- Sign-up Now!
 - Current Issue
 - Edit Your Profile/Unsubscribe

Subscribe | Media Kit | About Us | All Issues | Subscriber Feedback | Contact Us | Privacy Statement
Sunbelt W2Knews™ Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Mon, Mar 12, 2001 (Vol. 6, #16 - Issue #251)
Fix Them Holes
  This issue of W2Knews™ contains:
    • Your Own W2Knews Profile
    • How We Implemented W2K With NLB and Double-Take Replication
    • YES, You Can Get Your Hands On The W2K Source Code!
    • First Results Of Feb 2001 GIGA/Sunbelt W2K Survey
    • The Things You Have to TELL People #2 (Humor)
    • Get Ready For 'Heavy Traffic' Cell-Phone Support
    • Fix Them Holes: For Security's Sake!
    • Why Buy Diskeeper When There's a Defragmenter In W2K?
  5. W2Knews 'FAVE' LINKS
    • This Week's Links We Like. Tips, Hints And Fun Stuff
    • Designing Security for a Windows 2000 Network
  SPONSOR: SurfControl
Let SuperScout lighten the load. Eliminate bandwidth problems and
strengthen security measures with Internet filtering from
SurfControl. Their innovative use of non-evasive packet sniffing
technology monitors, reports, blocks and manages all TCP/IP
protocols - so your IT staff can concentrate on more important
matters. Download SuperScout FREE for 30-Days:
Visit SurfControl for more information.

Your Own W2Knews Profile

Hi All,

To begin with, a reminder: in the next few weeks you'll get an invitation to have W2Knews at all times in HTML or in TXT, once we get your new profile on-line. This allows you to opt-in to the way YOU want it. I'll repeat this reminder a couple more times so you will remember to actually *do* it [grin]

When I'm done with this newsletter, I'm going to correct the proofs of our third book that will come out in a few months published by New Riders: "Windows 2000 Power Toolkit" It's getting toward the end and looking pretty good.

I'm also very pleased to announce the results of the large Feb 2001 GIGA/Sunbelt Windows 2000 Survey. Great results. Just keep on reading. Lots of stuff happening, let's get to work!

Warm regards,
Stu Sjouwerman
(email me with feedback: [email protected])

  SPONSOR: Alacritech
Reduce Backup Times by up to 50% with Alacritech Server Adapter
Alacritech's innovative server adapters can help you reduce nightly
backup times by up to 50% while reducing capital costs on your
server infrastructure. One customer estimates their organization
saves over $100,000 per year by using Alacritech server adapters
to accelerate servers, networks and applications. To learn more,
please visit:
Visit Alacritech for more information.

How We Implemented W2K With NLB and Double-Take Replication

I was sent many request for more technical information after I talked about our successful upgrade of our webservers from NT to W2K using Double-Take for replication and W2K's built-in NLB. So I asked for a write-up by the Techs that did the implementation, Greg Kras and Frank Consoli of our Florida office. Here's their story:

"Existing old Server Environment: A Dell dual Pentium Pro 200 with 256megs of RAM and a single Intergraph Pentium Pro 200 with 128megs of RAM. Both machines run NT Server 4.0, SP6, IIS4, ColdFusion, WLBS, and Double-Take. There were about 10 different web sites on these 2 WLBS-clustered servers apart from the sunbelt-software site. Stu has some remarkable friends with off-the-beaten-path hobbies like the http://www.barkcanoe.com site we host just for the fun of it.

WLBS (Windows Load Balancing Service, which was renamed Network Load Balancing for W2K) provided the load balancing and fault tolerance for the old sites while Double-Take replicated all web site updates to the second server and our co-located web site in Texas. The 2 servers used ColdFusion to talk to back-end SQL7.0 databases on a different server.

So, how did we get from NT to W2K?

Preparation: Installed and configured W2K Advanced Server on the 2 new Dell web servers. During install I used new server names and different I.P. addresses so that they could coexist on the network with the old servers. I then proceeded to apply service packs, ColdFusion, NLB, Double-Take, etc. on both servers. I then manually configured the web sites on one of the nodes to match the existing configuration.

I first attempted several IIS metabase replication/migration tools but ran into problems, mostly due to the difference in IIS version. Since there were only 10 sites and they were in need of some spring cleaning doing them manually wasn't a bad thing. Once one of the servers had all the IIS information configured I used the "iissync" utility to mirror the configs to the other server. Nice little tool, it can be found in system32/inetsrv. Following that I pretty much rounded out the servers with minor tweaks and configs until I felt comfortable with their stability and functionality.

Implementation: The very first step when I actually started to put these machines into production was to use Double-Take to mirror the existing web site data to one of the new servers. After this was completed, 15 minutes or so, I took one of the old servers offline by unplugging it from the network while leaving the other old server online.

I then took the new server with all the web information and renamed it to the same name as the old server, gave it the correct I.P. addresses, set NLB to not start automatically, and rebooted it. When it came online I gave it a quick test or two and then unplugged the other old server from the network at the same time as I enabled NLB on the new server. After about 5-10 minutes I had worked out all the bugs the reared up such as a wrong password on a DSN, missing a document type in IIS, and a few other small items.

Next I used Double-Take to replicate from this new server to the other new server, much faster going between the 2 new servers. Once this completed I renamed and changed the I.P. addresses on this second server. About and hour or two of poking around to make sure everything was fine and the project was done. During the entire project the web site was only completely down for about 3-5 minutes and partially down for maybe 15.

If you want to create a fault-tolerant web-cluster yourself and need to deploy W2K using NLB, and use Double-Take for replication between the two (or more) nodes we'll be happy to help you. Email us at this address: [email protected] and we'll get you set up. Oh, and if you go to http://www.netcraft.com and enter http://www.sunbelt-software.com into their "What's That Site Running?" you'll see the result of our work..."


YES, You Can Get Your Hands On The W2K Source Code!

Not so fast, not so fast, there are some prerequisites [grin]. Both ZDNet and Client Server News 2000 reported this week that Microsoft has been handing out copies to large W2K users. It's been piloted for 6 months and will now be rolled out to hundreds of other high-end users. These select companies have to sign their life away and promise they will not modify any code. The only thing they *can* do is insert debugging breakpoints into the Windows code to debug their apps. Having the source code certainly helps to understand how Windows works and how to make your own code work with it.

They have to promise there will be no code added, or slip out of their control. Why is Microsoft doing this? Well, not many people know, but the Fortune 1000 has been getting this kind of service from traditional hardware and software vendors for decades. Digital Equipment's VMS OS was licensed to customers this way in the eighties for example. It so happens that NT/W2K's spiritual father Dave Cutler was Digital's Chief VMS Software Architect. IBM has been doing this with their MVS as well.

In other words, if you want to break into the High-End, you need to provide this kind of service. MS is making clear that this is no Open Source initiative, no one is allowed to change code. The program is called the ESLP (Enterprise Source License Program) And this kind of program does not stand alone either. MS has been giving a license to Win-sources to roughly 100 academic and research institutions as well.

And guess what? You can now also start applying to get your hot little hands on these sources. But there are some prerequisites: You have to have at least 1,500 Win2K licenses and you need to be signed up for either the MS Upgrade Advantage program or its Enterprise Agreement. You get W2K Pro, Server, AS and Datacenter, plus all SP's and WXP. Looks like the roll-out will be USA first, and EU a bit later this year. Best to ping your MS-rep on this one! Here's the article:

First Results Of Feb 2001 GIGA/Sunbelt W2K Survey

Many of you participated in the major Windows 2000 Survey we did with GIGA last Feb. Three different research results have come out of this very extensive survey. One of these is the 1-year Report Card on W2K. We will have the full reports (GIGA calls these 'Planning Assumption') on-line the coming week. But here is a sneak preview of the first two:

Giga/Sunbelt Position:

"After one year of deployment in production networks, an overwhelming majority of corporate customers give Windows 2000 Professional and Windows 2000 Server an "A" for Reliability.

"Among corporate accounts that have already deployed Windows 2000, the platform improved its reliability rating by a full 10 percent in the 13 months since its release. Early configuration and deployment problems had more to do with the lack of user proficiency with the new environment, than with any inherent reliability flaws in the core Windows 2000 operating system code. Windows 2000 Professional and Server have been remarkably free of any of the show-stopping bugs that plagued prior 1.0 releases of Windows desktop and server operating systems.

"There are certainly other issues and mitigating factors that can arise and adversely impact an organization's decision to migrate to Windows 2000 Professional and Server - but reliability will not be one of them. Microsoft has at last delivered a rock-solid desktop, laptop and server operating system.

"Windows 2000 Professional deployments are picking up speed as corporations move quickly to retire the Windows 9x desktop operating system. The timetable to deploy Windows 2000 Server is an entirely different story, however. The tale of Windows 2000 Server can best be summed up as a tug of war between quality and complexity. Thus far, complexity is winning.

"To date, only about 30 percent of organizations have begun migrating to Windows 2000 Server in earnest. Windows 2000 Professional upgrades are proceeding at a much more respectable pace - with 45 percent of organizations either having completed or in the midst of a migration, according to the results of the latest joint Giga/Sunbelt Software, Inc. survey of over 1,200 IT professionals worldwide.

"The chief culprits in the measured Windows 2000 Server migrations are complexity; a paucity of skilled IT staff (both within organizations and at systems integrators and outsourcers) and the sheer magnitude of other network upgrade projects desktop and server hardware, software, licensing, security and network infrastructure) that must be done in advance of a Windows 2000 migration. All of these issues are likely to persist for the foreseeable future. The trend of cautious, measured Windows 2000 Server deployments will over the next 12 to 18 months.

Windows 2000 Professional & Server
Performance: A
Reliability: A
Scalability: A
Security: B
Reduced Management: B
Complexity: C-
Active Directory/DNS design: C
Re-training: B-
Application Compatibility: B- (not entirely in MS control)
Licensing issues: F

A lot more detail will come available on both the website of GIGA and Sunbelt. Giga Analysts: Laura Didio and Norbert Kriebel.

The Things You Have to TELL People #2 (Humor)

And here is another Knowledge Base entry. This time coming out of the Compaq KB. Just as much a riot as the last one.


Get Ready For 'Heavy Traffic' Cell-Phone Support

If you have ever found yourself juggling a pager, cellphone and a Palm Pilot trying to look up phone numbers, dialing them and at the same time consult your calendar you know what I'm talking about.

Well, I just saw the new Kyocera's Smartphone that has a FULL Palm Pilot built into it. Looks just like a normal medium size cell phone. But if you open up the hinged keypad, a whole actual Palm window appears.

This $499 marriage between a phone and a PDA is going to be a hit. You yourself, your IT managers and high-end execs are all going to want one of these, despite the fact the screen is a bit smaller and the font is slightly more difficult to read.

This thing is going to sell like hotcakes and everybody and their brother will want to synch it up with Outlook. There's the first wave of IT helpdesk and support problems lurking. The thing's got web access, email, and all kinds of applications that they will load in. This Smartphone has all the features of a modern cell phone, like speed dialing, voice dialing and a speaker phone.

I just bought the Sprint TP3000 as a Christmas present for myself, and now I wish I hadn't. The Kyocera Smartphone is the first actual really successful merger between a phone and a PDA. Microsoft is going to have a heck of a time competing against this thing with their coming 'stinger' phone that promises much of the same.

Fix Them Holes: For Security's Sake!

You probably have all seen the W2KnewsFLASH that I pumped out on a rush basis on Thursday. Well, it's really a wake-up call. Some Russians have made it a business out of hacking and extorting companies. The sad part is that what they use is really an automated scan for known holes in NT. Some of these have been known for years. Some people on the NTSYSADMIN list compared it to companies loudly complaining about burglaries while they had none of their doors locked.

Andrew Baker said: It's like watching BOTH of your neighbor's houses getting broken into and thinking to yourself: "Maybe I should get an alarm... Nah, I don't have anything a burglar would want"

The message is clear. You simply -have- to apply the hotfixes on both NT and W2K. I have been warning about this for y e a r s. It's not really surprising that a few Russki 'entrepreneurs' have taken the opportunity. You guys need to make this a regular cycle, once a week apply the hotfixes all over your domains. I picked up a tool for this three years ago as I could simply see this coming.

Apart from vulnerability scanners, here is a -really- useful little tool that is cheap, does what you need it to, and is extremely easy to implement: SPQuery. Scans your domain, reports on missing fixes, and implements them for you. Integrated with the MS-websites. Easy as pie. Fail to use it and the Russki's come a-knockin' [grin]. But...don't tell me I did not warn you. This kind of utility is one of these tools you cannot afford NOT to use. Download SPQuery here:

The InfoWorld Article:

The Microsoft site where they have combined the patches in a single location. Punch up this link and find out which vulnerabilities are the exact culprits this time around:

Why Buy Diskeeper When There's a Defragmenter In W2K?

Well, let's have a look at what Microsoft states:

"Disk Defragmenter was designed primarily for stand-alone workstations or servers (.) Disk Defragmenter is not intended to be a tool for administrators to maintain networked workstations. This version is not designed to be run remotely and cannot be scheduled to automatically defragment a volume". From: Microsoft Knowledgebase Article ID: #Q231176


"The version included with Windows 2000 provides limited functionality in maintaining disk performance by defragmenting volumes that use the FAT, FAT32, or NTFS file system. MS KB #Q227463

OK, well if they say so themselves, better run Diskeeper on systems that make a mess of their hard disks:


This Week's Links We Like. Tips, Hints And Fun Stuff

  • Instant Exchange, NoFail Email! Attend Marathon Webinar for details
  • A great page from a consultant in Sweden: Which Trojans use what port?
  • Good article on how to catch hackers using Honeypots

    Designing Security for a Windows 2000 Network

    Exam 70-220, Designing Security for a Windows 2000 Network tests the skills required to analyze the business requirements for security and design a security solution that meets business requirements. Security includes controlling access to resources, auditing access to resources, authentication, and encryption. Ideal for you, professionals looking for comprehensive self-study materials to get you through the exam successfully. Years of publishing in this category has shown us that the most asked-for type of study information comes in the comprehensive, study-at-your-own-pace package. New Riders Training Guides, with their objective coverage, emphasis on hands-on knowledge, and practice exams, are an ideal tool for this audience. Thirty six bucks in the Sunbelt Bookclub (add S&H)
    http://www.sunbelt-software.com/bookclub *************************************************************************************************************************************************