Lukas Beeler’s IT Blog

HP’s LaserJet 4250 is a b/w workgroup printer. As such, it is as unspectacular as it can get for a printer.

We’ve primarely used Lexmark err IBM printers before, like the InfoPrint 1532. The first and most important difference between the IBM and the HP printers is the tray numbering - HP usually counts the multipurpose tray as “Tray 1″, while IBM counts the first real tray as “Tray 1″. This is especially important for users which are not accustomed to this. In fact, i still prefer the naming scheme IBM/Lexmark used here, it just so much more intuitive. One of the reasons for moving away from the IBM printers are the slightly higher cost, but also the exorbitant delivery times (a normal IP1532 can take up to a month, while Also usually has all HP printers on stock and can ship overnight).

In a System i environment, it’s important to note that HP offers their own IPDS modules for these printers, though these didn’t work as expected. We usually ship our HP printers with an ExcelliPrint license, which can be used even after we’ve replaced a printer with a newer model, thus lowering costs for our customers and still having a high quality IPDS interface from our System i. I’ve written aboute ExcelliPrint before, especially what needs to be done when using OCR-B with ExcelliPrint and HP printers without a builtin OCR-B font.

In a Windows environment, the HP LaserJet ships with rather well done Windows drivers, which is quite the norm for HP’s business printers, and no-frills printer drivers are even starting to appear for some DeskJet printers. One of the features i like most about the HP windows driver is that it allows you to predefine some paper settings on the server, name them however you want, and have them automatically published to all clients. This gives you the possibility to save your office workers time and reduce errors when you’re using some standard settings to print certain documents.

i5/OS is often touted as one of the more secure operating systems, through it’s very rigid abstraction of everything into objects. I’m not a security expert, and i don’t claim to be one, but in many i5/OS or OS/400 deployments, beginner mistakes are made by the gallon.

A few basic things first: QSECURITY should be at level 40, and all users should have normal user profiles, without special permissions. Even if you are an admin or a developer, if you need *ALLOBJ or similar permissions, you should use a second user account for that.

QPWDLVL should be at value 3 - supporting long, secure and case sensitive passwords. Of course you’ll need to set all the other QPW* system values to enforce secure passwords.

But one thing most often overlooked is the encryption of 5250 connections to the system itself. Many, many companies do not use SSL to encrypt their 5250 sessions, leaving plain ASCII err EBCDIC visible over the network. This makes it particularly easy to hijack sessions and passwords, even those of very important users like QSECOFR.

Note that security wise, a System i without SSL encrypted FTP and Telnet is wide open, even worse than an unpatched Windows machine. It really boggles the mind if you ask yourself why IBM hasn’t made this a standard yet on new OS installs.

Using DCM you should secure Telnet and FTP with SSL. You’ll also need to configure iSeries Access appropriately to use the SSL encryption.

Make sure to configure both the Telnet and FTP server to accept SSL sessions only, using CHGTELNA ALWSSL(*ONLY). This will make sure that only secure connections to your system can be established.

If you’re looking for SSL enabled 5250/FTP clients, i can recommend TN5250, Filezilla (GUI), SSLFTP (CLI). All of them are free.

IBM Exam 000-074 is part of IBM’s Certified Systems Expert certification program. As with the similar HP0-055, the focus was a bit different than your usual Microsoft exams.

When first looking at the specs for this exams, i found the required passing score to be very low: 59%. HP’s exam had a passing score of 71%. As such, i expected a very difficult the exam, but that wasn’t the case.

This exam focused on three points:

• Normal, hardware neutral Windows/Networking Knowledge
• IBM Director Knowledge
• IBM System x hardware knowledge (especially of bigger products like the System x3850)

I’ve passed this exam with an okay score, but was guessing at almost all the IBM Director and the System x hardware knowledge. The problem here is that neither IBM Director nor 4 socket machines are being used in the small businesses i work for. The fact that i still passed shows that good guessing can give you lots of points, because the answers are sometimes rather obvious.

There was also a good deal of normal Windows Knowledge required, and several very very basic Networking questions, which could probably be answered by your average gamer kid. If you already hold an MCSE/MCSA on Windows Server 2003, you might be able to pass this exam without having touched an IBM server before.

Even though this may sound bad, i though the exam in it’s whole made a lot of sense. Most questions where detailed, and the answers where short an concise. Again, for several questions you had to know what the limitiations of a given IBM hardware platforms are. I still don’t really like this, because i don’t deal with every piece of System x hardware IBM has to offer (even though i’d like to know, that’s currently not the case).

As expected, there were many performance tuning questions which were usually answerable with general IT knowledge. You’ll just need to know which system performance values indicate what kind of performance bottleneck.

I think i have already said enough.

Layer One still has massive power outages, one after the other. The last one wasn’t even two weeks ago. As unprofessional as it can get.

Update: 13.08.2007, 06:41

Just after writing the above post, at 12.08.2007 around ~2210, die power went down again at ~2215. When i first tried to contact the Layer One 24/7 service, i reached just a voicemail box. About an hour later, i was able to contact a technician which was enroute to the housing center, but didn’t know more than that there was total power failure.

At around 00:00, the problem still wasn’t solved, so i decided to go to bed. According to Nagios logs, the systems came back up at around 02:30, but only half of them, the second power circuit was still down.

After waking today at 06:00, i called Layer One 24/7 service again, and told them that our second power circuit was still down. The situation was soon rectified, so as of 06:41, all our machines are back up. The problem appears to be still the same as the one that cased all the other power failures - a broken UPS that has not been replaced since the first incident, despite promises indicating that this would be the case.

Currently, the servers are connected directly to the power line. Assuming the professionality of the rest of this orginization, a bypass was probably not employed, so switching back to UPS power would require a shutdown of all machines.

HP0-055 is the basic exam needed for the HP AIS certification. Together with some vendor exams (Like Microsoft’s 70-290, 70-291) you can already earn this basic HP Systems Integration certification.

HP0-055 is a normal test center exam. Priced at 163 CHF, it’s about a quarter cheaper than Microsoft’s exams (priced at 215 CHF).

If you’ve only done Microsoft exams before (like me), prepare yourself for a massive change of pace and question style. I had 88 questions and 2 hours to finish my exam. Less time and more questions than Microsoft. The question however are in a completely different format: There are usually only one or two lines of text, and the answers are even simpler. It’s quite possible to answer a question within less than 30 seconds.

HP offers Official Study Guide and Desk Reference, which i found utterly worthless, mostly because it reiterated facts i’ve known since several years (but might appeal to newcomers, like detailed explanations of raid levels, etc.).

The problem was that much of the exam didn’t really focus on the server itself, but instead on available service packages from HP, and the tools that HP offers for it’s customers. The latter aren’t covered in the before mentioned book, and i didn’t want to deal with most of them on productive servers after my experiences with IBM’s and DELL’s vendor tools.

Another part i found really annoying was that you were offered a problem, and then products to solve them. The products weren’t described, just their model. This can get quite annoying because i frankly don’t know every storage array, raid controller, server that HP has to offer without glancing at a web site.

I passed the exam barely, but i’m still disappointed with it’s quality. I think HP should put more emphasis on the hardware, and move away from questions that honor memorizing product names.

IT certifications usually serve two purposes: A point on your resume or partner programs. HP has a partner program, so they have certifications.

As such, it didn’t take to long until i had to deal with HP certifications. While there are many useful resources on the web regarding Microsoft’s certifications, this isn’t really true for HP certifications.

HP’s certification program offers much more sales certifications than Microsoft - IBM does this too. It’s important to know that the steps to your first exams are radically different from Microsoft’s approach.

The first step is to register for your own HP Student ID. You will need this to register with Prometric.

Now, HP offers two types of exams: Web based (Prefix HP2-) and normal test center based ones (Prefix HP0-). Web based exams are only available for unimportant err sales certifications and some device service certifications.

The list of available certifications is long, and in my opinion pretty irritating. There’s a “HP Certified Systems Engineer”, which is a HP-UX certification, and “HP Accredited Systems Engineer” which is a Systems Integration (read: Windows and Red Hat Linux) certification.

It’s important to know that if you want to go down the Systems Integration path, most of your already earned Microsoft credentials can apply to your HP certification path. This PDF contains all the information you need. The HP AIS certification requires a single HP exam (HP0-055, about which i’ll write tomorrow). HP’s exams are a bit less expensive than Microsoft’s exams, but they usually contain far more questions than Microsoft’s (HP: ~80, Microsoft: ~50).

Another important thing are web based exams. These are very inexpensive (25 US$), and can be done 24/7. They’re usually for sales and service certifications, contain about 50 questions and you have around 1.5 hours of time. The sales certification questions are unbelievably stupid, but not necessarely easy. You can of course use the internet to answer to questions (yes, that’s allowed). But it’s much funnier trying to get such an exam done in less than 20 minutes (which is easily possible).

In general, HP’s certifications aren’t bad - i like that most of your Microsoft certificates already apply, that the sales certifications can be done online (IBM does not offer that and Microsoft doesn’t offer sales certifications), but their web interface is awfully slow. I didn’t like their exams as much as Microsoft’s, but more about that tomorrow.

Source: MSExchangeSA
Event ID: 9188

Microsoft Exchange System Attendant failed to read the membership of group ‘cn=Exchange Domain Servers,cn=Users,dc=your domain’. Error code ‘80072030′.

Please check whether the local computer is a member of the group. If it is not, stop all the Microsoft Exchange services, add the local computer into the group manually and restart all the services.

This error message sounds very serious, but it is entirely possible that the situation is not as grave as it sounds.

If you encountered this error message, you should first read all the hints over at EventID.Net. This shows the most common causes for this problem in bigger environments.

I’ve encountered this error message in smaller environments if specific factors were true: DC and Exchange were on seperate servers, and the Exchange wasn’t a DC (which is correct). However, there is only one DC on the network. In this case, the error message above might appear immediately after you restarted the first DC.

This seems to be a minor problem in Exchange which doesn’t fully recognize that the DC is back up. Restarting the Microsoft Exchange System Attendant service will solve the problem. This is not really a full solution to the problem, as you have to restart the System Attendant service everytime you restart the only domain controller.

The right way to fix this is to install a second domain controller. If you can’t do that, scripting the System Attendant restart makes sense - my approach would be srvany.exe and a plain cmd script. I didn’t write such a script yet, and i don’t really intend to do. Just buy a second DC.

in the i5/OS Program Conversion: Getting ready for i5/OS V6R1 redbook there is mention of several PTFs for enabling the ANZOBJCVN that is necessary to estimate conversion time when upgrading to V6R1.

The version of the draft available since today also includes the necessary PTF numbers for Systems with a language feature code other than #2924. The V5R4 PTF for the language feature #2939 is SI26524.

However, this PTF is not available yet, you can’t order it through SNDPTFORD or the System i Fix Central.

PTF 5722SS1-SI26524 V5R4M0 nicht elektronisch verfügbar.

So far, so good. I’ve opened a software call on when this PTF will be available, the only response i’ve gotten is that it will be available “soon”. So if you’re looking to the ANZOBJCVN and you’re not running #2924, you’ll have to wait until it gets released “soon”.

Right after i got my new iPAQ 510 Voice Messenger, our chief sales was looking for a new mobile phone (mostly because there was no longer a sync software for the Sony P910 under Windows Vista). As i’m fine with any mobile phone as long as it is running Windows Mobile 6, as these offer superior synchronization to Exchange using Exchange ActiveSync. Even Push-Email is supported since WM5+MSFP using Microsoft’s DirectPush.

In the end, the choice fell on the HTC TOUCH. It runs Windows Mobile 6 Professional (aka “PDA Phone Edition”), this means it uses the PDA UI, not the SmartPhone UI.

The packaging provided by HTC was very nice, in a sleek black box that comes with everything you need. A USB cable with the usual mini-USB connector (no idea on how this thing is really called), stereo headphones, a 1GB Mini-SD card and a USB charger cable.

Again, setting up the device was a breeze, it automatically configured the necessary GPRS settings. After downloading our self-signed certificate and installing it, the Phone already synced against the Exchange server. No need to plug it into any computer. (Many WM5 modems back in the days required a variety of registry hacks in order to import new trusted certificates - it’s very good to see that this has changed).

I’ve also installed version of Windows Mobile Device Center on the laptop, in order to sync files and notes (You can’t sync Outlook notes over the air, i’d like to see the design decision behind this one). WMDC works fine and integrates completely into the OS. While the ActiveSync desktop software under Windows XP was mostly troublefree when used with Exchange ActiveSync, the WMDC software works even better.

Back to the device itself. The HTC Touch is often touted as an iPhone competitor, but it’s not. They play in whole different areas. The iPhone is a consumer device - it does not offer Enterprise Messaging features like a Blackberry Connectivity Software or Exchange Active Sync. The HTC Touch is meant for professionals which need the ability to synchronize with an enterprise messaging system over-the-air, including contacts, calender, etc.

The HTC Touch has a 2.8″ 320×240 screen. The resolution is acceptable, but i would’ve preferred 640×480 pixels at the same screen size. (I really liked the 2″ 240×320 screen on my HTC MTeoR). The device is much, much smaller than it appears on photos. It’s also much thinner - in fact, it’s the first Windows Mobile device that doesn’t look like a Windows Mobile device (which can usually be described as “bulky”. As such, i think the HTC Touch is very important for the Windows Mobile marketplace.

The Touch has an alternative shell called TouchFLO - it’s a homescreen replacement with support for a few gestures, a program launcher, and a music player. The TouchFLO functionality is nice to use, but it is not a full Windows Mobile touchscreen conversion. As such, the functionality is very, very limited. There’s a standard pen located in the phone’s corner, like with every other PDA. You’ll need this to use much of the functionality. You can place calls with just the touchscreen alone, and the touchscreen seems to implemented very well. It even works beyond the edges of integrated 320×240 screen, which makes using your finger to point at things on the side much, much easier.

There’s an included ZIP-Software and Adobe Reader LE is preinstalled, and there is not much “vendor crap” as i’ve seen on operator branded HTC devices. As such, i see little reason not to recommend this device - the build is very nice, the screen and other hardware components also work as they should. They only points that could be criticized are the screen resolution (which is “normal PDA” resolution instead of “hires PDA”), and the missing UMTS support which only plays a role when surfing the Web or connecting to the Web with a laptop. For EAS purposes, EDGE is enough.

In my opinion, the HTC TOUCH is a very cool Windows Mobile 6 device, thats shows a lot of the progress needed in this sector. Together with the Motorola Q9h (Review from a co-worker), i would vote these two to be the two best available Windows Mobile 6 devices on the market. The TOUCH is better if you want a full fledged PDA with a touchscreen, while the Q9h is a true Smartphone with a full keyboard.

Layer One had another power outage this night, at around ~03:00.

Again, i have no idea why, and there is no information from Layer One available yet, but we can rest assured that they will state some nonsense again. As things are right now, i can only recommend against choosing Layer One for your colocation needs. They’re obviously unable to ensure even basic things like power delivery, which is a lot worse at Layer One than it is here, at home, without an UPS, directly on the power grid.