Rules for my sons…

These are now rules for both my sons! Thanks Peter!

I like these a lot!

Rules For My Unborn Son by Walker Lamond

1. Never shake a man’s hand sitting down.

2. There are plenty of ways to enter a pool. The stairs ain’t one.

3. The man at the grill is the closest thing we have to a king.

4. In a negotiation, never make the first offer.

5. Act like you’ve been there before. Especially in the end zone.

6. Request the late check-out.

7. When entrusted with a secret, keep it.

8. Hold your heroes to a higher standard.

9. Return a borrowed car with a full tank of gas.

10. Don’t fill up on bread.

11. When shaking hands, grip firmly and look him in the eye.

12. Don’t let a wishbone grow where a backbone should be.

13. If you need music on the beach, you’re missing the point.

14. Carry two handkerchiefs. The one in your back pocket is for you. The one in your breast pocket is for her.

15. You marry the girl, you marry her whole family.

16. Be like a duck. Remain calm on the surface and paddle like crazy underneath.

17. Experience the serenity of traveling alone.

18. Never be afraid to ask out the best looking girl in the room.

19. Never turn down a breath mint.

20. In a game of HORSE, sometimes a simple free throw will get ’em.

21. A sport coat is worth 1000 words.

22. Try writing your own eulogy. Never stop revising.

23. Thank a veteran


Should You Forgive a Drunken Attack?

SorryLast week Jews around the world fasted for Yom Kippur. The translation is Day of Atonement. In the days leading up to Yom Kippur we are meant to seek forgiveness from others for our transgressions against those we might have wronged. The thinking is that while G-d can forgive sins against him, it is only the people we have wronged who can forgive those wrongs. I have had a lot to seek forgiveness for over my life, and some of those wrongs will never be forgiven.

I do try to be a good person, and as such, when someone seeks my forgiveness, I try to forgive when I can. And so when, a couple of months ago, someone whose name may start with Q asked me to forgive him, I did. I did not let him off the hook easily, but I did say that I would give him a chance. He told me he did not know what had come over him, that even when others spoke against me he had told them that I was a good guy, that I had been good to him, and it must have been that he had been drinking. Still he had cut me off completely. When he asked forgiveness I was willing to accept his remorse.

Early this week something happened, and Q confronted me. I had not done anything, but it looked like I had. Even if I had done what I had been accused of, I still would not have harmed anyone… but someone who does not like me (and, again, someone who had been a false friend) used it as ammunition to talk bad about me.

Q decided he needed to get me to confess to him. I told him I hadn’t done anything, but he did not believe me – he would not believe me – and he spent a couple of hours yelling at me, threatening me, and in the end told me that he would take every chance possible to besmirch my name, both on-line and in person… not because I had done something wrong, but because I would not confess – even in confidence – to him. This, of course, was less than two months after he apologized for showing me he could not be trusted.

The next day, having let a few hours pass, I asked him why he had taken it so personal. His answer?

I was drunk to be honest I don’t know why I took it so personally….. I thought I was just chatting with you a bit.

And believe me or not, while I did unfriend you I never talked smack. You can ask <named two friends> or whoever.
I just thought it was ridiculous you were denying it to me but whatever.
It wasn’t like I was investigating for <edited out>, every one already knew it was you, I was just sending a message cuz j thought it was funny.

So if we read his words, he had no excuse for taking things so personally, but he was drunk. That is perfectly plausible – the initial conversation started after 9:00pm and with some breaks lasted over two hours. But this second conversation, in which he went on to again tell me he thought I was lying, took place at 3:00pm the next day. Is it possible he was drunk then too? Yes. Is it likely? Probably not – I believe he has a job, and was probably either at or just finished work.

So, was it the booze that made him so angry? Maybe. Was it the booze that made him promise to:

Hope I do see you soon, I’ll make a fucking point of coming to <A mutual friend’s house> next time your there….. not threatening anything, just want to put you on blast in front of other people

I don’t know if it was or it was not… but I will say this: In the same statement where he claimed to have been drunk the night before, he did not apologize for his behaviour, and he continued to call me a liar. Of course, he did not threaten to disrespect a mutual friend’s house by going there to make a scene, and he did not threaten to expose me and what a terrible person I was to everyone who would listen… so at least he was a bit calmer.

He was still the same person.

Q’s personality did not change when he was drunk, it was just enhanced. I have heard that so many times, but I don’t think I ever believed it… until now. People have been telling me for years that certain things – alcohol, drugs, old age – do not change who you are, it just magnifies some of the traits that are in you. Maybe that is why I have never started a fight when I was drunk. It is not who I am sober, so why should it be so when I am drunk?

Now… have I ever said things that really pissed someone off when I was drunk? Absolutely. THAT is a magnification of some of the traits I have worked over the past few years to fix in myself. Am I loud when I am drunk? I know that I am… and these are just a couple of the reasons I seldom drink to intoxication. It is also why I know I can trust someone sober, when they are a trustworthy drunk.

Will Q ever ask forgiveness again? I doubt it. Would I forgive him if he asked? Probably… but it is easier to forgive than to forget, and I will never forget, and I will never trust him again. That is not out of spite… it is simply because he has proven – twice now – that he does not deserve my trust.

Have a great weekend everyone.

Password Vault: Success!

I can’t believe it has been two years since I signed up for my password vault, but there it was in my mailbox… the reminder that it is time to renew my ‘premium’ service with my password vault service.  I did it gladly, giving over my credit card information.

Why premium, you ask?  Well, for one, I appreciate the ability to use my Yubikey to authenticate.  Multi-Factor Authentication (MFA) is extremely important in this day and age, especially when it comes to password safety.  As I wrote in this article, it took me a very long time to start trusting password management tools, and I did not want to trust my passwords to a simple… well, password.

With that said, there is something psychological to my decision as well.  I know it is wrong, but there is something in my mind that makes me distrust – or at least, not completely trust – any company that is giving me a service completely for free.  Maybe I am wrong, but I feel that if it is free, I have no right to complain.  Paying that yearly fee – even though it is only $1 per month – makes me feel that the company is accountable to me, and that if something goes wrong, I can pick up the phone and complain.

Am I right about this? I do know that when I had a problem with my Microsoft Account a few months ago (See article), it took me 107 days to get the problem resolved.  In fact, it took me the better part of a month to find anyone at Microsoft who would even take me seriously.  And really, what could I do?  Their reputation may be damaged in some small way for those people who read the article, but I cannot sue them.  I can yell and scream and curse and jump up and down, but because it is a free service, I can’t do anything else.

I don’t think I have had a single problem with my password vault, other than, for some reason, it thinks all of my computers are called Windows Chrome.  Other than that, all is good.  So I’ll keep using it, and for the extremely nominal fee, I will, for the next year, once more feel the false sense of security that, should something go wrong, I have the right to complain.

…and if you didn’t pay, you might not!

The New Mitch?


The photograph on the left was taken in front of La Floridita on Calle Obisbo in Old Havana by Greg Starks in February, 2017.  The photograph on the right was taken in the same spot by Eduardo Bensusan in July, 2017.  Conclusion?  Eduardo is obviously a much better photographer than Greg, except that Greg had the good sense to tell me to stand up straight.

Okay, let me say what I have been up to, simply because I am getting far too many comments to keep it secret any longer.

Yes, I have been on a diet.  Yes, it has been an extreme one.  No, I am not doing it on my own.  No, I am not sick in any way, and no, I have not, nor do I plan to have, any sort of surgical procedure.

Yes, I have been writing about it… quite a bit actually.  My journal, which has been shared with very few people, is nearing forty-eight thousand words.  I have not been writing it in public for a few reasons, not the least of which is that I have over the past few years written publicly and enthusiastically about my weight-loss attempts… and very little about all of those failures.

I have been quite successful with this attempt… so far.  I am down several pants sizes, and as the pictures show I have been doing well.  However I am far from done.  I have a long way to go, and I do not want to fail.  The only reason I am writing this is because I have received so many messages on Facebook from friends commenting, many of which with worried tones, asking if I was ill.

No, I am not ill.  I am quite well – I am jogging again, I am in the gym a few times per week, and I am trying to keep up the diet.  It gets difficult, but I am trying.  I will continue to do so.

I have a favour to ask of you all.  Please don’t ask me about it.  I do not wish to discuss how I am doing, nor what diet I am on.  If you wish to offer words of encouragement, I will graciously accept.  However, should you try to get any further information out of me, I will likely either divert or end the conversation.

Thank you all for your support.  And now we can resume our regularly scheduled technical mumbo-jumbo that Rick only understands twenty-five percent of!

Happy 10th Birthday!

i started blogging at The President’s Blog for about twelve years ago. However it was ten years ago today that The World According to Mitch went live, completely separating myself from my former position.

of course, back then the address was not – that would come later – but it was my own blog, running on DotNetNuke if I recall.

Ten years and over one thousand posts later, here we are. I want to thank all of you for your continued supports!

Touch: You can touch this!

Occasionally I am sent a press release about a new product, or a soon to be released product, that I think is worth talking about.  That happened this week when I received a kit about an upcoming product called Touch Earbuds.

touch-campaign-openers-v02The Touch Earbuds are the next generation of a product I looked at a few months ago called the Dot, which was a single earbud (although you could buy two and listen in stereo), which attached magnetically to a charging device (which in turn made a good key chain).  I made some recommendations to the company based on my experience, and here is the result: A pair of ear buds that have probably the best specs on paper that I’ve seen.  The charger is now an enclosed case (that simultaneously holds and charges the pair of buds), the Bluetooth 5 technology gives it an astounding 200m range from your device, as well as faster pairing, and the low energy functionality is perfect for devices that are needed to run for longer lengths of time.  They also did away with the button, and the Touch runs on just that – touch technology.

Did I mention that the Touch ear bud is 21mm long, making it a little shorter than an American quarter?  It fits in your ear smoothly and discretely, and stays in place even during rigorous physical activity.  They are sweat- and water-resistant, so you don’t have to take them out when it’s raining, or when you are working up a sweat.  They also come with various sizes of ear tips, to make sure they fit you perfectly.

The Touch is the world’s smallest ear buds, and they are due out in November, just in time for Christmas.  If you want to get in early though, you can back their Indiegogo campaign by clicking here.  There are more pictures, as well as data sheets and comparisons that you can look at.

I am really looking forward to trying these out… they will be the perfect fit for my long jogs and gym workouts, as well as for whenever I feel like listening to music… or chatting on the phone, because the noise reduction microphone makes it as easy as pie to chat as well as listen.


SCOM Unmonitored: Never Again!

In my last article I showed you how to enable the System Center Operations Manager (SCOM) Agent Proxy using PowerShell.  We used the cmdlet:

PS C:\> Get-SCOMagent | where {$_.ProxyingEnabled -match “False”} | Enable-SCOMAgentProxy

While this does work, it is what I call a point-in-time solution… that is, it enables the Agent Proxy on everything that exists today… but how do we go about switching it so that we don’t have to do this over and over again? Here we go:

PS C:\> add-pssnapin “Microsoft.EnterpriseManagement.OperationsManager.Client”

PS C:\> new-managementGroupConnection –

PS C:\> set-location “OperationsManagerMonitoring::”

PS C:\> Set-DefaultSetting –Name HealthService\ProxyingEnabled –Value True

That should do it… have fun!

SCOM: Unmanaged?

Congratulations! You have installed System Center Operations Manager, and you have installed all of the management packs that you needed.  Unfortunately you are getting that big, ugly, EMPTY green circle… you know, the one that is supposed to have green check marks in them?  Yeah, it happens to me too.  Not Monitored

The solution, often enough, is as simple as enabling the Agent Proxy on all of your agents.  To do so, from the Operations Manager Shell type the following:

PS C:\> Get-SCOMagent | where {$_.ProxyingEnabled -match “False”} | Enable-SCOMAgentProxy

This should solve your problem.  Good luck!

SCM is gone… Say Hi to SCT.

For the past several years nearly every client of mine (that I have consulted on Active Directory) has been introduced to the Microsoft Security Compliance Manager (SCM), a great tool that helped create Group Policy Objects (GPOs) for any number of Organizational Units (OUs), including Default Domain Policy, Domain Controller Policy, Client Workstation Policy, and many more.

Last week Microsoft announced the retirement of the SCM, and the launch of the Microsoft Security Compliance Toolkit (MST) 1.0.  According to the download site, the MST is a set of tools that allows enterprise security administrators to download, analyze, test, edit and store Microsoft-recommended security configuration baselines for Windows and other Microsoft products, while comparing them against other security configurations. 

If you are wondering how this product is different from the SCM, you can read the write-up by Aaron Margosis here.

I like that Aaron points out that there are gaps in the new offering, and assures us that Microsoft is working to fill those gaps.

Hyper-V Server Clustering Network Issue: Validation Failed?

If I’ve told you once I’ve told you a thousand times… When you build a Failover Cluster on Windows Server make sure you run the Validation Tests… and make sure those tests succeed (or at the very least nothing FAILS… Warnings are acceptable).

So as I sit at a client trying to cluster two Hyper-V Server 2016 hosts, I am frustrated by the big red FAILED on my Cluster Report.


Should you ever encounter this error, it is important to note that the network vEthernet (Data) is not the same network as Data.  So the solution, which stymied me for about an hour, was simple:


In other words, I have to disable to TCP/IP v6 on the problematic binding, which I do with a simple PowerShell cmdlet:

PS c:\> Disable-NetAdapterBinding -Name “vEthernet (Data)” -ComponentId ms_tcpip6

(Remember that I have to put the “quotation marks” around the name because there is a space in it… otherwise I could leave them out.)

Also remember that because these hosts are Hyper-V Servers and not actual Windows Servers, I couldn’t use the GUI to do this.  (There actually is a netsh command to accomplish this as well… but PowerShell rocks!)

Once I ran this cmdlet on both hosts, I re-ran my Validation Tests, and bingo!


Everything comes up roses, and I can continue my day happily.

I hope this helps you!

Fifteen Tabs: Shut em all down!

helpThose of us who try to keep  the banging of our heads against a wall to a minimum will have long since learned that we don’t know everything, and more often than not there is someone out there who knows more than we do.

“But Mitch, how can you say that?  I read your blog religiously, and when I don’t know something about computers I can usually find the answer on your blog!”  I know, but even I have to go looking for the answers sometimes… in fact, more often than not.

The problem is, very often the answer is not so easy to find…

This week I found myself trying to solve a problem that concerned a High Availability SQL Cluster.  It was maddening… I spent three days trying to find the answer, and from very early on I knew that I was going to have to look to others for help. 

As a blogger, the first place I start looking is… other blogs of course!

FrustrationNow here’s the problem with that… when the answer is not as simple as a yes/no to track down, you may have to look through myriad blogs and articles and documents and forums before you actually find the answer… and often enough one blog or article or document or forum may not give you the solution, but it will point you in the right direction – either down a rabbit hole or sometimes into a snake pit.  Either way, I keep each page open in a new tab in my web browser, because often enough I will want to document how I got from zero to hero – or hero to bum, as the case may be.

So three days into trying to solve this problem, which took me to a dozen different articles, forums, and conversations on Facebook, Twitter, and LinkedIn (which indeed led me to three other articles), I found in four of those articles the pieces to the puzzle that eventually helped me to solve my issue.  It was done, I solved it… not alone mind you, but I solved it.

I looked at my desktop and sighed… I hadn’t rebooted in three days for fear of losing track of my path toward the solution… which of course I had to document for my client.  I could now close them all down.  Each browser tab (and yes, there were actually fifteen of them, excluding Facebook, LinkedIn, and Twitter) was now beckoning to me to shut them down.  One by one I clicked on the X in the top right-hand corner… and I was quite satisfied as they all disappeared into the ether.

As frustrating as technical problems may be – and I always tell people that knowing more will only lead to more technical and even more frustrating problems – when you solve them the feeling is truly euphoric.  That stress-relieving satisfaction that you fought AND WON.

Now how is that for a way to end a day? Happy Friday everyone, and have a great weekend!

Will you pay?

CPUsAn article showed up in my Inbox today: Intel Core i9: It’s not whether you need 12 cores, but whether you’ll pay for them.  It is an interesting read, and a very good question.

I have always liked ZDNet.  Their people do a good job of keeping a pulse on the industry.  Their question is a valid one… will people be willing to pay for 12 CPU cores (presumably on the desktop… people will definitely pay for them in servers).

I used to be very good friends with a man named Willem.  Willem is brilliant, and was (almost) always a positive influence on me.  He is an IT Professional who moved to Virginia some time ago, but until then he owned and operated a company in Montreal called Saturnus True Data Services.  They were not the first computer company I ever worked for… but they were certainly one of them.

One day in late 2005 I was talking to Willem about the new laptop I was buying, an Acer Ferrari 4000.  It was sleek, it was gorgeous.  It was the first computer I ever owned that had a 64-bit CPU.  When I told Willem about it he asked why I would ever need or even want a 64-bit CPU?  I admit I did not really have a good answer for him then.  Later on I would… starting with the 3.2GB limitation on 32-bit CPUs.  However, when he asked me in November of 2005 I couldn’t tell him why I would even need more than 3GB of RAM, because back then nobody really did.

Fast-forward nearly twelve years, and 64-bit CPUs are ubiquitous.  I haven’t tried in a while, but I doubt you could even buy a laptop today with a 32-bit CPU.

The hybrid laptop I am writing this article on – my Surface Pro 4 with an i7 CPU – cost quite a bit more than my Ferrari laptop did, and it has a 4-core CPU with 16GB of RAM.  Had Willem asked me 12 years ago why I would ever want 4 CPU cores on a hybrid laptop I would have answered honestly with a question: What’s a CPU core?  And yet, here I am and it is my go-to machine.

The way our world works is simple: Something is invented and it is expensive… at first.  As time goes on prices go down… usually as newer versions are invented.  Eventually they become obsolete, and if you are lucky they become collector’s items… usually they become junk.  The Ferrari that I paid over $1500 for in 2005 is now selling (used) on eBay for $200… and that is probably because of the Ferrari logo because equivalent laptops from other manufacturers are selling for much less than that.  One day my Surface Pro 4 will be nearly worthless too.

CPUSo Intel invented a desktop CPU (the Intel i9) with 12 cores.  Today nobody needs it.  In 20 years nobody will understand how we got by with such primitive technology.  The founder of that company, Gordon Moore, predicted in 1965 that “…the number of transistors on integrated circuits doubles about every two years.”  So 12 cores is simply what was next.  Our computers get faster and as they get faster they get more expensive.  Then something even faster comes out, and that other one becomes less expensive… until they become obsolete.

So who will pay for the 12-core CPU on a desktop?  Probably very few people… now.  But give them time; prices will come down, and we will see them out there.  Slowly at first, but eventually 12-core CPUs will probably become the standard desktop processors.

…Now who among us feels really old, and nostalgic about our 4.77MHz CPUs?

A New Perspective…

This blog is older than I ever thought it would be.  So every once in a while I like to give it a facelift.  This morning you should notice a big difference.

I picked a new template last week.  I have modified it though… the pictures in the cover are shots I took in Cuba this year.  I hope you like it!  Let me know if you don’t!


Windows Server 2016: A pet peeve

Windows Server 2016Over the next few weeks, as I do my first production infrastructure implementation based on Windows Server 2016 and System Center 2016, I am sure this list will grow longer.  In the meantime, I have uncovered my first pet peeve in the new version.

Don’t get me wrong, overall I like Server 2016… but to find out that it is no longer possible to install Windows Server with a GUI (Graphical User Interface) and then later to uninstall the GUI (see article for Windows Server 2012) is fairly annoying.

Throughout the launch of Windows Server 2012 I was with the Evangelism Team at Microsoft Canada and I traveled the country – first for the launch events, and then evangelizing and teaching that platform.  I spent a lot of time talking about Server Core because of the benefits for security, as well as for the reduced resource requirements (which, in a virtualized infrastructure, can be staggering).

Of course, Server Core looks a lot like where we started out… if you were a server administrator back in the 1980s and most of the 1990s, you were using command line tools to do your job.  However it had been too long ago, and the vast majority of admins today were not admins back then.  So I was able to discuss a compromise… Install Windows Server with the GUI, and when you were done doing whatever it was you needed the GUI for (or thought you did), you could uninstall it… or at the very least, switch to MinShell.

I showed up at my client site this week and was handed a series of brand new servers on which to work.  They all had the GUI installed.  So I went to work, and typed in that familiar PowerShell cmdlet to remove the GUI.  I was greeted by that too-familiar red text which meant I had done something wrong.  I will spare you the boring details, and after several minutes of research I discovered that Microsoft had removed the ability to remove the GUI in Windows Server 2016.

I understand that the product team has to make difficult decisions when developing the server, but this was one that I wish they had not made.  However confirmation comes directly from the product group in this article, in which they write:

Unlike some previous releases of Windows Server, you cannot convert between Server Core and Server with Desktop Experience after installation. If you install Server Core and later decide to use Server with Desktop Experience, you should do a fresh installation.

I wish it weren’t so, but it is.  Once you install the GUI you are now stuck with it… likewise, if you opted for Server Core when you first installed, you are committed as well.


Firewalls: Trust me!

I have several clients who have multiple sites, as well as multiple Active Directory (AD) forests.  As security is so important they want to lock things down the best they can, but they also need to open up the necessary ports to allow the domain trusts to work.  The ports required for this are:

Port Number Protocol Traffic Type
53 TCP/UDP Domain Naming Service (DNS)
88 TCP/UDP Kerberos
445 TCP Server Message Block (SMB)

These ports should work for every version of Active Directory dating back to Server 2000, but I have not tried anything earlier than 2012.