Kerpau!

According to Wikipedia, high technology workers are more prone to experience burnout than other professions. Others who are susceptible include medical professionals, social workers and health care workers. Burnout is a combination of generalized anxiety disorder and depression and is not limited to any one profession. However, given that system administrators find themselves in highly stressful situations on a daily basis, it is no surprise that they are among the most commonly affected.

Lack of Boundaries for Roles and Responsibilities
While the accounting and law professions have had their roles refined over hundreds of years, the system administrator has only been in existence for a few decades. The boundaries are still being established and will continue to change for some time. A system administrator’s role varies from organization to organization, as it should. However, system administrators, particularly those in small- to medium-sized companies, often end up leading projects outside of their proper role, such as building moves, HVAC systems, electrical projects, construction projects, soda machines, fax machines, phone systems, security systems, cell phones, sound systems, the CEO’s kid’s busted computer etc. Unfortunately, many system administrators deal with these roles by resigning themselves to working longer hours rather than shaping their environment for their long-term success. There are exceptions, but this is generally a bad idea and is a contributing factor for burnout.

Poor Management
Given that the IT profession is comparatively young, there is an overall lack of good management in the field. In other professional fields (engineering, law, medicine), a manager must have performed the job s/he is managing with some degree of success before being given a greater position of responsibility. This is not the case with IT. I once had a company as a client who hired a former house painter with no IT experience as the director of IT. I can only speculate as to how he secured the position, but his IT department was constantly scurrying from one train wreck to the next. The primary victims of this person’s lack of competence were his stressed out, burned out techs.

Other times management doesn’t understand the subject matter and therefore fails to staff appropriately. Their lack of understanding may lead management to expect a certain level of service but refuse to allocate proper authority or funds to meet the need. I can’t count the number of times a client has told me they can’t tolerate any downtime and then become incredulous when I spec redundant firewalls/servers/disks for their environments. The discrepancy in expectations is usually resolved after some discussion of the real world reliability of complex systems. But I have cleaned up after enough system administrators to know that this is not as common as it should be.

Misjudgement in Accepting Responsibilities
System administrators pride themselves on being able to learn new technologies quickly but this can get them into trouble when they begin to take on new roles and responsibilities for the challenge alone or solely to get their hands on new “toys”. It can result in them spending huge amounts of time on low-value projects leaving little or no time to deal with their core responsibilities. At that point all it takes is an unexpected outage to put them behind schedule on every single other item on their already oversized task list.

The Common Factor
The reason situations like these contribute to burnout is they leave a person with the sense that they are not in control of their environment. In college psychology courses, they call this “learned helplessness” (http://en.wikipedia.org/wiki/Learned_helplessness) and it is the primary cause of depression. The other thing it contributes to is anxiety. Put these two together and you have the recipe for burnout. If you have symptoms of either depression or generalized anxiety, seek professional help immediately. This article provides information on burnout, but each situation is different and you should contact your health care provider for treatment.

One of my college professors had our class learn a phonetic alphabet (i.e. spelling alphabet) and it has proven to be one of the most useful tools in my sysadmin bag of tricks.

A phonetic alphabet is used by saying a word to represent a letter in order to prevent miscommunications. Over the phone an S may sound like an F so instead of saying “S” you would say “sierra” to prevent confusion on the behalf of the receiver. It has helped me get through many tech support calls where there were bad phone connections, strange accents (mine and theirs) or long serial numbers with lots of S’s F’s M’s and N’s. It is actually a standardized set of letter to word pairings established by NATO. A quick search of Wikipedia gives us the page to the NATO Phonetic Alphabet.

• A - ALPHA
• B - BRAVO
• C - CHARLIE
• D - DELTA
• E - ECHO
• F - FOXTROT
• G - GOLF
• H - HOTEL
• I - INDIA
• J - JULIET
• K - KILO
• L - LIMA
• M - MIKE
• N - NOVEMBER
• O - OSCAR
• P - PAPA
• Q - QUEBEC
• R - ROMEO
• S - SIERRA
• T - TANGO
• U - UNIFORM
• V - VICTOR
• W - WHISKEY
• X - XRAY
• Y - YANKEE
• Z - ZULU

There may be a time when you have the SMTP address of a user but you need to find the Active Directory user account associated with it. I found myself in need of this information while tracking a deliverability issue using the Exchange Server 2003 SMTP logs. To do this you will need to search the proxy address values for all users.

According to Hey, Scripting Guy, a proxy address is “simply an alias by which an Exchange user can be recognized by a non-Exchange mail system.”

1. Open Active Directory Users and Computers
2. Right-click the domain and select Find
3. Go to the Advanced tab
4. Select Custom Search from the Find drop-down list and go to the Advanced tab.
5. In the Enter LDAP query text box, type the following:

proxyaddresses=SMTP:user@example.com

6. Click on Find Now

And it will list the Active Directory account with that SMTP address attached to it.

I had a situation recently where I had a front-end/back-end Exchange Server 2003 configuration and had to lock down the access between the DMZ (where the front-end server resided) and the internal network (where the back-end server resided). The requirement was to open the minimum number of ports necessary for Exchange to get its job done. The information for Exchange was easy enough to find. But there wasn’t anything to be found on the ports that Antigen required.

Monitoring connections with netstat revealed that there were a number of ports used by the Antigen processes. But only a few were static and the others seemed to be mapped dynamically. I ended up contacting Microsoft on the issue and they were able to provide the answer. Microsoft states that “once messaging connectivity has been established between the two servers, there is nothing additional to configure for Antigen’s functionality.” It almost sounds too simple to be true!

This article describes how to install Apache Tomcat 5.5.20 Stand-alone on Debian Linux (Sarge) and run it as as a non-root user.

Install the Sun JDK

Download the self-extracting binary file for J2SE(TM) Development Kit 5.0 Update 9 from the following location to root’s home directory.

wget http://java.sun.com/j2se/1.5.0/install-linux.html

Make the file executable…

chmod +x jdk-1_5_0_09-linux-i586.bin

Change to your install directory…

cd /usr/lib

And execute the file…

~/jdk-1_5_0_09-linux-i586.bin

Accept the license agreement…

You will now have a directory named jdk1.5.0_09 in /usr/lib

Link it to /usr/lib/jdk for ease of use in future configuration tasks

ln -s jdk1.5.0_09 jdk

Add the java directory to the path…

vi /etc/profile

Add the following after the export PATH line…

export JAVA_HOME=”/usr/lib/jdk”
export JDK_HOME=”${JAVA_HOME}”
export PATH=”${JAVA_HOME}/bin:${PATH}”

Update your environment…

source /etc/profile

Test your install…

java -version

You should see something like…

java version “1.5.0_09″
Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_09-b01)
Java HotSpot(TM) Client VM (build 1.5.0_09-b01, mixed mode, sharing)

Congratulations! JDK is now up and running!

Setup the Environment for Running as a Non-root User

Create a group…

groupadd tomcat

Create the user and enter a suitable password…

useradd -g tomcat tomcat

passwd tomcat

Install Apache Tomcat

Download Tomcat

wget http://apache.mirrors.tds.net/tomcat/tomcat-5/v5.5.20/bin/apache-tomcat-5.5.20.tar.gz

Unpack it…

tar xzvf apache-tomcat-5.5.20.tar.gz

move it to /usr/lib…

mv apache-tomcat-5.5.20 /usr/lib

Change the owner to tomcat…

chown -R tomcat:tomcat /usr/lib/apache-tomcat-5.5.20

Create a link for simplicity…

ln -s apache-tomcat-5.5.20 tomcat

Set the CATALINA_HOME environment variable…

vi /etc/profile

And add the following line after the “export PATH” line…

export CATALINA_HOME=”/usr/lib/tomcat”

And then update the environment…

source /etc/profile

Change server.xml so that tomcat listens on port 80

vi conf/server.xml

Change

Connector port=”8080″

To read

Connector port=”80″

Test the install as root…

cd /usr/lib/tomcat/bin
./startup/sh

You should see something like

Using CATALINA_BASE: /usr/lib/tomcat
Using CATALINA_HOME: /usr/lib/tomcat
Using CATALINA_TMPDIR: /usr/lib/tomcat/temp
Using JRE_HOME: /usr/lib/jdk

Open a Web browser and go to http://server to verify that the Apache default install page appears
If that looks good, stop tomcat

./shutdown.sh

Congratulations! Apache Tomcat is now up and running!

Complete the Non-root Configuration

Install autoconf in preparation for building jsvc…

apt-get install autoconf

Compile jsvc

cd $CATALINA_HOME/bin
tar xvfz jsvc.tar.gz
cd jsvc-src
autoconf
./configure
make
cp jsvc ..
cd ..
copy /usr/lib/tomcat/bin/jsvc-src/native/Tomcat5.sh /etc/init.d/tomcat

Edit Tomcat5.sh to look like this…

#!/bin/sh

JAVA_HOME=/usr/lib/jdk
CATALINA_HOME=/usr/lib/tomcat
DAEMON_HOME=/usr/lib/tomcat/bin
TOMCAT_USER=tomcat

# for multi instances adapt those lines.
TMP_DIR=/var/tmp
PID_FILE=/var/run/jsvc.pid
CATALINA_BASE=/usr/lib/tomcat

CATALINA_OPTS=”"
CLASSPATH=\
$JAVA_HOME/lib/tools.jar:\
$CATALINA_HOME/bin/commons-daemon.jar:\
$CATALINA_HOME/bin/bootstrap.jar

case “$1″ in
start)
#
# Start Tomcat
#
$DAEMON_HOME/jsvc \
-user $TOMCAT_USER \
-home $JAVA_HOME \
-Dcatalina.home=$CATALINA_HOME \
-Dcatalina.base=$CATALINA_BASE \
-Djava.io.tmpdir=$TMP_DIR \
-wait 10 \
-pidfile $PID_FILE \
-outfile $CATALINA_HOME/logs/catalina.out \
-errfile ‘&1′ \
$CATALINA_OPTS \
-cp $CLASSPATH \
org.apache.catalina.startup.Bootstrap
#
# To get a verbose JVM
#-verbose \
# To get a debug of jsvc.
#-debug \
exit $?
;;

stop)
#
# Stop Tomcat
#
$DAEMON_HOME/jsvc \
-stop \
-pidfile $PID_FILE \
org.apache.catalina.startup.Bootstrap
exit $?
;;

*)
echo “Usage tomcat.sh start/stop”
exit 1;;
esac

Configure init scripts…

update-rc.d tomcat defaults

And start up the service…

/etc/init.d/tomcat start

That should do it. Enjoy!

Microsoft Exchange Server is a remarkable product. I’ve been administering Exchange servers since version 5.0 and it has always been a reliable, leading edge product and Microsoft improves it continually. Having said that, there have always been feature gaps in the product, thus the numerous products on the market that do reporting, filtering and other such things.

I found myself needing to create a list of users who have access to their e-mail using Outlook Web Access. I fired up Active Directory Users and Computers thinking I would do a search on something like the HTTP mailbox property of user accounts and be done with it.

However, it wasn’t going to be that easy. I found there was no such property available. After a extended research session I finally found the right command. Here it is.

For Windows/Exchange Server 2003

dsquery * dc=example,dc=com -limit 10000 -filter “(&(&(objectcategory=user)(homeMDB=*)(|(!(protocolSettings=*))(protocolSettings=*http§1*))))” -attr displayName protocolSettings

If you are an Exchange administrator, bookmark this page, print it out and save it. It will save you a headache one day. Perhaps a small one but it’s my favor to you.