To subscribe, visit http://www.minasi.com/nwsreg.htm. To unsubscribe, link to http://www.minasi.com/unsubs.htm. To change e-mail address, switch between HTML or text format, etc., link to http://www.minasi.com/edit-newsletter-record.htm. Visit the Archives at http://www.minasi.com/archive.htm. Please do NOT reply to this mail; for comments, please link to www.minasi.com/gethelp. Document copyright 2002 Mark Minasi.
Hello all --
Things are looking up; the audio seminar recordings are finally out and selling briskly, I'm working on a one-day XP support class and making progress on the second edition of the Linux book. In the tech section, you'll find some Active Directory troubleshooting -- learn how to keep your domain controllers from grinding their floppies, some more on DNS/AD troubleshooting, a free network sniffer, and a few other interesting items.
Back in November, I announced that I'd prepare and sell a version of my two-day seminar recorded onto CDs. After much work, it's finally done and ready for sale.
The idea is that if you can't afford a $1000 seat in a seminar or can't travel to a seminar then for US$225 ($125 if you've attended the seminar in the past) I'll ship you ten audio CDs and a 200 page book filled with PowerPoints that back up the the lecture on the CDs. You can then learn at your own pace or while doing other things -- listen while commuting, exercising or whatever.
The outline of the audio seminar is almost exactly the same as the two-day class. The flow's a bit different because clearly I can't do demonstrations in an audio CD in the same way that I can in a live class. So I've reworked the demonstrations with screen shots in the Audio Companion book to bridge that gap. But I think that one of the biggest selling points in this package is in the cross-indexing; permit me to explain.
Once I had the lecture in digital WAV format, I realized that I couldn't just dump it onto CDs; it needed to be organized into smaller chunks. So my buddy Gary Masters, who worked like a dog to assist getting the whole project done, went through the files and broke them up into roughly ten-minute segments. We then laid down those ten-minute segments onto CDs as audio tracks.
But what good is a segmented presentation without a way of finding your way around it? I had numbered every PowerPoint slide and referred to the number in the lecture, so that if you're listening to some discussion of Offline Files and the lecture refers to slide number 238 then it's easy to find the corresponding PowerPoint slide in the Audio Companion. But that only lets you refer from some random point in the lecture to a page in the book, which might not be what you need to find something. So I compiled a table of contents listing each track on each CD, as well as a description of what I discussed in each ten-minute track, as well as the range of PowerPoint slide numbers covered in that track. You can see that table of contents at www.minasi.com/audiosales/trackix.htm.
But that's not all. Each CD has the track list and the range of slide numbers covered on each track printed on the CD. And, finally, I went back and added a note to every PowerPoint slide telling you where to find the lecture associated with it so that if you're paging through the Audio Companion and see something that looks interesting, then you'll see on that slide a notation telling you where to find it on the CDs. For example, suppose you were looking at a PowerPoint slide labeled V4/T2; that would mean that you can listen to the lecture associated with that slide by playing the second track (T2) on the fourth CD (V4). Thus, you can use this audio seminar not only as a continuous start-to-end lecture series, you can also easily refer back later to any point that you need a refresher on.
I hope you'll consider picking up a copy of the audio seminar package. There's more information at www.minasi.com/audiosales. Thanks.
I know that training bucks are tighter -- that's one reason we created the audio seminar -- and so this year we put together the whole 2002 seminar schedule all at once so that you can see at a glance where we'll be throughout the rest of 2002.
Those are all the publics we'll be running this year, so if you'd like to get to one of my seminars then please plan to join us for a session.
Our two-day Windows 2000 seminars have been a lot of fun and the attendees have been great. Built atop the Fourth Edition, we add coverage of things even more up-to-date than that edition. Visit www.minasi.com/pubsems.htm to see specific session dates and locations, seminar outline, and how to sign up.
NOTE that every attendee to the seminar receives a copy of the new Fourth Edition of Mastering Windows 2000 Server!
Sybex's "Mark Minasi Windows 2000 Series" has a new member: Windows 2000 Enterprise Storage Solutions. I felt that the market needed a good book that focused on the specifics of storage, from the basics -- NTFS 5.0 enhancements, Removable Storage Manager, and EFS -- to the more complex, like Storage Area Networks, Network Attached Storage (SAN and NAS), RAID, cluster file systems. But I felt that it needed more than just coverage of the basic operating system, so the book includes a chapter on Exchange backup and recovery and SQL backup and recovery.
The problem was finding someone who understood all this stuff. I was fortunate to meet Peter Bruzzese. Peter at the time was working with CommVault, an enterprise storage vendor. Peter was at the time an instructor for CommVault, teaching people how storage technology worked and how they could use it to make their networks run better. Peter's presentation style is energetic, enthusiastic and, perhaps most important, clear -- he takes tough subjects and makes them childishly simple to understand. Peter had authored several other books with a colleague, Chris Wolf, so I asked them if they'd like to take on enterprise storage. They jumped at the chance and produced a great book.
At about 450 pages, this is a quick and and informative read. If you need to get smart on storage issues then I don't think you could find a better text than Windows 2000 Enterprise Storage Solutions. Find it at Amazon at http://www.amazon.com/exec/obidos/ASIN/0782128831/markminasi.
Speaking of Peter Bruzzese and Amazon, I was talking to Peter today and he commented that the sales rank of Mastering Windows 2000 Server was in the mid-hundreds at Amazon. I was surprised because the last time I looked it was at a lackluster 2600 or so. That's when I realized that Amazon is once again out to lunch. If you search for "Mastering Windows 2000 Server" then they will point you to the THIRD edition, which apparently they are still selling. (grumble grumble grumble...) My advice is to either buy it at Bookpool (http://www.bookpool.com/.x/zns4woh4x1/sm/0782140432), Readme.Doc (I referred to them last newsletter), or use this link to get it from Amazon: http://www.amazon.com/exec/obidos/ASIN/0782140432/markminasi; that will take you to the Fourth.
Enough marketing for one newsletter, let's do the techie stuff...
The other day, a friend complained that he'd started having trouble with his back while running. Without thinking, I said "check that your DNS server is configured correctly."
Well, okay, I'm kidding, I didn't really say that. But I think it might not be all that long before I do answer every troubleshooting question that way. Or at least every Active Directory-related question, because it seems that a very significant percentage of my reader troubleshooting questions boil down to simple DNS problems. I know that I've written about this before, but I keep getting so many letters about problems that people are having in setting up their ADs that in this article I'm going to put the solution in cookbook form, and then offer some insights.
Jack wants to set up an Active Directory to create a domain named bigfirm.biz. He's not 100 percent sure if he's got the DNS set up right, so he decides to just go for it and run DCPROMO on his first Windows 2000 Server. It seems to set up correctly, creating the first domain controller. So far, so good.
But then Jack tries to create a second DC for his domain. He runs DCPROMO and when he tells DCPROMO that he's creating a new DC on an existing domain, then DCPROMO asks him what account to use -- in other words, it's saying, "show me that you have an account with administrative powers on the existing bigfirm.biz domain." So Jack punches in the name and password of the administrator for bigfirm.biz.
DCPROMO thinks about it for a minute and pops up a dialog box saying "The domain does not exist or cannot be contacted," and stops.
Jack would see something like this -- not the same exact error message, but a similar one -- when he tries to join a workstation to his new bigfirm.biz domain. What causes this? DNS.
In both the case of trying to add another DC or trying to join a domain, you've got to log onto the domain to establish your credentials. But you can only log on via a domain controller, so your computer must find a DC to log you on. And how do machines find DCs under Active Directory? With DNS. Incorrectly configured DNS, then, is often the root of larger problems.
With that intro, let's move to the cookbook. Follow these steps and you can be assured that any problems aren't DNS problems. This assumes that you will be doing "split-brain" DNS, where you'll keep a separate set of DNS records for use in your AD's domain than your public DNS records. For example, suppose bigfirm.biz already exists and has its DNS presence hosted on some Unix server on an ISP somewhere. Now they want to do Active Directory and create an AD domain called bigfirm.biz. As AD needs DNS to rely upon, SOME server must host a dynamic zone with bigfirm.biz's name on it. Must Bigfirm snatch back its zone from the ISP? Certainly not. Let the publicly visible zone for bigfirm.biz remain on the ISP -- it's only got a few records in it anyway, probably for www.bigfirm.biz and Bigfirm's mail servers. No, instead we'll keep what I think of as "two sets of books" -- the public ones on the ISP, and a richer set inside our intranet.
That should do it. Set up any subsequent workstations or member servers the same way: their DNS preferences should only refer to DC1's DNS server. You can, of course, set up other DNS servers inside your intranet, make them secondary servers for bigfirm.biz, and spread the load around a bit by pointing some machines to one DNS server, others to another and so on. But all domain members or would-be domain members must point to a DNS server that is primary or secondary for the internal bigfirm.biz.
To summarize, then, here is the way to build a AD if you do not want the DNS zone that serves your AD to be publicly visible:
I know that most of you are not yet using Active Directory.
How do I know?
Because only a couple of you have asked me this question: "why does my domain controller grind the floppy drive every five minutes?"
After I applied Service Pack 2 to my systems, I noticed the behavior. One of my enterprise domain controllers and a few test DCs sit in the room where I write. I like my writing area to be quiet, or at least noisy to a constant level -- machine fans don't bother me. (Well, that's not really true. The fans on my Dell PowerEdge 500SC servers seem to make almost as much noise as a lawnmower. Hence, I only turn them on when I need them.) But after installing SP2 I soon noticed that some servers -- and I soon noticed that it was only DCs -- were trying to access the floppy drive. Yikes, I thought, I'm being hacked. So I ran my buddy Mark Russinovich's FILEMON program (it's free at www.sysinternals.com and while you're there, check out the very neat Windows 2000 Internals seminar that he and David Solomon are running in mid-June in Boston -- I'm going to be there to soak up as much knowledge as I can and if you need to know about the geeky details of 2000's innerds then that's the place to be) to find out exactly what process was trying to read the floppies.
The answer? Something called NTFRS.EXE.
Let's see, I thought, I know NTFRS, that does the File Replication Service. But I'm not using any fault-tolerant Dfs shares on these servers. Oh, wait, that's right, NTFRS is also used to keep the information in the domain's Sysvol shares consistent, and Sysvols only exist on ... domain controllers!
All of a sudden this starts to look a lot less like a hack and a lot more like a bug.
It took them a while, but Microsoft eventually admitted the bug (they didn't when I first asked) and now they have a fix. You can find it at Q307319. Unfortunately, Microsoft has stopped giving away these fixes. Apparently they only want to give them to you if you actually need them, in their opinion. So you might try calling the Microsoft $245-for-a-question line and tell them that you want the hotfix referred to in that Q article or at this URL: http://support.microsoft.com/directory/article.asp?ID=kb;en-us;Q307319. Now, let me stress that the article says nothing about the floppy grind. But tell 'em that you have DCs that grind the floppy disk every five minutes for no reason at all and that running OH.EXE from the Resource Kit shows that NTFRS.EXE is the program doing the grinding. Tell them also that the behavior started after you applied SP2. You should get the patch free then. Now, clearly I cannot control what Microsoft Product Support Services does, so don't yell at me if they charge you. And please don't e-mail me to ask for the patch, I cannot re-distribute it. (Sorry, but Microsoft's got more lawyers than I've got. Way more.)
Last newsletter, I talked about my experience where I'd accidentally left an FTP site open and some jerk created a directory for saving his stolen software. He'd used a trick that I explained that made the directory difficult to delete using the normal GUI methods, and offered an idea or two about how to fix it. Some of you wrote in to tell me of even sneakier tricks of the FTP-thieving dirtbags. An idea occurred to me also that you might find useful.
Apparently some of them actually create directories with names like COM1. That makes them hard to delete because, as you may know, COM1 is a "magic" name, as it refers to the first serial port. But, several of you told me, all's not lost.
For years, the Resource Kit has included some NT versions of old Unix utilities. Unix and Linux users may recognize the name "rm," as it's the Unix/Linux version of the "erase" or "del" command. As rm isn't aware of any of the "magic" directory names, apparently it can zap any "un-delete-able" directory, even one named LPT1 or COM1 or the like.
But another idea occurred to me. Remember that the trick that the thieves used to steal disk space relied upon the fact that NTFS drives maintain two names for every file or directory -- the normal long one that you see and the old "8.3" style name maintained on the off-chance that you want to run some old DOS app. The trick was that the normal long name could be something strange because the short 8.3 name was something more normal. You then used the 8.3 name to get a handle on the directory and zap it.
Now, personally I haven't run many DOS apps in the past few years save for the odd game, so I'm not sure I care if my drives support the 8.3 names. Then I remembered... there is a Registry setting that disables 8.3 names. Now, let me clarify -- disabling 8.3 name creation will not completely kill DOS or other old-style programs. What it'll do is make them unable to understand files with names longer than 8.3. For example, I tried installing and running Master of Orion, an old DirectX 2.0 game. All of its files are 8.3 format and it ran fine. You get the extra benefit that there's a bit less nonsense that the OS must handle whenever creating a file and less space required in MFT$ to store the file's information. I'm not 100 percent certain that this will stop the diskspace thieves, but I think it'll slow 'em down and insofar as I can see may well improve your system's performance just a trifle.
Make the change in HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\FileSystem, value entry name is NtfsDisable8dot3NameCreation. Set it to 1 (it's 0 by default) and reboot and your NTFS drives will no longer store 8.3 names. I have been doing this on my XP workstation (the machine that hosted the FTP site that had space stolen before) for several days and have not found any problems.
You may recall that an Active Directory requires that the first domain controller built in the first domain built be directed to a reliable time source. (Strictly speaking it's not the first DC in the first domain, it's the DC that happens to be the PDC emulator operations master in the forest root domain, but if by default that's the first DC in the first domain.) That machine is the machine that all other PCs in the forest look to when they need accurate time. You tell the root PDC emulator operations master what time server or servers to get its time from with a NET TIME /SETSNTP command.
I didn't mention this in the book, but the National Institute of Standards and Technology (NIST) runs a number of time servers. You can find a listing of them at http://www.boulder.nist.gov/timefreq/service/time-servers.html. You could, then, construct a command for your PDC emulator like
net time /setsntp:"time.nist.gov time-a.nist.gov time-b.nist.gov"
I ran across something pretty neat on the Net the other day. It's a free network "sniffer," a program that captures and displays information about every packet that goes by your machine on the network. It is very basic in that it lacks a complex parser to help you analyze those packets but if you can't afford the full-blown version of Network Monitor then you might find this useful. I found it at http://www.nextgenss.com/products/ngssniff.html. They say it's beta now and therefore free but for the basic things that it tries to do it seems to work fine.
I hope you'll join me for a seminar but if you can't attend a class then please consider attending one of these conferences:
The same folks that put on that Windows 2000/Exchange 2000 Connections conference in Scottsdale are coming to Palm Springs in early May of this year. I get to open the conference with a keynote and I'm also doing some breakouts; my "AD classic" talk (an overview of Active Directory with Whistler updates), an explanation of what Windows XP and 2002 will do for (or to) you, and my "DNS Fundamentals" talk.
Find out more at www.winconnections.com.
The searchwin2k.com folks (who run a great portal offering tons of Windows 2000 information as well as jumping-off points to other great resources) have put together an interesting conference in The Windy City early this November, but world events have prompted them to move it to May. (Better time for good weather in Chicago anyway.) John Enck, one of my former co-workers at Windows NT (now Windows And .NET) magazine, will be offering his unique perspectives, as will Laura DiDio -- Laura's been an NT industry watcher for as long as I can remember. They'll also have geek talks, including my look ahead at .NET Server (and what will be by then a look BEHIND to XP) as well as an AD/migration talk.
Interestingly enough, the conference is free. Free, that is, if you meet their criteria and no, I don't know what those criteria are -- but it only takes a minute or two to apply. Give it a shot and perhaps I'll see you at the Chicago Hilton!
Find out more at http://www.windowsdecisions2002.com/.
Every geek's favorite conference emcee, George Spalding, is in charge of this year's Support Services Conference and Expo in San Diego. I'm keynoting with my talk Why Bad Software Happens To Good People. I'm also doing my Future of Windows talk as well as teaming up with George for "Computer Networking 101," a sort of cross between improv and education. Top it off with Tech Support Jeopardy and it's gonna be a great show. Heck, they even have GOOD speakers like Todd Lammle, Roberta Bragg, Gene Ball, Rae Ann Bruno, Sandra Simpson lots of other folks who know a lot more about running a help desk than I do. More info at http://www.key3media.com/support-services/.
A terrific show that I'd attend even if they didn't pay me to be there. It's got great sessions and is in San Diego this September. Info at www.techmentorevents.com. For the past two conferences that have offered you the opportunity to take any Microsoft cert test for half price, so on the off-chance that you didn't see any sessions that you wanted to sit in on (an unlikely event!), then you could take a test. They even ran tests until about 9 at night.
I'm doing "Securing Your Network -- A Dozen Tips," "Troubleshooting Group Policies," and "Tuning Windows 2000/XP/.NET Computers" as well as a general session. If you can make it then I surely hope to see you there!
I'm keeping busy doing Windows 2000/.NET Server seminars and writing, but I've still got time to visit your firm. In just two days, I'll make your current NT techies into 2000/.NET techies. To join the large educational, pharmaceutical, agricultural, aerospace, banking, government, transportation, and other organizations that I've assisted, either take a peek at the course outline at www.minasi.com/w2koutln.htm, mail our assistant at Assistant@Minasi.com, or call her at (757) 426-1431 (only between 9-5 Eastern time, weekdays, please).
Have a quiet and safe month. Summer's busting out here, get out and get some sun! (Well, if you live in the Northern Hemisphere, that is. Apologies to those below the equator.)
Next month, I'll feature a few articles on digital imaging -- how to choose the number of megapixels in a camera, and some information on an interesting technology that most of the world knows about that Americans generally don't know much about -- video CDs or VCDs. (There will be network stuff, too, fear not.)
Please share this newsletter; I'd like very much to expand this newsletter into a useful source of NT/2000/.NET Server/XP information. Please forward it to any associates who might find it helpful, and accept my thanks. We are now at over seventeen thousand subscribers and I hope to use this to get information to every single Mastering XP, NT and 2000 Server reader. Thanks for letting me visit with you, and take care -- my prediction is that the economy will roar back by September, so polish up those resumes! Many, many thanks to the readers who have mailed me to offer suggestions, errata, and those kind reviews. As always, I'm at http://www.minasi.com/gethelp.
To subscribe, visit http://www.minasi.com/nwsreg.asp. To change e-mail, format, etc., link to http://www.minasi.com/edit-newsletter-record.htm. To unsubscribe, link to http://www.minasi.com/unsubs.asp. Visit the Archives at http://www.minasi.com/archive.htm. Please do NOT reply to this mail; for comments, please link to http://www.minasi.com/gethelp.
All contents copyright 2002 Mark Minasi. You are encouraged to quote this material, SO LONG as you include this entire document; thanks.