More Windows fun 5584

snips

On Fri, 02 Jun 2006 13:06:31 -0700, Murphy Douglas

Let's see. The first thing I do is set up another Windows server machine. I hand over the copying of the IIS sites to the other net admin. While she's doing this, I go off and explain to our remaining Exchange user how and why he needs to get his emails off Exchange.

Now, while he's doing that, I get on the horn to follow up on when our new interim router is coming in. Four weeks? Unacceptable. A little digging, I get that down to being drop shipped today.

Now, while that's going on, I look over the existing Windows server box to see what's actually on it that needs to be taken off it. A few things, to be sure, and some of it is going to impact both our office users and some of our hosting customers.

So I compose an email explaining the changes we're making, why we're making them, and how they are liable to be affected. I include my cell # so they can get hold of me 24-7, should something happen to go wrong.

Having fired that off, I check the hardware on the other Windows web server, since the web sites are being consolidated into a single server which is neither of the existing machines. Looks to me like it would be viable, should we actually need a DC for anything.

Having done that, I discover, more or less accidentally, that some emails which should not be going to the Exchange server, are in fact going there. This leads to two separate issues to deal with; one being that there's a bogus MX record somewhere, which we tracked down and fixed. The other is that we have email addresses which should not even exist, yet we're accepting (and presumably delivering) emails for them. Aha! There's a misconfiguration, right?

Sort of; a little further examination reveals that we have not one, but several forwarding chains which operate in a very odd manner; odd enough that users without accounts in a given domain can nevertheless get emails sent to them at that domain. Hmm. We knew we had these, but we thought we'd caught the last of them. Apparently not. Worse, this one has some legitimate accounts in it.

So, how do we sort out the valid from the invalid? Aha. Drop a tracer into the mail handling chain which records the actual stages of delivery; now we have a list, some four pages long, of addresses which are being handled incorrectly, or partially incorrectly, where before we had nothing.

Of course, that leads to another observation; namely that we may still have user accounts on the mailer, where the email has been discontinued. Hmm.

Fine; toss together a quick-and-dirty database that stores all the user accounts on the machine, along with all the email accounts, email aliases and the rest, and generate a report which turns up some 34 such users - and also shows another half-dozen or so minor issues.

Now it's time to deal with the folks who are trying to get remote desktop access. Simple enough, the box exists, it's up, it's running... but it has the same name as another box on the network, and, since virtually everything they do around here is name-based ("rdesktop fred") this is going to cause confusion, so we should probably rename the box.

During that, I've also provisioned a pair of new clustered, active-active load-balancing servers and started doing configuration and load testing on them, did some hardware troubleshooting on a desktop machine upstairs, started building a new database to store everything from user data to system configurations, written most of a script to retrieve and apply the system configuration data, and started creating virtual server images and a Debt Management mechanism which will automatically detect a failed server, kill the server image - and if necessary, the hardware node it's running in - and respawn the image elsewhere, while patching up the IPs and other items necessary to keep things running.

Along the way, I've handled one customer complaint - one which first and second-level tech support couldn't cope with. I've rolled out a temporary fix to the POP server which will respawn the service as needed; it has, lately, been giving us far too many late-night phone messages. I've reconfigured one of the company cell phones because its new owner couldn't figure out how. I've updated the monitoring software to include the new servers, but not include the failing server, which we already know is failing, thank you very much, I don't need to be phoned at 4AM to hear about it.

I've mapped out and repaired the routing tables, both on the primary router and the internal, both of which have issues. I've been investigating what, exactly, is provisioned on each subnet, and why. I've written up a plan to handle the wiring needed to get most of the server farm out of the server room downstairs and into the NOC with minimal uptime.

Along with the rewiring goes a new separation of subnets. For example, all of our servers are going to be "back side managed" - all the backups, Debt Management and the like will be done internally, not over the world-facing ports - and they're going to be on completely separate subnets from everything else. Part of the wiring plan was ensuring correct connections of the two segments - upstairs and downstairs - of the servers onto the same subnet, with complete physical separation of networks to go along with the virtual separation via addressing space.

So... what have *you* done this week?

That would be "you're". If you're going to call someone stupid, don't demonstrate your inability to grasp difficult words containing five letters.

That would be "ain't" and "Incompetent". See, there you go again.