had a few jealous remarks on my tan already. But if it would just have been for relaxing, why take a plane? Besides relaxing (beach-time), we've visited some places as well, Santa Pola, Alicante and my favorite Elche (written as Elx in Valencian). Elche is mentioned twice on the official lists of the UNESCO; in 2000 for the Palmeral and 2001 for the Mystery Play.

Just to remind myself of Elx, a few pictures;

Elx: fountain 1

Elx: fountain 2

Elx: garden view 1

Elx: garden view 2

Elx: Valley

Elx: Castle

Technorati tags: ,
Sunday, July 8, 2007 5:39:00 PM (W. Europe Daylight Time, UTC+02:00)
# Monday, June 18, 2007

Earlier I posted about pingback spam and a little tool I created to remove the spamvertised links, today I upgraded the tool from version 1.0.0.0 to version 1.0.0.1. So what's changed;

  • The updated version doesn't leave empty Tracking elements after removing the spamvertied entries. From the dasBlog Eventlog I suspected that too many empty Tracking elements were causing errors in the trackbackList macro.
  • An XML file is only written back if something changed in the file.

Source and executable files have been changed.

--- So how does the tool work? ---

First create a config file

RemoveSpam "C:\My Config Folder\RemoveSpam.xml" /config

Look in your dayfeedback-files for the spamvertised PermaLinks (or you may already know about them if you have Notification Settings enabled for pingback and trackback). It's the PermaLink pattern that matters:

<Tracking>
   <TargetTitle>Today's bad start</TargetTitle>
   <TargetEntryId>70e036a5-ce3f-4fa0-9463-816983848a48</TargetEntryId>
   <RefererTitle>http://9uams-le-informazioni.info/52600366/adempimenti-trasformazione-ditta-individuale.html</RefererTitle>
   <RefererExcerpt />
   <PermaLink>http://9uams-le-informazioni.info/52600366/adempimenti-trasformazione-ditta-individuale.html</PermaLink>
   <RefererBlogName>http://9uams-le-informazioni.info/52600366/adempimenti-trasformazione-ditta-individuale.html</RefererBlogName>
   <TrackingType>Pingback</TrackingType>
</Tracking>
<Tracking>
   <TargetTitle>Today's bad start</TargetTitle>
   <TargetEntryId>70e036a5-ce3f-4fa0-9463-816983848a48</TargetEntryId>
   <RefererTitle>http://9uane-free-porn.info/91478222/weight-and-height-for-celebrities.html</RefererTitle>
   <RefererExcerpt />
   <PermaLink>http://9uane-free-porn.info/91478222/weight-and-height-for-celebrities.html</PermaLink>
   <RefererBlogName>http://9uane-free-porn.info/91478222/weight-and-height-for-celebrities.html</RefererBlogName>
   <TrackingType>Pingback</TrackingType>
</Tracking>

The pattern for the second Tracking entry is already included in the default config file, so you would only have to add the pattern for the first Tracking entry. To do so, you only need to add the following XML-element in the Configs section:

<Config Pattern="*-le-informazioni.info/*" />

With the updated config file, you can now run the tool to clean all XML-files in your content folder.

RemoveSpam "C:\My Config Folder\RemoveSpam.xml" \\MyWebServer\My_dasBlogShare\content

Next is figuring out why Akismet isn't working for me.

Technorati tags: , , ,
Monday, June 18, 2007 11:13:29 AM (W. Europe Daylight Time, UTC+02:00)
# Saturday, June 9, 2007

Recently I had a lot of pingback spam coming into my blog and I can tell you, it's more annoying than in your mailbox (Shift + Del and it's gone again). With dasBlog, it takes a little more effort, either via the admin interface or by deleting the spamvertised tarckings from the dayentry xml files. I even disabled trackback and pingback, temporarily!

Also I searched for solutions to this and came up with a several other affected blogs and akismet.com. With Akismet being the most promising, I tried, but spam kept coming in and Akismet was timing out (currently running dasBlog 1.9.7067.0.).

Error:
The external spam blocking service failed for pingback from http://9qk-information.info/56369818/index.html. Original exception: System.Net.WebException: The operation has timed out at System.Net.HttpWebRequest.GetRequestStream() at Subtext.Akismet.HttpClient.PostRequest(Uri url, String userAgent, Int32 timeout, String formParameters) at Subtext.Akismet.AkismetClient.SubmitComment(IComment comment, Uri url) at Subtext.Akismet.AkismetClient.CheckCommentForSpam(IComment comment) at newtelligence.DasBlog.Web.Core.AkismetSpamBlockingService.IsSpam(IFeedback feedback) at newtelligence.DasBlog.Web.Services.PingbackAPI.ping(String sourceUri, String targetUri)
while processing /ssb/PermaLink,guid,e63313c2-6f4d-434f-8a62-09f82a4b534c.aspx.

Hmm, if someone has some suggestions, I'd be happy to read your comment.

-----

And that was about the spam coming in, I also had a nasty amount already polluting my blog. I could resign, disable *back permanently and clan manually once more... or fire up Visual Studio and write a piece of newbie/n00b code. Well the newbie pulled it off, his first useful C# program. At least, it removed the spammings from my blog.

So if you want to get rid of;

  • http://9??-free-porn.info/*
  • http://9??-information.info/*
  • or whatever disliked pattern of tracking permalinks on your dasBlog.

And you know that you try the followig stuff at your own risk and made a backup of your blog's content folder.

  • Compiled file (console application, run without parameters to see what you have to do to get it working. Then make the config file and if needed, edit it.). Requires .NET Framework 2.0.
  • Source-code (Visual Studio 2005, C#)

Disclaimer: It worked for me (dasBlog 1.9.7067.0.), it may not work for you and you use it at your own risk. However, feel free to comment with question, suggestions or other stuff.

<UPDATE date="2007-06-18">Version 1.0.0.1 released, learn more here</UDPATE>

Technorati tags: , ,
Saturday, June 9, 2007 10:53:34 PM (W. Europe Daylight Time, UTC+02:00)
# Monday, May 14, 2007

Today I upgraded to the latest daily build (1.9.7067.0) for dasBlog. Went quite smooth, just did a compare between the old and new folders using WinMerge, copied the newer files and fire up the blog. Opening the blog (now on 1.9.7067.0) was very slow. A little later, I also experienced errors when hitting the config section. However after reviewing the site.config file, again piece of cake with WinMerge, both the error and the performance issue were gone.

Monday, May 14, 2007 3:06:08 PM (W. Europe Daylight Time, UTC+02:00)
# Friday, May 11, 2007

About 2 months ago I wrote that trackbacks didn't work from dasBlog... but I learned *backs do. But it toke a while to notice, here's what happened. Oh, let's clarify first, *backs are TrackBacks and PingBacks. Essentially you want to achieve the same thing with both, get a link on the (blog)page you reffer to.

I'm running my blog on a Windows Small Business Server 2003 R2, with ISA Server 2004. Also I had the blog configured to automatically ping the available servers using the XML-RPC Ping Interface. When I checked dasBlogs Eventlog after a couple of posts, it was filled with error messages like;

Error:
CookComputing.XmlRpc.XmlRpcServerException: Forbidden ( The ISA Server denied the specified Uniform Resource Locator (URL). )
at CookComputing.XmlRpc.XmlRpcClientProtocol.ReadResponse(XmlRpcRequest req, WebResponse webResp, Stream respStm, Type returnType)
at CookComputing.XmlRpc.XmlRpcClientProtocol.Invoke(Object clientObj, String methodName, Object[] parameters)
at CookComputing.XmlRpc.XmlRpcClientProtocol.Invoke(String MethodName, Object[] Parameters)
at newtelligence.DasBlog.Runtime.Proxies.WeblogUpdatesClientProxy.Ping(String weblogName, String weblogUrl)
at newtelligence.DasBlog.Runtime.BlogDataServiceXml.PingWeblogsWorker(Object argument)
while processing PingWeblogsWorker, pinging Yahoo.

So the configuration of the ISA Server was preventing the IIS Application Pool of reaching out to the world. Well, a little tweaking of the ISA config and the next posts' event resulted in... another error. Only this time the message wasn't saying ISA Server was in denial. The other end just didn't seem listening;

Error:
System.Net.WebException: Unable to connect to the remote server ---> System.Net.Sockets.SocketException: A socket operation was attempted to an unreachable host
at System.Net.Sockets.Socket.DoConnect(EndPoint endPointSnapshot, SocketAddress socketAddress)
at System.Net.Sockets.Socket.InternalConnect(EndPoint remoteEP)
at System.Net.ServicePoint.ConnectSocketInternal(Boolean connectFailure, Socket s4, Socket s6, Socket& socket, IPAddress& address, ConnectSocketState state, IAsyncResult asyncResult, Int32 timeout, Exception& exception)
--- End of inner exception stack trace ---
at System.Net.HttpWebRequest.GetRequestStream()
at CookComputing.XmlRpc.XmlRpcClientProtocol.Invoke(Object clientObj, String methodName, Object[] parameters)
at CookComputing.XmlRpc.XmlRpcClientProtocol.Invoke(String MethodName, Object[] Parameters)
at newtelligence.DasBlog.Runtime.Proxies.WeblogUpdatesClientProxy.Ping(String weblogName, String weblogUrl)
at newtelligence.DasBlog.Runtime.BlogDataServiceXml.PingWeblogsWorker(Object argument)
while processing PingWeblogsWorker, pinging Yahoo.

I also noticed that "normal" url (the ones I linked in my posts) were pinged, with much the same (= NO) result.

Error:
/* As above */
--- End of inner exception stack trace ---
at System.Net.HttpWebRequest.GetResponse()
at newtelligence.DasBlog.Runtime.BlogDataServiceXml.PingbackWorker(Object argument)
while processing PingbackWorker, auto-discovery of:
http://msdn2.microsoft.com/en-us/library/ms175535.aspx.

After that I left it be and didn't worry about TB and PB anymore. However, today I found a refferal in the activity log from lostcausegeek.blogspot.com, so I got curious again. I did nothing besides including a link to one of the posts, turns out something did work after all. Now back to the errors, so far I assume I'm looking at pingbacks (look here for a comparision on the *backs). In the end, it will pretty much come down to the blog service and the blog configuration, wether it works (or not).

Trackbacks, I think, is a different story with dasBlog and/or WindowsLiveWriter.

 

Technorati tags: , ,
dasBlog | ReSQueL | SBS
Friday, May 11, 2007 1:09:51 AM (W. Europe Daylight Time, UTC+02:00)
# Thursday, April 12, 2007

This morning, as I wanted to start working, I noticed my server wasn't working... Outlook couldn't connect to Exchange and the ReSQueL website was down as well. The server still had power, but no response (not even the keyboard LED for NumLock). So a power-cycle was next, well at least half of it, power down worked, power up didn't.

Absolutely nothing happened! Now I must admit, I've been there before with that type of system (not just my own). So I pulled the power cord and left the system for about 10 minutes, then tried again. This time I heard some ticks coming out of the power supply unit. And believe me, ticks from the PSU is not a good sign about the health of the thing.

However, I did have another unused ATX cabinet with PSU, so I tried transferring the internals of the old system to the replacement cabinet. Unfortunately, the TP123 motherboard has an extra power connector for the CPU core voltage. So putting power on the board worked, but (as expected) it didn't boot.

Not wanting to extend the downtime much further, I grabbed the car-keys, drove to Office Centre (cash and carry beats a webshop when you need something NOW!!!) and bought the cheapest config with 1 GB internal memory. Back home, I tested if the system worked. It did. Next I added the old disk and an extra network card and booted the system from the old disk... BOSDed and rebooted right away. But since the config is totally different, that shouldn't be too surprising. So I fetched the Windows Small Business Server 2003 R2 DVD and started the repair installation. Finally some time to sit down and write some... if all is well, this is on the blog (and the blog available) little over 5 hours 6 hours after I noticed the server down... always fun when you don't have the drivers for your new system (only the Vista drivers supplied)... NOT!

Hardware | ReSQueL | SBS
Thursday, April 12, 2007 2:18:32 PM (W. Europe Daylight Time, UTC+02:00)
# Monday, March 5, 2007

Initially I planned using Windows SharePoint Services 3.0 to host my blog and I have been looking into it before, even wrote three posts about WSS 3.0 when I worked for NewLevel (, , ). But as you may notice, this blog is based on dasBlog, not WSS 3.0...

So what happened? First of all, WSS was eating away too many resources from my little server. Second, I knew WSS doesn't accept trackbacks by default, so you either should write your own webparts or find them on the net ( has some blogparts for WSS 2.0). Anyway I needed a good solution for the Windows Platform, no cost (in terms of financial transaction) and with a smaller footprint than WSS 3.0; it's called dasBlog.

Configuring dasBlog was real easy, as was customizing (I'm leaving the two issues I had for a later post). If you know a little about HTML and CSS, you're equipped to do some customization. Like this blog's theme, which is based on the Nautica 2.2. I did the customization, including the graphics (fractal header and torn-off page) in ~ 6 hours time.

Another nice thing about dasBlog... it's recognized by WindowsLiveWriter (my third little problem with WSS 3.0). Unfortunately some features, like sending trackbacks and adding categories don't seem to work.

Monday, March 5, 2007 7:41:40 PM (W. Europe Standard Time, UTC+01:00)
# Sunday, March 4, 2007
ReSQueL

Recently I started my own company; ReSQueL, after several years with Tulip Computers and NewLevel. At NewLevel I wrote for the company’s blog and feel it’s an asset my company should have too.

For a couple of reasons, l kept pushing the creation of the website ahead. The major reason was Internet access and the server, but those two were solved about two weeks back. My ISP provided a modest, but dedicated connection with Terms of Usage allowing me to host services like http(s) and smtp.

After some preparation, it’s time to kick-off the new site and the weblog. What can you expect on this blog?

  • Useful stuff about SQL Server
  • Content for (self-)study and certification for SQL Server
  • Things related to ReSQueL
  • Other stuff I think is useful

Happy reading

Sunday, March 4, 2007 10:27:15 PM (W. Europe Standard Time, UTC+01:00)