The Tech Journal

Multi-site headquarters and branch configuration with SBS 2011

Active Directory, Astaro, E-Mail, Exchange Server, HP, Internet, Microsoft, Security, Small Business Server, Uncategorized, Windows Server 7 Responses »

May 312013

Back in February, I was approached by a company that had multiple offices. They wanted my company to come in and implement a system that allowed them to share information, share files, communicate, use their line of business applications, and be easily manageable.

Just an FYI, I provide Microsoft Small Business Server consulting services, including migrations! For more information, please visit https://www.stephenwagner.com/2020/02/28/microsoft-small-business-server-migration-upgrade/.

The Solution – Microsoft Small Business Server 2011

The first thing that always comes to mind is Microsoft Small Business Server 2011. However, what made this environment interesting is that they had two branch offices in addition to their headquarters all in different cities. One of their branch offices had 8+ users working out of it, and one only had a couple, with their main headquarters having 5+ users.

Usually when administrators think of SBS, they think of a single server (two server with the premium add-on) solution that provides a small business with up to 75 users with a stable, enterprise feature packed, IT infrastructure.

SBS 2011 Includes:

Windows Server 2008 R2 Standard
Exchange Server 2010
Microsoft SharePoint Foundation 2010
Microsoft SQL Server 2008 R2 Express
Windows Server Update Services
(And an additional Server 2008 R2 license with Microsoft SQL Server 2008 R2 Standard if the premium add-on is purchased)

Essentially this is all a small business typically needs, even if they have powerful line of business applications.

Additional Domain Controller on SBS

One misconception about Windows Small Business Server is the limitation of having a single domain controller. IT professionals often think that you cannot have any more domain controllers in an SBS environment. This actually isn’t true. SBS does allow multiple domain controllers, as long as there is a single forest, and not multiple domains. You can have a backup domain controller, and you can have multiple RODCs (Read Only Domain Controller), as long as the primary Active Directory roles stay with the SBS primary domain controller. You can have as many global catalogs as you’d like! As long as you pay for the proper licenses of all the additional servers 🙂

This is where this came in handy. While I’ve known about this for some time, this was the first time I was attempting at putting something like this in to production.

The Plan

The plan was to setup SBS 2011 Premium at the HQ along with a second server at the HQ hosting their SQL, line of business applications, and Remote desktop Services (formerly Terminal Services) applications. Their HQ would be sitting behind an Astaro Security Gateway 220 (Sophos UTM).

The SBS 2011 Premium (2 Servers) setup at the HQ office will provide:

Active Directory services
DHCP and DNS Services
Printing and file services (to the HQ and all branch offices)
Microsoft Exchange
“My Document” and “Desktop” redirection for client computers/users
SQL DB services for LoB’s
Remote Desktop Services (Terminal Services) to push applications out in to the field

The first branch office, will have a Windows Server 2008 R2 server, promoted to a Read Only Domain Controller (RODC), sitting behind an Astaro Security Gateway 110. The Astaro Security Gateway’s would establish a site-to-site branch VPN between the two offices and route the appropriate subnets. At the first branch office, there is issues with connectivity (they’re in the middle of nowhere), so they will have two internet connections with two separate ISPs (1 line of sight long range wireless backhaul, and one simple ADSL connection) which the ASG 110 will provide load balancing and fault tolerance.

The RODC at the first branch office will provide:

Active Directory services for (cached) user logon and authentication
Printing and file services (for both HQ and branch offices)
DHCP and DNS services
“My Documents” and “Desktop” redirection for client computers/users.
WSUS replica server (replicates approvals and updates from WSUS on the SBS server at the main office).
Exchange access (via the VPN connection)

Users at the first branch office will be accessing file shares located both on their local RODC, along with file shares located on the HQ server in Calgary. The main wireless backhaul has more then enough bandwidth to support SMB (Samba) shares over the VPN connection. After testing, it turns out the backup ADSL connection also handles this fairly well for the types of files they will be accessing.

The second branch office, will have an Astaro RED device (Remote Ethernet Device). The Astaro/Sophos RED devices, act as a remote ethernet port for your Astaro Security Gateways. Once configured, it’s as if the ASG at the HQ has an ethernet cable running to the branch office. It’s similar to a VPN, however (I could be wrong) I think it uses EoIP (Ethernet over IP). The second branch doesn’t require a domain controller due to the small number of users. As far as this branch office goes, this is the last we’ll talk about it as there’s no special configuration required for these guys.

The second branch office will have the following services:

DHCP (via the ASG 220 in Calgary)
DNS (via the main HQ SBS server)
File and print services (via the HQ SBS server and other branch server)
“My Document” and “Desktop” redirection (over the WAN via the HQ SBS server)
Exchange access (via the Astaro RED device)

Hardware

For all the servers, we chose HP hardware as always! The main SBS server, along with the RODC were brand new HP Proliant ML350p Gen8s. The second server at the HQ (running the premium add-on) is a re-purposed HP ML110 G7. I always configure iLo on all servers (especially remote servers) just so I can troubleshoot issues in the event of an emergency if the OS is down.

Implemenation

I’ll explain how this was all implemented.

Configure and setup a typical SBS 2011 environment. I’m going to assume you already know how to do this. You’ll need to install the OS. Run through the SBS configuration wizards, enable all the proper firewall rules, configure users, install applicable server applications, etc…
Configure the premium add-on. Install the Remote Desktop Services role (please note that you’ll need to purchase RDS CAL’s as they aren’t included with SBS). You can skip this step if you don’t plan on using RDS or the premium server at the main site.
Configure all the Astaro devices. Configure a Router to Router VPN connection. Create the applicable firewall rules to allow traffic. You probably know this, but make sure both networks have their own subnet and are routing the separate subnets properly.
Install Windows Server 2008 R2 on to the target RODC box (please note, in my case, I had to purchase an additional Server 2008 license since I was already using the premium add-on at the HQ site. (If you purchase the premium add-on, but aren’t using it at your main office, you can use this license at the remote site).
Make sure the VPN is working and the servers can communicate with each other.
Promote the target RODC to a read only domain controller. You can launch the famous dcpromo. Make sure you check the “Read Only domain controller” option when you promote the server.
You now have a working environment.
Join computers using the SBS connect wizard. (DO NOT LOG ON AS THE REMOTE USERS UNTIL YOU READ THIS ENTIRE DOCUMENT)

I did all the above steps at my office and configured the servers before deploying them at the client site.

You essentially have a working basic network. Now to get to the tricky stuff! This tricky stuff is to enable folder redirection at the branch site to their own server (instead of the SBS server), and get them their own WSUS replica server.

Now to the fancy stuff!

1. Installing WSUS on the RODC using the add role feature in Windows Server: You have to remember that RODC’s are exactly what they say! !READ ONLY! (As far as Active directory goes)! Installing WSUS on a RODC will fail off the bat. It will report that access is denied when trying to create certain security groups. You’ll have to manually create these two groups in Active Directory on your primary SBS server to get it to work:

SQLServer2005MSFTEUser$RODCSERVERNAME$Microsoft##SSEE
SQLServer2005MSSQLUser$RODCSERVERNAME$Microsoft##SSEE

Replace RODCSERVERNAME with the computer name of your RODC Server. You’ll actually notice that two similiar groups already exist (with the server name different) for the existing Windows SBS WSUS install, this existing groups are for the main WSUS server. After creating these groups, this will allow it to install. After this is complete, follow through the WSUS configuration wizard to configure it as a replica for your primary SBS WSUS server.

2. One BIG thing to keep in mind is that with RODC’s you need to configure what accounts (both user and computer) are allowed to be “cached”. Cached credentials allow the RODC to authenticate computers and users in the event the primary domain controller is down. If you do not configure this, if the internet goes down, or the primary domain controller isn’t available, no one will be able to log in to their computers or access network resources at the branch site. When you promoted the server to a RODC, two groups were created in Active Directory: Allow RODC Cached Logins, and Deny RODC Cached Logins (I could be wrong on the exact name since I’m going off memory). You can’t just select and add users to these groups, you need to also select and add the computers they use as well since computers have their own “computer account” in Active Directory.

To overcome this, create two security groups under their respective existing groups. One group will be for users of the branch office, the other group will be for computers of the branch office. Make sure to add applicable users and groups as members of the security groups. Now go to the “Allow RODC Cached Logins” group created by the dc promotion, and add those two new security groups to that group. This will allow remote users and remote computers to authenticate using cached security credentials. PLEASE NOTE: DO NOT CACHE YOUR ADMINISTRATIVE ACCOUNT!!! Instead, create a separate administrative account for that remote office and cache that.

3. One of the sweet things about SBS is all the pre-configured Group policy objects that enable the automatic configuration of the WSUS server, folder redirection, and a bunch of other great stuff. You have to keep in mind that off of the above config, if left alone up to this point, the computers in the branch office will use the folder redirection settings and WSUS settings from the main office. Remote users folder redirection (whatever you have selected, in my case My Documents and Desktop redirection) locations will be stored on the main HQ server. If you’re alright with this and not concerned about the size of the user folders, you can leave this. What I needed to do (for reasons of simple disaster recovery purposes) is have the folder re-directions for the branch office users store the redirection on their own local branch server. Also, we need to have the computers connect to the local branch WSUS server as well (we don’t want each computer pulling updates over the VPN connection as this will use up tons of bandwidth). What’s really neat is when users open applications via RemoteApp (over RDS), if they export files to their desktop inside of RemoteApp, it’ll actually be immediately available on their computer desktop since the RDS server is using these GPOs.

To do this, we’ll need to duplicate and modify a couple of the default GPOs, and also create some OU (Organizational Unit) containers inside of Active Directory so we can apply the new GPOs to them.

First, under “SBSComputers” create an OU called “Branch01Comps” (or call it whatever you want). Then under “SBSUsers” create an OU called “Branch01Users”. Now keep in mind you want to have this fully configured before any users log on for the first time. All of this configuration should be done AFTER the computer is joined (using the SBS connect) to the domain and AFTER the users are configured, but BEFORE the user logs in for the first time. Move the branch office computer accounts to the new Branch office computers OU, and move the Branch office user accounts to the Branch office users OU.

Now open up the Group policy Management Management Console. You want to duplicate 2 GPOs: Update Services Common Settings Policy (rename the duplicate to “Branch Update Services Common Settings Policy” or something), and Small Business Server Folder Redirection Policy (rename the duplicate to “Branch Folder Redirection” or something).

Link the new duplicated Update Services policy to the Branch Computers OU we just created, and link the new duplicated folder redirection to the new users policy we just created.

Modify the duplicated server update policy to reflect the address of the new branch WSUS replica server. Computers at the branch office will now pull updates from that server.

As for Folder redirection, it’s a bit tricky. You’ll need to create a share (with full share access to all users), and then set special file permissions on the folder that you shared (info available at http://technet.microsoft.com/en-us/library/cc736916%28v=ws.10%29.aspx). On top of that, you’ll need to find a way to actually create the child users folders under that share/folder in which you created. I did this by going in to active directory, opening each remote user, and setting their profile variable to the file share. When I hit apply this would create a folder with their username with the applicable permissions under that share, after this was done, I would undo that variable setting and the directory created would stay. Repeat this for each remote user at that specific branch office. You’ll also need to do this each time you add a new user if they bring on more staff, you’ll also need to add all new computers and new users to the appropriate OUs, and security groups we’ve created above.

FINALLY you can now go in to the GPO you duplicated for Branch Folder redirection. Modify the GPO to reflect the new storage path for the redirection objects you want (just a matter of changing the server name).

4. Configure Active Directory Sites and Services. You’ll need to go in to Active Directory Sites and Services and configure sites for each subnet you have (you main HQ subnet, branch 1 subent, and branch 2 subnet), and set the applicable domain controller to those sites. In my case, I created 3 sites, and configured the HQ subnet and second branch to authenticate off the main SBS PDC, and configured the first branch (with their own RODC) to authenticate off their own RODC. Essentially, this tells the computers which domain controller they should be authenticating against.

And you’re done!

A few things to remember, whenever adding new users and/or computers to the branch, ALWAYS join using SBS wizard, add computer to the branch OU, add user to the branch OU, create the users master redirection folder using the profile var in the AD user object, and separately add both user and computer accounts as members of the security group we created to cache credentials.

And remember, always always always test your configuration before throwing it out in to production. In my case, I got it running first try without any problems, but I let it run as a test environment for over a month before deploying to production!

We’ve had this environment running for months now and it’s working great. What’s even cooler is how well the Astaro Security Gateway (Sophos UTM) is handling the multiple WAN connections during failures, it’s super slick!

Review: Microsoft Surface Pro

Microsoft, Microsoft Surface, Stephen Wagner 2 Responses »

Feb 222013

I have long awaited the release of the Microsoft Surface Pro since their first initial announcement about entering the tablet market. The first device released: “Surface RT” was a lightweight, thin, powerful tablet that could run Metro apps, along with Microsoft Office and had a battery life of continuous use around 10 hours. The second device released: “Surface Pro” was a new device that didn’t fall under either distinction of a Tablet or Laptop but could be used as either, that was a powerful portable computer that could run all your applications, along with the Metro apps, be easily transported, used anywhere, and had a decent battery life (~4 hours of heavy use, I’ve gotten over 8 hours of battery use).

Being an I.T. professional, I figured I would wait for the Surface Pro to be released since I believed I’d mostly be using normal Windows applications over the “Metro” style apps. I’ve been running Windows 8 on my desktop since Microsoft made it available to partners mid way through 2012. During that time, once I tried to configure and use the Metro apps, but using them with non-touch interface was weird enough for me not to end up using any. I usually stay on the desktop, and when needed to launch a program I simply hit the start button, type the first few letters of the program, hit enter, and it launches.

First off I want to start off addressing Windows 8 being used as a tablet interface. It’s slick! Since receiving my Surface Pro, even after installing Microsoft Outlook and other desktop applications I regularly use, I found that over time, I never even go in to the desktop. Using the Metro interface with touch capabilities is simply brilliant. It’s very easy to use, navigate, configure, and surprisingly enough I find that 98% of everything I do can be accomplished via Metro style applications. I don’t even go in to Microsoft Outlook anymore since I have my Exchange account configured with the Mail Metro app. Occasionally I might use Outlook, but it’s only to do advanced tasks such as deal with Meeting requests that I need to add info, or dealing with numerous attachments, etc… The Windows 8 touch interface is beautiful and resembles Windows Phone to the tee.

Briefly visiting the desktop aspect, the desktop is your familiar Windows desktop, with the modification of no start menu since it’s running Windows 8. On the Surface Pro you can install any Windows Application, and they run great. This device has the power to run most graphic intensive games, drawing applications, and anything else you can throw at it. It works great and I have no complaints. One thing to note is that Microsoft implemented scaling since the display is a true 1080p display, and with such a small screen the writing wouldn’t be visible for those with bad eyes. I so far have not had any issues with the scaling, and applications look great.

Now going back to the Metro style interface, there are numerous apps available. Use of the Mail, People, Calendar, Internet Explorer, etc.. all work great. I use these all the time and haven’t had any issues. They are perfect for working with you exchange account, browsing the internet, talking with Facebook friends, tweeting on twitter, browsing internet forums, etc… Again, everything works great, no problems whatsoever, and you can accomplish plenty using these.

A few apps to mention, Xbox Music is fantastic. I’ve been using my Zune pass since I purchased my first Windows Phone 7 (Nokia Lumia 900), and have been creating playlists, downloading music on the fly, and absolutely love it. I also use it all the time on my desktop computer as well. When first playing with my new Surface, it was very easy to configure my xbox music pass, and it actually sync’ed all my music from my other devices to my new Surface once I enabled the feature. It’s fantastic, and now I often find myself listening to music whenever working wherever I am in my house, or on weekends when I’m doing work/implementations at clients offices. It’s super slick!

Another app that has come in handy for me, being an IT professional, is the Remote Desktop app. Whenever rolling out updates to clients, or working on my own servers, it’s awesome being able to establish numerous RDP sessions, and switch between them on the fly. It’s just that simple… It’s actually faster to use the Metro style Remote Desktop app, then it is to use the native Windows application.

The amount of apps I use is actually endless, so it’s pointless going in to detail for each and every one of them. The native Windows 8 metro apps are just awesome. One other app I actually do have to mention that is a particular favorite of mine is “Package Tracker”. I regularly sell, ship, and send items to/from clients, and it’s great being able to track all the packages in a simple to use interface. What’s even slicker, is having Package Tracker linked to my SkyDrive account, so packages I’m tracking will be sync’ed between my Surface Pro, and my Lumia 900 Windows Phone.

Now on to actual physical characteristic of the Surface Pro. The device is thin (thinner then I’d expect for a fully working high performance computer), and it’s built using great materials. It feels great in the hand, and the use of the kickstand is great! They have two separate types of keyboards/covers for both Surface models. I’m using the Touch keyboard and love it, it takes advantage of pressure applied to the keys of a pad with printed letters on it, also has a fully working track-pad. The other option available is the Type keyboard, which actually has mechanical keys on it, for those of you who prefer that. I haven’t seen or played with a Type cover, but the Touch cover is great for typing, using as a screen protector when mobile, and when flipping it backward the keys are disabled so you can’t accidently trigger any of the buttons (and in the 2 weeks I’ve had mine, it’s been working flawlessly).

The Surface pro also comes with a pen that you can use for marking up documents, taking notes (really cool to use in Microsoft OneNote), and also as a mouse when you want something more accurate then lets say your finger. Now Microsoft really shined with implementing this, you can actually rest your hand on the screen while writing with the pen, and since the Surface Pro recognizes the pen is near/present, it will disable any touch input from your hand. I tried as hard as I could to mess it up, but again flawless every time. The pen also has a magnet mounted on the side so it actually attaches to the tablet when mobile. At first I thought it would fall off easily when moving around, getting in/out of the car, etc… But it’s been rock solid and I haven’t had any accidents where it’s come off except when I actually want to remove it and use it.

As for some other random hardware notes, the surface comes equipped with a USB 3.0 port, and a Mini Display-port. I’ve used the display port to play movies from the Surface to my 1080p television and it was slick. Quality was amazing.

One major contribution that the Surface has given me, is the capabilities to work during meetings, have information readily available, and take notes. The device is so small, that when you meet with someone, and use it to take notes or reference material, that it’s not obtrusive if setup between you and the person you’re meeting with. Normally I have “Internet Sharing” setup on my Windows Phone, connect to my corporate VPN and I can access documents on the fly, generate invoices from QuickBooks, prepare quotes on the fly, and pretty much have access to any information, when I need it. I can’t tell you how amazing it is, to have all this information at your fingertips in such a nice little package.

Now to one of the biggest conclusions I’ve come to since using the Surface Pro, after realizing I use mostly Metro style apps, I could have actually gotten away with using a Surface RT instead. 90% of the day to day work I do could be done on the Surface RT. I actually plan on purchasing a Surface RT soon, and use the RT for day-to-day meetings, web surfing, music, web browsing, etc… And then use my Surface Pro for when I require a full computer, implementations, work at clients offices, when I require the use of Windows Desktop applications.

Overall I’m very impressed with this device, it’s slick, beautiful, and has increased my productivity. Perfect for everyday business or everyday personal use. I’ve demo’d the device to numerous clients (over 10) and they all love it and plan on purchasing one when stock is available.

Now as for my only complaint: The Surface Pro does not have LTE capabilities. This is somewhat of an annoyance since I regularly connect to my corporate VPN for network resource. Although it’s an annoyance, you can easily work around it by either using a LTE USB data card, or using “Internet Sharing” on your Windows Phone.

Issues with an HP MSL2024 Tape Library with 1 Ultrium LTO-6 6250 SAS Tape Drive attached to a P800 Controller

Backup, HP, Tape 3 Responses »

Feb 202013

Recently it was time to refresh a client’s disaster recovery solution. We were getting ready to release our dependance on our 5 year old HP MSL2024 with an LTO-4 tape drive, and implement a new HP MSL2024 library with a SAS LTO-6 tape drive. We need to use tape since the size of the backup requirements for a full back up are over 6TB.

The server that is connected to all this equipment is an HP Proliant DL360 G6 with a HP Smart Array P800 Controller. The P800 already has an HP StorageWorks MSA60 unit attached to it with 12 drive

Documentation for the P800 mentioned tape drive support. While I know that the P800 is only capable of 3Gb/sec, this is more that enough and chances are the hard drive will be maxed out reading anyways.

Anyways, client approved purchase, brought in the hardware and installed it. First we had to install Backup Exec 2012 (since only the 2012 SP1a HCL specifies support for LTO-6), which was messy but we did it. Then we re-configured all of our backup jobs, since the old jobs were migrated horribly.

When trying to run our first backup, the backup failed. I tried again numerous times, only to get these errors:

Storage device “HP 07” reported an error on a request to rewind the media.
Final error: 0xe00084f0 – The device timed out.
Storage device “HP 07” reported an error on a request to write data to media.
Storage device “HP 6” reported an error on a request to write data to media.
PvlDrive::DisableAccess() – ReserveDevice failed, offline device
ERROR = 0x0000001F (ERROR_GEN_FAILURE)

Also, every time the backup would fail, the Library and the Tape drive would disappear from the computers “Device Manager”. Essentially the device would lose it’s connection. Even when logging in to the HP MSL2024 web interface, it would state the SAS port is disconnected after a backup job would fail. To resolve this, you’d have to restart the library and restart the Backup Exec services. One interesting thing, when this occurred, my companies monitoring and management software would report a RAID failure had occured at the customers site, until the MSL was restarted (this was kinda cool).

I immediately called HP support. They mentioned the library had a firmware up 5.80 and asked to try to update. We did and it failed since the firmware file didn’t match it’s checksum, I was told that this is not important as 5.90 doesn’t contain any major changes. We continued to spend 6 hours on the phone trying to disable insight agents, check drivers, etc… Finally he decided to replace the tape drive.

Since LTO-6 is brand new technology, even with a 4 hour response contract, it took HP around 2 weeks to replace the drive since none were in Canada. During this time, I called two other separate times. The second tech told me that at the moment, no HP controllers support the HP LTO-6 tape drives (you’re kidding me right?), and the 3rd said he couldn’t provide me any information as there’s nothing in the documentation that specifies what controllers were compatible. All 3 tech’s mentioned that having the P800 controller in the server host both the MSA60 and the MSL2024 is probably causing the issues.

We received the new tape drive, tested, and the backups failed. I sent the drive back (which was a repaired unit, and kept the original brand new one). After this I tried numerous things, google’d for days. Finally I was just about to quote the client a new controller card, when I finally decided to give HP another call.

On this call, he escalated the issue to engineers. Later that night I received an e-mail stating that library firmware 5.90 is required for support for the LTO-6 tape drives. I was shocked, angry, etc… It turns out that library firmware 5.80 was “Recalled” due to major issues a while back.

Since LTT couldn’t load the firmware, I just downloaded it manually and flashed it via the MSL 2024 web interface. After this restarted the Backup Exec services, performed an inventory, and did a minor backup (around 130GB). Keep in mind that when the backups originally failed, it didn’t matter the size, the backup would simply fail just before it completed.

The backup completed! Later on that night I ran a full complete backup of 5TB (2 servers and 2 MSA60s) and it completely 100% successfully. Even with the MSA60 under extreme load maxing out the drives, this did not in any way impede performance of the LTO-6 tape drive/library.

So please, if you’re having this issue consider the following:

1. Tape library must be at firmware version 5.90 to support LTO-6 Tape drives. Always always always make sure you have the latest firmware.

2. I have a working configuration of a P800 controlling both an HP MSA60, and a HP MSL 2024 backup library and it’s working 100%

3. Make sure you have Backup Exec 2012 SP1a installed as it’s required for LTO-6 compatibility (make sure you read about the major changes upgrading to 2012 first, I can’t stress this enough!!!)

I hope this helps some of you out there as this was consuming my life for numerous weeks.

MSA60 during rebuild: “Surface analysis has repaired an inconsistent stripe on logical drive 1 connected to array controller P800 located in server slot 2. This repair was conducted by updating the parity data to match the data drive contents.”

HP, Storage 2 Responses »

Nov 222012

Just something I wanted to share in case anyone else ran in to this issue…

At a specific client we have 2 X MSA60 units attached via Smart Array P800 controllers to 2 X DL360 G6 servers. These combo of server, controller, and storage units were purchased just after they were originally released from HP.

I’m writing about a specific condition in which after a drive fails in RAID 5, during rebuild, numerous (and I mean over 70,000) event log entries in the event viewer state: “Surface analysis has repaired an inconsistent stripe on logical drive 1 connected to array controller P800 located in server slot 2. This repair was conducted by updating the parity data to match the data drive contents.”

One one of these arrays, shortly after a successful rebuild while the event viewer was spitting these errors out, had another drive fail. At this point the RAID array went offline, and the entire RAID array and all it’s contents were unrecoverable. Keep in mind this occurred after the rebuild, while a surface scan was in progress. In this specific case we rebuilt the array, restored from backup and all was good. After mentioning this to HP support techs, they said it was safe to ignore these messages as they were fine and informational (I didn’t feel this was the case). After creating the new RAID array on this specific unit, we never saw these messages on that unit again.

On the other MSA60 unit however, we regularly received these messages (we always keep the firmware of the MSA60 unit, and the P800 controller up to date). Again numerous times asked HP support and they said we could safely ignore these. Recently, during a power outage, the P800 controller flagged it’s cache batteries as failed, at the same time a drive failed and we were yet again presented with these errors after the rebuild. After getting the drive replaced, I contacted HP again, and finally insisted that they investigate this issue regarding the event log errors. This specific time, new errors about parity were presenting themselves in the event viewer.

After being put on hold for some time, they came back and mentioned that these errors are probably caused because the RAID array was created with a very early firmware version. They recommended to delete the logical array, and re-create it with the latest firmware to avoid any data loss. I specifically asked if there was a chance that the array could fail due to these errors, and the fact it was created with an early firmware version, and they confirmed it. I went ahead, created backups, deleted the array and re-created it, restored the back and the errors are no longer present.

I just wanted to create this blog post, as I see numerous people are searching for the meaning of these errors, and wanted to shed some light and maybe help a few of you out, to help you avoid any future catastrophic problems!

The Microsoft Surface, and why I didn’t purchase one.

Microsoft, Microsoft Surface No Responses »

Oct 282012

I remember months ago when I was so excited to hear that Microsoft would be releasing their own tablet. I swore I would be one of the first people to get their hands on these devices… Unfortunately, things didn’t work out the way I thought.

Since refined details were published regarding the specifications and capabilities in the time since, I’ve changed my mind, sadly.

While the device is still a “rock-star” device, with the capabilities it does have, I’m not so sure it’s designed for the professional. With that being said, there is a “pro” version coming out, however it will be slightly larger, slightly heavier, and will be running on the x86 architecture, instead of the lightweight, battery saving ARM architecture.

It’s in my opinion that they should have allowed the Windows RT release to be “upgraded” to a domain join-able version, that supports GPO, etc…

Few reasons why I decided NOT to purchase the Microsoft Surface

1) Lack of LTE / cell modem capabilities – I envisioned myself having access to the internet wherever I went. I wanted to have the ability to edit Microsoft Word or other Office suite application files seamlessly live over VPN. This way I could go to meetings, take notes, and have them stored directly on my servers back at the office. Not only does lack of LTE stop this from happening, but it also stops me from having the ability to read/write e-mails on the go wherever I am. I want to get e-mails instantly like I do on my phone, I don’t want to have to wait for a WiFi hotspot to become available.

2) Lack of domain capabilities – It would have been nice to be able to join it to the domain for single-sign on, and access to network resources.

3) Lack of retail locations in Canada – I remember seeing something that they had a Microsoft Store in Edmonton, I tweeted the Microsoft Store twitter account and asked if they are planning on opening a location in Calgary. They replied and said they have one in Edmonton. I’m not willing to drive 350 kilometers to just play with a device to see if I want to purchase one, then drive the 350 kilometers back (possibly without the device if I chose not to purchase it).

4) No clear explanation on application support – While there is a Windows Store that has applications for the Metro style interface, there is a lack of information on actual windows application support for building applications on the ARM architecture for Windows RT. It would be awesome if people could start building windows applications for the ARM architecture, but from what I have read that isn’t the case.

It’s unfortunate that there are these shortcomings. I would have loved to flash this device in the face of iPad lovers. However since I won’t be able to SSH using Putty compiled for ARM, and since I won’t have access to e-mail wherever I am, and won’t have access to any of my office documents on my servers wherever I am, I don’t think I’ll be pulling the trigger anytime soon.

Some other companies are manufacturing Windows RT tablets with built in LTE capabilities, however I much prefer to have it built in to the beautiful engineered Microsoft Surface.

Older Entries Newer Entries