Garry Martin dropped me a line to let me know that (finally), the Sysinternals troubleshooting utilities have been rolled into a suite for download from the Microsoft TechNet website. Furthermore, this 8MB download is free of charge.
This will probably be one of the most-reported news items of the year (and I don’t really do news) but Microsoft released Windows Server 2008 to manufacturing yesterday (in the middle of the night here).
I’m not sure quite how widely available the images are at the time of writing but beta testers can certainly download a copy from Microsoft Connect for the next 30 29 days and I’m told it’s also available to MSDN subscribers, as is Windows Vista SP1. I expect the product will also be made available to volume license customers over the next few days (if not already). There’s more information on Windows Server 2008 elsewhere on this site (and in the Microsoft press release).
The official launch date is still 27 February 2008, and in the UK the main customer event is planned for 19 March at the ICC in Birmingham. The various user groups are also in the process of planning a community launch event for 8/9 April at Microsoft’s UK Campus with session planning currently in progress – I’ll post more information as it becomes available.
Sometimes it feels as though the UK IT Pro community is a very small place and I’m always pleased to hear from people that I consider to be experts in their field; however last Friday’s e-mail from Richard Siddaway knocked me for six.
Scotty McLeod, leader of the Windows Server UK User Group, was involved in a horrific accident last Wednesday night and is currently fighting for his life in hospital. I still can’t quite comprehend what’s happened (hence the reason it’s taken so long to write this post) but I’m sure that there are many readers of this blog who know Scotty (many better than I do) and will join me in wishing him a speedy recovery.
Dmitry Sotnikov is keeping a post on his blog updated with the latest news on Scotty’s progress.
In the meantime, my thoughts are with Scotty and his family. Get well soon.
The new server that I bought recently has a huge case with loads of room for expansion and that got me thinking about all which components I already had that I could reuse. DVD±RW dual layer recorder from the old PC, 500GB SATA hard disk from my external drive (swapped for the 250GB disk supplied with the server), couple of extra NICs… "oh, hang on. Those NICs look like PCI cards and I can only see a single PCI slot. Ah!".
I decided to RTFM and, according to the technical specifications, my server has 5 IO slots (all full-height, full length) as follows:
I knew that the spare NICs I had were PCI cards but would they fit in a PCI-X slot? Yes, as it happens.
I found a really useful article about avoiding PCI problems that explained to me the differences between various peripheral component interconnect (PCI) card formats and it turned out not to be as big an issue as I first thought. It seems that the PCI specification allows for two signalling voltages (3.3v and 5v) as well as different bus widths (32- or 64-bit). 32-bit cards have 124 pins whilst 64-bit cards have 184 pins; however to indicate which signalling voltage is supported, notches are used at different points on the card – 5V cards have the notch at pin positions 50 and 51 whilst 3.3V cards have the notch closer to the backplate at pin positions 12 and 13. Furthermore, some cards (like the NICs I wanted to use)
have notches in both positions (known as universal cards), indicating that they will work at either signalling voltage. Meanwhile, PCI-X (PCI eXtended) is a development of PCI and, whilst offering higher speeds and a longer, 64-bit, connection slot, is also backwards-compatible with PCI cards allowing me to use my universal PCI card in a PCI-X slot (albeit slowing the whole bus down to 32-bit 33MHz). PCIe (PCI Express) is a different standard, with a radically different connector and a serial (switched) architecture (HowStuffWorks has a great explanation of this). My system has a single lane (1x) and an 8-lane (8x) connector, but 1x and 4x PCIe cards will work in the 8x slot.
This illustration shows the various slot types on my motherboard, an 8x PCIe at the top, then a 1x PCIe, two 64-bit PCI-X slots and, finally, one legacy 32-bit 5V PCI slot.
After adding the extra NICs (one in the 32-bit legacy 33MHz slot and the other in one of the PCI-X slots) everything seemed to fit without resorting to the use of heavy tools and when I switched on the computer it seemed to boot up normally, without any pops, bangs or a puffs of smoke. All that was needed was to get some drivers for Windows Server 2008 (these are old 100Mbps cards that have been sitting in my "box of PC bits" for a long time now). Windows Device Manager reported the vendor and device IDs as 8086 and 1229 respectively (I already knew from the first half of the MAC address that these were Intel NICs), from which I could track down the vendor and device details and find that device 1229 is an 82550/1/7/8/9 EtherExpress PRO/100(B) Ethernet Adapter. Despite this being a discontinued product, searching the Intel Download Center turned up a suitable Windows Vista (64-bit) driver that was backwards compatible with the Intel 82550 Fast Ethernet Controller and I soon had the NICs up and running in Windows Server 2008, reporting themselves as Intel PRO/100+ Management Adapters (including various custom property pages provided by Intel for teaming, VLAN support, link speed, power management and boot options).
So, it seems that, despite the variety of formats, not having exactly the right PCI slot is not necessarily an issue. PCI Express is an entirely different issue but, for now, my 32-bit universal PCI card is working fine in a 64-bit PCI-X slot.
Sometimes I get criticised for writing positively about Microsoft products and being critical of Apple – hey, with the MacBook Air, it’s hard not to notice the lack of substance – what next? an invisible Apple notebook? (thanks to Alex for sending me that – and he used to evangelise almost everything that Cupertino produced before Apple products started to get popular and they began putting shareholders ahead of customers). I like to think that I’m pretty objective but then again my day job does involve consulting on Microsoft technologies so just in case there is any bias around here I thought I’d redress the balance with a little spoof about some Windows Vista SP1 source code that seems to have escaped into the public domain:
/*
TOP SECRET Microsoft(c) Project:Longhorn(TM) SP1
Estimated release date: 2008
*/
#include "win95.h"
#include "win98.h"
#include "leopard.h"
char chew_up_some_ram[10000000];
void main() {
while(!CRASHED) {
if(first_time_install) {
make_10_gigabyte_swapfile();
do_nothing_loop();
search_and_destroy(FIREFOX|OPENOFFICEORG|ANYTHING_GOOGLE);
hang_system();
}
if(still_not_crashed) {
basically_run_windows_xp();
do_nothing_loop();
}
}
if(!DX10GPU()) {
set_graphics(aero, very_slow);
set_mouse(reaction, sometimes);
}
//printf("Welcome to Windows 2000");
//printf("Welcome to Windows XP");
printf("Welcome to Windows Vista");
while(something) {
sleep(10);
get_user_input();
sleep(10);
act_on_user_input();
sleep(10);
flicker_led_promisingly(hard_disk);
}
create_general_protection_fault();
}
(I got this from multiple sources but they all seem to lead back to a Linux Format advert for TechRadar).
Now, the reason I’m posting this is that most Microsofties can appreciate the geek humour and have a chuckle. Sadly the Linux guys at FedoraForum chose to demonstrate their geekdom by descending into discussions of “the M$ tax” and other such ramblings in the vein of “my operating system is better than your operating system”. Yawn! One even commented that slow Vista sales were good for Linux (hmm… how’s that then? There may be a Mac revival going on in the consumer marketplace but I haven’t heard about a massive defection of dissatisfied Windows Vista users moving to Linux – quite the opposite in fact with many people simply reverting to using a familiar Windows XP installation).
I wrote over a year back how, rightly or wrongly, Windows XP would be around for a while yet and with Vista SP1 just around the corner it really does feel as though corporate customers are starting to get ready for Vista now. Personally, I’m looking forward to getting my grubby paws on a beta of Windows 7 (hopefully later this year).
Much of what I write on this blog is based upon my experiences as a consultant/infrastructure architect for a leading IT Services company but as my day job becomes less technical there’s an increasing amount written based on the time I spend working with technology on my home network. markwilson.it doesn’t have a large IT budget and it’s become increasingly apparent that my pile of aging, but rather good, Compaq Evo D5xx SFF PCs no longer provides the hardware features that I need. Consequently, I needed to buy a small server – ideally a dual-socket machine, with quad-core CPUs and up to 16GB of RAM (I had a couple of spare 500GB SATA hard disks to re-use and also some spare NICs). I didn’t have an exact figure in mind, but was hoping to spend no more than £500-600 and knew that specification would probably be too expensive but then I found an offer on the Dell website for a PowerEdge 840 – starting at £179 plus VAT and shipping.
The PowerEdge 840 is more like a workstation than a server but it has the option to upgrade the standard dual-core Intel Pentium processor to a dual- or quad-core Xeon. For a dual-socket machine with the ability to go up to 16GB of memory I’d have needed to move up to a more expensive model but the PowerEdge 840 specification would give me what I need to set up a XenExpress or Windows Hyper-V Server server for evaluating products and running the basic markwilson.it infrastructure (everything except the website, which is hosted for me by ascomi).
I haven’t bought a PC for years (except my Mac Mini) and didn’t feel confident to make the right selections, so I called a trusted colleague, Garry, who may be a CTO now but still gets techie as required! He gave me some great advice for keeping the costs down – and these are equally applicable to any major OEM PC/Server purchase:
Following Garry’s advice, I could see that by sticking with the basic memory and disk options (being ready to take them out when it arrives), I could buy larger components elsewhere and still save money. I upped the CPU spec, but left the rest of the system almost at the basic level with 512MB of RAM, one 80GB disk (to take out and use elsewhere – or even just give it away) and one 250GB disk (to downgrade my external hard drive and use the 500GB disk from that instead). I stuck with the basic DVD-ROM drive (I’ll take the writer from one of the PCs that this server will replace) and rejected options for floppy disk drive, modem, additional NICs, tape backup, UPS, etc. as I already have these things at home. I also rejected options for RAID controllers as I can pick up a less capable but inexpensive SATA RAID controller elsewhere. Finally, I said no to operating system and backup software – whilst Small Business Server 2003 R2 may have been nice, Windows Hyper-V Server will only be a few pounds when it releases later this year and XenExpress is free. As I’m not in the market for Windows Server 2003/2008 Enterprise or Datacenter editions I’ll have to deal with the guest VM licensing separately – but that’s no different to my current situation.
After this, I had my server ready to order, at a total price (including shipping and VAT) of just under £392 (and around £14 cashback due). Then I started looking at the last part of the solution – 8GB of DDR2 SDRAM. Interestingly, although the PowerEdge 840 supports up to 8GB of RAM, the "build your system" website only lets me choose up to 4GB – in 1GB DIMMs. I needed 2GB DIMMs in order to get the maximum memory installed. Dell would sell me these at a competitive price of £49.02 each but wanted £22.33 to ship four of them to me (total price £218.40). My normal memory supplier () could sell me two 4GB kits (each 2x2GB) for £244.38 (although the price has since fallen to just £164.48) and I could earn cashback on both of these offers but the non-ECC RAM available at sites like eBuyer was much less expensive. According to Crucial, I can install non-ECC RAM in a server that supports ECC, but googling turned up some advice from newegg.com:
"[The] chances [of] a single-bit soft error occurring are about once per 1GB of memory per month of uninterrupted operation. Since most desktop computers do not run 24 hours a day, the chances are not actually that high. For example, if your computer (with 1GB of memory) runs 4 hours a day, the chances of a single-bit soft error happening (when your system is running) is about once every six months. Even should an error occur, it won’t be a big issue for most users as the error bit may not even be accessed at that time. Should the system access the error bit, this little error won’t result in a disaster either – the system may crash, but a restart of the system will fix that. That’s why ECC memory is not a necessity for most home users.
Things are very different when it comes to workstations and servers. To begin with, these systems often utilize multi-gigabytes of memory, and they usually run 24/7 as well. Both of these factors result in increased probability of a soft error. More importantly, an unnoticed error is not tolerable in a mission-critical workstation or server."
[Source: newegg.com article: Do I need ECC and registered memory?]
I decided to use ECC RAM as, even though my server is not mission critical, it will be on 24×7 and running several virtual machines – all of which could be susceptible to memory errors. Dell Technical Support also advised me that non-ECC RAM would cause POST errors.
I still needed to get the best deal I could on memory and Dell were only quoting me for PC2-4200 (533MHz) RAM when the PowerEdge 840 will take PC2-5300 (667MHz) RAM. As the Dell RAM is actually from Kingston, I decided to see what Kingston recommended for the PowerEdge 840 and found that there is a product (KTD-DM8400BE/2G) which is a 667MHz version of the 2GB 240-pin SDRAM that the server uses. Furthermore, I could get it from SMC Direct for £53.55 a module (£219.58 for all four, shipped). Then, Dell Technical Support advised me that there is little advantage in buying the faster RAM as the front-side bus for my Intel Xeon X3210 is 1066MHz and the 2x multiplier matches whereas the 667MHz RAM would match a 1333MHz bus. On that basis, I stuck with the Dell quote, saving myself a fiver and potentially earning some more cashback (actually, I didn’t get cashback because it was a telephone purchase but that was more than offset by Dell waiving the shipping charge as goodwill for the problems I had experienced when buying the server).
So, here I am, a couple of weeks later, with a quad-core system, over a terabyte of storage (after swapping some disks around) and 8GB RAM for less than £575. Buying my RAM separately (even from the same supplier) got me a better deal (although Crucial’s subsequent price drop would have made an even bigger difference) and Garry’s TopCashBack advice saved me some more money. This is how the costs stack up (all including VAT and shipping, where applicable):
| Item | Price |
|---|---|
| Dell PowerEdge 840 server | £391.98 |
| 4 Kingston KTD-DM8400AE/2G DIMMs (from Dell) | £196.08 |
| Additional disks, NICs and CD/DVD writer (sourced from existing PCs) | £0.00 |
| Cashback | -£14.23 |
| Total paid | £573.83 |
Memory specification terms
Memory terms glossary
Before the Apple fanboys call me a hater, I’m not a PC bigot. I’ve written here many times about how a PC is a PC, and that the MacOS X vs. Windows vs. Linux thing has gone too far, with advocates of each platform treating theirs as the one true approach to personal computing with the kind of fervour normally reserved for religious purposes. I also like my Apple hardware and have a Mac, three iPods and an iPhone to prove it (as well as an assortment of Windows and Linux PCs), so I think I can be pretty objective in this area.
Having established my credentials, let me take a few minutes to dissect Steve Jobs’ keynote at the recent Apple Macworld conference and push aside the hype to get down to what Apple’s major announcements for 2008 really mean.
Last year wrote about how didn’t want an iPhone but by the time it launched over here I’d changed my mind (and shunned the touchscreen widescreen iPod that I had originally craved!). This year I wanted either an aluminium MacBook with a PC Express Card slot and upgraded graphics, or a MacBook Pro with a MacBook-style keyboard. The MacBook Air is neither – it’s just a thin, aluminium, MacBook, with reduced functionality and increased price – but I guess the lesson for me is to never say never…
I recently bought a new server in order to consolidate various machines onto one host. The intention here is to license Microsoft Hyper-V Server when it is released but, as that’s not available to me right now, I thought I’d use the latest Windows Server 2008 (Server Core) build with the Hyper-V role enabled. Everything was looking good until I built the server, installed Hyper-V (using the ocsetup Microsoft-Hyper-V command) and realised that although I had a functioning Hyper-V server, I had no way to manage it.
According to the release notes for the Hyper-V beta:
"To manage Hyper-V on a server core installation, you can do the following:
- Use Hyper-V Manager to connect to the server core installation remotely from a full installation of Windows Server 2008 on which the Hyper-V role is installed.
- Use the WMI interface."
I wanted to run Hyper-V on Server Core because my experience of running Virtual Server on Windows Server 2003 has been that patching the host is a major issue involving downtime on each guest virtual machine. Similarly (unless I migrate the workload to another server) applying updates to the parent partition on Hyper-V will also result in downtime in each child partition. By using Server Core, I reduce the size of the attack surface and therefore the likelihood of a critical patch being applicable to my server. If I need another Windows Server 2008 machine with Hyper-V installed just to manage the box then that’s not helping me much – even a version of Hyper-V Manager to run on a Windows client machine and administer the server would be a huge step forward!
I’ve raised a feedback request highlighting this as a potential issue which restricts the scenarios in which Hyper-V will be deployed; however I’m expecting it to be closed as "by design" and therefore not holding out much hope of this getting fixed before product release.
A few weeks back, I spent some time learning about the Microsoft Forefront security products. I’ve written before about Forefront Client Security and intend to write some more posts that go into some detail on the other Forefront products, but I thought I’d start by taking a look at the suite as a whole.
The Forefront suite of applications currently includes a number of products:
Looking first at the client, Forefront Client Security provides virus and spyware protection in a single product for client and server operating systems with updates received using Microsoft Update. That all sounds OK but, for some critics, the natural question to ask is "what does Microsoft know about client security?". Well, it seems that they know quite a lot:
So that’s the client – what about the server products? Based on the former Antigen products gained with Microsoft’s acquisition of Sybari Software there are currently two products carrying the Forefront brand name – plus Microsoft Antigen for Instant Messaging (to be replaced with an OCS-compatible product under the Forefront banner). Making use of multiple anti-virus engines, the Forefront Server Security products provide realtime and manual scanning for messaging and collaboration products.
Finally, at the edge, ISA Server has been with us since 2000 (we had Proxy Server before then) and has become a well-respected application-level firewall and proxy server that is available in both software-only and appliance formats. Intelligent Application Gateway (IAG) is a newer product, built around ISA Server by another company that Microsoft recently acquired – Whale Communications. IAG provides SSL VPN capabilities, combined with a detailed understanding of how applications work (positive logic) in order to ensure that only valid traffic is allowed to cross the network boundary. Whilst IAG is currently only available in appliance format, with Microsoft being a software company I can’t help feeling that a version of IAG will be released in software form at some point in the future.
Unfortunately, this mix of products from different backgrounds means that Forefront doesn’t feel as tightly integrated as some other product suites (e.g. Microsoft Office) but that is changing as the components are updated. In addition, Microsoft has announced a product (codenamed Stirling) which they are touting as:
"[…] a single product that delivers unified security management and reporting with comprehensive, coordinated protection across clients, server applications, and the network edge. Through its deep integration with the existing infrastructure, such as Microsoft Active Directory and Microsoft System Center, customers can reduce complexity, making it easier to achieve a more secure and well-managed infrastructure."
For anyone looking at purchasing Forefront products, Software Assurance (SA) might not be a bad choice as there are new versions of IAG planned based on the forthcoming ISA Server codename Nitrogen and ISA Server codename Oxygen products (don’t quote me on this as information is a little sketchy on these!) and further updates planned across the Forefront suite.
IT security is no longer an afterthought and has become an integral part of any organisation’s IT infrastructure. I’m impressed by the range of options that Microsoft can provide in the Forefront suite and, if they can convince critics that they have a credible range of products (they are currently suffering from "the Škoda badge problem"), then over time I expect to see Microsoft take a dominant position in Windows Server security.
Back in October, I started to look at the next version of Microsoft’s server operating system – Windows Server 2008. In that post I concentrated on two of the new technologies – Server Core and Windows Server Virtualization (since renamed as Hyper-V).
For those who have installed previous versions of Windows Server, Windows Server 2008 setup will be totally new. Windows Vista users will be familiar with some of the concepts, but Windows Server takes things a step further with simplified configuration and role-based administration.
Using a technology known as Windows PE, the new setup model allows multiple builds to be stored in a single image (using the .WIM file format). Because many of these builds will share the same files, single instance storage is used to reduce the volume of disk space required, allowing six operating system versions to fit into one DVD image (with plenty of free space).
The first stage of the setup process is about collecting information. Windows Setup now asks fewer questions and instead of being spread throughout the process (anybody ever left a server installation running and then returned to find it had stopped half way through for input of some networking details?) the information is all gathered at this first stage in the process. After gathering details for the language, time and currency, keyboard, product key (which can be left and entered later), version of Windows to install, license agreement and selection of a disk on which to install the operating system (including options for disk management), Windows Setup is ready to begin the installation. Incidentally, it’s probably worth noting that SATA disk controllers have been problematic when setting up previous versions of Windows. Windows Server 2008 had no issues with the motherboard SATA controller on the Dell server that I used for my research.
After collecting information, Windows Setup moves on to the actual installation. This consists of copying files, expanding files (which took about 10 minutes on my system), installing features, installing updates, two reboots and completing installation. One final reboot brings the system up to the login screen after which Windows is installed. On my server (with a fast processor, but only 512MB of RAM) the whole process took around 20 minutes.
At this point you may be wondering where the computer name, domain name, etc. is entered. Windows Setup initially installs the server into a workgroup (called WORKGROUP) and uses an automatically generated computer name. The Administrator password must be changed at first logon, after which the desktop is prepared and loaded.
Windows Server 2003 included an HTML application called the Configure Your Server Wizard and service pack 1 added the post-setup security updates (PSSU) functionality to allow the application of updates before enabling non-essential services. In Windows Server 2008 this is enhanced with a feature called the Initial Tasks Configuration Wizard. This takes an administrator through the final steps in setup (or initial tasks in configuration):
Roles and Features are an important change in Windows Server 2008. The enhanced role-based administration model provides a simple approach for an administrator to install Windows components and configure the firewall to allow access in a secure manner. At release candidate 1 (RC1), Windows Server 2008 includes 17 roles (e.g. Active Directory Domain Services, DHCP Server, DNS Server, Web Server, etc.) and 35 features (e.g. failover clustering, .NET Framework 3.0, Telnet Server, Windows PowerShell).
Finally, all of the initial configuration tasks can be saved as HTML for printing, storage, or e-mailing (e.g. to a configuration management system).
Although Windows Server 2008 includes many familiar Microsoft Management Console snap-ins, it includes a new console which is intended to act as a central point of administration – Server Manager. Broken out into Roles, Features, Diagnostics (Event Viewer, Reliability and Performance, and Device Manager), Configuration (Task Scheduler, Windows Firewall with Advanced Security, Services, WMI Control and Local Users and Groups)and Storage (Windows Server Backup and Disk Management), Server Manager provides most of the information that an administrator needs – all in one place.
It’s worth noting that the Initial Tasks Configuration Wizard and Server Manager do not apply for Server Core installations. Server Manager can be used to remotely administer a computer running Server Core, or hardcore administrators can configure the server from the command line.
So that’s Windows Server 2008 setup and configuration in a nutshell. Greatly simplified. More secure. Much faster.
Of course, there are options for customising Windows images and pre-defining setup options but these are beyond the scope of this article. Further information can be found elsewhere on the ‘net – I recommend starting with the Microsoft Deployment Getting Started Guide.
Windows Server 2008 will be launched on 27 February 2008. It seems unlikely that it will be available for purchase in stores at that time; however corporate users with volume license agreements should have access to the final code by then. In the meantime, it’s worth checking out Microsoft’s Windows Server 2008 website and the Windows Server UK User Group.
[This post originally appeared on the Seriosoft blog, under the pseudonym Mark James.]