Tell 'em what I took, man!

Reflections of a repatriated ex-patriot

Tuesday, November 21, 2006

So the other day I had the bright idea to try this for grins:
  1. Delete all the files on the Toshiba IDE hard drive (the one that came with my laptop, but I removed in favor of a 100 gig Samsung replacement).
  2. Copy all important files to a folder on the C drive of the borrowed Compaq PrettySorryO, and then replace the Samsung laptop hard drive with the Toshiba listed in number one.
  3. Install the newest evaluation copy of Server 2003. Update the drivers if necessary: web cam, headphones, network card, and possibly the removable storage device. In fact, I probably shouldn’t erase the Samsung hard disk until I’m sure I can find and install all the necessary drivers.
  4. The idea is that the drivers necessary for the equipment that’s on that laptop are already loaded in the memory of the Toshiba hard drive, so I shouldn’t have trouble with my sound card any longer.
  5. Also, it might be a good idea to buy a cheap desktop from someone on craigslist. Then I could install another Server computer to screw around with. Or I could just download and use VMWare.

OK, so I tried this. I deleted and formatted the Toshiba IDE hard drive. Then I installed the R2 version of Server 2003 that came with the book. I found a CD with the driver of the network card. I also upgraded a related driver for the network card listed in the device manager. I still should try and find the newest firmware for both the card and router. Although, I should check to see which version of the router I have. I was reading earlier on the Linksys forums that I could have some potential problems if I want to screw around with VPN routing through the Linksys router. Apparently the version 5 & 6 releases of the router had serious limitations to VPN routing, but a guy on the site recommended ‘flashing’ the router with some open source UNIX software, and that seemed to fix the problem.

I haven’t bothered with trying to search for and/or install the drivers for the headphones, web cam, or storage device, but I get the same problem when it comes to the sound card and the PCI card, the drivers for these devices just don’t seem to be supported with Server 2003. Once I get that new computer I’ll once again wipe the notebook hard drive and install XP on it, and hopefully that will have the necessary sound card drivers on it. It makes sense if you think about it. Why should you need to have a sound device on a server? That’s not its purpose. There were also a couple of other devices (consistent with the last install) that failed to load, but I don’t think any of them are necessary for server functionality.

As for the drivers that DO work with the Operating System, namely the Device Driver for the Logitech USB headphones and the web cam (even though it’s not digitally signed), I suppose I can find and copy them to CD from the entries I have in the WINDOWS folder on the Samsung IDE hard disk, which has now become the external drive. When I finally make that laptop my functional production XP computer, I’ll wipe that external drive and use it just for storage: unless, of course I find a cheap laptop that will support it. Then perhaps I can load another operating system on it and have another working networked computer. Maybe I’ll load the version of Puppy Linux I saw available for download. That’s pretty sweet to be able to have a functional operating system for FREE!

Also, I found a lot of really good general information about computing from some PC World articles.

But even after the installation of said OS, the installation of Active Directory, and a brief check of the DNS utility to make sure all of the necessary resource records were there, I was unable to ping client to server / server to client. I suspect firewall problems. How else would I not be able to receive the necessary ICMP packets. What was more perplexing was the fact that I didn’t receive a helpful reply when I ran the nslookup utility on the server.

What’s up wit dat? I think I’m gonna play a game to see how long I can go without getting frustrated or giving up. Also, I think I got rid of File and Print sharing services for the workstation’s NIC based on bad advice when seeking help at an MCSA forum.


Try putting that back on, then make sure the firewall is turned off, then make sure that you’ve got static IP addresses on the client and server and the client is set up to use the server’s IP address for DNS name resolution. Also check the router configuration to make sure that nothing is preventing it from routing packets between machines, though I don’t know what could be doing this, and have never seen the router interfere with traffic on the local network, but I suppose it’s worth a try. Also, give the workstation a reboot and then try to join it. You might even pre-stage the computer account in Active Directory Users and Computers, and then try to join it.

Labels:

Friday, November 10, 2006

Log of Events leading to an eventual career as network administrator or as the head of my own private e-business:


There are a number of skills I must possess in order to ensure optimal performance of a network. The most current issue that has been perplexing me is the inability of my test workstation to join my test domain.


Relevant facts and actions are:
The server is configured as a domain controller, a DHCP server, an IIS server, and a DNS Server. This is necessary, although not best practice, because it’s the only server I have in my possession.


The DHCP server has a scope configured in the private IP address range from 192.168.1.100 to 192.168.1.254. Scope options are configured to assign IP addresses within the range and to provide the DNS server address of 192.168.1.102. This is the address of the server, but I can already see a problem in the fact that I’ve configured the server with an IP address within the scope. It would be better to configure the server with a static address that is NOT within the range, i.e. anything between 192.168.1.2 to 192.168.1.99 as this would prevent the computers (even though all I have is the one workstation) from having IP configuration redundancy problems. I have also assigned a default gateway server option of 192.168.1.1. This is the address of the Linksys wireless access point router within the network used to send packets back and forth between computers and to and from the internet via the ISP. At some point I suppose I should install forwarding for internet accessibility, and use the local DNS server for name resolution to network shares in an internal domain. I’ve disabled DHCP and DNS on the router.


Most of the time the culprit of not being able to join a workstation to a domain is simply entering an incorrect domain name. But this most assuredly is NOT THE CASE, because I’ve checked it a dozen times.


I can ping the workstation from the server and vice-versa. The client is configured to obtain its IP address from the DHCP server. It is able to do this successfully, so it doesn’t seem that the problem lies with DHCP.


However, I am unable to ping the FQDN (fully qualified domain name) of the server from the workstation or server itself suggesting there’s either a problem with Active Directory or the DNS server as these two services are inextricably linked. These are the most likely culprits responsible for the failure of the workstation to find the domain server when I try to join it to the domain. The error I get when the workstation fails to find the domain states that it was unable to find the DNS SRV resource record necessary for joining the domain.
So, in order to diagnose DNS I could use debug logging and / or check the error events on the DNS server Event Viewer. It makes sense to verify whether or not it’s the DNS server that’s causing the problem, as its elimination as a possible culprit would mean it was the Active Directory partition that’s malfunctioning. I should research the results of the Event Viewer errors or the ‘Incoming’ results of debug log. I will document the results of this process in the next post.


Also, I should run the dcdiag command-line utility to test the integrity of the Active Directory server. There are a bunch of diagnostic tools available to troubleshoot server malfunctions. The difficult part is knowing what to do with the information that gets returned, or being able to make any sense of it for that matter.


What I have done so far, in my reckless haste, is to just remove the DNS service altogether and reinstall it with the same parameters as before. This has proved inadequate in solving the problem. I also tried restarting the DNS Server Service to no avail.


Then, in feckless reckless haste I removed and reinstalled the Active Directory partition, something of course you would NEVER want to do in the context of a large production network. But, I did learn that removing the Active Directory and replacing it to make it possible for the workstation to join the domain was also ineffectual. And to further complicate matters, I should have realized that doing so would create a new Administer User Profile that would replace my old one. It makes finding necessary files and folders created in the context of my previous User Profile difficult and time consuming. Plus I have to reinstall a lot of programs and tweak a bunch of settings just to get back to the setup I had before uninstalling the AD. Let that be a lesson to you, young man!


So now, I need to organize the files and folders of the various administrator accounts and merge them into the current profile. In fact, I need to start thinking about which files I plan to save once the evaluation copy runs out of time, and backup those files to the external hard-drive. At some point I plan to get another computer to be used as a full time server, so that I can replace with OS of my laptop with XP Professional (I’m finding some devices and programs just don’t work the same on Server 2003). I suppose the rule is Server is Server and Client is Client and never the twain shall meet.


Ideally, I’d like to find a computer that can run Server 2003 from some schmuck on craigslist who also has a copy of the XP Professional CD because I ended up having to install the one copy I have on a borrowed workstation.


The painful lesson I learned from this fiasco is that if you upgrade to XP Professional, you can roll back to 95, 98, ME, or 2000, but you can’t roll back to XP home edition. I put the evaluation copy of XP on the (borrowed) computer and had to install my legitimate copy on it once the 180-day evaluation period ran out. If I hadn’t, there would have been hell to pay because of all of the files on the computer would have been lost, and I might not have been able to borrow the computer again.


Another issue that has caused me some concern was my inability, back in the day when I successfully networked these two computers in a domain, to copy the local profile and save it to the network share of user profiles on the server. The idea was to do this, and then create a user account in Active Directory with the same name as the local account and point the profile location of the user account to the share on the server. I tinkered with nearly everything I could think of in my ill-fated attempts to do this, including changing the local security policies to deny logon rights to the Administrator. That was brilliant! Luckily I still had another administrator account I was able to use to return the security policies to their default settings. So as you can see, it’s been basically a comedy of errors when it comes to smooth network functionality, but I suppose the important thing I’m learning is what NOT to do.


Rule number one: Don’t do anything in haste and frustration. Problem solving requires patience and discipline. You need to approach each problem you come across with the cool analytical reasoning of a machine. You should use the following process as a guide:

  • Encounter the problem
  • diagnose the circumstances
  • eliminate possible culprits
  • isolate the cause
  • determine a remedy
  • fix the problem
  • document everything you’ve done
  • recreate the problem
  • fix the problem again
  • smirk like a badass

Nowhere in this process is it written to give up, get pissed off, smash the computer with a golf club (although the thought has occurred to me more than once), or state that the problem is beyond your ability to resolve.
Hopefully the next post will be filled with glowing highlights of how I figured out was wrong, successfully joined the computer to the domain, and created a roaming profiles of all user accounts.

Labels: