Backup Exec 12 Upgrade

I have completed the upgrade from Backup Exec 11d to 12. This will free an hour or so each day from the task of manually managing the IMG media for the granular restore technology (GRT) backups. Although 11d did provide us with the ability to backup Exchange 2007, it didn't manage the IMG folders at all. So, every morning I had to log into the backup server and delete the oldest backup. Now that Symantec has corrected this "small" problem, I can completely hand the backup tasks off to another member of our team to verify success and log each day.

The upgrade was very smooth, but the licensing has been a little tricky. Some of our 11d licenses were covered under a support/maintenance agreement and Symantec sent me the license keys in my email. The other installation's support was expired so I purchased a new support contract through CDW. They sent me the certificate from Symantec, but when I type in the serial numbers on the certificate the Symantec Licensing Portal says "no license key required." So I go to install the product, and of course, it asks for a license key. I called the licensing contact telephone number (800-721-3934) only to find that their hours are 7am-6pm Eastern Time (this was at 7:33PM - Doh!).

I installed it as an evaluation and will contact them in the morning.

Export-Mailbox from PowerShell

There are many times, either when restoring a mailbox or creating a permanent copy of a former employee's mailbox, when I have needed to be able to easily copy the entire contents of the mailbox. The best way I have found to do this is with the export-mailbox cmdlet using the Powershell. There are two requirements for this command:

1. Must be run on a 32-bit machine
2. Must have Outlook installed

The parameters for this command depend on what format you are exporting the mailbox to. You can export it to another user's mailbox. The syntax for this process is:

export-mailbox -identity mailbox.name -targetmailbox target.mailbox -targetfolder targetfoldername

This will place a complete copy of the exported mailbox into the target mailbox in a folder that is specified in the -targetfolder switch.

The other option for this command is to export the mailbox to a PST. The interesting thing about this option is that I haven't been able to get it to work. The switch is not part of the cmdlet on my workstation, but is available on the Exchange server. The Exchange server is 64-bit and doesn't have Outlook installed, so it can't be run from that machine. The syntax for this command would be:

export-mailbox -identity mailbox.name -PSTFolderPath foldername

This will export the contents of the mailbox to a PST file and place it in the folder that is specified by the -PSTFolderPath switch.

Dialing Letters from Blackberry

I just received my training vouchers for EMC ClarIIon training. I am very excited about this training. All that was contained in the box were two white envelopes. I opened them and there were two nice, slick, blue folders. I opened each folder to find a single sheet of paper that contained a "voucher". On the voucher was printed instructions for activating your training. To do this you needed to call the EMC training group at 1-888-EMC-TRNG. Great, except that I'm not in the office so I needed to use my Blackberry. Anyone that has ever used a Blackberry knows that the keys that have both numbers and letters are not arranged in the manner of a traditional telephone. The W key is shared with 1, the E key is shared with 2. So dialing by letters is something that I always thought you just couldn't do with a Blackberry. I know that this was a silly assumption for me to make seeing as Blackberry is, and has been the leader in hand-held "smart-phones" for many years. So today I took to task the ability to do this and was determined that I would find a way. I searched for it, low and behold, the first entry in the almighty Google results was just what I was looking for. The directions (paraphrased from the Yahoo! tech site) are below and for future reference the URL was: http://tech.yahoo.com/gd/making-a-phone-call-with-your-blackberry/153260

1. From the Home screen or the Phone application, dial 1-8-8-8.

As you type the first number, the Phone application opens (if it isn't opened already) and displays the numbers you dialed.

2. Press and hold the ALT key and then dial (press) E-M-C-T-R-N-G.

Hit the send key and the Blackberry will automatically determine the correct numbers to dial.

Windows XP Authentication/Authorization Process

While discussing Microsoft's Best Practices for Domain Controllers, I began looking closely at the authentication process and the authorization process when accessing resources on the network. I had a mix of terms and understanding about this. I thought that the user was authenticated each time they opened a file or printed a document. I later found that this is actually called "authorization", which now makes sense.

This is termed as authorization because when the user is authenticated during the login process (domain) they are granted an access token. Each time the user then starts a process thread (we'll use Microsoft Word as the example), that application doesn't have a SID (Security Identification), so it "borrows" the user's token that launched the process (this is also how the "Run As" procedure works). Every file the process tries to access (such as a Word document on a network drive), also uses the user's access token. This is how the system knows when a user's account has been disabled after they have logged in, then immediately makes network resources unavailable, even though the user can still be logged into the local machine (this is because their authentication already happened when they logged on the computer - before the account was disabled).

This brings me back to the point of the domain controller in each site. If it isn't configured this way, every network file that is accessed (which for us, is most every file) or a document is printed (another network resource), the user's access token is passed to the domain controller to access that resource. If there isn't a domain controller in the site, the token must be passed over the WAN and then back to the network resource to ensure that the access token is valid (see Microsoft's Windows XP TechCenter: http://technet.microsoft.com/en-us/library/bb457115.aspx).

This has been a great exercise that confirmed my belief and corrected some of the terminology that I was using.

Cisco Call Manager 4.1 Time Updates

This version of Call Manager is not compliant with the new Daylight Saving Time. So this morning, I was blessed with the ticket to change the time on all 660 phones. The Call Manager Server gets the time from the Windows host operating system. To get the time changed, I had to check the box for "Automatically Adjust for Daylight Saving Time" then manually change the clock to the correct time. This fixed the time and then I just reset all of the phones.

Copy HP LAN Switch Config

In our environment, we use HP 2524 ProCurve switches for our LAN switching. These switches have been shown to be reliable and easy to configure. To copy the config of these switches for backup purposes there are two methods:

1. Log into the web interface (if enabled) and go to the tab labeled "Diagnostics", then "Configuration Report". This tab contains a text copy of the running configuration.
   
2. Log into the CLI (Command Line Interface) and use commands to copy the configuration to a TFTP (Trivial File Transfer Protocol) server.
   

I prefer the second method because although, the web interface is easy because you can just copy and paste it to a text file, the web interface uses Java (which can be slow), requires two logins and then you have to navigate to the section.

To copy a switch configuration using the CLI log into the switch with telnet and type the following command:

copy startup-config tftp 192.168.x.x destination

The command breaks down in the following way:

• copy - command to copy something
• startup-config - what to copy, it can be running-config if that is the configuration you want
• tftp - the protocol to use when copying
• 192.168.x.x - the address of the TFTP server
• destination - the name of the file when it is placed on the server

Very simple, and can also be scripted to get many configs at one time.

Daylight Saving Time on Cisco Devices

Much of our infrastructure is made up of Cisco devices. These include 1130 wireless access points, 1720 routers, 3750 Catalyst switches, Unity Express voice mail systems, as well as some additional devices not relevant to this post. Due to the change in the effective dates for Daylight Saving Time, we had to make a lot of different changes to our Cisco devices. During this process we found that there are different ways to approach different devices. For example, the 1130 AP and 1720 routers don't use NTP (Network Time Protocol) but they use SNTP (Simple Network Time Protocol). This is an important distinction because as you try to make sweeping changes in a large environment, you have to know that certain devices require one extra letter as compared to all of the other devices.

So, the config for the Cisco AP and 1720

config t
!
clock timezone EST -5
!
clock summer-time EDT recurring 2 Sunday March 02:00 1 Sunday November 02:00
!
sntp server 192.168.x.x
!
exit
!
show clock
!

As seen above, with Cisco's IOS you can easily set the timezone, start and end date for Daylight Saving Time, as well as the SNTP server's address.

As for all of the other Cisco devices (at least in our infrastructure) the config is as follows:

config t
!
clock timezone EST -5
!
clock summer-time EDT recurring 2 Sunday March 02:00 1 Sunday November 02:00
!
sntp server 192.168.x.x
!
exit
!
show clock
!

Unfortunately, there was still one more change that needed to be made. The Unity Express voice mail module doesn't use the timezone settings for whatever devices it is installed in, it has its own settings, which seems silly, but I guess someone had a use for it.

To access the Unity Express module you must first enter IOS for the host device, then the "Service Engine" that is running Unity Express. The following is the command that I used to configure this for our Unity Express time zone:

service-module service-Engine2/0 session

This will start the telnet session with unity express

The system will need to be changed to EST (New York - for Fall) or AST (Bermuda - for Spring) using the command

clock timezone

This command will present a menu

For EST choose:
2) Americas
then
45)United States
New York

For AST choose:
6)Atlantic Ocean
Bermuda

The system must then be reloaded (taken offline). This was the only way that I could get the Unity Express module to stamp the voice mail messages with the correct time. This means, that each March and November, I am going to have to perform this to get the messages stamped properly.

Cisco was Right...The Problem Lies with AT&T

We have been having a problem over the past two months with dropped calls at one of our offices. I have had AT&T run several stress tests, replaced Cat5 cables, and even had the hardware vendor, Cisco check the hardware on the voice router (3825). We have been being notified consistently by our network monitoring software (Solarwinds) that the VWIC card was not available. Cisco insisted that they didn't feel like it was a problem with the hardware, so they requested that we have AT&T come out and check the connection between the smart-jack and the VWIC card.

Apparently, when AT&T runs a stress test to check a circuit, they only test from 'A-Z', or as I found (only because I was persistent with my questioning, not because they were forthcoming) only to the 'front side' of the smart-jack. Although the 'back side' of the smart-jack is owned and supported by AT&T, they don't include that in their normal testing process. This is due to the fact that it requires a technician to come on-site. Also, a little fact is, if they don't find any problems with that equipment, they will charge you for the visit.

It turned out that Cisco was right, there wasn't anything wrong with the hardware. Rather, the AT&T technician found that there was a 'bad pair'. It was actually kind of funny, when the tech called he said 'a bad pair can cause problems with a T1'. Really? Since the 'bad pair' was replaced by AT&T, we have not received any alerts from our NMS.

This was a very good exercise for me as I learned many things:

1. If there is a problem with a VWIC card, connectivity is probably going to be lost for good, not intermittent.
2. AT&T doesn't like to send technicians on-site, unless they know it is a problem or they know you are going to pay them for the visit.
3. A bad pair can cause problems with a T1 (I already knew this, but it was nice of AT&T to reinforce this).
   

Label Cloud for Blogger

Thanks to phydeaux3 and his simple and effective tag cloud CSS and script (http://phy3blog.googlepages.com/Beta-Blogger-Label-Cloud.html) I was able to insert this awesome tag cloud on the right side of my blog.

Thanks phydeaux3!

Update
Since the first time I configured this tag cloud, I have done it several more times. I have successfully configured it with several different templates and color schemes.