Not Good Enough

I had to update a Windows 2003 server that hadn’t been updated in a fair while. The server gets its updates from WSUS. Each time I clicked on the Windows Update icon in the task bar Windows went off and downloaded and installed updates from the WSUS server (including Service Pack 2). After the updates had been installed I was invariably asked to reboot the server. After each reboot there would be more updates to install.

So far I have had to reboot the server five times. That means that its gone off to WSUS and downloaded five sets of updates (actually six, it also downloaded and installed the latest RDP client but that didn’t require a reboot).

Why do I need all these reboots? Why do I have to update it multiple times? Why can’t it download and install all the required updates together – like Linux does? If this server had been running Red Hat or Debian or Ubuntu I would have only needed to update once – and rebooted once. Instead it’s taking me hours.

It’s just not good enough!

I have a PC running the 64 bit edition of Windows 7. The PC has an ATI Radeon HD 2400 Pro with two 19″ HP LCD screens attached. I have a problem where the left screen reports no signal in the following scenario:

1. The screens are put to sleep by Windows
2. I connect to the computer using Remote Desktop

Some time later when I attempt to use the computer the left screen doesn’t appear to wake up. The screen itself reports that it has no signal. The right screen works – I can see the mouse cursor. The only way I can resolve the issue is to restart the computer (via a remote restart of windows using the shutdown command).

I have a colleague with an almost identical PC . The only difference is that he has an Intel graphics card. He doesn’t get this problem.

I have tried the latest ATI drivers but it made no difference. I have also tried an update from Microsoft which didn’t fix the problem either.

It’s just not good enough!

Update: A workaround is available at http://www.tipsandscripts.net/archives/68

I have an ATI Radeon HD 2400 Pro video card. Back in October I attempted to install the latest ATI drivers in the hope that it would resolve a problem I was having (I was previously using the drivers that came with Windows 7). I downloaded the lasted driver at the time (9.9) from the ATI website and then ran the install. Imagine my surprise when I got the following (sorry about the image quality, I used the camera on my phone):

BSOD when installing ATI Drivers

It turns out that I wasn’t the only one getting these blue screens of death. I think it’s totally unacceptable that a major hardware vendor can release drivers or software that cause a BSOD of death during install. Don’t they test these things?

Since then ATI have released newer drivers. I have successfully managed to install version 9.11 – although it didn’t fix the problem. However. that doesn’t change the fact that ATI released drivers that not only wouldn’t install, but crashed Windows.

It’s just not good enough!

BlueCoat PacketShapers can be configured individually, or from a central management server called PolicyCenter. If you have more than a few PacketShapers it can be easier to use PolicyCenter.

PacketShapers have a hierarchical configuration – the class tree. Each class has a 31 bit unique ID – the iqosClassID attribute. If you’re using PolicyCenter you can create hierarchical configurations that your PacketShapers can inherit. So, you might have somethink like:

MPLS-Sites/SanFran/sfps01

where sfps01 is a PacketShaper, and MPLS-Sites and SanFran are configurations. A setting in MPLS-Sites will be inherited by SanFran and  then by sfps01. A setting in SanFran will be inherited by sfps01. Of course, a child configuration can override a parent configuration.

When you create a class in MPLS-Sites it automatically gets given a Class ID. The problem is that PolicyCenter does nothing to make sure that the Class ID created is unique. So, you may create a new class in MPLS-Sites and end up with an error like

Configuration error in /MPLS-Sites/SanFran/ZAJNBA/204-10000111, object /Outbound/NewYork, attrib iqosClassID = “1208514799″, 1208514799 is already in use by class “/Outbound/VoIP”.

It’s just not good enough!

Cisco Unified Communications Manager v6 (formerly called Call Manager and then Unified Call Manager) can synchronise its user list with Active Directory (it’s actually a one way synchronisation), and can authenticate users against Active Directory. It does this using LDAP. That’s no surprise and pretty standard. Unfortunately, it doesn’t allow you to specify any search filters. You specify the base DN (or multiple base DNs) and that’s it. It seems that if an account in AD has a first name and last name CUCM adds it to its directory. The account doesn’t need to have a telephone number, it can even be disabled. Note that you can only synchronise accounts – CUCM ignores Contacts.

Didn’t anyone at Cisco think that their clients might possibly want to filter their imports? Did it not occur to them that the structure in AD might not reflect the way clients want to import users into CUCM?

It’s just not good enough!

Opened up SQL 2000 Enterprise Manager the other day to look at a performance problem (which turned out to be someone purging WSUS of old updates). Anyway, I went to look at Process Info (under Management –> Current Activity) to see what was happening. Process Info displays details on various SQL process IDs (e.g. Open Transactions, CPU, Physical IO, Memory Usage). It also lets you sort by various columns – which can be quite useful. I say “can be”, because, unfortunately, Enterprise Manager seems to do an ASCII or alphanumeric sort, rather than a numeric sort:

Process Info sorted by CPU

What bright spark went to all that trouble to provide all this information in Process Info, and then didn’t do the last bit to allow us to sort it in an intelligent manner. I mean, it can’t be that hard.

It’s just not good enough!

I had a server run low on disk space on one of the data volumes (a bit over 1 GB free on a 2 TB volume). When this happened, CPU utilisation went up to 100%. Task Manager showed System was the offending process. This is not the first this has happenedto us (although it’s the first time I’ve looked at it).

So, I ran Process Explorer on the server and took a look at the threads for the System process. Here’s what I saw:

TmXPFlt.sys threads in the System process using excessive CPU

It turns out TmXPFlt.sys is part of Trend Micro Office Scan’s virus scan engine. I tried unloading Office Scan but it made no difference. In the end I had to restart the server.

We install anti-virus to protect our servers, not to take them down.

It’s just not good enough!

We have some spare slots in an IBM EXP810 disk tray attached to our DS4000 series storage system and thought of filling them with 1TB SATA disks. MCG Technology have 1TB Seagate drives (ST31000340AS) for $179 including tax (or 16c per GB). Note that these drives come with a 5 year warranty. So I figured a drive from IBM would probably be around the $500 mark. That would allow for an enterprise spec’ drive, the enclosure and IBM’s usual exorbitant markup.

Boy was I wrong.

Our Australian dollar ex-tax purchase price for a 1000 GB/7.2K SATA EV-DDM drive is $2100.00 each. I couldn’t believe it. That works out to $2.10 per GB – and they’re not proper sized gigabytes either.

By contrast a 750GB SATA drive from IBM comes to $850.00 or $1.13 per GB.

Now I know that the world is in a financial crisis. But that doesn’t excuse IBM ripping its customers off. It appears that the robber barons of Wall Street have moved to 1 New Orchard Road.

It’s just not good enough!

[Edited to add]

Seagate have an enterprise SATA 2 1TB disk – the Barracuda ES.2 ST31000340NS. The cheapest price on staticICE is $299.

OpenLDAP is open source LDAP software. It’s used on a lot of Unix and Linux distributions. ldapsearch is a utility that comes with OpenLDAP. It allows you to search an LDAP directory from the command line. This is potentially very useful when you need to access LDAP from a shell script. You can even use it to access Active Directory, as Phil Lembo shows here.

Unfortunately, when ldapsearch returns its results it wraps the output after 76 characters – and it doesn’t appear to give an option to turn line wrapping off. Now what bright spark thought that this would be a good idea. That makes it a pain in the arse when you’re trying to grep the output of a directory search.

Someone does seem to have come up with a patch back in 1999, but it doesn’t appear to have made it into production.

It’s just not good enough!

I went to shut my computer down last night and received the following error (it turns out that “No” was the option I wanted – “Yes” didn’t seem to do anything):

It’s just not good enough!