Author: JamesNT

The Dangers of Giving Vendors too much Power

JamesNT General Commentary

Back in the 90’s I worked for Sonoco. The capital project I was on was to install a new maintenance management software in an entire division of the company in order to, mostly, bring down the cost of spare parts inventory. During this project, many ideas for costs savings came up. One of them was that vendor reps should maintain parts usage history and stock the parts we bought for them in the parts room for us. I voice my concerns but since I was just a kid in my 20’s at the time with no college degree, I was promptly ignored and told to shut up.

This turned out to be a monumentally horrible idea as I predicted. Here’s why:

  • Let’s assume your vendor is a good guy. He’s only out for the benefit of you, the client and he wants to keep you as a client. Well, obviously, the last thing he wants is for you to run out of parts otherwise your machines will go down and you’ll yell at him. So the vendor may decide that, just to be on the safe side, he may need to stock a few extra bearings here and a few extra sprockets there because “you never know when they might have a spike in parts usage and we need to be careful and plan for those things.”
  • Let’s assume your vendor is a bad guy. He’s about $600 behind on his sales quota for the month and right now he’s not necessarily out to benefit you. So the vendor may decide that, since he’s the one stocking your parts room and you’ll most likely never notice, he may need to stock a few extra bearings here and a few extra sprockets there.

This is the danger of giving vendors too much power over your stuff. It doesn’t matter whether the vendor is a good guy or a bad guy, you’re screwed either way.

JamesNT

My Thoughts on BYOD

JamesNT General Commentary

Bring Your Own Device (BYOD) is one of those new trends I have seen come up in the IT world over the past 2 years.  Basically, the idea is that instead of the company you work for buying you the equipment you need, you just bring your own or you and the company go in half-and-half or something.  Companies like BYOD because it saves them money in equipment.  Why buy an employee an iPad when that employee can just bring their own? 

Like everything else, however, there are some caveats that need to be taken into consideration.  Let’s look at some examples:

  • The employee is using their own laptop for work.  However, their work requires some specialty software so the employer installs this software on the employee’s laptop thereby consuming a user license for that software.  The employee is terminated and now that software must be removed from the laptop.  Because the laptop is the personal property of the employee and that employee has all her tax information and so forth on there, the employee refuses access to the laptop for removal of the software by the company’s IT support.  How does the company reclaim the license?
  • An employee has been using his iPad at the office for months now.  He turns in his two week notice and the current employer finds out the employee is leaving to go work for a competitor.  How can the company search the personal iPad of the employee to determine if he is carrying any proprietary information out the door with him?
  • An employee is using his Lumina 920 Windows Phone to field sales calls.  The employee leaves your company for a competitor that offers more money.  And you now realize that all of your clients have only that employee’s cell phone number as the primary contact for your company.  Since the phone does not belong to the company, there is no way to seize the phone number.
  • An employee has been using his laptop for work for four years now.  You know that employee has lots of company data on that laptop.  One day, the employee comes to work with a brand-new Dell Latitude laptop.  What happened to the old one with all that data on it?  Was the hard drive properly wiped using a D. O. D. compliant shredding software?  Did he just give it to this kids without cleaning off all that proprietary data?

In all the above cases, the company is at a loss.  It is difficult to just search an employee’s personal property without some type of privacy violation which could lead to bigger problems.  Furthermore, an employee who uses their own laptop/computer/smartphone/other device may not consider security at all since the employee views the device as their personal property and not as a vessel of corporate property.  How are security updates getting done, if at all?  What if the employee is allowing friends or other family to use the device to play games or for their own use?

BYOD can be a real money saver in regards to having to purchase equipment.  However, as always the long term costs must also be considered.  Devices that are not under the control of the company yet contain company information can pose true security issues and place the company in a bad situation regarding privacy.  In my opinion, BYOD is a bad idea for most organizations – especially those that are governed by some type of federal regulation such as HIPAA.

Before your company proceeds forward with a BYOD policy, you may wish to consult a lawyer.

JamesNT

WIMFSF.SYS PAGE-FAULT_IN_NONPAGED_AREA

JamesNT Windows Client and Server

If you get this blue screen during installation of Windows, one of the most likely causes is bad media.  Replace your DVD or download a new ISO image.

If you get this error installing Windows 7 in a VMWare Workstation virtual machine, VMWare has that “easy install” feature were you can type in the product key in VMWare’s set up screen before installation of Windows starts (as well as specify username and password).  Make double sure you have a legitimate product key.

image

JamesNT

Handling Truncation in SSIS

JamesNT SQL Server, SSIS

Truncation is what happens when you try to fit a string of one length into a field that holds a string of a shorter length.  In most cases the last characters of your string are cut off so it will fit in the field.  Of course, in the case of SSIS your package will error to a grinding halt if truncation is not explicitly handled.  We see truncation very often in fields such as first name, last name, address, and so forth when moving data from one platform to another.  While there are many ways to handle truncation, I’m going to discuss some of the more common I’ve seen here along with their plusses and minuses.

Approach One:  Use Substring() ,or equivalent function, in your SQL statement to pull out only as many characters as you can handle in the destination.  In the example below, we are using the Mid() function since we are pulling from an Access 2000 database.  The FirstName and LastName fields in the Access database are of length 20 but our destination has those same fields of length 10. 

The pros of this approach is that it is quick and easy and keeps your overall dataflow clean.  You don’t have to worry about getting possible truncation errors during different steps of your dataflow.  All of the “mess” is contained in that one nice and neat little SQL statement. 

The cons of the approach are that you will lose data.  You are forcibly truncating strings, after all.  If someone has a long last name, that name is going to come over with the last few letters missing. 

image

Approach Two:  Use a Data Conversion Task to shorten your strings en route to the destination.  You can either ignore the truncation by configuring so in the Error Output, or you can redirect strings that would be truncated to another table. 

The pros of this approach is it gives you the opportunity to redirect any rows that will be truncated to another table or flat-file for later analysis.  This may be very important for some data where you can’t lose anything.

The con of this approach is it makes your data flow a bit messier.  You will have now the “copy of firstname” and “copy of lastname” columns as shown in the screenshot below and the original firstname and lastname columns.  You can remove unwanted columns by adding a Sort task and not letting them pass through, but again, it’s a bit messy.

image

image

Approach Three:  Attempt to use a script component to shorten the data.  Consider the  following code:

public override void Input0_ProcessInputRow(Input0Buffer Row)
    {
        if (Row.AddressOne.Contains("Avenue"))
        {
            Row.AddressOne.Replace("Avenue", "Ave");
        }
        if (Row.AddressTwo.Contains("Suite"))
        {
            Row.AddressTwo.Replace("Suite", "Ste");
        }
    }

Notice that we are attempting to replace certain words commonly found in addresses with their abbreviations.  This approach is commonly used with approach two so as rows get redirected, more words can be found to be abbreviated thereby cutting down on error.

The pros of this approach is that it can certainly cut down on truncation in a more acceptable way.

The cons of this approach is that it will not work for all data and it can be hard to maintain as you are constantly adding cases to your switch statement or more “if’s” in the case of this example.

Truncation is one of those things that you are guaranteed to deal with when working with data.  Some vendors are certainly more generous with space in their database than others.  Why do some vendors make some string fields so small?  Who knows.  But at least we do have a few options on how to deal with it.  Maybe not perfect options, but options nonetheless.

If anyone has any cool approaches to how they handled truncation, I look forward to reading about them in the comments section or via links to your own blogs.

JamesNT

The Windows Directory Consumes a Lot of Disk Space

JamesNT Windows Client and Server

I got a call from a colleague who was asking why the Windows directory on a Windows Server 2008 R2 machine was taking up almost 40GB of disk space.  I checked one of my servers and noticed almost the same – about 30GB on mine.  He noticed more readily than I did because his Windows install was on a partitioned drive where the C volume was only 60GB.  I, however, do not practice partitioning drives.  If I want more volumes, I get more drives. 

After some research, we noticed that the WinSXS fold was the culprit.  He was about to delete the folder when I asked him to stop.  I found it hard to believe this folder was so large just for the fun of it so I did some research.  I found many blogs and so forth that “tried” to explain the WinSXS folder, but most failed horribly.  As always, if you want the low down you have to go to the source.  I found this post on the Microsoft Ask The Core Team blog that did a fantastic job of explaining the WinSXS folder.  I highly recommend giving this post a full read.  You should also subscribe to the Ask The Core Team blog.

http://blogs.technet.com/b/askcore/archive/2008/09/17/what-is-the-winsxs-directory-in-windows-2008-and-windows-vista-and-why-is-it-so-large.aspx

There are some things you can do to combat this problem.  I recommend the following:

  • Do not partition out a single drive into multiple partitions.  If you want your OS on one volume and your data on another volume, then get multiple drives and place one set of drives in one volume for the OS and the rest of the drives in a volume for data.  For example, you could do a RAID 1 for the OS and a RAID 5 for data.  This way, you’ll always have plenty of room for the OS.  Partitioning one drive into multiple volumes, in my opinion, makes little sense any more.
  • Install only those applications you need on the computer.  The more applications you install, the more your C drive will fill up.  The same is true for Windows features.  Install only those you need.
  • Run the disk cleanup wizard.
  • You can free up some space by removing the roll back files for the last service pack you installed.

That last point bears some discussion.  When you install a service pack for Windows, you can always uninstall it.  This is made possible by the fact that Windows stores copies of the original files replaced by the service pack in the WinSXS folder.  If you have been running the service pack for a while and are very confident you will never need to uninstall it, you can remove the backup files which will make the service pack permanent (you can’t remove it).  On one of my systems, this freed up 10GB of disk space.

For Windows Server 2008 and Windows Vista after installing Service Pack 1:
Open a command prompt and run the command VSP1CLN.EXE.  This file is found in the %windir%\system32\ directory.

For Windows Server 2008 and Windows Vista after installing Service Pack 2:
Open a command prompt and run the command COMPCLN.EXE. This file is found in the %windir%\system32\ directory.

For Windows Server 2008 R2 and Windows 7 after installing Service Pack 1:
Open a command prompt and run the command DSIM.exe /online /Cleanup-Image /spsuperseded

Again, be reminded that should you run any of the commands above, the service pack will become permanent.  You will not be able to uninstall it.  However, you will free up some pretty significant disk space.  Be certain to test on a test machine before running this on a production computer.

JamesNT

Recovering from a Lost SUSDB

JamesNT Other Microsoft Servers, Windows Client and Server

Imagine the following scenario:

  • You installed the Windows Internal Database role on Server 2008 64-bit.
  • You installed the WSUS role on the same server and set it to use the Windows Internal Database.
  • One day, you notice WSUS is not giving out updates and you cannot start the WSUS management console.  It tells you that SQL may not be started on the machine.

If your SUSDB has become corrupt, you cannot access WSUS.  Furthermore, you cannot uninstall WSUS.  And, as if matters can’t get even worse, you cannot uninstall the Windows Internal Database since WSUS is dependent on it.  Fortunately, you can resolve this issue by re-creating the SUSDB.  First, log on to your Windows Internal database using SQL Server Management Studio Express 2005 or higher.  If the SUSDB is listed, then delete it.  You will then need to go to the following location to remove the files:

%windir%\windows\sysmsi\ssee\mssql.2005\mssql\data

Delete the SUSDB database and log file.

Next, open up the following SQL file in SQL Server Management Studio Express and execute it to recreate the database:

%windir%\program files\update services\database\createdatabase.sql

This file will create and empty SUSDB database.  Once this is done, you can now remove WSUS from your server and re-install it if you need it back.  I recommend reinstallation as that will put your settings back in place like you had them.  Remember, the SUSDB you just created is empty with no tables in it.

I hope this information helps.  If anyone has a better solution, please add it to the comments section.

JamesNT

Raymond Chen: The TEMP Directory

JamesNT Windows Client and Server

Mr. Raymond Chen of Microsoft has made an interesting post on his blog regarding the TEMP directory in Windows.  In his post, he states that “The TEMP directory is a dumping ground of random junk.”  He’s quite correct.  Many programs, including installers, use the TEMP directory for storing temporary data.  Unfortunately, there are many programs who use the TEMP directory for permanent storage. 

Obviously, as time moves on, some of these programs are bound to bump heads as they copy files with the same name, etc. to that same directory.  The most common issue I have seen is installations failing because of stuff left behind from previous installs.

Fortunately, there is a fix that I have found works often.  Use the disk cleanup tool in Windows.  Open up Windows Explorer, go to My Computer, and then right-click your C drive and choose Properties.  You should see a button called Disk Cleanup right there on the General tab.  You will want to change some of the options for the Disk Cleanup tool to make sure it does get temporary files. 

Once you run the wizard, you should have a few Gigs back on your drive and the issue with files in the TEMP folder interfering with new installs should be mitigated.

SNAGHTML850d302

JamesNT

SharePoint 2010 Foundation–The Website Declined to Show This Webpage

JamesNT Other Microsoft Servers

After doing an in-place upgrade of SharePoint 3.0 to SharePoint Foundation 2010, you may receive this error on both your SharePoint site and the Central Administration Tool. 

The cause of this problem for me was the application pools in IIS not being set properly after the upgrade.

In IIS 7.0, expand your web server and go to Application Pools.

image

As the picture above indicates, both the SharePoint Central Administration v3 and the SharePoint – 80 application pools are set to “No Managed Code.”  They should be set to .NET Framework version 2.0.50727.  Once you make the change your SharePoint sites should come up.  Do note that it may take a moment for the site to display since the .Net runtime has to be spun up.

JamesNT

Setting Up Multiple VLAN’s in the Juniper SRX

JamesNT Juniper SRX Gateway

By default, the Juniper SRX100 and SRX210 set up fe-0/0/0 as your Internet connection interface and the rest of the interfaces (fe-0/0/1 – fe-0/0/7 on the SRX100) as switching ports on a single vLAN.  It is not uncommon for a network to require more than one vLAN for either political or technical reasons.  For my home, in which I am using a SRX100, I have the reason in that I want my family computers on one vLAN and my Dell T310 server with all my test virtual machines on other vLANs.  This way issues such as my test Small Business Server 2003 machine, with its own DHCP server, will not interfere with other computers which belong to my family (my wife has a mini-laptop, we also have an XBox).  Furthermore, I could go further by setting up a Windows Server 2012 Essentials machine with its own DHCP server as well and it would not interfere with the SBS 2003 virtual machine nor the family machines.  As long as everyone is on their own vLAN, all should be well.

First, type in edit interfaces vlan in the SRX to get to the vLAN interface.  Remember that each physical interface can have many logical interfaces.  Obviously, the vlan interface is not a physical interface (it doesn’t represent a physical interface on the front of the machine) yet the same rule applies nonetheless.  Type the following to create three more vLANs for this interface:

set unit 1 family inet address 192.168.5.1/24

set unit 2 family inet address 192.168.10.1/24

set unit 3 family inet address 192.168.15.1/24

When you type show you should see the following for the current config of your vlan interface (note that unit 0 is the default that was already there):

image

Now, we need to go to the actual vlan settings of the SRX.  Type top to get out of interfaces and back to the top of the configuration tree, then type edit vlans.  Type the following three set commands to create new vlans we will tie into our interface.

set vlan-trust2 vlan-id 4 l3-interface vlan.2

set vlan-trust3 vlan-id 5 l3-interface vlan.3

set vlan-trust4 vlan-id 6 l3-interface vlan.4

If you type show your configuration for vlans should now look like this:

image

Now we must set three interfaces to our new vlans – one to each vlan.  Type top to go to the top of the configuration tree and then type edit interfaces to get back in to the interface list.  For my configuration, I’m going to assign fe-0/0/7 to my fourth vlan, fe-0/0/6 to my third vlan, and fe-0/0/5 to my second vlan.  Type the following:

delete fe-0/0/7 unit 0 family ethernet-switching vlan members vlan-trust

set fe-0/0/7 unit 0 ethernet-switching vlan members vlan-trust4

delete fe-0/0/6 unit 0 family ethernet-switching vlan members vlan-trust

set fe-0/0/6 unit 0 ethernet-switching vlan members vlan-trust3

delete fe-0/0/5 unit 0 family ethernet-switching vlan members vlan-trust

set fe-0/0/5 unit 0 ethernet-switching vlan members vlan-trust2

Our last step is to configure DHCP for one of the vlans.  I need DHCP for only one of the vlans as the other two with have a server such as Windows Server 2012 Essentials as the DHCP server.  Type top to make sure you are at the top of the configuration tree.  Then type edit system services dhcp.

Type the following commands to create a new DHCP scope and assign it to the last vlan:

delete router

set pool 192.168.1.0/24 router 192.168.1.1

set pool 192.168.15.0/24 address-range low 192.168.15.10 high 192.168.15.254

set pool 192.168.15.0/24 router 192.168.15.1

set pool 192.168.15.0/24 propagate-settings fe-0/0/0

Notice we had to delete the original router entry since it was outside the scope of any given pool and, therefore, would have propagated that router setting out to all DHCP scopes.  If you received an error typing that delete command, don’t worry, just type show to see where the router settings entry is.  If is it already in the first first pool, then skip that command and finish setting up the second pool.  After typing show your DHCP should look like this:

image

 

Once you are done with that, do a commit confirmed 5 which will commit your settings but give you 3 minutes to type confirmed again before rolling you back.  This way, if a mistake is made, you will get back to your last known good configuration and can try again.  While waiting your 5 minutes, be sure to connect a computer to the other interfaces on the device to see if they get connectivity.  For those interfaces without DHCP, you’ll need to statically assign an IP address.  Once you verify all is well, type commit again to make the changes permanent before you are rolled back.

We now have three vLANs on our SRX. One vLAN with interfaces fe-0/01 through fe-0/0/4 with DHCP, one at fe-0/0/5 without DHCP, one at fe-0/0/6 without DHCP, and one at fe-0/0/7 with DHCP.  The table below summarizes.

vLAN

Interface

IP Address

DHCP
0 fe-0/0/1 192.168.1.0/24 Yes
  fe-0/0/2 192.168.1.0/24  
  fe-0/0/3 192.168.1.0/24  
  fe-0/0/4 192.168.1.0/24  
1 fe-0/0/5 192.168.5.0/24 No
2 fe-0/0/6 192.168.10.0/24 No
3 fe-0/0/7 192.168.15.0/24 Yes

 

As far as security goes, all the vLANs belong to the trust zone and follow all the policies of that zone.  Later on we will look at putting vLANs into their own zones so we can have more granular control over security.

JamesNT

How Windows Handles Applying Service Packs and Patches

JamesNT General Commentary, Windows Client and Server

My programming god, Raymond Chen, has written an article on TechNet Magazine about how everything is kept straight and organized when you apply security patches and service packs to Windows 7.  It’s a great read.  He doesn’t cover all the details, but he does cover some interesting bits.  Check out the article here:

http://technet.microsoft.com/en-us/magazine/jj712210.aspx

JamesNT