I’ve Made A Huge Mistake

You’re a Mac Admin in the enterprise, so far off to a bad start . One of the nice tools when it works is the Lights Out Management (LOM) that is built into the XServe. You can initially configure this when the OS is being installed but if you want to change settings it can be done by,

Go to /Applications/Server/Server Monitor

Then select Server, Configure Local Machine. Here you can set the IP address to use, the username to access it, and finally which physically Ethernet port to use.  Ok now you want check your nice monitoring locally, so you click Add Server, enter in the IP address and username and password and…. nothing. It doesn’t work. You get “can’t connect to server”. Turns out, that is not what you enter when you are connecting to Server Monitor locally. You need enter 127.0.0.1 as the address and an account that is a  member of the local admins group. How would you possibly know that? You wouldn’t just trial and error.

I want to monitor remotely how do I do that? First know you do not need to enter the IP address that you configured in Server Monitor on the NIC in System Preferences. If you leave the NIC set in System Preferences as using DHCP you’ll be able to still plug in directly for an issue when you can’t connect through ARD. Next you’ll launch Server Monitor and put in the IP Address and username/password you configured in the Server Monitor app.

Also interesting note, if you use the 10.6.3 Server Monitor tools with a 10.5.8 when you lose remote connectivity, a server alert email will be generated. I’ve filled this as a bug with Apple, they recommend to use the Server tools to be the same version of the server.

Firewall Ports- Apple tends to think that everything runs locally on the same subnet at times. In reality we know that’s not true.

623 -UDP

311- TCP

http://support.apple.com/kb/HT2773

Just to clarify Outlook archives items based on modified time not actually sent or received. Ok so what makes an item “modified”? A few things, Forwarding, Replying, Replying All, Editing and Saving, Moving or Copying. Hopefully this solves some mystery around why that was or was not archived.

http://support.microsoft.com/?scid=kb;en-us;197981&x=11&y=11

http://support.microsoft.com/kb/295657

A key change from 10.4 to 10.5 in the file /etc/openldap/ldap.conf is the default setting of TLS_REQCERT. Before it use to have the setting of “never”, now it has a setting of “demand”. This would explain why your EXACT settings in 10.4 worked and now in 10.5 do not. AFP548.com, a fantastic OS X sight has a break down of this with ways to test from the command line. To revert this back to 10.4 settings, just switch the TLS_REQCERT = never

http://www.afp548.com/article.php?story=20071203011158936

I ran into a case where the built in Exchange 2003 monitoring tools were misfiring on alerts that a box that wasn’t even set to be monitoring. In ESM if you go to Tools, Monitoring & Status, Notifications, you can configure a Server to monitor various Exchange issues and alert on Warning/Error. What do you do if you are getting them from a box that isn’t listed?

Turn up the logging on WMI  on the phantom box and see what is going on.

1.) Launch wmimgmt.msc

2.) Right-click on WMI Control (local) an select Properties, click the “Logging”  tab

3.) Set the “Logging level” to verbose

These logs will go to C:\windows\system32\wbem\logs

Take a look through these in namespace //./root/cimv2/Applications/Exchange . This may lead you to the alerts that are being generated via WMI. Once you see the SMTPEVENT those are the ones to go after and delete.

To Remove

1. Click Start, run, type Wbemtest then type root\cimv2\applications\exchange and click “Connect” button

2. Click on ‘Enum Classes’, click the Recursive radio button, click OK.

3. Scroll down until you see _FilterToConsumerBinding class.  Double-click on it.

4. Click the “Instances” button on the right hand side.

5. Chose/highlighted the subscriptions with the name you saw in the log and click on the delete button.

Good luck hopefully this will help you get to the bottom of it.

Time to apply some software updates to your Open Directory infrastructure. So what goes first, the OD Master or the OD Replicas? If its just a system update, you apply updates to the OD Master first, then the OD Replicas.

Building on another post I previous wrote, http://almostdailytech.com/2009/09/11/client-side-software-update-settings-in-10-5/, I ran into an interesting situation. The current architecture was that the Software Update Server was syncing up with Apple to pull down updates that would be approved for the enterprise. It would also see this list of all available updates from Apple if Software Update was run on the SUS server.  However I want my SUS server to point to itself for what updates I approve not see all available updates from Apple. When running the commands from the previous post it would then change the SUS service to use this address for updates. Clearly not what we want. In steps Update Enabler, a GUI tool that you can use to where the host should get its updates from.

http://www.allocinit.net/apps/suenabler/

Another interesting issue I found was when setting the host to point to itself for approved updates by using the FQDN or IP address it would not work. The solution, http://127.0.0.1:8088/index.sucatalog. Now it see only updates that are approved in the SUS service like every other client.

A “short” 211 page Word doc from Microsoft on what is new in 2008 R2 compared to 2008. Don’t worry each section is only a few pages in length and has links to more information. If you need to get caught up quick this is a good place to start before you have more time to dive into the always great Technet documentation.

http://download.microsoft.com/download/0/2/7/027AF805-BF69-4C8D-B827-392E55ED969D/Changes%20in%20Functionality%20in%20Windows%20Server%202008%20R2.doc

Well it’s been a bit of time since I wrote something so I guess I better put something up right. A key infrastructure component if you run Vista in the enterprise (all 5 of you) or will soon be running Win 7/Server 2008/Server 2008 R2/Office 2010, and if you have more than about 30 computers, you will probably be putting a KMS server or servers in place (what if one fails you need redundancy right!). It’s fairly straight forward but what about when it doesn’t work? What does all that mean when you run slmgr.vbs /dlv ? Sure seems like lots of info in there. What about the event viewer, that’s a long stream of random data. Only that it’s not random! It has tons of useful info in there. Take a look at this great MS help article that breaks down what it all means and can help you troubleshoot your KMS server.

http://technet.microsoft.com/en-us/library/ee939272.aspx

This seems like something that shouldn’t need to be in a hotfix since it is basic functionality of a Print cluster but needless to say here we are. This hotfix will resolve several issues that result in you do something crazy such as failing over your print cluster to the passive node . Take a look and apply as needed to your environment. And by as needed I mean if you are running in this scenario, you will most certainly need it.

http://support.microsoft.com/Default.aspx/kb/976571

If your someone that ends up installing an OS quite a bit, maybe you like to keep your machine running clean, maintain desktops for your company, or you are tech support for everyone you know. Possibly your life resembles this comic http://theoatmeal.com/comics/computers (thank my better half for sending that @jalant for that).

This tends to be a process that someone would do after a Service Pack. However if you’d like to do it after testing some key hotfixes for your environment here is how you can maintain the latest Win 7 build on a DVD.

http://support.microsoft.com/Default.aspx/kb/2011542