Wednesday, April 29, 2015

Shrinking the Microsoft Server 2012 IPAM Database

I was having a terrible time trying to find and evaluate the size of our IPAM database running on Microsoft Server 2012.  I was seeing my disk space on the server wasting away after two years of being in production logging all the goodness of Microsoft IPAM and i let it get so far out of hand I was left with 0 disk space. After some thinking and Googling I was reminded of my previous post on moving the WSUS WID database so I went about it that direction.  Here is what I did.

I have no proof this works in the wrong one and I'm still waiting to see if it breaks anything in my environment.  So if you wish to follow these directions do so at your own risk.
  1. Backup the IPAM database and log file "ipam.mdf" and "ipam_log.ldf". By default they are found in C:\Windows\System32\ipam\Database 
  2. Install SQL Server Management Studio on the IPAM server
  3. Open SQL Server Management Studio using "Run as administrator" 
  4. In the Microsoft SQL Server Management Studio Connect to Server window, enter in \\.\pipe\Microsoft##WID\tsql\query and authenticate using Windows Authentication. Click Connect. 
  5. Within the Microsoft SQL Server Management Studio Object Explorer, under the \\.\pipe\Microsoft##WID\tsql\query object, expand Databases 
  6. From the Databases listing, select the IPAM database, then right click then hover over Tasks, hover over Shrink, and select Databases, the Shrink Database - IPAM window displays. 
  7. From the Shrink Database - IPAM window modify any options you wish to modify and click OK to execute. When completed the Shrink Database window should close.
  8. Depending on the size of the IPAM.mdf file this may take several minutes to shrink.
If you are having a problem where the Windows Server IPAM database is configured for Unlimited growth you can modify the max size and configure autoshrink as well.
  1. To do this perform the following actions:
  2. Right click on the IPAM database from Microsoft SQL Server Management Studio's Object Explorer and Select Properties.  The Database Properties - IPAM window displays.
  3. From the Database Properties - IPAM window, under Select a page, select Files
  4. Find the IPAM database row, and scroll over to view the ellipses under the Autogrowth/Maxsize column.  Click the ellipses in this column for the database's row.  The Change Autogrowth for IPAM window displays.
  5. Within the Change Autogrowth for IPAM window, change the Maximum File Size Limited to (MB) to an acceptable size for your environment and click OK.  Click OK in the Database Properties - IPAM window to execute the changes.

Friday, March 8, 2013

Performing an In-Place Upgrade from Windows Server 2008 R2 to Windows Server 2012 on a Domain Controller

Preinstallation

First off, I highly recommend performing this in a test environment before you begin. Also, perform additional research to your environment if there are other software and roles/features installed on the domain controller.  Ensure all software and installed roles/features are compatible, with Windows Server 2012.  In simple terms: Know what you are doing before you do it.

Before adding a Windows Server 2012 domain controller to an existing Windows Server 2008 R2 or prior forest/domain, adprep must be run.
With a new installation of a Windows Server 2012 domain controller, the wizard will automatically perform the adprep requirements for you.  If you are doing an in-place upgrade it may not.  If it has not been run prior to performing an in-place upgrade, the prerequisite compatibility report will notify you and require that it be run before the installation will take place.

The adprep command can be run from the following directory found on the installation media \support\adprep\

The command adprep /forestprep must be run on the on a server that has network connectivity to the schema master domain controller, by a user that belongs to all of the following groups: Schema Admins, Enterprise Admins, and Domain Admins group of the forest root domain. After running, allow replication to occur throughout the forest, or force replication.
The command adprep /domainprep must be run on a server that has network connectivity to the infrastructure master domain controller, by a user that belongs to the Domain Admins group of the domain it is being run in.  After running, allow replication to occur throughout the forest, or force replication.
You can also run adprep /domainprep /gpprep if you have not already updated the Group Policy RSOP permissions back when you updated the schema for Server 2003 SP1.  It does not hurt to run /gpprep along with adprep /domainprep, if it has already been run it will not run it again.  After running, allow replication to occur throughout the forest, or force replication.

If you are running a virtual machine make sure the software and hardware on the vm is up-to-date with the latest version available for your hosts.

Performing the In-Place Upgrade

To perform the in place upgrade of a Windows Server 2008 R2 domain controller to Windows Server 2012, perform the following actions:
  1. Login to the domain controller that will be upgraded
  2. Insert installation media
  3. Run Setup.exe from installation media. 
  4. Click the Install now button at the Windows Setup window
  5. At the Get important updates for Windows Setup window, if you are connected to the internet select Go online to install updates now (recommended), otherwise you may choose not to, by selecting No thanks.
  6. At the Select the operating system you want to install window, choose the version of Server 2012 you will be upgrading to. Click Next
  7. Accept the terms if you agree with them. Click Next
  8. At the Which type of installation do you want? window, select Upgrade: Install Windows and keep files, settings, and applications
  9. A Compatibility report is generated (and saved to the desktop for future reference).  Verify and take note of any warnings or errors.  If errors occur prevent you from moving to the next step, resolve those errors and restart the setup process.  Click Next.
  10. You will now see the Upgrading Windows window that will routinely update and report the upgrade process. Wait patiently until it is done.
  11. Again, let it do its thing! Do not take any action unless you know there is an issue, if there is an issue research it before forcing a reboot or shutdown.
My lab environment upgrade took a little more than two hours, and it had a basic AD DS and DNS installation. My hardware is a bottleneck as well, so it may not take as long depending on your environment.

My production environment DC that holds the Infrastructure Master role, took a little under an hour.  It does not have DNS installed on it, just AD DS.

When in doubt, wait longer.  It will complete, and if it doesn't, you will figure it out.

Finishing Up and Verifying Domain Controller Operability

After the installation you want to make sure that everything is operating as designed and if it isn't take the corrective actions to fix any existent problems.
  • Verify network connectivity and disk space.
  • Let it sit and replicate enterprise wide.  Doing so, the replica domain controllers can get information from the DC about its latest version, copies the new SYSVOL, etc.  The server itself can also stabilize with the new changes.
  • Check Event Viewer for errors and correct them as needed.
  • Check the Server Manager Dashboard for errors. Refresh it if you believe services are in a Delayed Start state to see if they came up correctly or view what services are not starting and why.
  • Verify the Services have started.
  • Verify antivirus is operational, or reinstall the antivirus if it were uninstalled prior to the upgrade.
  • Activate it if you do not have KMS setup.  If KMS is setup make sure it does activate properly.
  • Reboot again, just for fun. This will give you a better starting point when checking the logs by comparing the time of the reboot to new errors.  My first restart after the upgrade and first login, took about 10 minutes on my vm.
  • Install Windows Updates
  • Run repadmin /replsum and verify replication is successful within the domain or forest to and from the DC. Resolve any replication issues.
  • If it is a VM also monitor the hardware resources and adjust as needed.

Problems


<message xmlns=""> Before continuing, make sure the app vendors support your applications on Windows Server 2012. Follow their specific recommendations before and after Windows installs. To make sure your app is compatible and to download tools and documentation, go to http://go.microsoft.com/fwlink/?LinkId=243105 Important: If the software isn't compatible with Windows Server 2012 or if the app vendor doesn't support the app, uninstall it before you install Windows. If you don't uninstall the applications, your system won't be supported, the app might not work, and settings or other information might be lost. </message>
<message xmlns=""> Windows won't install unless each of these things is taken care of. Close Windows Setup, take care of each one, and then restart Windows Setup to continue. </message>
<complianceissuepri1 xmlns=""> An error prevented a required compliance check from completing. Cancel the installation and try upgrading again.  </complianceissuepri1>

Assigning a drive letter to the System Reserved Boot Partition for some reason will let the upgrade compliance check complete successfully.



Your PC ran into a problem and needs to restart.  We're just collecting some error info, and then we'll restart for you. HAL_INITIALIZATION_FAILED.  

Since it wouldn't boot into Windows Server 2012 to continue the setup, at the next restart I chose to boot back into Windows 2008 R2. After login, the following information message came up. This version of Windows could not be installed.  Your previous version of Windows has been restored, and you can continue to use it.  Before trying to install this version of Windows again, check online to see if it is compatible with your computer.

This HAL_INITIALIZATION_FAILED error on initial reboot was a VMware hardware issue.  To resolve this issue I powered the server off and selected Upgrade Virtual Hardware on the virtual machine within vSphere to bring it up to version vmx-09.  Powered it back on, booted into Windows Server 2008 R2 and reran the setup.

Would I do this again?  Probably not.  In my opinion, our environment is large enough that it would be less of a headache for me to do a fresh install, then migrate whatever needs to be migrated, or allow the servers to replicate what is needed in some cases.

repadmin /replsum returns (1722) The RPC Server is Unavailable for the recently upgraded domain controller.  Everything was replicating fine but I was getting 33% failure in replsum.  I was at a loss.  Finally I decided to replace the VM network card from E1000 to vmnetx 3.  After installing the vmnetx3 card, applying the network addressing information, and rebooting I did not receive any more errors in repadmin /replsum... weird...

Good luck!

Tuesday, December 18, 2012

Root Certificates Update from December 2012 breaks dot1x authentication

Oh No, I can't Authenticate on dot1x!!!

Ran updates on our domain controllers this morning, installed everything like usual, because I'm trusting like that.  Anyway, after the reboot of our DCs no computers were able to authenticate on the network!  After some digging and research of the event logs I noticed a forum thread was pretty active Titled: Root Certificates Optional Windows Update December 2012 - KB931125 triggers Event ID 36885 - SCHANNEL


I followed the recommendation given by user Michael DAngelo, and used Method 3 to modify the registry of the DC's. http://support.microsoft.com/kb/2464556


To set this registry entry, follow these steps:

  1. Click Start, click Run, type regedit, and then click OK.
  2. Locate and then click the following registry subkey:
  3. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL
  4. On the Edit menu, point to New, and then click DWORD Value.
  5. Type SendTrustedIssuerList, and then press Enter to name the registry entry.
  6. Right-click SendTrustedIssuerList, and then click Modify.
  7. In the Value data box, type 0 if that value is not already displayed, and then click OK.
  8. Exit Registry Editor.
Immediately after putting in the value it started to work.

Event Logs on Domain Controllers

Error Schannel 36887 The following fatal alert was received: 47.

Warning Schannel 36685 When asking for client authentication, this server sends a list of trusted certificate authorities to the client. The client uses this list to choose a client certificate that is trusted by the server. Currently, this server trusts so many certificate authorities that the list has grown too long. This list has thus been truncated. The administrator of this machine should review the certificate authorities trusted for client authentication and remove those that do not really need to be trusted.


Network Policy Server denied access to a user.

Contact the Network Policy Server administrator for more information.

User:
Security ID: DOMAIN\COMPUTERNAME$
Account Name: host/computername.domain.local
Account Domain: DOMAIN
Fully Qualified Account Name: domain.local/OU/COMPUTERNAME

Client Machine:
Security ID: NULL SID
Account Name: -
Fully Qualified Account Name: -
OS-Version: -
Called Station Identifier: 00000000000
Calling Station Identifier: 00000000000

NAS:
NAS IPv4 Address: 172.16.2.2
NAS IPv6 Address: -
NAS Identifier: 172.16.2.2
NAS Port-Type: Wireless - IEEE 802.11
NAS Port: 2

RADIUS Client:
Client Friendly Name: radiusserver
Client IP Address: 192.168.1.4

Authentication Details:
Connection Request Policy Name: Use Windows authentication for all users
Network Policy Name: 802.1x-Wireless
Authentication Provider: Windows
Authentication Server: DC2.domain.local
Authentication Type: EAP
EAP Type: Microsoft: Smart Card or other certificate
Account Session Identifier: -
Logging Results: Accounting information was written to the local log file.
Reason Code: 266
Reason: The message received was unexpected or badly formatted.

Event Logs on Radius Proxy

Warning IAS 2

User host/COMPUTERNAME.domain.local was denied access.
 Fully-Qualified-User-Name = <undetermined> 
 NAS-IP-Address = 172.16.2.2
 NAS-Identifier = 172.16.2.2
 Called-Station-Identifier = 000000000000
 Calling-Station-Identifier = 000000000000
 Client-Friendly-Name = AccessPoints-172.16.2.0/24
 Client-IP-Address = 172.16.2.2
 NAS-Port-Type = Wireless - IEEE 802.11
 NAS-Port = 1
 Proxy-Policy-Name = Dot1x_Proxy
 Authentication-Provider = RADIUS Proxy 
 Authentication-Server = 192.168.1.7
 Policy-Name = <undetermined> 
 Authentication-Type = <undetermined> 
 EAP-Type = <undetermined> 
 Reason-Code = 112
 Reason = The remote RADIUS (Remote Authentication Dial-In User Service) server did not process the authentication request. 

For more information, see Help and Support Center at 

Tuesday, November 20, 2012

Moving WSUS WID Database in Windows Server 2012

I can not guarantee this will work for you, but here is what I did when a coworker installed the WSUS database to the wrong drive. This post also assumes you know what you are doing, and are able to use SQL Management Studio 2012.


  1. Install SQL Server Management Studio 2012 (You can try Management Studio for 2008 or 2008 R2 I recieved an error when I tried initially)
  2. Run SQL Management Studio 2012 as Administrator
  3. Connect to Server Name \\.\pipe\Microsoft##WID\tsql\query (old versions used to be \\.\pipe\Microsoft##SSEE\sql\query this has changed in Server 2012 WSUS 4)
  4. Select Windows Authentication and login
  5. Expand Databases
  6. Right Click SUSDB
  7. Hover over Tasks
  8. Select Detach (Management Studio for 2008 might give you an error here)
  9. Select the Drop Connections checkbox
  10. Click OK
  11. Move the SUSDB.mdf and the SUSDB_log.ldf to the new location.
  12. Back in SQL Server Management Studio right click on Databases
  13. Select Attach
  14. Click Add
  15. Navigate to the new SUSDB.mdf location and select the mdf that is in the new location.
  16. Verify the mdf and the ldf are showing in their location properly.
  17. Click OK
  18. Verify the SUSDB database has attached and is not read-only, (if it is listed as SUSDB (Read-Only), verify the permissions on the folder and files you moved are the same as the permissions of its original location).
  19. Once reattached you should now be good to go. If things look iffy, restart Update Services/IIS Admin/WID Services, or reboot.

http://technet.microsoft.com/en-us/library/hh852349.aspx

Thursday, November 8, 2012

Installing Office 2013 Key Management Service Host on Server 2012

This installation is documented for installation using the Office Professional Plus 2013 Key Management Service Host ISO provided though the Volume Licensing Service Center, also assuming that the Volume Activation Services have been properly installed and configured on Windows Server 2012.

  1. Download the Office Professional Plus 2013 Key Management Service Host ISO from the Microsoft Volume Licensing Service Center.
  2. Copy it to the 2012 KMS server.
  3. Right click the ISO and select Mount.
  4. Run PowerShell as Administrator and navigate to the mounted ISO's root directory.
  5. Run cscript kms_host.vbs
  6. While it runs, it will open Volume Activation Tools
  7. Click Next at the Volume Activation Tools introduction screen.
  8. Select your Activation Method, enter in the FQDN if required and click Next.
  9. Click the radio option to Install your KMS host key and enter in your KMS host key.
  10. Click Commit
  11. At the info box click yes to install the new product key.
  12. Verify Activate Product is selected and click Next
  13. In the Select Product drop down you will see Office 15, VOLUME_KMS channel selected already.
  14. Choose your Activation method and click Commit.
  15. Click Yes at the This will activate the KMS host info box.
  16. View the configuration, verify it has succeeded, and click Next.
  17. If there are any options you would like to change in the configuration do so and click Commit.
  18. Click Yes to overwrite existing KMS configurations.
  19. It will then restart the Software Protection licensing service.
  20. If you are done click Close.
  21. Verify the PowerShell window indicates a successful completion, press ENTER to close.

Friday, September 14, 2012

10 Reasons Why You Should Train and Certify Your IT Staff

Is your staff begging you for training?  Are they at the point in their career they need to become certified?  Are you asking yourself, "Why should I train my staff"?  There are many benefits your business can see through training your staff members.  Whether your are a university, small business, large enterprise, solution provider, or technology reseller, you have an IT team behind you in one way or another.  They allow you to send your emails, surf the web, secure you, back you up, get from point A to point B, or they are implementing a product or service you are selling.  The truth is, your IT team needs to have the knowledge to meet your needs, and the only way to get it, is for them to learn it.  My hope is, is that you will train your staff on a regular basis and certify them.  Here are ten reasons why you should train and certify your staff.

10. Increase Your Business' Confidence

Nothing hurts an IT department more than your end users/customers thinking that the IT team just hides in a room with the lights off, praying for things to not break.  Since everything is done electronically, your business, employees and customers need to have the confidence that their data is being handled by true technology experts.   As your employees begin to earn their certifications, post them on your department webpage, a wall in a well trafficked area in your office, buy the shirts, and let people know your team are "Certified Experts".  Spread the word!  It is a great accomplishment!  A well trained team will more likely have their solutions optimized to best practice, configured correctly, and will have less downtime.  Having a secure, optimized and highly available environment will keep your employees, end users and customers confident that their data is protected and being handled properly.
When it comes to selling a product or a service you want your team to be held to the highest confidence by your customer.  Whether it is implementing a SAN solution or simply installing an application.

9. Prove That You Value Your Team

This turns into a touchy subject for many supervisors.  Do we pay for our team to go to training?  Do we pay for them to get certified?  Do we encourage them to get certified?  What if they leave after we spent ALL of that money training and certifying them. My answer is: Invest in your employees and they will return the favor!  Don't be scared that if they get certified they will go find another job somewhere else.
Think about it this way.  If they take the time to self study and to certify on their OWN time and dime, why do you think they are doing it on their own? Probably to improve their resume.
Invest in your team and they will return the favor, either by making the changes or moving on.  If they move on, is it that big of a deal?  If it is, require them to sign a contract to reimburse for the training at a prorated amount.  If they do leave, do you need to increase the pay of your employees. If they can simply go somewhere else to do the same thing, but for more money, something is wrong.  Start with checking how you invest in your employees.  Again, actively INVEST in your employees or they WILL find someone that can.  Take a note from this Dilbert comic: Please, don't marinate in your own stench...

8. Optimize Your Company's Infrastructure

A company's infrastructure is only as good as the person's/team's knowledge that put it in.  If you have a staff member, just throwing stuff into production, because everyone else uses it or they heard it was cool and wanted to try it, STOP THEM!  Don't let them put anything into production without learning about it first, and then ensure it is labbed up in an isolated environment to work out the bugs and to document it.  It sucks when you get into a position, that has all these little "free and cool" applications, barely functioning, on 20 different servers, and now you are responsible for managing it all.  Without any documentation.
By putting things into production without the knowledge to back it, it will not be optimized.  It will be shoddy, limping along, and likely on the verge of failing.  Send your people to training, so they can learn about what they are doing before they even think of implementing a solution into production.  Don't get your company stuck with an environment that is running on banana peels, when training will allow for optimization of the software or hardware.

7. Stay Current With Technology

Is your business still running Windows Server 2000 or Server 2003 across the board, maybe Exchange 5.5, 2000 or 2003?  Why is that? Windows Server 2008 and Exchange 2010 have been out for years!  Do you know that you are behind the times and Server 2012 is now out, with Exchange 2013 peaking over the horizon?!  Are your Cisco products still running CatOS? Train your staff to help get your company up-to-speed on the latest technology.  Take advantage of the latest features now available in the new releases. Staying behind on technology does nothing for your company but allow for more security vulnerabilities and a "going nowhere" staff. Those complex and confusing solutions that were put in ages ago could be running very smoothly, but think about it, really.  With the latest advances in technology, things have become increasingly simple, more secure, and definitely faster.  Your company and staff suffer by keeping old technology running.  Make the move, train your employees, implement new technologies, and certify your staff.  Give them a testing environment to play with the new technologies, to make sure it will work, and to make sure it can integrate into your production environment.

6. Improved Project Management

When a member of your staff knows their systems and solutions from the inside out, any future projects led by that team member will be significantly improved and timelines will be reduced.  Take into consideration the time they spent studying for their certifications, or even the time they spent at training.  They learned new advances in technology, they may have even heard or have been informed on other pieces of technology through conversations with classmates, or by a topic covered in class.  With that knowledge in the back of their minds, when it comes time to implement a new project, present the solution to administration, or to research a new technology, they will have a head start and be able to get the ball rolling with confidence.  When it comes to implement the project, would you rather have a knowledgeable staff ready to go, or a staff that is scrambling day-to-day, trying to figure out what they are going to do.

5. Better Customer Support

Your customers need the best support they can get. Provide it to them.  With a trained and certified staff, who has optimized their environment, implemented high-availability solutions, and implemented best practices.  Your customer calls will drop significantly.  A well trained team will also help cut down the time it takes to troubleshoot and remediate any issues that do happen to crop up.  Once your staff is trained and fixing issues with ease, they will have plenty of downtime to research and make improvements where needed.  With the improved customer support, the complaint department should now be able to find other things to complain about. :)  Give the customers an advantage, prove to the customer why they chose you over the competition.

4. Less Downtime

There is no doubt that when a system is installed according to best practices, it will run optimally and as intended by the solution provider.  Whether it is redundant core switches, firewalls, file shares, Client Access Array's, or DAG's, a well trained staff member will implement these solutions to make life easier for them and the helpdesk.
Imagine your own environment, if a single server fails, what will happen?  Will there be people knocking at your door demanding the service be restored instantly?  Probably.  All of this can be avoided to the utmost extent by training your personnel and valuing their input and recommendations to make your environment run smoothly. Many solutions out there offer some type of high-availability option, some take additional configuration steps for it to run optimally.  By not learning about and implementing these HA solutions, you can get in some deep goop at the point of failure.  When a staff member knows the capability of their systems and solutions, it will be installed and configured to meet the business goals.

3. Influence a Dynamic Learning Environment

You want your staff members to be the best they can be at their job.  By pushing them to attend training, learn new technologies, and get certified, your company will stay on the leading edge of technology and continue to grow and provide the best solutions for your customers. Make continuous learning the top priority when it comes to your employees.  Show your employees you want them to keep learning, don't view learning as a burden, view it as an opportunity.  Keep your staff passionate about their jobs, keep their brains moving, keep the juices flowing, keep your business moving forward. Encourage ideas, inspire growth, and implement the best solutions.

2. Eliminate Mistakes

When you think about it, how much downtime, customer issues, nights and weekends worked, have been the product of a mistake made by the IT team.  It happens all of the time.  One of the biggest influences of system downtime is human error.  Whether it was mistakenly deleting a connector, wiping a switch config, deleting a user account, unchecking a box, or formatting a critical disk, these mistakes cost the business time and money, and it will cost people their jobs.  Mistakes will not necessarily be eliminated, but there will be that knowledge in the staff to make the right choice, to take extra the time and think a thought through, rather than just clicking around or unplugging something inadvertently.
Let your business be the poster child of WHAT to do. Don't make the mistake of denying training to your team. Take advantage of the time you have now and train them before it's too late.

1. Improve Your Business' Reputation

By combining all of these together your business will provide better solutions, be more productive, allow faster turn around time, and provide your end users and customers with a high quality product.  Don't let your business be affected by downtime, unhappy customers, unhappy staff, old technology, or an overall lack of functionality.  Improve and enhance your business' reputation, give your staff the knowledge and skill set they need to meet the company mission. A smooth operating business, keeps the staff and customers looking at the future of the company.
Think of your IT department as a human backbone, it really is.  Keep it strong, keep it moving, and keep it adjusted.  If you don't, you can expect to see headaches, soreness, inflammation, cramps, and stiffness.  Everything will start falling apart from there.  Exercise it!

Overall

It all really comes down to investing in your IT team and valuing the work they do for you.  The results will reflect directly within the environment, and align with your business goals.  Thank your employees for their hard work and investment they have given the business. Invest in them in return. It's for the best.

A well maintained machine runs smoothly.  A poorly maintained machine, grinds, scrapes, seizes, overheats, and fails.  Please, oil your machines routinely to avoid break down.

Wednesday, September 5, 2012

Putting a Value on IT Certifications - Part 3 "Certified Rockstar"

Finding and Creating Your Value

The true value of your IT certification comes from what YOU do to create the value. You can put your certifications to good use and be a complete rockstar, or you can get certified and do nothing but flaunt around your signature block, resume and office's wall of pride.  Please, use it for good and be the rockstar. Do it to prove to yourself and others, that YOU ARE THE EXPERT, and not just a name with a list of acronyms at the end.  In short, be intelligent, don't be arrogant.

I've had several people ask me if I am going to be looking for a new job now that I have all these Microsoft Certifications.  The answer?  No. I still have A LOT of work to do!  Sure, I can go anywhere and get a significant salary increase, but why leave this place hanging when I can do so much more to help with my newly acquired knowledge!  First on my list, start identifying what needs to be fixed.

Identifying the Problems

We constantly have our binoculars out scanning the horizon for new technologies and thinking of ways to implement them to help our students, faculty and staff. On the other hand, we also need to make sure we put the binoculars down once and a while and see what is happening in our own environment.

Here are a few items that have come up that need to be tackled ASAP. Fixing these issues will definitely increase our value as a University.

Lack of Datacenter Redundancy

As an Enterprise Administrator, my professional life is contained within my datacenters, its applications and hardware and how it meets customer demands.  That being said, it had better run and run well or I won't have a personal life.

One thing our datacenter was lacking was application and hardware redundancy, we had SAN replication going on between sites and Domain Controller replication going, but other high demand applications were lacking in redundancy.  Our website, SQL databases, and Exchange Servers were stand alone systems.  Each of them are in very high demand, so rebooting them anytime before 2:00 AM is out of the question unless it is an absolute emergency.

Lack of Technical Knowledge Held by Students, Faculty and Staff

When I started as a student at the University, we had two Information Technology related Associate Degree programs, one in Network Administration and the other in Web Design.  About seven years ago, they were removed entirely.

Since the removal of pretty much our only technology directed fields, our office, in particular, has had to hire technicians with very little computer experience.  We are getting student technicians that are on track to graduate with Biology, English, and Wellness degrees.  Training them, pretty much from the ground up, is an ongoing occurrence.

Many of our technicians are all freshly out of High School, with little experience, that causes a problem when we have a more complex issue arise with a customer computer.  Who do we send, who's been here the longest? Do we escalate it up the chain to our most experienced server admin, who hasn't done technician duties for ages?  Our Faculty and Staff need to be serviced by quality work.  We also need to provide all of our students, faculty and staff with a proper technical learning environment.

Something needs to be done to ensure everyone knows what they are doing when it comes to technology and how to do it the right way.

Applying the Certifications to Resolve the Problems


Improving Datacenter Operations

Being certified has given me the confidence to really dig in and try to make our Datacenter optimized.  It used to be a mess, but has now been totally revamped and virtualized.  Having the advanced and expert knowledge of our infrastructure and the software we support has allowed me to add redundancy across the board.  This includes implementing Exchange 2010 DAGs, DFS replication,  Load Balanced Web Farm and SQL Clusters across two sites.

By implementing failover clusters, load balanced services, SQL Clusters, Client Access Arrays, and Database Availability Groups we have significantly improved and optimized our Datacenter availability at our two sites.


Training the Students, Faculty and Staff

Microsoft IT Academy - I'm currently working on a proposal to enroll our University in the Microsoft IT Academy program. This will help our Faculty and Staff with their professional development, and also provide the opportunity to start having more technology related classes at the university.

Let me tell you a secret, being a teacher has always been a dream of mine. Although I am not yet a Microsoft Certified Trainer, it is one of my goals to attain within the next 12 months.  Transferring knowledge to students and seeing them succeed in the end will help me both fulfill and continue my career goals and fulfill one of my personal dreams.

The plan: Enroll --> train our Faculty and Staff --> train our students.  It could be that simple, logistically. In reality, not so simple.
The obstacles: Staffing and $$$. I'm the only certified person able to teach Microsoft classes. Since we no longer have any technology classes, we have only one faculty member, not certified, that teaches MS Office. Will there be any demand for the classes or will it be a waste of time? Who is going to pay for it all?

One day my hope is to get over 90% of our Students, Faculty and Staff, Microsoft certified. The end result is intended to be a more technology converged personnel.

It is time to get the ball rolling.


In the End

Value your work, your employees and your image as a professional. Train and Certify your team, as often as you can.  Keep your professionals up-to-date on all technology aspects and you will keep your customers happy.
Imagine the possibilities attainable with your business, university or other environment that has a certified staff.  If you present yourself, your business, and your work, as being completed by experts and professionals, your end product will be held with the utmost value.

In the end, you will be the certified rockstar.

See Also:

Putting a Value on IT Certifications - Part 1

Putting a Value on IT Certifications - Part 2