Unity Migration Blog

The following URL might be helpful when working with Windows Firewall settings via APIs from Microsoft:

MSDN Library APIs for Windows Firewall

Quick change management re: the wolfjeers server.
I installed the HP Web JetAdmin 10 on it, working with Jesse. It was horrible, so I've disabled it and closed port 8000.

The software is still installed but should be inactive.

This month's issue of TechNet Magazine has a nice article giving an overview of the capabilities of Microsoft's OS deployment tools. The article is entitled "Deploying Windows Vista with BDD 2007" but the same methods can also be used to deploy Windows XP. The article describes the automated processes and tools Microsoft supplies to create images, customize images, manage drivers, apply updates, etc. I gave a "dog and pony" presentation covering the same material at one of our Microsys planning meetings a while ago but this article does a better job.

These features are being used to deploy our pilot environment. These features were also used to easily create an unattended Vista installation image which is used to reinstall Vista over and over again to keep the KMS count up.

The components described in the article are installed and operational on WDS00 if you want to take a look.

Here's the link:
http://www.microsoft.com/technet/technetmag/issues/2007/09/BDD/default.aspx

With things slowing down with fall installs, I was able to get back to some older projects. FYI, Yesterday we had 88 new WolfPrep machines installed, and in the last 7 Days, 1068.

SSLBridge

Back in October, 2006 I thought that I had found a remote access solution for SMB filesystems that would solve all of our problems, and fold the napkins nicely, too. I installed SSLBridge this week, and fear I must call it a "miss." The AJAX interface is beautiful, but it seems to be very dependent on netbios naming, and choked on our servers that report their names using full DNS syntax. It also seemed hard coded to use NTLM/NTLMv2 and never negotiate kerberos. Too bad.

WINS

At the last staff meeting, we decided we needed to deliver consistent WINS information to all the clients/servers as long as we needed WINS at all. You can have redundant WINS Servers, so I've got it installed on DC00 and DC01 so we have fault tolderance, and they are replicating information to each other.

You don't seem to be able to set WINS info via GPO, just via DHCP. I ran a wee script to set the WINS server info on our hosts, but a reboot is required so most of them haven't updated yet.

I plan to adjust the "PXE-All" QIP template, add the WINS info to WolfPrep.

Drupal.unity.ad.ncsu.edu

I got drupal working with Unity authentication, rich text editing, and have started learning how to craft a n "online book." It rocks -- I'm so excited. Check out drupal.unity.ad.ncsu.edu
I plan to look at some of the calendar/event (sign up for classes seems in the bag), bug tracking, and project management modules.

RPC Error Fixed
Fixed RPC problem on SCRIPTS00. Details were posted HERE.

There are many "Troubleshooting RPC Server is Unavailable" documents floating around. Microsoft's KB224370 article led me to check DNS, even though netdiag didn't show any problem.

The account management script is working properly now.

KMS Issues
We received a note from CED that they were having problems because the n-count on the KMS server was too low. I reinstalled Vista 20 times using 4 machines to get the count to 34.

There are still some issues to be worked out. The Friday Institute has at least 1 machine that went into reduced functionality mode. Even though our KMS server is OK now, I don't believe they can use it to reactivate the RFM machine because they can't run scripts on the machine. I don't think their DNS zone is configured to for automatic KMS discovery so the machine can't find the KMS server. The only option is to obtain a MAK key to reactivate the machine.

Unattended Vista Installation
I used Microsoft's WAIK and BDD 2007 tools to create an unattended Vista installation DVD. This made the Vista/KMS installations much less burdonsome.

The process was relatively easy. If you open up Deployment Workbench on WDS00, you'll see a deployment point called MEDIA. The unattended configuration lives under the "Rules" tab. It was pretty-much copied and pasted from the documentation for the WAIK. Machines installed using the current configuration are not added to the domain because there is no reason to do so.

The installation includes some additional drivers. Vista does not include 3Com drivers which means you have to manually install them on GX400's. The drivers were added using the built-in driver management features in Deployment Workbench.

Deployment Workbench automatically creates an ISO image configured as you like. The ISO image for the unattended Vista installation is at:
\\wds00.unity.ad.ncsu.edu\Media$

NAL Apps
All of the NAL apps I worked on have been shipped.

I added a key to ShowAllUnityApps called AcrobatReader and changed the Acrobat Reader app.

I worked a little more on trying to get Adobe CS3 to install using GPOs. I thought I was close. I can install the components using the MSI files and GPOs but it won't add the serial number information. Adobe uses a bunch of XML files to configure things. It's beyond craptastic.

The RPC Server Unavailable error on SCRIPTS00 has been fixed. I believe the problem occurred because of how the DNS suffix search order was configured. It was set to only search unity.ad.ncsu.edu. I changed it to search unity.ad.ncsu.edu, ad.ncsu.edu, and unity.ncsu.edu.

The account management script is running every 5 minutes again.

Well, it's a good news/bad news kinda thing. Patch Tuesday caused web00 to reboot, and for some reason once again it failed to restart it's apache service. This caused the microsys web page to be off the air. :-(

The good news is that nagios caught both the fact that some Windows services failed to start, and that http was unavailable. It showed red on the server status grid as http is the critical service on web00.

I think it's time to move web00 at least into "production" status with operations, so we can get pages about this sort of 'service down, but server is pingable' outage. Any thoughts?

Folks,

FYI, I've created organizations under "Organizations" and "Unity Computers" for ETSS_CS and ETSS_CS_DEV for a project Debbie and John Garcia of ETSS are working on.

In the next few days, I'll be forging a locker for them as well.

The Help folder in the NAL is very cluttered and potentially not very helpful to end users. Some of the items are possibly outdated. Here are some suggestions about what to keep and kill. I'd like to do this tomorrow unless there are objections.

Things to get rid of in the "Help" folder:

KEEP:
- Change Password
- Check Profile Quota
- Help @ NC State
- Remedy 7.1
- Unity Print Quota
- Workstation Name

ADD:
- Quota Manager (shortcut to SysNews Quota Manager tool)

DELETE:
- Allow Users To Restart Novell Services
- Change AV parent to UNI05NT (forcerun)
- Check IMAP Quota (doesn't work)
- NAI Stinger (virus scanner)
- Novarg (MyDoom) Removal Tool
- PSInfo (PC Patch Info)
- SAS Fonts - refresh
- Sasser Removal Tool (Microsoft)
- Sasser Removal Tool (Symantec)
- Start Key Client

In the future, tools that aren't part of our standard set of Unity tools, like virus scanners, etc. would go in a subfolder called "Utilities".

Well, I was hoping to be able to include Novell's Zen 7 SP 1 Hot Patch 6 in the Fall WolfPrep CD-ROM, but alas! It has defeated me.

Released on the 31st of July, I had hoped that it would be 'fresh' enough to boot Dell 745 workstations with their SATA controllers in pure SATA mode.

I'll have a patched version of the existing CD-ROM, configured to read from the new Wolfprep volume on the Zen imaging server, but it won't have any of the zippy new features I was hoping to add.