Bigbio2002's questions

As our organization is slowly rolling out Windows 10, I made the observation of a DirectAccess GPO linked to the Windows 10 PCs OU (which contain internal desktops, laptops, and even VMs for VDI). This GPO was identical to our standard DA GPO, except it was scoped to Authenticated Users, instead of a "DA PCs" security group. I pointed out this oddity to our senior admin, and interestingly, he says that because Windows 10 supports DirectAccess, it should be enabled just because we already have it set up.

I see several problems with this, but the major one would be increased load on the DirectAccess server from clients who don't even need it. Is deploying DirectAccess to all clients a reasonable design choice, or is it bizarre? What are the benefits/drawbacks of doing so?

We are currently working on implementing a DR strategy for a windows file server. We have ruled out Storage Replication because it is a preview feature, and Failover Clustering is designed for high-availability, not DR. DFSR also has deficiencies in replicating open/locked files, making it unideal for the task.

SAN to SAN replication of the file server VM seems to be the best method to me, though I've been cautioned against that due to the fact the replication is a raw copy that is not coalesced at a higher level, possibly causing inconsistencies in the filesystem or corrupt files. However, this fact is true of any server replicated in this method, and this is the method being used for other servers in our DR plan. VSS/Previous Versions could always be used to restore any corrupt files also.

Do the benefits of doing SAN replication outweigh the risk that files may be corrupt? Or is there a better method of doing DR for a file server? Perhaps there's a product that performs a higher-level replication/snapshot that minimizes logical inconsistencies in the data?

Note: the cluster is running vSphere 5.5

Here are two slightly different, but similar scenarios:

1. There is an S:\ drive mapped to \\server\share. A DFS namespace is then implemented, with S:\ changed to \\domain.local\dfs\share (which is pointing to the legacy share). Now, some files with linked/embedded files and various applications act weird and malfunction. To note, these embedded file links (ex. linked Excel tables) point to the legacy share, while the parent file is opened from the DFS share.

2. There is a PST for a POP/IMAP account located in My Documents. Documents is then Folder Redirected to a network share. Now, Outlook has trouble accessing the PST associated with the account, despite the fact that the Data Files tab indicates the correct network path for the file (\\server\share\user.name\Documents\outlook.pst). Outlook loads, but it claims the PST cannot be found, hence the Inbox for the associated account cannot be viewed. *

*Turns out this was a specific known issue. I'll post a link later

Why do things "break" when performing these types of redirection, even though the path to the files is still the same from a front-end point of view?

We are currently working on implementing a DR strategy. Instead of SAN-SAN replication, it has been decided to have 2 live file servers replicating via DFSR. However, I don't know whether or not this is a good idea.

Example: DFS does not replicate locked files. Let's say a user has a spreadsheet open for weeks. They do save periodically, but the file still remains open. Then, the active file server goes down and users are redirected to another server, where the file hasn't been replicated.

Is there a way to mitigate that scenario? Am I misunderstanding something? Or is DFSR not designed to be a DR technology?

Edit: What other deficiencies does DFSR have in a DR context, other than my example above?

On a user's laptop (Windows 7 x64), terrible performance led me to suspect a rootkit after ruling almost everything else out. I checked boot entries with Autoruns and ran a full scan with Malwarebytes, and both came up more or less clean. I downloaded RKR, unzipped, ran as admin, but it would not open. I opened the task manager to check and tried reopening the program. Sometimes the process wouldn't even show. Sometimes it would show for ~10s with a fixed amount of memory listed, and then die. Once, I got to the Sysinternals licence agreement, but it died after that. Tried renaming the EXE, no dice. Tried safe mode, no dice.

One thing I haven't done is check the event logs, which I should probably do. Besides that, what mechanism could potentially cause RKR to fail to start? Or is my system likely compromised, requiring a nuke from orbit?

We are trying to set the TTLs for a select set of servers to a low value (1 minute). That's the easy part, and has already been done manually. However, I'm concerned about what will happen if the record becomes stale/scavenged for whatever reason, or the server updates it and resets the TTL back to the default, so I want to make this more permanent. I have a few questions...

How does the Minimum Default TTL value under the SOA function in Windows? In another post, it's mentioned that the canonical behavior of this value has changed. Does this also apply in Windows?

My Minimum Default TTL value is set to 10 minutes currently, but all of the A records that were registered by clients are set with a TTL of 20 minutes. How is the TTL set per record under Windows? Does the client request a value, or is this determined by the DNS server? In either case, how is it changed?

At a location with limited cabling, I've had to set up WiFi signal extenders to cover the whole area. Here is a crude diagram...

Internet - WiFi/Gateway - Extender 1 - Extender 2
                |                          |
          PC (ethernet)               WiFi device

I was able to successfully daisy-chain three together, and I can access the internet from WiFi devices connected to the farthest extender. Is this a supported configuration? If not, what kind of issues can arise from it? The reason why I ask is that the PC keeps reporting IP address conflicts, and I'm wondering if that's caused because of the way this is configured.

Additionally, I noticed that the extenders named their own SSID similar to the one they are connected to, but with a suffix. Would there be any issue in naming them all with the same SSID, to enable seamless roaming as you would with multiple standalone APs?

We have a folder for employees to scan contracts to. After scanning, they're supposed to rename them according to our conventions so they can be processed further. In response to a recent incident, these folders have had their security locked down (they're granted write, but not modify, permission) and now they are unable to rename the files.

Is there a technical way to accomplish what I'm trying to do? From what I've read, I don't think this is possible.

If not, can you suggest any workarounds? One possibility is to set the name of the file as it's being scanned in. Another is to have a trusted person in management be given sufficient permissions to rename.

My VMs are configured to save state, and restart if previously running when the host server is rebooted. All of the VMs start up upon reboot... however, some of them start from a cold boot, and not from a save state resume. Why is this occurring? I've searched for any relevant hotfixes, but I couldn't find any. The host is Server 2008 SP2 x64. I can't find a correlation between which guest VMs fail to properly resume, sometimes they do and sometimes they don't.

Our network switches have STP enabled, and I see that my APs have an option to enable STP as well. The purpose of STP is to prevent network path loops, but the AP only has one connection back to the switch, and only one connection to each client. Why would I want to enable STP on an AP, or would enabling it be moot?

Some devices, such as servers and high-end switches have dual PSUs/power inputs, which can then be hooked up to separate UPSes, which are hooked up to separate power circuits (correct so far, right?).

However, many devices, such as standard switches, only have a single power input. This is problematic, because in a scenario where Circuit #1 fails, your servers might still be running off of Circuit #2, but your whole network infrastructure is down because it's also on Circuit #1.

How can power redundancy be set up for devices with only one power input (maybe via a power strip-type device with dual power inputs in itself)? Or would one have to specifically buy devices which are built with that capability in mind?

Background: I'm in a noisy environment, and I'm trying to optimize my WiFi network to have a more stable connection for the somewhat high volume of users (~50-75 on a busy day). There are 4 APs, and I've already adjusted the channels and transmit power, and overall I have fairly decent coverage. However, I still get about ~10% packet drop when pinging Google and walking around the building, roaming from AP to AP.

In most WiFi APs I've seen, the default RTS Threshold is set at 2347 (from what I've read in various places, this setting counts as "disabled"), and Fragmentation Threshold is set at 2346. My particular brand of router is set at 2346 and 2346. I have several questions...

1. Where is the value of 2346 derived from? It seems somewhat arbitrary, however, the notes for Frag. Threshold indicates that it needs to be over 256 and an even number.

2. How are the RTS and Frag. Thresholds related? Their values can't be coincidence.

3. If modified, should they be changed together?

4. What's a safe value to try lowering them to, for starters?

My priority is not necessarily getting peak bandwidth for each device, but giving users a stable, consistent bandwidth/connection.

The "default" VLAN is VLAN 1, and traffic over ports are Untagged by default (at least, in the switches that we use). We've created VLAN 2 and marked the necessary ports as Tagged, and it's working beautifully. However, all of the ports that I did not Tag are blank/non-members by default. What is the difference between having a port Untagged vs. being a non-member for the VLAN?

I'm shopping around for some new Wi-Fi routers, and the Cisco Aironets look pretty good. There are some differentiating features between the models; in particular, the 1260 is designed for "challenging RF environments" (via the ability to add antennas, apparently), versus the 1140.

Now, my office is in NYC, which is heavily congested in just about every imaginable way. My iPod picks up ~10 WiFi SSIDs near the main access point, and you can assume that everybody and their brother is using their iPhone along with god-knows how many other devices, on both WiFi and 3G/4G. On a worst-case scenario, let's say that I'll have 50-100 people connecting to this particular access point. Does this constitute a "challenging RF environment", or is this a fairly typical, non-extreme load? More practically, does this justify the additional expense of getting the 1260?

Note: there are 3 other access points at various places in the building, but the one in the lobby will be the most heavily-used one due to its location.

I'm trying to access a server on my LAN via its public IP address. External clients can connect just fine, but I'm unable to do so from within the LAN. There is a separate rule in the NAT settings of my gateway (which translates subnet addresses to the public interface IP, but is otherwise identical), but it doesn't appear to be working properly.

How would I correctly set things up to access a local resource via a public IP address?

Earlier this morning, store.exe fuzzled up in one way or another, which necessitated a restart of our Exchange server. It came back online with no errors or problems, all the transaction logs replayed successfully, and all the stores mounted as normal. To me, it was just one of those random crashes; however, our consultant suspects it was caused by corruption in one of the stores. Perhaps he's correct, since he has far more experience than me, but that's not the point.

To fix the suspected errors, he's planinng to run an ESEUTIL defrag (via PerfectDisk) to fix them, which he claims will also fix any errors present.

From what I understand, defrag, verify, and repair are 3 separate actions, and a defrag does not imply any kind of integrity check. Is this correct? Are there any dangers of running a straight-up defrag on a database that might be corrupt?

Edit:

Here's the first error in the event log, which indicated the start of the problems we were having. Anyone know what it might indicate?

Event Type: Error
Event Source:   Microsoft Exchange Server
Event Category: None
Event ID:   1000
Date:       11/23/2011
Time:       8:15:47 AM
User:       N/A
Computer:   SERVER
Description:
Faulting application exsp.dll, version 6.5.7638.1, stamp 430e735b, faulting module kernel32.dll, version 5.2.3790.4480, stamp 49c51f0a, debug? 0, fault address 0x0000bef7.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 00 70 00 70 00 6c 00   A.p.p.l.
0008: 69 00 63 00 61 00 74 00   i.c.a.t.
0010: 69 00 6f 00 6e 00 20 00   i.o.n. .
0018: 46 00 61 00 69 00 6c 00   F.a.i.l.
0020: 75 00 72 00 65 00 20 00   u.r.e. .
0028: 20 00 65 00 78 00 73 00    .e.x.s.
0030: 70 00 2e 00 64 00 6c 00   p...d.l.
0038: 6c 00 20 00 36 00 2e 00   l. .6...
0040: 35 00 2e 00 37 00 36 00   5...7.6.
0048: 33 00 38 00 2e 00 31 00   3.8...1.
0050: 20 00 34 00 33 00 30 00    .4.3.0.
0058: 65 00 37 00 33 00 35 00   e.7.3.5.
0060: 62 00 20 00 69 00 6e 00   b. .i.n.
0068: 20 00 6b 00 65 00 72 00    .k.e.r.
0070: 6e 00 65 00 6c 00 33 00   n.e.l.3.
0078: 32 00 2e 00 64 00 6c 00   2...d.l.
0080: 6c 00 20 00 35 00 2e 00   l. .5...
0088: 32 00 2e 00 33 00 37 00   2...3.7.
0090: 39 00 30 00 2e 00 34 00   9.0...4.
0098: 34 00 38 00 30 00 20 00   4.8.0. .
00a0: 34 00 39 00 63 00 35 00   4.9.c.5.
00a8: 31 00 66 00 30 00 61 00   1.f.0.a.
00b0: 20 00 66 00 44 00 65 00    .f.D.e.
00b8: 62 00 75 00 67 00 20 00   b.u.g. .
00c0: 30 00 20 00 61 00 74 00   0. .a.t.
00c8: 20 00 6f 00 66 00 66 00    .o.f.f.
00d0: 73 00 65 00 74 00 20 00   s.e.t. .
00d8: 30 00 30 00 30 00 30 00   0.0.0.0.
00e0: 62 00 65 00 66 00 37 00   b.e.f.7.
00e8: 0d 00 0a 00               ....    

We have Dell servers running Windows with Perc 5/E, 6/i, 6/iR, etc. controllers. Each controller has 256MB of cache and a battery, so I turned on Write Back on the controller and turned off caching on the physical disks, for performance and data safety respectively. However, I am unsure of what to set the Read Ahead settings to for these workloads. I'm leaning towards Adaptive Read-Ahead for everything, because we don't really have any specialized or intense workloads. Let's say I have a...

2x 250GB SATA disks in RAID-1 with a stripe size of 64KB

• runs a file server for ~15 users, print server with ~5 printers, DHCP, DNS, and that's about it

Also, let's say I have a...

14x 750GB SATA disks in RAID-6 w/64KB stripe

• big DAS unit for backups

Finally, let's say I have a...

6x 450GB SAS disks in RAID-10 w/64KB stripe

• running various VMs (WSUS, file server for 25+ users with some large media files that also replicates off-site, email archiving, Sharepoint, and many more!)

What Read Ahead setting would be suited to these?

I'm reading Learning Exchange Server 2003 by Boswell, and there's a section in there that mentions that a disabled account in AD cannot receive email and that it will be bounced back. Currently, what usually happens when a person leaves our company is that the account gets disabled, moved to an archive OU, and the email is forwarded on the Exchange General tab to someone else. It appears to have been working all this time, but I'm wondering why the book would say otherwise... We are using a single Exchange 2003 SP2 server.

Under what circumstances would a disabled user account cease to receive email?

I have a server with 3 hard drives installed, and a total capacity of 6. We're planning to max it out, but our consultant also suggested getting a second RAID controller "for redundancy" to support the new drives. To me, this doesn't make much sense. Even with a second RAID controller running half of the disks, we're still stuck with only half of our disks/programs/data if one of the controllers dies (which isn't much better than running with none). We're putting vmware on the server and he vaguely mentioned some advanced fault tolerance/failover features, but if the disks are inaccessable due to a failed controller, how is it supposed to work?

Counting only reasons for redundancy, not performance, why would I want to have a second RAID controller in my server?

How does the computer know which device on the network to query? How does the default gateway factor into this? Pretty much, what is the chain of events that occurs when a computer tries to obtain an IP address using DHCP?

The reason I ask is because I'm trying to figure out how to best set up a redundant DHCP server, in case the original fails for whatever reason.