Tuesday, November 20, 2012

SBS 2011 - Essentials 2012 Migration

Back in the Server 2003 era when the 500 account (usually "Administrator") was still in use by many people, it was a good idea to sync your DSRM password with this domain Administrator password in case you needed to perform an AD Recovery at some point.

Now, as the 500 account is disabled when AD is installed in current Server operating systems, this recommendation is no longer possible.  What we do here is use a DSRM password that is specifically *not* one of the Domain Admin passwords and make sure it is recorded.  All of these passwords are over 16 characters and those characters come from all 4 groups - upper case, lower case, numbers and special characters.  We do this simply for added security to the core of the network - the Active Directory.  It also means we can change our regular domain admin accounts and not need to concern ourselves with the DSRM password needing updating, though this synchronizing can easily be handled via scheduled PowerShell scripting or via Group Policy.

So, when migrating from SBS 2011 to Essentials 2012, the migration will fail at 48% and report that your DSRM password is not long enough.  This error is *incorrect* as that is not the issue at all here.  The actual issue is that the administrative account you're using to perform the migration has a password that is different from the DSRM password - and that is not the error message that Microsoft is reporting here.

So, *BEFORE* you start an SBS 2011 (or even an SBS 2008 or SBS 2003(1) or any Server Standard) to Server 2012 Essentials migration, I'd strongly recommend you do the following:

  1. If the source server is a 2003 Server product, ensure you have a domain administrator account who is *NOT* the 500 user (generally "Administrator") and use the credentials for that account for the migration.  We'll assume this user is named "Derp" for the purposes of this exercise.  Make sure the 500 account and the Derp user are using the same password.
  2. If the source server is a 2008 or 2008 R2-based server, then you should already have this user, and we'll use "Derp" for this administrative user in this exercise.
  3. In an elevated command prompt on the source server, type the following command, substituting your actual administrative account for Derp:
    ntdsutil "set dsrm password" "sync from domain account Derp" q q
  4. If the FSM was looking down on you and smiling, you should see the following results:
    C:\Users\Derp>ntdsutil "set dsrm password" "sync from domain account Derp" q q
    ntdsutil: set dsrm password
    Reset DSRM Administrator Password: sync from domain account Derp
    Password has been synchronized successfully.
    
    Reset DSRM Administrator Password: q
    ntdsutil: q
  5. Assuming all other prerequisites have been successfully completed, you should be able to proceed with the migration without it failing at 48% with an incorrect error message.

In the steps above, you could (if you wanted) replace the "Derp" with "domain\Derp" where "domain" is your internal domain, but as this step is being performed on the source server itself, this is not required.

(1) Please be aware that I personally wouldn't be migrating any 2003-based servers to Server 2012 Essentials - I'd likely just do a fresh install.  The main reason for this is that we have no clients running  SBS 2003 that we had originally installed - we've already migrated them to SBS 2008 or SBS 2011 or full server products.  We do have a small number of SBS 2003 clients that we gained after the SBS 2003 was established, and as I'm not a fan of migrating someone else's AD configuration (normally because there's things I'd like to change - like their internal domain name), Therefore I've not actually tested this procedure on an SBS 2003 network, so the above procedure may well not be all that's needed, nor may it actually work if your Source Server is SBS 2003 - there may well be other issues that need addressing and if I come across them, I'll update this post.


Regards,

The Outspoken Wookie

Friday, November 16, 2012

Secular Party Social Lunch - Melbourne

For anyone in and around Melbourne, there will be a social Secular Party Australia lunch on Friday 30th Nov from 12:00 at the Waterside Hotel in Melbourne just before the Australian National Skeptics Convention starts that same evening, just up the road.  For more information, please see http://www.somewheretothink.com.au/events/secular-party-of-australia-pre-auskepticon-lunch/

Regards,

The Outspoken Wookie

Thursday, November 15, 2012

The Appalling George Pell

George Pell clearly has no comprehension at all about how heinous a crime the general society considers paedophilia to be. This man is so far out of touch with reality it is amazing he's still able to breathe. This man is a disgrace to humanity.



Regards,

The Outspoken Wookie

Thursday, November 08, 2012

Secular Party Lunch Before AuSkepticon

Just to let everyone know, I'm heading down to the Australian Skeptics National Convention from 30 Nov - 2 Dec, 2012 in Melbourne.

Just before the Convention, there will be a Secular Party organised (not paid for - they aren't that rich) lunch on the Friday in the CBD.

WATERSIDE HOTEL - 508 Flinders Street (cnr King Street)

It's a pub close to where the Meet and Greet will occur (Melbourne Immigration Museum, 400 Flinders Street) and will be starting at 12 o'clock, likely finishing in the bar before some of us head off to the Convention Meet and Greet at 5:30pm.

If we can get 40 confirmed we can have a private room.

All are welcome - Secular Party members, non-members interested in the Secular Party and people who just want to come along for a decent feed with some Skeptical and Secular friends before the Australian National Skeptics Convention kicks off on Friday evening.  As is normal with these sort of things, the more the merrier! :)

It is a strictly social lunch, ie, we won't be pestering anyone with speeches or joining forms, just food and drinks at your leisure (and your own expense).

.-=-.-=-.

So, if you are coming along, please go to http://www.somewheretothink.com.au/ and book a ticket so that we can let the Hotel know numbers.


Regards,

The Outspoken Wookie

Office 2013 and the Cloud

Can I say, right up front, that I have no issue personally nor professionally with hosted solutions (having recently been re-branded as "Cloud Solutions") per se - after all we've been offering our own hosted solutions to clients for years and supporting other vendors' hosted products for longer.  So, in case anyone wants to think that I'm a nephophobic, well, that's simply not the case.

What I am is a realist.

Sometimes, hosted (aka Cloud) solutions are appropriate to a client's needs.  Sometimes they are not.  There's no "one size fits all" when it comes to the cloud just like there's no "one size fits all" then it comes to on-premises solutions, SmartPhones, hats nor even underwear - you want to (and really need to) find what's the most appropriate fit, customize that where possible/advantageous, and end up with a result that works well for your business needs.  See what I did there? :)

See, I'm a realist.

Do I have a problem with the perpetual license + annual maintenance model for software?  Nope.  This is quite often the way Line of Business (LOB) Application software is sold and is the way much of it has been sold for many years.  Where this is particularly handy is when a client has changed from one LOB application to another and still needs to access their old data.  The perpetual license allows them to (at least) read their old data using the product version that was installed at the time the License (well, likely the Maintenance) expired.

Do I have a problem with a subscription/leasing model for software?  Nope.  Sure, you never get a perpetual license this way, which means that you may well have issues accessing older data once you stop subscribing to the application, but if you know this up front and if you either have imported all the data into a new application or have some other way to access any old data you may need, then this works around that issue.  The vendor providing the cloud solution or the company providing the server and network resources to this vendor *may* well up and vanish, resulting in your inability to access/export your data to another product, but reliable backups and (obviously) choosing a reliable cloud vendor will go a long way towards alleviating these concerns.

Do I have a problem with Office 365?  Nope.  I definitely have issues with being forced to have to buy it through Telstra because of the inherent inefficiencies; monopolised, overpriced channel and general lack of clue that Telstra brings to the product, but I have no issues with the Microsoft side of Office 365 at all - their cloud/subscription offering is suitable in certain circumstances.

What I do have an issue with, regarding the soon to hit the market Office 365, is how Microsoft is stacking the deck whilst still being unable to make simple things happen.  They have increased pricing (in the US, and therefore no doubt also here in Australia when pricing is eventually released) by between 10% and 17% across the board for regular per-device products and at the same time changing the licensing terms and conditions to remove any multi-install rights from these regular licenses.  They have also introduced a number of new Office 365 options for subscription purchases - Office 365 Office Home Premium and Office 365 Small Business Premium.

Now, as we've not yet been given any Australian list pricing, I can only compare the US list pricing and then translate these with the regular 40% or so Microsoft Australia Tax that we pay here.  Actually, in researching this post, I have come across the following ComputerWorld article that outlines the US pricing quite well and pretty much mirrors my thoughts and objections to the Microsoft Office 2013 pricing changes and Licensing T&C changes, so to save me repeating what's already been written elsewhere, I suggest you go and have a read of that.  Notice the price increases that they detail - they are not insignificant.

So, basically, Microsoft is intentionally inflating their regular, perpetual Office 2013 licensing prices so that their new Office 365 pricing is appealing.  Of course, making the Office 365 pricing appealing without these price hikes and license usage reductions to their regular licenses would have meant introducing these new Office 365 lines at better pricing, but that's not going to happen with Steve Ballmer - an accountant - running Microsoft.

Now, the other *major* issue I have with the new licensing options is that none of the Office 365 options allows for installation on a Remote Desktop Server (RDS), so if you are using Office 2013 on an RDS, you'll need to purchase an Open Business or Open Value License as previously and will not be able to take advantage of the new features of the Office 365 Small Business Premium Licenses.  Not very smart, Microsoft.

Now, in a recent meeting with Microsoft, we were told that discussions were taking place around how to address this issue and they the issue was a rather complex one, yet they failed to see my extremely simple and effective solution that would have taken 2 people, 2 cups of coffee and 5 minutes tops in a single meeting involving the Office 365 Licensing Manager and the Open Licensing Product Manager:

O365: We need to have one of the O365 license instances be usable in an RDS environment
OLPM: OK, so we'll issue a RDS key into the Office 365 portal for you for one of the instances
O365: Thanks

And there you have it - Office 365 subscribers would be able to use their Office 365 subscription in a Remote Desktop environment.  See, Microsoft, it wasn't that hard now, was it?  :(

Regards,

The Outspoken Wookie

US Election 2012

To all my American friends,

Congratulations on voting for sanity and rationality over religious fundamentalism and the utter craziness that was being sold by some (definitely not all) members of the Republican Party.

After a "legitimate election" it was refreshing to see that in Missouri, the electorate came out and found a way to shut that whole (Republican misogyny and bigotry) thing down.  Yes, Todd Akin was thrown out and replaced by... wait for it... a WOMAN!  Yes, Claire McCaskill took the seat once occupied by the person so biologically illiterate he thinks there's a fairy living in a woman's uterus that will be invoked after a "legitimate rape" to deny possibility of implantation of a fertilized egg.  (OK, so he doesn't quite think that, but come on - what he *does* think isn't that far removed from that scenario, now, is it?)

Richard Mourdock was vying for election as a Republican Indiana Senator.  This is the man who when asked about his thoughts on whether abortion should be allowed in cases of rape or incest, said "I struggled with it myself for a long time, but I came to realize that life is that gift from God.  And, I think, even when life begins in that horrible situation of rape, that it is something that God intended to happen."  Somehow he didn't get enough votes to represent Indiana.

In Wisconsin, Republican Roger "some girls rape easy" Rivard lost his seat to the Democrat, Stephen Smith.  To make it even more interesting, Wisconsin elected Tammy Baldwin to be the nation's first ex-mormon, bisexual atheist in the Senate.  She is also Wisconsin's first female Senator.

In Illinois, Republican Joe Walsh lost his bid for re-election as Democrat Tammy Duckworth was elected to that seat.  Joe Walsh replied to a question about whether a woman should be allowed an abortion if her life was at risk with "There is no such exception. With modern technology and science, you can’t find one instance."  At least Illinois women now stand a chance.

New Hampshire elected the nation’s first all-female delegation.

Mark Takano became the first Asian-American, openly gay member of Congress.

Maine and Maryland held a referendum during this election and both voted to legalize gay marriage.

Colorado and Washington voted to legalize recreational marijuana usage.  Massachusetts voted to eliminate State civil and criminal penalties for the medical use of marijuana.  Montana voted to impose tighter restrictions on the use, cultivation and distribution of medical marijuana.

After this election, there are now at least 19 female US Senators and at least 6 LGBT members of Congress.

It seems that the tide is turning - women are starting to get fairer representation in the US government.  They do, after all, make up around 50% of the population.  The LGBT community is getting representation, too, which is good to see.  Equality, after all, should apply to all people... equally.

The ridiculous statements from the Tea Party and Republican members about rape, homosexuality and women have been dealt much of the death blow they deserved.  There's still some way to go to have the influence that the fundamentalist far right brought into the cold light of rationality, but some quite large steps have been taken.

It also looks like the Republican members of Congress have now realised that Obama's first term wasn't given to him by the voters as a simple backlash against the lunacy of the "Dubya Gov'ment" but because Americans truly wanted to see some change.  The first term of the Obama was stifled, stopped and subverted by the actions of the Republicans at ever possible point.  Still the people voted for the Democrats as they saw through what had happened.  The US Congress should now be allowed to do what it was voted in for - to govern the people of America, not to have the opposition play silly political power games which stifle the recovery and growth of the country.

Mitt Romney stood under a banner that read "Believe In America" when he publicly conceded defeat in Boston.  I think his wish was answered - the American people showed how much they believe in America by re-electing Obama and showing Romney that despite his money, he was not wanted.

You can't tell 47% of your population to go and fuck themselves and then expect them to vote your party in.  Romney now sees this truth.

So, with that I congratulate the Obama government on being given a second term and I truly hope that the Republicans let the Democrats govern the country properly this time.  It can only get better from here if reforms are put in place to ensure the banking industry is not left to run things on their own and people are started to be treated equally.  Secular policies and politics is the only fair way to govern and to ensure everyone has the right to their personal religious freedom.  Freedom of religion should not ever be able to force one's religious beliefs (or lack thereof) on another person.  Fair government should be able to govern without religious influence over their policies.



Regards,

The Outspoken Wookie