Tech Corner


2018 2017 2016 2015 2014 2013

Group Policy Housekeeping - Dec 9, 2015

While doing some cleanup of Group Policy I noticed there's a comment field when you examine it in the GPMC. What a useful spot to put descriptive information in I thought. However I found that I couldn't edit it....so I did some Googling and found out how to update it.

I'm not sure why it's so convoluted to update. Would it really be that difficult to just allow you to click on the comment field and edit it directly in the Group Policy details?

Fortunately, once you know how it doesn't take long to do. In GP Management, edit the GP, right click on the name, select Properties, click on the Comment tab and fill in the details.

And that's all there is to it. Now you can document your Group Policies so it makes it easier to figure out what they're used for, who created them etc.

Odds & Ends - Dec 3, 2015

Had an problem recently with one of our Exchange 2010 servers. Mostly just an annoyance, I finally got around to logging a call with Microsoft to get it fixed. The issue was most times when logging in (either locally or via RDP) it would get stuck at either 'Applying Group Policy' or 'Applying Registry Settings' - after between 5 to 10 minutes it'd finish and open up the Desktop.

Whenever this happened Event ID 6005/6006 would be logged in the Event Log. The other weird issue was whenever browsing to various folders on one of our file shares it would try connecting and after a few minutes give up and throw up this error dialog:

I double checked the perms were all the same. I could access the data using the same account on any other server no problem. This server was part of a DAG, and the other server was identical in terms of hardware, drivers, software, patches etc. Also part of the same OU and had the same group policies applied - and everything worked fine on it.

So I put in a call with MS. At first they had me rule out problems with 3rd party apps/services and had me do a clean boot. Then they made some registry tweaks. Then they had me enable group policy logging. Then had me apply various hot fixes. Thinking it might be a NIC issue we even swapped out the motherboard (integrated NICs) with a brand new one. Nothing worked.

Finally after a couple weeks of no progress I gave up and uninstalled Exchange, re-installed the OS, and then re-installed Exchange and added it back to the DAG. After doing this the problems went away.

Unfortunately, I was then unable to setup the database copies again. The copy would go through the motions, copy the DB over, start replaying the log files and then eventually mark it as Failed. I setup a new test DB and was able to setup a copy for it ok so I know there was nothing wrong with the setup.

Another call to MS and they had me try it again, using the EMS this time:

Still the same result. What finally worked was to dismount the source DB, move off (or delete) the log files for it, mount the source DB again, and then try to database copy. Now the copy worked and the DB was in synch on the secondary DAG member. Of course the downside to this procedure is until the next backup runs any chance of restoring data is lost.

On the VMWare side of things, I noticed something odd when moving some VM's from one Datastore to another. Although the move would complete successfully, when looking at the storage section in the Summary it would still show both Datastores.

I verified it was removed from the old one and present on the new one by browsing the Datastore. Did a refresh, exited and re-entered the vSphere console, even did a reboot of the vSphere host. But it still showed both entries.
Put in a call to VMWare support and they nailed the problem right away. These VM's still had their CD mapped to an ISO file stored on the original Datastore.

Once I switched it to use the Client Device the extra entry was automatically removed. You would think that vSphere would warn you when doing the move and maybe newer versions do (we're running 5.1) but unlike the fun I had with the Exchange server, at least the fix is quick and easy.

Enterprise Ready??? - Oct 24, 2015

As soon as Windows 10 was available I downloaded and installed it on my PC at work. I had previously played with one of the earlier pre-releases and was left underwhelmed. So I was curious to kick the tires when it was officially released.

This isn't a review of the product, I'll just quickly summarize my feelings - it's better than Win 8.1, but I see absolutely no compelling reason to upgrade my home PC from Windows 7.

Instead I want to focus attention on a massive issue with using Windows 10 in an enterprise environment. After a couple days of using the product I suddenly started encountering my domain account locking up on me. Not just once or twice, but at least a dozen times a day. Each time I'd have to connect to our domain controller and unlock my account. But within a few minutes it'd lock up again.

As I had made no other changes other than the OS upgrade, I knew Windows 10 was responsible. So I took to Google, and soon found a Microsoft thread with all kinds of people reporting the same issue. There didn't seem to by a rhyme or reason. It was happening on 2012 domains, on 2008 domains, when logging in, after having logged in etc. A work around was posted which was to disable Kerberos authentication. Great, no more lockouts, but I'm now running with weakened security.

Microsoft didn't really know why it was doing it, but they were 'aware of the issue'.

Fast forward 3 months later, and they finally fixed the problem with the Cumulative Update shown below. I've been running a couple weeks since then and haven't had a lockout since. So for any company deploying Windows 10 it's imperative that the base image includes this update.

Personally I think this is a massive screw up by Microsoft. Others cry the usual mantra of 'well you shouldn't deploy a new OS in your environment until it's more mature'. Why not??? This wasn't the Home version, it was the Enterprise version - as in, for an enterprise environment. It absolutely floors me that this got through their testing and quality control. What? No one in Microsoft thought to try the product in a domain environment?? Really?

Sure you might not be able to use the product for more than a few minutes before getting locked out, but hey, now you can finally cut and paste into the command prompt. So I guess that's something.

Cube Crazy - Jul 31, 2015

I had some free time one day and felt like doing one of my many projects still outstanding.

A long time ago I had purchased a see through enclosure for the Mac Cube by Powerlogix, but it sat on the shelf ever since. Obvious the cool thing about it is you can see through to the hardware inside. But in addition, the case is slightly larger than the Apple one, so in theory allows for better airflow. I also did some Googling and was pleasantly surprised to find that with the previous CPU upgrade I had done that it was possible to upgrade from OS X Tiger to OS X Leopard. Leopard was the last OS Apple released which still supported the Power PC processor.

Finally, I had planned on replacing the stock 3.5" hard drive with a 2.5" one. The theory being that as it was smaller it'd use less power and likely be newer. After much searching I found a laptop IDE drive which ran at 7200rpm, the same as the original drive. But being a laptop drive it didn't have the proper connectors (no power connector). So I also had to get a 2.5" laptop convertor. I had planned on swapping the drive first, but after mounting it on a 3.5" tray and putting it in the cube I realized the power connector wouldn't work. It was the wrong direction.

I could have then searched for a small power female/male adapter and used that as an interim to fix the orientation problem, but I then noticed that the voltage rating for the drive (at 5V) was actually a bit higher. So then the only real advantage would have been the drive was a couple years newer. In the end I reverted back to the original drive. If and when it dies, I may swap it out. Or I may use the new drive in one of my other Macs.

Next step was to install the cube in the new case. I read the instructions, and scratched my head a bit, but in the end was able to figure it out. The biggest part was you had to remove the voltage regulator board and mount it on the outside of the cube. Because the new case was larger you were able to do this, you just needed to add a small ribbon cable which was included to connect to the original connector. Once that was done I slid the new case over and screwed in the top. I must admit it looks pretty sharp, other than when you look at the side with the DVD drive it's a bit underwhelming. But from the other angles it looks wicked. The only downside I found was you really have to press down hard on the start button for the cube to power up.

Last step was to do the OS upgrade. I previously bought a Leopard install disc off eBay, so I popped it in and ran the installer. The install disc was version 10.5.3, so it already came with some upgrades applied. But once the install was done I went to System Update and went through and picked the various security, java, and other updates available until everything was upgraded as far as you could go.

Here then is my fully upgrade Mac Cube:

  Power Mac G4 Cube

  Specs: OS X Leopard
  1.5 Ghz PowerPC CPU
  1.5GB Memory
  Radeon 7500 Video card
  PowerLogix Enclosure

Upgrade Mania - Jun 14, 2015

I recently underwent a slew of upgrades. All because I wanted a new printer.

The laser printer we had was really old and we kept having issues trying to print to it - which was connected to a wireless bridge. More often than not I'd have to run upstairs and power cycle it before it would print, which obviously was a pain.

So I did some research and settled on a new HP multi-function printer. As is typical with current products they also scan and fax in addition to printing. I also wanted one that supported Wireless-N so I could set my Apple router to use the faster standard vs. having it in the slower B/G compatibility mode. I checked the specs and confirmed that the HP M225dw supported the faster standard. So I ordered it online, and a few days later it showed up.

I got it unpacked, hooked up, and went to wirelessly print from my newer iMac upstairs - and nothing. It didn't work. After messing with it for awhile I realized why. Yes, it did support Wireless-N, but only the 2.4Ghz band. Which meant I couldn't run my router at the faster 5Ghz speed. Much grumbling and swearing ensued. While looking at my router settings I realized that it was actually pretty old - a 2nd generation model. Time to upgrade.

So I did some more research and found out the 5th generation model supports a dual-band setup. Which allows you to connect devices whether they run the slower or faster speed (I realize the latest Apple router is a 6th generation, but I don't like the much larger form factor which is why I picked it's predecessor). The other cool thing is you can setup a guest network which is great when you have someone over and they inevitably ask you for your WiFi password. After finding a new one online I ordered it and patiently waited.

After it showed up I unpacked it, set it all up, and all was good.....I then went to install the printer driver on my older iMac downstairs, which is my main computer, and realized they didn't have a driver for OS X Snow Leopard. At this point I was ready to start smashing random objects around me. I could technically upgrade to Lion, but Mountain Lion was the minimum supported OS, so it didn't matter. Oh well, I've been wanting a new iMac anyway. Time to upgrade.

Getting the top end, Retina display, iMac wasn't an option for me. In addition to being the first release of a new platform I think the graphic card that comes with it is barely capable of driving such a high resolution. It would definitely be a liability a few OS upgrades later. What I wanted was a fully loaded non-Retina display version. Unfortunately, Apple stopped selling them. You could only get an base level model with no option to upgrade the processor or video card. Before the Retina version came out however, they did sell a build to order option which gave you the faster i7 processor, and a Nvidia GTX 780M with 4GB of video ram. That was the one I wanted.

But they are scarce and the ones available go for a premium. In the end I managed to find one that was new. One of the last in stock by the company selling them in fact, but I paid the price to get it. When it showed up I was like a kid at the candy store as I unpacked it and fired it up. Impressive is an apt description. I haven't yet replaced my old system and copied everything over, but when I do I'm confident it will serve my needs for many years to come.

It all started with me getting a printer for a couple hundred bucks and it ended with me spending several thousand. But that's usually the way it goes...

This 'n That - May 29, 2015
Ran into a few issues lately at work and I thought I'd share the solutions. The problem with trying to troubleshoot by searching the Internet is typically what you find isn't either applicable, or is only partially correct, or is flat out wrong. Hopefully this saves others some frustration.

The first issue I encountered was I went to add more memory to one of our 2008 R2 VM's. So I powered it off, increased the amount of memory it could use, and powered back on. But the amount of memory that was being shown within the VM itself hadn't changed. After scratching my head for awhile I realized what the problem was. I was trying to add more than 32GB of memory and Windows 2008 R2 Standard only supports up to 32GB. Beyond that you need to be running the Enterprise version (Windows 2012 Standard supports up to 4TB). Ok, I guess that meant doing a reinstall right? It turns out there's a command line you can run which will upgrade the version and no reinstall is required. Obviously I'm assuming anyone doing so also has the proper licenses.

To upgrade:

Open up a Command Prompt as Administrator. To see what editions you can technically upgrade to:

DISM /online /Get-TargetEditions

To perform the upgrade:

DISM /online /Set-Edition:<edition ID> /ProductKey:[Generic Key]

While researching how to do this I found out that if you use the same key as before it won't work. You need to use a generic key for the version you're trying to upgrade to. I won't post on here, but if you do a Google search you'll find it quickly enough. I put in the generic key for 2008 R2 Enterprise and it worked with no problems. After the upgrade is done, go back into Control Panel, System and punch in the key that you're licensed for, for that version.

Note: Apparently you can't do this if the server is a Domain Controller. You would first need to demote it.

The second issue dealt with Bitlocker and Microsoft Surface Tablets. We use Microsoft Deployment Toolkit (MDT) to do our imaging and had it setup so our techs could enable Bitlocker when they imaged new machines. We store the key in Active Directory, but do not go the extra step of requiring a PIN. All of which worked just fine on our Desktops and Laptops. But we noticed it didn't work on the Tablets. Once the imaging process was done you'd get an error on the summary screen and when you looked at the C drive it had a exclamation mark over it. Checking the properties showed it wasn't encrypted. After much searching and trial and error I found the solution.

There's an additional option that needs to be selected and you can throw it in either in MDT as part of the Task Sequence or add it using Group Policy. Using MDT, add the following in the Custom Tasks section:

powershell.exe -command "New-Item -Path HKLM:\SOFTWARE\Policies\Microsoft -Name FVE; Set-ItemProperty -Path HKLM:\SOFTWARE\Policies\Microsoft\FVE -Name OSEnablePrebootInputProtectorsOnSlates -Value 1 -Type DWord -Force"

If you want to do this using Group Policy, enable this setting:

Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Operating System Drives\Enable use of Bitlocker authentication requiring preboot keyboard input on slates

Now Bitlocker works successfully on our Tablets!

BioShock Infinite - Apr 3, 2015
So I just finished playing BioShock Infinite, which is the 3rd entry in the BioShock franchise.

I remember when the first one came out it was a refreshing change for the first person shooter. The art deco world it created was vibrant and alive and the gameplay ensured a rewarding experience. The second one was more of the same with the main change that instead of fighting Big Daddy's as you did before, now you were playing as one of them.

The third installment takes the action from the underwater world of Rapture and places you in the role of a grizzled detective tasked with rescuing Elizabeth, the daughter of the God like ruler of the floating city of Columbia. As you are in the clouds, visually it's quite the contrast from before with everything wide open and seemingly endless. While the gameplay is essentially the same, some things have changed slightly. Plasmids are now called Vigors. These give you special powers - shooting fire, making enemies attack each other and so on. You also have the ability to hook onto skylines - overhead tracks which intertwine throughout the city. These are used to gain access to areas otherwise inaccessible on the ground and can also be utilized to give you a surprise advantage by leaping down into the midst of your adversaries.

Story wise, I found this to be more engaging than previous releases. Still, as usually happens in these type of games I would find myself searching everywhere for money or ammo to the neglect of what was around me. I would have to stop more than once and force myself to take in all the details of my surroundings and not just rush through every level. And like before I always seemed to have an abundance of ammo. And when I did run out, Elizabeth would always toss me some to use. I wish they would have made it a bit harder in that aspect.

While the game has gathered nothing but praise from the various reviewers, in one respect I found it to be disappointing. Half-Life 2 came out in 2004. Over a decade ago. And while I haven't played every game made since, I have yet to come across one that had such a detailed and interactive environment. You could seriously interact with everything and the physics engine would respond to everything. Pick up a bottle and smash it against a wall. Pick up a wood plank and throw it in the water and watch it bob around. Shoot out glass windows and so on. I remember being thoroughly delighted the first time I encountered a puddle and instead of going after the bad guys simply had a blast splashing about in it. It seems every other game since simply resorts to texture maps which while they may look pretty ruins the illusion that you're in a real world. And so it is in this one. A perfect example is coming across a bathtub with a toy boat in it. The game lets you turn on the water, but the tub doesn't actually fill. In Half-Life 2 it would fill and the boat would have bobbed about.

That annoyance aside, it was a fun game to play and it is a worthy addition to the franchise.

End Of An Era? - Mar 15, 2015
The death of physical media has been greatly exaggerated.

While I definitely enjoy watching Netflix and have started to watch more video on demand movies, I have no plans to stop buying Blu-ray's anytime soon. There is something to be said for quality. As we're in the process of getting a dedicated home theater room done I decided it was time to upgrade my player. I've had my current player the Pioneer BDP-23FD for several years now and while it's been fairly reliable, it's also starting to show it's age. So what to get? Sadly the trend today is towards cheaper and cheaper players. You can now get some for the price of a toaster. And while that's great for consumer adoption of the format, it also means that people are settling for poorly manufactured commoditized garbage.

Obviously I wanted something high end.

While Sony has the best all round compatibility (let's face it, they invented the format) I decided to look elsewhere. Oppo is the current darling of all the Blu-ray geeks and it did make for a tempting choice. I also briefly looked at some of the really high end stuff from Marantz and Cambridge Audio but they were really expensive. In the end I decided to stick with what I know and get another Pioneer. At last year's CEDIA Expo, they introduced their latest flagship products - the BDP-85FD and the BDP-88FD.

The main difference between the two is the 88 has some higher end features geared towards audio. As I already have a dedicated SACD player I didn't see the need to spend the extra money for it, so I ordered the cheaper model. Unfortunately, Pioneer recently announced that their selling their Audiovisual business to rival Onkyo so in all likelihood this will be the last Pioneer branded player.

After it arrived I eagerly unpacked it. The thing is built like a tank and is very solid. In fact, that's one of it's selling features - it utilizes a double layered chassis. Inside are high end components and it features the ES9018 ESS SABRE DAC, which is considered the best DAC out there. It also features 3D support as well as being 4K ready. So the specifications are obviously impressive, but of course the real test is to fire it up.

I was curious to see how improved load times were as my current player is painfully slow. So I did a direct comparison using my Apocalyse Now disc. Of all the Blu-ray's I own, it is easily the most challenging disc and takes forever to load. In the end, the new player loaded it a full 2 minutes faster which was very impressive. I then went through the setup menu and tweaked away. I was glad that the menu feel and look is identical to before. That said, the remote has changed slightly. Imagine if you took the old remote and combined it with the current Panasonic remotes and you'd have an idea of what it looks like. But that's a minor quibble.

I popped in Sucker Punch and selected the Nazi zombie scene which is what I typically use as my reference scene. As the on-screen carnage unfolded I sat back and let the movie envelop me. It looked and sounded great and I'm very happy with my choice. The BDP-85FD likely represents the end of an era. As such I worry about the future, but for now I'll enjoy the present.

You're Likely To Be Eaten By A Grue - Mar 7, 2015
So now that I have this wicked gaming PC, what's one of the first games I play?

I figured I'd warp back in time to 1980 and fire up a rousing game of Zork I. I've collected numerous classic games over the years and for the longest time wanted to play them in their entirety and instead of just kicking the tires and wallowing in nostalgia actually finish them. I could have tracked down a copy off eBay and fired it up on an Apple II or Commodore machine, but I already had acquired the Zork Anthology a few years ago which contains all the famous Infocom games on a CD and runs on newer systems (relatively speaking).

For those who don't know what I'm talking about, briefly, Zork was the first of several text based adventure games that came out in the 80's. Players would have to read the descriptions and use their imagination as to the world around them versus the modern 3D rendered worlds of today. You would enter commands like 'attack troll with sword' or 'light lantern'. And while quaint by today's standards, these games were surprisingly sophisticated in their text parser. They would also accept more complicated commands such as 'put all the items except the skull in the trophy case'.

So I installed it on my trusty Mac Color Classic and fired it up. I'm sure my face lit up as memories came back to when I first played it so long ago. Back then I never knew exactly what a Grue was, but I do remember they scared the hell out of me! After playing awhile and getting maybe a quarter through it, I realized I had left the rope in the Dam Maintenance Room which then flooded and I was screwed. Then I remembered why I never finished it when I was a kid. These games were hard. Extremely hard. While Zork Anthology came with maps and a hint book which I looked at, I eventually ended up digging up a complete walkthru online.

Hard Playing (And Lots of Cheating) = Victory!

After reading through it, there was some stuff which I realized through repetition and trying every possible thing people would have eventually figured out. But some things were so obscure I don't know how anyone could have finished this game. Bear in mind, back then this was before the internet and you couldn't just Google the solution. Saying 'Ulysses' to defeat the Cyclops? Obviously.

There are several other Infocom games in the package, including the Enchanter trilogy, and I may revist them at some point, but for now I think I'll move on to other things. I might fire up Pool of Radiance or finally get around to finishing Ultima V. Or I might end up playing something new and modern. Such hard decisions to make...

Back In the Game - Jan 31, 2015
One of the things I've missed the most since we moved was playing games on my PC.

The reason I couldn't is I kept going back and forth as to where I wanted it to reside. Originally I was going to have it in the office, but even with the custom desk we had built which spans the wall things were a bit cramped. The biggest issue was where the speakers would go. I was thinking I'd have them in-wall but then I put up my map of the world which messed that idea up. And as the PC would be housed downstairs in the equipment rack I wouldn't be able to use the typical PC speakers. So I thought I'd use some bookshelf speakers connected to a receiver (I already had the electricians run a subwoofer line) but I kept coming back to the fact space would be tight. When we looked at getting the basement finished I thought I'd maybe setup a spot in one of the rooms there to put everything. But in the end I couldn't justify using the space for that when I had a perfectly good office upstairs.

While I was trying to figure things out, I did go forward and run cabling from a custom wallplate in the office down into the basement where the rack was. I hooked the cables up to what was my gaming PC of the time which was a SFF box sitting on the floor. For some reason though when in sleep mode it didn't give enough power for the keyboard to activate it - which meant I had to run downstairs and power it on manually every time I wanted to us it. So I had a computer, but no sound. The fact that I could have just a keyboard, mouse, and monitor on the desk was in itself pretty cool, but I missed not being able to game.

At some point I finally decided what I wanted to do. I would ditch the speaker idea all together and instead just use headphones. This solved all my placement issues and also meant I wouldn't be annoying the wife late at night while I was playing. For Christmas, Santa came along and brought me a sweet set of Sennheiser HD650's. Now I just had to get the audio cable. I ended up ordering a 30' run with 3.5mm connectors from someone in South Korea and patiently waited for it to show up. The last piece of the puzzle was to get a 3.5mm wallplate insert to connect it to in the office.

At the same time I decided I'd update my PC. My existing one I'd been using for over 5 years and it had served me well, but it was time to upgrade. I did a bunch of research and came up with the components I wanted. Having always been partial to Asus motherboards I went with them and an Intel i7 processor. Because this was going into a rack I paid close attention to the thermals and the processor I picked was the ideal balance of performance and power use. As I've never been a fan of integrated audio I went with a standalone Soundblaster. A beefy power supply and Windows 7 were next. The last thing to decide upon was the video card, the most important aspect of any gaming system. It was tempting to get the fastest out there - the Nvidia Titan but it was such overkill for what I'd be using. It'd be different if I was running multiple 4k monitors, but I'm content with my single 24" monitor. Instead I decided to get a 2nd video card of the same make and model that I already had and put it in a Crossfire configuration which uses both cards in parallel.

Yesterday I got around to finishing everything off. First up I installed the new APC UPS in the rack which would keep things running if the power went out. Then I installed the new PC in the rack. Finally I ran the audio cable which was a pain in the ass. I ripped out the existing subwoofer cable and MacGyver'd a tape measure to use as a lead to fish the audio cable up to the wallplate. After lots of blood, sweat, and a couple tears everything was ready. I turned on the PC, put the headphones on, and waited...Success! It all worked! Here then is my new setup:


Asus Gryphon Z97 Motherboard
Intel i7-4770S CPU
Corsair Vengeance 16GB Memory
Dual 1GB Radeon HD4850 Video Cards (Crossfire setup)
Samsung 850 Pro SSD Hard Drive
Sound Blaster Z Sound Card
Sennheiser HD650 Headphones
Athena Power 950W Power Supply
Chenbro RM42300-F Case
Windows 7 Pro 64-bit

This was a huge deal for me and I'm still somewhat in awe as to how absolutely awesome this setup is. Now I can sit back and take on zombies, slay dragons, blast aliens or whatever strikes my fancy.