HP Data Protector 6.11 post upgrade database cleanup and defrag

I recently upgraded our Data Protector backup software to 6.11 to get the latest and the greatest. Everything seemed to work just fine, but after a few backup runs I noticed that backing up the Data Protector Database did not work as it should. The log said:

[Normal] From: DBBDA@dpserv.mydomain.intern "[Database]: dpserv.mydomain.intern" Time: 18.12.2009 14:35:25
 STARTING Database HotBackup Disk Agent on dpserv.mydomain.intern "[Database]: dpserv.mydomain.intern".

[Major] From: DBBDA@dpserv.mydomain.intern "[Database]: dpserv.mydomain.intern" Time: 18.12.2009 14:35:25
[81:522] Cannot back up internal database because another database check in progress.

[Warning] From: DBBDA@dpserv.mydomain.intern "[Database]: dpserv.mydomain.intern" Time: 18.12.2009 14:35:26
Cannot un-lock the keystore.

[Major] From: DBBDA@dpserv.mydomain.intern "[Database]: dpserv.mydomain.intern" Time: 18.12.2009 14:35:26
ABORTED Database HotBackup Disk Agent on dpserv.mydomain.intern"[Database]: dpserv.mydomain.intern"

A manual run of omnidbcheck revealed the same thing. I could not find any signs of any other database checks, and a reboot did not help.

Deleting the lock-file (dbcheck.lk) from the {omniback}/tmp folder did the trick though. The backup would go through, but for some reason the backup was unbelievably slow. In fact it would hang for almost 3 hours before even beginning to backup the database. This was not the case on DP 6.0 only one week earlier. omnidbcheck would not report any errors though. Apparently the database needed some cleaning and defragmentation.

I started off running a "omnisv -stop" (to stop all services) and did a cold backup of the whole {omniback}-foldertree. Then I started the services again with "omnisv -start".

I then ran "omnidbutil -info" which showed the following:

Media Management database space usage:

Space used by Diskspace usage Records used Records total
============================================================================
Devices 96 17 20
Libraries 96 2 5
Cartridges 1184 296 852
Compounds 32 0 12
Pools 64 26 30
Media 160 288 297

Catalog database space usage:

Space used by Diskspace usage Records used Records total
============================================================================
Sessions 352 197 284
Objects 256 517 552
Object versions 10080 5236 7810
Positions 12896 77086 97960
Filenames 3175520 31876226 31876278

Detail catalog binary files usage:

Diskspace usage Size limit DC Directory
============================================================================
2068 4096 C:/Program Files/OmniBack/db40/dcbf
----------------------------------------------------------------------------
2068 4096

Session messages binary files usage:

Diskspace usage Num. of files SMBFs Directory
============================================================================
16 191 C:/Program Files/OmniBack/db40/msg

Serverless integrations binary files usage:

Diskspace usage Num. of files SIBFs Directory
============================================================================
0 0 C:/Program Files/OmniBack/db40/meta

I decided to try and purge unused and obsolete filenames from the database:

"omnidbutil -purge -filenames -force" (took a couple of hours) and another "omnidbutil -info" showed this:

Media Management database space usage:

Space used by Diskspace usage Records used Records total
============================================================================
Devices 96 17 20
Libraries 96 2 5
Cartridges 1184 296 852
Compounds 32 0 12
Pools 64 26 30
Media 160 288 297

Catalog database space usage:

Space used by Diskspace usage Records used Records total
============================================================================
Sessions 352 203 284
Objects 256 517 552
Object versions 10080 5354 7810
Positions 12896 77366 97960
Filenames 3175520 13472221 31876336

Detail catalog binary files usage:

Diskspace usage Size limit DC Directory
============================================================================
2099 4096 C:/Program Files/OmniBack/db40/dcbf
----------------------------------------------------------------------------
2099 4096

Session messages binary files usage:

Diskspace usage Num. of files SMBFs Directory
============================================================================
17 197 C:/Program Files/OmniBack/db40/msg

Serverless integrations binary files usage:

Diskspace usage Num. of files SIBFs Directory
============================================================================
0 0 C:/Program Files/OmniBack/db40/meta

Right, apparently there was a lot of unused filename records.

According to HP the best way to clean up and defrag the database would be to export all records and import them right back in again.

I created two empty folders (f:\dump\dp\cdb and f:\dumå\dp\mmdb) and ran

omnidbutil -writedb -mmdb f:\dumå\dp\mmdb -cdb f:\dump\dp\cdb

followed by:

omnidbutil -readdb -mmdb f:\dumå\dp\mmdb -cdb f:\dump\dp\cdb

I then followed the on-screen instructions and took a backup of {omniback}\dcbf and {omniback}\msg
Again I ran "omnidbutil -info"

Media Management database space usage:

Space used by Diskspace usage Records used Records total
============================================================================
Devices 96 17 20
Libraries 96 2 5
Cartridges 448 296 297
Compounds 32 0 12
Pools 64 26 30
Media 160 288 297

Catalog database space usage:

Space used by Diskspace usage Records used Records total
============================================================================
Sessions 288 209 212
Objects 256 517 528
Object versions 6688 5450 5460
Positions 10208 77217 77221
Filenames 1319392 13474587 13474618

Detail catalog binary files usage:

Diskspace usage Size limit DC Directory
============================================================================
2135 4096 C:/Program Files/OmniBack/db40/dcbf
----------------------------------------------------------------------------
2135 4096

Session messages binary files usage:

Diskspace usage Num. of files SMBFs Directory
============================================================================
17 203 C:/Program Files/OmniBack/db40/msg

Serverless integrations binary files usage:

Diskspace usage Num. of files SIBFs Directory
============================================================================
0 0 C:/Program Files/OmniBack/db40/meta

Notice that space usage for the catalog datbase/filenames has decreased by 1.8 GB. Nothing seems to be missing when using the DP Cell Manager GUI and running a omnidbcheck now takes 11 minutes! The slight increase in disk space usage is because I had to run a quite large backup before doing the writedb/readdb operation.

XenServer on HP bl460c servers - nx and sep CPU flags

We just installed two XenServers to check out they hype. People are praising XenServer left and right, so we figured what the heck.

We installed on two HP BL460c G1 blade servers. Installation was a breeze, but when we tried to create a pool with XenCenter and add the two servers we got the following message:

08.12.2009 12:57:22 Error: Adding server 'dnxen2.mydomain.intern' to pool 'DN XenPool' - The hosts in this pool are not homogeneous. cpus differ

A quick look reveals the following difference between the cpus :

[root@dnxen1 ~]# cat /proc/cpuinfo
processor : 0
vendor_id : GenuineIntel
cpu family : 6
model : 23
model name : Intel(R) Xeon(R) CPU E5440 @ 2.83GHz
stepping : 6
cpu MHz : 2833.454
cache size : 6144 KB
fdiv_bug : no
hlt_bug : no
f00f_bug : no
coma_bug : no
fpu : yes
fpu_exception : yes
cpuid level : 10
wp : yes
flags : fpu de tsc msr pae cx8 apic sep mtrr cmov pat clflush acpi mmx fxsr sse sse2 ss ht nx constant_tsc up pni vmx est
bogomips : 5668.59


[root@dnxen2 ~]# cat /proc/cpuinfo
processor : 0
vendor_id : GenuineIntel
cpu family : 6
model : 23
model name : Intel(R) Xeon(R) CPU E5440 @ 2.83GHz
stepping : 6
cpu MHz : 2833.456
cache size : 6144 KB
fdiv_bug : no
hlt_bug : no
f00f_bug : no
coma_bug : no
fpu : yes
fpu_exception : yes
cpuid level : 10
wp : yes
flags : fpu de tsc msr pae cx8 apic mtrr cmov pat clflush acpi mmx fxsr sse sse2 ss ht constant_tsc up pni vmx est
bogomips : 5668.07

The flags "sep" and "nx" are enabled on dnxen1, but not on dnxen2. According to cpufeature.h "nx" is is "Execute Disable" and is a AMD-defined CPU feature (Strane since the CPU is Intel) and "sep" is something called "Sysenter/sysexit". Doesnt tell me much - but this page has a better description of NX: http://blog.incase.de/index.php/cpu-feature-flags-and-their-meanings/

"NX No eXecute, a flag that can be set on memory pages to disable execution of code in these pages"

And it seems like "sysenter/sysexit" are cpu instructions.

So let's have a look at the BIOS:

Advanced Options > Processor options > No-Execute memory protection (Changed from disabled to enabled on dnxen2).

The "Sysenter/sysexit" setting is nowhere to be found in the bios. In fact - there were no other differences between the two servers at all.

However after rebooting both servers list the same flags, so apparently enabling "nx" will enable the "sep"-flag as well. Well, XenServer is happy and and dnxen2 is was able to join the pool.

Off to do more testing.

Netapp FAS 2040 CIFS backup performance benchmark

We recently invested in a new filer from Netapp. Unfortunately we can't do agent based backups of the large CIFS-filesystem on the filer, and NDMP dump to tape is also problematic. Actually the NDMP backup itself is not a problem, but restore is. NDMP backups initiated from Data Protector will do a raw block copy, not a file copy of the individual files on the filesystem and thus making restore quite interesting.

We still chose to go for NetApp though, because we trust that the snapshot functionality will allow us to use less backups to tape (hopefully as little as once or twice a month) and thus making high speed a less of a critical issue.

The obvious solution is to do a normal Network share backup from DP (in production this will probably be done on a snapshot, but for now this will do). Basically I'm going to run a series of tests to determine the number of data streams and virtual tape devices which will give the best performance. Note that there are no other users attached to the NetApp filer or the Ethernet switch.

The results are considerably slower than what we can expect from a larger backup due to the relatively large overhead with small jobs.

I noticed that this type of backup is very CPU intensive on the Cell Manager. It would pretty much max out at 100% constantly during. Memory was not a problem though.

Setup

Server: HP Proliant DL380 G3 / Windows 2003 x86 / 2 GB ram / Dual Intel Xeon 2.8 ghz
Backup software: Data Protector 6.0
Network: HP Procurve 2824 switch (single gigabit connection)
Storage system: NetApp FAS 2040
Tape library: HP 6636 VLS (Virtual tape library) connected to the DP Cell Manager by FC.
Test data: A collection of user home folders on 7 shares containg 39.108 files (19.932 MB)


Test Results

Test 1
1 data stream / 1 drive (Load balancing Min:1 / Max:1 and Concurrency: 1
Total 1427 seconds = 13,97 MB/sec

Test 2
2 data streams / 2 drives (Load balancing Min:2 / Max:2 and Concurrency: 1 per drive)
Total 1128 seconds = 17,67 MB/sec

Test 3
4 data streams / 2 drives (Load balancing Min:2 / Max:2 and Concurrency: 2 per drive)
Total 1002 seconds = 19,9 MB/sec

Test 4
2 data streams / 1 drives (Load balancing Min:1 / Max:1 and Concurrency: 2 per drive)
Total 1135 seconds = 17,56 MB/sec

Test 5
3 data streams / 1 drives (Load balancing Min:1 / Max:1 and Concurrency: 3 per drive)
Total 1015 seconds = 19.64 MB/sec

Test 6
4 data streams / 1 drives (Load balancing Min:1 / Max:1 and Concurrency: 4 per drive)
Total 983 seconds = 20,28 MB/sec

Test 7
5 data streams / 1 drives (Load balancing Min:1 / Max:1 and Concurrency: 5 per drive)
Total 994 seconds = 20,05 MB/sec

Test 8
7 data streams / 1 drives (Load balancing Min:1 / Max:1 and Concurrency: 7 per drive)
Total 964 seconds = 20,67 MB/sec

Test 9
8 (7) data streams / 2 drives (Load balancing Min:2 / Max:2 and Concurrency: 4 per drive)
Total 960 seconds = 20,76 MB/sec

Test 10
I decided to increase the amount of data to 37508 mb and rerun the backup with settings from Test 8 to see if the results would be any better.
Total 1597 seconds = 23,49 MB/sec

I was a little disappointed about the results. They are considerably slower than what I experienced with the old HP MSA1000 SAN using a backup agent. On the other hand - I knew that this type of backup is slow.

It also seems that you wont gain much in terms of speed from using > 3 data streams, but you will stress the Netapp filer a little more (I noticed CPU would be higher the more streams you use. One stream would average 9% on the Netapp and 8 streams would average 14%).

Perhaps I can achieve slightly better results by using a faster CPU on the Data Protector Cell Manager server, but I doubt we're talking about anything higher that 30MB/sec at best.

On the other hand - it really does not matter much on a day to day basis if I'm only going to do a full backup to tape only a couple of times a month. A 3 TB volume should take apx 36 hours to finish.

Microsoft Security Essentials Performance test

Today I grabbed the release version (v1.0) of Microsofts new Security Essentials package (aka Morro) and decided to run a quick and dirty performance benchmark to compare it to a couple of other AntiVirus/Malware solutions.

I tested on an old Celeron 2.2ghz laptop with 512mb ram and Windows XP SP3.

I did the following measurements:

- Boot-up time (from switching on until notepad.exe in the startup folder was running).

- Avatilable physical memory (after bootup has finished)

- Total memory usage

- Deep and Standard scan of a folder containing apx 8000 files /10 gb.

- CPU usage during scan.

First out was Avast version 4.8:

- Boot time: 76 seconds

- Available physical memory: 261 mb

- Total memory usage: 249 mb

- Full deep scan: 1140 seconds

- Standard scan: 260 seconds

- Resource usage during scan is shown below:

Next was ESET NOD32 Business 4.0:

- Boot time: 98 seconds

- Available physical memory: 296 mb

- Total memory usage: 182 mb

- Full deep scan: 290 seconds

- Standard scan: 175 seconds

- Resource usage during scan is shown below:

And finally Microsoft Security Essentials :

- Boot time: 80 seconds

- Available physical memory: 251 mb

- Total memory usage: 261 mb

- Full deep scan: 757 seconds (when selecting a foldertree you're not able to select scanning method)

- Standard scan: n/a

- Resource usage during scan is shown below:

Conclusions:

NOD32 has the lowest memory footprint and the fastest full scanning (although I suspect that it didn't scan inside all archives), but boot-up time is slightly slower than the Avast and MSE. CPU usage during scan is a little lower with Avast than MSE and NOD32, but for all practical purposes you probably won't notice any difference. In fact all these solutions seems to do fairly well on my old, slow laptop.

All three solutions found the malware and viruses I had put in there for the test.

So which one would I choose?

Probably NOD32 if I had the money to spend (especially for business purposes since the business version integrates with a central policy server).

If I had to go for a free solution I would choose MSE. It seems to perform as well as Avast, but has a better and more intuitive GUI (although I miss some advanced options that Avast have). In addition I won't have to go to Avasts webpage to register every year (I have previously installed Avast for friends and family, and this renewal process that Avast requires is really confusing for a lot of people). MSE is basically set-it-and-forget-it.

My only worry is that I have a feeling that Malware/virus-makers are going to target MSE directly if too many people start using it :-)

iTunes 9 - slow startup

After upgrading to iTunes version 9, iTunes is incredibly slow at starting. I have a library of about 2300 songs and it went from loading in about 5 seconds on the last 8.x relase to apx 30 seconds on version 9.0.1.8.

I tried a few tweaks like turning off automatic update on playlists, disabling automatic discovery etc but nothing really made much difference.

When searching through the library file (usually c:\users\{username}\music\itunes\iTunes Music Library.xml) i noticed it had a few links to a network share from which I imported a few files rather than to the local library folder on my c-drive.

These remained from before I checked the "copy files to the iTunes Media folder..."-option. Apparently iTunes 9.x now tries to verify these files upon startup (and fails when the network share is not available). Removing the files from the library and importing them again (creating copies to my local itunes music folder) did the trick. iTunes launching time is now back to what it used to be.

Exchange 2007 - old routing group connectors

The following error recently started showing up on our Exchange 2007 server:

Event Type: Warning

Event Source: MSExchange ADAccess

Event Category: Validation

Event ID: 2159

Date: 20.09.2009

Time: 14:15:30

User: N/A

Computer: EXSRV1

Description:

Process edgetransport.exe (Transport) (PID=4900). Configuration object CN=EXSRV1-EXSRV20,CN=Connections,CN=Exchange Routing Group (DWBGZMFD01QNBJR),CN=Routing Groups,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=DN,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=mycompany,DC=intern read from dc1.mycompany.intern failed validation and will be excluded from the result set. Set event logging level for Validation category to Maximum to get additional events about each failure.

EXSRV20 is our old Exchange 2000 server, and looking at the object with adsiedit shows me that I indeed seem to have forgotten to remove the routing group connectors used when upgrading to Exchange 2007 last year. Brainfart! I guess I was lucky that the object is not valid anymore so the error is being logged.

Powershell does the trick:

Get-RoutingGroupConnector

Name SourceRoutingGroup TargetRoutingGroup

---- ------------------ ------------------

EXSRV1-EXSRV20 Exchange Routing Group ... TRONDHEIM

WARNING: Object DNSRV1-DNSRV20 has been corrupted and it is in an inconsistent

state. The following validation errors have occurred:

WARNING: TargetTransportServerVsis is mandatory.

WARNING: TargetTransportServerVsis is mandatory.

EXSRV20-EXSRV1 TRONDHEIM Exchange Routing Group ...

The following commands:

Remove-RoutingGroupConnector EXSRV1-EXSRV20

and

Remove-RoutingGroupConnector EXSRV20-EXSRV1

disposed of the two connectors in a clean manner, and the eventlog is clean again.

Windows 7 hibernate problems

Theres been one problem with my installation of Windows 7 so far. Ever so often when I start up from hibernate the computer will just omit the hibernate procedure and boot normally instead. It will only happen maybe one out of ten times, but it always seem to happen when I have a lot of stuff running so it's annoying!

According to Microsoft (http://support.microsoft.com/default.aspx/kb/974772) this could be due to a an inconcistency between the physical amount of ram, and the size of the hibernate file. I have 4 gigs and the hiberfil.sys appears to be too small:

C:\Windows\system32>dir /a c:\hiberfil.sys

Volume in drive C has no label.

Volume Serial Number is F08F-0F2D

Directory of c:\

17.09.2009 21:32 2 817 048 576 hiberfil.sys

Microsoft recommends increasing the size (run from cmd.exe as administrator):

C:\Windows\system32> powercfg /hibernate /size 100

The hiberfile size has been set to: 3756064768 bytes.

C:\Windows\system32>dir /a c:\hiberfil.sys

Volume in drive C has no label.

Volume Serial Number is F08F-0F2D

Directory of c:\

18.09.2009 00:25 3 756 064 768 hiberfil.sys

Now I guess we'll just wait and see if it had any effect.

Locale error message in MRBS 1.2.1

We are currently using this neat little php web application for booking resources (meeting rooms, video projectors, video conference equipment etc) called mrbs (Meeting room booking system, http://mrbs.sourceforge.net/). It's really a perfect (free) tool for our use - we tried to use Outlook/Exchange for this earlier but just had to give up - it was too complex for our users. Anyway, now especially our secretaries love mrbs, and as we all know - happy secretaries means happy sysadmins.

It's currently running on an old RedHat 9 server so it's time to move it to a new server.

After installing mrbs 1.2.1 on my new Ubuntu 8.04 server and importing the database from my old Redhat 9 server things worked fine - except one thing. On top of each screen it would always say:

[Warning: Server failed to set locale to "no_NO.utf-8" (Unix)] (in Internet Explorer)

or

[Warning: Server failed to set locale to "en_GB.utf-8" (Unix)] (in Chrome)

On the server my locale is en_US.UTF-8 (LANG=en_US.UTF-8) and after changing the parameter:

$override_locale = "";

to

$override_locale = "en_US-UTF8";

in config.inc.php the annoying error disappeared.

Windows 2003 - dcdiag.exe fails on systemlog test

During Active Directory cleanup I found that dcdiag.exe (see below) gives me a failure warning on the systemlog. I thought this was weird on a otherwise well functioning domain so I decided to check it out.

C:\Program Files\Support Tools>dcdiag

Domain Controller Diagnosis

Performing initial setup:

Done gathering initial info.

Doing initial required tests

Testing server: Default-First-Site-Name\dc1

Starting test: Connectivity

......................... dc1 passed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\dc1

Starting test: Replications

......................... dc1 passed test Replications

Starting test: NCSecDesc

......................... dc1 passed test NCSecDesc

Starting test: NetLogons

......................... dc1 passed test NetLogons

Starting test: Advertising

......................... dc1 passed test Advertising

Starting test: KnowsOfRoleHolders

......................... dc1 passed test KnowsOfRoleHolders

Starting test: RidManager

......................... dc1 passed test RidManager

Starting test: MachineAccount

......................... dc1 passed test MachineAccount

Starting test: Services

......................... dc1 passed test Services

Starting test: ObjectsReplicated

......................... dc1 passed test ObjectsReplicated

Starting test: frssysvol

......................... dc1 passed test frssysvol

Starting test: frsevent

......................... dc1 passed test frsevent

Starting test: kccevent

......................... dc1 passed test kccevent

Starting test: systemlog

An Error Event occured. EventID: 0x00000457

Time Generated: 03/20/2009 09:50:04

(Event String could not be retrieved)

An Error Event occured. EventID: 0x00000457

Time Generated: 03/20/2009 09:50:05

(Event String could not be retrieved)

An Error Event occured. EventID: 0x00000457

Time Generated: 03/20/2009 09:50:05

(Event String could not be retrieved)

......................... dc1 failed test systemlog

Starting test: VerifyReferences

......................... dc1 passed test VerifyReferences

Running partition tests on : ForestDnsZones

Starting test: CrossRefValidation

......................... ForestDnsZones passed test CrossRefValidation

Starting test: CheckSDRefDom

......................... ForestDnsZones passed test CheckSDRefDom

Running partition tests on : DomainDnsZones

Starting test: CrossRefValidation

......................... DomainDnsZones passed test CrossRefValidation

Starting test: CheckSDRefDom

......................... DomainDnsZones passed test CheckSDRefDom

Running partition tests on : Schema

Starting test: CrossRefValidation

......................... Schema passed test CrossRefValidation

Starting test: CheckSDRefDom

......................... Schema passed test CheckSDRefDom

Running partition tests on : Configuration

Starting test: CrossRefValidation

......................... Configuration passed test CrossRefValidation

Starting test: CheckSDRefDom

......................... Configuration passed test CheckSDRefDom

Running partition tests on : dirnat

Starting test: CrossRefValidation

......................... dirnat passed test CrossRefValidation

Starting test: CheckSDRefDom

......................... dirnat passed test CheckSDRefDom

Running enterprise tests on : dirnat.intern

Starting test: Intersite

......................... dirnat.intern passed test Intersite

Starting test: FsmoCheck

......................... dirnat.intern passed test FsmoCheck

First thing I did was to check the system log on the local server, and I found the culprit:

Event Type: Error

Event Source: TermServDevices

Event Category: None

Event ID: 1111

Date: 17.08.2009

Time: 09:50:04

User: N/A

Computer: dc1

Description:

Driver Microsoft Shared Fax Driver required for printer Fax is unknown. Contact the administrator to install the driver before you log in again.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Data:

0000: 00 00 00 00 12 0d 00 00 ........

I also found two more log posts from 09:50:05 saying exactly the same (with different printer names). Hex 457 (0x00000457) = 1111, so basically it seems that dcdiag.exe gives me this warning due to the fact I was running from within a terminal services client session and local printer mapping had failed during connect (which it always does since I don't have the drivers for these printers installed on the servers). I suppose I could always disable printer mapping in the mstsc client prior to connecting, but since it's harmless I think I'll just live with it.

WSS 3.0 on SQL Server 2008 full backup

I recently moved a set of Windows Sharepoint Services 3.0 site collections from SQL Server 2005 to SQL Server 2008. Everything seemed to work just fine, except my old script for full backups didn't go through as expected. I was using the command:

STSADM.EXE -o backup -directory c:\backup\wss_full -backupmethod full

It would give me the following error on one of the databases:

Verbose: [wssserver1_AdminContent] SQL Server Command: BACKUP DATABASE [wssserver1_AdminContent] TO DISK=@db_loc WITH NAME=@db_name, STATS=5, NOINIT, NOSKIP, NOFORMAT, NOREWIND @db_name=wssserver1_AdminContent, @db_loc=c:\backup\wss_full\spbr0005\0000000F.bak

Error: Object wssserver1_AdminContent failed in event OnBackup. For more information, see the error log located in the backup directory.

SqlException: BACKUP DATABASE permission denied in database 'wssserver1_AdminContent'.

BACKUP DATABASE is terminating abnormally.

For once the error message really says it all - it is a permission issue. Even tough I was running the job as a domain admin this account was not member of the sysadmin server role on the SQL 2008 server (necessary for SQL2k8 as domain admins do not have sa-privileges like they did in earlier versions of SQL Server), nor did it have the appropriate permissions on the w2k3admin-kp_AdminContent database. I added the domain user to the db_owner database role and the backup went through.

Wan optimization on a FortiGate 111c

Objective: Testing WAN optimization over Internet using a Fortigate 111c, a Fortigate 30b and a client computer with FortiClient.

The HQ LAN network behind the Fortigate 111c unit is 10.0.0.0/16 and the LAN behind my Fortigate 30b unit at the remote office is 192.168.1.0/24. To connect the two networks I have a route based IPSEC VPN with the 30b running as a dialup client (no NAT), the VPN is verified and working.

I basically tried to follow Fortinets user guide just to get started (FortiGate WAN Optimization and Web Caching):

Fortigate 111c configuration

I created a new WAN optimization authentication group (WAN opt. & cache > Peer > Authentication Group > New)

• Name: auth-fc
• Authentication Method: Certificate
• Certificate: Fortinet_Firmware
• Peer Acceptance: Accept Any Peer

Then I created a Wan optimization rule (Wan opt & cache > Rule > create new)

• Mode: Full Optimization
• Source: 0.0.0.0
• Destination: 0.0.0.0
• Port: 1-65535
• Auto-Detect: Passive

Client PC configuration

Unfortunately the Fortigate 30b unit doesn't support WAN optimization directly, so I installed FortiClient (4.0.2.57) and enabled WAN optimization for all supported protocols. FortiClients firewall and VPN are both disabled:

Testing

That’s it supposedly. It sounds too good to be true, right? I thought so too, but I still decided to try copying some files from a file share to test performance (copy \\server\share\*.* c:\temp). I then checked the monitor on the 111c (WAN Opt. & Cache > Monitor) and things started happening:

Great, but why did it stop at 1.3 mb? I had more data? The cmd windows displayed an ugly “The specified network name is no longer available”. I tried again, but same thing happened.

How about other protocols? I tried Outlook 2007 SP2 for some MAPI / HTTP action! It seemed okay at first, but I noticed the status would go from disconnected to connected and back again every few seconds.

Perhaps we have an unstable connection? But no – a continuous ping from the client pc to the exchange server showed a stable and pretty quick response. Then I checked our main firewall (Checkpoint FW-1). It’s placed between the Fortigate 111c and the Internet.

Fortinets guide mentions that the WAN optimization tunnel uses port 7810, but checkpoint shows that there’s no sign of communication on this port to/from the Fortigate 111c, so everything passes through the IPSec tunnel, as indeed it should.

I then tried rebooting the 30b and the client PC. This resulted in all the WAN optimized protocols becoming entirely blocked. I had to disable WAN in order to do anything useful. After a while I reenabled WAN optimization in FortiClient but the above mentioned instability remains.

I suspected it could have something to do with me running WAN Optimization over the IPSEC connection and not directly between the 30b and 111c.

Time to get in touch with the distributor. Together with a support technician we tried a few things:

We tried disconnecting the 30b and instead running the built-in FortiClient VPN-client - the result was exactly the same. At least we now know the problem is not with the 30b. The support tech from the dealer was also able to reproduce the problem from his own FortiClient.

So we decided to try and get some assistance from Fortinet themselves, so until we get somthing there things are not moving forward :( Ohwell.. Friday - wohoo!

Upek fingerprint reader issue on XPS m1530(?)

Seems like theres a minor issue with the new software from Upek. Whenever the biometrics are turned on (and the Windows Biometric service is running) the CPU load increases noticeably. On my (fairly fast) system this is apx 3-4%, not enough to be a problem but enough to be annoying.

I doubt this is how it's supposed to behave. I have a colleague with a Thinkpad T61 who uses the Upek drivers provided by Lenovo through Windows Update. He seems to have no problems whatsoever, and there is no extra CPU-usage when enabling biometrics.

UPDATE: I was emailed by a very helpful suppport engineer from UPEK who told me that this is expected behaviour and that the Windows Biometric service would stop after apx 3 minutes of inactivity (ie since last time you have used the fingerprint reader). It appears he's right, so I'm a happy camper again. Hey Checkpoint - this is how you treat your customers!

Windows 7 and touchpad scrollarea on a Dell XPS M1530

Seems like I forgot to check everything. The scrollarea on the built-in touchpad does not allow me to scroll horizontally or vertically without installing drivers. The drivers provided for the M1530 by Dell are old, but they have new drivers posted here. They are Vista-drivers but still work like a charm, and even have some new functionality:

Very neat.

Installing Windows 7 on a Dell XPS M1530

Hardware:
Dell XPS M1530, 4 gb ram, Core2 Duo T9500, 320gb SATA disk, Nvidia Gforce 8600m graphics adapter
External LCD Screen: Dell SP2208WFP (connected with a HDMI cable)

Software:
Windows 7 release (build 6.1.7600) enterprise x86.

Installation:
I downloaded Windows 7 from Technet Plus on August 6th and had my computer ready for reinstall the following day.

Installation went like a breeze. It took apx 40 mins from when I insterted the DVD until I was able to use the system. Not bad! Most things seemed to work immediately, including:
- USB mouse
- USB Logitech keyboard
- External infrared remote control for media player (volume, pause/play etc), although there was no onscreen-information when using the remote - you can't get everything!)

Issues:
- The external LCD screen is not found when using detect.
Resolution: I downloaded the latest drivers from nvidia (http://www.nvidia.com/). No problems there.

- The fingerprint reader does not seem to respond
Resolution: I noticed when running Windows Update for the second time (after installing Office 2007) that a update from Dell was among the recommended updates:

After installing this I was able to register my fingerprints in Control Panel > Hardware and Sound > Biometric Devices > Manage your fingerprint data. I logged out and tried using the fingerprint reader to login and it worked - wohoo.. Unfortunately, after I rebooted it seems like it wont recognize my fingerprints anymore. I have to log on using username/password then log out and then use my finger. I'll have to look into this.

UPDATE: Upek just posted a new version of the Protector Suite 2009 on their site. That seems to have fixed my problem.

- Built-in webcamera does not show up.
Resolution: The above mentioned update from Dell took care of this.

UPDATE2: I tried connecting my BH200 bluetooth headset without much success. Turns out I needed the Wireless 355 Bluetooth module (bluetooth 2.0 + EDR). It's for Vista, but seems to work just fine. After installing it I was able to pair the headset and use them (had to press the "reset"-button on the headset first) and even the remote controls worked right away.

Software compatibility:

NOD32 4.0.4037.0 Anti Virus
Even though ESET does not mention Windows 7, I had no problems installing NOD32. I also searched a little on the Wilders security forums, and it seemed like there were no serious issues with Windows 7 and NOD32.

Microsoft Office 2007
I installed Office 2007 Pro from the DVD, then I ran Windows Update and downloaded the important and recommended patches. Quite a few in fact. Installation was a breeze, and I have not noticed any problems yet. It feels much snapper than under Vista!

iTunes
I installed the latest version (8.2.1.6) and replaced the iTunes folder with the one from my old Vista installation and it seems to work just fine! I also installed the neat little tool I used called iTunesKeys which lets you use the special buttons (play, ffwd, rewind) and remote control in iTunes, even when iTunes is not the application in focus. It worked just fine! Now I just wish it'd work when I'm working with virtual machines using VMWare Tools.

Checkpoint VPN-1 SecureClient
Unfortunately there seems to be no version of SecureClient compatible with Windows 7. I read from different users that they had numerous horrible problems so I decided to stay away until Checkpoint makes a compatible version. In my experience this might take some time. I was in excactly the same position when Vista was relased. No information from Checkpoint. Come on guys, at least give us a beta!

Virtual PC 2007
I run a virtual PC hosting a Windows 2003 server x86 installation for work purposes. I downloaded the Virtual PC package here and installed it. Then I simply double clicked the VM-file to boot the server. I had to upgrade the VM drivers, and even though Windows 2003 wasn't on the list of supported operating systems it seemed to work just fine.

Visual Studio 2008
I chose to install everything excelt the SQL 2005 server, but it still gave me a lot of errors at the end of the installation. It seemed like they had to do with various older versions of the older (pre 3.5) versions of the .net framework though, so I decided it might not be such a big deal. And after running Windows Update and rebooting twice, I decided to try it and it seems to work ok. It compiles all the projects I have tried so far.

Daemon Tools / Pismo File Mount
Apparently the only versions of Daemon tools supporting Windows 7 so far are the standard and professional versions. The free lite-version does not support Windows 7 yet (4.30.4). I read numerous reports from people who experienced BSOD etc so I decided to not try. Instead I tried something called Pismo File Mount which really just is a tool for creating and mounting iso-images. It's free and reportedly spywarefree. A nifty little feature is that you can mount iso-files directly in the directory tree (ie you have a iso-file called myiso.iso under c:\temp - which will be available as c:\temp\myiso).

SyncToy 2.0
I did not succeed with this one. SyncToy would traverse my folders (apx 700 files/1 gig) and suggest which files to synchronize (some of them were obviously not correct). Then it would just stop responding. Ohwell, I guess MS will come with a new version, or perhaps they want us all to move on to Live Mesh?