Preventing Mac OS X from becoming a Master Browser on Windows networks

March 5, 2012 Leave a comment
  • System Notes: Mac OS X 10.5.x and 10.6.x, Various Windows Clients

The organization I work for has a network of Windows clients, with 3 Mac systems thrown in by the Marketing department for artistic and production needs.  The three Macs are configured for normal Windows network browsing, but are not a part of our Active Directory infrastructure.  They tend to take turns taking over as the master browser for the default WORKGROUP setup, and they have never been able to provide any type of browsing support for any other systems that use the WORKGROUP non-AD setup.

After searching in vain for a solution to this problem in the past, I just recently revisited the issue and finally found a solution, which I present here with other Windows administrators in mind (and this assumes you have at least a minor proficiency in navigating the OS X interface):

  1. Open the Terminal application from the Utilities group in OS X.
  2. Type in sudo nano /etc/smb.conf.
  3. Find and move to the [global] section of the file.
  4. Either change, or add, the following lines:

              os level = 0
              lm announce = False
              preferred master = False
              local master = No
              domain master = False

Restart the Mac once these changes are complete.  This should prevent it from attempting to do anything related to network browsing, at least from a list hosting or master browser perspective.  It will not prevent the Mac from browsing other already available network resources.


Converting Hyper-V guest systems to VirtualBox

August 4, 2011 5 comments
  • System Notes: Oracle VirtualBox 4.0.12, Windows Server 2003 R2 X64, Windows Server 2008 R2

My main Hyper-V server host system runs four production and three development/testing guests, with the four production and one of the development/testing systems in use 24×7.  Memory was becoming extremely tight on the host system, especially when running either of the two remaining development/testing guests along with the regular 24.×7 guests.

Since the two development/testing guest systems were really just for security patch and software upgrade testing, I decided to try and move them over to Oracle VirtualBox on my main workstation.

If you are converting a guest Windows server that is running anything earlier than Windows Server 2008 R2, you should first remove the Hyper-V Integration Services from the guest, to prevent any BSOD startup problems after you move the guest over to VirtualBox.

When setting up a Windows Server 2008 R2 guest system using an existing VHD file for the primary hard disk, you must make a change in the VirtualBox Settings.  The VHD will be attached as a SATA drive by default, and you will get a BSOD if you try to boot it this way.  You need to remove the VHD file from the SATA controller and re-add it as an IDE hard drive.  See this link for a specific discussion of this problem.  See my previous blog entry Switching from IDE to SATA controller types for older Windows guests in VirtualBox for specific details on working with IDE and SATA virtual drive files.

Additional Notes:

Just a bonus quick reference note for VirtualBox:  you can use Ctrl-Arrow to move systems up and down the list on the main Oracle VM VirtualBox Manager window.  Just highlight the system you want to reorder and press Ctrl-Up or Ctrl-Down.

Switching from IDE to SATA controller types for older Windows guests in VirtualBox

May 7, 2011 1 comment
  • System Notes: Oracle VirtualBox 4.0.6, Windows XP, Windows Server 2003

I have been unable to find a decent source of material online that covers how exactly to switch from using IDE drive controllers to SATA drive controllers for older Windows guest systems under VirtualBox.  After much experimenting on my own guest systems, this is the way I have found that works:

  1. Create the guest system as you normally would, using the default IDE controller and a new VDI file for the hard drive.
  2. Install the operating system and get it up and running.
  3. Download the most recent Intel Rapid Storage Technology drivers from the Intel web site.  Use the one appropriate for your operating system, whether 32 bit or 64 bit (Intel changes things regularly, but the most recent link I have for them is here).
  4. Make sure the new guest system is shut down.  Add a SATA drive controller to the Storage entry under the Settings for the new guest system in VirtualBox.
  5. Restart the new guest system, and do not install any drivers when prompted by Windows.  Run the installer for the Intel Rapid Storage Technology drivers, and shut down the system after install.
  6. Under the Storage entry for the Settings of the new guest system in VirtualBox, remove the existing VDI hard drive file from the IDE storage controller, and re-attach it as a hard drive under the SATA storage controller.
  7. Restart the new guest system.

Additional Notes:

I verified this method works with Windows XP (32 bit), Windows Server 2003 (32 bit), and Windows Server 2003 R2 (both 32 and 64 bit) guest systems.  An Intel ICH8M-E/M controller should be indicated during the install of the Intel Rapid Storage Technology drivers.  I have not retested performance on my systems after this conversion, but I have read elsewhere that it can make a big difference, especially to lower the resource draw on the host system itself.

Virtual guests using VHD files for their hard drives do not start when moving from Virtual PC to VirtualBox

April 25, 2011 Leave a comment
  • System Notes: Microsoft Virtual PC 2007 SP1, Oracle VirtualBox 4.0.4

I recently upgraded one of my production workstations, and wanted to move from Microsoft Virtual PC to Oracle VirtualBox, due to the increased horsepower of the new workstation.  In doing this, I had read online about the fact that VirtualBox supported the VHD hard disk files native to Virtual PC guest systems, and that it was a mostly seamless process to move from virtual host to the other.

I had four virtual guest systems that I use for testing to be moved.  Three of them were servers, comprising Windows 2000 Server Standard, Windows Server 2003 Standard, and Windows Server 2003 R2 Standard, and one was a Windows XP SP3 system.

After adding the systems to the new Oracle VirtualBox installation, two of them started and ran normally, and two hung at startup with a blank, black screen, with no indication they were doing anything at all.

The solution to the problem of the two systems hanging at start ended up requiring a conversion of the guest hard drive files from VHD to VDI.  This process was simple to complete using the CloneVDI tool, which is available for download here.  There is a good discussion of this problem and the solution on the VirtualBox forums here.

Categories: VDI, VHD, Virtual PC, VirtualBox

How to move virtual guest servers from Hyper-V on Windows Server 2008 to Hyper-V on Windows Server 2008 R2

August 15, 2010 Leave a comment
  • System Notes: Windows Server 2008 Standard x64, Windows Server 2008 R2 Standard x64

Now that Windows Server 2008 R2 has been out for a while, and I have gained some experience with it, I have found it to be much easier to work with than Windows Server 2008, although honestly the differences are not that great. It’s simply more refined and it really does seem as if Microsoft listened to their customers and worked all the kinks out.

I have one production Windows Server 2008 Standard x64 that we use simply as a Hyper-V host for four virtual server guests, all running Windows Server 2003 R2 (in both x86 and x64 editions). We now want to upgrade the 2008 server to R2. Concise information from Microsoft on doing this can be found at this link.

Test scenario:

  1. Build a Windows Server 2008 Standard x64 host server running the Hyper-V role, complete with Service Pack 2 and all patches available through August, 2010.
  2. Add Windows Server 2003 R2 virtual guest servers, both x86 and x64 editions. Add Service Pack 2 and all patches available through August, 2010 to both guest servers. Add various file shares for testing purposes after move to Hyper-V R2 host server.
  3. Use the Export feature of Hyper-V to export guest servers for later import to Hyper-V R2 host server (see link provided above).
  4. Build a Windows Server 2008 R2 Standard x64 host server running the Hyper-V R2 role, complete with all patches available through August, 2010.
  5. Import guest servers to the new host server using the Hyper-V R2 console. Make sure to use the “Duplicate all files” option (see Additional Notes below).
  6. Start and verify guest servers, including network and share access, and review the Event Log for any errors.

Additional Notes:
When importing servers to the R2 host, make sure you select the “Duplicate all files so the same virtual machine can be imported again” option, if you want your virtual guest files to go to the default set of folders on the R2 host (see this link). I figured this one out the hard way, before reading the details provided in the link. I also received a few errors during the Import process of the virtual guest servers. They related to a change in the network configuration and network switch name, and were easily correctable through the Settings interface for each of the servers. Don’t forget to update the Hyper-V Integration Services once the guest servers are imported to the new R2 host.

Categories: Hyper-V, migration, R2

Moving from Barracuda Spam Filtering to Google Message Security (Postini)

August 5, 2010 Leave a comment
  • System Notes: Barracuda Spam & Virus Firewall 300

At the organization that I work for, we decided to move from an internally hosted Barracuda Spam & Virus Firewall 300 appliance to externally hosted Google Message Security (Postini) for spam filtering. This will have several benefits, the primary one being that we save the Internet bandwidth that was previously being used for inbound spam messages that just ended up getting dumped by the Barracuda in the first place. We also save on the power, rack space, and potential failure of the Barracuda device itself.

This decision was not made because of dissatisfaction with the Barracuda. It has worked very well over the past 5 years, and our only ongoing complaint is the incredibly slow response of both the user and administrative interfaces (as an aside, when I asked Barracuda Support about this, they suggested using Chrome or Safari due to the fact that the JavaScript engines are much faster in those browsers; I did so, and they were right; but this doesn’t help the fact that we are like most organizations and standardized on Internet Explorer internally).

So far, after a month of use, the Google Message Security system is working well. The users have adjusted with very little complaint, and I have received some appreciation that the Google interface is much faster than the Barracuda, and also that they can access their spam quarantines remotely.

Here are some of the differences I have found between the Barracuda and the Google Message Security (Postini) interface:

  1. GMS (Postini) blocks more spam than the Barracuda. My own account was averaging 3 spam messages a day with the Barracuda, I now average 1 spam every 3 days.
  2. GMS (Postini) shows much more offensive spam in the user quarantine than the Barracuda did. So far, no user complaints with this, but some of the spam messages subjects I have seen showing up in the quarantine are just about as sexually offensive as you can get. This was not the case with the Barracuda, it seems it did a better job of blocking sexual content outright.
  3. GMS (Postini) only saves quarantined messages for 14 days. The Barracuda was adjustable, and we had ours configured to store messages for 90 days.
  4. The GMS (Postini) Reports are not configurable for daily/weekly/monthly delivery. I put in a support request about this, still a no go. I will miss the daily quick summary reports of both total and spam message activity that the Barracuda provided. I hope this is a feature that GMS adds in the future.
  5. The only way to report a message as spam that landed in a user Inbox with GMS (Postini) is to forward the message in question as an attachment to There isn’t a nice one-click button you can add to the toolbar in Outlook as there was with the Barracuda. Also, the spam message must be sent as an attachment, and not just forwarded. I’ve already spent time training several users on how to do this.

Overall, the conversion to Google Message Security (Postini) went very well. This was our first test of putting a service “in the cloud,” but I don’t think it will be our last.

Exchange Server ActiveSync error message with HTTP status code 409

March 23, 2010 1 comment
  • System Notes: Exchange 2003 Enterprise

After migrating accounts from an Exchange 2003 Standard server to an Exchange 2003 Enterprise server recently, one particular user account kept generating Event ID 3005 error messages in the Application log. The full text of the error message went as follows: “Event Type: Error, Event Source: Server ActiveSync, Event ID: 3005, Description: Unexpected Exchange mailbox Server error: Server: [server1] User: [user1] HTTP status code: [409]. Verify that the Exchange mailbox Server is working correctly.” This message would appear several times a day.

The user in question had no problems with his e-mail account via Outlook or OWA. However, when attempting to use his Palm Pre smart phone, he could see and read his e-mails, but he could not delete them or reply to them, nor view any Contacts or Calendar information. We have at least 10 other user accounts that were migrated in the same way, and were using various types of smart phones, including two other Palm Pres. None of them had this problem.

After much searching on the web, I ultimately determined the only way to correct this problem would be to delete the user mailbox and recreate it. Once scheduled with the user, I backed up the mailbox to a PST file, then used the Exchange Tasks wizard to Delete Mailbox. I forced the cleanup agent to run with the Run Cleanup Agent from the Exchange System Manager, then purged the mailbox from the server.

After re-creating the mailbox, anyone who e-mailed the user was getting SMTP 5.1.7 errors (“The e-mail address could not be found. Perhaps the recipient moved to a different e-mail organization, or there was a mistake in the address. Check the address and try again.”). Something was obviously wrong with the mailbox, so I deleted it a second time following the steps above. I then ran the Exchange Task “Remove Exchange Attributes,” and again recreated the mailbox. This time, no problems with e-mails going to or coming from the mailbox.

I had the user remove and re-add his Exchange account information on the Palm Pre, and everything then worked correctly. No more errors from Exchange in the Application log.