Monday, December 5, 2011

Customer Technology Site Survey

Okay for those of you who are in a similar job function as me will find this a useful tool. We have been attempting to create a step by step guide to first visit to a client site. This would be what we are gathering for all information about the clients current network environment. I would like to get some feed back from people to see what they think. Below are a list of questions that need to answered prior to creating a proposal.

  • Client Name
  • Client Address
  • Contact Name, Email, Phone "Hours they are available"
  • Do they rent or own the building
  • Primary site (Remote site)
  • Site hours of operation
  • If multiple sites their hours, location and contact personel
  • Number of Servers (Operating systems installed)
  • Hardware configuration for each server
  • Switches and configurations of switches
  • Pictures
  • Log in credentials for all servers
  • Verification of backup's
  • Test backup's to ensure all data is being backed up
  • Number of users
  • Number of computers
  • Voice communication is digital/analog/VoIP
  • Wireless configuration (if applicable)
  • ISP (contact information and Account info)
  • Firewall configuration / Access and backup configuration
  • Any additional notes not covered in documentation
This is a start towards a complete and overall view of a clients network. As each site is assessed we will be making changes and I will make those changes here for everyone to view.

Please send me some feed back of additional information that should be added or deleted.


Saturday, September 3, 2011

Clustering using Domain controllers as Nodes! NO!


OK so I was approached by a client that wants total redundancy throughout his environment. I design a network to his request having duplicate systems clustered together. He likes the design and says let start piecing out the parts we need and start to replace some servers. He then asks his onsite developer for his opinion of the design.
Let’s call this guy Joe says why are we having two file servers clustered together and separate servers? I have always seen the domain controller act as the file / profile storage servers. I respond well if we want a fully redundant environment we must run clustering on a file server. Yes Microsoft says it is possible but that does not mean that is the correct way of doing this.
So over a couple more emails about other features of this server environment he gets back on his kick of have the domain controllers act as the cluster nodes for a file share. At this point I am ready to drop the project tell him to have his buddy that obviously knows more than me build his environment for him. As I refuse to build a crap network that I have to support.
Now I want to but since this is my job I wait to respond to him so I can find all of the resources to prove my point without any doubt. This is way I am writing this blog as finding this information is not a one stop shop. Here is where Microsoft states it is possible to run a domain controller as a node in a cluster.

Microsoft’s main reason behind recommending that a domain controller is a node in the cluster is so that the cluster is guaranteed to start every time. There is no chance of failure with not being able to contact a domain controller.
Why Microsoft would you even think that is funny. Now you make all of those unknowing IT gurus think this is the proper way to build a cluster. Without even doing further research as many of them will find one KB say yes this can be done. Lacking all common logic behind having a domain controller as a cluster node they will attempt this. Why can’t Microsoft make this easy on us all and disable clustering on a domain controller. Not only do you make a mess of a situation that has the potential of data loss but also make the lives of techies that know this is wrong much more difficult. Since we will be the ones who have to go behind these so called gurus and clean up their mess. Some things just don’t belong on a domain controller.

http://www.computer-network.net/server-redundancy
In this next article Microsoft recommends against having clustering service and domain controller services running on the same server.
This is located about half way down the page next to the second bullet point. If this is the case why would Microsoft even let these two services run on the same system? They are the developers and I understand that they want to keep everything open to multiple environments but if you need clustering services. Then you should be able to afford multiple systems to implement this kind of design.

I could continue going on about this but bottom line just because it is possible to run clustering services on a domain controller does not mean it is a best practice. The main point of clustering is so that those resources are up and available regardless if a server fails. Having these services running on a domain controller is just bad practice and can open additional vulnerabilities to system failures. Not only that but he goes against the idea behind having a high availability environment.

Here is a good link to a site that has additional information on why Domain controllers should not be Cluster nodes. Cluster Help

Tuesday, August 16, 2011

Exchange 2010 Could Not find default Administrative Group

A co-worker asked me to install Exchange 2010 in one of our client environments today. He stated that their old managed services team attempted to migrate this client to Exchange 2010 but failed. They had already installed Exchange 2010 but it was not working properly. He had used ADSIedit to remove all existence of any Exchange 2010.

Trusting this I dove head first into the project of installing Exchange 2010 into their environment. I deployed two new VM servers that will host the CAS and HUB role. I installed all the prerequisites for Exchange 2010. Everything cleared the system check and I had all green check marks. So I assumed all would be a snap install. I was sadly mistaken! =(
I received this error below.



Error:
The following error was generated when “$error.Clear();
If ($server –eq $null)
{
New-exchangeserver –DomainController $RoleDomainController –
Name$RoleNetBIOSName
}
“was run: “Could not find the default Administrative Group ‘Exchange Administrative Group (FYDIBOHF23SPDLT)’.”.

Could not find the default Administrative Group ‘Exchange Administrative
Group (FYDIBOHF23SPDLT)’.

Click here for help…


So I clicked here for help and I got a page from Microsoft there is a “Help Resources for Errors!” no help here but don’t fret you can post on our forums and someone can help you. Now what kind of answer is this from Microsoft REALLY! Someone has to have an answer to my problem. So I hit my best friend in the world Google! Cause well that’s were all the answers are found. (I have tried Bing! And I find I get better results from Google).

Low in behold there is some prep work that needs to be done! So what is happening is that the old Exchange environment is still showing up in the schema and forest setting. What needs to happen is a prep step to clear out and reset those settings. Since this installation is attempting to connect to ‘Exchange Administrative Group (FYDIBOHF23SPDLT)’. Which does not exist as it was removed with ADSIEdit.

So you need to run the following commands to prepare your domain for a new Administrative Group (FYDIBOHF23SPDLT).

From the root of the exchange installation CD run

'SETUP.COM /ps' – Prepares the Active Directory Schema for the Exchange Installation
'SETUP.COM /p' - Prepares the Active Directory forest for the Exchange installation
'SETUP.COM /pd' – Prepares the local domain for the exchange installation

Once these commands have been run at a command prompt you can continue on with your Exchange 2010 installation. Everything should function and install correctly without any errors.

I would like to thanks Microsoft for having some quality documentation that helped me find this solution! (Sarcasm!)