Outlook 2007 Crash When Synchronising With Exchange Server

Nice after-Easter problem - Outlook 2007 in Cached Exchange Mode would crash when synchronising with the Exchange Server.

If I started it up in Safe Mode (outlook.exe /safe) it would also crash.

I reconfigured it to not use Cached Mode and it worked correctly.

I managed to fix the problem by renaming outlook.ost and having Outlook rebuild it on next start.

For Vista users, outlook.ost is located at:

C:\Users\<username>\AppData\Local\Microsoft\Outlook

and for XP users it's located at:

C:\Documents and Settings\<username>\Local Settings\Application Data\Microsoft\Outlook.

Making Effective Use of Idle Time (Are You Certifiable?)

Chris Rue recently blogged about a Microsoft Learning online "game" called Are You Certifiable?

The competitor in me wanted to see how I'd go and if I could beat his score of 152,720. So I got 177,213 :-)

Competitiveness aside, AYC is a great way to learn about features of various Microsoft products in a fun way. Beats playing any of the standard games that come with Windows or random browsing of the Web.

So the next time you're waiting for an OS install to finish, why not try beating my score and learning something at the same time? Fun, and hones your technical skills at the same time.

Slow Opening of Office 2007 Documents From a Network Drive

In one of my recent SBS 2008 migrations a user complained that Word and Excel documents could take up to several minutes for the documents to open from a network drive mapped to a DFS share. His laptop was the only Windows Vista machine on the local network at the time.

My initial thought was that IPv6 lookups were stalling the opening of the documents, so I got the user to disable IPv6 according to MSKB 929852. This didn't work.

I remoted in to his laptop and had a look. I got varying load times, from 15 seconds to several minutes irrespective of file size.

I reverted to my old debugging method - opening the file in Notepad. Instant. Every time.

OK, must be a dodgy hotfix. None installed since the problem exhibited itself. OK, someone out in the Intarweb must have experienced this. My Google-fu isn't too bad, but I couldn't find anyone with the exact same problem. This TechArea post on slow DFS access was the reverse to what I was seeing, so I changed the NetBIOS reference (e.g. \\DOMAIN\DFS\Share) to a FQDN reference (\\corp.domain.com\DFS\Share).

Bingo - load times were back to normal!

I've now got a note to migrate all my DFS references from using the NetBIOS name to using the FQDN name prior to any Windows Server 2008 migrations.

Machine Account Passwords and Active Directory

If you've ever wondered how machine account passwords work and haven't been able to find a clear description and process in amongst all the different Knowledge Base articles and TechNet documentation, then I'd highly recommend reading the Ask Directory Services Team blog article on this very subject. It's clear, concise and well written.

I'd also recommend you add this blog to your RSS reader for anything AD related.

Failure in "the Cloud" for Some Australians

 

The Primus Data Centre in Melbourne lost power earlier today - around 2pm AEDT. No big deal you say, it's got UPSes and gensets. What's the problem?

The problem is that either the gensets or UPSes failed big time. It's now 6pm AEDT and the data centre is still having power issues. Thanks to Internode via their network status page and PIPE Networks via their CEO Bevan posting a status report at Whirlpool for letting us know what's going on.

The even bigger problem is the number of customers affected. Netspace - an ISP - were down nationally for around an hour. A number of hosting companies are still down, and a number of ISPs servicing Tasmania transit through this data centre, so their Tasmanian customers are isolated from the Internet.

It's understandable that the data centre lost power, given the recent heat wave in Victoria and the associated infrastructure problems (power, rail) that has caused. It's also understandable that UPSes - even arrays - fail, as do generators. What's not understandable is the number of hosting companies and ISPs that don't provide redundancy for their own infrastructure. Assuming that a data centre is always going to be up and running is a really bad assumption.

The simplest form of redundancy is having an offsite DNS server. That way you can at least respond to DNS queries and gives you options for swinging in temporary services at short notice to explain to customers what is going on. The same can be done for mail using offsite MX and some offsite Web presence, especially for support services.

So if you're expecting 24x7 from a hosting provider, you probably need to ask them how many data centres they're running on and how much redundancy across data centres there is. Even a data centre is a point of failure.

Enabling Remote File Access in Outlook Web Access on SBS 2008

One of the nice features of Exchange Server 2007 that helps eliminates those irksome VPN clients (and the associated configuration pain) is the WSS and Windows File Share Integration.

This facility gives you read-only access to WSS sites and file servers sitting inside your network. Very handy if you need a file when you're on the road and no-one is in the office to e-mail it to you, or you can't use Remote Web Workplace to connect to an internal PC.

By default, Exchange Server 2007 on SBS 2008 is configured to allow access to files on remote file servers, but additional configuration is needed. Specifically, the names of the  servers need to be added.

Fire up the Exchange Management Console, expand Server Configuration and select Client Access.

Right-click on "owa (SBS Web Applications)" and select Properties.

Click on the Remote File Servers tab and click on Public Computer File Access and/or Private Computer File Access and confirm that file access is enabled accordingly.

The settings in these tabs relates to the features available depending on whether you select Private Computer or Public Computer when you log in to Outlook Web Access. Take this into consideration when deciding what you want to enable/disable.

Click on the Remote File Servers tab and click Allow...

 

Enter the server name you want to allow access, click Add, then click OK. If you want to allow access to the SBS server, enter its name here. Please note that all shares will be available to Outlook Web Access, depending on the user's access to those shares.

Similarly you can click on the Configure... button in the Remote File Servers tab and add "<company>.local" to enable access any WSS applications you have additional to the companyweb application. Replace <company>.local with the DNS suffix used by your SBS 2008 network.

Test your configuration by logging into Outlook Web Access, selecting the appropriate security profile. Now click on the Documents shortcut (you may need to click on the >> link under the OWA graphic to expand the Navigation Pane).

Click on Open Location.

Type in the UNC path to the file share (e.g. \\SERVER\Shared) and click Open.

Outlook Web Access will then display the shared folder contents. Click on "Add to Favorites" if you want to add the shared folder to your Documents Favourites list for quicker access on return visits.

 

Again, please note that this is read-only access - you will need to save any changes you make locally, then copy the changed file when you get back to the office. If you need read/write access without bothering with a VPN client then using companyweb via Remote Web Workplace is the preferred option.

Microsoft File Transfer Manager - Moving In-Progress Transfers to a New PC

When I migrated my SBS2003 box to SBS2008, I had a bunch of downloads queued up in Microsoft File Transfer Manager and the active transfer was a 10GB file that was more than halfway through. My monthly quota before shaping kicks in is 40GB, which is generally more than enough for what I do, but not so this time around.

I didn't really want to delay the migration nor did I want to have to re-download the file, so I looked at moving the in-progress trnasfer to another PC. Here's how I did it:

• Download Microsoft File Transfer Manager
• Install FTM, run it, enable updates and create a desktop shortcut
• Copy the files found at %USERPROFILE%\Application Data\Microsoft\File Transfer Manager from the old PC to the new PC
• Edit ftmTransferList.txt if your in-progress transfers are being moved to a different drive and folder path
• reference is URL encoded: %5C for \, %3A for :
• Copy your in-progress transfer files from the old PC to the new PC
• Export the registry settings found at HKEY_CURRENT_USER\Software\Microsoft\SIAM\FileTransferManager\Settings from the old PC and merge on the new PC
• Run FTM from the desktop shortcut and resume the transfers

Customising the Error Message for IP Block List Providers in Exchange Server 2007

One of the things I did for blocklist error messages in Exchange Server 2003 was to provide the lookup URL for the affected IP address. This makes life easier for the other end when they try to diagnose why their mail wasn't delivered.

Microsoft's Knowledge Base article 823866 details how to go about doing this by using the variables %0, %1 and %2.

When I performed my SBS2003 to SBS2008 migration, I went to do customise the blocklist error messages, but found that %0, %1 and %2 don't work. After some mucking around I found that {0}, {1} and {2} work instead.

Here's the Powershell command I used to add a custom error message for lookups done against the Spamhaus list:

Add-IPBlockListProvider -Name zen.spamhaus.org -LookupDomain zen.spamhaus.org -AnyMatch $True -Enabled $True -RejectionResponse "{1} has blocked your IP address ({0}) using the list '{2}'. Please see http://www.spamhaus.org/query/bl?ip={0} for further information."

Resetting Offline Files in Windows Vista

If you have a need to completely blow away the Offline Files cache contents due to corruption, confusion or sheer frustration, the following steps will achieve this:

Run regedit

Navigate to HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\CSC

Create a new key and name it Parameters

Inside Parameters, create a new DWORD value; name it FormatDatabase

Give FormatDatabase a value of 0x1

Restart your computer.

Unlike Disable Offline Files in the Offline Files Control Panel applet, this process will completely wipe out any Offline Files and any offline changes you have made. This should be a change of last resort. Make sure you have a backup before you perform this action!

TechEd Australia – SMB Pre-Day – SBS/EBS and Virtualisation

The “Ask the Experts Q&A” session is generating some interesting comments about SBS/EBS, virtualisation and support. The useful Knowledge Base articles regarding these topics are:

• Article 897613: Microsoft Virtual Server support policy

• Article 897614: Windows Server System software not supported within a Microsoft Virtual Server environment

• Article 897615: Support policy for Microsoft software running in non-Microsoft hardware virtualization software

• Article 957006: Microsoft server software and supported virtualization environments

.NET Framework 3.5 SP1 Issue With Windows SharePoint Services 2.0

Probably not a good idea to install .NET Framework 3.5 SP1 on your SBS 2003 boxes. A recent SharePoint Team blog post talks about the errors and the resolution if you have done this.

Fixing SBS 2003 RWW for Console Access From XP SP3, Vista SP1 and Windows Server 2008

Sick of waiting for Microsoft to release a fix to RWW to enable Console access to SBS 2003 and any other Windows Server 2003 systems connected to your SBS network? So am I. So I’ve fixed it. Process is as follows:

Navigate to C:\Inetpub\Remote

Make a copy of tsweb.aspx

Open tsweb.aspx in your favorite editor (mine’s Notepad++)

Line 304 looks like this:

MsRdpClient.AdvancedSettings2.ConnectToServerConsole = console

 

Replace it with this:

version = MsRdpClient.Version
if strcomp(version,"6.0.6001") < 0 then
  MsRdpClient.AdvancedSettings2.ConnectToServerConsole = console
else
  MsRdpClient.AdvancedSettings2.ConnectToServerConsole = false
  MsRdpClient.AdvancedSettings6.ConnectToAdministerServer = console
end if

 

Save the changes. You can now establish console sessions to your SBS 2003 box and any other Windows Server 2003 boxes on your SBS network.

If anyone’s got a better way for displaying code in a Blogger page I’d be interested in knowing about it.

Sharp Inertial Shock Not Just For Astronauts

Can’t find the reference to “sharp inertial shock” – must have been a documentary I saw.

Apparently on one of the NASA Space Missions one of the astronauts phoned home and asked for some help with a piece of equipment. The technician at hand apparently either had a camera or some PHBs on/around him so he replied:

“Apply a sharp inertial shock.”

to which the reply was:

“Say again Houston?”

and the follow-up response:

“Uh, hit it.”

I love the phrase and probably overuse it.

Which is why I immediately thought of it when I saw this article:

Knock-based commands for your Linux laptop

Brilliant! I have a friend who can get over-excited when the computer doesn’t do what he expects it to do. Something like this could prove quite amusing if caught on camera. I can think of some nice practical jokes if something like this was available under Windows.

Does make you wonder what future interfaces are going to be built. We’ve got gestures with mouse/stylus/finger flicks, shaking/tilting for mobile devices with accelerometers and now knocking for laptops with accelerometers. Argh, got “shake your booty” running around inside my brain. I’ll stop now…

SBS 2008 RC1 Is Out

Microsoft have made SBS 2008 RC1 available via Public Preview. It can be downloaded from here.

Other useful links from the TechNet site:

Release Notes, Installation Guide, SBS Documentation, SBS Resources and the SBS 2008 Evaluation Centre.

 

Very handy documents to download and read:

Windows Small Business Server 2008 Installation Guide

Windows Small Business Server 2008 Console Help

Windows Small Business Server 2008 Migration Help

Migrating to Windows Small Business Server 2008 from Windows Small Business Server 2003

Migrating to Windows Small Business Server 2008 from Windows Small Business Server 2008

Windows Small Business Server 2008 Release Candidate Reviewer’s Guide

 

Three very useful resources to keep an eye on while evaluating and testing SBS 2008:

The Official SBS Blog

SBSfaq.com

Smallbizserver.Net

 

And finally, if you plan on testing this in a Virtual Machine, check out:

VMWare Settings for SBS 2008

Note that SBS 2008 requires 4GB of RAM. It won’t install with any less memory than this. You can use an evaluation of VMWare Workstation or either VMWare Server or VMWare Server 2.0 Release Candidate. Both VMWare Workstation and VMWare Server 2.0 Release Candidate support USB 2.0 devices, so you can test server backups/recovery with removable USB drives with these products.

Essential Business Server RC1 Is Out

Microsoft have made EBS RC1 available via Public Preview. It can be downloaded from here.

Other useful links from the TechNet site:

Release Notes, Installation Guide, EBS Documentation, and the EBS Evaluation Centre.

 

Very handy documents (in .doc, .pdf or .xps format) to download and READ (as Susan says) before any migrations:

Windows Essential Business Server Product Overview

Windows Essential Business Server Getting Started Guide

Windows Essential Business Server Installation Guide

Migrating Active Directory Domain Services Scripts, Roaming Profiles, Redirected Folders, and Home Directories to Windows Essential Business Server

Migrating the DNS Role to Windows Essential Business Server

Migrating DHCP Server Service to Windows Essential Business Server

Migrating Microsoft Exchange Server to Windows Essential Business Server

Migrating from Windows Small Business Server 2003 to Windows Essential Business Server

 

Two very useful resources to keep an eye on while evaluating and testing EBS:

The Essential Business Server Team Blog

EBSfaq.com

 

And finally, if you need some gear to run this on, check out:

HP BladeSystem – in particular, the c3000 enclosure (“Shorty”)

IBM BladeCenter – in particular, the BladeCenter S offering

Intel Modular Server

How to Demote a Long-Disconnected Domain Controller

Just looking back on some old notes.

Found out nearly 4 years ago that I had to reconnect a branch office Windows Server 2003 domain controller that had a reasonable amount of data (in DFS) and apps on it and I had a weekend in which to do it. A re-install would have been pushing it. Especially the DFS replication (don't even ask about the backups...).

I distinctly remember at the time that there wasn't anything on TechNet, except one of those teaser PowerPoint presentations saying how Windows Server 2003 had better support for long-disconnected domain controllers (which I can no longer seem to find with Google. Hmph.).

Some of my Kerberos experience on FreeBSD and - at that time - my new-found knowledge of pointing Google at Microsoft to search for useful information helped me to try to understand what was going on.

After having a good guess of what I thought was wrong and running down some dead-ends, I ended up surprising myself when the following process worked:

• Change tombstone on FSMO DC to 180 days
• Push out changes from FSMO DC to other DCs using replmon
• Remove GC role from long-disconnected DC on both FSMO DC and on long-disconnected DC using AD Sites and Services
• Push out changes from FSMO DC to other DCs using replmon
• Stop and Disable KDC on long-disconnected DC
• Use netdom to reset machine account password for long-disconnected DC on FSMO DC
• netdom resetpwd /server:<FSMO DC hostname> /ud:<Domain>\<Admin Account> /pd:<Admin Passwd>
• restart long-disconnected DC
• Use dcpromo repeatedly to demote server (I got timeouts for netlogon taking too long to respond; WAN authentication latency problem?)
• restart the now demoted long-disconnected DC
• Click OK to "one or more services failed to start"; not finding a DC
• Use Terminal Services to remove demoted DC as a DNS NS from AD-integrated zones on the FSMO DC
• Use Terminal Services to connect to FSMO DC and replicate the entire domain
• run dcpromo to promote standalone server

Thought I'd post this to help out any other poor sod stuck in this sorry state.

Might just have to run up a couple of VMs to verify this still works...

TechNet now has guidance on this with the Reconnecting a Domain Controller After a Long-Term Disconnection article. Doesn't look like what I've got above.

The Power of Community (Susan Bradley, You Rock!)

April was a bad month for me. My father was hospitalised on Monday 7th and I spent the early part of that week trying to help Dad work out what he was going to do after leaving hospital. My father was fiercely independent and had been living independently up until that point. Things got worse on Thursday 10th when Dad was told that his kidneys were shutting down. I'd organised a flight for Friday, but due to a bird strike I wasn't able to get there until Saturday morning. My father had passed away during my flight over on the Saturday. Renting a hire car turned out to be a painful process, but the drive from the airport to the hospital was great as I was able to recollect all the good times I'd had with my father. I've still got a great image of my father with his large black-framed glasses, thinning hair, his close cropped beard and a cheeky smile showing his broken, yellow teeth. The look he'd give after saying something pithy.

My sister had recently separated from her husband and was looking after her three children, so the task of packing up my Dad's rental place, organising the funeral and carrying out the executor role fell primarily on me. I was able to get the flat emptied, organise those tasks that needed doing locally and organising the funeral all in five days so I could get home to my 8-month pregnant wife.

During this time I still had work commitments. Most of the tasks I was able to delegate accordingly with the exception of a budget submission for a client that was going to be performing asset transfers to a new entity in their new financial year and also required moving from SBS 2003 due to the 75 CAL limit. I was recommending an SBS 2003 to Essential Business Server migration, but due to the lack of pricing details I wasn't able to come up with software licensing costs. My alternative was to price up the SBS 2003 Transition Pack as well as full priced versions of the SBS components. The Transition Pack got tricky as the SBS licenses were Open Licences with Software Assurance at Government pricing. The Transition Pack was Retail license only. As you can see this got ugly early.

In a fit of desperation I sent an e-mail to the SBS Diva, Susan Bradley, asking if she knew of anyone that would be able to assist me with working out the best transition method license-wise. Not only did Susan find me a group of people who were able to provide answers to some of the questions I was posing but she also sent me some very nice e-mails of support during the flat-clearing stage. Susan also kept an eye on the replies I got and followed up with me to ensure I was getting useful feedback. Pretty amazing seeing that I only met Susan once in person at the SMB Security Summit in Sydney last year and other communication via e-mail and blog comments.

This epitomises the power of community (and just how amazing Susan Bradley is!). Engaging with like-minded people, building relationships and helping one another. Now I'm not saying that I pretend to know Susan, but her blog demonstrates her generous nature, her attention to detail and her professionalism. Without this record I never would have sent her the e-mail asking for assistance. I sent the e-mail knowing that I could rely on the answers to be correct.

This trust is the most valuable attribute you can develop when engaging in community activities. Opinions are great as they help define you and your world view to others, but trust is developed by providing high quality and correct information. And when the information isn't correct or incomplete, then prompt apology and providing correct information is paramount to re-establish trust. On top of this consistency is important. If you look at Susan Bradley's blog you get all of this and more.

So in my roundabout way I'm really trying to publicly acknowledge Susan for her amazing contribution in what was a very difficult time for me. Susan you are a LEGEND! You are the glue for the SBS community and I thank you very much for the help you have provided me and I hope that I'm able to repay the generosity that you extended to me. If not to you directly, then to the others in the SBS community by means of paying it forward.

My Blogging Hiatus

It's been a bit quiet in terms of posting lately.

My father passed away on April 12 for which I had to fly over and organise the funeral as well as finalise his estate and my wife gave birth to our second child (Sarah Grace) on May 9.

Assisting clients with IT budgets for the next financial year (plus lining up subsequent years) on top of the usual day-to-day business has also kept me out of trouble.

I'll be resuming my posting shortly.

Internet Explorer 8 Beta 1's Not Much Better

OK, try the same thing with IE8 Beta 1. This time I only opened 4 tabs, then closed them down.

Task Manager:

 

Same thing with Firefox 2.0, after loading exactly the same pages and closing them in exactly the same order:

Task Manager:

Yeah, I know, not scientific. But I'd like my RAM back. Especially considering it's running on Vista.

As an aside, the time between closing the "empty" IE7 window last night and the iexplore.exe process finally exiting was ~30min. And before anyone asks the Temporary Internet Files folder was not set to be emptied on exit.

Must get another 2GB of RAM for my laptop. Plus a faster hard drive.

Which begs the question - when are we going to start seeing >4GB laptops? And >8GB non-server motherboards? Because it's clear to me that the big software developers of this world are living in fantasy land and are far more concerned about their profits, time to market and the cost of developers (probably in that order too) rather than what the user actually wants.

The memory bloat is everywhere - office apps, PDF viewers, anti-malware, OSes...

I think for all the waiting I've done for bloatware this year I could have spent the time finding the extra 1KB I need for my BBC B to display a decent windowing system :-)

I think I'll just go back to my book. Hey, when did Sci-Fan get so big? 500+ pages, trilogies that run to 10+ books...... <sound of rant fading into the lounge>

I'm reading The Wheel of Time by Robert Jordan - up to book 9. I really, really need an upside to something right now...

Internet Explorer 7 - Poor Memory Management

OK, I've had an IE window open for about a week now. I've closed down the 50-odd tabs I had open (would have had another 200-odd tabs open during that time though not concurrently), leaving it with an empty tab:

What does Task Manager think about it?

Hmm... My Firefox 2.0 footprint was smaller than that...

IE8 Beta might be getting an install shortly...

Telstra Mobile Network - Network Time Problem and 2008 DST Changes

Today's been a weird day due to the fact that both my Nokia N95 and my wife's Nokia E51 rolled back from AEDT to AEST. I'm the only one that noticed it though.

In the past us Tasmanians would go to daylight savings times about 3 weeks ahead of our mainland counterparts that participated in daylight savings (South Australia, Victoria, ACT, New South Wales) and then change back at the same time.

Last year an agreement was reached for the states that participated in daylight savings (except Western Australia, who've introduced a DST trial for 3 years) to change to daylight savings on the last Sunday in October and change back on the first Sunday in April. The appropriate State departments promulgated their DST changes around March/April last year.

Thankfully organisations like Microsoft responded promptly with DST patches. Unfortunately, organisations like Nokia and Telstra ignored the changes and made no provision to cater for these changes.

I've just spent half an hour on the phone with Telstra explaining what the problem is and possible remediation steps to get the problem resolved. Apparently their mobile phone helpdesk has had an incredible spike in calls today, with the bulk of them about the DST change.

So the point of this post is if you're responsible for devices that require accurate time, or have their time synchronised, make yourself aware of local DST changes and plan for changes and also have contingency plans for when providers/suppliers are slack. If you're responsible for systems that span multiple timezones and/or countries, then you need to keep an eye on resources such as Microsoft's Hot Topics for Daylight Saving Time changes, which helps aggregate these changes into one resource.

I wonder how many people are going to be an hour late to work tomorrow?

Sophos Enterprise Console - Stuck on Connecting to Server

I have a problem on an SBS 2003 Premium Edition box (2 NICs and running ISA Server) where launching the Enterprise Console sits forever at the connection screen.

 

This is the same problem even if I perform a console-only install to a separate box.

The drastic remedy is to reboot the server. By using the console on a separate box I was able to use TCPView to find that EnterpriseConsole.exe was connecting to MgntSvc.exe on the server.

I then tried stopping the service from the command line:

> net stop "Sophos Management Service"

Which resulted in me being told that the service could not be stopped. I then used PsKill to stop the service:

> pskill "Sophos Management Service"

And I then restarted the service:

> net start "Sophos Management Service"

This then allowed me to successfully use the Enterprise Console.

Hyper-V Release Candidate is Here

Microsoft have made the Hyper-V Release Candidate available.

The Release Candidate has better (but not complete) localisation support, support for the x86 versions of Windows Server 2003 SMP, Vista SP1 and XP SP3, integration components for Vista SP1 and XP SP3 (yay!), and improved performance - especially with pass-though disk support.

It's looking good so far...

SBS2003 Remote Web Workplace, Console Access and That Awful /admin Change

OK, those of us that have worked with SBS2003 for quite some time tend to put Remote Web Workplace (RWW) right up there on our list of favourite SBS features.

The best feature I like is the pre-authenticated access to enable RDP proxy to the servers in the SBS network (although the use of port 4125 can be a pain behind some firewalls). The "Log on to or resume the console session of the remote computer" allows me to effectively remotely manage the server as though I was on site.

This is particularly useful when dealing with programs that require Session 0 - commonly known as console - access (for a concise description of terminal services history and session 0, see the Terminal Services Sessions: Then and Now article or the Wikipedia Terminal Services entry).

Over the last few months, I'd been finding that the Patch Tuesday reboots on the boxes I'd been RWW'ing to had resulted in hung systems, similar to what Susan Bradley's September 2006 blog entry records. Today, I saw the Ask the Performance Team's blog entry on The Reboot that Wasn't. This seemed to detail exactly what was going on with me, but I'd been enabling the "Log on to or resume the console session of the remote computer" option. So surely this wasn't my problem - or was it?

So I did some digging. I picked a Windows Vista RTM box, a Windows Vista SP1 box, a Windows Server 2003 SP2 box and a Windows Server 2008 box. I tried RWW'ing to my SBS 2003 box on each of them with the "Log on to or resume the console session of the remote computer" option set.

The results were as follows:

Windows Server 2003	Session 0
Windows Vista RTM	Session 0
Windows Vista SP1	Session 1
Windows Server 2008	Session 1

 

What's going on here? Shouldn't that be Session 0 for all those RWW clients?

No, not exactly. The problem we're seeing here is that the Remote Desktop Client (version 6.1) found in Windows Vista SP1 and Windows Server 2008 has dropped the /console switch and replaced it with /admin. The description of this change can be found in MSKB 947723 and also at the following Terminal Services Team Blog entry (same entry as the KB article, but with user comments). This change also extends to the programmatic interfaces that RWW uses.

As I commented in the Terminal Services Team Blog entry, this change was unwarranted, as the /console switch could have been left alone and have the code handle graceful fallback from the security-enhanced console access in Vista SP1 and Windows Server 2008 to the Session 0 access in Windows XP and Windows Server 2003.

So, the Terminal Services team has broken console access from RWW. Doesn't say much for the QA process when an entire product feature that relies on the Remote Desktop Client isn't tested for regression.

So what can be done to mitigate this? Well, you can use something like CopSSH on the SBS box and ssh to it, then use an ssh tunnel to connect to the SBS box using RDP (a how-to guide can be found on this Remote Desktop and SSH page). Or you can allow direct RDP access to the SBS 2003 box, which is very useful if you're running the Premium Edition and using ISA Server as you can leverage the ISA Server lockdown mode - which means you get RDP access when ISA's in lockdown and you can also tighten up RDP access to a restricted set of computers when ISA's running normally. For Standard Edition, or non-ISA Premium Editions, RDP restriction should be done by your firewall device.

For a hardware solution, something like an iBoot remote power management device might be useful to help with those hang on shutdown problems.

Anyway, patching over RWW can be problematic - see the Repeat after me.... you don't patch over RWW blog entry and the Some months you can't patch over RWW blog entry for some reasons why patch over RWW is bad.

Windows Vista SP1 - Why Isn't Windows Update Showing It To Me?

If you're waiting patiently for Windows Vista SP1 and Windows Update isn't letting you know about it, then you probably want to go and look at MSKB 948343 for a list of reasons why you're not seeing it.

In particular, check your driver versions. This is the current list of drivers known to be problematic with SP1:

Audio drivers
Realtek AC'97

• For x86-based computers: Alcxwdm.sys - version 6.0.1.6242 or earlier

• For x64-based computers: Alcwdm64.sys - version 6.0.1.6242 or earlier

SigmaTel

• For x86-based computers: Sthda.sys - version 5.10.5762.0 or earlier

• For x64-based computers: Sthda64.sys - version 5.10.5762.0 or earlier

SigmaTel

• For x86-based computers: Stwrt.sys - version 6.10.5511.0 or earlier

• For x64-based computers: Stwrt64.sys - version 6.10.5511.0 or earlier

Creative Audigy

• For x86-based and x64-based computers: Ctaud2k.sys - version 6.0.1.1242 or earlier

• For x86-based computers: P17.sys – all versions (This was originally a Windows XP-based driver.)

Conexant HD Audio

• For x86-based computers: Chdart.sys - version 4.32.0.0 or earlier

• For x64-based computers: Chdart64.sys - version 4.32.0.0 or earlier

Biometric (Fingerprint) Sensors

• AuthenTec Fingerprint Sensor with the Atswpdrv.sys driver file – version 7.7.1.7 or earlier

• UPEK Fingerprint Sensor with the Tcusb.sys driver file – version 1.9.2.99 or earlier

Display drivers
Intel Display

• For x86-based computers: Igdkmd32.sys – versions between and including driver 7.14.10.1322 and 7.14.10.1403

• For x64-based computers: Igdkmd64.sys – versions between and including driver 7.14.10.1322 and 7.14.10.1403

Other drivers
Texas Instruments Smart Card Controller with the GTIPCI21.sys driver file – version 1.0.1.19 or earlier
Sierra Wireless AirCard 580 with the Watcher.exe application – version 3.4.0.9 or earlier (This application is located in the AirCard 580 Program Files folder.)
Symantec software driver for Symantec Endpoint Protection and for Symantec Network Access Control clients

• For x86-based computers: Wgx.sys – versions 11.0.1000.1091 or earlier

• For x64-based computers: Wgx64.sys – versions 11.0.1000.1091 or earlier

Note Symantec is aware of this issue, and it is working on a solution. Symantec provides various update procedures. This includes their LiveUpdate service.

Windows Server 2008 Standard Edition - License Change Regarding Virtualisation

The introduction of Hyper-V to all editions of Windows Server 2008 (except Web Edition) has meant there's been a licensing change to the Standard Edition.

The previous editions of Windows Server Standard Edition allowed for 1 instance of Windows Server to be installed as a Physical Operating System Environment (POSE) or as a Virtual Operating System Environment (VOSE). This meant that if you wanted to host a virtualised Windows Server 2003 R2 Standard Edition on say Virtual Server 2005 R2 running on Windows Server 2003 R2 Standard Edition, then you needed to acquire 2 licenses of Windows Server 2003 R2 Standard Edition - one for the physical instance and one for the virtual instance.

The new licensing change brings the Standard Edition in line with the Enterprise Edition. This means that Windows Server 2008 Standard Edition can be installed twice using the one license - once for the physical instance and once for the virtualised instance. The caveat is that the physical instance can only be used for the purposes of hosting the virtualised instance. All the workload for the Standard Edition license is to be performed in the virtualised instance, with the physical instance used to host and maintain the virtualised instance.

More information can be found in the Licensing Information section of the Hyper-V FAQ, Microsoft's Licensing Virtualisation changes and the Volume Licensing Product Use Rights.

Wisptis.exe Can Cause Browsing Problems

I went up to serverunleashed.com last week to have a look at Microsoft's marketing efforts for Windows Server 2008 launch.

On my freshly installed Windows Vista Business x64 with SP1 laptop, I was finding that Internet Explorer was locking up before getting to the loader progress bar (the one that appears on Vista and Server 2008 boot up).

I disabled all the add-ons (except Silverlight) to see if one of the add-ons was causing the problem. No go. My XP boxes were displaying it OK, as was my test Server 2003/2008 boxes and another Vista box.

One thing different with my laptop is that it has a Wacom Bamboo tablet. Which means that loads a heap of tablet-specific drivers and helper applications. I would find occasionally that when I launched Internet Explorer it would prompt me to run wisptis.exe, for which I always clicked Allow but never checked "Do not show me the warning for this program again". I thought this might be the problem, because when I force closed IE7 and selected "Look for a solution to this problem and restart Internet Explorer" it would restart IE and prompt to run wisptis.exe.

I went hunting for wisptis.exe and found that it's a pen input device utility that can be installed from a variety of sources, including being bundled with the OS. It's also useful in talking to the tablet digitisers, so removing it or not running it can impact on the usefulness of the tablet device.

Once I checked "Do not show me the warning for this program again" when prompted to run wisptis.exe and clicked Allow, then I was able to successfully view serverunleashed.com.

So if you're having Internet Explorer lock-ups when visiting a site and you've got tablet devices/drivers installed, this could be your problem.

Who Do You Trust?

We place a large amount of trust in big organisations when we browse to their sites - banks, insurance companies, telecoms + technology companies, etc. We assume that they're doing the right thing and have appropriate security measures in place to prevent breaches and ensure the integrity of their sites.

Two recent episodes have taken place that highlight the problems are the whitepages.com.au banner ad injection and the Trend Micro site compromise on one of their Japanese sites.

Now both of these exploits highlight that large organisations have SNAFU moments too. Unfortunately given their market position, and in Trend's case their security reputation, we can tend to trust them too much.

My take on both these exploits is to:

• regularly review dynamic code injection into your sites (e.g. banner ads); get rid of them where possible and try to restrict the type of content generated.
• perform regular integrity checks on your sites; create MD5 or SHA1 checksums of your site prior to deployment, then check these checksums regularly. Shut down the site if the checksums change.
• make sure you have malware protection software and it's up to date; nothing new in this one really.
• investigate browser add-ons to help prevent malware infection; IE7Pro for Internet Explorer is good, as is NoScript for Firefox

Remember, ultimately you are responsible for the health of your systems. If Trend Micro are able to be compromised, so are you. Don't outsource your security responsibilities. Have a healthy sense of paranoia and apply a "secure by default" mindset when setting up your Web sites and also your Web browser.

WSS 3.0 Extranets on SBS 2003 - Solved with External Collaboration Toolkit for SharePoint

I never really bothered with SharePoint until WSS 3.0/MOSS 2007 came out and then got overwhelmed with the sheer size and complexity of the architecture.

Once I managed to get a handle on it, I found it to be an exceptionally powerful package with some very nifty features.

I was excited when I saw SharePoint had the concept of different zones for the same content with the ability to use different authentication providers for each zone. Thus began my quest to find an existing package or template that provided user registration and management for Extranet users for a SharePoint site.

After a few false turns I ended up settling on SharePoint Custom Forms Authentication Feature (SCFAF). The setup wasn't intuitive nor was it simple - especially when I had to quickly hack up a simple .aspx page to add the initial user management user to the ASP.NET membership database.

It worked, but there were a few rough edges, particularly in the area of Extranet user administration and self-service. But this was still acceptable for the purposes in which it was to be used.

Further development seemed to have stalled on SCFAF and I had resigned myself to wait for a release of CKS:IEE (Community Kit for SharePoint: Intranet/Extranet Edition). Then out of the blue - well at least for me - came the Extranet Collaboration Toolkit for SharePoint Beta. On paper, this rocked! It provided the exact feature set I was after for this type of tool. The big downside for me was that the Beta didn't work out of the box on SBS 2003 - a real pain, as most of the WSS 3.0 sites I look after are on SBS 2003 boxes.

I ended up having to perform a manual install (detail here) and hack a DLL to modify the hard-coded LDAPS port so that I could get the ECTS components to talk to the ADAM instance on the SBS box. Side note: I find it quicker to respond to other people's blogs than write my own, hence the blog comment link!

I logged this "bug" on the Microsoft Connect site, but the bug was essentially closed, with "feature as designed" as an excuse.

I didn't give up however. I asked Susan Bradley to help make some noise about it and I managed to find this blog entry by someone in Microsoft who sounded like they were working on this project. This "someone" turned out to be Bill Canning - Project Manager for ECTS!

I e-mailed Bill to let him know how I managed to hack my way around the hard-coded LDAPS port (not as simple as it sounds, as I had to re-sign the DLL and then do some PE header stripping to get the DLL into the GAC).

Bill's response that this wasn't on his team's radar for their release goals, but would be releasing the code on CodePlex so I could rebuild the DLL that way.

Four days later I had another e-mail from Bill to tell me that the feature I'd requested (removing the hard-coded LDAPS port from a component DLL and requesting an LDAPS port for the ADAM instance) had now been implemented and to await the final release.

I pinged Bill last week regarding the release of ECTS as it had been a month since the feature went in. Bill very kindly provided me with a pre-release so I could confirm its operation on SBS 2003. It went smoothly! I've provided some feedback on the documentation and I'm currently happy with the operation of ECTS on SBS 2003. The release will happen Real Soon Now(tm).

My final comments are that if you need an Extranet solution based on Windows SharePoint Services, then you need to at least review Extranet Collaboration Toolkit for SharePoint - especially for use on SBS.

The second point is don't take no for an answer. If you've got a good idea for a feature request and you believe it should be there, be persistent. Don't take no for an answer and argue your position in multiple forums. Also demonstrate that you're prepared to do the hard yards to help get the feature working. Bill can correct me if I'm wrong, but I believe my persistence is what helped to get ECTS running on SBS 2003.

SPAM - Finding the culprit who sold your e-mail address

One of the (very many) things that annoys me in the IT world is spam. Even more annoying is working out which of the multitude of Web forms I've filled in has then either had its mailing list stolen or sold.

Most of the time I don't bother - I add my Gmail account as the e-mail address to the forms. However there are those Web forms that don't accept hosted e-mail accounts and want you to use your corporate or personal e-mail address.

If you can easily add e-mail aliases to your corporate or personal e-mail address then you might be interested in the following technique.

I run my own mail server, so I've recently taken the step of adding a suffix of ".spamtrack.source.<website>" to my business e-mail address to create a new alias, where <website> is the site that wants my business e-mail address.

So if my e-mail address is me@example.com, then my new alias for a Microsoft Web form becomes me.spamtrack.source.microsoft@example.com.

It's a bit longwinded and fancy looking - I wanted something that looked like an automated system handles it. It also means I can add that later if I bother scripting something to take care of it and auto-mail abuse@ to tell them that my e-mail address has either been stolen or sold. I could possibly even extend it to be something like me.spamtrack.source.microsoft-dont-sell-my-email-you-sods@example.com.

So now I'm able to see who's selling my e-mail address or who has had their mailing lists stolen. And if the spam levels climb up, then I can simply kill the alias.

SBS 2003 Media, Service Packs, Repair Install - Oh My!

This has been a long-running battle I've had with Microsoft over the years - the inability to either roll my own slipstreamed SBS media, or obtain slipstreamed SBS media at reasonable cost (like the Volume License media kits).

Why would I want to roll my own or access low-cost SBS media, you ask?

Well, if you ever have to do a Repair Install of your SBS box and you've added a Service Pack, you're hosed. The Repair Install will undo the service pack applied to the once-working box, and on reboot will give you a lovely blue screen. The only way around this is to restore from the last full backup, or re-image from your favorite imaging tool of choice (two listed below if you're not already using one).

Thanks to the wonderful advances of products like Acronis True Image and ShadowProtect, performing Repair Installs are a thing of the past, especially if you're using Repair Install to migrate a Retail SBS install to new hardware. The hardware independent restore capabilities of these products makes a full backup / minimal install / full restore / repair install redundant, as well as a lot slower.

But it's a pain if you don't have these, so make sure you have SBS media from the same channel (OEM, Retail or Volume License) with the Service Pack you're running already slipstreamed. Or simply don't install Windows Server 2003 Service Packs to SBS 2003 boxes.

The Tale of Two Browsers - Battling the Memory Bloat and Performance Loss

I'm a big fan of Gmail - especially when it comes to technical mailing lists and the contextual advertising it provides. I quite regularly use the suggested links for product research.

Up until recently, I'd been using Gmail inside Internet Explorer 7. Around the time of the new Gmail interface, Gmail started getting slower and IE7's memory profile started getting bigger. IE7 also got a lot less stable, so much so that I needed to not only install IE7Pro for session crash protection, but I had to launch a separate IE7 process just for Gmail.

I finally got sick of the instability and slowness, so I thought I'd give Firefox a crack at it. Not only is Gmail more responsive under Firefox, but Firefox is using a lot less memory than the equivalent IE7 process and it doesn't keep growing like IE7 does.

I get the distinct impression that there are quite a few memory leak and garbage collection problems in IE7, which makes it a problem in a Web 2.0 world, or for browser power users. It would be nice to see Microsoft address this problem in current and future releases of their browser.

The added advantage of Firefox is that I can use addons like Better Gmail 2 for a richer, more productive browser experience.

I'm still using IE7 for all my other browsing, so the del.icio.us addons for both browsers come in handy for centralised bookmarks.

Heroes Happen {2008} - Good News for Hobart and Darwin!

If you go up to the Heroes Happen {2008} site, you'll notice an absence of Hobart and Darwin in the list of venues.

Good news! Microsoft are going to do a Wave launch in Hobart and Darwin. It's going to be scaled down relative to the launches in the other capital cities, but this is certainly better than nothing at all.

The dates I've been provided with are:

8 April - Darwin

15 April - Hobart

Contact Microsoft Partner Services on 132058, option 4 to make sure you're added to the invite list for these events.

Details will be added to the Partner Portal in due course.

Indexing Office 2007 Documents Using Windows SharePoint Services 3.0

I've been very impressed with Windows SharePoint Services 3.0 ever since I had access to it as a Beta, especially with the included Blog and Wiki capability, then with the release of the Application Templates.

The only annoying thing I've found with it is the lack of search support for Office 2007 document formats, without consuming an Office 2007 license on the server, as suggested in Knowledge Base article 944433.

Well, no more! Microsoft have finally released the Microsoft Filter Pack - a set of standalone IFilters for the following file formats: .docx, .docm, .pptx, .pptm, .xlsx, .xlsm, .xlsb, .zip, .one, .vdx, .vsd, .vss, .vst, .vdx, .vsx, and .vtx.

There is a slight catch however. You have to munge with the registry as per Knowledge Base article 946338. I needed to roll this out over a number of servers, so the manual process didn't suit me. I sat down and whipped up the following script:

@echo off
setlocal enabledelayedexpansion
set mv=0
net stop spsearch
for /f "skip=3 delims==" %%i in ('reg query "HKLM\SOFTWARE\Microsoft\Shared Tools\Web Server Extensions\12.0\Search\Applications"') do set rk=%%i
for /f %%k in ('reg query "%rk%\Gather\Search\Extensions\ExtensionList" ^| findstr /b /v HKEY') do if !mv! lss %%k set mv=%%k
reg query "%rk%\Gather\Search\Extensions\ExtensionList" /f "docm" /d /e >nul
if errorlevel 1 (
set /a mv+=1
reg add "%rk%\Gather\Search\Extensions\ExtensionList" /v !mv! /t REG_SZ /d docm
)
reg query "%rk%\Gather\Search\Extensions\ExtensionList" /f "docx" /d /e >nul
if errorlevel 1 (
set /a mv+=1
reg add "%rk%\Gather\Search\Extensions\ExtensionList" /v !mv! /t REG_SZ /d docx
)
reg query "%rk%\Gather\Search\Extensions\ExtensionList" /f "one" /d /e >nul
if errorlevel 1 (
set /a mv+=1
reg add "%rk%\Gather\Search\Extensions\ExtensionList" /v !mv! /t REG_SZ /d one
)
reg query "%rk%\Gather\Search\Extensions\ExtensionList" /f "pptm" /d /e >nul
if errorlevel 1 (
set /a mv+=1
reg add "%rk%\Gather\Search\Extensions\ExtensionList" /v !mv! /t REG_SZ /d pptm
)
reg query "%rk%\Gather\Search\Extensions\ExtensionList" /f "pptx" /d /e >nul
if errorlevel 1 (
set /a mv+=1
reg add "%rk%\Gather\Search\Extensions\ExtensionList" /v !mv! /t REG_SZ /d pptx
)
reg query "%rk%\Gather\Search\Extensions\ExtensionList" /f "vdx" /d /e >nul
if errorlevel 1 (
set /a mv+=1
reg add "%rk%\Gather\Search\Extensions\ExtensionList" /v !mv! /t REG_SZ /d vdx
)
reg query "%rk%\Gather\Search\Extensions\ExtensionList" /f "vsd" /d /e >nul
if errorlevel 1 (
set /a mv+=1
reg add "%rk%\Gather\Search\Extensions\ExtensionList" /v !mv! /t REG_SZ /d vsd
)
reg query "%rk%\Gather\Search\Extensions\ExtensionList" /f "vss" /d /e >nul
if errorlevel 1 (
set /a mv+=1
reg add "%rk%\Gather\Search\Extensions\ExtensionList" /v !mv! /t REG_SZ /d vss
)
reg query "%rk%\Gather\Search\Extensions\ExtensionList" /f "vst" /d /e >nul
if errorlevel 1 (
set /a mv+=1
reg add "%rk%\Gather\Search\Extensions\ExtensionList" /v !mv! /t REG_SZ /d vst
)
reg query "%rk%\Gather\Search\Extensions\ExtensionList" /f "vsx" /d /e >nul
if errorlevel 1 (
set /a mv+=1
reg add "%rk%\Gather\Search\Extensions\ExtensionList" /v !mv! /t REG_SZ /d vsx
)
reg query "%rk%\Gather\Search\Extensions\ExtensionList" /f "vtx" /d /e >nul
if errorlevel 1 (
set /a mv+=1
reg add "%rk%\Gather\Search\Extensions\ExtensionList" /v !mv! /t REG_SZ /d vtx
)
reg query "%rk%\Gather\Search\Extensions\ExtensionList" /f "xlsb" /d /e >nul
if errorlevel 1 (
set /a mv+=1
reg add "%rk%\Gather\Search\Extensions\ExtensionList" /v !mv! /t REG_SZ /d xlsb
)
reg query "%rk%\Gather\Search\Extensions\ExtensionList" /f "xlsm" /d /e >nul
if errorlevel 1 (
set /a mv+=1
reg add "%rk%\Gather\Search\Extensions\ExtensionList" /v !mv! /t REG_SZ /d xlsm
)
reg query "%rk%\Gather\Search\Extensions\ExtensionList" /f "xlsx" /d /e >nul
if errorlevel 1 (
set /a mv+=1
reg add "%rk%\Gather\Search\Extensions\ExtensionList" /v !mv! /t REG_SZ /d xlsx
)
reg query "%rk%\Gather\Search\Extensions\ExtensionList" /f "zip" /d /e >nul
if errorlevel 1 (
set /a mv+=1
reg add "%rk%\Gather\Search\Extensions\ExtensionList" /v !mv! /t REG_SZ /d zip
)
reg add "HKLM\SOFTWARE\Microsoft\Shared Tools\Web Server Extensions\12.0\Search\Setup\ContentIndexCommon\Filters\Extension\.docm" /ve /t REG_MULTI_SZ /d "{5A98B233-3C59-4B31-944C-0E560D85E6C3}" /f
reg add "HKLM\SOFTWARE\Microsoft\Shared Tools\Web Server Extensions\12.0\Search\Setup\ContentIndexCommon\Filters\Extension\.docx" /ve /t REG_MULTI_SZ /d "{5A98B233-3C59-4B31-944C-0E560D85E6C3}" /f
reg add "HKLM\SOFTWARE\Microsoft\Shared Tools\Web Server Extensions\12.0\Search\Setup\ContentIndexCommon\Filters\Extension\.one" /ve /t REG_MULTI_SZ /d "{89BCB740-6119-101A-BCB7-00DD010655AF}" /f
reg add "HKLM\SOFTWARE\Microsoft\Shared Tools\Web Server Extensions\12.0\Search\Setup\ContentIndexCommon\Filters\Extension\.pptm" /ve /t REG_MULTI_SZ /d "{DDFE337F-4987-4EC8-BDE3-133FA63D5D85}" /f
reg add "HKLM\SOFTWARE\Microsoft\Shared Tools\Web Server Extensions\12.0\Search\Setup\ContentIndexCommon\Filters\Extension\.pptx" /ve /t REG_MULTI_SZ /d "{DDFE337F-4987-4EC8-BDE3-133FA63D5D85}" /f
reg add "HKLM\SOFTWARE\Microsoft\Shared Tools\Web Server Extensions\12.0\Search\Setup\ContentIndexCommon\Filters\Extension\.vdx" /ve /t REG_MULTI_SZ /d "{FAEA5B46-761B-400E-B53E-E805A97A543E}" /f
reg add "HKLM\SOFTWARE\Microsoft\Shared Tools\Web Server Extensions\12.0\Search\Setup\ContentIndexCommon\Filters\Extension\.vsd" /ve /t REG_MULTI_SZ /d "{FAEA5B46-761B-400E-B53E-E805A97A543E}" /f
reg add "HKLM\SOFTWARE\Microsoft\Shared Tools\Web Server Extensions\12.0\Search\Setup\ContentIndexCommon\Filters\Extension\.vss" /ve /t REG_MULTI_SZ /d "{FAEA5B46-761B-400E-B53E-E805A97A543E}" /f
reg add "HKLM\SOFTWARE\Microsoft\Shared Tools\Web Server Extensions\12.0\Search\Setup\ContentIndexCommon\Filters\Extension\.vst" /ve /t REG_MULTI_SZ /d "{FAEA5B46-761B-400E-B53E-E805A97A543E}" /f
reg add "HKLM\SOFTWARE\Microsoft\Shared Tools\Web Server Extensions\12.0\Search\Setup\ContentIndexCommon\Filters\Extension\.vsx" /ve /t REG_MULTI_SZ /d "{FAEA5B46-761B-400E-B53E-E805A97A543E}" /f
reg add "HKLM\SOFTWARE\Microsoft\Shared Tools\Web Server Extensions\12.0\Search\Setup\ContentIndexCommon\Filters\Extension\.vtx" /ve /t REG_MULTI_SZ /d "{FAEA5B46-761B-400E-B53E-E805A97A543E}" /f
reg add "HKLM\SOFTWARE\Microsoft\Shared Tools\Web Server Extensions\12.0\Search\Setup\ContentIndexCommon\Filters\Extension\.xlsb" /ve /t REG_MULTI_SZ /d "{312AB530-ECC9-496E-AE0E-C9E6C5392499}" /f
reg add "HKLM\SOFTWARE\Microsoft\Shared Tools\Web Server Extensions\12.0\Search\Setup\ContentIndexCommon\Filters\Extension\.xlsm" /ve /t REG_MULTI_SZ /d "{F90DFE0C-CBDF-41FF-8598-EDD8F222A2C8}" /f
reg add "HKLM\SOFTWARE\Microsoft\Shared Tools\Web Server Extensions\12.0\Search\Setup\ContentIndexCommon\Filters\Extension\.xlsx" /ve /t REG_MULTI_SZ /d "{F90DFE0C-CBDF-41FF-8598-EDD8F222A2C8}" /f
reg add "HKLM\SOFTWARE\Microsoft\Shared Tools\Web Server Extensions\12.0\Search\Setup\ContentIndexCommon\Filters\Extension\.zip" /ve /t REG_MULTI_SZ /d "{20E823C2-62F3-4638-96BD-90F4F6784EBC}" /f
net start spsearch
stsadm -o spsearch -action fullcrawlstart

I put this into a file called register-ifilters.cmd and ran it after installing the Filter Pack on my WSS 3.0 boxes. It's not a fantastic script, but it does the job.

Please note that if you've got a lot of documents in your WSS 3.0 content databases, then you may want to schedule the fullcrawlstart command at a later stage, rather than run it as part of the IFilter registration.

Using Windows Server 2008 as a Desktop OS - Installing Windows Live Writer

I'm using Windows Server 2008 as my primary desktop OS, for which I'll be blogging on over the coming weeks as I encounter non-obvious problems. I'll also cover my installation experiences which might help out others who wish to do the same.

The recent problem I had is that I saw the Windows Live suite of applications come out of Beta and I wanted to try them out. OK, up to the Microsoft Downloads site for the Windows Live category and download Windows Live Writer to use it on my Blogger account.

I download WLinstaller.exe, run it and I'm immediately presented with the following unhelpful error:

Hmmm, no Windows Live Writer for my Terminal Servers then.

Undeterred, I download and install Windows Live Writer on a spare Windows XP machine, open up regedit and navigate to HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstaller and go browsing for Windows Live Writer. Within a couple of minutes I find the entry and also find that it has cached the MSI to:

C:\Program Files\Common Files\WindowsLiveInstaller\MsiSources\Install_{9176251A-4CC1-4DDB-B343-B487195EB397}.msi

So I copy this file to my Windows Server 2008 laptop, expecting to have to modify it with Orca. What the heck, I'll try running it first. And it installs without problem. And I'm using it just fine, as this blog article is written using it.

I'll try the same trick with the other Windows Live programs and write up my findings accordingly.

The Dangers Of a Public Display Terminal System

So I'm at Sydney Domestic Airport train station waiting for a train to Circular Quay when I noticed that one of the displays was waiting patiently at a Windows 95-like login screen.

During my wait, a tech logged into the system (which was actually a Windows NT4 Workstation) as a domain administrator and proceeded to fix the workstation.

At one point during the remediation, the tech had entered the domain administrator's password in clear text! (The AutoAdminLogon stage from memory) In addition to this, the tech was browsing the network list and accessing various network shares to resolve the problem at hand.

Thankfully this was on only one set of displays and not all the displays in the station, so at least there's some redundancy in the displays. Unfortunately I have no idea of the technical skills nor the ethics of the people around me who were amused by this diversion.

So now I have the domain administrator's password for one of CityRail's domains, a list of domains/workgroups in their network and a list of PCs in one of their domains.

This information was reported to station staff at Circular Quay, but they weren't really interested, didn't see it as a security problem and said that their IT staff knew what they were doing. A quick browse of their Web site gave a 1800 number, which was answered by a staff member who did understand the security implications, so hopefully the domain administrator password has been changed

A large scale deployment of PDTs like this should be deployed using an automated deployment system (which is probably done in CityRail's case) and any remediation should be performed by a rebuild from either network or local unattended install media (which doesn't seem to be the case here). At the very least, the public displays should be disabled to prevent sensitive information leakage.

If you have PDTs in place, please make sure you have some good policies and procedures in place to prevent this embarrassing type of situation.

Recovering Public Folder Items Easily in Exchange Server 2003

I occasionally get requests from clients and colleagues asking me to recover Public Folder items from Exchange Server 2003.

Thankfully for me I performed the ultimate fubar while performing a test migration from NT4.0 + Exchange 5.5 to SBS 2003 Premium back when SBS 2003 first came out. That's right, I managed to blow away the majority of the Public Folder store in one fell swoop, simply because I wasn't following my own instructions properly and wasn't used to the new Exchange System Manager interface.

Thankfully, I had just been getting familiar with the new capabilities of Outlook Web Access and had used the Recover Deleted Items feature to get familiar with it and to be able to instruct clients on how to use it.

I didn't really want to have to spend the time re-copying the Public Folder store from the Exchange 5.5 install, so I looked for the Public Folder equivalent of the Recover Deleted Items feature for the mailbox. It appeared to be missing. Or was it?

I had noticed that the Recover Deleted Items window had essentially opened the Deleted Items folder in the mailbox and had set a URL variable. The variable and its setting was:

cmd=showdeleted

Being the lazy kind of guy I am - as well as being inquisitive - I thought I would give some link hacking a try. I opened up the Public Folders link, navigated to the parent folder of the folder I deleted, right-clicked on the parent folder and selected Open in new... This opened the folder in a new window. The URL of this folder was of the form:

https://server/public/Public%20Folder/?Cmd=contents

I then replaced contents with showdeleted. The URL then looked like:

https://server/public/Public%20Folder/?Cmd=showdeleted

Ta da! The folder I trashed was now visible and capable of being recovered, which saved me additional copying time. Sometimes screwing up a test environment is a great way to learn a new, lazy technique :-)

Microsoft Action Pack, New Assessment Criteria and New Special Edition Toolkits

As a Microsoft Registered Partner, I'm able to utilise the fantastic Microsoft Action Pack Subscription. This enables me to run my business on the same technologies I recommend to my clients, as well as evaluate and prepare for new and upcoming technologies. Combined with my TechNet Plus subscription, I'm able to evaluate a wide range of Microsoft technologies cost effectively. Virtualisation also enables me to test networks larger than my physical network.

Recently Microsoft introduced an assessment requirement to gain access to the Action Pack. This assessment requires partners to take an e-Learning course and then pass its associated assessment with a minimum score of 70%. This assessment must be passed every two years to receive uninterrupted Action Pack Subscription updates (see Eric Ligman's blog post on Action Pack Downgrade Rights for the best reason to not have your subscription lapse). The recommended courses are:

• Selling Microsoft Windows® Small Business Server 2003
  
• Implementing, Managing and Deploying Applications in Windows Server 2003
  
• Designing, Deploying and Managing a Network Solution for the Small and Medium-size Business
  
• Selling Microsoft Solutions to Small Business
  
• Implementing Microsoft Solution Accelerators for Small Business
  
• Introduction to Selling SQL Server 2005
  
• SQL Server 2005: Essentials for Sales Professionals
  
• Volume Licensing for Small and Medium Businesses
  
• Small Business Sales and Marketing Assessment (Small Business Specialist Requirement)

All but the Small Business Sales and Marketing Assessment (SBSMA) are Online Tutorials. The SBSMA is classed as an Assessment and as mentioned above is a pre-requisite to become a Small Business Specialist.

Microsoft also introduced two Special Edition Kits to the Action Pack. These are the Web Solutions Toolkit and the Small Business Specialist Toolkit. Both of these toolkits require additional assessment to be performed prior to issuance.

The Web Solutions Toolkit requires one of the following e-Learning courses to be passed with a minimum score of 70%

• Microsoft .NET Assessment
  
• Microsoft Expression Assessment
  
• Microsoft Office Live Developer Assessment

I completed the Microsoft Expression Assessment quite easily, as I had recently used Expression Web to build my Web site and have been playing with both the Expression Design and Blend CTPs over the last few months.

The Small Business Specialist Toolkit requires that you have completed the requirements to become a Small Business Specialist. The full details can be found here. The short form of this is:

• Become a Microsoft Partner
  
• Pass the Small Business Sales and Marketing Assessment
  
• Pass one of the following exams:
  
  • Microsoft Exam 70-282 - Designing, Deploying, and Managing a Network Solution for Small and Medium-Sized Business
    
  • Microsoft Exam 70-631 - Configuring Windows SharePoint Services 3.0
    
  • Microsoft Exam 74-134 - Pre-installing Microsoft Products Using the OEM Pre-installation Kit

Both of these Special Edition Kits will be refreshed biannually.
Another good reason to perform e-Learning and become certified!