LLMNR – Another Reason to Upgrade

The ultimate goal of any network administrator is system uptime and the consistent availability of network resources . This should be easy, but alas DNS and WINS can be fickle creatures.

In the Windows 2000/Windows XP days, losing a DNS server usually meant a total lack of connectivity for a network.  WINS, while not nearly as important as it once was, was also the source of a lot of grief when it wasn’t working properly.

Now, we have IPv6 entering the scene which has created its own set of problems. WINS doesn’t support it at all, and DNS is not so keen on mixing the two types of addresses (although it is possible). The need for a technology to fill the gap was evident. There had to be a better way of keeping machines talking to each other on subnets.

The answer was LLMNR or Local-Link Multicast Name Resolution.  The RFC for LLMNR (#4795) arose from a need for a way to get hosts communicating with each other on a small network with zero configuration.  As the name implies, it is only on the local link, so this is not a substitute for DNS, but rather a complementary system that will improve connectivity. The technology works with both IPv4 and IPv6 and is included and enabled by default on Windows Vista, Windows Server 2008/R2 and Windows 7.

This feature alone, is reason enough for me to recommend an upgrade to customers. I have set up several small networks now with Windows 7 boxes and they were able to communicate and share files within minutes of being attached to the network. Browsing by hostname was reliable and easy.  Anybody that has done the same thing on a small Windows XP network will be all too aware of how easily name resolution can be broken. The bottom line is that this technology will save companies money as it will surely reduce calls from end-users with connectivity issues.

So, how does all of this magic work? It is not all that difficult actually.

The standard is based on a standard DNS data packet, but it sends out a packet that can be up to 512 octets in size in multicast on port 5535. IPv4 hosts will listen for these broadcasts at or in the case of of IPv6 at FF02:0:0:0:0:0:1:3 .  Hosts will then respond and this information will be cached for use by the operating system allowing for fast name resolution.

The LLMNR cache will only be queried for information if a DNS query fails, and as mentioned above it should not be considered the primary form of name resolution but rather a complementary one. If one were to set the LLMNR cache with a higher precedence than the DNS cache, it could be used (inappropriately) as the primary resolution mechanism.

LLMNR is currently unable to propagate across routers, but it is interesting that in the actual RFC for LLMNR, there is considerable discussion with regard to enabling this in a wider, perhaps Internet level, fashion.

In Server 2008 (and presumably Vista/Windows 7) LLMNR can be disabled. I am not quite sure why anyone would want or need to do this, but should you find reason here is a link that will show you how it is done.

Anyway, I realize that this post was a little deep on the technical side, but I just wanted to highlight and perhaps promote this technology so that more people will make the switch to our new beautiful suite of stable, reliable and secure operating systems.


Layer 2 and layer 3 Switches

The first time I heard the term Layer 3 switch, I had a really hard time with it. It’s not that I couldn’t conceive what the device does, or how it would be implemented, but rather it was more an issue of simple pedantry. The term layer 3 switch is indeed slightly paradoxical at best and to some, completely misnamed.

Anyone with an understanding of the OSI model will already be nodding his head in agreement. It is the OSI model itself that clearly tells us that layer 2 is the Data Link Layer, which includes devices such as switches, and Layer 3 is the Network layer which would traditionally include routers and bridges.

So, what in damnations, is a Layer 3 switch. By definition this should be called a router, right? That’s certainly what I thought until recently.

In fact there are some subtle distinctions between a Layer 3 switch and a router. These distinctions however make a not-so-subtle difference in performance especially on corporate LANS connected by a VPN – layer 3 switches are blazing fast and have a throughput that would even make Takeru Kobayashi, the Japanese hot dog eating champion, blush. The ability for these devices to “ram” massive amounts of data through them is the main difference between a router and a layer 3 switches.

Hardware implementation of carefully refined software algorithms is what makes this all possible. By hard coding what would normally be a software implementation on a normal router, Layer 3 switches can attain speeds considerably faster than any normal router on the market and deliver data from across the LAN following the principle of Open Shortest Path First. (OSPF) Most layer 3 switches don’t even have CPUs as a router would, but insted use Application Specific Integrated Chips (ASICs) to get rid of the inherent speed penalty that wasted or tied up CPUs can create.

Additionally, Layer 3 switches typically don’t have a WAN port and are intended to be primarily a switching device that includes routing information. In the real world, this means that data centres using VOIP and/or have a large number of users accessing databases or file systems simultaneously will notice that lag or in the case of VOIP – choppiness – is all but removed.

Obviously, I could go into a tremendous amount of detail on how layer 3 switches are implemented and how the ethernet/MAC fram is bridged to layer 3 protocols such as IP, IPX, apple talk etc, but honestly it really isn’t necessary.

As long as you understand the use of these devices, you will be able to implement them just as easily as any router. I hope this brief explanation helps!


NTBackup for Server 2008 with Exchange

As the exploding popularity of our “Running NtBackup under Windows 7” would suggest, the emergence of our latest and greatest operating systems has also left a few holes that Microsoft has yet to plug.  As our readers have seen from our first article, it is very easy to get NtBackup running under windows 7, but more and more people are also realizing that there is a significant need for this on their Server 2008 and Server 2008 R2 boxes that are running exchange.

Currently, Microsoft does not include any product that adequately backs up exchange server on these platforms. The biggest issue with all of the schemes is the fact that logs are not cleared and these servers end up with a lot of wasted space from these.

Honestly, I don’t know when Microsoft plans on addressing this issue officially, but given the screaming we have heard, I would hope that it is soon.

Anyway, to get NTBackup working for exchange in this scenario is almost identical to our Windows 7 tutorial with a couple of small exceptions.

The process goes like this:

Copying the following binaries from a server 2003 install (C:\Windows\System32\) to a new location such as (C:\Program Files\NTBackup\):

  • ntbackup.exe
  • ntmsapi.dll
  • vssapi.dll

Then, install the removable storage manager in server 2008 which can be found under the features menu in server manager.

Finally, go into an older server and copy esebcli2.dll from your server (C:\Program Files\Exchsrvr\Bin) and put it into your new location which in our case would be (C:\Program Files\NTBackup\):

Then, change the esebcli2 reg key from (HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\BackupRestore\DLLPaths)

C:\Program Files\Micrsoft\Exchange Server\Bin\esebcli2.dll


C:\Program Files\NTBackup\esebcli2.dll.

Now go ahead and set up your exchange backup as a scheduled task just as you would have done in the past.

Please remember that this is more of a band-aid solution  and is totally unsupported by Microsoft. This will not work with tape drives, and it is very possible that future Microsoft service packs could break this functionality.  With that being said, it has been very solid in all of our testing thus far.


APC BR1500LCD: This Is the UPS You Want

You do have a UPS, right?

If so, skip this paragraph.  If not, give your head a shake, and listen to this: if you’re reading this site, you probably have at least $2,000 worth of computer equipment.  Your time and your data is worth far, far more.  And you do NOT want your system attached directly to the same power grid that serves every other light bulb, motor, and heating element in your house.  And your neighbor’s house.  And the rest of your neighborhood.  And you certainly don’t want to be directly attached to the constant lightening strikes, transformer explosions, bird explosions, and a long, long list of other stuff that goes wrong on a daily basis.  We’re pretty good at keeping the power on, and relatively consistent, most of the time.  But consistent means somewhere between 100 and 150 volts.  Good enough for your oven.  Not good enough for your shiny new XPS.  Whether you know it or not, this matters.  Remember that hard drive that died on you?  The flaky video card?  Those weird blue-screens you were having a few months back?  The old Pentium-4 that died on you?  Bad power eats away at electronics, and eventually, destroys it.

And if you do have a UPS, is it worth the grief?  If you spent less than $100, it probably isn’t.  Sure, it’s going to be better than that power bar with the ‘Surge Protected!’ sticker and the glowing orange power switch.  It’s probably even better than your $1,500 Monster Cable PowerCenter.  And it even has enough of a battery to keep a small computer running for a few minutes when the power goes out.  But let’s face it: these sub-$100 models are kind of like the disposable inkjet printers of similar cost.  They usually get the job done, kind of, for a year or two.  But they’re not a pleasure to use.  They’re not exactly equipment you’d trust your life to.  And they’re not a particularly sound investment.  Cheap, sure, but not good value.

Enter the APC Back-UPS RS 1500VA LCD 120V, affectionately known as the APC BR1500LCD (catchy names).  This UPS isn’t really cheap, but you can probably track one down for under $200.  And once you drop that extra $100, you’ll never again spend any less on a UPS.


The first thing you’re going to notice when you pick this up is that it’s really big, and really heavy.  This is a good thing.  Small and light is fine for cell phones, but when it comes to handling power, it’s either big and heavy or it’s cheap and crappy.  The guts of this beast will do exactly what the marketing says they do: provide clean, uninterrupted power.  All the time.  The usual features are there, of course: phone line protection for your ADSL modem, co-axial protection for your cable modem, a USB port so your computer can talk to the UPS, a bunch of fancy software you’ll never install, and plenty of pure, sweet, power outlets!  Of course, you can expect pretty good battery life: I get about 20 minutes of backup for my big, honking tower (with two power-hungry video cards and more hard drives than I can count), three large displays, and all the usual accessories.  A second unit, powering only some vital (but low power) networking and telephone equipment at the moment, reports estimated battery life of over 8 hours, but I haven’t actually tested it to verify.

The second thing you’ll notice is that there’s a screen!  You may think this is a gimmick, but once you work with it a while, you’ll understand that rather than a gimmick, the screen is what turns this device from a big, heavy, beeping power strip to something a bit worthier:


As you can see, you’ll always have access to the three most important bits of data: power status, battery status, and load status.  This alone is a big deal.  It means you’ll never have to worry about overloading your UPS, you know exactly how your battery is doing, you know exactly what your UPS is doing, and you know why it’s doing it.  This information is presented in a way that even grandma can understand.  But there’s also a numeric component, which can be switched between different fields:

  • Current load, in watts: How much power your equipment is sucking down.  This is good information to have, even in a general sense, but becomes vital for working with a UPS.
  • Current load, in percent: A UPS can only provide so much power.  This shows you how close to the limit you are.  As a rule of thumb, it’s probably a good idea to keep this under 50%.
  • Output, in volts: Okay, this is a bit useless.  Hopefully this is pretty close to 120V, since that’s the entire purpose of this device.
  • Output, in hertz: And this is entirely useless.  Again, this is what the device is for; so long as it’s on and working, you can assume this is going to be 60.0 Hz (or damn close to it).
  • Input, in volts: This is a bit more helpful.  In theory, this number should be 120V, but it won’t be.  Input voltage will constantly change a bit, and often it will change a lot.  This reading lets you know exactly what your power company is delivering to you at any given moment.
  • Event counter: This is my favorite.  It’s a running count of the number of times the UPS has had to jump into action to save your equipment from a power surge, brownout, or blackout.  This doesn’t include the continuous massaging of more ‘normal’ power fluctuations to keep the output exactly where it should.  Since I last reset this counter a few weeks ago, this UPS of mine has dealt with 31 power events.  I noticed about 3 of them.
  • Estimated run time: Another really useful bit of information.  This tells you how long the UPS expects to be able to keep things running on battery.  You can get this information whether you’re running on battery or not, and it takes the current load, battery charge level, and battery health into account.  When the power is actually out, this acts as a countdown timer.

With all this information, your UPS becomes more than an annoying box that beeps mysteriously at you: it becomes a trustworthy addition to your system that you can understand and depend on.  And since power is the lifeblood of all your computer equipment, healthy power means healthy systems.

You need a UPS.  And this is the one you want.

Copyright © 2010 Paul Guenette and Matthew Sleno.