Monthly Archives: March 2008

Uncategorized

The Windows runas command and the /netonly switch

Earlier today I needed to administer a Windows Server remotely, using a Microsoft Management Console (MMC) snap-in. Unfortunately, the computer I was using was in one domain and the remote server was in a workgroup, meaning that many of the MMC operations failed due to security issues. I tried running MMC as the administrator for the remote machine (using runas /user:<em>remotecomputername</em>\<em>username</em> mmc) but kept on getting a message that indicated an authentication failure:

RUNAS ERROR: Unable to run – mmc
1311: There are currently no logon servers available to service the logon request.

Then I found out about an obscure switch for the runas command – /netonly, used to indicate that the supplied credentials are for remote access only. By changing my command to:

runas /netonly /user:<em>remotecomputername</em>\<em>username</em> mmc

I was able to authenticate against the remote computer without needing the credentials to also be valid on the local computer, as described by Craig Andera.

Uncategorized

Customising Windows Server 2008 server core

A few months back, I wrote a post with a few commands to get started with server core on Windows Server 2008. Since then, I’ve had some fun tweaking server core installations (including some cheekiness installing third party web servers and browsers).

Sander Berkouwer wrote a series of blog posts last summer that look at changing the look and feel of a server core installation:

  1. Changing regional and language options (international settings) as well as time and date options.
  2. Changing display settings such as screen resolution and color depth, screen saver, window and background colors, cleartype and windows dragging settings.
  3. Changing keyboard and mouse settings/cursors.
  4. Changing the splash screen, logon screen and tweaking the command prompt window.

Server core may be intended for core infrastructure servers in lights-out data centres but even so, some customisation can be useful. Sander’s notes should help most people get things started.

Uncategorized

Surfing with server core

The whole point of the server core installation mode for Windows Server 2008 is a reduced attack surface – no Windows Explorer, no Internet Explorer, no .NET Framework. That’s all well and good but sometimes it’s useful to download a file over HTTP to a server core machine.

No problem – just download a version of GNU wget that has been compiled for Windows and use that to download the file. It needed a couple of configuration items to get past my corporate proxy server but worked flawlessly:

set http_proxy=http://<em>proxyserver</em>:<em>portnumber</em>
wget &#45;&#45;proxy-user=<em>domainname</em>\<em>username</em> &#45;&#45;proxy-passwd=<em>password</em> http://<em>uri</em>/

That’s probably as far as most people need to go – adding a simple command line utility to a command-line Windows installation – but I wanted to take things a step further (purely out of curiosity) and I installed Mozilla Firefox (v2.0.0.13). It worked, so I decided to try Apple Safari (v3.1) and Opera (v9.26). Safari installed (except the Bonjour component) but has a dependency on the Internet Options control panel applet (which is not present in server core) so I couldn’t define any proxy server settings. Meanwhile, Opera had no noticeable issues installing and loading a few test web pages. Next, I tried Internet Explorer 8 beta 1 and, as I expected, the installation failed. Bizarrely, it didn’t detect that I was trying to install it on server core but did attempt the installation, before failing and advising a restart followed by visit a web page (presumably using a competitor’s browser!) which redirects to Microsoft knowledge base article 949220.

Finally, I decided to go to the other extreme and try a text-mode browser. I found a version of Lynx that has been compiled for Windows but in order to get past my proxy server it needed the same environment variable as wget:

set http_proxy=http://<em>proxyserver</em>:<em>portnumber</em>

Even with this, it is incapable of performing authenticated proxy operations so I kept getting an HTTP 407 response. The workaround is to use the NTLM Authorization Proxy Server (NTLMAPS), which depends on Python (for which I found a 64-bit MSI package for Windows). Basically, NTLMAPS acts as a local proxy, configured to add the authentication headers and pass the request to the upstream server.

By editing the server.cfg file to include the following entries (all other configuration items were left at their defaults) and running the start runserver.bat command to launch the NTLMAPS server I was able to get NTLMAPS to prompt me for my password at startup and listen for HTTP requests (but not HTTPS) on port 5865:

[GENERAL]
PARENT_PROXY:<em>proxyserver</em>
PARENT_PROXY_PORT:<em>portnumber</em>

[NTLM_AUTH]
NT_DOMAIN:<em>domainname</em>
USER:<em>username</em>
PASSWORD:

Then, I ran the following:

set http_proxy=http://localhost:5865/
lynx

and was able to successfully browse the Internet through my corporate proxy server.

In all seriousness, I can’t really think of a good reason to install a full browser on server core but the wget command is probably useful. Even so, it’s still good to know that there are a few options for emergency surfing from a server core installation.

Uncategorized

Upgrading from the Hyper-V beta to RC0

One of the problems when you ship a beta product with a released product is that people will use it. Damn those users!

Yeah, well, I’m one of those users and it’s all very well including a comment in the Hyper-V beta release notes warning us that it will not be possible upgrade VMs from the Hyper-V beta to subsequent releases (I think there was such a comment, but I can only find the RC0 release notes now) but someone is just going to do it. I figured that as long as I have the virtual hard disk (.VHD) then recreating a child partition (virtual machine) shouldn’t be too big an issue. Right?

The exact words in Microsoft’s instructions for installing the Windows Server 2008 Hyper-V RC are:

“Migration of virtual machine configurations from Hyper-V Beta is not supported. All virtual machine configurations must be recreated using Hyper-V RC. However, customers will be able to migrate VHD files for released operating systems (Pre-release version of Windows Server 2008 will need to be recreated with the RTM version). There are several important factors to consider and steps to be followed for migrating VHDs to Hyper-V RC. […] Please refer to http://support.microsoft.com/kb/949222 for instructions on how to move VHDs created on Hyper-V Beta to RC.”

What Microsoft knowledge base article 949222 fails to point out is that the process of deleting snapshots does not always complete successfully. As John Howard points out in his recent post about the availability of the Hyper-V release candidate (RC) release:

“If you have any virtual machines running on Hyper-V Beta which have snapshots, these are not compatible with Hyper-V RC0. Deleting the snapshots will cause the changes to be merged back to the parent VHD, but this does take some time to complete (and due to a bug in Hyper-V beta, the merge does not always kick in).”

If you suffer from the bug that John mentions, there is a workaround (unsupported), which is under NDA (so I can’t write the method here), but Ben Armstrong gives a pretty big clue when he describes virtual machine snapshotting under Hyper-V and says:

“You can also delete a snapshot. If you delete a snapshot that has no descendants (snapshot with differencing disks that reference the snapshot being deleted) then the files associated with the snapshot will just be deleted. If you delete a snapshot with only one descendant the configuration and saved state files for the snapshot will be deleted and the snapshot differencing disks will be merged with those of it’s descendant. If you delete a snapshot with more than one descendant the snapshot configuration and saved state files will be deleted – but the differencing disks will not be merged until the number of descendant snapshots is reduced to one.”

I added the emphasis in that quote and it may be useful to note that the Edit Virtual Hard Disk Wizard can be used to merge a differencing disk (which is what a snapshot is) into it’s parent (from the Windows Server 2008 Technical Library).

Thankfully, I didn’t have to go down that route (at least not on my notebook – I’ve not been brave enough to upgrade my server at home yet as I’ll also need to upgrade the parent partition from escrow build 6001.17128.amd64fre.longhorn.080101-1935 to RTM build 6001.18000.amd64fre.longhorn_rtm.080118-1840 – you can check what version a server is running by examining the BuildLabEx string at HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ in the registry). When I tried to take a backup of all the VM files (including snapshots), I found that some of them were locked – even after a reboot. That was because Hyper-V was (very slowly) merging the contents of the .AVHD files into the .VHDs. I wasn’t convinced until I saw .AVHD files disappearing before my eyes and disk space miraculously appearing on my hard drive, although I have a feeling that the process may have stalled a couple of times and a reboot kicked things off again.

There are two clues that the merge is not yet complete:

  1. The presence of some .AVHD files in the snapshots folder for the virtual machine.
  2. The &lt;disk_merge_pending type="bool"&gt;True&lt;/disk_merge_pending&gt; line in the corresponding XML file.

Once the merge is complete, the .AVHD files should be deleted and &lt;disk_merge_pending type="bool"&gt;True&lt;/disk_merge_pending&gt; should read &lt;disk_merge_pending type="bool"&gt;False&lt;/disk_merge_pending&gt; .

After my snapshots were merged and I had removed the beta integration components from my VMs, the upgrade process was quite straightforward – document everything, apply the Hyper-V RC0 upgrade package (no need to remove the beta first), install the RC (including restarting the computer), remove and recreate any virtual machines (even though they may still be visible in Hyper-V Manager, attempting to start one of virtual machines will result in an access denied error – it’s a simple enough process to delete the virtual machine and recreate it using the original virtual hard disk), set up the virtual networking and install the latest integration components (depending on the operating system in use for each child partition).

Thankfully, I shouldn’t have to endure this pain with subsequent releases (like RC0 to RTM) – Microsoft’s Hyper-V FAQ states that:

“Microsoft is encouraging all customers and partners to test and evaluate the RC of Hyper-V. With RC, Hyper-V is now feature complete and provides a seamless upgrade path to RTM of Hyper-V.”

Phew!

Uncategorized

Introducing the Microsoft Deployment Toolkit 2008

One of the sessions that I managed to catch at UK customer launch for Microsoft’s 2008 products last week was Julius Davies’ and Jason Stiff‘s presentation on Windows Server 2008 (and Windows Vista) deployment. I recently spent some time brushing up my deployment skills but there have been a few developments since then – not least the rebranding of the Microsoft Solution Accelerator for Business Desktop Deployment (BDD) as Microsoft Deployment.

With Windows Vista and Windows Server 2008 now sharing a common codebase, the same techniques can be applied to both client and server deployment. Conseqently, whilst still consisting of a combination of documentation and tools to provide guidance for deployment best practice, the Microsoft Deployment Toolkit (MDT) 2008 is equally applicable to Windows Vista (including SP1) and Windows Server 2008 (as well as certain downlevel operating system releases) – hence the removal of the emphasis on the business desktop.

As for its previous incarnations (I recently wrote an overview of BDD 2007), Microsoft Deployment 2008 provides for “lite touch” or “zero touch” deployment. Lite touch deployment is primarily about the creation of images for deployment from DVD, using Windows Deployment Services (WDS) or another method. Zero touch deployment relies on Microsoft System Center Configuration Manager (SCCM) to provide a management framework but both use the same core tools (Windows PE, ImageX, etc.).

As with BDD 2007, MDT 2008 includes a deployment workbench with an information center (documentation, news, and components), distribution share (operating system, applications, packages – e.g. language packs, and drivers), task sequences (with major OEMs to provide their own extensions to the XML), and deployment (deployment points and database) – now including multicast support (which even Microsoft note is overdue) using Windows Deployment Services. With the zero touch installation, MDT is used to extend the SCCM site server and provide similar concepts to the deployment workbench, including the ability to import task sequences from MDT and take them further (for example to provide role or feature-based installations).

In terms of roadmap for MDT, an update is expected in June 2008 to support System Center Configuration Manager 2007 service pack 1 as well as enhanced OEM support and further configuration elements. Further out “deployment 5″ is expected to include an expanded product knowledge and cater for role based deployments using a “hydration” process for common applications.

Whilst on the subject of deployment, Garry Martin sent me a link to Dan Cunningham’s Workstation Migration Assistant – effectively a wrapper for the Microsoft User State Migration Toolkit (USMT). It looks like it could be a useful tool in the migration engineer’s arsenal – The Deployment Guys have more information on their blog.

Uncategorised

Brett Williams

I’ve just got home from a weekend away and learned that one of our friends – Brett Williams – passed away this weekend after almost two years battling with cancer. Even though this was in some ways inevitable, it’s still a shock because he had been doing so well and I cannot begin to imagine how his family are feeling right now.I can’t pretend to have known Brett well but I do believe that, on the whole, people can be classified in three groups – those who leave a positive impression on you and who make you feel good, those who may be fine once you get to know them but who (at least superficially) don’t really affect you one way or the other, and those who drag you down. Brett was definitely one of the former. I can honestly say that every time I met him he amazed me by always having a smile on his face, being extremely positive about everything and being a genuinely good guy.

We got to know Brett because he was a commercial photographer and my wife (not yet my wife at that time) worked with him on a few PR shoots. Later, he took our wedding photos – and this is a measure of his selflessness – there was no extortionate wedding day package, just a time and materials based fee – and he gave us all the negatives along with the prints. After some friends saw the fantastic job that he had done for us, he later took photos to capture their wedding day. Brett was also very supportive of my interest in photography – when I was between jobs in the first few days of 2004, Brett was happy to let me work with him as an assistant (I found an new job in IT very quickly so didn’t actually get to take up that opportunity) and when he switched from Nikon film cameras to Canon digital ones, I bought some of his old Nikon kit.

It seems incongruous to me that Brett left this world during a major Christian festival – Easter. Those with stronger religious convictions than mine will say that the Lord moves in mysterious ways. He certainly does if taking a man in his prime, leaving behind a wife and two young daughters is His idea of kindness. It’s times like this that reinforce my own agnosticism.

Brett will be sadly missed.

Uncategorized

Windows Vista SP1 is available on Windows Update

One more announcement that crept out this week… Microsoft has released Windows Vista SP1 to Windows Update. Although the service pack was RTMed a few weeks back, it has only been available for download to a subset of customers until now – the release to Microsoft Update (and a standalone installer for SP1 on the Microsoft website) means that SP1 is now generally available.

Sadly, I’ve been underwhelmed by the approach by certain ISVs (CheckPoint ZoneAlarm, to name one) to the provision of SP1-compliant products but in general SP1 is a major step forward which brings Windows Vista onto the same codebase as Windows Server 2008 as well as providing a number of incremental improvements. Paul Thurrott has a Windows Vista SP1 FAQ on his SuperSite for Windows.

Uncategorized

Hyper-V release candidate

For a couple of days now, I’ve been itching to write something about the Microsoft Hyper-V release candidate (RC), which was made available to beta testers earlier this week. Well, the wait is over as the (feature-complete) product was officially announced earlier today.

According to Microsoft:

The RC forms an important milestone in the development of Hyper-V and being feature complete, customers can now start to evaluate the final implementation scenarios with the knowledge that the upgrade path to the RTM of Hyper-V will be largely non-disruptive in terms of VM settings, VHDs, etc. In this release candidate of Hyper-V, there are 3 new areas of improvement including:

  • An expanded list of tested and qualified guest operating systems including: Windows Server 2003 SP2, Novell SUSE Linux Enterprise Server 10 SP1, Windows Vista SP1, and Windows XP SP3.
  • Host server and language support has been expanded to include the 64-bit (x64) versions of Windows Server 2008 Standard, Enterprise, and Datacenter – with English, partial German, and partial Japanese language options now available and the ability to enable the English version of Hyper-V on other locales.
  • Improved performance & stability for scalability and throughput workloads.

I’ll be upgrading my Hyper-V installations over the coming weeks but even running the beta has been a remarkably good experience, although so far I’ve failed to get the Linux integration components working (on SUSE or RHEL, 32 or 64-bit). I’m also pleased that Microsoft has released Hyper-V management tools for Windows Vista SP1, removing the requirement for another Hyper-V server in order to manage Hyper-V on a Windows Server 2008 server core installation.

There’s more information on the Hyper-V RC at the Windows Virtualization team blog and in the official press release.

Uncategorized

UK customer launch for Microsoft’s 2008 product wave

I’ve just got home from the UK “Heroes Happen Here” customer launch event for Windows Server 2008, Visual Studio 2008 Exhibition hall at the Microsoft Heroes Happen Here 2008 customer launchand SQL Server 2008 in Birmingham. It’s been a long time since I was this closely involved with a launch event and I’m pretty exhausted! I did manage to get some time off from the stand to attend some of the sessions so, after I manage to catch up with the inevitable mountain of e-mail that will greet me after a couple of days out of the office, I’ll try and blog something from the sessions I attended. In the meantime, most of the key messages were covered in the post I wrote after the press launch last month.

Uncategorized

Recording Windows Media screencasts

Next month, I’ll be delivering a couple of presentations on behalf of the Windows Server Team UK at the Microsoft UK user groups community day. It won’t be the same without Scotty (who first invited me to take part) and I’ve never presented to a large group before so, frankly, I’m more than a little nervous (and if I’ve asked too many questions in one of your presentations – I’m thinking here of Eileen, Steve, John, James, Jason, et al. – now is the chance for you to get your own back).

Anyway, I’m working on some insurance policies to help make sure that the demo gods look favourably on me – one of which is pre-recording some of my demos. In truth, it’s not just to make sure that the demos run smoothly, but also to condense 10 minutes of activities down into 2 (watching progress bars during the installation of Windows components is hardly exciting). So, I’ve been recording some screencasts (aka. blogcasts, vodcasts, vidcasts, video podcasts, etc.) to fall back on. It turns out to be quite simple – based largely on a post that John Howard wrote a while back with recorder settings for Windows Media Encoder (WME).

First of all, download a copy of Windows Media Encoder (I used 9.00.00.2980) and it seems to run fine on my x64 installation of Windows Server 2008, although I’ve just noticed that there is an x64 version available that I will install and use next time.

Next, drop the screen resolution and colour depth. John recommended 800×600 pixels at 16-bit colour depth but I used a slightly different method, capturing just one window (a remote desktop connection to a another machine, with the RDP connection running at 800×600). I also found that the capture was a little taxing on my graphics hardware, so it was worth dropping back to the Windows Vista basic display settings for a while (I reverted to Aero once I had captured the video).

When WME loads, it starts a wizard to create a session – I chose to ignore that and configure session properties manually. The key items are:

  • Sources tab: Provide a name for your source, check video and select Screen Capture (click configure to select a window or region for capture), check audio and select an appropriate source (I chose to record without any sound and added a soundtrack later).
  • Output tab: Deselect pull from encoder, check encode to file and enter a filename.
  • Compression tab: Select a destination of web server (progressive download) with screen capture (CBR) video encoding and a voice quality audio (CBR) audio encoding, select a bit rate of 93kbps and edit the encoding to use Windows Media Audio Voice 9 and Windows Media Video 9 Screen, with a custom video format and no interlacing or non-square pixels, finally, edit the buffer size to 8 seconds and the video smoothness to 100.
  • Attributes tab: Add some metadata for the recording.

All other settings can be left at their defaults.

After recording (encoding) the required demonstrations, there should be some .WMV files in the output directory. I had planned to edit these on the Mac but decided to stick with Windows Media and downloaded Windows Movie Maker 2.6 instead. This is a little basic and a bit buggy at times (with some caching going on as I took several takes to correctly narrate the screencast, sometimes necessitating exiting and restarting the application before it would pick up the correct recording) but on the whole it was perfectly good enough for recording screencasts.

The resulting output was then saved as another Windows Media File, ready for import into my PowerPoint deck.

I’m not going to start screencasting on this blog just yet. Firstly, it will kill my bandwidth (although I could use YouTube or another online service). Secondly, writing is time-consuming enough – video will just be too labour-intensive. Thirdly, I don’t think I’ve found any content yet that really needs video. In the meantime, I’m hoping that this method will allow me to show some working demos at Microsoft’s offices in Reading on on 9 April.

%d bloggers like this: