× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.




Hi John,

Okay, i will try it again.

Yes, i know it might seem foreign if you've never worked with Active Directory
before, but it's very important to know these implications.

(This is a simplified explanation, which is not 100% accurate)

Active Directory uses Multi master Replication, and you have multiple Domain
Controllers - a minimum of 2 per Site. All these Domain controllers can make
changes. Each of these changes is marked with the server that did the changes,
plus a USN from the server.

Let's assume the following:

You set up a new domain, join three more domain controllers to it, create 100
objects on the first domain controller. Now, your USN counter is at 100. The
changes replicate to the other three controllers.

Now you make a backup of the first domain controller, using your nwsd.

You create 50 more objects. The USN counter of the server is now at 150. Now
you do a restore using an older copy of the nwsd.

The machine comes up, and has a USN counter of 100. Outbound changes won't
replicate, because other DCs think they've already seen the changes (because
you're reusing USNs). And the AD copy on the first DC is inconsistent, because
you don't get inbound replication for objects you've created.

On W2003 SP1 and later you will get a message in your event log that you're
using an unsupported restore method.

At that point, you AD is an incoherent mess. If you only have one domain
controller (which is a very bad idea), then you won't have these issues,
because there's no replication.

-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx on behalf of Jones, John (US)
Sent: Tue 03.04.2007 05:38
To: Midrange Systems Technical Discussion
Subject: RE: Windows Integration and Longhorn

I did read the KB article but I fail to see how it applies. Activating a
restored or copied network server storage space is NOT considered a restoration
on the x86 side. All Windows (and by extension any apps like AD) knows is that
the server was shut down normally and was later brought back up. I suggest you
read up on how network servers and their associated storage spaces are managed
on the iSeries for a better understanding.



________________________________

From: midrange-l-bounces@xxxxxxxxxxxx on behalf of Lukas Beeler
Sent: Mon 4/2/2007 3:38 PM
To: Midrange Systems Technical Discussion
Subject: RE: Windows Integration and Longhorn



Hi John,

Yes, and that's exactly the problem.

Please read the link i've posted. You will get an USN rollback.

Active Directory uses multimaster replication, and it uses USN to keep track of
replicated and received changes, restoring a disk image will give you a DC in
an inconsistent state.

There are special procedures to be followed when restoring a domain controller
- using a disk image ist _not_ a proper way to do this.

If you don't believe me, or the Microsoft KB, please talk to one of your Active
Directory guys.




-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx on behalf of Jones, John (US)
Sent: Mon 02.04.2007 22:28
To: Midrange Systems Technical Discussion
Subject: RE: Windows Integration and Longhorn

No, with NSW storage spaces you are not 'restoring' the DC. You are
replicating it's disk image. From an x86 perspective, the disk image is
the same as it was before; there was no change, no restore, no copy, no
changes to the boot sector, no changes to the registry, no changes to
detected hardware, no changes to anything at all. Windows, AD, etc.
thinks it was shut down and later restarted. That's all.

Our IXS servers were set up once. They don't require any day-to-day
admin that isn't covered by normal iSeries operations. They are
manually touched for issues like Windows Update, but since they're on a
private hardened subnet that's really optional/irregular.

We didn't size up the hardware to support the IXS. More the reverse; we
have excess DASD capacity as we bought enough arms to ensure good
performance on iSeries workloads. That resulted in spare capacity which
we've used for the IXS. I do agree, though, that buying iSeries DASD
expressly for supporting IXS servers isn't logical unless the other
benefits justify the expense.

Tower-wise, you can get 1.4TB after RAID5 in a 5U 0595. I've got 3 of
'em. Or get the new 24 disk tower and double that; 2.8TB of RAIDed 15K
RPM DASD in 5U.

For the processing power you get, a 2GHz PentiumM, the IXS is not a good
deal. However, factor in the reduced admin, configuration flexibility,
eliminated footprint, etc. and for some workloads it makes a great deal
of sense. Not for all workloads, but for some.

Remote KVM: never needed it. And even if I thought I'd use it, from a
cost-effective architecture standpoint it makes way more sense to buy
that feature once (in the KVM switch) v. once for every server in the
rack.

--
John A. Jones, CISSP
Americas Information Security Officer
Jones Lang LaSalle, Inc.
V: +1-630-455-2787 F: +1-312-601-1782
john.jones@xxxxxxxxxx

-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx
[mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Lukas Beeler
Sent: Monday, April 02, 2007 2:26 PM
To: Midrange Systems Technical Discussion
Subject: RE: Windows Integration and Longhorn

The problem with the Storage Space thingy you're proposing is that this
will have consequences if you're running a DC on that machine.

Read this: http://support.microsoft.com/kb/875495

I don't see how IXS help to save cost on the software side - you will
still need competent windows administrators, and they will still have to
do the same job.

The HW maintenance thing sounds logical at first, but when you have to
size up your System I to be a full blown SAN for all your windows needs,
you will need so many expansion towers that you might be in similar
waters - though the System I might still be cheaper.

When we're talking IXA or iSCSI attachment, you will only have a SAN
left. You will still have to pay for HW maintenance.

Also, I find it embarrassing for IBM that a 5000CHF PC-on-a-Card doesn't
have remote KVM.

I really fail to see the advantages of IXS/IXA as long as they are more
than twice as expensive as a fully loaded System x.

-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx
[mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Jones, John (US)
Sent: Monday, April 02, 2007 9:10 PM
To: Midrange Systems Technical Discussion
Subject: RE: Windows Integration and Longhorn

Vary off Network Server (NWS). Copy Storage Space to backup. Vary on
NWS. After all, you should back up before installing a service pack or
other major app/OS update. Moving on ..

Load Service Pack. SP Fails? Vary off, revert to copy, vary on, do
diagnostics later if on-site required. Optionally, and this is neat,
add the storage space to your NWS as drive D: or whatever and look at
the files from the working NSW. Or boot it to your backup IXS (which
could be in another machine/data center).


The reason we use them? Cost. Server administration is outsourced and
we pay for each physical server. IXS costs $0 to admin over and above
the iSeries admin costs. Also, $0 hardware maintenance costs. Also,
better quality maintenance that PC server providers (I could mention the
YEARS we waited for Dell to replace a failed disk in a RAID set). Also,
with over 200 Windows servers in a single data center, the
zero-footprint IXS helps manage space in the data center. Also, it uses
little power (22 watt PentiumM + some for the rest of the card) over and
above what is used anyway for the iSeries. That corresponds to very
little waste heat as well.


Finally, if you really need it you can get a KVM switch that allows for
remote access, for instance: http://www.minicom.com/kvm_smart16ip.htm

--
John A. Jones, CISSP
Americas Information Security Officer
Jones Lang LaSalle, Inc.
V: +1-630-455-2787 F: +1-312-601-1782
john.jones@xxxxxxxxxx

-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx
[mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Lukas Beeler
Sent: Monday, April 02, 2007 1:54 PM
To: Midrange Systems Technical Discussion
Subject: RE: Windows Integration and Longhorn

And IXS don't have that?

Seems that this isn't really such a great solution...

-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx
[mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Larry Bolhuis
Sent: Monday, April 02, 2007 8:48 PM
To: Midrange Systems Technical Discussion
Subject: Re: Windows Integration and Longhorn

With most iSCSI and IXA attached 'x' the RSA II Is installed so you have

the option to use that if you need it.

- Larry

Lukas Beeler wrote:
Hi John,

I meant the tools used when the OS doesn't boot, for some reason (i.e.
a
failed service pack install, failed upgrade, or similar mishap).

How do I access the system console in such a case? Do I have to go
local? Or do I have some sort of remote access, like the RSA II used
for
"normal" IBM servers?

How do I boot and use the system in Directory Services Recovery mode?
(On an Active Directory Domain ControlleR).

All these thing need access to the system, before the TCP/IP stack is
loaded.

-



--
Larry Bolhuis IBM eServer Certified Systems Expert:
Vice President iSeries Technical Solutions V5R3
Arbor Solutions, Inc. iSeries LPAR Technical Solutions V5R3
1345 Monroe NW Suite 259 iSeries Linux Technical Solutions V5R3
Grand Rapids, MI 49505 iSeries Windows Integration Technical
Solutions V5R3
IBM eServer Certified Systems Specialist
(616) 451-2500 iSeries System Administrator for
OS/400 V5R3
(616) 451-2571 - Fax AS/400 RPG IV Developer
(616) 260-4746 - Cell iSeries System Command Operations V5R2

If you can read this, thank a teacher....and since it's in English,
thank a soldier.

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe,
unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a
moment to review the archives at http://archive.midrange.com/midrange-l.


--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe,
unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a
moment to review the archives at http://archive.midrange.com/midrange-l.


This email is for the use of the intended recipient(s) only. If you
have received this email in error, please notify the sender immediately
and then delete it. If you are not the intended recipient, you must not
keep, use, disclose, copy or distribute this email without the author's
prior permission. We have taken precautions to minimize the risk of
transmitting software viruses, but we advise you to carry out your own
virus checks on any attachment to this message. We cannot accept
liability for any loss or damage caused by software viruses. The
information contained in this communication may be confidential and may
be subject to the attorney-client privilege. If you are the intended
recipient and you do not wish to receive similar electronic messages
from us in the future then please respond to the sender to this effect.

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.


--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.


This email is for the use of the intended recipient(s) only. If you have
received this email in error, please notify the sender immediately and then
delete it. If you are not the intended recipient, you must not keep, use,
disclose, copy or distribute this email without the author's prior permission.
We have taken precautions to minimize the risk of transmitting software
viruses, but we advise you to carry out your own virus checks on any attachment
to this message. We cannot accept liability for any loss or damage caused by
software viruses. The information contained in this communication may be
confidential and may be subject to the attorney-client privilege. If you are
the intended recipient and you do not wish to receive similar electronic
messages from us in the future then please respond to the sender to this effect.

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.






This email is for the use of the intended recipient(s) only. If you have
received this email in error, please notify the sender immediately and then
delete it. If you are not the intended recipient, you must not keep, use,
disclose, copy or distribute this email without the author's prior permission.
We have taken precautions to minimize the risk of transmitting software
viruses, but we advise you to carry out your own virus checks on any attachment
to this message. We cannot accept liability for any loss or damage caused by
software viruses. The information contained in this communication may be
confidential and may be subject to the attorney-client privilege. If you are
the intended recipient and you do not wish to receive similar electronic
messages from us in the future then please respond to the sender to this effect.


As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.