Tuesday, December 22, 2009

Microsoft and EC Reach Settlement

In Geek news last week, Microsoft reached an agreement with the EC for their antitrust case (yes, THAT antitrust case). Microsoft has agreed to give users the option of choosing from 12 web browsers upon the installation of Windows versions shipped to the EU.

Now, no matter how you feel about about Microsoft (love 'em, hate 'em, indifferent), I think this settlement has a much farther-reaching effect than many people care to consider.

For those of you who haven't been paying attention to this, the case stems back to the 90s, when Microsoft's Internet Explorer browser dominated the marketplace. It was argued that some of Microsoft's business tactics were anti-competitive (such as its agreements with OEMs), and the result was driving competitors like Netscape out of business. Lawsuits were filed, and Microsoft defended its position stating that Internet Explorer was an integral and inseparable part of Windows. It lost that argument, and now, for its punishment, must give consumers the opportunity to shop around for other browsers.

The plaintiffs contend that if given a choice, people will choose browsers other than Internet Explorer. Microsoft, of course, asserts that if people really wanted something different, they'd go get it.

Again, no matter how you feel about Microsoft, one has to really consider the implications of this agreement.

Showing (what I would consider to be) an utter lack of misunderstanding of the marketplace, EU Competition Commissioner Neelie Kroes said, "Millions of European consumers will benefit from this decision by having a free choice about which web browser they use."

She went on to say, according to The Register, "Microsoft’s biz strategy of tying its IE browser to the firm’s Windows OS was akin to a supermarket only offering one brand of shampoo on the shelf, with all other choices tucked away out of sight. “What we are saying today is that all the brands should be on the shelf.”"

Her analogy is very poor, not taking into consideration that the supermarket in her example might have a marketing deal with a particular shampoo company or have a family feud going between the maker of another brand of shampoo.

And, if you just go to the gas station on the corner, they might only stock one or two shampoos, unlike one of the megaliths (Wal-Mart, Target, etc.) that will stock dozens. Her idea of competition is more like forcing a particular chain of supermarkets to carry a set variety of product lines.

With the forthcoming release of a Google-branded netbook running Chrome OS (which, is essential, a browser on hardware), one has to wonder if lawsuits are going to pop up against Google to allow other browsers to be run? Google may very well try the "our hardware and software are inextricably linked" argument, if such a suit were to be filed.

If such a suit were to be filed (and Google were to lose with such an argument), that opens yet another Pandora's box:

Can anyone sue any vendor to be able to run any application they choose on the vendor's platform? Could I sue Sony to let me run the Nintendo OS on a PS3? Now that Apple is selling x86-based hardware, should I be able to sue so that I can get Windows factory-loaded on a MacBook Pro?

Even one step further, would it open the door for any competitor of any type of product to sue for compatibility and integration, predicated on the assumption that customers want a choice. For example, if ABC auto OEM sells 123 accessory, and XYZ auto OEM sells 789 accessory that performs a similar function--could XYZ sue ABC to make their interface compatible so that customers could choose to run XYZ's 789 accessories in ABC's autos?

Conversely, if Google were to win such a suit with the "our hardware is made to run only our software" argument, the opposite question is valid:

Could Microsoft (or any other vendor) start branding computers and sell Microsoft-branded laptops with Windows and Internet Explorer only and bypass the EC's judgment?

One could argue that if a consumer goes to a Microsoft brick-and-mortar store and buys a Microsoft-branded computer, that they are overtly choosing the Microsoft platform.

It may sound ridiculous, but if you really look at the arguments that have been played over the last decade, I don't think those types of questions are outside the realm of legal possibility. And, seeing as how we are quite a litigious race, I could imagine such lawsuits being on the horizon.

Saturday, November 21, 2009

Raspberry Lemon Drop

Last night, I was kicking around ideas for a new drink. I really enjoy Lemon Drops, and I really enjoy raspberry lemonade, so I thought it might be good to mix the flavors.

This is what I came up with.

Raspberry Lemon Drop
3/4 oz Absolut Citron Vodka
3/4 oz Effen Raspberry Vodka
3/4 oz Simple Syrup
1/2 oz Cointreau Orange Liqueur
1 lemon

Combine all ingredients in a stainless cocktail shaker with ice. Shake vigorously until shaker is frosty. Strain into martini glass.

Tuesday, October 20, 2009

Troubleshooting 0xc0190036 Errors on Windows Vista / Windows 2008

This morning, I found myself in the unfortunate circumstance of the dreaded 0xc0190036 error. There is not a lot of information about this particular error code. It is, in fact, related to inaccessible or corrupt files.

During an update process, many files are flagged for replacement during the next system boot--that way, the system can keep running until the next convenient restart. In this case, however, some of the files are corrupt for whatever reason (bad blocks on hard drive, bad memory causing CRC errors, lots of potential sources). The solution is relatively easy once you know what the problem is.

To repair this problem, you will need:

- Windows Vista or 2008 Boot Media
- USB thumb drive containing
-- disk controller drivers not included on Windows Media
-- replacement for corrupt file
- ImageX (or another way to read the Windows install.wim from either the original media or service pack installation)

ImageX is part of the Windows Automated Installation Kit (WAIK). It's a 1GB download; a few folks have been kind enough to extract the necessary bits and host them. If you are unable to find them, leave a comment and I'll send them to you.

The file listed in the 0xc0190036 error is most likely the corrupt file. The first step is to extract the replacement files using ImageX. In this case, I'm going to be using the Windows 2008 SP2 installation media since it contains the updated file that I need (hvboot.sys).

1. After extracting the ImageX support files, right-click wimfltr.inf and select "Install." This will install the WIM Filter Driver (required to mount WIM files).
2. Create a temporary directory to which the WIM file will be mounted (such as C:\Mounted_Images).
3. Run the command imagex /mount e:\sources\install.wim 1 C:\Mounted_Images to mount image 1 inside the install.wim file to C:\Mounted_Images.
4. Copy the necessary file (in my case, C:\Mounted_Images\Windows\winsxs\amd64_microsoft-hyper-v-drivers_31bf3856ad364e35_6.0.6002.18005_none_c73bce55acf5cb5f\hvboot.sys) to a USB thumb drive.

Next, you'll need to make sure you have the appropriate RAID drivers for your system if they are not included on the Windows media. If you presented driver media during the original Windows installation, you can use that media.

Finally, the repair:

1. Boot to the Windows Vista or 2008 installation media.
2. Attach your USB thumb drive containing the replacement for the corrupt file as well as controller drivers.
3. Select "Repair My Computer."
4. Select "Load drivers" and browse to the drive containing your controller driver (in my case, the USB drive was mounted as C:\).
5. Select the driver from the list presented and click "Add driver."
6. Click Next to go to the repair menu.
7. Select "Command Prompt" to launch a command prompt session.
8. Run chkdsk /F on your system volume (in my case, the system volume had been mounted as E:\, so I ran chkdsk /f e:\).
9. When prompted, dismount the volume so Chkdsk can have exclusive access to it.
10. When Chkdsk is complete, copy the replacement file from your USB thumb drive to the appropriate location on your system drive (since the system volume had been mounted as E:\, I needed to copy hvboot.sys to E:\Windows\system32\drivers).
11. Restart.

If you encounter more c0190036 errors, you can repeat the process for each damaged file.

Tuesday, September 29, 2009

The Lemon Drop

Any bartender can combine cheap ingredients and pre-made mixes. But if you want to make incredible drinks people really enjoy, you need to start with good quality ingredients.

A little high school chemistry never hurt, either.

The Lemon Drop is a drink that is routinely desecrated with bottom-shelf vodka and sour mix. If you've spent any time on my drinks blog posts, you'll find that I favor drinkability and flavor over just about everything else.

This is no different.

Lemon Drop
1 1/2 oz Belvedere Vodka
3/4 oz Caravella Limoncello
2 oz Absolut Citron Vodka
1/4 oz Caravella Limoncello

3/4 oz simple syrup
1/2 oz Cointreau Orange Liqueur
1 fresh-squeezed lemon

Rim either an old-fashioned or martini glass with the squeezed lemon and dip in sugar. Combine the spirits and fresh-squeezed lemon in a metal shaker full of ice. Shake until the canister is frosty and strain into the glass. Garnish with a lemon wedge.

If the drink is too strong, you can add a splash of club soda without affecting the flavor.

Thursday, September 24, 2009

An Old Fashioned Drink for the Modern Man

If you're looking for a drink that hearkens back to simpler times or a crisp drink that none of your neighors are drinking, look no further than the Old Fashioned. Concocted as early as 1806 (according to some), this blend of whisky or bourbon tempered by a little sugar and bitters hits the spot every time.

Old Fashioned
1 tsp or so of simple syrup (or about 1/2 tsp of loose sugar)
Splash of club soda or water
2 or 3 dashes of Angostura bitters
1 1/2 oz of whisky or bourbon (I prefer Maker's Mark)

Comine the syrup, club soda (or not, if you're a purist), and bitters in a glass with an ice cube. If using loose sugar, make sure it's fully dissolved. Swirl around until the inside of the glass is coated. Add the whisky or bouron. Serve with a cherry or two and an orange slice.

Setting up a Receive Connect for Postini Re-Injection

For any of you that use Postini for email services, setting up reinjection for the receive connectors in Exchange 2007 is a lot more work than allowing connection and relay through a vSMTP server in Exchange 2003.

Exchange 2007 has a lot of great features, such as the uber-powerful Exchange Management Shell. IMHO, Exchange 2007 also has a lot of drawbacks, such as a half-assed GUI. You can only achieve the most basic things through the GUI; anything that requires thought or a little more configuration is done through the cumbersome Exchange Management Shell interface.

To achieve the previously simple task of allowing relay through a vSMTP server, you can go one of two routes. I'm going to document the route that grants least privilege. The MSExchangeTeam blog as well as Technet both have variations on this as well as the Pro's and Con's of using it.

Allow Anonymous Relay
1. Open the Exchange Management Console.
2. Expand Server Configuration > Hub Transport.
3. Select the server in the top pane, and then click New Receive Connector... in the right pane.
4. Enter a name for the connector, such as "Postini Receive Connector," select "Custom" as the intended use for the connector, and click Next.

5. Select the "All availble IPv4 addresses" entry and click the Edit... button.

6. Select the "Specify an IP address:" radio button, enter the IP address of the interface that will be communicating with Postini, and click OK.

7. Enter the Fully-Qualified Domain Name the connector use to respond to connection attempts (most likely something like mail.mydomain.com) and click Next.

8. Click the enter and click Edit....

9. Enter the appropriate address range for the Postini system you use. Systems 5, 6, 7, 8, and 20 are (; System 9 is (; Systems 20, 200, and 201 are ( and click OK.

10. Click Next.
11. Click New.

12. Right-click on the new connector, select Properties, select the Authenticaion tab and Ensure "Transport Layer Security" and "Basic Authentication" are selected.
14. Click the Permissions Groups tab and ensure Anonymous Users is selected.
15. Click OK.

So that gets you about half-way there. To finish it up, open the EMS and Copy/Paste the following cmdlet in:

Get-ReceiveConnector "Postini Receive Connector" | Add-ADPermission -User "NT AUTHORITY\ANONYMOUS LOGON" -ExtendedRights "Ms-Exch-SMTP-Accept-Any-Recipient"

Replace "Postini Receive Connector" with the name of the connector you created in Step 4 above.

If you want to use the EMS to create and set the permissions on the new connector, you can use these cmdlets:

New-ReceiveConnector -Name "Postini Receive Connector" -AuthMechanism "Tls,BasicAuth" -Usage Custom -PermissionGroups AnonymousUsers -Bindings -RemoteIpRanges

Get-ReceiveConnector "Postini Receive Connector" | Add-ADPermission -User "NT AUTHORITY\ANONYMOUS LOGON" -ExtendedRights "Ms-Exch-SMTP-Accept-Any-Recipient"

Replace the values for -Name, -Bindings, and -RemoteIPRanges as necessary.

For more information on these types of connectors:
MSExchange Team Blog
Microsoft Technet

Thursday, September 3, 2009

Using LDIFDE and CSVDE to find computers in Active Directory

LDIFDE is an oldie-but-goodie tool for finding specific information in Active Directory. If you know the name of the attribute that contains the data you're looking for, you can construct a pretty powerful query.

For example, you can search for all computers in the Active Directory domain mydomain.com:

ldifde -f output.txt -r "(objectClass=computer)" -d "dc=mydomain,dc=com"

You can filter it down to all workstation-class computers (running Windows XP), as well:

ldifde -f output.txt -r "(&(objectClass=computer)(operatingSystem=Windows XP))" -d dc=mydomain,dc=com

Or even all workstations running Windows XP and Vista:

ldifde -f output.txt -r "(&(objectClass=computer)((operatingSystem=Windows XP)(operatingSystem=Windows Vista)))" -d dc=mydomain,dc=com

And workstations running Windows 2000, XP, and Vista:

ldifde -f output.txt -r "(&(objectClass=computer)(((operatingSystem=Windows XP*)(operatingSystem=Windows 2000 Pro*)(operatingSystem=Windows Vista))))" -l "cn,operatingSystem" -d dc=mydomain,dc=com

"But Aaron," you ask, "LDIFDE returns a lot of fields I don't need. How can I control the output?" Glad you asked.

You can use the -l switch to do just that:

ldifde -f output.txt -r "(&(objectClass=computer)(operatingSystem=Windows Server*))" -d dc=mydomain,dc=com -l "cn,operatingSystem"

Will return an output like this:

dn: CN=SERVERA,OU=Servers,DC=mydomain,DC=com
changetype: add
operatingSystem: Windows Server 2003

You can swap out LDIFDE for the tool CSVDE to generate the output in a CSV format.

Friday, July 31, 2009

How to Schedule Recycling an IIS Application Pool

We have a customer with an IIS 6.0 application that crashes randomly--either the Application Pool worker process runs the server out of memory or hangs.

If you have a need to recycle the Application Pool between scheduled maintenance intervals, there are a couple of available solutions.

Windows 2003 (IIS 6)

This script is part of the Windows 2003 Platform. Windows 2003 SP1 introduced the ability to recycle application pools. The syntax is pretty easy:

IISApp /a /r

Save this into a batch file and drop it into the task scheduler.

Application Pool Recycling through IISAdmin
1. On the taskbar, click Start, point to Administrative Tools, and then click Internet Information Services (IIS) Manager.
2. Expand the server name, and then click Application Pools.
3. Right-click > Properties on the Application Pool you wish to recycle.

4. Set the appropriate properties for recycling.

5. For example, to recycle the worker processes at 6AM, select the "Recycle worker processes at the following times" checkbox and enter the appropriate time (24-hour format).

6. Click OK.

Windows 2008 (IIS 7)

1. On the taskbar, click Start, point to Administrative Tools, and then click Internet Information Services (IIS) Manager.
2. In the Connections pane, expand the server name, and then click Application Pools.
3. In the Application Poolspane, select the application pool you wish to edit.
4. In the Actions pane, click Recycling...

5. On the Recycling Conditions page of the Edit Application Pool Recycling Settings Wizard, select at least one of the options in the Fixed Intervals section, select the checkboxes and enter values for "Regular time intervals" or "Specific Times" as necessary, and then click Next.
6. Click Finish.

Thursday, July 30, 2009

Obama Drinks to Race Relations

Sometimes a man just can't catch a break.

The blogosphere buzz from the Right is downright crazed about how Obama sat down to share beers with William Gates and the police officer who arrested him. Reading the tweets and Facebook replies to a recent NRP segment with Ken Rudin shows how so many people missed the boat:

Dear Mr. President: Stop wasting your time and acting "stupidly" in things that you should NOT be involved, stop giving your opinion for the actions of a "cranky old friend with a minority complex", and stop solving your verbal diarrhea with beer happy hours at the expense of Tax Payers. ...Ah, and stop walking like John Travolta in Saturday Night Fever ..."Not Cool"...

Oh yeah... drinking beer is the answer to all our problems today... why don't we smoke a joint while we are at it... or now how did Bob Dylan put it... Tellin' me he loves all kinds-a people. He's eatin' bagels. He's eatin' pizza. He's eatin' chitlins.

I think everyone should take a step back and think about how you would resolve a situation involving inflammatory remarks and strong disagreements. Maybe duke it out in the parking lot? That doesn't seem very productive.

I think I have to vote with the President on this one. Go grab a couple of beers and sit around and talk about what happened. That one-on-one personal communication works in any number of situations. I think the world would be a lot better off if we followed Obama's lead and talked out our problems instead of gossiping or backstabbing or lashing out in some other way.

One of the most powerful properties of social drinking is the socialization aspect. Alcohol tends to remove the inhibitions we have in our normal lives, which if not controlled, can have disastrous consequences. But, it can also be an excellent catalyst for very frank discussions.

To put the Biblical spin on it, Jesus presents it this way in Matthew 18:15-17:

Moreover if thy brother shall trespass against thee, go and tell him his fault between thee and him alone: if he shall hear thee, thou hast gained thy brother. But if he will not hear thee, then take with thee one or two more, that in the mouth of two or three witnesses every word may be established. And if he shall neglect to hear them, tell it unto the church: but if he neglect to hear the church, let him be unto thee as a heathen man and a publican.

The admonition is clear--get the parties in a room and talk about it. If everyone makes up, then you've gained an ally. If you can't come to an agreement, get another trusted person involved.

For all of you asking WWJD, I think Obama is on-track here.

I would challenge anyone this:

The next time you have a serious disagreement with someone at work, be the bigger person. Invite them out for a few drinks, talk about what's bothering you, explain how you feel. And then pay for the drinks. See how much that changes your relationship with that person, and consequently, your standing in the office. You have nothing to lose and everything to gain.

Bottoms up to that.

Sunday, July 19, 2009

My Favorite Whisky Sour

Sometimes, you just need a good whisky. Or whiskey. Take your pick. And sometimes, you need a good whisky sour.

Whisky Sour
2 oz Maker's Mark Bourbon
1 oz fresh squeezed lemon
1 oz water
Splash of Southern Comfort 100
1 tsp sugar

Combine in a shaker with ice. Shake vigorously for about 15 seconds and strain into a double old-fashioned filled with ice. Good to the last drop.

Friday, July 3, 2009

Longhorn Steak House "Perfect Margarita"

The Longhorn Steak House in Sterling, Virginia makes a great margarita. So great, in fact, that I decided to try to make it myself. No mixes here--only the real deal.

Longhorn Steak House Perfect Margarita
1 1/2 oz 1800 Reposado Tequila
1/2 oz Cointreau orange liqueur
1/2 oz Grand Marnier orange liqueur
1/2 oz pulp-free orange juice
2 1/2 oz fresh-squeezed lime juice
1/2 oz fresh-squeezed lemon juice
1 oz water
2 tsp sugar

Combine all ingredients in a shaker with cracked ice. Shake vigorously for 10-15 seconds and strain into salt-rimmed glasses.


Sunday, June 21, 2009

Best Damn White Russian. Ever.

A few months ago, I posted this most excellent recipe for a White Russian.

This one is even better.

The Dude would be proud.

Best Damn White Russian
2 oz Kahlua Coffee Liqueur
1 oz Stoli Vanil (vanilla Vodka)
2 oz Bailey's Irish Cream
1 oz milk or cream

Add all ingredients to a double-old fashioned glass with ice. Stir gently and enjoy.

Vida la Cuba Libre!

At the beginning of this fine Father's Day weekend, I was trying to think of a new drink to make. I stumbled upon this gem--the Cuba Libre. I made it a couple of different ways; each one brings its own pleasure.

Cuba Libre
1 1/2 oz white rum, such as Bacardi Superior
1 lime

Fill a collins or highball glass with ice cubes and squeeze in the juice of one lime. Add rum, and top off with the Coca-cola. Stir gently.

If you're more of a Captain and Coke kind of guy (or girl), you can also try adding a lime to it. It enhances the flavor in an interesting way and makes for a new twist on an old standard.

Friday, June 19, 2009

Exchange Delegates

I recently found myself in a spot where I needed to troubleshoot a delegate issue--a user was set as a delegate but no longer was with the company and didn't have a mailbox anymore, so periodic NDRs were being generated for mail destined for the delegate.

To discover all of the mailbox for which this person had been a delegate, I ran the command (on a domain controller or machine that had ldifde.exe):

ldifde -f delegates.txt -d "dc=domain,dc=com" -r "(publicDelegatesBL=CN=First Last,OU=AppropriateOU,dc=domain,dc=com)" -l name,publicDelegatesBL

Active Directory holds delegate information in two attributes--publicDelegates (listing which users are delegates of "n" mailbox) and publicDelegatesBL (listing which users "n" mailbox is a delegate of).

To find out all of the the mailbox of Aaron Guilmette in OU=Home,DC=aaronguilmette,DC=com:

ldifde -f delegates.txt -d "dc=domain,dc=com" -r "(publicDelegates=CN=Aaron Guilmette,OU=Home,DC=aaronguilmette,DC=com)" -l name,publicDelegates

To find out all of the mailboxes for which Aaron Guilmette in OU=Home,DC=aaronguilmette,DC=com is a delegate:

ldifde -f delegates.txt -d "dc=domain,dc=com" -r "(publicDelegatesBL=CN=Aaron Guilmette,OU=Home,DC=aaronguilmette,DC=com)" -l name,publicDelegatesBL

To find out all of the delegate relationships for a domain:

ldifde -f delegates.txt -d "dc=domain,dc=com" -r "((publicDelegates=*)(publicDelegatesBL=*))" -l name,publicDelegates,publicDelegatesBL

Hope this is helpful to some of you.

Wednesday, May 20, 2009

Fuzzy Navels for All

Here's a drink that's a crowd pleaser at just about any get-together. In fact, here's the same drink three different ways.

Fuzzy Navel - Original Recipe
1 1/2 oz DeKuyper Peach Tree Schnapps
Pulp-free orange juice

Add ice to a collins or highball glass. Pour in peach schnapps. Top off with orange juice and stir.

Since most schnapps aren't very high proof, this drink isn't very strong. It does have a good flavor, though, which counts for something.

Fuzzy Navel - Bar Recipe
1 1/2 oz DeKuyper Peach Tree Schnapps
1/2 oz vodka
Pulp-free orange juice

Add ice to a collins or highball glass. Pour in peach schnapps and vodka. Top off with orange juice and stir.

This is the typical recipe that you'll get at a bar. It's got a little more kick to it, but depending on the vodka used, sometimes comes off a little sharp.

Fuzzy Navel - Top Shelf
1 1/2 oz DeKuyper Peach Tree Schnapps
1/2 oz Cointreau orange liqueur
1/2 oz vodka
Pulp-free orange juice

Add ice to a collins or highball glass. Pour in peach schnapps, Cointreau, and vodka. Top off with orange juice and stir.

This is my own recipe. It's packs even more punch, but since Cointreua is such an easy sipper, it's much more subtle. The Cointreau really blends well with the schnapps and creates a most excellent drink, in my opinion.

Mix and enjoy.

Sunday, May 17, 2009

Lemon Rickey

Out of limes tonight, I decided to start mixing something new. I at least had some other key ingredients.

Lemon Rickey
1 1/2 oz Bombay Sapphire Gin
1/2 oz Cointreau orange liqueur
Juice of 1 lemon
2 tsp sugar
club soda

Squeeze a lemon into a highball glass filled with ice. Add the sugar, gin, and Cointreau. Top off with club soda and stir.

Friday, May 8, 2009

Active Sync Error 85010014 OTA with Exchange 2003

Recently, we renumbered a client's network to reduce broadcast traffic and introduced two new redundant internet connections. Everything seemed fine in the initial testing, and we all went home.

The next day, when we were sifting through the fallout tickets, there was a recurring theme--Windows Mobile devices were no longer synchronizing. During an ActiveSync over the air, they would receive error 85010014. It's a dreaded error and is usually seen when using ActiveSync 4.1 on a desktop.

I had just set this Exchange server up a few weeks ago, and ActiveSync was previously working. It appeared to stop working after the IP address for the Exchange server changed.

The server was the only Exchange server in the environment and had an SSL cert bound to the default website for mail.[domain].com. OWA and RPC/HTTPS connections were working fine.

However, when browsing to mail.[domain].com/OMA, I received a server processing error. Once I got that response, I immediate knew where to look. I navigated to IIS Manager > Web Sites > Default Web Site > exchange-oma. What is exchange-oma you ask? If follow Microsoft KB 817379 for doing single-server deployments where you have Forms-based authentication and SSL enabled on your only Exchange server, you know what I'm talking about.

In Exchange scenarios where you have both front-end and back-end servers, this isn't typically an issue. There are a number of HTTP calls that are made to the /exchange directory on the back end server, which execute normally. However, when you only have a single server deployment and apply Forms-based authentication, the /exchange directory is protected via SSL. The work-around that KB 817379 walks you through is to create a secondary virtual directory that ActiveSync devices will use for communication that does not have Forms-based authentication.

My problem was in steps 13-14 for re-creating the virtual directory under Method 2 of KB 817379. You are supposed to add an IP Address restriction for the newly created virtual directory for ActiveSync/OMA users so that all except the IP address of the server you're configuring can connect.

Once I had updated that IP address entry to reflect my server's new address. the errors went away.

Tuesday, May 5, 2009

Cinco de Mayo Drinks

Ahh! Summer is upon us. Today we celebrate Cinco de Mayo, the day set aside to commemorate General Ignacio Seguin's victory over the French at the Battle of Puebla. As to how this translates to fajitas, tequila, and piñatas, I'm not quite sure.

But, who am I to argue with tradición?

Here are a few classic drinks to make your cinco sensational.

Classic Margarita
1 1/2 reposado tequila
1 oz Grand Marnier orange liqueur
3/4 oz fresh squeezed Mexican lime juice
Splash of orange juice

Shake all ingredients with ice. Strain into a salt-rimmed cocktail glass and serve with a lime wedge.

If you don't use Mexican limes, add a tsp or so of sugar.

La Paloma
1 oz blanco tequila
3/4 - 1 1/2 oz lime (depending on taste)
pinch of salt
grapefruit soda (such as Squirt)

Fill a collins or highball glass about half-way with ice cubes. Add the tequila and salt. Squeeze in the lime and then drop the rind in the glass. Top off with grapefruit soda.

Tequila Sunrise
1 1/2 oz reposado tequila
1/2 oz Rose's Grenadine
4 oz orange juice

Fill a collins or highball glass about halfway with ice and add tequila. Pour in orange juice to taste. Tip glass and pour grenadine down the inside of the glass. It should hit the bottom and begin swirling up. Garnish with a cherry and orange wheel or slice.

If anyone else has a favorite Cinco drink, feel free to share!

Friday, May 1, 2009

Summertime Drink: The La Paloma

I had the pleasure of mixing up this delightfully fresh summer drink tonight. It was kind of a dreary day, so I was trying to bring out the sun (even though it was 9:00pm). This tasty Mexican beverage is very similar to a margarita, but easier to make and more forgiving.

La Paloma (Classic)
2 oz blanco tequila
1/2 oz lime
pinch of salt
grapefruit soda (such as Squirt)

La Paloma (All-day sipper)
1 oz blanco tequila
3/4 oz lime (about 1/2 lime)
pinch of salt
grapefruit soda (such as Squirt)

Fill a collins or highball glass about half-way with ice cubes. Add the tequila and salt. Squeeze in the lime and then drop the rind in the glass. Top off with grapefruit soda.

Friday, April 17, 2009

Oatmeal Cookie

There are a lot of "food-like" drinks around right now. Chocolate Cake. Banana Creme Pie. Oatmeal Cookie. Yes, Oatmeal Cookie. All that's missing are the raisins:

Oatmeal Cookie
2 oz Bailey's Irish Cream
1 oz DeKuyper Hot Damn or Goldschlager Cinnamon Schnapps/Liqueur
1 oz DeKuyper ButterShots Liqueur

Shake all ingredients with ice and strain into glass.

Thursday, April 16, 2009

Erratic or Negative Ping Times in Hyper-V Guests

A customer approached me with a some puzzling issues. They noticed a bunch of 1053 and 1054 Userenv errors in their event logs on their virtual machines. 1053 and 1054 error messages have very similar wording:

1053 - Windows cannot determine the user or computer name. (description>). Group Policy processing aborted.
1054 - Windows cannot obtain the domain controller name for your computer network. (). Group Policy processing aborted.

Typically, these are related to DNS. In this instance, however, the customer also presented some other interesting issues--negative ping times or very high ping times (in excess of 5000ms). And, to boot, these erratic ping times were only present on virtual machines with two or more virtual processors.

So, what's the relationship?

It turns out to be a relatively simple explanation.

In order for a Group Policy client to be qualified to process GPOs, AD measures the RTT time between the client and the DC processing the logon and group policy request. If the average RTT is > 10ms for 2048 byte packets, the link is generally considered "slow" by default (another value can be configured). Under "slow" conditions, group policy will not process. I’ve seen this issue before in environments where authentication is happening over a WAN (where times are greater than 10ms) or with routers dropping or fragmenting large ICMP packets (affectionately known as “blackhole router syndrome”).

So, if a machine is reporting a 5000ms ping, it stands to reason that the OS might think that the link is indeed slow.

As previously mentioned, this problem is occurring on Windows 2003 hosts that are configured for multiple virtual processors (VPs). All operating systems use some sort of clock timing mechanism, and frequently they rely on the Time Stamp Counter (TSC), which counts CPU ticks since system start. Each processor has its own TSC, and the TSC for each processor can be different because they’re not necessarily synchronized. What this ends up meaning is that if a VM is reading the TSC from multiple VPs, the date stamps may actually go backwards or be out of order. This does not happen in a single CPU scenario (physical or virtual), since only one TSC is being used.

The three possible workarounds:
1. Upgrade to Windows 2008. Obviously, this won't work for everyone, so for those people, workarounds two or three should provide some relief.
2. Shut down the VM, change the number of CPUs to 1 in Hyper-V manager and then start the VM.
3. Add the /usepmtimer switch to the boot.ini configuration of each Windows 2003 server using multiple processors. In the physical world, this phenomenon only appears to only happen on AMD processors. The VM world is less discriminating against processor type. Windows 2003 SP2 normally is supposed to use the ACPI Power Management Timer (PM Timer), as long as the BIOS check for it succeeds. In the case of Hyper-V, the BIOS check fails, so it falls back to the TSC. Remember, modifying the boot.ini requires a reboot for the change to become effective.

The Win32 API call, QueryPerformanceCounter, uses the TSC by default. Adding the /usepmtimer boot.ini flag tells QueryPerformanceCounter to use the ACPI/PM timer.

Related information:

Wikipedia - Time Stamp Counter

A Windows Server 2003-based server may experience time-stamp counter drift if the server uses dual-core AMD Opteron processors or multiprocessor AMD Opteron processors

Programs that use the QueryPerformanceCounter function may perform poorly in Windows Server 2000, in Windows Server 2003, and in Windows XP

Explanation for the USEPMTIMER switch in the boot.ini

Windows Server Performance Team Blog : Hyper-V and Multiprocessor VMs

Negative ping times in Windows VM's - what's up?

How a slow link is detected for processing user profiles and Group Policy

How to enable user environment debug logging in retail builds of Windows

Available switch options for the Windows XP and the Windows Server 2003 Boot.ini files

Tuesday, April 14, 2009

Rebuild a Corrupt WMI Repository

From time to time, many administrators have found themselves faced with a corrupt WMI repository. Here's a quick fix. Copy/paste into a .bat file and run on the affected computer.

RD /S /Q C:\Windows\system32\wbem\Repository
%windir%\system32\rundll32 wbemupgd,UpgradeRepository
FOR %%i in (%windir%\system32\wbem\*.dll) do RegSvr32 -s %%i
FOR %%i in (%windir%\system32\wbem\*.exe) do %%i /RegServer

You'll probably get a pop-up for wbemtest when you run this script because of the FOR loop including all *.exe files. Simply click "exit" when the wbemtest application launches.

Thursday, April 9, 2009

Chocolate Martini

A great meal is in need of a great dessert drink.

This is that drink.

Chocolate Martini
2 1/2 oz Bailey's Irish Cream
1 1/2 oz Stolichnya Vanilla Vodka
1 oz Godiva Chocolate Liqueur or Crème de Cacao
Splash of milk or half and half

Rim a chilled martini glass with milk and then roll the rim in a good powdered hot chocolate. Tip the glass up and drizzle chocolate syrup on the inside. Combine all ingredients in a shaker with ice. Shake vigorously 10-12 times and strain into glass. Garnish with a shaved piece of chocolate.

Monday, March 30, 2009

New White Russian on the Block

It's been a while since I've posted a new recipe (or a twist on an old one). Out of one the normal ingredients (whole milk or cream), I substituted and came up with this delightful blend:

New White Russian
2 oz Kahlua Coffee Liqueur
1/2 oz vodka
1 oz Bailey's Irish Cream
2 oz Silk Soy Milk

Combine all ingredients in a shaker with ice. Shake a couple of times, but not too much; it's not supposed to be a frothy drink. Strain into a double old-fashioned glass with a few cracked ice cubes.

It's creamy, coffee goodness. And, with Silk, it's a little less of a calorie hit than cream or whole milk. ;-)

Because you know me. Concerned about health and all.

Friday, March 20, 2009

Using WinDbg for Quick Memory Dump Analysis

Blue screens are no fun. Trying to resolve them without the proper tools can be even less fun.

In my experience, a large percentage of blue screens are the result of some poorly-tested or incompatible third-party device drivers. For the desktop crowd, a round up of the usual suspects includes scanner, printer, and video drivers. On the server end of things, the most likely culprits are usually backup/continuous data protection filter drivers or printer drivers.

All standard troubleshooting questions apply in either case:
- Has any new hardware been installed?
- Has any software recently been installed (either new applications or patches)?
- Have any existing device drivers been updated?
- Can you reproduce the conditions that cause the blue screen (for example, under heavy load conditions or during a backup window)

Take this case. I recently received a dump file from a server that had crashed and recovered overnight. To analyze the dump file, head on over to the microsoft.com site and get the appropriate debugging tools for your platform (x86 or x64/ia64).

In my case, I needed the 32-bit debug package. I downloaded and installed it, and then ran C:\Program Files\Debugging Tools for Windows (x86)\windbg.exe.

Before we can make any progress, we should grab the Windows symbols, which will allow the debugger to go through the crash dump and identify components.

Make a directory on your local computer, such as C:\Symbols. From inside WinDbg, go to File > Symbol File Path.

In the dialog box, type in


and click OK. This will instruct WinDbg to contact the Microsoft symbols server and download the parts that you need and store them in C:\symbols.

Now that the symbols are configured, click File > Open Crash Dump.

Browse to your memory dump file, and select it. WinDbg will process it, and should return something like this:

At this stage, WinDbg has identified vsp.sys as a likely source of the problem. Type !analyze -v in the text box at the bottom and hit enter.

WinDbg will process a bit more and return some (hopefully) useful information.

The key area to look at is the "DEFAULT_BUCKET_ID," which, in this case, says "DRIVER_FAULT_SERVER_MINIDUMP." Browsing through the dump file, you can see that the system ran out of PTEs and subsequently crashed.

Having worked with NetBackup for a number of years, I recognized vsp.sys immediately as part of NetBackup. However, if you want to try to figure out more from the dump file, typing the command lmv will list the loaded modules. After it's done listing the images, press Control-F to and enter the driver that was listed as faulting.

Unfortunately, the dump file didn't have the full path to the loaded driver, so we've hit a little bit of a wall.

In this instance, the faulty driver (vsp.sys) is part of the Advanced Open File option for the Veritas NetBackup client. We upgraded the NetBackup agent to the latest version and all is well again.

Good luck!

Sunday, March 15, 2009

Windows 2008 Server Backup

This is not your father's backup. This is not your backup. Frankly, this should be nobody's backup.

Recently, I found my self in need of having to make a quick snapshot of a physical server's configuration before making some complex configuration changes.

So, I hit the Windows Key + R, and typed the tried-and-true ntbackup. No dice. What? Where did this go?!

It's not there anymore. Instead, we now have "Windows Server Backup," a rewrite that adds a lot of new features (backup files are stored as a VHD, which is pretty neat), but they come with a price--an unintuitive and complex command line.

After performing my initial backup without incident, I made my configuration changes, but eventually found myself in need of restoring from backup. I entered the Windows Server Backup console and went to restore, but was dutifully informed that if I wanted to restore the System State, I would have to do it from the command line.

So, I launch the command-line tool, wbadmin.

wbadmin 1.0 - Backup command-line tool
(C) Copyright 2004 Microsoft Corp.

ERROR - Command incomplete. See list below.
For more help, type wbadmin -help

---- Commands Supported ----

ENABLE BACKUP -- Enable or modify a scheduled daily backup
DISABLE BACKUP -- Disables running scheduled daily backups
START BACKUP -- Runs a backup
STOP JOB -- Stops the currently running backup or recovery
GET VERSIONS -- List details of backups recoverable from a
specific location
GET ITEMS -- Lists items contained in the backup
START RECOVERY -- Run a recovery
GET STATUS -- Reports the status of the currently running job
GET DISKS -- Lists the disks that are currently online
START SYSTEMSTATERECOVERY -- Run a system state recovery
START SYSTEMSTATEBACKUP -- Run a system state backup
DELETE SYSTEMSTATEBACKUP -- Delete system state backup(s)

Seeing this, I discover what I believe is the appropriate option--START SYSTEMSTATERECOVERY, since the System State is what I'm trying to recover.

So, I run wbadmin START SYSTEMSTATERECOVERY, but ... then I get another screen.

C:\Users\Administrator>wbadmin START SYSTEMSTATERECOVERY
wbadmin 1.0 - Backup command-line tool
(C) Copyright 2004 Microsoft Corp.

ERROR - An option required for command is missing: Version. See usage below.

[-backupTarget:{VolumeName | NetworkSharePath}]

Runs a system state recovery based on the options specified.

-version Version identifier of the backup in MM/DD/YYYY-HH:MM format,

-backupTarget Specifies the storage location that contains the backups for
which you want to do the recovery. Useful when the backups are
stored in a different location than the normal location for
backups of this computer.

-machine Specifies the name of the computer for which you want to do the

recovery. Useful when multiple computers have been backed up to

the same location. Should be used when -backupTarget is

-recoveryTarget Existing directory path to restore to. Useful if the restore
is to be done to an alternate location.

-authsysvol Perform an authoritative restore of SYSVOL

-quiet Runs the command with no user prompts.

-showsummary Reports the summary of the last run of reboot status of last
successful online system state recovery. This option cannot be
accompanied by any other options.

WBADMIN START SYSTEMSTATERECOVERY -version:04/31/2005-09:00 -backupTarget:\\serv


Ug. How do I discover the version that I need to restore? Scrolling back through the list reveals another option--GET VERSIONS.

C:\Users\Administrator>wbadmin GET VERSIONS
wbadmin 1.0 - Backup command-line tool
(C) Copyright 2004 Microsoft Corp.

Backup time: 3/14/2009 6:01 PM
Backup target: Network Share labeled \\server\c$\Software
Version identifier: 03/14/2009-22:01
Can Recover: Volume(s), File(s), Application(s), Bare Metal Recovery, System State

Ahh. The version is 03/14/2009-22:01--the time I made the backup.

So, I now run:

C:\Users\Administrator>wbadmin start systemstaterecovery -version:03/14/2009-22:01
wbadmin 1.0 - Backup command-line tool
(C) Copyright 2004 Microsoft Corp.

Do you want to start the system state recovery operation?
[Y] Yes [N] No

Finally. Progress. I Enter "Y" and then see my progress...

Starting System State Restore [3/15/2009 11:31 PM]
Processing files to restore (This may take a few minutes)...
Processed (1279) files
Processed (5733) files
Processed (11025) files
Processed (21513) files
Processed (34191) files
Processed (47192) files
Processed (60265) files
Processed (62310) files
Processed (62310) files
Processing of files complete
Starting restore of files from backup
Preparing for Restore...
Restore of files reported by 'COM+ REGDB Writer' completed
Overall progress - 1% (Currently restoring files reported by 'System Writer')
Overall progress - 3% (Currently restoring files reported by 'System Writer')
Overall progress - 4% (Currently restoring files reported by 'System Writer')
Overall progress - 6% (Currently restoring files reported by 'System Writer')
Overall progress - 7% (Currently restoring files reported by 'System Writer')
Overall progress - 9% (Currently restoring files reported by 'System Writer')
Overall progress - 11% (Currently restoring files reported by 'System Writer')
Overall progress - 13% (Currently restoring files reported by 'System Writer')
Overall progress - 15% (Currently restoring files reported by 'System Writer')
Overall progress - 18% (Currently restoring files reported by 'System Writer')
Overall progress - 19% (Currently restoring files reported by 'System Writer')
Overall progress - 21% (Currently restoring files reported by 'System Writer')
Overall progress - 24% (Currently restoring files reported by 'System Writer')
Overall progress - 26% (Currently restoring files reported by 'System Writer')
Overall progress - 28% (Currently restoring files reported by 'System Writer')
Overall progress - 30% (Currently restoring files reported by 'System Writer')
Overall progress - 32% (Currently restoring files reported by 'System Writer')
Overall progress - 36% (Currently restoring files reported by 'System Writer')
Overall progress - 40% (Currently restoring files reported by 'System Writer')
Overall progress - 43% (Currently restoring files reported by 'System Writer')
Overall progress - 46% (Currently restoring files reported by 'System Writer')
Overall progress - 49% (Currently restoring files reported by 'System Writer')
Overall progress - 52% (Currently restoring files reported by 'System Writer')
Overall progress - 54% (Currently restoring files reported by 'System Writer')
Overall progress - 57% (Currently restoring files reported by 'System Writer')
Overall progress - 61% (Currently restoring files reported by 'System Writer')
Overall progress - 64% (Currently restoring files reported by 'System Writer')
Overall progress - 68% (Currently restoring files reported by 'System Writer')
Overall progress - 71% (Currently restoring files reported by 'System Writer')
Overall progress - 73% (Currently restoring files reported by 'System Writer')
Overall progress - 76% (Currently restoring files reported by 'System Writer')
Overall progress - 79% (Currently restoring files reported by 'System Writer')
Overall progress - 81% (Currently restoring files reported by 'System Writer')
Overall progress - 84% (Currently restoring files reported by 'System Writer')
Overall progress - 85% (Currently restoring files reported by 'System Writer')
Overall progress - 88% (Currently restoring files reported by 'System Writer')
Overall progress - 91% (Currently restoring files reported by 'System Writer')
Overall progress - 95% (Currently restoring files reported by 'System Writer')
Overall progress - 98% (Currently restoring files reported by 'System Writer')
Cleaning up...

Summary of recovery:

Restore of system state completed successfully [3/15/2009 11:40 PM]

Log of files successfully restored
'C:\Windows\Logs\WindowsServerBackup\SystemStateRestore 15-03-2009 23-31-27.log'

Please restart the machine to complete the operation.
NOTE: When you restart your server, System State Recovery will attempt to
recover many system files which may take several minutes to complete depending
on the number of files that are getting replaced. The machine might reboot multi
ple times in the process. Please be patient and do not interrupt the reboot process.


So this is progress? Better than selecting it through the familiar interface? I must be getting old.

Saturday, March 14, 2009

Dell DRAC Virtual Media Plugin Problems

- Trying to access the "Virtual Media" section of a DRAC console
- Client is Windows 2008
- When accessing "Virtual Media," get prompted to accept ActiveX control; accept, and get redirected to login page

- Open Internet Explorer, Tools > Internet Options; select Intranet, and select "Automatically detect Intranet network"

- Open %systemroot%\system32\drivers\etc\hosts
- add hosts entry for DRAC (such as server-drac server-drac.domain.com)
- Save and close

Browse to https://server-drac, accept the warning that IE is trying to access a page on your intranet and login. Good to go.

So, what causes this problem?

Internet Explorer's security settings are preventing ActiveX controls from being installed. Once you add the DRAC interface you're trying to work with to what IE considers your local intranet (site able to be browsed by hostname plus local domain suffix), the restrictions are loosened.

Happy DRAC'ing!

Monday, March 9, 2009

If I Could Turn Back Time

For anyone who manages an Active Directory environment, you've undoubtedly come to understand the need for keeping time in sync. In short, you won't be able to log in if the local computer time has more than 5 minutes difference than the logon server.

By default, Windows machines are configured to use NTDS5 or domain hierarchy time synchronization. The idea is that clients and servers synchronize their time with domain controllers, and the domain controllers synchronize their time with the domain controller holding the PDCE FSMO role. The idea is that administrator is supposed to configure the PDCE role holder to synchronize time with an outside NTP source.

However, you may someday find yourself in an environment where "things were changed." Unwitting administrators may have configured their environment differently, and if your luck is anything like mine, you'll eventually find yourself inheiriting or troubleshooting such an environment.

To reset a Windows Server 2003 computer back to default NTDS5 synchronization, run the following command:

w32tm /config /syncfromflags:domhier & w32tm /config /update

"But, Aaron," you say, "I have hundreds of servers!"

No worry, there's help for you as well. Grab the free PSTools from http://www.microsoft.com/sysinternals. Inside you'll find the Windows Administrator's best friend--psexec. With that great tool, you can run any command against a list of servers.

In addition, you'll want to grab a copy of the Gnu32 core utilities, which has Win32 versions of the great *nix utilities. Windows prettymuch sucks at command-line text manipulation, which makes this toolset invaluable.

So, armed with the right tools, how to get that list?

From either a domain controller (or a server/workstation with the AdminPak, PSTools, and Gnu32 Core Utilities installed):

1. ldifde -f temp1.txt -d "dc=domain,dc=com" -r "(&(objectClass=computer)(operatingSystem=Windows Server*))" -l cn
2. findstr /i "cn: " temp1.txt tr -d "cn :" >> temp2.txt

The resulting file (temp2.txt) will contain all of the Windows Server 2003 and 2008 machines in your environment. Once you have that list:

psexec @temp2.txt w32tm /config /syncfromflags:domhier & w32tm /config /update

The last step is to configure the server holding the PDCE FSMO role to use an external NTP time source.

w32tm.exe /config /syncfromflags:manual /manualpeerlist:time.windows.com /reliable:yes & w32tm.exe /config /update

Replace time.windows.com with whatever NTP server you want to use. Make sure you can get to it on UDP 123.

And ... you're done.

Saturday, March 7, 2009

Now You See It, Now You Don't

Lots of programs on the internet will claim to "erase your tracks" on your Windows-based computer. Well, you don't need to waste your money. Windows XP and later come with a built-in utility, that when used correctly, will overwrite the free space on your hard drive with ones and zeroes.

To make a long story short, when a file is deleted, the data blocks for the file still exist on the hard drive. The blocks that the deleted file occupy have been marked "available" for use by the filesystem. Recovering deleted data depends on these data blocks not having been overwritten yet.

Every act of creating, copying, or saving data on the hard drive with deleted data increases the chances that those "maked" data blocks will be overwritten, eliminating chances for a full, successful recovery.

If you want to ensure that data you've deleted is not going to be recoverable, you may think that simply formatting a drive will wipe the data. However, several types of "quick" formats may only specify the filesystem type and wipe the MFT or FAT, leaving the data blocks still intact on the drive.

To totally "erase" your data, you'll need to actually write data to every free region of your hard drive.

Now, as I previously mentioned, there are plenty of companies that will sell you programs to wipe your NTFS or FAT16/FAT32 filesystems--but they're not counting on you using a built-in utility to do the task.

What is this marvelous utility, you ask?

The utilitiy is cipher.exe. The main purpose of the utility is for EFS encryption. However, one of the switches can wipe the free space.

Running cipher /? at the command prompt in Windows 7 shows a whole host of options (in fact, too many to display here). The option we're looking for is the /W option:

C:\>cipher /?
Displays or alters the encryption of directories [files] on NTFS partitions.
CIPHER /W:directory
/W Removes data from available unused disk space on the entire
volume. If this option is chosen, all other options are ignored.
The directory specified can be anywhere in a local volume. If it
is a mount point or points to a directory in another volume, the
data on that volume will be removed.

Cipher with the /W switch will create a temporary file that will write over every block on your filesystem.

The appropriate syntax:

cipher /W:C:\

Will yield a screen like this:

As the screen indicates, close as many programs as possible. To achieve maximum data clearing effect, try grabbing a program like CCleaner to remove temporary internet files, temporary setup files, cookies, and a bunch of other personal data before wiping with cipher.

Monday, March 2, 2009

A Purple Nasty, Snake-Bitin' Good Time

I was introduced to this fine UK collegiate-style drink this weekend by my sister-in-law's most excellent boyfriend, Eddie. It's quite tasty, and definitely sneaks up on you. It's made by mixing a dry cider and a lager.

Depending on your lager choice, you may need to add more cider to gain the desired level of sweetness.

Snake Bite
5 oz Stella Artois Belgian Lager
5 oz Strongbow Cider

Combine ingredients in a Pilsner glass and enjoy.

Adding black currant turns it into a Snake Bite Black.

Snake Bite Black
5 oz Stella Artois Belgian Lager
5 oz Strongbow Cider
2 oz Black Currant

Change the ratio a bit, and it becomes a Purple Nasty.

Purple Nasty
6 1/2 oz Strongbow Cider
3 1/2 oz Stella Artois Belgian Lager
2 oz Black Currant

This is supposedly the drink of Loughborough University in England.

However you mix it and whatever you call it, it's well worth trying.

Monday, February 23, 2009

How to Re-Create MSDB

From time to time, I've found myself in a situation where I've needed to re-create MSDB. Unfortunately, most of the guides on how to do it give just basic overviews, leaving the unlucky admin muddling around.

Here is a real step-by-step for SQL Server 2005.

1. Shut down SQL Server.
2. CD to the SQL installation directory, such as %ProgramFiles%\Microsoft SQL Server\MSSQL.1\MSSQL\Binn and run start sqlservr.exe -c -T3608 or go into the Services applet, select the SQL Server service, and enter -c -T3608 in the parameters text area, and click Start.
3. Open SQL Management Studio.
4. Expand Database > System Databases, right-click Master and select New Query.
5. Type sp_detatch_db 'msdb' and press F5 to run.
6. Locate the MSDB files (usually msdbdata.mdf and msdblog.ldf) on your server; typically in %ProgramFiles%\Microsoft SQL Server\MSSQL.1\MSSQL\Data. Move/rename them.
7. Navigate to %ProgramFiles%\Microsoft SQL Server\MSSQL.1\MSSQL\Install and run instmdb.sql by double-clicking it.
8. Shut down SQL server service and restart it normally.

Monday, February 16, 2009

The Ever-Helpful Microsoft Office Project 2007

Microsoft Office Project 2007 is a relatively complex application. There have been a lot of improvements over the years, but one spot for which improvement is sorely needed is in problem identification. Most applications, when you have a syntax or property problem, will tell you on which line the problem occurs or will highlight the affected region.

If only.

In this example, I was working on a relatively complex Project and had made start-date type dependencies on some tasks (Task B can't be started until Task A is finished). I moved a section of tasks from one spot to another several weeks ago, and recently was attempting to update it. Unfortunately, I had set some task dependencies and could not figure out where to go (in a 500+ task project, it can get quite cumbersome). When trying to change a dependency, I was greeted with this oh-so-helpful dialog box:


I eventually found it, after reviewing my project line by line. It could have been so much easier if the conflict had just been highlighted. The program obviously knows what lines are affected, since it detected the dependency as circular.

Thursday, February 12, 2009

Creating a Windows 2003 TFTP Server

If you read my previous post on configuring Windows Server 2003 DHCP to serve PXE clients, you probably noticed option 066 for Boot Server Host Name.

What is a Boot Server, you may ask?

In simple terms, a boot server runs a TFTP (Trivial File Transfer Protocol) instance that is used to transfer small amounts of data. TFTP is unauthenticated, making it an easy choice for automating remote-boot tasks such as jumpstart and kickstart. For more general information on TFTP, check out Wikipedia.

Windows 2003 has a little-known TFTP daemon. Microsoft stopped advertising some time ago, but it still remained as part of the OS load through 2003 (it is no longer present in 2008) because of its usefulness.

Configuring the Native Windows Server 2003 TFTP Daemon
1. Copy the tftpd.exe file from %windir%\system32\dllcache to %windir%\system32.
>> copy %windir%\system32\dllcache\tftpd.exe %windir%\system32

2. Register tftpd as a service.
>> sc create tftpdsvc binPath= C:\Windows\System32\tftpd.exe DisplayName= "TFTP Server" start= demand

3. Set the Directory parameter to the location where your TFTP boot image files will be stored.
>> REG ADD HKLM\SYSTEM\CurrentControlSet\Services\tftpdsvc\Parameters /v Directory /t REG_SZ /d C:\tftpd

Here's a screen capture of the whole process:

Start the TFTP Server inside the Services MMC (or type net start tftpdsvc from the command prompt). You may get an error if the directory you specified in step 3 doesn't exist, so make sure it does. Also, if you have problems accessing files (you shouldn't, since in this configuration tftpdsvc is running as LocalSystem), you may need to grant "Everyone" or "ANONYMOUS LOGON" access to the boot file directory.

Configuring Windows 2003 DHCP for PXE Clients

Today, I was lending a hand to one of our Linux admins who was trying to get his servers Kickstarted. For the unitiated, Kickstart is the Linux equivalent to Windows RIS.

PXE stands for Pre-boot eXecution Environment. PXE clients (commonly known as "diskless workstations") rely on DHCP to tell them where to go for their boot configuration and software. Windows 2003 can handle these requests, with a little bit of work.

Supporting PXE clients requires the following options:

003 Router (potentially, if resources you need are on a different subnet)
013 Boot File Size
043 Vendor Specific Info
060 ClassID
066 Boot Server Host Name
067 Bootfile Name

So, off you go to configure it. But wait, Windows 2003 DHCP doesn't have option 060! What now?

Relax. Fortunately, there's a way to configure the DHCP service to have this option.

On your DHCP server, open up a command prompt and launch netsh.

As you can see, the commands are:

netsh dhcp>server \\test
netsh dhcp server>add optiondef 60 ClassID String 0
netsh dhcp server>set optionvalue 60 STRING PXEClient

You can actually add any of the RFC options for DHCP through this context. Microsoft ships the basic ones, but with netsh, you can customize the DHCP service.

Then, restart the DHCP service. If you have the service and management console running while you do this, you'll see "Unknown Option" when you look under server options.

Launch the DHCP Admin Conosole, and navigate to your scope (or server) options, depending on where you want to set your PXE boot options.

Right-click "Scope Options" (or "Server Options," as appropriate) and select Configure Options.

Select option 013 Boot File Size, and enter the boot file size in 512 octet blocks. For example, if your boot file is 32KB, convert it to bytes (1024*32, which is 32768), and then divide that number by 512 (32768/512). Put the result (64) in the data field.

Select option 043 Vendor Specific Info and enter the following binay value:
01 04 00 00 00 00 ff

Select option 066 Boot Server Host Name and enter the IP address of the TFTP server hosting your boot image in the data field.

Select option 067 Bootfile Name and enter the name of the boot image that you wish to use.

Ensure your devices have PXE-enabled NICs (if you're using newer servers, nearly all of them do) and boot. If you need help on setting up a TFTP Server on Windows 2003, look no further.

Sunday, February 8, 2009

Optimizing Exchange Disk Performance with Diskpart

Since a lot of folks (myself included) are still running a lot of Exchange 2003 in the enterprise, I though I would post a bit about setting the track alignment properly in various kinds of storage.

According to Microsoft, when creating disk partitions, the "Disk Management" MMC snap-in mis-aligns the partition with the underlying physical disk. On disks where there are 64 sectors per track, for example, the Disk Management MMC starts the partrition at the 64th sector instead of the 65th sector. It may not sound like a big deal, but in Exchange-land (and really any high-performance database), I/O that overlaps two tracks can degrade your performance by as much as 20%.

On Windows 2003, you use Diskpart.exe to set the starting offset for partitions. You can look in the Disk Management MMC snap-in to determine which disks you want to manipulate. Note the disk numbers on the left-hand side. You will reference these numbers inside Diskpart.

In this example, the disk that I want to manipulate is Disk 24.

Click Start > Run and type diskpart.

Diskpart is a command-line utility. Never fear, the syntax is pretty simple. You can type help for a list of commands. Commands have context sensitive help, so typing create partition ? will return a list of modifiers you can use.

In this example, I'm using a Pillar Axiom 600, and the vendor has recommended using an offset of 128. Armed with that knowledge, I will select disk 24 and perform the partition creation command.

From there, you can go back into the Disk Management MMC, assign a drive letter or mount point and format the volume. It's now ready for databases.

I'll update this post periodically with recommended offsets for various types of storage. As an info-byte, Diskpar (Windows 2003) creates partition offsets in KB while Diskpar (Windows 2000) creates them in sectors or blocks.

Storage SystemRecommended Diskpart Alignment
EMC Symmetrix DMX64
HP StorageWorks EVA64
Pillar Axiom128

Use these settings to optimize your Exchange storage. For more interesting and informative articles on disk alignment, check out these links:

Optimizing Storage for Exchange Server 2003 - (Microsoft Technet)

Why should you use Diskpar (Diskpart in W2003 SP1)? - (MSExchange Team Blog)

Disk Sector Alignment - (Christian Bolton's SQL Server Blog)

Disk Partition Alignment (Sector Alignment) for SQL Server: Part 1: Slide Deck - (Jimmy May, Aspiring Geek)

Friday, February 6, 2009

Classic Margarita

Strip away all the bells and whistles. Want a margarita you can make from scratch in a few minutes? Look no further.

Classic Margarita
1 1/2 oz silver or reposado tequila
1 oz Grand Marnier orange liqueur
3/4 oz fresh squeezed Mexican lime juice
Splash of orange juice

Shake all ingredients with ice. Strain into a salt-rimmed cocktail glass and serve with a lime wedge.

If you don't use Mexican limes, add a tsp or so of sugar.

Times Is Hard

On the way home from work the other night, I heard a very folksy/Dylan-esque song by Loudon Wainwright III called "Times Is Hard." I've dropped the lyrics here (without permission). To hear the song, head on over to NPR.

Times Is Hard

Times is hard. Times is tough.
Nothin's easy. It's all rough.
There's not much right; so much gone wrong.
All I can do is play this song.

You're watchin' the news. It all looks bad.
The worst half-hour you ever had.
What in God's name is goin' on?
All I can do is play this song.

You're losin' your job, your house and your car.
Hittin' rock bottom don't feel that far.
Nothin' good is gonna come along.
All I can do is play this song.

Folks are scared watchin' that news.
Folks feel bad. They're gettin' the blues.
My poor stomach, it ain't that strong.
All I can do is play this song.

Times is rough. Times is hard.
Take a pair of scissors to your credit card.
Circuit City just said, 'So long.'
All I can do is play this song.

Who's at fault? Who gets the blame?
Let's string up Bernie what's-his-name.
And ask Alan Greenspan to come along.
All I can do is play this song.

They want your gold, and they'll pay cash.
The only silver lining is the price of gas.
Money's short and the odds are long.
All I can do is play this song.

The factory's closed. The bank is bust.
On the money it says, 'In God We Trust.'
So pray for all your stocks and bonds.
All I can do is play this song.

Outta luck. Outta hope.
I'm wonderin' why I even cast that vote.
I took that sign offa my front lawn.
All I can do is play this song.

There's a new man down there in D.C.
They say he's gonna help you and me.
They sure know how to bang the gong.
All I can do is play this song.

Last man in D.C., he had eight years.
Now the whole damn country is in arrears.
We got two, three, four wars goin' on.
All I can do is play this song.

Times is hard. Times is rough.
I guess you folks need some cheerin' up.
Well it ain't me babe. You got that wrong.
All I can do is play this song.

You heard it here. I sang it first.
Don't feel so bad; things are gonna get worse.
Consider yourselves all strung along.
All I can do is play this song.

All I can do is ...

Tuesday, February 3, 2009

Project 2007 Dialog Box

I'm a sucker for funny dialog boxes. This one happened to me tonight while I was cutting/pasting a coule of task items around in Microsoft Project 2007:

Actual values, eh? Not made up ones?

Monday, February 2, 2009

Outlook and 0x80004005

This afternoon, while troubleshooting a user's NDR problem, I ran into a problem of my own:

Your message did not reach some or all of the intended recipients.

Subject: RE: Service Desk Ticket 00173590
Sent: 2/2/2009 4:28 PM

The following recipient(s) cannot be reached:

Lastname, Firstname on 2/2/2009 4:28 PM
This message could not be sent. Try sending the message again later, or contact your network administrator. Error is [0x80004005-00000000-00000000].

Like many admins when troubleshooting end-user problems (missing/deleted messages, screwy appointments, etc.), I grant a dedicated account service-level permissions on the problem mailbox and begin testing by creating a new profile and logging into the problem mailbox. Tonight, after the troubleshooting session was resolved, I went to log in to my own mailbox profile and all seemed well. A few minutes later, I sent a message, and immediately got the above NDR. Having done this hundreds of times, I was pretty perplexed.

Starting to troubleshoot my own mailbox like I have hundreds of others, I went to verify that there was nothing wrong with my account by hitting my back-end mailbox server.

Logged off, logged back in, and retried sending a message. Same NDR.

I've usually experienced 80004005 (in relationship to Outlook) being a security or permissions problem of sorts. I was able to track the issue down to the way I had configured the temporary I was using for troubleshooting. After entering the server name and mailbox name, you are presented with a dialog box for credentials. I entered the credentials for which I had granted service account permissions, and had inadvertantly selected the "Save Password" button.

In whatever crazy universe I'm operating in, that seemed to be somehow affecting my logons with other profiles. To rectify the situation, I went to Control Panel > Mail > E-Mail Accounts > Change E-Mail Account > More Settings > Security and selected the "Always Prompt for Logon Credentials" checkbox. OK all the way out, launch Outlook, put in my new credentials, and then try to send/receive.

Problem solved.

Friday, January 30, 2009

Everybody is Somebody

Tonight on the way home from work, I heard an interview on the radio. The lead-in was talking about a reporter investigating some strange circumstances surrounding a death.

Apparently, someone had called and told him that while in an abandoned building, they had discovered a body encased in a block of ice at the bottom of an elevator shaft. As the interview went on and the reporter described the case, he expressed how he wanted to bring some dignity to the deceased by burying the body properly.

His quote has been replaying in my head for the past couple of hours. "This was somebody's boy. Everybody is somebody's baby."

The interviewer repeated those words, faltering herself.

A small wave of emotion swept over me. If you're a parent, repeat those words out loud for yourself and you'll understand instantly.

Sit back and think for a minute.

There are wars raging on several continents this very minute. Genocides. Ethnic cleansings. Wholesale exterminations of millions of people because of their skin color, ethnicity, or religious beliefs. We're sending all our nation's kids to fight in places where we're not wanted for reasons that are unclear at best, and all we've got to show for it is a spiraling deficit and a wake of thousands of bodies--somebody's babies.

Hundreds of people in the Guantanamo Bay military prison. Political prisoners in China. Militia kidnapping victims in Columbia.

AIDS babies in Ethiopia. A cholera epidemic whipping through Zimbabwe. Children and farmers crippled by undiscovered mines in Cambodia and Vietnam, leftover from another generation's unrest.

So many Christians are passionate about the pro-life arguments. "50 million abortions since Roe V. Wade." "Life begins at conception."

I'm all for protecting the unborn innocents. But what about the ones that make it out of the womb? Why do we care so disproportionately for those in utero? If we are so damned concerned about life and how it begins at conception, why don't we care about when and where it ends?

We'll rally against the rescinding of the Mexico City policy, but we won't lift a finger for the kids in the Gaza strip being killed by Israeli tanks. We'll hold marches on the Hill on the anniversary of Roe V. Wade, but won't organize a canned food drive for crack babies in Baltimore. We'll chant witty slogans like "be a hero--save a whale; save a baby, go to jail," but won't serve chili at a homeless shelter or make goodie baskets for our troops in Afghanistan.

We'll pray that God will send help for hurricane or tsunami victims. Where's that help going to come from? Someone has to go. Praying that God will comfort those who've lost loved ones is great, but as a pastor friend of mine once said, sometimes the world needs God with some skin on 'em.

When's the last time you volunteered at an orphanage or senior center? Taken in a family who lost their home to foreclosure? Those lives are valuable, too. All those forgotten kids, all those abandoned elderly, all those dirty, smelly, homeless people.

Everybody is somebody's baby.

Filed from my Windows Mobile® phone.

Monday, January 26, 2009

How do you spell Evil? C-H-A-S-E

Like most households, we have a couple of credit cards. We don't really use them, though, being believers in the Dave Ramsey way of life. To a point--I use a credit card when I travel and submit expense reports for reimbursement.

Our expense reporting cycle is typically 3-4 weeks, which is a long time to be out of pocket. On some business trips, I might spend $500-$1,000 or more (on my last trip to the UK, I spent well over $5,000). Our budget is pretty close as it is, so loaning my company an extra couple thousand dollars directly out of my checking account is out of the question.

Around the Thanksgiving holiday, we missed our credit card bil due date by a few days. Not that we didn't have the money--we were celebrating with family and friends from out of town, and the last thing on our mind was feeding the Chase beast.

Until the bill showed up. Finance charges of several hundred dollars in addition to a late fee. I promptly called and complained. They waived the fees, and I thought all was good, right?

Well, December's bill came, which is due on January 31. Much to our surprise, there was a finance charge of nearly $82. There was no previous balance; only about $1,800 worth of charges. Upon calling Chase, they informed us that because we were late, they are going to be charging us a finance charge on each bill's current balance for the next two months (December and January's billing periods). When did that become fair play?

What an asinine penalty. Credit card companies are evil; the more of us that can stop using them, the better off our economy will be.

Thursday, January 22, 2009

Cognac Mint Frappe

Cognac is distilled from grapes from the Cognac region of France. It bears properties of both wine and liquor. Chances are, if you have a taste for wine, you'll appreciate cognac.

The idea for this drink came from the pages of Esquire; I Googled and found a similar recipe from which I drew the name. It's disarming and delicious; it's a good dessert drink.

Cognac Mint Frappe
2 1/2 oz cognac
1/4 oz white creme de menthe

Shake with ice and strain into a double old-fashioned with ice. Add a splash of water, and serve with a mint sprig if desired.

Why Do We Hate?

Seriously, why do we? What is the anatomy of hate?

We hate what we fear, and we fear what we don't know or understand.

The collective Right has been flooding the media with President Obama's "homosexual" agenda. As a Christian, I have a strong distate for some of Obama's policy stances, but affording equal rights to all Americans is not one of them.

Filed under "Civil Rights" on the White House web site is a section entitled Support for the LGBT Community. A quote from then-Senator Obama introduces the section:

"While we have come a long way since the Stonewall riots in 1969, we still have a lot of work to do. Too often, the issue of LGBT rights is exploited by those seeking to divide us. But at its core, this issue is about who we are as Americans. It's about whether this nation is going to live up to its founding promise of equality by treating all its citizens with dignity and respect."
-- Barack Obama, June 1, 2007

There are a couple of items on the list that I think are striking fear in the hearts of conservative folks, namely the areas of civil unions/same-sex marriage and adoption rights for the LGBT community.

Civil Unions are "non-marriage" agreements (recognized by most municipalities) between couples. For some reason, heterosexual couples get the same equal protection rights (employer health care and other employer benefits, property rights, emergency medical caretaker rights, etc.) as married couples, but this is denied to same-sex couples. Christians seem fine with this one-sided agreement because it doesn't appear to throw off their moral compass too much.

However, if one really wants to get nit-picky, how is supporting rights for a non-married same-sex couple living together any less "sinful" than supporting rights for non-married opposite-sex couples? According to Biblical standards, they're both wrong, since neither is "married." As Christians, we're taught "don't live together unless you're married," so Christians should be anti-civil unions across the board, regardless of the gender make-up of the couples, right? That makes us seem like religious radicals, so we cop out and say, "well, I guess it's tolerable as long as it's a man and a woman."

The next one on the list is the Constitutional Amendment to ban same-sex marriage. The Constitution has a long history of being used to grant rights, not take them away. The only time in our history that a Constitutional Amendment has been implemented to remove rights was in 1919, when the 18th Amendment was ratified to prohibit the manufacture, sale, or transportation of liquor in the United States. 14 years later, it was abolished with the 21st Amendment.

Then-Senator Obama had an interesting perspectve on this in the Saddleback Presidential Forum, held by Pastor Rick Warren at his church:

I am not somebody who promotes same-sex marriage, but I do believe in civil unions...I think my faith is strong enough and my marriage is strong enough that I can afford those civil rights to others, even if I have a different perspective or different view.

The final one is around expanded adoption rights. Personally, I've gone back and forth on this one. I don't really know what the Bible would say on it, so if anyone has any insight, please feel free to share. Basically, the premise is that President Obama wants to ensure that same-sex couples are able to adopt children.

As a Christian who doesn't approve of that lifestyle, I would be tempted to say that same-sex adoption may place the child in a confusing and complicated situation where they would see things that I find morally wrong.

However, as a pragmatist, I think it's important to look at the other side of foster care and adoption and really look at what's best for the children. About 35% of children are removed from foster care scenarios because of physical or sexual abuse or denial of health services. In adoption cases, statistics for abuse and mistreatment are frighteningly high. What's the benefit of placing a child in an adoptive situation with abusive opposite-sex persons versus loving same-sex persons? I don't really know any statistics either way, but I would tend to think that a loving environment wins every time.

If a child is in an adoption scenario, chances are they've already undergone circumstances beyond the comprehension of most people reading this--death of caretakers, abusive parents or foster parents, or some form of neglect or child endangerment.

Most foster kids never get adopted; they grow up in orphanages without ever experiencing the love of a family. Children that aren't adopted have higher rates of suicide and violence. Why wouldn't we do anything possible to avoid those negative outcomes?

There aren't easy answers to any of these questions, but I think we should all ask, what would Jesus do, and what would He want us to do?

With the woman who was accused of adultery, Jesus didn't say, "Let her have it!" He said, "Let he who is without sin cast the first stone." Jesus hung around the tax collectors and sinners of the day. He didn't approve of their lifestyles, but didn't fear and hate them, either. He hung around the holier-than-thous and chastised them for being so legalistic and missing the big picture. He didn't discriminate against theives or adulterous women; he treated them all with a level of respect due any human.

I'm not necessarily pro-gay rights or pro-LGBT community rights. But I am pro-equal human rights, because I think Jesus is, too.