I was trying to log into Wells Fargo to check the progress on my House Pay-Off Spectacular and was greeted with this:

Now seriously, what kind of customer service is that?  Who still uses Netscape?  To make matters worse, all of their download links just redirect you back to the same page.

Looks like I have yet another reason to put my Pay-Off Spectacular into high gear so I can fire Wells Fargo.

If you run any Linux guests under VMware, you’ve probably had issues with the clock in the VM drifting or just totally running away.

The Linux clock works by counting timer interrupts. In older kernels, this was usually done at a rate of 100Hz, or 100 times per second. Beginning with the 2.6 kernel, the interrupt timer is now set at 1000Hz, so interrupts are counted 10 times as often.

Due to the fact that VMware divides the host up into “time slots” for each guest OS, and depending on the system load, interrupts are often missed in the guest machines. The more often the guest kernel counts interrupts, the more apparent these “missed” interrupts become and the result clock skew in the gust machine. VMware Tools has the ability to sync the guest clock with the host, but this only occurs once per minute, and can only advance the clock, it can’t slow it down. Generally, the VMware Tools clock sync alone is not enough.

Here’s the steps that are needed in order to keep the clock skew under control (these apply to VMware Server running on a Linux host - in my case, CentOS). The guest OS changes will also apply to ESX.:

• VMware server needs to be told what clock speed the CPU(s) run at. This can be found by running “cat /proc/cpuinfo”, which will return all kinds of information about the CPU’s, including the clockspeed. You’ll need to edit /etc/vmware/config and add the following lines (where host.cpukHz is the host CPU speek in KHz (2.8GHz in my example below)
  

  host.cpukHz = 2800000
  host.noTSC = TRUE
  ptsc.noTSC = TRUE
  

• VMware Tools needs to be installed in the guest OS. VMware provides instructions on how to install VMware Tools in a Linux guest here.
• VMware Tools time synchronization needs to be enabled. This is done by editing the VMX file in the virtual machine directory and adding the following line:
  

  tools.syncTime = “TRUE”

  Note that the host should use NTP to sync to an outside time source, while NTP should be disabled in each guest

• Now, we need to lower the interrupt frequency in the guest kernel. Generally, this will require installing the kernel source, modifying the CONFIG_HZ parameter to a rate of 100Hz, and then recompiling the kernel. CentOS has made this easy for us by releasing a “VM Optimized” kernel for CentOS 5. Although perfectly stable, this kernel is presently in the “Testing” repository. Here’s how to install the VM Kernel using yum in a CentOS 5 system:Add the “Testing” repo as follows:
  

  cd /etc/yum.repos.d
  wget http://dev.centos.org/centos/5/CentOS-Testing.repo

  Now, install the VM Optimized kernel:

  yum enablerepo=c5-testing install kernel-vm kernel-vm-devel

• Now, we need to make sure Grub is set to boot the new kernel, and also add the “clock=pit” parameter to the kernel boot options. We do that by editing /etc/grub.conf and making the following changes:
  

  default=0

  Where “0″ is the first kernel listed. If the VM Kernel is not the first item, you’ll need to adjust the value accordingly. For example, if it’s second in the list, you’d use “default=1″Now, add the clock=pit parameter to the kernel boot options. That section of the grub.conf file will look something like this:

  title CentOS (2.6.18-53.1.19.el5) root (hd0,0)
  kernel /vmlinuz-2.6.18-53.1.19.el5 ro root=LABEL=/ clock=pit
  initrd /initrd-2.6.18-53.1.19.el5.img

Once all of the above changes are made, reboot the guest, and you should see significantly better clock performance. I had some VM’s where the time would drift by hours, and after making these changes, they stay within a few seconds.

We worked for a while yesterday to get Bob’s Windows Mobile phone to sync with Exchange (Bob just joined our IT team - welcome Bob!). Without much luck.  Bob is our first user with Windows Mobile.  Everyone else uses Blackberry devices.

We use an ISA 2006 server in the DMZ with RADIUS authentication as a front-end server to Exchange.  I initially added the Microsoft-Server-ActiveSync virtual directory to the list of paths in the existing ISA rule.  We got errors about not having the correct privileges to do ActiveSync, which we obviously did have.  After messing with this for a little while, I realized I needed to create a separate rule for the ActiveSync path and place it above my OWA redirect rule.  I have a rule that allows the user to type in just http://webmail.jfbc.org and get automatically redirected to https://webmail.jfbc.org/owa.  It seems that this rule was also redirecting the ActiveSync directory.  Here’s what the “Correct” setup looks like in ISA server:

Apparently, that wasn’t the only issue.  Next problem: It kept complaining about an incorrect username or password.  Obviously, the username and password were correct.  Some monitoring in ISA server revealed the authentication didn’t seem to be happening.  All of the requests were marked as “anonymous.”

You won’t believe how simple this was.   On the handheld, there are 3 boxes: username, password, and domain.  We run split DNS, with JFBC.ORG as the internal domain name, so that’s what we entered.  Turns out that ISA server wants the NETBIOS name instead, which is simply JFBC.  It’s amazing how something so simple can create such a big issue.

Currently, our network at JFBC is about 15% Mac. One of the big ongoing projects I’ve been working on is better integration and management of the growing number of Macs in our environment. We currently leverage Active Directory for single signon, but, beyond that, there are no real management tools in place for Macs.

Some things are possible by extending the Active Directory schema to add some of the apple-specific LDAP attributes. However, this moves the AD environment into a somewhat “unsupported” configuration and still doesn’t provide for full control when it comes to Mac management.

The best way to fully manage the Mac clients - including centralized update management and general settings, including appearance, shortcuts, scripting, etc. is through the use of Apple’s Open Directory system. There was definitely some effort put forth on Apple’s part here, because Open Directory can fully integrate with Active Directory. Basically, AD gets used for authentication, then AD users and groups can be linked to OD groups. Specific management settings can then be applied to the OD groups.

I’ve just ordered a new Apple Xserve to handle this task, which should arrive next week. I’m excited about being able to take integration and management of our Mac environment to the next level.

Other Mac stuff on my radar:

• OS X Leopard deployment (Jonathan has agreed be my next victim beta tester).
• Office 2008 deployment.
• Possible Final Cut Server implementation (Already briefly discussed with our media team, will be exploring this further, including storage requirements).
• Migration of our closed circuit TV announcements from PowerPoint on Windows to Keynote on Mac (Currently working with our communications team on this).

Expect lots of Mac related posts in the coming weeks/months!

I just found this on the net and thought it was an interesting concept.  I don’t drink coffee, but know a lot of people who live on it, so I can definitely see the need

We have had a VMware ESX cluster for a while now, but last night I put together our first diskless ESX server. I’m excited about this because it eliminates a failure point from the environment - the local disks in the servers. I’m using Qlogic iSCSI HBA’s and booting from a 10GB volume on our Equallogic SAN.

I got everything configured and tested last night. Today, it gets racked and added to our cluster in Virtualcenter. Here’s a few pictures:

No disks The machine on the bottom and the Mac are a test environment for our upcoming Windows 2008 and Mac OSX Leopard deployment. The procurve switch is just for testing on the workbench, once racked, it will be attached to our Cisco 6500 core switch.

It doesn’t even know there’s no disks (boots up really fast too)

VI Client showing specs of new machine - 8 x 2.5GHz cores and 20GB of RAM - lots of horsepower

It’s home once I rearrange a few things tonight. The 4 machines at the top are our current ESX cluster. The disk array just underneath is for disk-based backup. The SAN is in another rack.

Tony’s post “Should I pursue unexcellent?” got my mind going. The key here is that excellence does not equal perfection. If we expect perfection out of our ministry, we will fail every time and be miserable in the process.

So what’s the difference? I like to think of it this way: Perfection is the act of being perfect while excellence is striving to be perfect. Perfection is being absolutely flawless, without error, never making any mistakes. Excellence is allowing our God-given talents to express themselves to the max.

So, excellence = mediocrity? Absolutely not! The bible commands us to strive to be perfect (excellence). This is apparent over and over - Philippians 1:10, 3:12-13, 4:8, 1 Peter 1:16. We will not achieve perfection until we are eternally united with God in Heaven, but we are to press on towards this goal. That is excellence.

Here are a few other random thoughts:

• Perfection is a fear of mistakes while excellence sees opportunities for improvement.
• Perfection is attempting to be in control while excellence is allowing god to be in control.
• Perfection is setting unreasonably standards will beyond reach. Excellence is setting high and perhaps difficult to attain, but attainable standards.
• Perfection can lead to misery and failure - it’s simply not attainable here on Earth. Excellence, however, leads to fulfillment and greatness.

Now, we do have to be careful. What we don’t want is to use excellence as an excuse for mediocrity. It’s easy to say “It can never be perfect, so this will have to do.” Sorry, but that “Ain’t gonna cut it.” We should never settle for “Good” when we can have “Great.”

The bottom line is: We must recognize that excellence is not perfection, but it’s also not mediocrity. We are to give our best, but also set attainable goals and recognize out limits.

After a crazy week with almost no free time, I finally got to sit down and continue reading Louie Giglio’s book “i am not but i know I AM.”  Here are a few thoughts that stood out to me:

• Life is not about us trying to be bigger, but about embracing our smallness
• Running our world, no matter how hard we try, is way too much for us. We might succeed in making a name for ourselves here on Earth, but it will fade to nothing when our story comes to an end.  We must remember that God is in control.
• He must become greater, and I must become less (John 3:30).
• Sabbath rest (Exodus 8:9-11) is essential.
• We should wake up each day looking for the story of God.  What is he up to today?
• If we’re not careful, on the way to attempting something great for his name, we can forget that He is in control.

I had a couple of gift cards I got with credit card reward points I need to use, and was running out of places to put stuff in the garage. So, I decided to use the gift cards to get a new toolbox. Did the “order online, pickup in store thing”, which worked amazingly well - first time I’ve tried that.

I think I might have went a little overboard - didn’t realize how big (and heavy) this thing was until I got it home. Thankfully, Matt came over and helped me unload it. Now I just need to get more tools. I think it’s going to be mostly empty even once I cleanup the garage.

I had a battle with this last night after installing Vista SP1 (Apparently TS Web Access requires Vista SP1 or XP SP3), so thought I’d share some details. Why Microsoft waits a year after releasing a new OS to make their remote serer admin tools work on it is beyond me. They did the same thing with XP and 2000.

The Server 2003 “adminpak.msi” kind of worked on vista. Installing it required “Compatibility Mode” be set to XP SP2, then, there was weirdness in some of the tools. For example, in AD Users and Computers, there was no indicator to show an account as being disabled. In DHCP management, you couldn’t do anything except set the “Server Options”. None of the scopes were visible. Since I migrated my workstation to vista, I’ve had to RDP to a server to do AD management more times than I’d like to.

MS finally got around to releasing RSAT, the ADMINPAK replacement. Several new tools are included for managing Server 2008. The download for 32bit Vista is available here and for 64 bit here. I downloaded and installed RSAT last night, after upgrading to SP1, and the admin tools were no where to be found:

Well, it turns out that the download installs all the tools, but places them in a disabled state - seems like a weird way to do it to me. You have to go into “Windows Features” and enable the newly installed tools for them to be available in “Adminstrative Tools:

It took a little while to figure all this out, since documentation is somewhat scarce. Once all of the above was done, I was able to create a custom Management Console with all of the tools I commonly use, and they actually work correctly