Snoozin’

It’s now 10 minutes to 2am in Atlanta, and I just crawled back to my hotel room.  Dial down to the front desk for a wake up call at 6:30am (ouch), and what does the nice lady ask me?

“Would you like a follow-up call at 6:40?”

There is now a “snooze” button for the wakeup call?  BRILLIANT!

 

(in case you haven’t figure this out yet – I’m easily impressed)

Stick a TXT in it

So how do you keep someone from giving a computer the same name as one of your domains?  This is one of the areas where WINS actually comes in really helpful for us internally.  Because a machine cannot dynamically overwrite a static record, we’ve always made sure that there were static WINS records for all of our domains (which we then have to manage when DC’s change IP’s).

Today we had an interesting thing happen though.  Someone got the great idea, to register a host address in DNS which is the same as the name of the domain.  In our case, what happened was that a user registered a record in the NTDEV.CORP.MICROSOFT.COM zone called NTDEV.  In general, most applications didn’t even notice that this occurred, but some tools (such as LDP) and in our case some of the RMS servers started having fits.  The reason was that we push domain search suffixes down to our clients.

The following info came through in the escalation:

I think we have a DNS/WINS problem here:

This doesn’t work:
D:\IPP.tms\test>ping -4 ntdev
Pinging ntdev.ntdev.corp.microsoft.com [172.31.233.151] with 32 bytes of data:
Reply from 172.31.233.151: bytes=32 time=1ms TTL=126
Reply from 172.31.233.151: bytes=32 time<1ms TTL=126
Reply from 172.31.233.151: bytes=32 time<1ms TTL=126
Reply from 172.31.233.151: bytes=32 time<1ms TTL=126
Ping statistics for 172.31.233.151:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 1ms, Average = 0ms

D:\IPP.tms\test>ping -a 172.31.233.151
Pinging garisto-t3.ntdev.corp.microsoft.com [172.31.233.151] with 32 bytes of data:
Reply from 172.31.233.151: bytes=32 time<1ms TTL=126
Reply from 172.31.233.151: bytes=32 time<1ms TTL=126
Reply from 172.31.233.151: bytes=32 time<1ms TTL=126
Reply from 172.31.233.151: bytes=32 time<1ms TTL=126
Ping statistics for 172.31.233.151:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
Now using the FQDN for NTDEV:

But this works as expected
D:\IPP.tms\test>ping -4 ntdev.corp.microsoft.com
Pinging ntdev.corp.microsoft.com [157.54.104.75] with 32 bytes of data:
Reply from 157.54.104.75: bytes=32 time=1ms TTL=57
Reply from 157.54.104.75: bytes=32 time<1ms TTL=57
Reply from 157.54.104.75: bytes=32 time<1ms TTL=57
Reply from 157.54.104.75: bytes=32 time<1ms TTL=57
Ping statistics for 157.54.104.75:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 1ms, Average = 0ms

D:\IPP.tms\test>ping -a 157.54.104.75
Pinging ntdev-dc-04.ntdev.corp.microsoft.com [157.54.104.75] with 32 bytes of data:
Reply from 157.54.104.75: bytes=32 time=1ms TTL=57
Reply from 157.54.104.75: bytes=32 time<1ms TTL=57
Reply from 157.54.104.75: bytes=32 time=1ms TTL=57
Reply from 157.54.104.75: bytes=32 time<1ms TTL=57
Ping statistics for 157.54.104.75:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 1ms, Average = 0ms

Did you see what happened in the first ping? 

When the single label name of the domain NTDEV was entered, the search suffix automagically appended the name of the domain (ntdev.corp.microsoft.com) to it, to create ntdev.ntdev.corp.microsoft.com.  This is normal behavior, previously this query would fail, the client would move to the next suffix in the list which is just “corp.microsoft.com” and end up with ntdev.corp.microsoft.com which is the name of the domain they were looking for.  In this case, the first query worked, so the second one never occurred.

So what did we do, besides deleting the bad record from DNS?  We created a TXT record, with the name NTDEV.  The presence of a TXT record will prevent any other record types from being registered.

TA DA!

The Great Pacific WHAT?

Ok, so those that know me well, would never remotely accuse of “being green”.  Ah heck, ok, I’ll admit it – I drive a Chevy Suburban that reliably gets 10 mpg.

But I don’t think you have to be green to find this really disturbing:

http://science.howstuffworks.com/great-pacific-garbage-patch.htm [1]

 

…The gyre has actually given birth to two large masses of ever-accumulating trash, known as the Western and Eastern Pacific Garbage Patches, sometimes collectively called the Great Pacific Garbage Patch. The Eastern Garbage Patch floats between Hawaii and California; scientists estimate its size as two times bigger than Texas . The Western Garbage Patch forms east of Japan and west of Hawaii…

Maybe you’ve heard about this, apparently it isn’t new.  I never had though, until it was used as a passing reference the other morning on KROQ, and I was certain that they were (as usual) full of crap – nope, apparently the ocean is what’s full of crap, all of our crap.

So welcome to the 21st century, would you like paper or plastic?

[1] Yeah, so “how stuff works” may not be the greatest reference on the web, but it’s what google gave me when I “felt lucky” so it’s good enough for a blog post (more reputable data sources with a better search)

Primary is coming up…

The Washington State primary is coming up on Tuesday, so don’t forget to get out there and vote – unless of course, you’re a democrat – in which case, your vote doesn’t count and you’re 10 days too late.

Freedom of religion?  No, I want freedom FROM 2 of the biggest religious corporations, the Republican and Democratic Parties,  whose mission is to ensure that the “people” don’t accidentally influence their coveted political process.

Quotes

You are only young once, but immaturity can last a lifetime! – Edwin Louis Cole

“Youth ages, immaturity is outgrown, ignorance can be educated and drunkenness sobered, but STUPID lasts FOREVER” – Aristophanes

If you liked that song, you’ll loove Dale’s Dead Bugs, a full service exterminating company. And we’re more than dead bugs. Got a problem? Racoon, roach, silver fish, termite, rat, squirrel? Not flying!! I don’t like them flying squirrels!! And I will not spray a bat.. Bats are vampirical by nature! Ask about our line of cruelty-free pecticides! – Dale Gribble (King of the Hill)

H.O.P.E: Horrific Outcome Per Emotion – AOPA Magazine article about airplane crashes caused when hope overrides logic

There’s a certain group of people who occasionally have to do things that they’d rather not do and make decisions that they wished that they would never have to make.

 

We call those people:  Adults

It’s not a "one-liner" if…

…the language syntax allows you to nest and pipe a dozen commands together.

This seems to be a common theme with the Poweshell folks lately.  A rash of “examples” of how Powershell is so much easier, because you can do something in “one line” in Powershell that takes you 10-15 lines to do in VBScript.

Most recently from this blog:

[guid]((([directoryservices.directorysearcher] “(samaccountname=theuser)”).findall())[0].properties.getenumerator() | ? { $_.name -eq “objectguid”}).value[0]

Seriously, even in the blog post, he had to give instructions for what this thing means. 

“It’s nearly impossible to build a coalition of the rationale people – so it’s a good thing they talk to one another” – DH*

* Damn close to the exact words, or at least best I can remember them, while we were talking about how “strategy” oriented teams tend to fail (no implementation capability) and why engineering/operations teams often work on misaligned efforts (no overall strategy to work towards).  Yet somehow the ship hasn’t run aground (yet)

Geo-Load Balancing

I’ve been spinning a lot of cycles lately on this SCMDM deployment.  Not going to go into it in detail here, but the short version of it would be to think about a near-constant VPN connection between a Windows Mobile phone, and your corporate network. 

The interesting data point that I found today was simply related to the way that our users experience the Internet.  The random thought had occurred to me, is that because of the way that SCMDM works, nearly all of a users web traffic is going to go from their phone, to the carrier, across one of the intertubes to the MDM gateway, then back out across the intertube to the desired website.  (Yeah, humor me here about all the interesting issues with THAT architecture).

Since all of the users web traffic flows from the gateway, what’s the behavior like when accessing sites that are regionally load balanced?  For example, if I’m in France, and put google.com into a browser, then Akamai redirects my traffic to my local google instance, google.fr.  If I’m in Germany, I go to google.de, etc…  You get the point, this redirection works all over the world (if a site wants it to). 

So now, if I am an employee in Germany, and take my SCMDM enrolled phone, and go to google.com, I’m redirected to….Yup, you guessed it:  google.ie   – wait huh?  why would they go to Ireland?  Well, for my employees, their phones would connect to the MDM gateway servers in our Dublin datacenter, so their internet egress point would be located in Dublin, and Akamai would direct them to their “local” instance – google.ie

Hmmm, so if I’m correct in understanding how all this behavior works, then that must also mean that the same weird redirection behavior occurs today for Microsoft users surfing the internet from the corporate network.  Regardless of where in the world they are located, all internet egress occurs from one of the few proxy arrays located in a data center.  So to validate this, I walked the 10 feet down the hallway, to where one of the ISA engineers sits.  I explained to JW what I thought was going to happen to mobile phones, and asked how they were managing it with the ISA servers – answer:  They aren’t.

Interesting data point for the day:  In 5+ years of managing the ISA servers, he’s NEVER heard of a single complaint from users, about the behavior of being redirected to the wrong localized version of a website because of where the proxies are located.

This is all amazing to me – I can generate 100 help desk calls [1] because a subnet shows up with a bad building label, yet he can redirect users around the world to get content and never hears a peep. 

 

 

 

[1]  A useful bit of perspective on Microsoft employees.  We publish quite a bit of information in Active Directory, and one thing we do is printer publishing.  So a user in a building can locate a printer that’s near them – accomplished through mapping and maintaining sites and subnets in AD.  If we have an incorrect subnet, we can slam the help desk with calls from users, declaring that “I’m in building 42 and trying to find a printer, and my laptop says I’m in building 34!!!!”

ScumDum

So my latest “hobby” at work, has been working with the System Center Mobile Device Management (SCMDM, or ScumDum as we sometimes call it).  It’s actually fairly cool, the ability to join Windows Mobile 6 phones to a domain, provide some VPN-like connectivity to get to internal line of business applications, and apply policy (via GPO’s in AD) to mobile devices.

I’ll post more on our internal deployment as it progresses, but just saw that Technet Edge has an interview with a program manager from the product team, you can find it here.