August 2011 Entries
Building a home virtualization lab/test/learning/what's not environment - Part one.
Oh No!
Not another geek who is going to tell us how to build a virtualized lab environment! We already know all there is to know about this crap!
Hah! Yes this is another geek doing this build, but rest assured, it’s not you, it’s me! This is my view and take on this subject, where this blog will function as a “diary” to log my time, remarks and build guide on how I built it. Besides, I’ve built similar environments hundreds of times so I want to add a bit of a twist J. Seeing as my move abroad is coming up this will be a lengthy series . Plus it means I’m going to be fairly low on budget...
Background
I guess every geek wants to have a couple of machines at home running a lab environment. I’ve been doing so for more than 6 years! Back in the day when I started with this “lab” environment I was forced to use a couple of computer, mostly spare parts and hand-me-downs from friends. Let’s face it, high amounts of RAM were expensive so running virtual machines was not really an option for most “up and coming” geeks. It also prevented me from deploying larger environments that I could use to learn more complex situations.
Stop the time freeze and move forward to present day. Computers are dirt cheap and having loads of memory is in the grasp of most computer enthusiasts. Having deployed and worked with more complex environments than I did 6 years ago my lab “evolved” but kept most of that old rubbish hardware and I would just add on new pieces. Well no more! I’m cleaning out the lot and am going for a fresh, shiny new environment ready to cope with most of my demands.
Requirements
Call it a professional deformation (gah!) to define requirements in a home project but it is one of those things I need so I actually can keep everything in control. Starting something without a clear plan is dangerous, I will tend to be all over the board in such cases J.
Simply put these are my requirements:
·         Low footprint: Whilst I’m blessed with a wonderful partner that will not hold me back from learning and trying out new things, I believe she will not be amused if I need a room to only run this farm.
·         Low budget: Whilst I’d love to do it I can’t afford to blow thousands of euro’s (soon to be pounds) on this. Simply no budget in my life for that...
·         Silent: Related to the small footprint part, a couple of jet turbines running next to the bedroom will not make the better half happy.
·         Capacity: All in all one of the more important parts of the requirements. I want to be able to run at least 10-12 lab machines simultaneously. 
·         Performance: No waiting 5 minutes before I can log in to a machine!
Nice to haves:
·         Storage: centralized storage with a high capacity I can use for more than this lab.
·         Capacity: Running more than 12 machines simultaneously makes me drool!
·         Failover: Totally unneeded for a home lab environment but it would be nice to have J.
·         Ease of management: Ideally I would be able to deploy a new virtual machine in a matter of minutes so I don’t waste to much time on installing software.
Nice list if I say so myself :D! To condense it: Significant Other Approval Factor
What’s available to me?
The world! At a cost that is... Seeing I can’t afford the world (one day! I swear!) I’ll have to make an inventory of what I have:
·         Leftovers from previous labs (scratch that, I think they died a horrible death during unpacking.)
·         A technet account (ooooooh shiny!)
·         A small budget
·         Open source
Choices to be made...
Hyper Visor
Right! Seeing as I have a technet account I can use Microsoft Hyper-V as a solution for my hyper visor problem. I’m very familiar with it and it will allow me to do failover clustering without paying through my nose for it (yes I’m looking at you VMWare!).
Hardware
Well, I’ll be honest. I already bought components for 2 machines with 24 GB of memory and an i7 CPU. So those will form the front end of my virtualization pool. Each machine bled me of 900 euro in component costs, not too shabby if you ask me!

·         Motherboard: ASUS P6X58D-E DDR3 SOCKET I7 INTEL® X58
·         CPU: INTEL CORE I7 950 45NM 3.06
·         RAM: Patriot triple channel DDR3 24GB

Storage
More painful, I have the choice between building a centralized storage device, buying a centralized storage device or going for local storage. Whilst I have a number of hard drives that are in disuse (beats me why, everything has been blurry for the last couple of months) that I could simply pop into the machines to use for local storage it also limits me in performance.
After careful research as to what it would cost me to buy a NAS that supports not only iSCSI but iSCSI 3 persistant reservations and give me enough headspace to grow I have found the Synology DS3611xs and the Synology DS2411. Performant, RAID capable (pesky drive failures) and the DS3611xs has 4(!) NIC interfaces capable of doing LACP (combining all into one port)!!!
Eh, they also cost around 2000 pounds (2200 euro) each. Without drives. Auw!
So back into the storage I went and looked, finding an ASUS P45 DQ6 under the hood of an old machine I was able to salvage from the horrible ripper. It even has a working Intel CPU and some memory! Well what do you know? Seems I’m heading back to junk kit after all... Whilst I would want to buy a DS3611 in the future I can simply not afford to spend +3000 euro on a storage device. Got to remember the budget now don’t we?
As for an OS to run on this hardware I’m looking at either FreeNAS 8.0.1 (beta) or nexentaStor. Both support iSCSI 3 persistant reservation and seem to work fine with the live migration “nice to have”. Freenas is completly free and has no limitations, NexentaStor is limited to 18TB available space in the community edition. Both additionally support link aggregation (LACP), which comes in handy.
Network
Plain and simple, I have a HP 1800 24 port managed switch in my possession (again saved from the destruction) which is quiet, fast and capable of all kind of wonders!
Management
This is a bit more a pain in the ass situation. I’ll need to automate a lot if I want to get where I want to get so either a lot of scripting and figuring out what happens under the hood is going to be needed or I might have a look at Virtual Machine Manager. Either way will be intresting.
Th-Th-Th-Th-Th-... That's all, folks
Well, for now at least. I defined the requirements and the nice to haves for this project, figured out what I have and what I can use, as well as defined some elements of how to tackle to problems at hand. It’s still fairly loose and large, but I can’t get in the nitty gritty details yet.

Upcoming sessions will have a design for the environment, build guides, management definitions, automated deployments and cake. Loads and loads of cake...

One Comment Filed Under [ General Platforms ]
Troubleshooting exchange web services
Since exchange versions from 2007 and up put more emphasis on the webservices for use in the distribution of the offline address book, out of office, the scheduling assistant and autodiscover (a.k.a outlook connectivity to exchange) the correct configuration of the virtual directories and IIS components is the main key to a healthy exchange environment.
It is for this reason that I have compiled a quick reference as to how these components should be configured in order to function properly and so that most of the information needed to troubleshoot issues is in one place.
Exchange default IIS virtual directory authentication settings
I have often seen that issues with exchange connectivity or web related services have been caused by not having these authentication and SSL settings placed correctly.
Exchange 2010
Client access server role

Virtual directory
Authentication method
SSL settings
Default Web site
·         Anonymous
·         Required
aspnet_client
·         Anonymous authentication
·         SSL required
·         Requires 128-bit encryption
Autodiscover
·         Anonymous authentication
·         Basic authentication
·         Windows authentication
·         SSL required
·         Require 128-bit encryption
ecp
·         Anonymous authentication
·         Basic authentication
·         SSL required
·         Requires 128-bit encryption
EWS
·         Anonymous authentication
·         Windows authentication
·         SSL required
·         Requires 128-bit encryption
Microsoft-Server-ActiveSync
·         Basic authentication
·         SSL required
·         Requires 128-bit encryption
OAB
·         Windows authentication
·         Not required
owa
·         Basic
·         SSL required
·         Requires 128-bit encryption
Powershell
·         Anonymous authentication
·         Not required
Rpc
·         Basic authentication
·         Windows authentication
·         SSL required
·         Requires 128-bit encryption
RpcWithCert
·         By default, all authentication methods are disabled
·         Required
 Mailbox Server Role

Virtual directory
Authentication method
SSL settings
Default Web site
·         Anonymous authentication
·         SSL required
·         Requires 128-bit encryption
PowerShell
·         Anonymous authentication
·         Not required
Exchange 2007
Client access server role

Virtual directory
Authentication method
SSL settings
Default Web Site
·         Anonymous authentication
·         SSL required
·         Require 128-bit encryption
aspnet_client
·         Anonymous authentication
·         SSL required
·         Require 128-bit encryption
Autodiscover
·         Basic authentication
·         Windows authentication
·         SSL required
·         Require 128-bit encryption
EWS
·         Windows authentication
·         SSL required
·         Require 128-bit encryption
owa
·         Basic authentication
·         SSL required
·         Require 128-bit encryption
Exchange
·         Basic authentication
·         Windows authentication
·         SSL required
·         Require 128-bit encryption
Public
·         Basic authentication
·         Windows authentication
·         Not required
Exchweb
·         Basic authentication
·         Windows authentication
·         SSL required
·         Require 128-bit encryption
OAB
·         Windows authentication
Not required
UnifiedMessaging
·         Windows authentication
·         SSL required
·         Require 128-bit encryption
Microsoft-Server-ActiveSync
·         Basic authentication
·         SSL required
·         Require 128-bit encryption
Rpc
·         Basic authentication
·         Windows authentication
·         SSL required
·         Require 128-bit encryption
RpcWithCert
·         By default, all authentication methods are disabled
SSL required
Mailbox server role

Virtual directory
Authentication method
SSL settings
Default Web Site
·         Anonymous
Not required
Exadmin
·         Basic authentication
·         Windows authentication
·         SSL required
·         Require 128-bit encryption
Exchange
·         Basic authentication
·         Windows authentication
Not required
Public
·         Basic authentication
·         Windows authentication
Not required
 Windows SBS 2008
Default Exchange-related IIS authentication and SSL settings.

Virtual directory
Authentication method
SSL settings
Default Web Site
·         Anonymous authentication
Not required
aspnet_client
·         Anonymous authentication
Not required
Autodiscover
·         Basic authentication
·         Windows authentication
·         SSL required
·         Require 128-bit encryption
EWS
·         Basic authentication
·         Windows authentication
·         SSL required
·         Require 128-bit encryption
Exadmin
·         Basic authentication
·         Windows authentication
·         SSL required
·         Require 128-bit encryption
Exchange
·         Basic authentication
·         Windows authentication
·         SSL required
·         Require 128-bit encryption
Exchweb
·         Basic authentication
·         Windows authentication
·         SSL required
·         Require 128-bit encryption
Microsoft-Server-ActiveSync
·         Basic authentication
·         SSL required
·         Require 128-bit encryption
OAB
·         Basic authentication
·         Windows authentication
·         SSL required
·         Require 128-bit encryption
owa
·         Basic authentication
·         SSL required
·         Require 128-bit encryption
Public
·         Basic authentication
·         Windows authentication
·         SSL required
·         Require 128-bit encryption
Rpc
·         Basic authentication
·         Windows authentication
Not required
RpcWithCert
·         By default, all authentication methods are disabled
·         SSL required
·         Require 128-bit encryption
UnifiedMessaging
·         Windows authentication
·         SSL required
·         Require 128-bit encryption
Certificate SAN names
Split DNS setups
Required:
·         Exchangeservername.contoso.com
·         Autodiscover.contoso.com
·         Exchangeservername
Non-split DNS setups
Required:
·         Exchangeservername.contoso.com
·         Autodiscover.contoso.com
·         Exchangeservername
·         Exchangeservername.contoso.local
·         Autodiscover.contoso.local
Loopbackcheck
In case you have a commercial certificate and do not have the budget or possibility to switch to the SAN certificate required for the proper operation of exchange 2007/2010 you can disable the loopback check to solve your issues:
1.       Set the DisableStrictNameChecking registry entry to 1. For more information about how to do this, click the following article number to view the article in the Microsoft Knowledge Base:
281308  (http://support.microsoft.com/kb/281308/ ) Connecting to SMB share on a Windows 2000-based computer or a Windows Server 2003-based computer may not work with an alias name .
2.       Click Start, click Run, type regedit, and then click OK.
3.       In Registry Editor, locate and then click the following registry key:
4.       HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
5.       Right-click Lsa, point to New, and then click DWORD Value.
6.       Type DisableLoopbackCheck, and then press ENTER.
7.       Right-click DisableLoopbackCheck, and then click Modify.
8.       In the Value data box, type 1, and then click OK.
9.       Quit Registry Editor, and then restart your computer.
Configuring the webservice URLs
AutoDiscover
Because all internal clients that belong to the domain will use the service connection point (SCP) object in active directory to retrieve the web services URL information we need to make sure the information they receive will be correct. Using the following command we can see what has been configured and change the configuration if needed:
To view the configuration:
·         Get-ClientAccessServer | Select Name, *Internal* | fl
To change the configuration:
·         Set-ClientAccessServer –Identity <CAS Server Name> -AutoDiscoverServiceInternalUri: <https://Internal URL>
Offline address book
Whilst the offline address book can also be configured through the GUI I prefer a shell environment.
To view the configuration:
·         Get-OabVirtualDirectory | select Server,Name,*URL* | fl
To change the configuration:
·         Set-OabVirtualDirectory -identity “OAB (Default Web Site) –internalURL <http://internal URL>
Web Services
Responsible for the availability service and the out of office connectivity we set up these URLs through the web services virtual directory.
To view the configuration:
·         Get-WebServicesVirtualDirectory | Select name, *url* | fl
To change the configuration
·         Set-WebServicesVirtualDirectory –Identity “EWS (Default Web Site)” –InternalUrl: https://url.domain.local/EWS/Exchange.asmx
 
Test-outlookwebservices
Most problems returned by the “test-outlookwebservices” tool will be solved by the information in the other sections of this article. However there is one, particular nasty, error that will leave you baffled if you don’t know where to look...
WARNING: An unexpected error has occurred and debug information is being generated: Object reference not set to an instance of an object.
Test-OutlookWebServices : Object reference not set to an instance of an object.
At line:1 char:24 
This error is caused by a broken .NET Framework 2.0 and required you to perform a repair or uninstall of this package the error should be fixed. Note that, even though you did not install it, it will always be there if you installed the .NET Framework 3.0. The package can be found under “Programs and features” in the control panel and will be listed as "Update for Microsoft Windows (KB948609)".
4 Comments Filed Under [ Exchange ]
The outcome of my interviews for a PFE position

Drama ensues... For more than a week I have been stressing, sleeping bad and being generally grumpy at the lack of feedback... Hell, even my girlfriend got news that she was accepted for a job in Belfast (Tourism Ireland!) before I got news from Microsoft. I did finally get some feedback but in all honesty it was not what I wanted to hear :).


While you interviewed very well and your technical skills were strong we have unfortunately selected another candidate for the position. It was a close call for the interviewers but the other candidate was a little stronger on some of the competencies.



Really? I would have prefered hearing I was not good enough so atleast I knew what I would have to work on! Well, turns out the other canidate they hired already lives in Belfast and has an established "network". This news kicked my down to the curve hard as I have already cancelled my appartment, handed in my resignation from my current contract and leaves me with next to nothing... The better half in the relationship went ballistic (small nuclear reactor explosion) as she signed the contract a day before I got this news.

I'm lucky that my contracts pay late so I have +/- 2 months of salary I can still draw from the company before I torpedo it and I can go find a job in Belfast. We're leaving by the end of this month... On one salary...

So will I find a job in my field or will I have to resort to flipping burgers?

Add Comment Filed Under [ General ]