Blog Archives

FIOS customers – better DNS solution

If you have Verizon FIOS, and haven’t already customized your router to use better DNS Servers, do yourself a favor and do so asap.  By default Verizon uses “DNS assistance” on their *.*.*.12 DNS servers.  Set your router to use custom DNS servers and change the ending .12 to a .14.  Alternatively, using any of the other official Verizon DNS Servers in the range of 4.2.2.1 through 4.2.2.5 is also a good bet. 

If you don’t customize your DNS, the Verizon DNS assistance configuration can potentially cause issues for Tech Savy users who do VPN, host monitoring, etc.  You are also helping Verizon make more money by being served ads on their DNS assistance page. 

I came across this help link on the Verizon website that will guide you through changing your router config to optomize your DNS settings…

Advertisements

Black logon screen for Server 2003

This is the first time I’ve run across this issue, but what was happening is I’d see a black screen both through RDP and from the actual server console.  You could see a little bit of the windows logon box, but it was cut off where the username and password fields would be.  If you can fumble your way through the logon screen you’d be able to logon but everything was still black, the only color you’d see would be in the desktop icons.  This makes it virtually impossible to do anything on the server.  This situation does not cause a work stoppage, as all the background services ran fine, you just can’t logon and do anything. 

So I started searching around and ultimately ran across a MS KB article 906510.  I’ll paste in the information below, but the KB said it was an issue with the color scheme, and the registry values were all set to “0”.  At least that is whats listed as the cause of the black screen symptom, but it does not offer an explanation of what would cause the numbers to get set to “0” in the first place. 

To resolve this I had to do the following:  (NOTE: the drive mapping step was only needed for my solution as the server was not on the domain and not using internal DNS, so I could not authenticate on the domain).

1. Map a drive from another network machine to this server using local admin credentials.
2. Open regedit and connect remote registry to the server in question. (this will not work unless you map the drive first – see above note)
3. Use an export from a working server of the registry key noted in the MS KB and import that into the remote server.
4. Attempt logon through RDP or at the console, the color issue should be resolved. 

I wish I knew what caused this issue, but I can’t find much as to the actual cause.  I heard talk that maybe it was a disk space issue, but my server had 10GB of free space, so that wasn’t it.  Hope this information helps someone in the future.

Open Source Anti-Spam for Exchange

I have been a long time user of GFI software, relevant to this post is their Mail Essentials for Exchange package.  I find it to be a very powerful and easily setup anti-spam system for Exchange.  I have had very little trouble with it, and it is packed with useful features.  However, recently I had some configuration issues with my spam setup, with rollernet really, not even an issue with Mail Essentials, but it got me thinking about my spam filtration system. 

I am now on a quest to find an open source anti-spam solution for Exchange.  I’m open to Linux based solutions as a gateway of sorts, but would prefer something that resides on the Exchange server running under Windows.  Don’t get me wrong, I have a great respect for SpamAssassin and other gateway type spam fitlers, but it gives the end user a much better experience if the anti-spam software can interact with the user, especially if it integrates with Outlook. 

Surely there must be some kind of solution out there I could try.  At the very least I might install a few different packages under Linux and route incoming mail through them, and from there go to Exchange for evaluation.  I can use server virtualization to allow for an easy evaluation of various types of configurations.  ASSP I hear is very good and there was one other package that I found last night that sounds promising.  I think it could be beneficial to have an additional layer of spam protection at the gateway level before GFI gets the messages and does its thing.  My only concern is false positives.  Lots of services and companies on the internet today do NOT have the proper DNS/MX confiugration and even at a more basic level don’t have their network setup right.  All these network issues can have a major impact on e-mail deliverability.  Its always a risk then when dealing with spam filters that you may block legitimate messages.  I am always watching spam logs to ensure that I keep an eye on how the system is doing.  If web services and companies would do a little work to get their sytems in compliance with RFS’s for SMTP and DNS, and setup the proper network configuration and mail server options, it would be a much better world for mail delivery without false positives. 

Computer System upgrades

This weekend I will be doing some computer system upgrades to my home computer systems. Not all of this will be accomplished this weekend, but the following is a list of items I plan to take care of starting today and finishing by mid week next week.

1. Install new memory into main computer, this is 2GB of DDR800 PC6400 DDR2 high performance RAM. Replacing another set of high performance RAM that never did work well with my motherboard, and was only 1GB.

2. Install upgraded CPU for the main computer. Installing new Intel P4 D 3GHz Dual-Core processor, replacing older 3.2GHz HT P4 processor. Slightly less MHz than the old processor, but provides dual-core support and better performance for Vista when we do that upgrade.

3. Install new Processor for the multimedia computer. Installing new AMD Athlon 64 2.4GHz CPU to replace the AMD Semperon 1.8GHz (mobile) chip that is currently in the unit.

4. Install new server computer. I will be adding a Dell Optiplex GX260 SFF desktop class machine as a server to my home network. This will end up powering Active Directory, DNS, DHCP and some other services on my home network. This will replace older and very slow compaq desktop that is on its last leg. This is a 2.4GHz P4, 512MB RAM, 20GB hard drive system, its small, cool and quiet. Perfect for my “server closet”.

In addition, the following upgrades are planned for the coming months…

1. Upgrade existing home photo printer. Currently have HP PhotoSmart 7550. Will be selling this on ebay to purchase new photo printer.

2. Upgrade existing LCD Flat panel monitor. Will be selling existing unit to purchase a new better model, at least 19″.

FIOS Update

So now that I’ve had FIOS for several months, I thought I would post an update. Here are my observations so far…

1. I love the ActionTec wireless router that comes with the service. It is a very flexible and fully featured with a firewall, MAC address filtering, port forwarding, and more. I took a little while to adjust to the settings on the router, as you have to click save in more than once place for your settings to be saved and applied, which is a little different, but once you figure out the little neuances of the router, you are good to go! It will do anything and everything I need and more.

2. My only gripe so far, is something that happened when my IP address changed. I had the service for probably over 2 months before my IP changed for the first time. When it did change, my home network lost internet connectivity and my dynamic DNS client was unable to connect to the internet to update my IP. This caused several hours of outage for my home e-mail and internet connectivity. I have not yet had another IP change, so I’m hoping the first time was just a fluke. (NOTE: This won’t be an issue for most people, unless you run DNS for accessing services on your home network like I do).

3. The speeds are consistent and fast, every time I run the Verizon speed test, it comes out over 20MBps down, and nearly 5MBps up, with only slight variations. The bandwidth is exceptional, very fast, and reliable. I have had not real service outages at all and am very pleased with the quality of service I am receiving.

4. In order to optomize the speed your computer will see on the FIOS network, it may be necessary to run the FIOS connection optomizer. This basically changes some TCP/IP settings in the registry to optomize throughput on the FIOS system. These are the same type of settings people have been adjusting since the internet was created, I’ve done it with dialup before, and this is just the most modern way to optomize the connection. Its no big deal, but you will see lower than advertized speeds unless you run the optimizer.

5. The price of the service is comperable to service with other providers in the area, but the speeds are much faster without increasing the cost of the service.

I am overall very pleased with Verizon FIOS service. I highly recommend it to anyone currently using a cable provider. I’ve been a cable user for years, and took a long time to make the decision to switch. I am happy that I did, and will never go back to cable. I would also point out that Verizon offers a 30 day money back guarantee, so you can always give it a try and test it out to see what you think. You can cancel at the service if you don’t want to keep it. Plus then your home will be wired for the service should you decide to use it again in the future.

DNS uh oh!

I will admit that I made a pretty bad oopsie recently regarding my DNS confiugration for my personal domains, specifically with the MX records. Recently I decided to cancel my no-ip backup mail service account, so I removed the no-ip mail servers from my MX records in my DNS zones. What I forgot was that I had setup my DNS on DNSExit.com rather than on my own hosting server. So the place I fixed the MX records made no difference at all, and last night or this morning when my no-ip account expired, they began rejecting mail for my domains. I was alerted to this issue by my loving wife who calmly told me she couldn’t get any email from her friends. I quickly identified the issue and made the necessary corrections on the DNSExit system and mail flow has been restored. There could be some DNS servers out there that have my DNS zone cached, so for up to 2 days, we still face missing some e-mail. Fortunately, the sender will get a bounce back and hopefully realize that something is wrong and they need to re-send their message later. This is the first major mail stoppage I’ve had in a LONG time. I plan to diagram my mail flow and DNS configuration so that I can reference this information in the future, since I don’t look at it every day, its easy to forget how things are setup.

UPDATE | 8-27-07

It turns out I thought I had fixed everything but hadn’t. I noticed I still wasn’t receiving the normal amount of mail I normally would on my shorehost.com domain. After checking again, I found I had forgotten yet another backup DNS service that I use and had not yet removed the no-ip MX records from that provider. So I fixed that, and I’m happy to report that mail is now flowing normally now. However for several days there, since approximately Aug 23rd, incoming mail to my personal domains was affected and mail was bounced back to the senders. So if anyone sent me or my wife anything important, please re-send!!! This is the first major outage caused by an “oopsie” that I’ve ever had on my personal mail system.

First Dynamic IP change a failure

This morning around 1am my IP address changed on my FIOS router at home. I have a dynamic dns client running to update a few DNS entries I use. Unfortunately, after the router got its new IP, it quit working. None of my home machines could access the internet. So the dynamic dns client running on a server, could not update my dynamic DNS. I rebooted the router this morning and was pleased to find that the client was able to update after the reboot. I am hoping this was a fluke and the next time the IP changes, I won’t have this issue.

Verizon FIOS and Relay of SMTP messages

It came to my attention recently that there have been problems relaying mail to an external party from my mail server at home. I host some distribution lists and mailboxes for a small group my wife is involved with. They have a public domain setup with a few mailboxes. All the e-mail for that public domain comes through my Exchange server. Copies of the incoming messages are routed to internal mailboxes, but each mailbox is setup to forward a copy of every incoming message to that user’s home e-mail address.

So I kept getting these NDR messages (since I’m the administrator) and I hadn’t really had time to investigate until recently. When I started to take a look at the problem, I realized it only occurred when a particular sender would send a message to the users on the group’s public domain. Basically this person was sending mail to an address at the groups public SMTP domain. So my server would receive the mail, deliver it locally and then forward on a copy to each recipient’s home e-mail address. So that was the pattern of the problem, at least I had that figured out.

We recently switched to Verizon FIOS and after more checking, realized this issue started occurring right around the same time we made the switch. When looking in the event viewer on my Exchange server I found events saying that I had to authenticate to send mail as xxx user, which I knew was not my account. I checked the message tracking in Exchange and found that mail delivery worked fine locally, but failed when relaying a copy out to the user’s home e-mail address.

The issue it seems is that when Exchange forwards a copy back out to the user’s home account, it has the from address of the sender in the SMTP transmission. My server is configured to route all outgoing SMTP messages through Verizon’s outgoing SMTP server. But the user sending the original message was also using Verizon DSL with a verizon.net e-mail account. So when my server tried to relay the outgoing copy, it saw the from address and that it was a verizon.net account. I can only assume that Verizon has some type of account restrictions in place that prevented my server from relaying mail from this address while authenticated as my account. (I’m using SMTP authentication for outgoing mail through Verizon). The message would be blocked at this point and I’d get the NDR. So I naturally started looking at outgoing SMTP accounts with third parties for use with relaying. I toyed with the idea of setting up another SMTP connector for the recipient’s domain to bypass Verizon, but was weary of that due to PTR issues with my DNS, which could cause more problems than its worth.

I found a good SMTP relay service for only $15 a year, and was about to buy it when I decided to stop and try the SMTP connector in Exchange first, just to see if it work, or if hotmail (the home recipient with delivery problems) would reject the message if it did any type of PTR lookup on the sending mail server. I set everything up and sent a test message and was happy to see it was delivered successfully. I now route all outgoing mail to hotmail.com directly to the hotmail MX servers rather than route through Verizon. This way all other mail can go through Verizon, but anything sent to hotmail.com will go directly from my server to hotmail, which then resolves my problems of another verizon.net user relaying through my mail server. After more testing I have found this works well and saved me $15 a year.

Issue with Public LAN in Windows – Exchange Clustering

Yesterday I began a demo of a Windows Server 2003 Cluster running an Exchange 2003 virtual server. This is a 2 node active/passive cluster. Everything was fine until I got to the part where I was showing hardware failure and the resulting failover performance. I unplugged the public LAN ethernet cable from the active cluster node. To my dismay and embarrasment the cluster administrator locked up and failover never happened. I was sure I had tested this particular scenario before during the initial setup. After thinking about this a little more I probably tested this with the default cluster during setup, and not after Exchange was up and running. Why would you want to disconnect the public LAN cable right? Well, when tested I discovered that Exchange in a cluster is very sensitive (as it usually is) to losing its public LAN interface. Anytime Exchange (clustered or not) loses connection to AD and DNS, it can hang. Well my problem was cuased by the Exchange 2003 services hanging once public LAN connectivity was lost. I found that the cluster was trying to stop the Exchange services but they were hanging. The cluster can’t failover to the second node until the core Exchange services are stopped and Exchange cluster resources are marked as offline. So because the services were hanging, my cluster would not fail over to the second node.

Read the rest of this entry

Dynamic IP Change

For the first time in about 2 years, my dynamic IP address at home changed! I got up yesterday morning and thought to myself, “hmm, my IP is going to change”. Before leaving for work I realized that it had, sometime after 3am. So I had to make some DNS changes and ended up switching DNS on my main domain to another company so I can use a dynamic DNS system that supports multiple domains and subdomains. I went with DNSExit, as they had the best dynamic update client, and perfect services for what I’m doing at home. Now I won’t have to worry about an IP change anymore. I didn’t lose any e-mail or anything, since my MX records are backup mail servers, they queued all my mail until my DNS updates took effect. Gotta love redundancy and backup systems!