Useful Network Connectivity Tool

Off the back of my previous Windows Server Developer Preview problem I also came across the Microsoft Internet Connectivity Evaluation Tool. Quite useful for determining the NAT capability, ECN capability, TCP throughput, UPnP capability and multiple connection capability of your router.

Windows Server 8 Developer Preview - Networking Problem

So I fired up a copy on a spare whitebox only to find HTTP and SMB outbound traffic timing out. Bizarrely ping and traceroute were working, so ICMP and UDP were working, as was inbound SMB connections – just not outbound. Did the usual tricks – upgrade network drivers, disabled NIC-based offloading and modified the usual suspects via netsh (Task Offload, Chimney Offload, RWIN tuning) to no avail.

It this point I compared the ‘netsh int tcp show global’ and ‘netsh int ip show global’ outputs with the defaults from a Windows Server 2008 R2 box and noticed that ‘ECN Capability’ in the TCP Global Parameters for Windows Server 8 Developer Preview was Enabled. I set this to disabled using:

netsh int tcp set global ecn=disabled

and outbound connectivity was established.

Images Are Fixed Now

I've restored all the blog images now. Did I mention I hate Picasa Albums?

Broken Images on Blog :-(

I've broken all but one image reference on the blog :-( Please be patient with me while I resurrect them - somehow Windows Live Writer can open the blog post entries with the images intact. Frakking Picasa albums!

Windows DHCP Server – MMC Console Icons Reference

The DHCP Server MMC Snap-in annoyingly doesn’t have a legend for what the icons mean. Every time I debug a DHCP Server-related issue I’ve forgotten what the icons mean from the last time I’ve done it.

Here are the references up on TechNet:

DHCP console icons reference - Windows Server 2003, 2008

DHCP console icons reference - updated for Win2008 R2

Emulating %LOGONSERVER% For Computer Startup Scripts

%LOGONSERVER% is a useful environment variable to use in logon scripts to see which DC has serviced your request and can be handy to reference if you want to access additional files/shares on the DC. Unfortunately this environment variable is only accessible after logon and isn’t useful for computer startup scripts.

When I need to access the DC that’s providing me with GPOs during a computer startup script I emulate %LOGONSERVER% with the following code:

for /f "tokens=1 delims=\" %%i in ('@echo %0') do set DOMCTLR=\\%%i

%DOMCTLR% can now be used in the same way that
%LOGONSERVER% is used.

Workarounds For When “Add Virtual Hard Disk Wizard” Fails (Which Seems To Be All The Time…)

Adding new fixed sized VHDs using the Add Virtual Hard Disk Wizard in the Hyper-V console for some reason has stopped working for me on just about all my installs, with no errors logged. The VHD is created, but the progress slider bar never progresses and it will sit there, forever. It’s got to the point where I don’t use it and haven’t the time to debug the underlying cause.

A GUI-friendly way to work around this problem is to point Computer Management at the Hyper-V host and use Disk Management to Create the VHD.

Another way of doing this quickly is by using VHD Tool – although this doesn’t zero out the VHD and can leak information from the Hyper-V host and previous virtual machine’s disks into the newly created VHD. It is a great tool for lab work though.

Diskpart can also be used to create the VHD from the command line on the Hyper-V host. The command to do this is:

create vdisk file=”d:\path\to\file.vhd” maximum=<size in MB> type=fixed

Navigating Remote Symlinks on a Windows Server from a Windows Client (or, Poor Man’s DFS Links Without DFS Installed)

I set up a bunch of symlinks in a share on a Windows Server 2008 R2 install, pointing to a range of different UNC paths. My testing on the server showed that the symlink traversal was working fine, but on a Windows 7 install I was getting the following error:

“The symbolic link cannot be followed because its type is disabled.”

Odd error. After much mucking about I found that the fsutil command is used to control this behaviour. The following command was used to display the current symlink evaluation methods:

fsutil behavior query SymlinkEvaluation

which resulted in the following:

Local to local symbolic links are enabled.
Local to remote symbolic links are enabled.
Remote to local symbolic links are disabled.
Remote to remote symbolic links are disabled.

Bingo. The Remote to Local evaluation mode is disabled, which is causing the error. Local to Remote evaluation mode is enabled, which is why the symlink traversal was working on the server. I verified that the problem was resolved by issuing the following command on the Windows 7 install:

fsutil behavior set SymlinkEvaluation L2L:1 L2R:1 R2R:1 R2L:1

Excellent, the symlinks are now followed without error. Finally I rolled out the above change via Group Policy. The four modes can be controlled by using Group Policy Editor and navigating to Computer Configuration > Administrative Templates > System > Filesystem and configuring "Selectively allow the evaluation of a symbolic link".

Outsourced Authentication – Smart or Dumb?

A couple of months ago I closed my Facebook account, partly because of the continual privacy abuse by Facebook, but mostly because of what I thought was poor tooling for managing my social graph and timeline.

Since that point I’ve noticed more and more companies outsourcing their authentication mechanism to Facebook. Smart or dumb? Smart, because you’ve offloaded a password database that you can’t lose or have compromised, although you still have a client database that can. Dumb, because you’ve lost a prospect or customer like me.

If you’re going to outsource authentication it might be an idea to use OpenID instead. OpenID Explained is a good site to understand how OpenID operates. It’s worth noting that most of the major Web players are already OpenID Providers. If you don’t have an existing account with an OpenID Provider, then MyOpenID is a good place to start.

Office 2010 SP1 Is Death For Access Developers

My talented wife started complaining last week that Microsoft Access started continually crashing trying to open databases after performing some design modification.

Some cursory debugging wasn’t providing consistent bugchecks, so rather than putting more effort into understanding the symptom I then looked for a cause. Design edits were working the week before the crashes so I then looked at updates. Office 2010 SP1 had been installed during that time, so I uninstalled SP1 and tried again. Bingo, database editing no longer resulted in Access crashes.

If Access databases are suddenly crashing on you for no reason, check to see if Office 2010 SP1 is installed.

FreeBSD 8.1, 8,2 and Hyper-V R2 SP1 Install Problem - Use Fixed Size VHDs

Just tried installing FreeBSD 8.1 and 8.2 virtual machines on a Windows Server 2008 R2 Core install with the Hyper-V role installed and with SP1 applied. newfs created the file systems just fine, but the distribution unpacking would cause random kernel panics, throwing ‘ufs_dirbad: bad dir ino XXX at offset XXX: mangled entry’ errors.

I’d created the VHDs as dynamically sized VHDs. I blew these away and created fixed size VHDs and attached them to the VMs. I’ve been repeatedly performing full distribution installs without error. I managed to find a Hyper-V R2 box without SP1 and couldn’t replicate the install problem with dynamically sized VHDs, so Microsoft have introduced a problem with SP1.

If you’re seeing disk-related problems with your UNIX/UNIX-like VMs on Hyper-V, check to see if you’re using dynamically sized VHDs and convert them to fixed size VHDs to see if this fixes the problem.

Running chkdsk on a Drive Allocated to Windows Server Backup

Occasionally I see Windows Server Backup throw odd errors pointing to problems with the disk allocated to Windows Server Backup, such as the bizarre “There is not enough space on the disk” – bizarre in that Windows Server Backup is supposed to automagically manage the disk space allocation and tidy up.

The normal course of action would be to run chkdsk /f on the drive, but the drive doesn’t have a drive letter allocated to it. Nor are you supposed to allocate a drive letter to it. The solution? Use the Volume GUID.

To find the Volume GUID, type in the following at an elevated Command Prompt:

mountvol

This will return the command syntax for the mountvol command, followed by the existing volumes and their mount points. We’re interested in the Volume GUID immediately above this line:

*** NO MOUNT POINTS ***

It will look something like this:

\\?\Volume{12345678-1234-5678-9abc-123456789abc}\

We now take this Volume GUID minus the trailing slash and feed it to chkdsk, like this:

chkdsk /f \\?\Volume{12345678-1234-5678-9abc-123456789abc}

This will then allow chkdsk to perform a consistency check and fix of the drive allocated to Windows Server Backup without needing to allocate a drive letter.

Cannot Install RSAT on Windows 7 with SP1

If you try and install Remote Server Administration Tools for Windows 7 on a Windows 7 PC with SP1 installed, you’ll get the following error: "The update is not applicable to your computer."

Either install RSAT prior to installing SP1 or wait until Remote Server Administration Tools for Windows 7 with SP1 is released in Spring 2011 (March-May for those of us who are Northern Hemisphere challenged).

IPocalypse Now + Resources to Learn IPv6

Happy IPocalypse Day – APNIC today were allocated the two remaining /8 networks from IANA. This means that all the free IP addresses have now been assigned to the various regional registrars and that the free pool of IPv4 addresses will be used up over the coming years (months?), which will make life interesting for hosting businesses. It’s probably a good idea to track the Potaroo blog if you’re interested in global IPv6 developments.

If you've got anything to do with the operations of a computer network or deal with hosting in any way now's the time to start learning about IPv6. Here are some useful links to Web sites and books to learn about IPv6:

Sites:
IPv6 Survival Guide - TechNet Wiki
Microsoft Internet Protocol Version 6 (IPv6) - TechNet
The Lazy Admin - IPv6 101–Part 1
The Lazy Admin - IPv6 101-Part 2
The Lazy Admin - IPv6 101-Part 3
The Lazy Admin - IPv6 101-Part 4

Books:
IPv6 Essentials, Second Edition (Silvia Hagen, O'Reilly Media)
IPv6 Network Administration (Niall Richard Murphy & David Malone, O'Reilly Media)
Understanding IPv6, Second Edition (Joseph Davies, Microsoft Press)

For those of you that dislike anything Microsoft please don't dismiss those links or books. Microsoft to their credit have been very proactive in the deployment and transition of IPv6 and have some excellent IPv6 resources. If you have any good IPv6 resources not listed above, please share them! I’ll update this post accordingly.

Windows Home Server on Hyper-V – Resizing the Partition

Yes I know that Windows Home Server has Drive Extender. Yes I know that Drive Extender makes adding storage space easy and is a brilliant piece of technology. However I wanted my WHS install to have a resilient System disk and besides, I didn’t have a spare box for WHS. So I put it on my server running Hyper-V, but clearly didn’t give it enough disk space.

So here’s the process for adding more disk space to a virtualised WHS install:

• Shut down the WHS virtual machine
• Use the Edit Disk action to increase the capacity of the VHD file used by the WHS virtual machine
• Start up the WHS virtual machine
• Log in to the desktop on the WHS virtual machine
• Run Command Prompt
• Run diskpart
• select disk 0
• list partition
• select partition 2 (assumes that you’re using one VHD file and you want to extend the single data partition to fill the unused disk space)
• extend
• exit

Yes I know you’re not supposed to do this. Yes I know you’re supposed to add additional disks (by adding another VHD file). But this works fine for me. YMMV, so take a backup first!

Compiling Firebird 1.5.x on FreeBSD 4.x Requires GCC 3.2

Note to self: when compiling 5+ year old code on a 5+ year old operating system, it helps to use a version of GCC that compiles the resultant code cleanly and more importantly in a portable manner.

GCC 3.3 has a broken libstdc++ that prevents static linking – you end up with unresolved symbols.

Both GCC 3.3 and GCC 3.4 will end up requiring dynamic linking of libstdc++ and libgcc_s – not helpful if you’re trying to be portable and don’t want to pollute a system with the gcc33 or gcc34 package.

Hopefully I’ve seen the last of this problem, but if I don’t write it down now it will only turn around and bite me in several years time

Resetting MMC User Preferences (Restoring Column Sort Orders)

One of the things that annoys me about MMC is the inability to remove column sort orders. In particular I like the default sort order for the DNS Manager snap-in, but once a column sort order has been applied there is no way inside the MMC console to remove column sort orders to revert to the default unsorted view.

The only way to restore the default view is to remove the customisation file for the MMC snap-in in question.

The MMC snap-in preferences files are located at:

%APPDATA%\Microsoft\MMC

Make sure the MMC snap-in is closed, then rename the snap-in preference file by adding a suffix like “-old”. Restart the MMC snap-in and it will be reset to its default settings.

When the PC BIOS Doesn’t Support Booting From CD-ROM

One of my clients had a bunch of older Pentium 4 PCs that they wanted configured as proxy servers for their branch offices.

My Open Source OS of choice is FreeBSD and I planned to use this along with squid as the proxy server.

So I downloaded and burnt a FreeBSD 7.2 ISO. I managed to install it successfully on two PCs, but the CD failed to boot on the other three. So I swapped the CD-ROM drive for a working one. Still no luck. I wasn’t particularly interested in performing a floppy/FTP install and getting the FreeBSD ISO booting from a USB thumb drive was a non-trivial exercise.

What I ended up doing was to use Smart Boot Manager. I used fdimage.exe from the Tools folder included with FreeBSD 4.8 to write out sbm.img to a floppy, then ensured the floppy in the recalcitrant PCs was working. Hey presto, one boot menu allowing me to boot off the CD!

Don’t Use An SMP Kernel When Virtualising FreeBSD 6.4 On VMWare ESX/ESXi

One of my clients has some FreeBSD 6.4 installs on hardware that is slowly dying and asked me to virtualise them onto an HP ProLiant ML350 G5.

The HP ProLiant had been running a Windows Server 2003 VM and a Windows Server 2008 VM on top of a Windows Server 2008 Core install with Hyper-V reliably, but these VMs were no longer in use and surplus to requirements.

I blew away the Windows Server 2008 Core install and installed VMWare ESXi 4.0 with the HP customisations. I then installed FreeBSD 6.4, copied across all the data from the physical install and proceeded to build the required ports.

This is where all the problems started. Random signal 11 crashes started occurring throughout this build process.

So I quickly created a new VM and installed FreeBSD 7.3 to it. Again, installation was no problem. Copied across all the data and successfully built all the ports. Only problem is the servers in question run an old Linux binary. This binary would start up successfully but would not accept any network data. Changing the linux_base port from the old RedHat 7.3 one to the current Fedora Core 4 one made no difference.

At this point I walked away and went to bed. By morning I had worked out what the problem was, so I went back to my FreeBSD 6.4 VM, reduced the number of vCPUs to 1 and swapped the SMP kernel for the GENERIC one. All ports then built successfully. The VM in question is now being stress tested for any problems prior to production use.

Moral of the story? Even though your virtualisation stack may support the Guest OS in question, it doesn’t mean that your Guest OS won’t necessarily have problems when virtualised. Perform burn-in/stress tests prior to production use.

The only reference I could find to related problems was on the FreeBSD-stable and FreeBSD-bugs mailing lists:

FreeBSD-stable: Failure to make world for RELENG_6_4

FreeBSD-bugs: misc/133264

Installing a Wildcard Certificate Using SBS 2008 Console

I needed to install a wildcard certificate into an SBS 2008 install. After acquiring the wildcard certificate I installed it into the Certificate Store for the Computer Account, into the Personal Certificates as per the instructions found in “How do I import an existing trusted certificate?” – found by opening SBS 2008 Console, clicking on Network, then clicking on the Connectivity tab and then clicking on the Certificate entry under Web Server Certificate.

Once I’d done that, I launched the Add A Trusted Certificate wizard. Problem is it would only show the self-generated certificate for the SBS 2008 install and not the wildcard certificate.

I got to thinking that a setting somewhere was restricting it to the domain and RWW prefix set in the Internet Address Management wizard, so I went hunting and found a solution.

The workaround is to open up regedit and navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SmallBusinessServer\Networking.

In here you’ll find the two entries that dictate which certificates are displayed in the Add A Trusted Certificate Wizard – PublicFQDNPrefix and PublicFQDNProvider.

To get a wildcard certificate displayed in the wizard you’ll need to change PublicFQDNPrefix to *.

Make a note of the original value, as you’ll need to put it back once you’ve installed the wildcard certificate.

Now open up the SBS 2008 Console, click on Network, click on the Connectivity tab and run the Add A Trusted Certificate Wizard. You’ll now be able to see the wildcard certificate and install it.

Once you’ve successfully installed the certificate, go back to regedit and change PublicFQDNPrefix from * back to its original value.

Windows 7 Experience Index and VMWare Workstation 7.0

Here’s the WEI for my Lenovo ThinkPad T410 (Core i7-620M, 4GB DDR3 RAM, 128GB 2nd Gen Samsung SSD) running Windows 7 Ultimate with latest drivers from Lenovo and the latest laptopvideo2go.com Modded INF for NVidia’s latest WHQL drivers (197.16) – only installed due to the instabilities with Lenovo’s supplied 188.25 ones.

And here’s the WEI for a Windows 7 Pro VM running inside VMWare Workstation 7.0.

Yes, the VM is running Aero with transparency! Also interesting to note that the host must be performing some VMDK caching for the increased score on the hard drive performance.

With these figures I’m going to be spending more time inside VMs than on the host. I was quite stunned to see how well the Internet Explorer 9 Preview ran – in particular the speed tests - inside the VM.

Not A Good Look For A Computer Retailer

Seen at a store in Sydney as their main entry display. Shop name cropped to protect the guilty. Anyone want to buy a PC from here?

NVSPBind – A Command Line Utility For Managing Network Protocol Binding On Server Core Or Hyper-V Server Installs (About Time!)

I had a case a few months back where I’d determined that QoS was screwing over some network connectivity on a Server Core install. On a full install I’d simply use ncpl.cpl and remove the QoS Packet Scheduler binding from the adapter. Not so on the Core install. I had to resort to some registry hacking to disable the QoS Packet Scheduler to resolve my problem.

In my Inbox Zero efforts for my RSS feeds I came across this NVSPBind article on John Howard’s blog. Awesome! This will save some time in the future when enabling/disabling protocols.

Download links are here:

NVSPBind - http://code.msdn.microsoft.com/nvspbind

NVSPScrub - http://code.msdn.microsoft.com/nvspscrub

NVSPScrub helps restores your virtual networking configuration if you happen to screw it up with NVSPBind! :-)

Renewing a RapidSSL Certificate on SBS 2008

I’ve been quite happy using RapidSSL certificates on SBS 2003 boxes, as the RapidSSL root certificates are installed in the certificate store for Internet Explorer, and the certificate also works for Windows Mobile and Nokia smartphones.

However, I’m not so happy using them on SBS 2008, as RapidSSL is not supported by the Certificate Installation Wizard and the RapidSSL Certificate Request field doesn’t support 4096-bit encryption keys which is the default and unchangeable key length for renewing certificates in IIS 7.0.

So this is the foolproof way for me to use RapidSSL certificates on SBS 2008:

1. Open up IIS Manager
2. Select the IIS Server in the left-hand pane
3. Double-click on Server Certificates in the middle pane
4. Click Create Certificate Request in the right-hand pane
5. Fill out the Distinguished Name Properties, ensuring that remote.companyname.com is used for the Common Name (replace companyname.com with your public domain name)
6. Select 2048 for the Bit Length on the Cryptographic Service Provider Properties page
7. Save the request as a .txt file somewhere
8. Open the .txt file and copy and paste the certificate signing request into the RapidSSL renewal page
9. Go through approval process to get your certificate in e-mail
10. Copy the certificate out of e-mail and into a .cer file by using Notepad
11. Run mmc.exe as Administrator
12. Add the Certificates snap-in and select Computer Account on the Local Computer
13. Import the .cer file into the Personal certificate store
14. View the certificate, go to the Details tab and copy the Thumbprint Value data to the clipboard
15. Run cmd.exe as Administrator
16. Run the certutil repairstore operation on the imported certificate; replace <thumprint> with the Thumbprint Value data you copied above and if you’re cut’n’pasting the below make sure you type in the double quotes and not use the pasted quotes
    • certutil –repairstore my “<thumprint>”
17. Refresh the Personal certificate store in MMC and view the certificate for remote.companyname.com; you should now see the “You have a private key that corresponds to this certificate” text added below the Validity section.

Note: If you do try to use the Complete Certificate Request entry in IIS 7.0, you end up with the following error:

“There was an error while performing this operation.

Details: CertEnroll::CX509Enrollment::p_InstallResponse: ASN1 bad tag value met. 0x8009310b (ASN: 267)”

Steps 11-17 above achieve the certificate request completion without error and restores the private key association with the certificate.

I’ve primarily added this blog post for myself, so if the sequence is a bit terse, please let me know and I can flesh it out with some screenshots to help out.

Restoring Computer Description in the Network Folder on Windows Vista and Windows 7

OK, this is definitely a rant. One of the biggest UI changes made to Vista and 7 that really gets my back up is the inability to add the Computer Description as a column to the Details view in the Network folder. A lot of organisations name their PCs by asset number, service tag, or use an auto-increment through RIS/WDS/etc.

I suppose Microsoft consider that small businesses will name their PCs on a personal or role-based model and that Enterprises will use an appropriate Service Desk application for finding PCs in the network, but apparently removing a folder view that was available in XP is definitely a regression in my books.

A picture paints a thousand words, so here’s a folder view from XP:

Name provides the NetBIOS/DNS Name of the PCs in the network and Comments provides the Computer Description field found in the Computer Name tab in the System Properties window.

Here’s the corresponding default view from Vista/7:

Try as you might, you can’t add the Computer Description column to that view.

After much cursing, wailing and gnashing of teeth I managed to find a way of getting around this, thanks to “Rico Dog” at this Windows Vista IT Pro Forum post. The solution is to use an existing Windows XP PC to get a shortcut copied across to your Vista/7 machines. if you don’t have an XP machine, consider using Virtual PC and XP Mode on Windows 7 or running up a Windows XP virtual machine using Virtual PC 2007 on Windows Vista.

Here’s the process for getting the shortcut:

• Open up My Network Places
• Open up Entire Network
• Open up Microsoft Windows Network
• Drag the required workgroup/domain icon to the Desktop
• A shortcut for the workgroup/domain will be created on the Desktop
• Copy the shortcut from the Desktop over to your Windows Vista or Windows 7 PC
• Open up the shortcut

You’ll now have a window looking like:

The Comments column contains the Computer Description fields for the corresponding PCs.

There must be a way to do this through the GUI, or even create the script via VBScript/Powershell but I haven’t worked it out yet.

Hope this helps anyone else trying to achieve the same thing.

Outlook 2007 Crash When Synchronising With Exchange Server

Nice after-Easter problem - Outlook 2007 in Cached Exchange Mode would crash when synchronising with the Exchange Server.

If I started it up in Safe Mode (outlook.exe /safe) it would also crash.

I reconfigured it to not use Cached Mode and it worked correctly.

I managed to fix the problem by renaming outlook.ost and having Outlook rebuild it on next start.

For Vista users, outlook.ost is located at:

C:\Users\<username>\AppData\Local\Microsoft\Outlook

and for XP users it's located at:

C:\Documents and Settings\<username>\Local Settings\Application Data\Microsoft\Outlook.

Making Effective Use of Idle Time (Are You Certifiable?)

Chris Rue recently blogged about a Microsoft Learning online "game" called Are You Certifiable?

The competitor in me wanted to see how I'd go and if I could beat his score of 152,720. So I got 177,213 :-)

Competitiveness aside, AYC is a great way to learn about features of various Microsoft products in a fun way. Beats playing any of the standard games that come with Windows or random browsing of the Web.

So the next time you're waiting for an OS install to finish, why not try beating my score and learning something at the same time? Fun, and hones your technical skills at the same time.

Slow Opening of Office 2007 Documents From a Network Drive

In one of my recent SBS 2008 migrations a user complained that Word and Excel documents could take up to several minutes for the documents to open from a network drive mapped to a DFS share. His laptop was the only Windows Vista machine on the local network at the time.

My initial thought was that IPv6 lookups were stalling the opening of the documents, so I got the user to disable IPv6 according to MSKB 929852. This didn't work.

I remoted in to his laptop and had a look. I got varying load times, from 15 seconds to several minutes irrespective of file size.

I reverted to my old debugging method - opening the file in Notepad. Instant. Every time.

OK, must be a dodgy hotfix. None installed since the problem exhibited itself. OK, someone out in the Intarweb must have experienced this. My Google-fu isn't too bad, but I couldn't find anyone with the exact same problem. This TechArea post on slow DFS access was the reverse to what I was seeing, so I changed the NetBIOS reference (e.g. \\DOMAIN\DFS\Share) to a FQDN reference (\\corp.domain.com\DFS\Share).

Bingo - load times were back to normal!

I've now got a note to migrate all my DFS references from using the NetBIOS name to using the FQDN name prior to any Windows Server 2008 migrations.

Machine Account Passwords and Active Directory

If you've ever wondered how machine account passwords work and haven't been able to find a clear description and process in amongst all the different Knowledge Base articles and TechNet documentation, then I'd highly recommend reading the Ask Directory Services Team blog article on this very subject. It's clear, concise and well written.

I'd also recommend you add this blog to your RSS reader for anything AD related.

Failure in "the Cloud" for Some Australians

 

The Primus Data Centre in Melbourne lost power earlier today - around 2pm AEDT. No big deal you say, it's got UPSes and gensets. What's the problem?

The problem is that either the gensets or UPSes failed big time. It's now 6pm AEDT and the data centre is still having power issues. Thanks to Internode via their network status page and PIPE Networks via their CEO Bevan posting a status report at Whirlpool for letting us know what's going on.

The even bigger problem is the number of customers affected. Netspace - an ISP - were down nationally for around an hour. A number of hosting companies are still down, and a number of ISPs servicing Tasmania transit through this data centre, so their Tasmanian customers are isolated from the Internet.

It's understandable that the data centre lost power, given the recent heat wave in Victoria and the associated infrastructure problems (power, rail) that has caused. It's also understandable that UPSes - even arrays - fail, as do generators. What's not understandable is the number of hosting companies and ISPs that don't provide redundancy for their own infrastructure. Assuming that a data centre is always going to be up and running is a really bad assumption.

The simplest form of redundancy is having an offsite DNS server. That way you can at least respond to DNS queries and gives you options for swinging in temporary services at short notice to explain to customers what is going on. The same can be done for mail using offsite MX and some offsite Web presence, especially for support services.

So if you're expecting 24x7 from a hosting provider, you probably need to ask them how many data centres they're running on and how much redundancy across data centres there is. Even a data centre is a point of failure.

Enabling Remote File Access in Outlook Web Access on SBS 2008

One of the nice features of Exchange Server 2007 that helps eliminates those irksome VPN clients (and the associated configuration pain) is the WSS and Windows File Share Integration.

This facility gives you read-only access to WSS sites and file servers sitting inside your network. Very handy if you need a file when you're on the road and no-one is in the office to e-mail it to you, or you can't use Remote Web Workplace to connect to an internal PC.

By default, Exchange Server 2007 on SBS 2008 is configured to allow access to files on remote file servers, but additional configuration is needed. Specifically, the names of the  servers need to be added.

Fire up the Exchange Management Console, expand Server Configuration and select Client Access.

Right-click on "owa (SBS Web Applications)" and select Properties.

Click on the Remote File Servers tab and click on Public Computer File Access and/or Private Computer File Access and confirm that file access is enabled accordingly.

The settings in these tabs relates to the features available depending on whether you select Private Computer or Public Computer when you log in to Outlook Web Access. Take this into consideration when deciding what you want to enable/disable.

Click on the Remote File Servers tab and click Allow...

Enter the server name you want to allow access, click Add, then click OK. If you want to allow access to the SBS server, enter its name here. Please note that all shares will be available to Outlook Web Access, depending on the user's access to those shares.

Similarly you can click on the Configure... button in the Remote File Servers tab and add "<company>.local" to enable access any WSS applications you have additional to the companyweb application. Replace <company>.local with the DNS suffix used by your SBS 2008 network.

Test your configuration by logging into Outlook Web Access, selecting the appropriate security profile. Now click on the Documents shortcut (you may need to click on the >> link under the OWA graphic to expand the Navigation Pane).

Click on Open Location.

Type in the UNC path to the file share (e.g. \\SERVER\Shared) and click Open.

Outlook Web Access will then display the shared folder contents. Click on "Add to Favorites" if you want to add the shared folder to your Documents Favourites list for quicker access on return visits.

 

Again, please note that this is read-only access - you will need to save any changes you make locally, then copy the changed file when you get back to the office. If you need read/write access without bothering with a VPN client then using companyweb via Remote Web Workplace is the preferred option.

Microsoft File Transfer Manager - Moving In-Progress Transfers to a New PC

When I migrated my SBS2003 box to SBS2008, I had a bunch of downloads queued up in Microsoft File Transfer Manager and the active transfer was a 10GB file that was more than halfway through. My monthly quota before shaping kicks in is 40GB, which is generally more than enough for what I do, but not so this time around.

I didn't really want to delay the migration nor did I want to have to re-download the file, so I looked at moving the in-progress trnasfer to another PC. Here's how I did it:

• Download Microsoft File Transfer Manager
• Install FTM, run it, enable updates and create a desktop shortcut
• Copy the files found at %USERPROFILE%\Application Data\Microsoft\File Transfer Manager from the old PC to the new PC
• Edit ftmTransferList.txt if your in-progress transfers are being moved to a different drive and folder path
• reference is URL encoded: %5C for \, %3A for :
• Copy your in-progress transfer files from the old PC to the new PC
• Export the registry settings found at HKEY_CURRENT_USER\Software\Microsoft\SIAM\FileTransferManager\Settings from the old PC and merge on the new PC
• Run FTM from the desktop shortcut and resume the transfers

Customising the Error Message for IP Block List Providers in Exchange Server 2007

One of the things I did for blocklist error messages in Exchange Server 2003 was to provide the lookup URL for the affected IP address. This makes life easier for the other end when they try to diagnose why their mail wasn't delivered.

Microsoft's Knowledge Base article 823866 details how to go about doing this by using the variables %0, %1 and %2.

When I performed my SBS2003 to SBS2008 migration, I went to do customise the blocklist error messages, but found that %0, %1 and %2 don't work. After some mucking around I found that {0}, {1} and {2} work instead.

Here's the Powershell command I used to add a custom error message for lookups done against the Spamhaus list:

Add-IPBlockListProvider -Name zen.spamhaus.org -LookupDomain zen.spamhaus.org -AnyMatch $True -Enabled $True -RejectionResponse "{1} has blocked your IP address ({0}) using the list '{2}'. Please see http://www.spamhaus.org/query/bl?ip={0} for further information."

Resetting Offline Files in Windows Vista

If you have a need to completely blow away the Offline Files cache contents due to corruption, confusion or sheer frustration, the following steps will achieve this:

Run regedit

Navigate to HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\CSC

Create a new key and name it Parameters

Inside Parameters, create a new DWORD value; name it FormatDatabase

Give FormatDatabase a value of 0x1

Restart your computer.

Unlike Disable Offline Files in the Offline Files Control Panel applet, this process will completely wipe out any Offline Files and any offline changes you have made. This should be a change of last resort. Make sure you have a backup before you perform this action!

TechEd Australia – SMB Pre-Day – SBS/EBS and Virtualisation

The “Ask the Experts Q&A” session is generating some interesting comments about SBS/EBS, virtualisation and support. The useful Knowledge Base articles regarding these topics are:

• Article 897613: Microsoft Virtual Server support policy

• Article 897614: Windows Server System software not supported within a Microsoft Virtual Server environment

• Article 897615: Support policy for Microsoft software running in non-Microsoft hardware virtualization software

• Article 957006: Microsoft server software and supported virtualization environments

.NET Framework 3.5 SP1 Issue With Windows SharePoint Services 2.0

Probably not a good idea to install .NET Framework 3.5 SP1 on your SBS 2003 boxes. A recent SharePoint Team blog post talks about the errors and the resolution if you have done this.