I upgraded to the latest version of Sophos PureMessage (v2.6.1 upgrade to v3.0) on an SBS 2003 server.
The upgrade went smoothly as per usual. Hats off to Sophos for providing good quality products and excellent documentation.
This version now includes AD integration and allows for recipient validation. I enabled this, as well as verifying the upgraded settings. I kept an eye on progress for about 90 minutes as I was performing other administrative tasks.
When I came back to it the next morning, the server was being sluggish. Investigation showed that the were several thousand NDRs queued up, and further investigation revealed that the Exchange journal mailbox was bouncing Read Receipts with a Permission Denied error back to PureMessage. Unfortunately, the Read Receipts had no From header, so PureMessage was generating an NDR and trying to send it to an address of '<', which is a completely invalid address. This was then escalating an alert message to the Alert address, which had filled up the resulting mailbox. The mail bounce that was occuring was also generating an unscannable error due to too many nested attachments, which also queued up an alert message.
The remedial action was to remove the administrator alert address. This stopped the queuing. I then turned off administrator alerts for the On Unscannable action for the Exchange Store scanning and the Transport scanning. This helped stopped further NDR flooding.
The final action I performed that finally killed the NDR storm was to fire up the Exchange System Manager, go into the SmallBusiness SMTP Connector properties, go into Content Restrictions and turn off System Messages.
I also opened up the Delivery Restrictions placed on the mailbox that I'm using for Exchange Journalling until I can verify what the appropriate restrictions should be on the mailbox such that it works with PureMessage 3.0, seeing as the previous settings worked fine with PureMessage 2.6.1 (which was only accept messages from the Exchange Journalling mailbox).
Friday, September 28, 2007
Tuesday, September 25, 2007
Desperately Awaiting Windows Vista SP1 (or why Power Users should use Firefox)
IE7 under Windows Vista (and also under XP) is driving me nuts.
I frequently have 20-30 browser tabs open. These tabs generally contain my reading list and I place them in reading order. I also have a second IE7 window open for general searches and Webmail.
About once a fortnight I have IE7 crash on me. What really sucks is a lack of built-in IE7 crash recovery. For that I use IE7Pro. It does a reasonable job.
Sometimes the crash recovery just doesn't work all that well. When it doesn't work, I use TravelLog to pull out my URL history, then use FileParse (with XP compatability enabled) to reformat the output so I can quickly process the URL history in Excel.
This is obviously time consuming.
The final nail in the coffin for IE7 on Vista for me is that when I have 32+ tabs open I get a Denial of Service on Windows Explorer. Yes, that's right. When I exceed 32 tabs and go to the Start Menu and click on Computer, Explorer opens and then immediately closes. If I reduce the tabs to less than 32 I get Explorer functionality back.
This is a serious regression from Windows XP. Under XP I don't get this DoS. Under XP, it takes about 64 tabs for the interface to screw up, but this only affects IE7. Windows Explorer in XP still remains functional. The obvious indication of exceeding the capabilities in IE7 is that tabs fail to render content and also losing the ability to bring up right-click menus. This also occurs under Vista, but at a tab count of about 32 and with the added bonus of a Windows Explorer DoS.
So I'm now installing Firefox 2.0 and will be using this as my primary browser. This will improve my browsing efficiency and will stop my blood from boiling when IE7 crashes, or Explorer stops loading.
I really, really hope Vista SP1 fixes this.
I frequently have 20-30 browser tabs open. These tabs generally contain my reading list and I place them in reading order. I also have a second IE7 window open for general searches and Webmail.
About once a fortnight I have IE7 crash on me. What really sucks is a lack of built-in IE7 crash recovery. For that I use IE7Pro. It does a reasonable job.
Sometimes the crash recovery just doesn't work all that well. When it doesn't work, I use TravelLog to pull out my URL history, then use FileParse (with XP compatability enabled) to reformat the output so I can quickly process the URL history in Excel.
This is obviously time consuming.
The final nail in the coffin for IE7 on Vista for me is that when I have 32+ tabs open I get a Denial of Service on Windows Explorer. Yes, that's right. When I exceed 32 tabs and go to the Start Menu and click on Computer, Explorer opens and then immediately closes. If I reduce the tabs to less than 32 I get Explorer functionality back.
This is a serious regression from Windows XP. Under XP I don't get this DoS. Under XP, it takes about 64 tabs for the interface to screw up, but this only affects IE7. Windows Explorer in XP still remains functional. The obvious indication of exceeding the capabilities in IE7 is that tabs fail to render content and also losing the ability to bring up right-click menus. This also occurs under Vista, but at a tab count of about 32 and with the added bonus of a Windows Explorer DoS.
So I'm now installing Firefox 2.0 and will be using this as my primary browser. This will improve my browsing efficiency and will stop my blood from boiling when IE7 crashes, or Explorer stops loading.
I really, really hope Vista SP1 fixes this.
Modifying SBS 2003 SP1's bkprunner.exe for Improved Backup Performance
I'll quickly jot this down before I forget.
I've recently been having a shrinking backup window on one of my client's SBS 2003 boxes. It backs up to tape and I didn't want to create a backup script and lose the nice reporting features that SBS provides. So I hacked the bkprunner.exe process instead :-)
On my own SBS 2003 box I was getting terrible server performance during my daily backup to USB drives. I found the undocumented /FU switch that was included with the SP1 version of ntbackup and some registry modifications that the Exchange team of Microsoft IT performed to improve their backup performance.
Open Explorer and go to "C:\Program Files\Microsoft Windows Small Business Server\Backup"
Make a copy of bkprunner.exe
Download and extract XVI32.
Run XVI32.exe
Open bkprunner.exe in XVI32
The address range $10F0-$11B7 is used for backups to .bkf files
The address range $11B8-$1277 is used for backups to tape
To turn off verify when backing up to a .bkf
Go to address $113A
In the hex pane (the middle one), type in the following hex values:
6E 00 6F 00 20
This enters in the text "no " in Unicode format.
To turn off buffered writes (as explained in MSKB 839272 and also here) when backing up to a .bkf - recommended
Go to address $115E
In the hex pane (the middle one), type in the following hex values:
46 00 55 00 20 00 20 00 20 00 20
This enters in the text "FU " in Unicode format.
To turn off verify when backing up to tape
Go to address $1202
In the hex pane (the middle one), type in the following hex values:
6E 00 6F 00 20
This enters in the text "no " in Unicode format.
Registry modifications for performance
Run regedit
Open HKEY_USERS
Load Hive
Open SBS Backup User's NTUSER.DAT registry hive; call the key name BACKUP
Browse to HKEY_USERS\BACKUP\Software\Microsoft\Ntbackup\Backup Engine.
Edit the value of the entry Logical Disk Buffer Size from 32 to 64.
Edit the value of the entry Max Buffer Size from 512 to 1024.
Edit the value of the entry Max Num Tape Buffers from 9 to 16.
If the above keys don't exist, create them as String values.
Click on HKEY_USERS\BACKUP
Unload hive
I've recently been having a shrinking backup window on one of my client's SBS 2003 boxes. It backs up to tape and I didn't want to create a backup script and lose the nice reporting features that SBS provides. So I hacked the bkprunner.exe process instead :-)
On my own SBS 2003 box I was getting terrible server performance during my daily backup to USB drives. I found the undocumented /FU switch that was included with the SP1 version of ntbackup and some registry modifications that the Exchange team of Microsoft IT performed to improve their backup performance.
Open Explorer and go to "C:\Program Files\Microsoft Windows Small Business Server\Backup"
Make a copy of bkprunner.exe
Download and extract XVI32.
Run XVI32.exe
Open bkprunner.exe in XVI32
The address range $10F0-$11B7 is used for backups to .bkf files
The address range $11B8-$1277 is used for backups to tape
To turn off verify when backing up to a .bkf
Go to address $113A
In the hex pane (the middle one), type in the following hex values:
6E 00 6F 00 20
This enters in the text "no " in Unicode format.
To turn off buffered writes (as explained in MSKB 839272 and also here) when backing up to a .bkf - recommended
Go to address $115E
In the hex pane (the middle one), type in the following hex values:
46 00 55 00 20 00 20 00 20 00 20
This enters in the text "FU " in Unicode format.
To turn off verify when backing up to tape
Go to address $1202
In the hex pane (the middle one), type in the following hex values:
6E 00 6F 00 20
This enters in the text "no " in Unicode format.
Registry modifications for performance
Run regedit
Open HKEY_USERS
Load Hive
Open SBS Backup User's NTUSER.DAT registry hive; call the key name BACKUP
Browse to HKEY_USERS\BACKUP\Software\Microsoft\Ntbackup\Backup Engine.
Edit the value of the entry Logical Disk Buffer Size from 32 to 64.
Edit the value of the entry Max Buffer Size from 512 to 1024.
Edit the value of the entry Max Num Tape Buffers from 9 to 16.
If the above keys don't exist, create them as String values.
Click on HKEY_USERS\BACKUP
Unload hive
Tuesday, September 18, 2007
AutoCAD and that Awful Network License Manager (FLEXlm)
I recently had a problem with AutoCAD 2006, the Network License Server (aka FLEXnet 10.1.5) and a borrowed network license.
The problem was that a laptop had borrowed a license and the hard drive died several days after.
A support call lodged with Autodesk resulted in a "wait for the borrowed license to expire", even after escalating the request to a supervisor. Sorry, not good enough. The annual maintenance fee paid to Autodesk should more than make up for either an immediate remedial action (ie an administrative return process that actually works), or a temporary key re-issue.
So I started Googling. I Googled some more and became thoroughly depressed. Yet another one of those well-known, but not one of those well-documented, products. I'll save my rant about large software companies who don't care about their customers for another day.
There was one useful poster on the Autodesk forums, who was careful with his information in a bid to retain his posting privileges to the Autodesk forums. Based on some of his information, I was able to finally come up with a solution.
The FLEXnet licensing "solution" under Windows provides a GUI front end (called LMTOOLS) to the lmutil command line utility that is used to manage FLEXnet license manager under Unix.
The last tab of the LMTOOLS utility is called borrowing and it's supposed to be used to be able to manage licenses that support borrowing. However it doesn't work out of the box and furthermore Autodesk do not recommend nor support the use of this tab for their licenses.
For anyone that wants to get it working, you need to go to the Utilities tab, leave Vendor Name blank and enter the path to the license file containing the floating licenses. Click Override Path. This will set the default path to the license file. In Vendor Name, enter 'adskflex' and use the same path as the previous step, then click Add Vendor Path. This will enter the vendor path for Autodesk products to point to the license file. You shold now be able to go to the Borrowing tab and click List Currently Borrowed Features to see the borrowed licenses and to also use the Return Borrowed Licenses Early button.
In my case, the Perform Status Enquiry on the Server Status tab was showing the AutoCAD license as being borrowed (by the presence of a 'linger' value), but the List Currently Borrowed Features command on the Borrowed tab indicated that no licenses are borrowed. This was most likely due to the fact that I had consolidated several different vendors' FLEXnet licenses under the one FLEXnet license server to improve license server reliability (which it actually did - a whole heap of ongoing random license server crashes disappeared once consolidated)
So, it appears that the Network License server + utilities are half-baked and the only resolution I had according to Autodesk was to wait the 2-odd months for the license to expire.
In a final act of desperation I started up the Network License service and watched its progress using Sysinternals' Process Monitor and found the location of the stored borrowed license. The borrowed license was stored at:
C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXlm\adskflexborrow
I would expect to find an 'adskflexborrow' file on a Unix system that hosts a FLEXnet license server, for those people running on Unix.
After backing up this file and stopping and starting the Network License Service I was able to reissue the license.
Why the Autodesk Help Desk weren't able to tell me this is beyond me...
The problem was that a laptop had borrowed a license and the hard drive died several days after.
A support call lodged with Autodesk resulted in a "wait for the borrowed license to expire", even after escalating the request to a supervisor. Sorry, not good enough. The annual maintenance fee paid to Autodesk should more than make up for either an immediate remedial action (ie an administrative return process that actually works), or a temporary key re-issue.
So I started Googling. I Googled some more and became thoroughly depressed. Yet another one of those well-known, but not one of those well-documented, products. I'll save my rant about large software companies who don't care about their customers for another day.
There was one useful poster on the Autodesk forums, who was careful with his information in a bid to retain his posting privileges to the Autodesk forums. Based on some of his information, I was able to finally come up with a solution.
The FLEXnet licensing "solution" under Windows provides a GUI front end (called LMTOOLS) to the lmutil command line utility that is used to manage FLEXnet license manager under Unix.
The last tab of the LMTOOLS utility is called borrowing and it's supposed to be used to be able to manage licenses that support borrowing. However it doesn't work out of the box and furthermore Autodesk do not recommend nor support the use of this tab for their licenses.
For anyone that wants to get it working, you need to go to the Utilities tab, leave Vendor Name blank and enter the path to the license file containing the floating licenses. Click Override Path. This will set the default path to the license file. In Vendor Name, enter 'adskflex' and use the same path as the previous step, then click Add Vendor Path. This will enter the vendor path for Autodesk products to point to the license file. You shold now be able to go to the Borrowing tab and click List Currently Borrowed Features to see the borrowed licenses and to also use the Return Borrowed Licenses Early button.
In my case, the Perform Status Enquiry on the Server Status tab was showing the AutoCAD license as being borrowed (by the presence of a 'linger' value), but the List Currently Borrowed Features command on the Borrowed tab indicated that no licenses are borrowed. This was most likely due to the fact that I had consolidated several different vendors' FLEXnet licenses under the one FLEXnet license server to improve license server reliability (which it actually did - a whole heap of ongoing random license server crashes disappeared once consolidated)
So, it appears that the Network License server + utilities are half-baked and the only resolution I had according to Autodesk was to wait the 2-odd months for the license to expire.
In a final act of desperation I started up the Network License service and watched its progress using Sysinternals' Process Monitor and found the location of the stored borrowed license. The borrowed license was stored at:
C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXlm\adskflexborrow
I would expect to find an 'adskflexborrow' file on a Unix system that hosts a FLEXnet license server, for those people running on Unix.
After backing up this file and stopping and starting the Network License Service I was able to reissue the license.
Why the Autodesk Help Desk weren't able to tell me this is beyond me...
Subscribe to:
Posts (Atom)
