With a new year comes a new budget and new projects. One of my favorites this year is going to be some Vmware experimentation. We’re planning on combining the functionality of one of our sets of branch servers into a single physical box. The benefit being that we can do this at half the hardware price.

Another advantage this year is that I’m taking a step up in technology. I was able to purchase a Windows Server 2008 R2 Volume License. One of the catches to upgrading to Server 2008 R2 is that it is 64-bit only. Our DC’s are pretty old. I’m reasonably sure that most of them are 64-bit capable, but they were installed back when Windows Server 2003 was top of the line. There’s no direct upgrade path from Windows Server 2003 32-bit to Windows Server 2008 R2 64-bit. For those of you who may not know, this jump is like going from Win XP to Windows 7. Windows Server 2008 is built on Vista technology, while Server 2008 R2 adds technology and functionality from Windows 7.

Unless I can completely reformat my boxes, I can’t load them with Windows Server 2008 R2. For some of my machines, especially the DC’s, I can pretty much reload them with impunity because every other DC has a copy of Active Directory on it. However, in the case of an application server, I wouldn’t be able to do that without having to restore the applications on it. Luckily, my Exchange Server is new and I installed it on Server 2008 R2 last year. However, things like my Configuration Manager Servers and Web Servers aren’t as lucky.

While I may not be able to upgrade these older servers to Windows Server 2008 R2, I may be able to upgrade them to Windows Server 2008 32-bit. This would come down to a case by case basis; and would also depend on what new functionality that upgrade would give us.

I’d like to blast Java off my network, however there are many sites and applications that depend on the quirky, unreliable programming framework. I’ve tried both Java 7 and Java 7 Update 1, neither of which appears to have the polish I’d like on them.

My biggest problem is the auto-updating feature. I have 500 public PC’s that run on limited user accounts, and when either version of Java 7 is installed, the users receive an administrative elevation prompt when the system logs on. It creates confusion and just isn’t detail conscious.

My second issue is that everyone wants their site to work on my PC’s. An example is the blackboard education site for Kent State. Up until a few weeks ago, it would not function with IE9, and it needed Java 6. Without these two conditions met, the site would freeze IE. I try to be security conscious and on the cutting edge, to protect the security of my network and the privacy of my users. However many sites, especially government sites, rely on antiquated versions of software. FAFSA filing is a good example. They still require IE8 even though IE9 has been out for more than a year. I have neither the manpower, nor the time to make my computers compatible with every site on the internet.

Uninstalling Java 7

Java is one of those programs that, instead of upgrading in-place, it installs a new copy of itself when you update. So you could literally have 5 revisions of java installed on your machine. If I want to have a specific version of java installed, I’d have to uninstall all previous versions and reinstall the one that I want.

Luckily for us, there’s an easy way to do this, using the registry and the program Msiexec. First, we’ll have to dive into the registry. Open the registry using the Regedit command. Navigate to the HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall key. You’ll notice a bunch of program ID’s listed under this key. You’re looking for keys that start with “{26A24AE4”. All the entries for Java will start with these numbers.

We can use Msiexec.exe to uninstall all of these versions of java using the command “msiexec /x {Program ID} /qn /norestart”. We’ll start building a batch file, including a similar line for each version of java listed under the uninstall key. We’ll also include the “start /wait” at the beginning of the line to signal that we want the command to complete before running the next one.

Next, we’re going to want to run the installer for the version of java we actually want on the machine; in this case, Java 6 Update 29. We’re going to include the “/s /qn” switches for silent install. We’re also going to use the special parameters “ADDLOCAL=All IEXPLORER=1 ALLUSERS=1 JAVAUPDATE=0 AUTOUPDATECHECK=0 SYSTRAY=0 WEBSTARTICON=0”. We’re installing in IE for all users. We’re disabling auto-update, and we don’t want the web icon to show when running java stuff.

The final step, is to make sure that the auto-updater is not started when you log on. Go back to your Regedit and navigate up a little bit to the key HKLM\Software\Microsoft\Windows\CurrentVersion\Run. If the auto-updater is installed, you’ll see a value listed under this key called “SunJavaUpdateSched”. We want to remove this key. We can do this by adding a “Reg Delete” command to our batch file. The full command is “start /B reg delete "HKLM\Software\Microsoft\Windows\CurrentVersion\Run" /v SunJavaUpdateSched /f”.

I’ll add in a parameter to the batch file to handle 32-bit or 64-bit and my final batch file looks a little like this:

When you run the batch file, it uninstalls previous versions of java, reinstalls the desired version, and then disables all form of auto-updates.

I recently walked into the local Best Buy to purchase a serial cable. I found all sorts of overpriced HDMI, USB, and VGA cables; but there’s no serial cable to be found. It reminds me of just how much shopping for IT equipment has changed.

When I was growing up, I remember hitting the local CompUSA with my dad; that was my primary store for computer buying. They had a wide array of add-on cards, cases, processors, memory, and everything else that you’d want.

CompUSA is gone, Radio Shack, or “The Shack” as it’s called now is basically a cellphone store. Best Buy has barely sells any computers; it’s all cellphones, tablets, and TV’s. They have one or two desktops, a few laptops, but mostly mobile devices.

The best place I’ve found to buy computer components is Microcenter; unfortunately, the closest one is about an hour north. I was amazed with the shelves of raw hard drives and the stacks of motherboards and cases. It’s the closest that I’ve seen in person to Newegg.

My Dad gave me my start with computers. When I was a kid, he bought us a 386SX (my first actual computer was a Commodore 64). I’m sure it cost him a little bit, but I think that he knew that computers would be big in the future, he was right. He helped me upgrade the system over time. We added a new CD-ROM, sound card, video card, RAM, hard drive. I learned how to install and configure these, back in the day before plug and play. It was a huge foundation for what I do today, arguably more important than even what I learned in college. I’m thankful to my Dad for exposing me to computers when I was little. In a sense, it helped decide what I would do for a living. I couldn’t really be an engineer like him (I’m not made for that), but my Dad still had a big influence on the career that I eventually chose.

Updating Your Windows Servers

Keeping your servers and clients updated is one of the hardest tasks for an Information Technology Pro. There are two ways of going about this .You can manually run windows update, which becomes a tedious and regimented process, or you can set up some mechanism to automatically update your systems. The problem with this second approach is that automation inherently fails. Many people set up an automated process, and then never check back up on it until it’s too late and something has happened, or their servers are so out of date that they get compromised.

Make no mistake, whichever option you choose, it’s your responsibility as an Information Technology Pro to check up on your process and make sure that your systems are getting updated.

Slow and Steady Wins the Race

I worked for a company a few years back that was a little backward. I eventually left because their options of IT were not in-line with mine. In many ways, their IT desires were very backward and status quo. I like to be on the cutting edge, evaluating new products.

I was told at this company that “IT should be seen and not heard. If I see you or hear you, you’re not doing your job.” Likewise, any attempt to reform their backwards IT practices was rebuffed. They kept a sheet in the office that had every employee’s login and password on it. The sheet was stapled to the wall. Seriously, this is not the way to do things.

They were very big on me manually doing everything. A problem that I had with them was that they wanted me to start every morning, before the regular employees started, and laboriously run individualized updates on each computer. This was really a lot of extra time that required me to be in way early and something that I could easily make obsolete with a little modern technology.

Mechanisms to Auto-update

That’s one way of doing things. Manually updating works, I won’t dispute that. But the problem happens when you go from a network with 5 computers, to a network with 1,000 computers. You can’t manually update a network that large, or maybe your network includes multiple locations. With a limited IT staff (nobody with that many locations is going to have dedicated IT staff for each one), you physically can’t maintain this update cycle.

Microsoft has implemented two ways of automatically updating computers. The first is, you can set the operating system itself to automatically run updates. However, this bypasses a network administrator’s power to vet updates for any problems they may cause.

This brings us to Windows Server Update Services (WSUS) and by extension System Center Configuration Manager (SCCM); which uses WSUS on the back-end.

WSUS provides a mechanism to approve updates and then uses Group Policy Objects, or the SCCM Client to control the specifics of update deployment. Using these software tools, you can approve updates, track deployments, and manage compliance from behind the scenes. For a large network, this is great. WSUS is freely available to anyone who’s already running Windows Server (so any business can implement it) and larger companies will be able to utilize it through SCCM.

Troubleshooting SCCM Update Deployment

No automatic update process is failure proof. As I’ve stated, it’s your responsibility to your organization to monitor and track how your update process is functioning. I noticed recently, while checking server logs, that part of my update process had failed. The SCCM Status was saying that the WSUS Configuration component was in a failure state. To fix this, I had to reinstall WSUS and the Software Update Point feature of SCCM. This time, instead of directing WSUS traffic through the default port 80\443, I decided to direct it through the alternate default ports recommended for SCCM by Microsoft, which are 8530 and 8531. I noticed that after doing this, my servers were still not installing updates as published.

The Joy of SCCM Logs

Configuration Manager maintains client-side logging of its operations. By default, SCCM logs are contained in the directory C:\Windows\System32\CCM\Logs or C:\Windows\SysWow64\CCM\Logs (depending on your OS type). The log WUHandler.log is the log file for how SCCM links in to Windows Update. When looking at this log, I noticed that the log indicated that Windows Update traffic had been stalled for a while. At the time, the log file was about a month behind.

My first thought was to go in and repair the Configuration Manger client. You can initiate a repair by selecting the Computer Management icon in your control panel, and then selecting the repair option from the Components tab. This resynchronizes the Configuration Manager client with your server.

I investigated the WUHAndler log a little more, and I kept seeing this line “Group policy settings were overwritten by a higher authority (Domain Controller) to: Server and Policy NOT CONFIGURED”. Following this, the Windows Update handler would try to change the WSUS port from port 8530 back to port 80. This mystified me because there’s no GPO in place setting this, and SCCM should be statically setting the server address and port. This error indicates that some setting within a GPO was affecting my update settings.

I searched and searched and could not find a currently applied GPO with this option enabled however there were a few old objects with WSUS settings. I’m pretty much a Group Policy expert. What I ended up doing was adding a new GPO that adds settings for Windows Updates and points to the correct port, when I did this, the log file updated to show that the windows update server was already set to 8530 and did not need to be changed. Following this, my windows updates FINALLY started flowing again.

Conclusion

This was a really long explanation to tell you the proper way of updating your network, and to highlight that just because you’ve created an automatic deployment system, you need to be careful of the details and monitor your system to make sure that it functions as intended.

Information Technology is more than just hardware and software. It’s about problem solving. Our co-workers come to us with problems, and it’s our job to find a solution to those problems using our skills and abilities. A consciousness for details and good problem solving skills are an essential addition to a good Information Technology professional’s toolbox.

Forget Patent-gate and forget Moogle (Google-Morotola); the latest bit of Technews is that Venerable PC titan HP is ditching both the mobile front with WebOS as well as the consumer PC biz. They’re trying to pull an IBM\Lenovo and spin off their Personal Computer Group.

People who know the history about their current CEO, Leo Apotheker, probably saw the writing on the wall. He’s a software guy, coming from big software and service companies. It’s obvious that the people running HP at the time were looking to transform the company from a hardware giant, into more of a software role. Software brings with it much larger profit margins than hardware.

WebOS

We all know that there are two major mobile OS suppliers; Apple and Google. Microsoft is trying their best to break in after the dismal failure that was Kin (which itself bares a lot of resemblance to how HP is handling the death of WebOS). RIM tried their hand with the playbook and now HP has marked WebOS for death after such a little time in the market. I was shocked to hear this myself.

It seemed like HP really wanted to be a big player in the mobile market when they purchased Palm, who has a big history with mobile devices. Palm used to be the number one name in Personal Digital Assistants (PDA’s, remember those :snicker: ). It was almost a status symbol a decade ago when you had a company Palm. They were a big name, and then HP bought Compaq, maker of the iPaq and Palm, and it seemed like they were really in a position to compete with Apple and Google. The Palm Pre has an awesome OS. Imagine what they could do with a tablet, right.

We’ve seen a lot of big commercials; full of celebrity endorsements. It seems like HP had to chop the price out of the gate $499 to $399, but let’s face it, it was overpriced to begin with. It doesn’t feel like the WebOS devices have been on the shelf long enough to determine success of failure. Our HP sales guys were just here last week pushing this stuff, and now we hear its being pulled. I’m really disappointed.

Hardware is so Yesterday

It seems like all the big American companies are trying to divest of the hardware, because hardware doesn’t make money, not as much as software. HP is trying to transform themselves into a software and service company instead of a consumer hardware vendor. Their actions echo the same thing that happened between IBM and Lenovo.

HP’s move out of mobile is one thing, but they’re also trying to make a move out of the traditional consumer PC business that helped to build their company into what it is today. I think the reality is, they’re trying to shift money out of what’s a dying platform. Yes, I said it, PC is a dying platform. Within the next decade or so, much of the traditional PC market is going to be replaced by mobile devices. The traditional desktop computer is going to turn more into a transforming tablet dock.

I think that getting out of the business now is a great idea. The market is flooded with PC’s, they’re not going to make any money in a flooded, stagnant market. The growth seems to be in software as a service (SaaS). The people in charge of HP seem to be restructuring the company to where it will gain the best revenue.

Required Reading

The News Direct From HP - http://torbin.me/6A8A24D66FF96
Discontinues WebOS (via Arstechnica) - http://torbin.me/D74DD1AD6B884
HP Focuses on SaaS (via Arstechnica) - http://torbin.me/CC9F08BC5FADE