Special Thanks

I would just like to give all of our readers out there a Special Thanks for helping us make this blog so enormously successful.

We have only been around for a few months, but have seen our popularity balloon and have really enjoyed the feedback. Paul and I really enjoy writing this blog and we sincerely hope that it is enjoyable and helpful to our readership.

I would also like to thank Kurt Shintaku, who posted a link and mentioned Paul’s article on Why IE crashes. Thanks Kurt. I will also say that after taking a look at Kurt’s blog I am equally impressed.  The blog can be found here. Enjoy…… http://kurtsh.spaces.live.com/

Google Chrome: There And Back Again

Okay, so I’ll admit it: I like Google Chrome.  Lots.

It’s fast, it’s clean, and it’s a pleasure to use.  The combined address and search bar (why don’t all browsers do this?) is nice and prominent, the other required UI widgets are easy to click, and the software generally gets out of your way and lets you do your job.  Exactly what I like in a browser, and such a change from IE’s constant nagging and messy UI.  And perhaps most importantly, for me at least, it’s secure: sandboxed, proven rendering engine, and rarely-targeted due to it’s obscurity.  In fact, it was the only browser to (mostly) survive CanSecWest’s pwn2own security contest – although Opera wasn’t included (but they’re used to that).

It might not be perfect: bookmark support is rudimentary at best, there is no support whatsoever for feeds, and certain areas are a bit unpolished, like the awkward brilliance of its file downloading UI.  But I don’t really mind: I don’t use these features anyway.  I just want the browser.

So, I jumped ship.  I boldly clicked on the ‘Make Google Chrome my default browser’.  I even unpinned IE from my taskbar.

At first, it was a beautiful thing.  Fast, clean browsing!  And I was supporting a different evil empire!

But things soured quickly.  Supposedly, Chrome isolates each tab in a separate sandbox, so if one dies, the browser lives on.  I’ve seen this in action, and it does work.  Sometimes.  But apparently not always, because browsing Google Analytics always triggers a crash by the time I’m three or four pages in.  Oh, sure, it’s (as always) Adobe Flash that’s actually crashing, but it’s bringing Google Chrome down with it.  And not just the tab: the whole browser stops responding, and I have to kill it with Task Manager.

And then, I did another crazy thing: I clicked a link in Outlook.  Well, Google Chrome fired up just fine… and then did nothing.  No page.  Nothing.  Just an ocean of white.  For some reason, it won’t actually load the links the shell passes to it.

Now, I’m sure there’s a solution here.  It’s probably quick and easy – if you know it, leave a comment – but you know what?  I don’t care.  I should not have to troubleshoot such a basic feature: that’s Google’s job, and they failed.  And yes, technically, Google Analytics crashing is Adobe’s fault, but if I can’t even use Google Chrome to browse Google Analytics without it dying on me, then fuck that.

So once again, I’m back to IE.  Not because I like it.  Not because I’m too lazy or complacent to try alternatives.  Because the damn thing actually works.  Google: please fix your shit.  I like it.  I want to use it.  I want to ditch IE.  But I need a browser that actually WORKS.  And while you’re at it, quit using Flash all over the place.

Next Generation TCP/IP Stack

Undoubtedly, one of the biggest sources of complaints from adopters of Vista and Server 2008 has been the new Networking UI and some of the shit that goes along with it. Yes, even I, have sat staring dumbfounded drooling incessantly as  Vista seemingly takes over and “Network Awareness” tells you that your perfectly configured router is incapable of accessing the internet or you are totally unable to even browse network shares on computers around you. WHY>>>AAARGH!!!!

The frustration, the agony, and the eventual exorcism and sacrifice of the Vista Demon that has brought unspeakable amounts of suffering to you and the pane-glass living room sporting a perfect IBM-sized hole are immeasurable. But wait, why would Microsoft do this, surely there is some reason, right?

Unfortunately, for many of us, that answer for the time being may be “No.” There isn’t a lot of apparent usefulness. But, that doesn’t mean that there aren’t any improvements at a lower level actually making the OS work better…in fact there really are (really, I’m not bullshittin ya!). Microsoft, as usual, has done a really terrible job in showing the average user why they should care about any of these configuration options – but for the IT professional- some of these changes DEFINITELY bring increased reliability and lower TCO (Total Cost of Ownership). 

Vista and Server 2008 have a completely re-written TCP/IP stack that is now referred to as the Next Generation TCP/IP stack. It replaces the venerable, well-known, but buggy standard Windows TCP/IP stack that was basically unchanged since the Windows 95 days. Let’s face it, with the role that TCP/IP has assumed in modern computing, and the demands that have been placed on this protocol suite, it is no wonder that the Microsoft Engineers wanted to tackle this one. Undeniably, nobody imagined that this 70s era protocol would be robust enough and able to keep up with streaming media, VOIP, and the massive routing that packets are forced to go through nowadays. It is the next generation TCP/IP stack that makes it all work just a little better.

One thing I want to say now. DO NOT DISABLE IPV6 IN ANY PRODUCTION SERVER. THE RESULTS CAN BE CATASTROPHIC! (This one is for you Devon) I don’t say this out of personal experience, but my fellow colleague can vouch for it!  With that little not-so-casual warning out of the way…Let’s jump into this.

The changes in the TCP/IP stack not only apply to IPV6, but also apply to our trusted friend IPv4.

Here are some of the changes:

Modified Fast Recovery Algorithm

This feature provides the ability for windows to alter the way in which a sender can increase the sending rate if multiple segments in a data window are lost and the receiver has acknowledged the partial data receipt.  The end result here is greater reliability and speed.

Network Diagnostics Framework

Provides a framework within the stack that can help users recover from networking errors and troubleshoot networking issues. Often, to understand the information this framework present still requires a thorough understanding of networking in general.

Compound TCP 

This is an optimization that is able to increase the amount of data sent in a connection without adversely affecting other TCP/IP sessions.  This often does produce a noticeable speed increase.

Automatic Black Hole Router Detection

This particular enhancement is hugely useful in network segments that have lossy routers and general patchiness. This actually forces TCP connections to not terminate when an intermediate router is silently discarding large TCP segments and will force the connection to stay alive even when error messages and retransmissions occur. The end result here is reliability.

Automatic Dead Gateway Retry 

Similar to above, except that it will actually periodically try to contact and unreachable gateway and will start utilizing it once it is alive. This, too, adds to the overall reliability of a TCP network.

Spurious Retransmission Timeout Detection

Offers correction for sudden increases in retransmission timeouts and prevents unnecessary retransmission of segments. This can have a huge impact on speed in an environment with some unstable routing equipment.

The following apply to IPv6 only.

 

Link-Local Multicast Name Resoulution

At some point in time, this little feature is going to become hugely useful –especially for the technically challenged setting up a Vista or Server 2008 home network.  This little feature will actually allow IPv6 clients to be able to resolve host names without a DNS server provided that the hosts are all on one single subnet.  This will greatly increase reliability, especially in small business environments.

 

Random Interface IDs

This feature helps thwart scanning attacks based on Networking equipment manufacturers company IDs Basically, it generates random interface IDs for auto-configured connections including public and link-local addresses.

 

This list is by no means an exhaustive one, but I hope that it helps highlight some of the strides forward that Microsoft has taken in developing this stack.  While we all hate change, at some point in time we WILL all be using IPv6, so why not get ahead of the curve now and learn how to leverage this technology into grater performance for your IT environment. Change is inevitable, it brings some pain, but 5 years from now we will all be reaping the benefits of our highly robust computing platforms.

Server2008 networking is a giant leap forward, so get your game shoes on and save yourself the cost of a new window!

Internet Explorer: Fix IE8 DEP Crashes

Well, now we have IE8.  Wonderful.  I was bored of the mere half-dozen browsers we had to test against before. And there’s nothing to inspire confidence in a new version of IE like inexplicable crashes when it’s installed on a clean Windows XP SP3 machine:

image

(To the nitpickers out there: yes, that’s Windows 7, not Windows XP.  And no, this problem might not happen under Windows 7.  I’ve just browsed to res://ieframe.dll/acr_depnx_error.htm to get a screenshot of the error.  Trust me, under WinXP SP3, it happens.)

The error text is:

Internet Explorer has closed this webpage to help protect your computer

A malfunctioning or malicious add-on has caused Internet Explorer to close this webpage.

Windows Data Execution Prevention detected an add-on trying to use system memory incorrectly. This can be caused by a malfunction or a malicious add-on.

Ask Microsoft or Google, and they’ll just tell you exactly what the error itself tells you: an add-on screwed up.  And you know what?  They’re right.  Kind of.  Hell, maybe Flash or Acrobat is to blame for some of you out there.  Try disabling add-ons, see what happens.

But on a clean install of XP (read: no Adobe bullshit), I still got that message.  I disabled every add-on listed.  Same shit.  So what’s going on here, and who can I blame?

Believe it or not, I’m blaming this one on Sun!  I tracked the problem down to the Microsoft Virtual Machine, the old Java VM Microsoft was forced to stop developing and supporting thanks to Sun’s pointless legal assault.  God only knows why Sun would want Java less supported.  Perhaps it’s so the only way to run Java these days is through Sun’s VM, which reminds you, every fucking month like clockwork, that THERE’S A JAVA UPDATE AVAILABLE AND SUN IS AWESOME AND DOWNLOAD OPEN OFFICE NOW NOW NOW!

The solution: uninstall the Microsoft VM (which you should do anyway, it’s old and unsupported).  That fixes IE; I leave to you the decision whether it’s easier to live without Java or put up with Sun’s bullshit.

Luckily, there’s a tool Microsoft has that will remove the VM.  Get it here:

http://support.microsoft.com/kb/826878

Ha!  And you thought Microsoft had your back here!  You should know by know the entire IT world is against you all the time.  Try here:

http://www.softpedia.com/get/System/System-Miscellaneous/MSJVM-Removal-Tool.shtml

Anyway, once you get this tool, just run it and pray you didn’t have anything that depended on that tool, because there’s no going back.

Server 2008 Boot Process – Making a boot disk.

Today’s topic is something that virtually nobody has paid any attention to with both Vista and Server 2008, yet the assumptions behind not investigating the very way both Vista and Server 2008 boot will undoubtedly have catastrophic ramifications for some poor tech somewhere.

While not well known, the whole process in which server 2008 boots is dramatically different from previous versions of Windows. Moreover, it is precisely these differences that make it so critical to know how to make a proper boot disk for Server 2008 and know where to start troubleshooting when your server just sits there and taunts you with flashing lights and spinning fans with Windows nowhere to be found.

The classic Windows NT boot process is well known and goes like this.

1. You power on the machine which then goes to the startup BIOS.

2. The Start up Bios loads and performs the Power On Self Test (Post)

3. The startup bios loads the Master Boot Recod of the active partition which then loads up the partition boot record.

4. The boot sector loads NTLDR which then loads the following.

boot.ini

ntdetect.com

ntoskrnl.exe

system registry hive

device drivers

hal.dll

At this point, if all has gone well, you will now be looking at a running Windows NT, XP, Server 2003 machine.

In server 2008, instead of loading NTLDR a new file called bootmgr exists.

Bootmgr then rus the following

Boot Configuration Database (BCD)

Winload.exe

ntoskrnl.exe

system registry hive

device drivers

hal.dll

Then bootmgr passes control to ntoskrnl.exe and the boot sequence is complete.

As can be clearly seen, the traditional boot disk files are of no use in server 2008 as the machine boots in a completely different fashion. Furthermore, when a boot disk is made, it is unique to the server 2008 box it was made for as the BCD file needed for the boot disk contains a system GUID that must match the system upon which it is booting.

Making a boot disk is accomplished in the following fashion.

1. Format a floppy in your Server 2008/Vista machine using the quick option.

2. Open a command prompt with elevated privileges and run the following lines.

MKDIR A:\BOOT

XCOPY /H C:\bootmgr A:\

REG SAVE HKLM\BCD00000000 A:\BOOT\BCD

With this, you have now created the file structure needed for a server 2008 boot disk, and have also copied the files needed for boot.  You will notice that copying the C:\Boot\BCD files directly to disk will fail as these are actually loaded as hives in the registry and locked.  The hive that they reside in HKLM\BCD00000000 is a hidden registry key and cannot be seen from within regedit.exe.

After creating your boot disk, I would “highly” suggest that you test it once or twice, label it and put it away somewhere safe for “a rainy day”.

 

Cheers!  

The Origin of Apple’s New iPod Shuffle

[Scene: Deep underground within Apple’s gargantuan corporate headquarters. The throne room is massive. White. Brightly lit. And above all: utterly quiet. Along the walls, countless silhouettes of drug-crazed dancers gesticulate wildly, their fear of imminent death betrayed only by their desperate grasp on their iPods and occasional silent tears falling to the sterile floor. In the precise center of the room, perched atop an Apple-shaped dais, sits the Dark Lord himself, dressed in a fine ceremonial black turtleneck and exquisite blue jeans. He sips a Half-Caf No-Foam Venti Caramel Double Latte as he expertly balances a MacBook Pro upon his scaly knee in a cruel, mocking parody of his idle followers worldwide.]

Rat King: Uh… Noble One…?

Steve Jobs: [Softly] You come bearing news, my apprentice?

Rat King: The data you requested has arrived. They bought it, my lord. I can’t believe they actually bought it! We sold them an iPod without a fucking screen! We are truly the Gods of these mindless zealots!

Steve Jobs: Of course, my youngling. You should know by now that our domination over the forces of reason within our market segment is complete.

Rat King: Yes, my lord. But it had no screen! I never thought…

Steve Jobs: SILENCE!

[Moments pass. The Rat King trembles. The Dark Lord takes a loud sip from his Venti Caramel Double Latte.]

Steve Jobs: Still you have no faith? Very well. Perhaps you need a more… explicit demonstration.

Rat King: I shall obey, my Lord.

Steve Jobs: Send word to our High Priests. They are to produce an iPod with no screen and NO BUTTONS!

[The Rat King gasps. One distant silhouette stops dancing. An instant later, her quiet screams of agony are heard as her faceless form collapses and is drawn into the white. A replacement materializes in the same moment, the poor child dancing before she touches the ground.]

Steve Jobs: This device shall speak to our disciples. It shall bring them the True Word of our order, for the Foretold is nigh.

[The Rat King kneels and touches his ugly head to the Apple dais as the scene slowly fades to white.]

Remote Web Workspace Really Wont Work! (RWW Squared)

For those of you not familiar with it, Windows Server 2003 Small Business Server offers a really slick feature that enables small business users to harness the power of terminal services cheaply and effectively without the need of any fancy port forwarding on the firewall or a terminal server. The technology is often called RWW and it basically sets up and forwards users to their own computer in the workplace just by logging on to a secure website.  For the most part it is great – until it just doesn’t work.

The service isn’t without it’s problems. First of all, numerous changes to Internet Explorer over the years in response to the thousands of vulnerabilities and security threats have basically made it impossible for the computer challenged to get RWW working without some IT assistance. The program, realistically, requires you to add your corporate site to IEs trusted sites list, enable the disable-by-default (and very much hidden active-x control which shows up as a little gear on the lower right hand corner of IE), and actually log in one time to hold these settings. Moreover, it seems every round of MS Updates seems to knock these settings back to their defaults leaving users frustrated and grumpy.

But these are minor inconveniences when compared to a problem to which my good friend and knowledgeable colleague, Devon put me on.

In fact, under certain circumstances, Remote Web Workplace won’t work at all despite having the active-x control  (supposedly) enabled and installed, the site added to the safe sites list and having a valid certificate installed.  There is a problem at a deeper level that has to be addressed on some installations of Windows XP SP3.  Oddly, enough the active-x control doesn’t even show up at all, so there is no way to re-enable nor any indication that it actually isn’t enabled.

While this problem can actually manifest itself in many ways, the one that my colleague specifically ran into was using RWW.

The error message he received was

“This Web site requires the Terminal Services Client, which does not appear to be installed on this System. Install the latest client and ensure that you have the most recent Windows Updates before continuing.”

The fix, if needed, involves a little registry hack and then re-registering one dll file. It is rather simple and is only actually needed is this particular line in the registry appears. If the following line doesn’t appear in the registry, then your issue may not be related to this and I would suggest going over the basics again.

Anyway, here’s the fix:

1. Remove the following registry key if it exists.

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7584C670-2274-4EFB-B00B-D6AABA6D3850}

2. Close Internet Explorer and try it again.

IF it still doesn’t work, then re-register mstscax.dll file in the following manner

  1. Exit Internet Explorer.
  2. Click Start, click Run, and the type or copy and paste the following text in the Open box, and click OK:

    %windir%\system32\regsvr32 mstscax.dll

  3. At the confirmation prompt, click OK.
  4. Restart Internet Explorer, and try to connect to your small business server.

And that’s all there is to it.

If you would like more detailed information, the whole fix and all of the manifestations of the issue can be found at

http://support.microsoft.com/default.aspx?scid=kb;EN-US;951607

 

I sure hope that this saves at least  one of you a lot of frustration and time. I can imagine how infuriating this would be!!!! Now RWW Really Will Work!!!!!!

WCF: Basic Troubleshooting and More Resources

If you ran into a problem anywhere in the last few WCF articles I wrote, here are some things that might be giving you trouble:

Different Versions

If you know what you're doing, WCF is supported under many configurations.  When you're just getting started, though, you want everything to be as simple as possible.  You'll have by far the best experience using these versions:

  • .NET Framework 3.5 with SP1
  • Visual Studio 2008 (avoid Express editions)
  • IIS7 (Windows Vista, Windows Server 2008, Windows Seven, or Windows Server 2008 R2)

Configuration Files

Editing the configuration files will probably be the toughest part of this tutorial.  Take the time to fully examine all the XML so you understand what each node does.  Even if the error seems cryptic, it will probably at least point you to the part of the configuration that needs fixing.

Case Sensitivity

This one is for all you VB developers out there.  Take heed: these configuration files are case sensitive!

Security Errors

You shouldn't need to do this, but it can often help to run VS2008 as an Administrator to help rule out any security related problems.

Integrated Authentication

If you enable Integrated Authentication, you may receive this error:

Security settings for this service require 'Anonymous' Authentication but it is not enabled for the IIS application that hosts this service.

If so, you'll have to adjust your configuration files to match your IIS configuration.  For more information on this, see my post titled Using IIS and Windows Authentication to Secure WCF Services.

More Resources

Hopefully, you now have a basic understanding of how to at least get a really simple example running under WCF.  If you learn by experimenting, you should be away to the races.  If, however, you'd like to read a bit more about WCF before setting out on your own, here are some helpful pages you might not find on your own:

  • MSDN's introduction to WCF.  This should be your first point of reference.  The Getting Started Tutorial is a bit lengthy and complex for beginners, but it is very good reading for those who want to learn the 'Microsoft' way of doing WCF.  Highly recommended.
  • Nikola Dudar's Blog.  Here you'll find a similar approach to this article.  Based in C#, this tutorial focuses more on the VS2008 tools and features available to help you write WCF services.  It also introduces the WCF Service Host, a very helpful little utility.
  • If broken it is, fix it you should.  This is a C#-based introduction that goes into a little more depth on the code side of things.
  • Kirk Evan's Blog.  Here's a trick to invoke WCF services dynamically, which is very helpful if you don't have the metadata of the service you're calling available until runtime.
  • J.D. Meier's Blog.  This blog has a huge list of articles and videos to help you out with a variety of security-related topics.
  • All About Interop.  This site has a wealth of WCF-related information.  You'll find lots of details on connecting your application with others through WCF, as well as some great screencasts and guides.

Copyright © 2010 Paul Guenette and Matthew Sleno.