Well, I am back from vacation. I suppose I will have to think of something to write about…
Well, first of all, I finally started playing Homeworld 2 and I really have to say that Relic did a great job with HW2. Simply the best of the genre (along with the first HW) and likely always wil be. If you like RTS games and like big space battles where stuff blows up real good, then this game is for you.
I have also been playing FarCry lately and I can say that it sure is one impressive game. Quite fun as story driven FPS games go, though the multiplay is somehow lacking. None-the-less, the game is loads of fun and spectacular to look at (and finally shows off exactly what my year old system can do).
Speaking of which, I am thinking about upgrading my Alienware box (3Ghz P4C-HT/800MhzFSB, 2GB RAM and 160Gig SATA RAID0) with a new Nvidia GF6800GT as I have never really had warm fuzzies for my ATI Radeon 9800Pro. I can’t really say that the ATI part has been bad to me and at the time I bought the machine, the 9800 Pro really was a better card than anything Nvidia was making (they sure went through a strange 3DFx style funk for a while, though it looks like Nvidia is back on track – PSU silliness aside, the 6800GT and 6800Ultra really are wicked pieces of hardware). I have had (though not for a while) driver issues with 9800Pro and, frankly, there is weirdness in their OpenGL support including no hardware support for the glCopyTexSubImage2D-function (which was what caused all the problems with SimCity4 on ATI hardware, I believe). So I bid ATI farewell and it’s back to Nvidia for this generation of cards.
A couple of quick notes on Exchange silliness -
1. Never mix the same accounts for your Exchange 5.5 Service Accounts and the Exchange 200x Admin roles, as any account granted Exchange 2003 Admin role will also be denied send and receive as rights on the legacy MTA (X400 protocol), which will prevent mailflow between E2kx and 5.5 (a bad thing). This can overridden through manual re-ACLing by either exposing the security tab (http://www.computerperformance.co.uk/Registry/registry_hacks_exchange.htm) or by using ADSI edit to edit the ACL’s in the Config NC (if you need to ask where to look, you shouldn’t be using ADSI edit or, for that matter, doing any of the above). You will have to break the ACL inheritance at MTA object or modify the ACEs further up at the org container. Anyway, just be smart and don’t create this problem in the first place (like I did on a recent project… DOH!).
Also, if you are in a large multi-site Exchange environment where the local sites are each using different, localized, service accounts that are granted only limited access to remote sites, it may also be necessary to ACL the legacy MTA object on each server (or at the admin group container) with ACE’s for the remote sites service accounts to grant send and recieve as rights, otherwise your local Exchange 200x servers will fail to communicate directly via X.400 (and will will see subsiquent RPC bind errors in both the loca and remote servers event logs). I will write more on the this at a later date, as this is not a well understood problem and I have seen it cause big issues for clients.
2. If you are implementing the ADC in a large environment with multiple domains, keep in mind that you should double check to make sure that the accounts that the ADC is using for CA’s to AD are members of the local “Exchange Domain Servers” group. Additionally, if you are using a single account, make sure the account is located in domain where the group is present and that an Exchange 200x server is planed or present.
Now you ask, why is this? Well, if you don’t, some strange things will occur with DL’s with hide membership from GAL turned on. First of all, right off the bat, because the ADC (and Exchange enabled AD Users & Computers) modifies the ACL on a mail enabled group with this option enabled using a non-standard, non-canonical format (KB253827), the only accounts that will have rights to view and change the membership of the DL in AD will be those that are members of at least one of the Exchange Domain Servers group (since the ACL, as Exchange Servers are added to domain prepped domains, will be modified to include ACE’s for each of the Exchange Domain Servers domain global groups from each domain). Initially, this causes a major F’ing problem with the ADC, however, since this ACL doesn’t get updated until AFTER at least one Exchange 200x server is installed. In the interim, something truly bad happens, namely the ADC can’t read the group/DL membership and proceeds to update the legacy Exchange 5.5 directory, clearing the membership of the DL in 5.5. Obviously, if you have large numbers of DL’s with the hide membership enabled, this is a very bad thing.
The good news is that the problem will correct itself provided that you do what I recommend above. The bad news is I have instances where the ACE’s don’t get properly updated on the AD group/DL object and as a result, you have to run the Exchange tasks wizard and unhide membership and rehide membership to get the ACE’s to update with each domains Exchange Domain Servers group (note: you must run the Exchange Tasks Wizard from AD Users & Computers, simply unchecking the hide membership property will not reset the ACL). This appears to be hit and miss, so you may or may not have to unhide and rehide (I have not been able to identify the mitigating factors for this issue).
Also, if you wish to allow modification of the membership of a group with hide membership enabled, you need to place the Admin account in an Exchange Domain Servers group.
Boy, Exchange sure is fun.
Once last note, if you have a server or SAN that support RAID 5 with double parity (such as HP’s ADG), configure your LUN’s to use it. I recently saw a simultaneous double failure in a RAID 5 LUN (occurred so fast the hot spare never had a chance). Needless to say, it was a bad scene.
Later on.
