Wednesday, October 30, 2013

Reset 30 Day Grace Timer for Windows XP/Windows Server 2003

I had to do this today as part of recovering a system from hardware failure. This won't be the last time I'll have to do this, so documented for the next time...

rundll32.exe syssetup,SetupOobeBnk

iOS 3CXPhone Settings for Internode

This is the 3CXPhone profile settings on my wife’s iPhone 4S to connect to her Internode NodePhone account (so I don’t forget it for next time):

  • Name: Internode
  • Display: Internode
  • Username: <NodePhone number>
  • ID: <NodePhone number>
  • Password: <NodePhone password>
  • Internal PBX Address: 203.2.134.1
  • External PBX Address: 203.2.134.1

Monday, May 06, 2013

Microsoft Online Speed Test Alternative

I keep forgetting this, but the old Microsoft Online Speed Test tool that was at http://speedtest.microsoftonline.com/ is no longer active.
The alternative tool to use is the Office365 Lync Online Transport Reliability IP Probe (TRIPP) tool, located here:
This tool performs the same set of tests that the now defunct Speed Test tool did. Oh, and Java is required to run the tests, so make sure your Java install is up-to-date with the Web plugin enabled.

Monday, February 04, 2013

Can’t Start Hyper-V VMs with Event ID 12140, 12010 and 12030

Had a few Hyper-V host systems today that after rebooting failed to restart the VMs that were set to auto-restart. No updates had been installed – the reboots were due to power environment changes.

Attempting to restart them from Hyper-V Manager simply resulted in the VM status quickly changing from Off to Starting then back to Off.

Digging though the Event Logs (Applications and Service Logs | Microsoft | Windows | Hyper-V-Worker | Admin) resulted in this:

Log Name:      Microsoft-Windows-Hyper-V-Worker-Admin
Source:        Microsoft-Windows-Hyper-V-Worker
Date:          4/02/2013 1:42:57 PM
Event ID:      12140
Description:
'hyper-vm1': Failed to open attachment 'E:\hyper-v\VHDs\hyper-vm1.vhd'. Error: 'A device attached to the system is not functioning.' (0x8007001F). (Virtual machine ID 9F3157AA-4875-45C5-BAE4-3D7D5C432B8A)

Log Name:      Microsoft-Windows-Hyper-V-Worker-Admin
Source:        Microsoft-Windows-Hyper-V-Worker
Date:          4/02/2013 1:42:57 PM
Event ID:      12010
Description:
'hyper-vm1' Microsoft Emulated IDE Controller (Instance ID {83F8638B-8DCA-4152-9EDA-2CA8B33039B4}): Failed to Power on with Error 'A device attached to the system is not functioning.' (0x8007001F). (Virtual machine ID 9F3157AA-4875-45C5-BAE4-3D7D5C432B8A)

Log Name:      Microsoft-Windows-Hyper-V-Worker-Admin
Source:        Microsoft-Windows-Hyper-V-Worker
Date:          4/02/2013 1:42:57 PM
Event ID:      12030
Description:
'hyper-vm1' failed to start. (Virtual machine ID 9F3157AA-4875-45C5-BAE4-3D7D5C432B8A)

And this one from Hyper-V-VMMS/Admin (Applications and Service Logs | Microsoft | Windows | Hyper-V-VMMS | Admin):

Log Name:      Microsoft-Windows-Hyper-V-VMMS-Admin
Source:        Microsoft-Windows-Hyper-V-VMMS
Date:          4/02/2013 1:37:05 PM
Event ID:      14098
Description:
'Storage Virtualization Service Provider' driver required by the Virtual Machine Management service is not installed or is disabled. Check your settings or try reinstalling the Hyper-V role.

It was this second one that helped me track down the problem. I subsequently found Microsoft Knowledgebase Article 2013544 which listed a similar scenario and recommended changing the FSDepends driver from Manual start to Boot start as follows:

  • Start Registry Editor
  • Navigate to the following registry key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\FsDepends
  • Under the FsDepends key, change REG_DWORD value “Start” from 3 to 0
  • Restart the server

The reason is supposedly due to a timing issue between FSDepends.sys (nested volume dependency management driver) and VHDMP.sys (VHD parser and dependency property provider driver), typically triggered by third party backup programs that load tape drivers. This wasn’t the case in my situation, but changing FsDepends from Manual start to Boot start ended up resolving my VM startup problem.

Friday, November 23, 2012

Installing .NET Framework 3.5 on Windows Server 2012 and Windows 8

If you're getting an installation error code of 0x800F0906 while trying to install .NET Framework 3.5 on a Windows 8 or Windows Server 2012 system, it's because the initial installation source isn't available and you're most likely using WSUS without an appropriate Group Policy Object to redirect to an alternate installation path.

There are a few ways of handling this - use the installation media and DISM to install it, set up a GPO to use Windows Update as an alternate installation path, or copy the WinSxS folder off the install media to a network share and configuring a GPO to use this share as an alternate installation path.

If you have the installation media and you need to only do this for a single PC, then the following command will work:

dism.exe /online /enable-feature /featurename:NetFX3 /Source:D:\sources\sxs

You may need to replace D: with the drive letter containing the installation media.

To configure a GPO to use Windows Update, open up Group Policy Management, create and edit a new GPO. Go to Computer Configuration, Policies, Administrative Templates, System. Open up "Specify settings for optional component installation and component repair", change the setting from Not Configured to Enabled and tick "Contact Windows Update directly to download repair content instead of Windows Server Update Services (WSUS)". Click OK, close the Group Policy Management Editor window and link the GPO to an appropriate container in AD, then run gpupdate /force on the affected computer.

If you want to configure a GPO to use a network share, copy the \sources\sxs folder from either a Windows 8 or Windows Server 2012 DVD/ISO to an appropriate location on a server (e.g. \\server\install\win8sxs), then create and edit a new GPO as outlined above. Instead of enabling the WSUS option though, put the network path to the SxS folder in the field for "Alternate source file path".

Microsoft also have a knowledge base article on this here - Error codes when you try to install the .NET Framework 3.5 in Windows 8 or in Windows Server 2012

Tuesday, October 23, 2012

Microsoft Camera Codec Pack Update for Windows 8 and Windows 8 RT – Woot!

Microsoft have released an update for Windows 8 and Windows 8 RT that provides support for device-specific RAW formats, allowing you to preview these files in Explorer as well as display them in any program that uses the Windows Imaging Codecs.

The Microsoft Camera Codec Pack provides support for the following device formats:

  • Canon: Digital Rebel XT, Digital Rebel XTi, EOS 10D, EOS 20D, EOS 30D, EOS 40D, EOS 50D Digital, EOS 60D, EOS 300D, EOS 350D, EOS 400D, EOS 450D, EOS 500D, EOS 550D, EOS 600D, EOS 1000D, EOS 1100D, EOS 5D, EOS 5D Mark II, EOS 5D Mark III, EOS 7D Digital, EOS D30, EOS D60, EOS Digital Rebel, EOS Kiss Digital, EOS Kiss Digital N, EOS Kiss Digital X, EOS Kiss F, EOS Kiss X2, EOS Kiss X3, EOS Kiss X4, EOS Kiss X5, EOS Kiss X50, EOS Rebel T1i, EOS Rebel T2i, EOS Rebel T3, EOS Rebel T3i, EOS Rebel XS, EOS Rebel XSi, EOS-1D, EOS-1D Mark II, EOS-1D Mark II N, EOS-1D Mark III, EOS-1D Mark IV, EOS-1Ds, EOS-1Ds Mark II, EOS-1Ds Mark III, PowerShot G2, PowerShot G3, PowerShot G5, PowerShot G6, PowerShot G9, PowerShot G10, PowerShot G11, PowerShot Pro1, PowerShot S90, PowerShot S95, PowerShot SX1 IS
  • Nikon: 1 J1, 1 V1, Coolpix P6000, D1H, D2H, D2Hs, D2X, D2Xs, D3, D3s, D3X, D4, D40, D40x, D50, D60, D70, D70s, D80, D90, D100, D200, D300, D300s, D700, D800, D800E, D3000, D3100, D3200, D5000, D5100, D7000
  • Sony: DSLR-A100, DSLR-A200, DSLR-A230, DSLR-A300, DSLR-A330, DSLR-A350, DSLR-A380, DSLR-A500, DSLR-A550, DSLR-A560, DSLR-A580, DSLR-A700, DSLR-A850, DSLR-A900, Alpha NEX-3, Alpha NEX-5, Alpha NEX-5N, Alpha SLT-A55/A55V, Cyber-shot DSC-R1
  • Olympus: C-7070 Wide Zoom, C-8080 Wide Zoom, E-1, E-3, E-10, E-20, E-30, E-420, E-450, E-520, E-620, EVOLT E-300, EVOLT E-330, EVOLT E-400, EVOLT E-410, EVOLT E-500, EVOLT E-510, PEN E-P1, PEN E-P2, PEN E-PL1
  • Pentax (PEF formats only): *ist D, *ist DL, *ist DS, K10D, K20D, K100D, K100D Super, K110D, K200D, K-5, K-7, K-r, K-x
  • Leica: DIGILUX 3, D-LUX 4, M8, M8.2, M9
  • Konica Minolta: ALPHA-7 DIGITAL, DiMAGE A1, DiMAGE A2, DYNAX 7D, Maxxum 7D
  • Epson: R-D1
  • Panasonic: Lumix DMC-G1, Lumix DMC-GH1, Lumix DMC-GF1, Lumix DMC-LX3, Lumix DMC-LX5
  • Casio: EX-FH20
  • Kodak: EasyShare Z981, EasyShare Z1015 IS
  • Samsung: NX11

The update can be downloaded from here:

An update that adds Microsoft Camera Codec Pack support to Windows 8 and Windows RT is available

Monday, August 13, 2012

Hyper-V Integration Components for FreeBSD – Patchfiles

Call me old fashioned, but I’d much prefer a patchset than having to install a version control package and suck down a source code check out. So please find a patchset for the Hyper-V integration components for the following versions of FreeBSD:

FreeBSD 8.2 Hyper-V Integration Components Patchset

FreeBSD 8.3 Hyper-V Integration Components Patchset

FreeBSD 9.0 Hyper-V Integration Components Patchset

FreeBSD 9.1-BETA1 Hyper-V Integration Components Patchset

Download the patchset, then issue:

patch –p –d /usr/src < <patchsetfile>

to patch the source tree, followed by:

cd /usr/src; make kernel KERNCONF=HYPERV_VM INSTKERNNAME=kernel.HYPERV

to install the Hyper-V enabled kernel to /boot/kernel.HYPERV.

Before booting to the Hyper-V enabled kernel it’s best to use GEOM labels to mount the partitions. Follow the instructions here to do this. This makes it easy for you to quickly swap between a Hyper-V enabled kernel and a non-Hyper-V enabled kernel – the reason being the Fast IDE storage driver presents itself as a SCSI driver, changing the device node path which prevents /etc/fstab from working correctly.

It’s worth noting that although I’ve fixed the modules from compiling (compared with the git clone source I pulled down), loading them from a non-Hyper-V enabled kernel will cause a kernel panic. So you need the integration components compiled into the kernel via the HYPERV kernel option.

The other problem I’ve found is that the network driver mostly works for UDP traffic, but regularly stalls on TCP traffic. Hadn’t had a chance to debug it yet.

Very happy with the increased disk performance, the ability to get heartbeat information and the ability to cleanly shut down the guests from the Hyper-V host. Looking forward to KVP communication and a working network driver.

Friday, August 10, 2012

Hyper-V Integration Components for FreeBSD 8.2 has landed!

The Microsoft Openness Blog has just announced that the github repository for FreeBSD 8.2 Hyper-V integration components is now live! This is currently a public beta for evaluation purposes only, so expect some rough edges still.

Instructions for compiling the source code and installing the drivers can be found here. There’s also a mailing list for suggestions and code improvement.

This gives us heartbeat, time sync, shutdown and accelerated network, IDE and SCSI drivers for FreeBSD 8.2 on Hyper-V Server 2008 R2 and Windows Server 2008 R2 with the Hyper-V role. It’s a pity that this won’t land in time for inclusion into FreeBSD 9.1, but it would be good to see it hit –current and –stable in time for any subsequent releases.

Guess what I’m doing over the weekend? :-)

Tuesday, July 31, 2012

Agentless Bandwidth Testing on Windows

I needed BWping and HTTPing running on Windows for bandwidth and latency testing of some 3G WAN tails so I compiled them using Cygwin. They can be found here and here respectively.

I find QCheck to be a nice tool for bandwidth testing on Windows systems, but it does require a Windows system either side of the link you’re testing.

Monday, July 16, 2012

Null Routes on Windows 7

Null routes are a useful way to quickly discard packets from an unwanted address or network, especially when you’ve not got immediate or any access to the upstream/gateway router.

I had a client PC that was being hammered over a port forward from a router I had no administrative control. I logged a support request for the upstream router, but rather than wait two days to chase up the request, I added a null route to the client PC.

Typically I add a route to a non-existent IP on the network, but the upstream router was intercepting the ARP requests for the non-existent IP and forwarding on the packet.

I then tried adding a route for the host to point to the loopback address (127.0.0.1), but got a “The route addition failed: The parameter is incorrect” error. Helpful.

After trial and error I got the null route working by specifying the current default gateway address and the software loopback interface like this:

route  -p add <IP address> mask 255.255.255.2555 <gateway address> if 1

You may need to use route print to check to see that the interface number for the loopback interface is 1. If the number isn’t 1, then use that number instead of 1 above.

If you’re looking at null routing for sshd/OpenSSH/RDP, then have a look at the ServerFault entries here and here.

Tuesday, June 12, 2012

Recovering from WinRM Authentication Lockout

If like me you’re silly enough to lock yourself out of WinRM by removing Kerberos and Negotiate authentication from the WinRM client, you’ll find it a bit difficult to reset the WinRM configuration, because WinRM uses itself to modify the configuration and reset itself (winrm invoke restore).

I wasn’t particularly interested in performing a restore on my laptop, so I went hunting for the registry location for WinRM’s client configuration. The best TechNet could provide me with was “The configuration information is stored in the registry” which is pretty crap, even by Microsoft’s standards.

Resorting to a registry search – thankfully I had added the remote end to the TrustedHosts list – I came up with the registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Client

Setting auth_kerberos and auth_negotiate to 1

Setting auth_kerberos and auth_negotiate to 1

and restarting the Windows Remote Management (WS-Management) service got me up and going again.

Thursday, December 22, 2011

Useful Network Connectivity Tool

Off the back of my previous Windows Server Developer Preview problem I also came across the Microsoft Internet Connectivity Evaluation Tool. Quite useful for determining the NAT capability, ECN capability, TCP throughput, UPnP capability and multiple connection capability of your router.

Windows Server 8 Developer Preview - Networking Problem

So I fired up a copy on a spare whitebox only to find HTTP and SMB outbound traffic timing out. Bizarrely ping and traceroute were working, so ICMP and UDP were working, as was inbound SMB connections – just not outbound. Did the usual tricks – upgrade network drivers, disabled NIC-based offloading and modified the usual suspects via netsh (Task Offload, Chimney Offload, RWIN tuning) to no avail.

It this point I compared the ‘netsh int tcp show global’ and ‘netsh int ip show global’ outputs with the defaults from a Windows Server 2008 R2 box and noticed that ‘ECN Capability’ in the TCP Global Parameters for Windows Server 8 Developer Preview was Enabled. I set this to disabled using:

netsh int tcp set global ecn=disabled

and outbound connectivity was established.

Friday, September 02, 2011

Thursday, September 01, 2011

Broken Images on Blog :-(

I've broken all but one image reference on the blog :-( Please be patient with me while I resurrect them - somehow Windows Live Writer can open the blog post entries with the images intact. Frakking Picasa albums!

Wednesday, August 24, 2011

Windows DHCP Server – MMC Console Icons Reference

The DHCP Server MMC Snap-in annoyingly doesn’t have a legend for what the icons mean. Every time I debug a DHCP Server-related issue I’ve forgotten what the icons mean from the last time I’ve done it.

Here are the references up on TechNet:

DHCP console icons reference - Windows Server 2003, 2008

DHCP console icons reference - updated for Win2008 R2

Emulating %LOGONSERVER% For Computer Startup Scripts

%LOGONSERVER% is a useful environment variable to use in logon scripts to see which DC has serviced your request and can be handy to reference if you want to access additional files/shares on the DC. Unfortunately this environment variable is only accessible after logon and isn’t useful for computer startup scripts.

When I need to access the DC that’s providing me with GPOs during a computer startup script I emulate %LOGONSERVER% with the following code:

for /f "tokens=1 delims=\" %%i in ('@echo %0') do set DOMCTLR=\\%%i

%DOMCTLR% can now be used in the same way that
%LOGONSERVER% is used.

Monday, August 22, 2011

Workarounds For When “Add Virtual Hard Disk Wizard” Fails (Which Seems To Be All The Time…)

Adding new fixed sized VHDs using the Add Virtual Hard Disk Wizard in the Hyper-V console for some reason has stopped working for me on just about all my installs, with no errors logged. The VHD is created, but the progress slider bar never progresses and it will sit there, forever. It’s got to the point where I don’t use it and haven’t the time to debug the underlying cause.

A GUI-friendly way to work around this problem is to point Computer Management at the Hyper-V host and use Disk Management to Create the VHD.

Another way of doing this quickly is by using VHD Tool – although this doesn’t zero out the VHD and can leak information from the Hyper-V host and previous virtual machine’s disks into the newly created VHD. It is a great tool for lab work though.

Diskpart can also be used to create the VHD from the command line on the Hyper-V host. The command to do this is:

create vdisk file=”d:\path\to\file.vhd” maximum=<size in MB> type=fixed

UPDATE: So apparently I'm getting this error on networks where the domain controllers are still running Windows Server 2003 and an authoritative restore of Active Directory has been performed. The fix for this is to install MSKB 939820 on all the Windows Server 2003-based domain controllers in the affected domain. Interestingly I only found this trying to resolve a System Center Essentials 2010 installation.

Thursday, August 18, 2011

Navigating Remote Symlinks on a Windows Server from a Windows Client (or, Poor Man’s DFS Links Without DFS Installed)

I set up a bunch of symlinks in a share on a Windows Server 2008 R2 install, pointing to a range of different UNC paths. My testing on the server showed that the symlink traversal was working fine, but on a Windows 7 install I was getting the following error:

“The symbolic link cannot be followed because its type is disabled.”

Odd error. After much mucking about I found that the fsutil command is used to control this behaviour. The following command was used to display the current symlink evaluation methods:

fsutil behavior query SymlinkEvaluation

which resulted in the following:

Local to local symbolic links are enabled.
Local to remote symbolic links are enabled.
Remote to local symbolic links are disabled.
Remote to remote symbolic links are disabled.

Bingo. The Remote to Local evaluation mode is disabled, which is causing the error. Local to Remote evaluation mode is enabled, which is why the symlink traversal was working on the server. I verified that the problem was resolved by issuing the following command on the Windows 7 install:

fsutil behavior set SymlinkEvaluation L2L:1 L2R:1 R2R:1 R2L:1

Excellent, the symlinks are now followed without error. Finally I rolled out the above change via Group Policy. The four modes can be controlled by using Group Policy Editor and navigating to Computer Configuration > Administrative Templates > System > Filesystem and configuring "Selectively allow the evaluation of a symbolic link".

Outsourced Authentication – Smart or Dumb?

A couple of months ago I closed my Facebook account, partly because of the continual privacy abuse by Facebook, but mostly because of what I thought was poor tooling for managing my social graph and timeline.

Since that point I’ve noticed more and more companies outsourcing their authentication mechanism to Facebook. Smart or dumb? Smart, because you’ve offloaded a password database that you can’t lose or have compromised, although you still have a client database that can. Dumb, because you’ve lost a prospect or customer like me.

If you’re going to outsource authentication it might be an idea to use OpenID instead. OpenID Explained is a good site to understand how OpenID operates. It’s worth noting that most of the major Web players are already OpenID Providers. If you don’t have an existing account with an OpenID Provider, then MyOpenID is a good place to start.

Friday, August 12, 2011

Office 2010 SP1 Is Death For Access Developers

My talented wife started complaining last week that Microsoft Access started continually crashing trying to open databases after performing some design modification.

Some cursory debugging wasn’t providing consistent bugchecks, so rather than putting more effort into understanding the symptom I then looked for a cause. Design edits were working the week before the crashes so I then looked at updates. Office 2010 SP1 had been installed during that time, so I uninstalled SP1 and tried again. Bingo, database editing no longer resulted in Access crashes.

If Access databases are suddenly crashing on you for no reason, check to see if Office 2010 SP1 is installed.

UPDATE: Microsoft fixed this with a hotfix described in MSKB 2553385.

Tuesday, August 09, 2011

FreeBSD 8.1, 8,2 and Hyper-V R2 SP1 Install Problem - Use Fixed Size VHDs

Just tried installing FreeBSD 8.1 and 8.2 virtual machines on a Windows Server 2008 R2 Core install with the Hyper-V role installed and with SP1 applied. newfs created the file systems just fine, but the distribution unpacking would cause random kernel panics, throwing ‘ufs_dirbad: bad dir ino XXX at offset XXX: mangled entry’ errors.

I’d created the VHDs as dynamically sized VHDs. I blew these away and created fixed size VHDs and attached them to the VMs. I’ve been repeatedly performing full distribution installs without error. I managed to find a Hyper-V R2 box without SP1 and couldn’t replicate the install problem with dynamically sized VHDs, so Microsoft have introduced a problem with SP1.

If you’re seeing disk-related problems with your UNIX/UNIX-like VMs on Hyper-V, check to see if you’re using dynamically sized VHDs and convert them to fixed size VHDs to see if this fixes the problem.

Monday, February 28, 2011

Running chkdsk on a Drive Allocated to Windows Server Backup

Occasionally I see Windows Server Backup throw odd errors pointing to problems with the disk allocated to Windows Server Backup, such as the bizarre “There is not enough space on the disk” – bizarre in that Windows Server Backup is supposed to automagically manage the disk space allocation and tidy up.

The normal course of action would be to run chkdsk /f on the drive, but the drive doesn’t have a drive letter allocated to it. Nor are you supposed to allocate a drive letter to it. The solution? Use the Volume GUID.

To find the Volume GUID, type in the following at an elevated Command Prompt:

mountvol

This will return the command syntax for the mountvol command, followed by the existing volumes and their mount points. We’re interested in the Volume GUID immediately above this line:

*** NO MOUNT POINTS ***

It will look something like this:

\\?\Volume{12345678-1234-5678-9abc-123456789abc}\

We now take this Volume GUID minus the trailing slash and feed it to chkdsk, like this:

chkdsk /f \\?\Volume{12345678-1234-5678-9abc-123456789abc}

This will then allow chkdsk to perform a consistency check and fix of the drive allocated to Windows Server Backup without needing to allocate a drive letter.

Wednesday, February 23, 2011

Cannot Install RSAT on Windows 7 with SP1

If you try and install Remote Server Administration Tools for Windows 7 on a Windows 7 PC with SP1 installed, you’ll get the following error: "The update is not applicable to your computer."

Either install RSAT prior to installing SP1 or wait until Remote Server Administration Tools for Windows 7 with SP1 is released in Spring 2011 (March-May for those of us who are Northern Hemisphere challenged).

Tuesday, February 01, 2011

IPocalypse Now + Resources to Learn IPv6

Happy IPocalypse Day – APNIC today were allocated the two remaining /8 networks from IANA. This means that all the free IP addresses have now been assigned to the various regional registrars and that the free pool of IPv4 addresses will be used up over the coming years (months?), which will make life interesting for hosting businesses. It’s probably a good idea to track the Potaroo blog if you’re interested in global IPv6 developments.


If you've got anything to do with the operations of a computer network or deal with hosting in any way now's the time to start learning about IPv6. Here are some useful links to Web sites and books to learn about IPv6:


Sites:
IPv6 Survival Guide - TechNet Wiki
Microsoft Internet Protocol Version 6 (IPv6) - TechNet
The Lazy Admin - IPv6 101–Part 1
The Lazy Admin - IPv6 101-Part 2
The Lazy Admin - IPv6 101-Part 3
The Lazy Admin - IPv6 101-Part 4


Books:
IPv6 Essentials, Second Edition (Silvia Hagen, O'Reilly Media)
IPv6 Network Administration (Niall Richard Murphy & David Malone, O'Reilly Media)
Understanding IPv6, Second Edition (Joseph Davies, Microsoft Press)


For those of you that dislike anything Microsoft please don't dismiss those links or books. Microsoft to their credit have been very proactive in the deployment and transition of IPv6 and have some excellent IPv6 resources. If you have any good IPv6 resources not listed above, please share them! I’ll update this post accordingly.

Saturday, December 04, 2010

Windows Home Server on Hyper-V – Resizing the Partition

Yes I know that Windows Home Server has Drive Extender. Yes I know that Drive Extender makes adding storage space easy and is a brilliant piece of technology. However I wanted my WHS install to have a resilient System disk and besides, I didn’t have a spare box for WHS. So I put it on my server running Hyper-V, but clearly didn’t give it enough disk space.

So here’s the process for adding more disk space to a virtualised WHS install:

  • Shut down the WHS virtual machine
  • Use the Edit Disk action to increase the capacity of the VHD file used by the WHS virtual machine
  • Start up the WHS virtual machine
  • Log in to the desktop on the WHS virtual machine
  • Run Command Prompt
  • Run diskpart
    • select disk 0
    • list partition
    • select partition 2 (assumes that you’re using one VHD file and you want to extend the single data partition to fill the unused disk space)
    • extend
    • exit

Yes I know you’re not supposed to do this. Yes I know you’re supposed to add additional disks (by adding another VHD file). But this works fine for me. YMMV, so take a backup first!

Compiling Firebird 1.5.x on FreeBSD 4.x Requires GCC 3.2

Note to self: when compiling 5+ year old code on a 5+ year old operating system, it helps to use a version of GCC that compiles the resultant code cleanly and more importantly in a portable manner.

GCC 3.3 has a broken libstdc++ that prevents static linking – you end up with unresolved symbols.

Both GCC 3.3 and GCC 3.4 will end up requiring dynamic linking of libstdc++ and libgcc_s – not helpful if you’re trying to be portable and don’t want to pollute a system with the gcc33 or gcc34 package.

Hopefully I’ve seen the last of this problem, but if I don’t write it down now it will only turn around and bite me in several years time

Wednesday, July 28, 2010

Resetting MMC User Preferences (Restoring Column Sort Orders)

One of the things that annoys me about MMC is the inability to remove column sort orders. In particular I like the default sort order for the DNS Manager snap-in, but once a column sort order has been applied there is no way inside the MMC console to remove column sort orders to revert to the default unsorted view.

The only way to restore the default view is to remove the customisation file for the MMC snap-in in question.

The MMC snap-in preferences files are located at:

%APPDATA%\Microsoft\MMC

Make sure the MMC snap-in is closed, then rename the snap-in preference file by adding a suffix like “-old”. Restart the MMC snap-in and it will be reset to its default settings.

Tuesday, June 15, 2010

When the PC BIOS Doesn’t Support Booting From CD-ROM

One of my clients had a bunch of older Pentium 4 PCs that they wanted configured as proxy servers for their branch offices.

My Open Source OS of choice is FreeBSD and I planned to use this along with squid as the proxy server.

So I downloaded and burnt a FreeBSD 7.2 ISO. I managed to install it successfully on two PCs, but the CD failed to boot on the other three. So I swapped the CD-ROM drive for a working one. Still no luck. I wasn’t particularly interested in performing a floppy/FTP install and getting the FreeBSD ISO booting from a USB thumb drive was a non-trivial exercise.

What I ended up doing was to use Smart Boot Manager. I used fdimage.exe from the Tools folder included with FreeBSD 4.8 to write out sbm.img to a floppy, then ensured the floppy in the recalcitrant PCs was working. Hey presto, one boot menu allowing me to boot off the CD!

Don’t Use An SMP Kernel When Virtualising FreeBSD 6.4 On VMWare ESX/ESXi

One of my clients has some FreeBSD 6.4 installs on hardware that is slowly dying and asked me to virtualise them onto an HP ProLiant ML350 G5.

The HP ProLiant had been running a Windows Server 2003 VM and a Windows Server 2008 VM on top of a Windows Server 2008 Core install with Hyper-V reliably, but these VMs were no longer in use and surplus to requirements.

I blew away the Windows Server 2008 Core install and installed VMWare ESXi 4.0 with the HP customisations. I then installed FreeBSD 6.4, copied across all the data from the physical install and proceeded to build the required ports.

This is where all the problems started. Random signal 11 crashes started occurring throughout this build process.

So I quickly created a new VM and installed FreeBSD 7.3 to it. Again, installation was no problem. Copied across all the data and successfully built all the ports. Only problem is the servers in question run an old Linux binary. This binary would start up successfully but would not accept any network data. Changing the linux_base port from the old RedHat 7.3 one to the current Fedora Core 4 one made no difference.

At this point I walked away and went to bed. By morning I had worked out what the problem was, so I went back to my FreeBSD 6.4 VM, reduced the number of vCPUs to 1 and swapped the SMP kernel for the GENERIC one. All ports then built successfully. The VM in question is now being stress tested for any problems prior to production use.

Moral of the story? Even though your virtualisation stack may support the Guest OS in question, it doesn’t mean that your Guest OS won’t necessarily have problems when virtualised. Perform burn-in/stress tests prior to production use.

The only reference I could find to related problems was on the FreeBSD-stable and FreeBSD-bugs mailing lists:

FreeBSD-stable: Failure to make world for RELENG_6_4

FreeBSD-bugs: misc/133264

Thursday, April 29, 2010

Installing a Wildcard Certificate Using SBS 2008 Console

I needed to install a wildcard certificate into an SBS 2008 install. After acquiring the wildcard certificate I installed it into the Certificate Store for the Computer Account, into the Personal Certificates as per the instructions found in “How do I import an existing trusted certificate?” – found by opening SBS 2008 Console, clicking on Network, then clicking on the Connectivity tab and then clicking on the Certificate entry under Web Server Certificate.


Once I’d done that, I launched the Add A Trusted Certificate wizard. Problem is it would only show the self-generated certificate for the SBS 2008 install and not the wildcard certificate.


I got to thinking that a setting somewhere was restricting it to the domain and RWW prefix set in the Internet Address Management wizard, so I went hunting and found a solution.


The workaround is to open up regedit and navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SmallBusinessServer\Networking.


In here you’ll find the two entries that dictate which certificates are displayed in the Add A Trusted Certificate Wizard – PublicFQDNPrefix and PublicFQDNProvider.


To get a wildcard certificate displayed in the wizard you’ll need to change PublicFQDNPrefix to *.



Make a note of the original value, as you’ll need to put it back once you’ve installed the wildcard certificate.


Now open up the SBS 2008 Console, click on Network, click on the Connectivity tab and run the Add A Trusted Certificate Wizard. You’ll now be able to see the wildcard certificate and install it.


Once you’ve successfully installed the certificate, go back to regedit and change PublicFQDNPrefix from * back to its original value.

Tuesday, April 13, 2010

Windows 7 Experience Index and VMWare Workstation 7.0

Here’s the WEI for my Lenovo ThinkPad T410 (Core i7-620M, 4GB DDR3 RAM, 128GB 2nd Gen Samsung SSD) running Windows 7 Ultimate with latest drivers from Lenovo and the latest laptopvideo2go.com Modded INF for NVidia’s latest WHQL drivers (197.16) – only installed due to the instabilities with Lenovo’s supplied 188.25 ones.

And here’s the WEI for a Windows 7 Pro VM running inside VMWare Workstation 7.0.

Yes, the VM is running Aero with transparency! Also interesting to note that the host must be performing some VMDK caching for the increased score on the hard drive performance.

With these figures I’m going to be spending more time inside VMs than on the host. I was quite stunned to see how well the Internet Explorer 9 Preview ran – in particular the speed tests - inside the VM.

Friday, March 05, 2010

Not A Good Look For A Computer Retailer


Seen at a store in Sydney as their main entry display. Shop name cropped to protect the guilty. Anyone want to buy a PC from here?

Monday, February 15, 2010

NVSPBind – A Command Line Utility For Managing Network Protocol Binding On Server Core Or Hyper-V Server Installs (About Time!)

I had a case a few months back where I’d determined that QoS was screwing over some network connectivity on a Server Core install. On a full install I’d simply use ncpl.cpl and remove the QoS Packet Scheduler binding from the adapter. Not so on the Core install. I had to resort to some registry hacking to disable the QoS Packet Scheduler to resolve my problem.

In my Inbox Zero efforts for my RSS feeds I came across this NVSPBind article on John Howard’s blog. Awesome! This will save some time in the future when enabling/disabling protocols.

Download links are here:

NVSPBind - http://code.msdn.microsoft.com/nvspbind

NVSPScrub - http://code.msdn.microsoft.com/nvspscrub

NVSPScrub helps restores your virtual networking configuration if you happen to screw it up with NVSPBind! :-)

Monday, November 02, 2009

Renewing a RapidSSL Certificate on SBS 2008

I’ve been quite happy using RapidSSL certificates on SBS 2003 boxes, as the RapidSSL root certificates are installed in the certificate store for Internet Explorer, and the certificate also works for Windows Mobile and Nokia smartphones.

However, I’m not so happy using them on SBS 2008, as RapidSSL is not supported by the Certificate Installation Wizard and the RapidSSL Certificate Request field doesn’t support 4096-bit encryption keys which is the default and unchangeable key length for renewing certificates in IIS 7.0.

So this is the foolproof way for me to use RapidSSL certificates on SBS 2008:

  1. Open up IIS Manager
  2. Select the IIS Server in the left-hand pane
  3. Double-click on Server Certificates in the middle pane
  4. Click Create Certificate Request in the right-hand pane
  5. Fill out the Distinguished Name Properties, ensuring that remote.companyname.com is used for the Common Name (replace companyname.com with your public domain name)
  6. Select 2048 for the Bit Length on the Cryptographic Service Provider Properties page
  7. Save the request as a .txt file somewhere
  8. Open the .txt file and copy and paste the certificate signing request into the RapidSSL renewal page
  9. Go through approval process to get your certificate in e-mail
  10. Copy the certificate out of e-mail and into a .cer file by using Notepad
  11. Run mmc.exe as Administrator
  12. Add the Certificates snap-in and select Computer Account on the Local Computer
  13. Import the .cer file into the Personal certificate store
  14. View the certificate, go to the Details tab and copy the Thumbprint Value data to the clipboard
  15. Run cmd.exe as Administrator
  16. Run the certutil repairstore operation on the imported certificate; replace <thumprint> with the Thumbprint Value data you copied above and if you’re cut’n’pasting the below make sure you type in the double quotes and not use the pasted quotes
    • certutil –repairstore my “<thumprint>”
  17. Refresh the Personal certificate store in MMC and view the certificate for remote.companyname.com; you should now see the “You have a private key that corresponds to this certificate” text added below the Validity section.

Note: If you do try to use the Complete Certificate Request entry in IIS 7.0, you end up with the following error:

“There was an error while performing this operation.

Details: CertEnroll::CX509Enrollment::p_InstallResponse: ASN1 bad tag value met. 0x8009310b (ASN: 267)”

Steps 11-17 above achieve the certificate request completion without error and restores the private key association with the certificate.

I’ve primarily added this blog post for myself, so if the sequence is a bit terse, please let me know and I can flesh it out with some screenshots to help out.

Tuesday, August 25, 2009

Restoring Computer Description in the Network Folder on Windows Vista and Windows 7

OK, this is definitely a rant. One of the biggest UI changes made to Vista and 7 that really gets my back up is the inability to add the Computer Description as a column to the Details view in the Network folder. A lot of organisations name their PCs by asset number, service tag, or use an auto-increment through RIS/WDS/etc.
I suppose Microsoft consider that small businesses will name their PCs on a personal or role-based model and that Enterprises will use an appropriate Service Desk application for finding PCs in the network, but apparently removing a folder view that was available in XP is definitely a regression in my books.
A picture paints a thousand words, so here’s a folder view from XP:

Name provides the NetBIOS/DNS Name of the PCs in the network and Comments provides the Computer Description field found in the Computer Name tab in the System Properties window.
Here’s the corresponding default view from Vista/7:

Try as you might, you can’t add the Computer Description column to that view.
After much cursing, wailing and gnashing of teeth I managed to find a way of getting around this, thanks to “Rico Dog” at this Windows Vista IT Pro Forum post. The solution is to use an existing Windows XP PC to get a shortcut copied across to your Vista/7 machines. if you don’t have an XP machine, consider using Virtual PC and XP Mode on Windows 7 or running up a Windows XP virtual machine using Virtual PC 2007 on Windows Vista.
Here’s the process for getting the shortcut:
  • Open up My Network Places
  • Open up Entire Network
  • Open up Microsoft Windows Network
  • Drag the required workgroup/domain icon to the Desktop
  • A shortcut for the workgroup/domain will be created on the Desktop
  • Copy the shortcut from the Desktop over to your Windows Vista or Windows 7 PC
  • Open up the shortcut
You’ll now have a window looking like:

The Comments column contains the Computer Description fields for the corresponding PCs.
There must be a way to do this through the GUI, or even create the script via VBScript/Powershell but I haven’t worked it out yet.
Hope this helps anyone else trying to achieve the same thing.

EDIT: an anonymous commenter (thanks!) mentioned that creating a folder named "Network.{208d2c60-3aea-1069-a2d7-08002b30309d}" without the quotes will enable this functionality without a need for an XP/2003 system. The reference for the source is the following TechNet Forum post.