Friday 25 March 2011

Google call them 'Cloud Mechanics'

Was at a great presentation in one of the Google Engineering Buildings last night and again have had my head filled full of more dreams and goals by a Google Engineer/ Sysadmin/ SRE Dean called John Looney.

He has some amazing info, views and ideas on cloud computing - the how, where and why and it was real fun to hear it.

He mentioned something that has been mentioned to me before by Mark Minasi, Don Jones, Greg Shields and James Summerlin. Curt has mentioned it as well for the last 6 years I've known the guy.

If you want to keep your job as an IT person you need to get skilled up. 
  • You need scripting skills.
  • You need networking skills.
  • You need security skills.
  • You need to get your A in Gear and be prepared.
What is coming? 
  1. IPv6
  2. Wrapping traffic up in IPsec.
  3. Loosing firewalls and actually probing the headers/ applications/ traffic sources and god knows what else.
  4. Updates that add features not stability or reliability on a bi weekly basis.
John mentioned several things and I took notes for the whole time but will only post some of the snippets...mostly my words and opinions on the comments I heard and understood.

'THIS IS MY DATA, MIND IT, BUT I WANT IT BACK!'

Debugging Clouds....using what Winston Churchill said
...it is a riddle, wrapped in a mystery, inside an enigma...

SQL doesn't scale well, not a good cloud app.

50% of cloud admins complain system are 'too complex to understand fully' ( recent informal survey of 30 cloud admins)

Complexity+change+pressure= disaster

The two week release cycle.
A great excuse to ship something unfinished and fix it later.

All the failure models of old-school systems can be nitigated with scale.
 (or the world is in big trouble)

Scale can't solve everything.
 ( wiped dns for 5 minutes - GOT A CALL FROM HOMELAND SEC)
Need a plan A, plan B, plan C and on and on.

Use two factor authentications for change.
Use SSL wrappers

There was more, hopefully there will be more, but the notion of a well paid Engineer was mentioned.

The specs that were given for a Cloud Mechanic was impressive though
They add value to a company by getting extra from the software/ hardware/ cloud.
Comprehensive OS knowledge.
Networking.
Software engineering.
Can design efficiency at scale.
Can self project manage and do it well.
Good under pressure ( made the mistakes in some other company)
Never screws up (see above)

They have 15 or 16 of these people and are looking to get 100 to 200 of them.

Where do I sign up? ( I promise I'll learn the stuff)

If you want the full list mail me at mcglynnDOTjoe@gmailDOTcom

Posted by at No comments:

SBS 2011 and a locked out Domain Administrator

I did a silly....I changed the default domain policy and then locked out the only domain administrator account I had. I'd a lot of changes made to it and didn't want to have to redo it so dropped in ERD Commander 6 to reset the account. BUT its doesn't work on SBS 2011!

So what next, some googles, some posting into the minasi.com forum and I got a plan of sorts all culminating in the following steps to unlock the Domain Adminsitrator account on a SBS 2011 box.
Assuming you have the DSRM password, or if not a method to reset the local administrator password try the following.


Boot into DSRM

Then enable DSRM password to login while AD is running.

Edit the registry as follows;

HKLM\System\CurrentControlSet\Control\LSA\DsrmLogonBehavior

Default is set to 1
Change to 2 to allow DSRM Administrator to logon when AD is running.
0 is DSRM Administrator can logon only in DSRM.

Then get a copy of the Windows 2K3 Resource Kit tools copy the tools folder to the C Drive of the SBS Server. Use the following to add a service called EnableAccount
instsrv EnableAccount c:\tools\srvany.exe

Edit - One of the lads on minasi.com has mentioned that it may be possible to use sc create as opposed to loading the W2K3 Resource Kit tools. The syntax would be
sc create EnableService
I have not tested this, but I don't see a problem

Then open the registry again
Navigate to our newly created service:
HKLM\SYSTEM\CurrentControlSet\Services\EnableAccount
Create a key called Parameters
Inside the new key, create a new string value with name Application and set it to C:\reset.cmd


Open notepad and put in the following line to get an output of all accounts.

dsquery user -name * DC=SBS,DC=local > c:\accounts.txt     your domain name will be different (DC=domainname,DC=local/loc/ etc)

Save the notepad file as reset.cmd and the file type as all types.

Now reboot the server.

Login as the DSRM user and open the accounts.txt
Get the full account domain admin name you have locked out
"CN=ABC Admin,OU=SBSUsers,OU=Users,OU=MyBusiness,DC=abcsbs,DC=local"
and put it into the following dsmod queries in the reset.cmd file.


dsmod user ......... -disabled no
dsmod user ......... -pwd Pa$$w0rd
dsmod user ......... -pwdneverexpires yes

In my case something along these lines

dsmod user "CN=ABC Admin,OU=SBSUsers,OU=Users,OU=MyBusiness,DC=abcsbs,DC=local" -disabled no
dsmod user "CN=ABC Admin,OU=SBSUsers,OU=Users,OU=MyBusiness,DC=abcsbs,DC=local" -pwd Pa$$w0rd  (In my case here, Pa$$w0rd)
dsmod user "CN=ABCC Admin,OU=SBSUsers,OU=Users,OU=MyBusiness,DC=abcsbs,DC=local" -pwdneverexpires yes

Save the reset.cmd file and restart the enableaccount service in services.

Logoff and try logging back into the domain, remember to use your SBS domain name and user account as opposed to the DSRM which may be different.
Posted by at No comments:

Monday 14 March 2011

W7/ Server 2008/ Server 2008R2 SP1 service pack issues.

Microsoft have a KB out on the issue that appears to only be effecting OEM installs of W7/ Server 2008 and Server 200R2. The KB is http://support.microsoft.com/KB/975484 and has in the last 2 days had several re-writes already, so expect more!.


The fault appears to cause the machines to stop booting or get stuck in a failure to apply the new settings.The error message is 0xC0000034. If you get it, please pass on the info to the NOC/ IT Admins as quickly as possible so they can make changes to the WSUS server on site to limit the effects.

The fix for the time being is to apply the full service pack to machines and not the WSUS deployment of SP1.

Please be aware there are issues with editing the pending.xml file as discussed in the second link, so please read both before performing a repair.

Info on the issue and repairs;
The repairs;
http://blogs.technet.com/b/joscon/archive/2011/03/09/error-0xc0000034-during-service-pack-1-installations-for-windows-7-and-windows-2008-r2.aspx
http://support.microsoft.com/KB/975484

The issue with editing pending.xml
http://blogs.technet.com/b/askcore/archive/2011/03/11/why-you-don-t-want-to-edit-your-pending-xml-to-resolve-0xc0000034-issues.aspx

Will always look for more info on this, email me on mcglynn.joe (at)gmail.com

Posted by at No comments:
Subscribe to: Posts (Atom)