January 2010 Archives

As many know I am not a huge fan of Apple, however saying that I have owned 3 iPods, Kelly has an iPhone and I have had to do some support on MacBooks. This writeup will be fairly objective but some Apple abuse may sneak in. This is my initial reactions after watching the presentation online and reading a couple of live blogs or hands-on.

Today Steve Jobs and Apple announced the long fabled tablet like device the iPad. The iPad is not a MacBook minus a keyboard, it isn't even a really big iPhone. The iPad is a 10" big iPod Touch, that is it nothing more. They took an iPod Touch put in a faster processor, added a larger screen and gave you the option of 3G always on Internet access. It runs iPhone OS just like the iPhone / Touch, the only added feature / app is a trimmed down version of iWork. It doesn't have a camera but does have a microphone, this means in theory you might be able to use a skype like application to make calls on it if you wanted to but not a video chat of course.

This is a media consumption device just like an iPod Touch, it is not a creation device like a MacBook or a real tablet computer. There were many that thought it would complete against a slate PC from HP or Dell, but those will have a full OS and have at least pen input if you want to take notes. I am not sure even how good it will be for books for long reading compared to a kindle. I was hoping to see some text book announcements to go along with for electronic interactive texts, but nothing. Maybe some content partner announcements in this area are coming but they haven't been made yet.

The question is if you are a Mac person and have an iPhone and a MacBook what hole in your life does this fill? Even if you don't have an iPhone and / or a laptop / netbook will you want one of these?

Some Pros:
1. It has a familar interface for those that have used an iPhone / Touch.
2. It has all the apps and content from iTunes already even if they will be stretched funny.
3. It has 802.11n and an option for unlocked 3G (at $130 plus $30 a month).
4. It has a nice screen if you wanted to use it as a portable media device (a big iPod Touch).
5. Its starting price of $499 isn't too bad but goes up rapidly.

Some Cons:
1. Why does it have a 1024x768 4:3 screen instead of a 1280x720 16:9 screen? They are almost identical size wise and the 16:9 would work so much better for HD video.
2. No Flash? Trust me I don't love flash but there are a lot of things on the web that use it, none of them will work on the iPad at all. Why does Apple hate flash?
3. Pixel density is down to 132 ppi from the 163 ppi of iPhone / Touch.
4. It weighs half as much or more of a MacBook Air?
5. Its top end price of $829 for 64 GB and 3G plus $30 a month is a bit steep.
6. Why is it still stuck with AT&T and maybe T-Mobile, how about some Verizon love?

Some unknowns:
1. What content partner deals will be made for books, magazines, newspapers and text books. How will the layouts look on the device?
2. 10 hour battery life? If used to watch HD video non-stop or playing a game?
3. How easy is it to break the screen and how much will it cost to repair. A 3" iPhone screen is $200 so a 10" iPad screen is $400?
4. Can a stylus be used to do inking? (I doubt it, but just curious)
5. Does the 3G version come with an AT&T contract by default? Can you go month to month or is it a 2 year contract with ETF?

If I traveled a lot this might be nice as a movie / TV player, iPod and book reader. However just around the house not sure how useful it is.

I am getting pretty consistent 35.9 downloads with speedtest.net, my uploads are all over the place however.  I think this is more due to the testing servers being able to test this speed rather than my connection.  I have tested to other sites and am very impressed.    77.7% of a full T3 for an amazingly low price.  I am paying less now for 35/35 than I paid for 1.1/1.1 SDSL not too many years ago.  The question now is how to harness this speed for good?

Another site gave me this:
** Starting test 1 of 1 **
Connected to: jlab4.jlab.org  --  Using IPv4 address
Checking for Middleboxes . . . . . . . . . . . . . . . . . .  Done
checking for firewalls . . . . . . . . . . . . . . . . . . .  Done
running 10s outbound test (client-to-server [C2S]) . . . . . 36.22Mb/s
running 10s inbound test (server-to-client [S2C]) . . . . . . 35.44Mb/s
The slowest link in the end-to-end path is a 45 Mbps T3/DS3 subnet
[S2C]: Packet queuing detected

The last test is available here.  It said 32/28.

Traditionally the big video game releases have happened in October and November with a bit in December to lead up to the big holiday selling season.  The first change happened I think in 2007 where some big gaming releases moved forward to pre holiday September and even August with Halo 3 and BioShock.  This holiday season it is going the other way to post holiday season releases.  Many releases were delayed to avoid the crowded holiday season or for a little more polishing.  The only problem is now the beginning of the year is so crowded that some titles are now moving back to April-June.  Here is a sampling of just what is coming to XBox 360.  There are huge games coming to PS3 as well like Heavy Rain and God of War III.  Many of this games are multi-platform but some are 360 exclusives.

Jan 5 - Bayonetta and Darksiders

Jan 12 - Army of Two: The 40th Day

Jan 19 - Dark Void

Jan 26 - Mass Effect 2 (Day One must buy for me)

Feb 9 - Bioshock 2 (Day One must buy for me) and Dante's Inferno

Feb 16 - Aliens vs Predator

Feb 23 - Tom Clancy's Splinter Cell Conviction (Day One must buy for me)

Mar 2 - Battlefield: Bad Company 2 Limited Edition (A maybe for me, also I would like to try the first game still as well)

Mar 9 - Final Fantasy XIII

Mar 16 - Dragon Age: Origins Awakenings (First expansion pack (not DLC) for Dragon Age)

Mar 23 - Just Cause 2

This is just the first 3 months of 2010 and almost all of these titles were originally slated for Fall 2009 (if not years earlier in Splinter Cell’s case).  Not all of the above titles are AAA guaranteed hits but a bunch of them are.  It looks to slow down a bit in April but the only slow times may be June and July.  Most likely in August it will all start over again.

Luckily for me I still have some Amazon and Best Buy gift cards from Christmas to use toward the three main ones above for me.

One of my traditions is the getting and playing of video games around Christmas.  A more recent tradition is taking some left over vacation time to stay home and play the games.  Due to the way my vacation rolls over I always seem to have time available to use this time of year.  I think my first one was playing KOTOR in January of 2004.  I have had several gaming vacations in the years since for games like Mass Effect in January 2008.

This year was no different.  For Christmas I got several games to play.  For the XBox 360 I got Left 4 Dead 2, Ghostbusters, Star Wars The Force Unleashed: Ultimate Sith Edition, and I used an Amazon gift card to get Assassin's Creed II.  For the DS I got Scribblenauts (which Kelly has so far played even more than me) and Mario & Luigi: Bowser's Inside Story.  For the Wii I got New Super Mario Bros. Wii.  I even bought Kelly some games as well.  I got her Rock Band 2 and a bunch of tracks since she enjoyed The Beatles: Rock Band game so much and also Toy Story Mania for the Wii.

I started my Video Game Vacation by finishing up Borderlands on 12/30 so I could send it to my brother to share the love as I did with Batman: Arkham Asylum.  I then played Ghostbusters 12/30 – 1/1.  It was a good game if you want to play what is basically the third Ghostbusters movie in game form.  It was pretty short only taking me about 5 hours to beat.  Next I played Force Unleashed 1/2 – 1/5.  This game was a bunch of fun, using your light saber to cut up all the bad guys.  The game took about 7 hours for the main game and then another 2 hours for the DLC that was included for free in the Sith edition.

Throughout these games a bit of Modern Warfare 2, SMB Wii, Toy Story Mania and Scribblenauts was played to fill in the gaps.  The next game I started was Assassin's Creed II on 1/5.  I am still playing the game at this point and I am about 85% done I would say.  Hopefully I can finish it soon because it is a lot of fun.

This however may be one of my last Christmas Video Game Vacations since my wife has indicated I should use my vacation time at more appropriate times throughout the year.  We will see what the next Holiday brings.  If you want to see a humorous automated reporting of my gaming you can see my XBox 360 Blog.

This is going to be a fairly technical post I will warn the reader.  However if you enjoy reading about me causing myself great pain and having to dig out of a hole you might want to skim it.  I am writing this mostly to help others who might get stuck in the same situation I was and also to document it for myself.

On Tuesday November 10, 2009 I was doing some prep work for deploying Exchange 2010 at my work.  As part of this I ran some reports and exports looking for mailboxes (and AD accounts) that I could delete rather than dragging along as dead weight to the new server.  I found that there were roughly 120 users who have left and we no longer really needed their mailboxes.  I also found that those mailboxes accounted for over 40 GB of space which is 15-20% of entire mail data we had.  I talked to my boss around noon to double check which accounts could be safely removed.

At about 2:30 PM I was working in the Exchange Management Console to remove these mailboxes.  I (thought) I had sorted the list based on the Organizational Unit.  I selected what I believed to be only the mailboxes in the Possible Delete Emp OU and then selected remove mailboxes (and AD accounts).  The number removed seemed higher than I expected but I didn’t really think anything of it.  Then I started having prompts asking for my user name over and over.  This was then rapidly followed by several faculty members saying they couldn’t log in.  It was at this point I checked the OU for the faculty.

IT WAS EMPTY!  YES TOTALLY EMPTY!  (This is bad in case you are wondering.)  Oh and my account and my boss’s account was also gone.  To really top things off so were all the accounts for our admin council (the bosses).

At this point I will stop and get really technical for a bit.  I want to describe our infrastructure so that the next steps make the most sense to those who are reading this looking for pointers.

Our Infrastructure:

One Forest / One Domain (as simple as it gets)

Windows Server 2008 R2 Active Directory servers running at a 2008R2 Forest / Domain functional level – 2 Virtual and 1 Physical DC

Exchanger Server 2007 SP2 running on Windows Server 2003 SP2 – Physical

Things that were in place that are good:

Daily full backups of Exchange Database

Deleted Mailbox retention of 30 days on all mailbox databases

Things that would have been great to have in place:

Active Directory Recycle Bin – This is a feature that is new in 2008 R2 but for some unknown reason is not enabled by default (I am sure there is a security / replication reason)

Active Directory Backup – Although doing an authoritative restore is not fun at all

Once I realized what I had done I first briefed my boss so she could brief our head of school (especially since remember I deleted that mailbox too).  Then I started trying to figure out how to fix what I had done.  Luckily my department helped fend off the entire school while I tried to fix the issue.

I first started by looking at the Disconnected Mailbox container in the Exchange Management Console.  Many but not all the deleted mailboxes were listed there.  The fact that they weren’t all listed really confused me, however knowing that I needed the Active Directory accounts first I decided to come back to this later.

I haven’t had to restore a deleted AD object since the Windows 2000 days so I had to do some quick research to determine the best course of action.  I wanted to determine if I had turned on the AD Recycle Bin since I wasn’t sure if I had or not.  After looking into the issue it appeared it wasn’t active.  I could however verify by using Get-ADObject -SearchBase "CN=Deleted Objects,DC=domain,DC=com" -ldapfilter "(objectclass=User)" -includeDeletedObjects | Format-List Name,ObjectClass,ObjectGUID | Export-CSV Deleted.csv that the objects still existed in tomb stoned form.  I found the ADRestore (http://technet.microsoft.com/en-us/sysinternals/bb963906.aspx) utility and the associated KB article.  I wasn’t sure if that was the best route to go so I decided to place a call to Microsoft and initiate a PSS case.  I did this mostly because time was very critical, I had to get this fixed by the next morning at the latest.

After digging around for a while to find a phone number on http://support.microsoft.com (which was not easy) I made the first call at 3:40 PM.  I went through the process of paying for an incident, online I could only buy a 5 pack.  During the case creation I made the case severity A since I was in an outage situation and was willing to work 24 hours a day to get it fixed.  At the end of the call I was told the Active Directory Recovery team had a 2 hour call back policy.  At this point the first waiting game began.

At about 5:40 PM I got the call from MS PSS.  The support representative said he had tried to contact me earlier but I am not sure how since I didn’t have a missed call on cell phone, office phone or an email to home email. (I found out later he called my home phone number somehow, no idea where that number came from.) He may have tried to email my work address but as mentioned above it had been deleted so I wouldn’t have gotten that and I told the call routing agent to not use that one.  I started by explaining to Aman what the situation was.  We started by checking to see if the AD Recycle Bin was active, it wasn’t unfortunately.  We then went through using ldp to verify the accounts were available, which I had already done but he wanted to check.  We then manually recovered my account using ldp which is a pretty tedious process.

A quick side note here to explain why I was trying to restore these accounts rather than just recreate them.  An active directory account is at its core a Global Unique Identifier or GUID.  The GUID is what is used to reference the account in permissions primarily and many other aspects of windows networks.  If I were to recreate the accounts essentially every file on the network and every file on each user’s computer would have to be modified to reflect the new account.  If the account is restored however this is not necessary, this is why it was so important to restore the accounts.  Back to the primary story.

The support rep and I had discussed using ADRestore during the call and it was at this point that is was determined that ADRestore was the best way to go.  (One of my heroes Mark Russinovich to the rescue again.)  I then used ADRestore to go through the 300+ deleted objects and recover the 120 or so that I needed to get back.  I got off the phone at about 7:05 PM with this support rep.

Once the accounts were restored the world was not prefect yet.  When recovered from a tombstone the account is disabled, has no password, has no details and loses all group membership.  The first two I could fix fairly easily since we assign passwords to users via a script and I could just rerun that script.  The third was not a big deal since not much info is stored in AD beyond the needed info.  The last part of group membership was a bit more problematic.  My script assigns people to a primary group but not all the extra groups that people are a part of.  My boss went to work on fixing the groups once I had re-activated all the restored accounts.

At this point it was about 7:30 PM.  We had all the Active Directory accounts mostly back in order and now it was time to tackle the deleted mailbox recovery portion.  As I mentioned above this should have been fairly straightforward thanks to deleted mailbox retention.  The problem however was that not all the mailboxes were showing up and I wasn’t sure if I was going to have to do some full database restores to recover or not.  I decided to initiate a second Microsoft Support Incident with the Exchange group to try and figure out how to proceed.  I hadn’t had to recover accidentally deleted mailboxes in quite a while either.

At about 8:05 PM I made a second call to the support phone number.  This call routing agent was not nearly as helpful.  Somehow the agent got Exchange Server 2007 and Outlook 2007 confused, they are related but not nearly the same thing.  One is the server and the other is the client.  After waiting on hold and getting connected to Outlook support and then getting bounced back to a second call routing agent who then bounced me to a third call routing agent I finally got a case created with the Exchange group at about 8:25 PM.  I again created a case with severity A since I was in an outage situation and was willing to work 24 hours.

At about 8:35 PM the Exchange support rep called me.  I explained the situation to him as well.  We looked at the list to try and determine why some mailboxes were listed and some weren’t.  We also verified the retention policy was correctly in place.  There didn’t seem to be an obvious reason why some were missing.  The support rep then had me run Clean-MailboxDatabase on each of the databases with deleted mailboxes.  This made it so all the deleted mailboxes showed up.  Once they were listed it was a simple (if time consuming) matter of reconnected each mailbox one by one.  I ended the call with this rep at about 8:45 PM.

Another side note to elaborate on Clean-MailboxDatabase (http://technet.microsoft.com/en-us/library/bb124076.aspx).  It is apparently like a tiny subset of ESEUtil to specifically look for deleted mailboxes and cleanup the table listing them.  If I hadn’t been so freaked and pressed for time I probably could have found this myself, but oh well.

I left school at about 9:30 PM to head home and finish the last steps.  From home I went through the process of manually reconnecting all the deleted mailboxes.  I finally finished this about 11:30 PM and went to bed close to midnight.  I headed in early the next morning to be prepared for any further fall-out.

The biggest problems to come out of the whole mess were:

1. Loss of user access from 2:30 PM until the next morning for all faculty and admin council.
2. Loss of inbound email from 2:30 PM until at the latest 11:30 PM.
3. Loss of email due to incorrect group membership.  This was 90-95% correct with 24 hours but the last 5-10% took as much as a month for people to notice that they weren’t on the correct lists.

The one good thing to come out of this was cleaning up some of the above mentioned lists.  Also somewhat verifying recovery procedures is cool too.

Hopefully those of you that have read this far have learned something and maybe won’t make the same mistakes I did.

This morning I spent some time uploading lots of new photos from various events over the last few months.  These aren’t in much of an order, I tried chronologically but some wrap around the others.  Click on the name to be taken to the album for that event.

New Kitchen Work

Kelly at the Triathlon

Halloween Pumpkins

Beatles Rock Band Party

Snowpocalypse 2009
This one includes a video that some may have issues watching but check it out of Narnia showing his snow bunny hop.  Movie

Christmas