Boot from VHD is Wicked Awesome

Boot from VHD is a great technology that enables you to host multiple self-contained operating systems on a single hard drive. Similar to dual-booting, but you don't have to worry about installing applications over each other or overwriting program file updates because your secondary OS is fully contained within a single virtual hard disk file.

As someone who spends a lot of time at customer sites, I find this invaluable to maintaining a clean, portable secondary environment. My boot-from-vhd enviornment can be joined/disjoined from customer domains without affecting my corporate laptop build; I can run beta apps and install troubleshooting tools without jeopardizing the stability of my daily work computer.

For my installation, I'm using Windows 7 Ultimate as my primary host computer and will install Windows 2008 R2 inside my VM environment.

Requirements:
- Windows Automated Install Kit (necessary for ImageX)
- Windows 2008 R2 Physical Media (or ISO + utility such as Virtual CloneDrive to mount it)

Now, some of you will probaby grumble about needing to download the whole 1.3GB+ WAIK package for less than 1MB of software necessary to perform this task. It does seem ridiculous, that Microsoft has not made it available separately for this specific purpose (and, since WAIK is a free download, most people don't see why you can't just get the tools you need out of it). If you search around, you can find the ImageX pieces available, such as here or here.

If you want to install just the ImageX componets, you need:
- imagex.exe
- intlcfg.exe
- vsp1cln.exe
- wimfltr.inf
- wimfltr.sys
- wimgapi.dll

Extract the files from such a download to C:\Windows\System32; copy wimfltr.sys to C:\Windows\System32\drivers, and then right-click > Install on wimfltr.inf.

Alternatively, download and install WAIK.

Moving on ...

Create a Directory to Store VHDs

1. From Windows Explorer, create a new directory (I used C:\VHD).
2. Yep, that's it.

Create a VHD

1. On the start menu, click Start, type in cmd, and then press Ctrl+Shift+Enter to start an Elevated Command Prompt. right-click Computer, and then click Manage.
2. In the User Account Control dialog box, click Yes.
3. Type compmgmt.msc and press Enter.
4. In the left pane of the Computer Management console, click Disk Management.
5. In the right pane, click More Actions, and then click Create VHD.
6. On the Create and attach Virtual Hard Disk page, specify the location as C:\VHD\Windows2008R2.vhd, the virtual hard disk size as at 50GB, and then set the virtual hard disk format to Fixed or Dynamically expanding (depending on your preference). If it's not something you're going to use often, you can use a Dynamically Expanding VHD to save space. If you choose Fixed, you're going to have to wait for the entire 50GB (or whatever size file it is) VHD to be formatted.
7. Click OK.
8. In Disk Management, right-click the newly-created 50 GB disk, and then select Initialize Disk.
9. On the Initialize Disk page, verify that the VHD is selected. Choose MBR as the partition style, and then click OK.
10. Once the disk is initialized, right-click the unallocated space of the disk, and then select New Simple Volume.
11. When the Welcome to the New Simple Volume Wizard starts, click Next.
12. On the Specify Volume Size page, leave the default values to use the entire disk, and then click Next.
13. In the Assign Drive Letter or Path list, choose an unused drive letter (I chose V:), and then click Next.
14. Under Format this volume with the following settings, specify NTFS for the file system, use the default Allocation unit size, specify a volume name Next.
15. On the Completing the New Simple Volume Wizard page, click Finish.

Mount the Windows Server 2008 R2 Media (If Necessary)

This example uses Slysoft Virtual CloneDrive

1. Navigate to the folder where you have downloaded the Windows 2008 R2 media.
2. Right-click the ISO file, and then select Mount (Virtual CloneDrive E:), where E: is the virtual DVD-ROM letter. Mine just so happens to be E:.

Apply the Windows Server 2008 R2 Image to the VHD

1. Go back to your Elevated Command Prompt (or launch a new one).
2. Run the following command to determine which Windows Server edition you wish to use:
   dism /Get-Wiminfo /Wimfile:"E:\Sources\install.wim"
3. Select an index number that corresponds to the edition that you wish to install. In my case, I chose Index 3.
4. Run the following command to apply the installation image in the appropriate index to the VHD that is currently mounted as V:\:
   imagex /apply "E:\Sources\install.wim" 3 v:

Update the Boot Configuration Data

We'll use BCDEdit /copy to use the current boot configuration entry as the starting point for our new entry.

1. Run the following command from your Elevated Command Prompt:
   bcdedit /copy {current} /d "Windows 2008 R2 VHD Boot"
2. Copy the newly-created GUID to the clipboard.
3. Run the following commands (using the new GUID) to instruct the Boot Manager where to look for the VHD:
   bcdedit /set {enter-new-GUID-here} device vhd="[locate]\VHD\Windows2008R2.vhd”
   bcdedit /set {enter-new-GUID-here} osdevice vhd="[locate]\VHD\Windows2008R2.vhd”
4. Run the following command to force hardware detection during the initial boot:
   bcdedit /set {enter-new-GUID-here} detecthal yes
5. Close the elevated command prompt.

Detach VHD

1. In Disk Management, right-click the disk that is the mounted VHD, and then click Detach VHD.
2. On the Detach Virtual Hard Disk page, ensure that the Delete the virtual hard disk file after removing the disk check box is NOT selected, and then click OK.
3. Close the Computer Management console.

Handy Office 365 PowerShell Cmdlets

Here are some handy Cmdlets that you may find useful when managing Office 365.

Microsoft Online Services

- Connect to the Microsoft Online Services interface for account management tasks.
import-module MSOnline
$cred = Get-Credential
Connect-MSOLService

- Connect to the Microsoft Exchange Online interface for Exchange-related tasks.
$cred = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell -Credential $cred -Authentication Basic -AllowRedirection
Import-PSSession $Session

- Set Office 365 passwords for all accounts to P@ssword1 and clear Change Password Flag
get-msoluser set-msoluser -NewPassword P@ssword1 -ForceChangePassword $False

- Set Office 365 passwords for all accounts to never expire
get-msoluser set-msoluser -PasswordNeverExpires $True

Copy Cisco Disk Image via FTP

Tonight, I found myself having to copy the AnyConnect binaries from one ASA 5505 to another without a device on-LAN to TFTP to. I did, however, have a public FTP server that could use to move the data around.

This feature seems to be relatively un-discussed, so here is the syntax.

ASA/Router Binary: my-win-package-k9.pkg
FTP Server: ftp.myserver.com
FTP Server User Name: aarong
FTP Server Password: password1

copy disk0:my-win-package-k9.pkg ftp://aarong:password1@ftp.myserver.com/my-win-package-k9.pkg

Yes, it's really that simple. Would have been nice if someone told me.

Set "Password Never Expires" for Microsoft BPOS Standard Accounts

Cries of joy are ringing throughout the Microsoft BPOS Partner community--the ability to set "Password Never Expires" for BPOS Standard Accounts has *finally* been released. Previously available only for BPOS-D customers, Microsoft has ported the command to the newest update of the Microsft Online Services Migration Tools (available for x86 here and x64 here).

So, once you've downloaded and installed the updated tools, how do you avail yourself of this helpful feature?

Set "Password Never Expires" for All Enabled Users
1. Open Migration Command Shell.
2. Copy/paste the following commands:

$cred = Get-Credential
Get-MSOnlineUser -enabled -Credential $cred | Set-MSOnlineUserPasswordNeverExpire -Credential $cred -PasswordNeverExpire $true

Drop in your BPOS administrative credentials (in the form of user@domain.com and password) in the pop-up dialog box when prompted.

Windows XP Automatic Updates service is missing

Recently, there have been a rash of "fake antivirus" viruses and trojans floating around the internet. Two of the more frustrating issues:

- Why are all my icons hidden?
- Where the heck did my Automatic Updates service go?
- Why am I getting Windows Update Error 0x80072EFE?

The icons hidden one is fairly benign and relatively easy to resolve:
1. Open Windows Explorer.
2. Select Tools > Folder Options.
3. Select the View tab.
4. Select the Show hidden files and folders radio button and click OK.
5. From Windows Explorer, navigate to C:\.
6. Right-click on the folder "Documents and Settings" and click Properties.
7. Clear the "Hidden" checkbox.
8. When prompted, choose to apply to all subfolders and files.

As far as the Automatic Updates issue goes, it's a little trickier. These particular strains of malware do everything from unregister DLLs to removing the Windows Update service altogether. Most of the time, the solution involves one or more of the following tasks:
- Re-registering the WUAU DLLs
- Re-registering Internet Explorer DLLs
- Deleting the cached update downloads
- Resetting the cryptographic service database

Copy/paste the following script into Notepad and save it as a .bat file:

net stop wuauserv /y
net stop bits /y
net stop cryptsvc /y
ren %systemroot%\system32\catroot2 catroot2_old
rd /s /q %systemroot%\SoftwareDistribution
regsvr32 /s actxprxy.dll
regsvr32 /s atl.dll
regsvr32 /s browseui.dll
regsvr32 /s cdm.dll
regsvr32 /s cryptdlg.dll
regsvr32 /s dssenh.dll
regsvr32 /s gpkcsp.dll
regsvr32 /s initpki.dll
regsvr32 /s iuengine.dll
regsvr32 /s mshtml.dll
regsvr32 /s msxml.dll
regsvr32 /s msxml2.dll
regsvr32 /s msxml2r.dll
regsvr32 /s msxml3.dll
regsvr32 /s msxml3r.dll
regsvr32 /s msxmlr.dll
regsvr32 /s oleaut32.dll
regsvr32 /s qmgr.dll
regsvr32 /s rsaenh.dll
regsvr32 /s sccbase.dll
regsvr32 /s shdocvw.dll
regsvr32 /s slbcsp.dll
regsvr32 /s softpub.dll
regsvr32 /s urlmon.dll
regsvr32 /s wintrust.dll
regsvr32 /s wuapi.dll
regsvr32 /s wuaueng.dll
regsvr32 /s wuaueng1.dll
regsvr32 /s wuauserv.dll
regsvr32 /s wucltui.dll
regsvr32 /s wups.dll
regsvr32 /s wups2.dll
regsvr32 /s wuweb.dll
net start cryptsvc
net start bits
net start wuauserv

Run. The "Automatic Updates" service should now be visible in the Services applet.

Internet Explorer 8 and the continuous "Manage Add-Ons" Prompt

While trying to deploy the Microsoft Online Services Single Sign-On Tool for a customer migrating to BPOS, I found myself sitting at a customer's computer banging my head against the wall. When I'd launch the tool and sign in as the user, I kept on getting the "Unable to prepare certificate" error.

The MSOL tool is dependent on a number of things:
- .NET Framework 2.0 or later
- Correct time (within 5 minute skew of the MSOL servers)
- Internet Explorer as your default browser

I was OK on the firsts two items, but I had noticed that my customer had installed both Firefox and Chrome. No big deal, right? I launch IE and set it as the default browser and attempt to reconfigure the sign-on tool (to no avail).

I proceed to follow the traditional troubleshooting steps:
- Uninstall/reinstall Online Services Single Sign-On Tool
- Uninstall/reinstall .NET Framework from 4.0 down to 2.0 and back again
- Reset IE to default settings.

Neither of these fixed my problem.

I launched IE and was faced with what I thought was an annoyance--the "Manage Add-Ons" window kept popping up with my default search providers. I'd set it, close IE, restart, and get the dialog box again.

I thought, "Now I'm getting somewhere." I thought maybe there was a piece of malware affecting the customer's system, so I downloaded one of my favorite programs, ran a scan, and didn't find anything.

In the end, I stumbled upon a tip from another hapless soul facing my same problem:

1. Make sure all IE windows are closed. To be sure, you can open a command prompt and run taskkill /im iexplore.exe /f .
2. Open Regedit.
3. Navigate to HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders.
4. Right-click, point to New > Expandable String Value.
5. Type AppData and press ENTER.
6. Double-click the new AppData value and enter %userprofile%\Application Data and click OK.
7. Try launching IE again.

Exchange 2010 Messages Stuck in Retry status in "MapiDeliveryQueue"

In case your Exchange admin life wasn't difficult enough, you can always have this problem, manifested with the following symptoms:

- Mail delivery hung
- Messages stuck in local delivery "MapiDeliveryQueue" with a status of "Retry"

Classic tactics such as restarting the server or right-clicking the queue and selecting "Retry" have no effect.

The key here is that Exchange 2007 and later treat these messages differently than standard SMTP queues. In order to process these messages, they need to be re-submitted using the following Exchange cmdlet:

Retry-Queue -Filter {Status -eq "Retry"} -Server "exchangeserver" -resubmit $true

The default re-submit queue time is 12 hours. To modify this:

1. Using Notepad, edit the file: C:\Program Files\Microsoft\Exchange Server\V14\Bin\EdgeTransport.exe.config.
2. Modify the following line in the section:

<add key="MaxIdleTimeBeforeResubmit" value="<hh:mm:ss>"/>

3. Save the file.
4. Open up the Exchange Command shell and run restart-service *rt

IIS 6.0 404 Error for a file you *know* is there

This morning I was doing some maintenance on a customer's machine and needed to reinstall the application. The customer site is closed, but the work still needs to be done. I had a copy of the ISO media available on a server in our office, so the solution seemed obvious: drop it on a web server and pull it down from the client's machine.

So, I created a directory on one of our web servers, placed the ISO file there, and turned on "Directory Browsing" for that directory. I then logged into my customer's machine and navigated to the site and found the file. I right-clicked on the file, hit "Save Target As..." and ....

Internet Explorer cannot download myfile.iso from my.webserver.com.
Internet Explorer was not able to open this Internet site. The requested site is either unavailable or cannot be found. Please try again later.

I went back to the site and this time, just clicked on the file name, and was greeted with the generic 404 message.

Fortunately, the solution is very simple and only takes a few seconds.

1. Open up IIS Manager.
2. Navigate to the web site (if you don't want to change the setting for the entire web server, you can just navigate to the directory path off the web site).
3. Right-click > Properties on the website (or directory).
4. Select the "HTTP Headers" tab.
5. Select the "MIME Types" button.
6. Click the "New" button.
7. Add the extension type (in my case, ISO).
8. Add the MIME type (in my case, application/octet-stream).
9. Click OK three times.

Try to re-download the file in your browser.

The reason for this behavior is described in detail in the IIS 6.0 documentation here.

How to fix a bad/corrupt/hidden source in Cydia

I was adding a new Cydia repository the other day to my iPhone and apparently mistyped something. I deleted it from the GUI, but every time I went to search Cydia for an application or manage my source list, I received an error that the repository was unavailable and then received the following error:

Sub-process bzip2 returned an error code (2)

Fortunately, there's a way to fix it. You'll need a few pieces of software:

• OpenSSH installed on your iDevice
• WinSCP (free Windows Secure Copy client; available at http://sourceforge.net/projects/winscp)
• plist Editor for Windows (Mac OS Property List editor; http://www.ipodrobot.com/blog/2009/02/free-plist-editor-for-windows-10-released.htm)
  

1. Make sure you have SSH access to your iDevice When you installed Cydia, you had the option for which tool sets you wanted. If you didnt' select a tool set that includes command-line tools, you'll need to install those first (OpenSSH is the main piece that's required). If SSH isn't working, you'll need to reinstall it and then respring your device.
2. Test your SSH login credentials by using an SSH client such as putty connecting to your device's WiFi address and logging in as 'root.' If you have not changed the root password, the default is 'alpine.'
3. Using a secure copy client (such as WinSCP), connect to your iDevice and navigate to /private/etc/apt/source.list.d.
4. Right-click > Edit the cydia.list file, remove the offending line, and click Save. Close the WinSCP editor.
5. Navigate to /private/var/lib/cydia.
6. Copy the metadata.plist file to your computer.
7. Using plist editor, open the metadata.plist on your computer.
8. Search for the repository you need to remove. The line will look something like deb:http://repositoryname/:./
9. Select and delete down to the next key tag. Your selection should start with an open key tag and end with a close dict tag and should contain approximately 9 lines of data.
10. Copy it back to /private/var/lib/cydia and overwrite the existing file.
11. Navigate to /private/var/lib/apt/lists and delete the files starting with the name of the source you wish to remove.
12. Navigate to /private/var/lib/apt/list/partial and do the same.
13. Close WinSCP and respring your iDevice.

Bulk add host headers to IIS site

Kind of in line with my previous post of bulk adding DNS zones and configuring secondaries is the need to bind multiple new host headers to a customer's site. Doing it from the IIS Manager is tedious, to say the least.

Fortunately, there is a way to bulk do this as well. This method is a little clunky, but still way better than doing it all manually.

1. From IIS Manager, locate the identifier for your website (if it's not the default site).
2. Open a command prompt and navigate to (default) \Inetpub\Adminscripts.
3. Run the following command:

cscript adsutil.vbs get w3svc/{site identifier}/serverbindings

The reason this has to be done is the adsutil.vbs set command will overwrite this settings (not add to them), so if you just plug in your new host headers, you'll lose all of your old ones!

You should get an output that looks similar to this:

":80:www.oldhostheader1.com"
":80:www.oldhostheader2.com"

4. Copy/paste the output into a notepad window. Delete the white spaces until it's all one continuous line.
5. Using the same format, add your new host headers to this list so that it looks like this:

":80:www.oldhostheader1.com" ":80:www.oldhostheader2.com" ":80:www.newhostheader1.com" ":80:www.newhostheader2.com"

6. At the beginning of the line, prepend cscript adsutil.vbs set w3svc/{siteidentifier}/server bindings, and save it as a .bat file.
7. Run.