One of the things I’m working on at the moment is moving the remainder of our Exchange organisation over to Office 365 / Exchange Online. We moved the bulk of our accounts some time ago; students here have been on Office 365 Exchange email for a few years, but staff and ‘role’ email accounts have been held on local Exchange servers until this month. The things I’ve seen people worry about on these migrations have actually been the least of my worries.
So I recently did a podcast with SonicWall on Safeguarding and the statutory guidance on Keeping Children Safe in Education (KCSiE). You can listen to it here. Invaluable resources: Safer Internet Centre's Advice section. Internet Watch Foundation (IWF) Thinkuknow website.
As I’m sure most of us know by now, SHA1 cryptography hashes have been increasingly under attack, and are now regarded as fully broken. In fact, my use of “now” kinda understates the point; you should be urgently looking to upgrade to SHA2 if you have any devices or servers using certificates. If you’re not aware of these risks then please look around. There are some good introductory articles on the entrust website that talk about this issue, but please note that these articles are from 2014 and somewhat understand the urgency of the issue.
Microsoft’s march towards filling their operating system with adverts continues, with people upset to see adverts for OneDrive popping up in Windows Explorer. And lets be honest, we’re all right to be annoyed. I think that’s certainly pretty intrusive. The Next Web has an article on how to turn it off (though ironically, when I first visited their site on my iPad it tried to take over my whole screen. Hmm… …something… something… attend to the beam in your own eye.
At work I tend to turn up to meetings with a MacBook Pro. This surprises a few people who know me as a former Microsoft MVP, a Windows Server/Infrastructure person and the manager of a IT system that is predominantly Windows based. The MacBook Pro isn’t ideal; it’s a 15" 2010 model and it is starting to be a problem. Even with a SSD installed, it’s starting to get slow and cranky when it comes to waking up.
{There was a section here on converting Windows 2016 server eval to full version for enterprise customers, but as Windows 2016 is properly out there now it seems pointless. I've pasted what was here into the comments below in case anyone needs it} Upgrading ADFS The first question after deciding to roll out a new version of Windows server into your organisation is what to deploy first, and the answer for me, at least, turned out to be ADFS 4.
Wireless is already ubiquitous in any modern home or business these days, yet it’s one of the areas that probably most upsets employees, managers and IT staff all alike. There’s an assumption that business WiFi must be easy because anyone can purchase a cheap home wireless router and set it up at home, so how hard can it be to do the same thing for a business? Actually for a small business where you’re just providing connectivity for one or two people with their work laptops and maybe a mobile phone or two in a small office, it’s probably not too difficult at all.
Just lately Microsoft seem to be determined to mix up brand names to confuse customers. For a while now we’ve had OneDrive for Business, the product that is built on the back of totally has nothing to do with OneDrive. OneDrive is your typical cloud file sync platform… and actually one I like enough to make my primary cloud storage of choice. OneDrive for Business is the name Microsoft have decided to give to uploading documents to a personal document library in SharePoint, in particular SharePoint Online/Office365.
After our recent Exchange 2013 rollout, we noticed a problem with the Exchange 2013 servers (virtual guests on a HyperV cluster) experiencing clock drift and ultimately bugchecking (aka blue screen) with 0x000000ef errors. These crashes and clock drifts occurred once every couple of days and quite aside from the crashes, clock drift is a very big deal on any kind of server these days. While the crashes were disruptive in their own right, the potential problems caused by someone having to wait a bit to access their mailbox or receive a message is nothing to the problems that could be caused by the timestamp on an email being a day or two out.
This is perhaps another example of my recent comment about SCVMM making harder work of things than perhaps it should, but for all that I want to also say that it’s very likely that the root cause of this error was a mistake on our part. I also want to share this in case someone else has a similar problem. On one of our clusters, I noticed that one or two guests were failing to migrate to a particular host.
We’ve always been a VMWare shop. As some of you might know, I’ve been involved in the Microsoft virtualisation stack in the past, writing guides for Virtual PC and bits and pieces for the server products, but on the server side of things, at least, VMWare have always had the lead. They’ve had the advantage of beating Microsoft (and others, but this article isn’t about those) to market and the advantage of being able to concentrate on virtualisation because it’s all they do.
I’m currently heading an Exchange 2007 to Exchange 2013 migration at work and I’m going to share the thoughts and notes that I’ve made on the process so far. The actual install process was fairly painless to be fair, with one CAS and two Mailbox servers currently configured, but I have encountered one problem with certificates that I thought I would share: We required a new Unified Comms certificate as part of the rollout, so I used the Exchange Admin Centre (EAC/ECP) to generate a Certificate Signing Request on the CAS server.
So we’re a Mimecast customer and today they had a few problems with their email services in the UK going offline for a large part of the working day. No big deal as such, other than that they make big claims for their own availability and have been quite ready to point out the failings of others in the past - and the responsible people at those others are probably reacting to today’s events by pouring champagne down their throats as fast as they can get the bottles open… well maybe not at Google.
I see lots of people talking about and asking about hardware being “prepared for BYOD” and/or “BYOD ready”. Most of the time they’re talking about Wireless Access Points(WAPs) or other similar items of infrastructure. In a lot of ways, as long as you stick to a reputable vendor, what make of WAP you buy is the least difficult and least interesting part of the project - you wouldn’t focus too heavily on what brand of switch your desktops were wired into as part of a project to give everyone access to a new corporate intranet site from the desktop - you’d spend more time checking that the site’s CMS system worked with your standard browser and thinking about what content users should be able to get to, and how they’d get to it.
Let me just start this post by saying that professionally at least, I’m a happy Dell customer. I’ve built up a good relationship with them over the years, met senior Dell staff and we almost exclusively use their server & storage infrastructure where I work, we’ve used them for consultancy in the past, and I’ve been delighted with the results. This is not me hating on Dell. But I am going to have to take them to the woodshed over a recent post by Andre Meier on their corporate blog, “Tablet matters - taking the right decision”.
5. "Nuke from orbit" is still the best approach to a rooted system. See http://serverfault.com/a/218011/7783 I've talked about this in the Server Fault answer above, and I might do another post diving into some of the details behind my beliefs here but the drive to rebuild after getting a system compromised comes down to trust. For an illustration of why I use that word, please read "reflections on trusting trust"
Based losely on a series of tweets I made last year. 10. Documentation & planning may not be fun but they can be the difference between being promoted & being fired. It's easy in support and operations to get sucked into the mantra that documentation doesn't matter, or more likely, that yes it does matter but not as much as getting things done. Documentation is part of getting things done. Making and using documentation is a vital part of being an IT Professional, as opposed to being someone who is good with computers.
We are almost exclusively a user of HP Procurve switches where I work. We have a wide range of models that we’ve used at both core and edge and have been happy with them over the years. One important part of our current toolset for managing switches is the HP Procurve Manager Plus management tool (another part is the invaluable tips on the evil routers website). Once you move beyond a certain amount of switches it becomes inefficient to manage them all by hand and tools like this which allow you to bulk manage error and performance logging and manage switches in bulk become invaluable.
We’ve been migrating from SCCM 2007 to SCCM 2012 at work. One very interesting part of SCCM 2012 for us has been the support for Mac OSX that was added in SCCM 2012 SP1. We have about 70 Mac clients, I guess, on top of about 1500 Windows clients, and those 70 clients need a dis-proportionate amount of time to manage, not because of any problems with Mac OSX as such, but rather due to the lack of real tools available to manage a large desktop roll-out.
If you do then my condolences, but you probably don’t. And if you don’t then however bad your day at work was, it’s probably not as bad as the network admins over at EA. How is it that everyone except EA themselves could see this one coming? For some time now EA and Maxis have been working on a ‘reboot’ of the massively popular SimCity game. As part of the run up to this launch EA announced that the game would require an always on connection to the Internet, because whether you want to or not you pretty much have to play the new game as a shared ‘online’ experience.