Lukas Beeler’s IT Blog

Debugging Wireless LAN has always been a rather difficult item. And it was even more difficult on Windows, because you didn’t see many things that other operating systems showed you at point blank range.

But Microsoft has a commandline tool available that many people do not know about, but might make your life a lot easier if you do.

netsh wlan show networks mode="bssid" interface="Drahtlosnetzwerkverbindung"

You’ll have to replace “Drahtlosnetzwerkverbindung” with the name of your wireless adapter. Here’s a snippet of example output:

SSID 1 : dataline
Netzwerktyp : Infrastruktur
Authentifizierung : WPA-Enterprise
Verschlüsselung : TKIP
BSSID 1 : 00:19:07:90:91:00
Signal : 100%
Funktyp : 802.11a
Kanal : 116
Basisraten (MBit/s) : 6 12 24
Andere Raten (MBit/s) : 9 18 36 48 54

Nice and detailled, isn’t it? Much better than the GUI. I would strongly recommend any Windows admin to read up on netsh. It offers many possibilities and debugging option, yet this tool isn’t as well understood as it should be.

The Microsoft Performance team published a new great article about the Vista eventviewer and saved logs.

With Windows Server 2008 at the door, this is interesting. I would also strongly suggest to read all other articles in the Askperf blog - while updates are rather sparse, the content is extremely interesting and well written.

Branding sucks.

McAfee formerly used the name “Network Associates”. So many of it’s files were positioned in %ProgramFiles%\Network Associates and %AllUsersProfile%\Network Associates.

At some time, McAfee started to rebrand it’s program path. Program upgrades do not change the path, but new installations do. This means that you’ll have a nice mixup of paths if you have machines installed from different sources. The new pathnames use McAfee instead of Network Associates.

IBM has the same problems - they currently have suite of programs called “iSeries Access”, which gets installed to %ProgramFiles%\IBM\Client Access (which is the former name of the suite). But as the program should be called “System i Access” by now (or “i5/OS Access”), and the next rebranding will probably be coming up.

I’ve been using OpenVPN for a few years on Linux to establish site to site VPNs. It has never let me down, and i was always able to get the configuration working in the way I wanted it, without much effort and fiddling. Another nice ability of OpenVPN is that it can work it’s way through almost any firewall, which can be especially nice when working with restricted internet access.

A few days ago, i’ve got into a situation where I needed to get to a site to site VPN up as quickly as possible, behind a restrictive firewall. I’ve started with the obvious route, and found a few resources referring to OpenVPN on the net.

One of them is the OpenVPN GUI, which is mostly aimed at roadwarrior scenarios. The Windows installation notes and the Windows section in the howto are quite sparse. As such, my expectations weren’t high.

Installing OpenVPN results in the creation of a virtual ethernet adapter, that’s backed by the TAP driver (which is not signed). The install went fine, and configuration was the same as on Linux.

The Windows installer automatically installs as service that defaults to a disabled state, which when started launches OpenVPN for all *.ovpn files in %ProgramFiles%\OpenVPN\config. Simple, but efficient. Logs get written to %ProgramFiles%\OpenVPN\log.

After creating an appropriate configuration, i put it into the config dir, started the service, and everything just worked. Right out of the box. Without thinkering. Without error messages. It just worked.

As such, the application clearly shows it’s Linux/Unix origin, but it works nicely. Windows administrators that have never worked with a unix-like operating system might be put off by the application. I would still suggest everyone to take a look at OpenVPN for some low cost VPN improvisations.

We’ve just received a new System x3200, to serve as an infrastructure hub for our POS software at a Small Business customer. Unlike all other machines i’ve talked about before (HP DL320 G5, System x3650 vs. HP DL380 G5, System x3250, System x3650), this machine is a tower model. With IT moving more and more towards a professional service subset, tower machines are getting less and less common, but many small businesses do not see the return on investment a rack mounted server will give them. As such, IBM still produces a few decent System x servers in the tower form factor.

The x3200 brother is the rackmounted System x3250. Both of them are IBM’s low end entry systems. The x3200 we sold to our customer was one of more well endowed models, featuring redundant power supplies and hot plug SAS disks.

The disks come in a standard 3.5″ form factor, there are no 2.5″ models available (which makes sense, as towers are not really space constrained, which is clearly visible when looking at the x3200 bulky frame).

The exact configuration ordered:

• System x3250 Xeon 2.13Ghz DC, with 2×512MB Base Memory, 3.5″ HP SAS, redundant PSU
• 2x 72GB 10kRPM SAS

Unpacking and opening

The machine was shipped in a box where you’d have thought it contains a 5 year old desktop PC, meaning it was a bit bigger than the Lenovo ThinkCentre tower shipping boxes. As always, removing the machines from these boxes is not as fun when you’re alone, because the styropor sticks to the machine.

Another thing to note is that the machine shipping without any power cables, which is normally not the case. But this might’ve been a mixup at our distributor.

The machine itself is big and bulky (exactly as it looks on the photos), but the case is very well done, much better than the xSeries 226 had. Everything is tool less, and the opening mechanisms for the front and side cover work nicely, and fit like a glove when putting them back on.

Interiors

Even though this is a budget machine, the interior is done rather well. The cables are packed together nicely, and the system has room for expansion. 4x 3.5″ HP SAS disk trays, 3 PCI slots, 2 PCI-E Slots (1x, 4x). The LSI Logic SAS RAID Controller is mounted directly on the mainboard, saving expansion slots. Again, this machine only accepts 4 DIMMs, which aren’t that accessible. But this isn’t a huge problem, as maintenance on tower models has always been awkward and finicky - that’s what rack servers are for.

The machine isn’t quiet, but it isn’t loud either. I wouldn’t mind having it in my office, the noise is not a high pitched scream like you usually get from a 1U rack server. There is no inline documentation like IBM usually provides with their rack mount servers, and there’s no LightPath diagnostics either. That’s perfectly normal for this price.

What isn’t usual for this price class is the fact that this machine has redundant power supplies. While this is the norm for more expensive servers, it isn’t for entry level servers. The redundant power supplies do not cost a lot more than the normal model, and it’s always nice to have redundant power (as UPSes account for a large number of power failures, at least here in Switzerland).

Installing options

We only got a few disks with the machine, and installing them was a breeze. They are hid behind an easily openable lid, and come in a standard IBM hotplug mounting tray.

The machine we received had horrible outdated firmware, so the first step was to get everything up to speed. This worked fine with an USB floppy drive, as IBMs Update CD’s weren’t current (again). I still think there should be some method that does all this whole box-update thing via the internet. Not sure how this could be implemented without astronomic cost, but i still want it.

The Onboard LSI Logic RAID Controller supports mirroring and striping, and brings it’s own horrible management software - it’s not an IBM ServeRAID family controller. I didn’t even find a way to automatically send mails in case of a disk failure.

Booting the server

We’ve installed Windows Server 2003 R2 SP2 on this machine, not using the ServerGuide procedure. Again, the install went through without any problems after supplying the LSI Logic driver on an USB floppy. I’m still waiting for Windows Server 2008 which will make this a lot easier with it’s Windows PE 2.0 based installer.

As far as my first impressions went, the disk performance is very good. It’s quite noticeable if you use 10kRPM SAS disks against 7.2kRPM SATA disks.

Resumee

Even though it’s a budget machine, the build quality and the features of the System x3200 are quite impressive (i really, really liked two PSUs in such a small machine). I still don’t like tower machines, but the System x3200 is worth it’s money if you don’t have a rack at a given location. The system is very well designed, and could even serve as a small business server for a very small business.

Also, the obligatory plug to DATALINE AG which sells this server and other IBM System x or System i servers.

McAfee ProtectionPilot can deploy hotfixes for VirusScan. The error handling for this is rather buggy, though.

If the installation of a hotfix fails, you will not notice that from the management console or from the agent logs. The agent logs will still say that the current hotfix is installed.

Product(s) running latest hotfix 15.

Pay attention to the information that can be accessed by using a right click on the tray icon - it shows the real version of VirusScan and it’s current hotfix level. I’ve found no why to retrieve the hotfix level using the McAfee ProtectionPilot console, but this information might be contained within the ePO database used by PRP.

Installing hotfixes manually is trivial, but it can fail if the original .msi file is missing (i’ve seen this happening on a few machines, and never found out why). The VSE800.msi should be in %PROGRAMFILES%\Network Associates\VirusScan\RepairCache. If it isn’t, retrieve it from another machine at the same path, or from within the self extracting setup.exe that can be downloaded from mcafee.com with your grant number or is found in your PRP repository.

Today i’ve encountered a very interesting problem that’s very hard to track down exactly.

A small business customer was running an Exchange 2003 server behind a ZyXEL ZyWALL 5 with AntiSpam installed and enabled. The ZyWALL forwarded port 25 to the Exchange server. This worked, for the most, flawlessly. But a few hosts (i’ve found no distinct differences between the source hosts - ADSL, Leased Lines, Colocated, Europe, USA) failed to get an SMTP greeting (220 customer.example.com Microsoft ESMTP MAIL Service, Version: 6.0.xx ready at Thu, xx Sep 2007 xx:xx:xx +0200).

When i disabled the Anti-Spam and pressed enter (in a telnet session to port 25), the SMTP greeting appeared. If anti-spam was enabled, it never appeared. But that didn’t help - Postfix still couldn’t send mails:

postfix/smtp[25010]: C65AA88075: conversation with customer.example.com[256.256.256.256] timed out while receiving the initial server greeting

I’ve looked at every setting on both the ZyWALL and the Exchange server, but didn’t find any unusual DNS etc. setting. I even disabled all the DNS lookups done on the Exchange server, but to no avail.

But after upgrading the ZyXEL ZyWALL 5’s firmware to the latest version (V4.02(XD.2)), the problem disappeared. While this wasn’t exactly what i was hoping for, at least the problem was now solved.

If you need to the type and serial number of a Lenovo ThinkPad or ThinkCentre, use these two quick WMI commands:

C:\Windows\system32>wmic /node:"HOST" bios get serialnumber
SerialNumber
L3BXXXXX

C:\Windows\system32>wmic /node:"HOST" baseboard get product
Product
646065G

Replace HOST with the hostname of the machine you want to check on. The ” ” are important, so don’t leave them out.

Office is available as a trial version for download, and as a preinstalled trial called Office Ready PC.

Both a trial versions of office, but there is a very, very important difference:

Office Ready preinstallations accept MLK keys.

The downloadable trial version does not accept them.

If you have a new computer and bought an MLK package, you’re out of luck. Consult a local hardware reseller which has an Office Preinstallation Kit (OPK).

Windows Vista has been available for consumers since more than half a year - longer for companies and IT professionals.

Are you using Vista on your Desktop yet? No matter what you think of Windows Vista, you should already be using it right now. If you don’t think you’ll ever migrate to Windows Vista, you should start evaluating your alternatives now - and not when mainstream support for Windows XP ends in a few years.

Windows Vista is the next stop in the Microsoft desktop operating system part. I’ll agree that Vista still has some smaller quirks to be sorted out, but the main problem are 3rd party apps made by lazy idiots based upon technology from before 2000. If you’re working in IT, you should start getting used to Windows Vista now, even if you read and heard bad things.

Vista offers many great improvements - none of them are revolutionary, but they definitely make Windows a better platform. These are not the features advertised on TV, or debated in forums - but instead the deployment process which was just awkward under Windows XP and it’s predecessors, and many management improvements.