Not all of the stuff I stumble across on the Internet makes it into my blog posts so, here’s a list of items I’ve come across this month that I found potentially useful, interesting, or just plain funny:
For the last week or so, my colleagues have suffered an increasing amount of profanity as I’ve struggled with account lockouts on our Active Directory. I honestly nearly threw my notebook PC across the room last Wednesday.
I’d had my password reset twice and the account lockout flag removed about 7 or 8 times but I didn’t really get the answer that I needed when I asked our (offshored) IT helpdesk what might be causing the problem (for example, were there any AD synchronisation issues that they were aware of). After giving up on the helpdesk, I circumvented the proper support channels and dropped an e-mail to one of the administrators, who helpfully pointed me in the direction of another support team with the tools to diagnose the source of my lockouts and said it tends to be a disconnected terminal session or a software update program (e.g.from Adobe) using old credentials (e.g. to access the Internet via our proxy servers) that causes the lockout.
Sure enough, the problem was traced to a terminal server – and I did have a disconnected session there. Since resetting that session, the account lockouts have gone away and my access to e-mail, intranet, internal websites, Internet proxy servers, etc. has been restored.
My first inclination was to blame the infrastructure – and in this case it turned out to be a user error (or “a layer 8 problem”, as I like to refer to such things)… even so, I thought the experience might be useful for someone else who is getting frustrated by near-continuous account lockouts.
I’ve been building a Windows XP virtual machine for test purposes and needed to apply the latest updates (even with Windows XP service pack 3 it required over 20 updates to be applied). Unfortunately, Microsoft Update hit a problem and refused to install some of the updates, telling me that “a problem on your computer is preventing updates from being downloaded or installed“. I tried disabling my anti-virus software (AVG Free) but that made no difference.
For each successful registration, Windows should return “DllRegisterServer in filename.dll succeeded” but wucltui.dll didn’t seem to exist on my system. Even so, after re-registering the remaining DLLs, Microsoft Update successfully installed the problem updates.
Whilst configuring my Cisco 7940 IP phone it’s been necessary to reset it a few times to load new configuration details. I started out by removing the power (pretty brutal, but effective), until I reached a point where I could telnet into the phone and issue a reset command.
Then I learned the reset codes for Cisco IP phones:
For SIP firmware, press *+6+settings
For SCCP firmware, key in **#**.
Note that these are soft resets (like Ctrl+Alt+Del on a PC) – they do not return the phone to factory settings.
Finally, it may be useful to know that the default password for the phones is cisco.
For a while now, Apple has been poking fun at [Windows] PCs in it’s Mac vs. PC ads. The ads are usually funny – just not very accurate. I really wanted Microsoft to come back with something and they have. Not as humourous – frankly a bit “corporate” – but, nevertheless, the first phase in a $300m campaign is “The Mojave Experiment”.
The trouble is, that perception is reality. The word got out that Vista was a heap of junk and it spread. Sure, there were some problems when it first released – and that’s one of the reasons it shipped to corporates (who generally run a well-tested desktop image on a limited set of hardware) before it was released to consumers. Lack of device driver support is hardly Microsoft’s fault – they spent 5 years getting Vista ready (and talking to hardware vendors about the device driver model all the way through) – sadly though, the lack of driver support became Microsoft’s problem.
After more than 18 months of bad press, Microsoft figured that if people saw Vista first-hand they might actually like it. They took a bunch of people – average PC users – and asked them what they thought of Windows Vista. They hated it. Most of them had never seen it, but they’d heard it was bad. Next, in an attempt to challenge their preconceived opinions, Microsoft showed the same PC users the latest version of Windows – “Windows Mojave” – and they loved it. Then they were told that Windows Mojave was Windows Vista.
The “Mojave Experiment” website was launched yesterday (although it had been previously reported by CNET and others) and it’s worth a look, although I’m sure true sceptics will still regale stories of obscure things that didn’t work for them on their home-brew PC [or perhaps they’ll just resort to calling me a Microsoft fanboy…].
I’m tired of hearing certain sections of the IT press refer to Windows Vista as Microsoft’s latest Windows ME. ME was awful (and anyway, business users should have been running NT-based operating systems, not Windows 95/98/ME) but Windows Vista is a good operating system. Really. I can honestly say that, running on modern hardware (not necessarily a new PC), I have had no significant issues with Windows Vista. It may not be a necessary upgrade for everyone (if you’re happy with your existing XP installation, then sticking with XP might be the right thing to do) but there really is no need to avoid Vista entirely, or to deliberately downgrade.
I’ve written a lot about Hyper-V on this blog (some would say too much – I was recently accused of having lost all objectivity) but I’m going to carry on regardless. What I’ll try to do is steer clear of the arguments about how it competes with alternative technologies and stick to technical details. After all, this blog’s not really about news and comment – it’s supposed to be technical.
If you install a 32-bit version of Windows Server, there is no Hyper-V (it’s a 64-bit only product); however there is a 32-bit update for Hyper-V. Microsoft knowledge base article 950050 explains that the 32-bit update contains the Hyper-V Manager console and the Virtual Machine Connection tool for x86-based systems.
There are also versions of Windows Server 2008 available without Hyper-V, sold for a $28 discount. I believe that the $28 is a token value to appeal those who would cry foul if Microsoft bundled “free” middleware with their operating system. These do not contain any components from the Hyper-V role (which may be stating the obvious but you never know…). Functionally, there is no difference between the Windows Server 2008 SKUs with and without Hyper-V up to the point when the Hyper-V role is enabled (at which point the hypervisor slides under the existing OS and it becomes the parent partition).
Microsoft has also announced a product called Microsoft Hyper-V Server (which should not be confused with the Hyper-V role in Windows Server 2008) – this will be a standalone hypervisor product and will retail for $28 but Microsoft has not yet disclosed full details of Hyper-V Server.
One of my projects at home has involved trying to get a variety of telephony systems to work together so that I can make voice over IP (VoIP) or plain old telephone service (POTS) as necessary to get the best call rates. In truth, it’s probably not about getting the best rates as our phone bill is already pretty small – maybe it’s just because the geek inside me wants to get an IP phone working on my desk… anyway, I still have a few pieces of the puzzle to fit in place but last week I had a major breakthrough in getting a Cisco IP phone to provide a voice over IP (VoIP) service using SIP. It was a long haul, but worth it in the end – and this is how it’s done…
First of all I needed an IP Phone. I managed to pick up a brand new 7940G for £50 on eBay (a bargain) and this was perfect for me. Why a Cisco phone? Partly because we use them at work (so I know they are good phones – and I like the form factor – although I wish it had a backlit screen) but mostly because there are so many of them about – that means that plenty of people have tried to do this and there is information available on the web. Using a Cisco phone does cause a couple of problems though:
The standard protocol used for VoIP is session initiation protocol (SIP) and Cisco IP phones don’t use SIP natively. Cisco has it’s own IP Telephony system (Call Manager) which uses SCCP; however they do provide SIP firmware for their 79xx IP phones.
Some of the Cisco documentation and software is only available with a service contract and generating configuration details can be a challenge if you don’t have access to a Cisco Call Manager solution – thankfully everything I used for this is available on the ‘net through a variety of websites that are aimed at getting people up and running with VoIP solutions.
It’s also worth knowing that there are two types of configuration file for Cisco IP Phones:
The 79x0 models use a fairly simple configuration file.
The 79x1 models use an XML configuration, which is all very well if you have access to a Cisco Call Manager solution but not so well documented if you don’t.
I found that the 7940 is a good model to go for as it has been around for a while, there is plenty of information available, and it can be picked up for a reasonably low price (and it helped to know that one of my colleagues already had this solution working well for him!). The 7960 is similar but with support for more lines and there are other models available (e.g. cordless phones, or phones with colour screens). In addition, Linksys (owned by Cisco) sells some similar phones that do run SIP natively but I don’t know if they use the same firmware.
After choosing the phone there were a couple of other considerations:
Cisco IP Phones are designed to draw power from the network infrastructure using power over Ethernet (PoE). I bought the appropriate power adapter from broadbandbuyer.co.uk as I use a low-cost NetGear switch which does not provide PoE.
OS79XX.TXT – tells the phone which firmware to use.
SIPDefault.cnf – configuration information relevant to all phones.
SIPmacaddress.cnf – configuration information relevant to a specific phones.
Other files that I have include:
RINGLIST.DAT – Lists audio files that provide the custom ring types.
CTU.raw – an audio file referenced by RINGLIST.DAT.
dialplan.xml – a dialplan.
Various firmware images named as follows:
P003x-xx-x-00.bin – universal application loader for upgrades from images earlier than 5.x.
P003x-xx-x-00.sbn – secure universal application loader for upgrades from images 5.x or later.
P0y3x-xx-x-00.loads – universal application loader and application image, where y represents the protocol of the application image (.loads) file: 0 for SCCP, and S for SIP.
P0y3x-xx-x-00.sb2 – application firmware image, where y represents the protocol used by the image: 0 for SCCP, and S for SIP.
With all the necessary files available on the TFTP server, I set about upgrading the firmware to the latest SIP release by editing the OS79XX.TXT file to read P0S3-08-2-00 and resetting the phone. The TFTP server log told me that the phone picked up the appropriate firmware release, but that it couldn’t find one of binary images (P0S3-08-2-00.bin)
After some research, it seems that POS3-08-x-00.bin does not seem to exist for any 8.x firmware:
Versions [6.x] and [7.x] seem to have P0S3-0x–xx-00.BIN files which make it easy when upgrading from SCCP to SIP as all you have to do is rename the file it loads in OS79XX.TXT to one of these *.BIN files and its all done straight to SIP.
With version 8 series it doesn’t have these and that forces you to upgrade it in a 3 part reboot and load phase with[:]
That loads the *.loads file then it loads *.sbn and reboots
After warm reboot it loads *.sb2 which must be the sip software.
Then reboots again starting in sip and then provisions with[:]
Armed with this new information, I put the 7.4 SIP firmware into my TFTP root folder, edited OS79xx.TXT to read P0S3-07-4-00 and created an xmlDefault.CNF.XML file.
After booting the phone I was pleased to see a message that said Upgrading software but that pleasure soon ended as the upgrade never completed. Thankfully I hadn’t “bricked” the phone and, after another reboot, the phone showed a message which said Load ID Incorrect. The TFTP logs indicated that the phone was trying to load a file called SEPmacaddress.cnf.xml.
Googling turned up some more information and it turned out I was trying to go too far in one jump – my phone had been supplied with v3.x SCCP firmware and I was trying to go straight to v7.x firmware:
You have to upgrade to a new version of SCCP or older version of SIP before the bootloader on the phone will be able to handle the newer firmware […] you can either use an older version of SIP first, or a newer version of SCCP. Older SIP is probably easier – 6.3 is the newest you can use to then jump to 7.x and/or 8.x.
I put the v6.3 firmware on my TFTP server, edited OS79XX.TXT to read P0S3-06-3-00 and rebooted the phone. This time I saw the Upgrading Software message and watched the transfer take place.
After rebooting itself the phone came back up on the v6.3 firmware and was showing itself as Phone Unprovisioned.
I set about the second stage upgrade to v8.2 by editing OS79XX.TXT to P0S3-08-2-00 and rebooting the phone again. That didn’t help, but a further OS79XX.TXT edit from P0S3-08-2-00 to P003-08-2-00 did the trick as the Universal Application Loader booted.
Despite attempting to read non-existent files called CTLSEPmacaddress.tlv and SEPmacaddress.cnf.xml (the Cisco 7940 and 7960 IP Phones Firmware Upgrade Matrix explains the hunt algorithm employed by the Universal Application Loader) the phone downloaded the appropriate files and restarted to return as an unprovisioned device, finally running the v8.2 SIP firmware.
By this point, the TFTP logs were not much help as they didn’t indicate any errors but the status message on the phone gave me more clues:
W350 unprovisioned proxy_backup
W351 unprovisioned proxy_emergency
W362 No Valid Line Names Provisioned
The unprovisioned backup and emergency proxies didn’t bother me but I couldn’t understand why I had no valid lines provisioned. I had been trying to get the phone to use my Linksys SPA3102 as a SIP proxy but something was not quite right. In the end, I gave up and registered with SIPgate. After updating my configuration files to reflect the SIPgate account details, my phone picked up a valid line but couldn’t make or receive calls. Following advice on the SIPgate website, I made sure that the following ports were all open:
Port 5060 (UDP) – for connecting to the SIP proxy server.
I’m not sure if all of these are strictly necessary but they seem to have got things working. The final contents of my configuration files are detailed below, after the TFTP log from a successful boot:
Connection received from ipaddress on port 50967 [25/07 00:41:32.672]
Read request for file <CTLSEPmacaddress.tlv>. Mode octet [25/07 00:41:32.672]
File <CTLSEPmacaddress.tlv> : error 2 in system call CreateFile The system cannot find the file specified. [25/07 00:41:32.672]
Connection received from ipaddress on port 50968 [25/07 00:41:32.703]
Read request for file <SEPmacaddress.cnf.xml>. Mode octet [25/07 00:41:32.703]
File <SEPmacaddress.cnf.xml> : error 2 in system call CreateFile The system cannot find the file specified. [25/07 00:41:32.703]
Connection received from ipaddress on port 50969 [25/07 00:41:32.719]
Read request for file <SIPmacaddress.cnf>. Mode octet [25/07 00:41:32.719]
Using local port 1203 [25/07 00:41:32.719]
<SIPmacaddress.cnf>: sent 2 blks, 632 bytes in 0 s. 0 blk resent [25/07 00:41:32.735]
Connection received from ipaddress on port 50970 [25/07 00:41:32.766]
Read request for file <P0S3-08-2-00.loads>. Mode octet [25/07 00:41:32.781]
Using local port 1204 [25/07 00:41:32.781]
<P0S3-08-2-00.loads>: sent 1 blk, 461 bytes in 0 s. 0 blk resent [25/07 00:41:32.781]
Connection received from ipaddress on port 50962 [25/07 00:41:54.672]
Read request for file <SIPDefault.cnf>. Mode octet [25/07 00:41:54.672]
Using local port 1205 [25/07 00:41:54.672]
<SIPDefault.cnf>: sent 2 blks, 925 bytes in 0 s. 0 blk resent [25/07 00:41:54.688]
Connection received from ipaddress on port 50963 [25/07 00:41:54.813]
Read request for file <SIPmacaddress.cnf>. Mode octet [25/07 00:41:54.828]
Using local port 1206 [25/07 00:41:54.828]
<SIPmacaddress.cnf>: sent 2 blks, 632 bytes in 0 s. 0 blk resent [25/07 00:41:54.828]
Connection received from ipaddress on port 50967 [25/07 00:41:56.891]
Read request for file <RINGLIST.DAT>. Mode octet [25/07 00:41:56.891]
Using local port 1207 [25/07 00:41:56.891]
Connection received from ipaddress on port 50974 [25/07 00:41:56.907]
<RINGLIST.DAT>: sent 1 blk, 15 bytes in 0 s. 0 blk resent [25/07 00:41:56.907]
Read request for file <dialplan.xml>. Mode octet [25/07 00:41:56.907]
Using local port 1208 [25/07 00:41:56.907]
<dialplan.xml>: sent 1 blk, 104 bytes in 0 s. 0 blk resent [25/07 00:41:56.907]
date_format : D/M/Y
# NAT/Firewall Traversal
nat_enable: 1 ; 0-Disabled (default), 1-Enabled
nat_address: “” ; WAN IP address of NAT box (dotted IP or DNS A record only)
voip_control_port: 5060 ; UDP port used for SIP messages (default – 5060)
start_media_port: 8000 ; Start RTP range for media (default – 16384)
end_media_port: 8012 ; End RTP range for media (default – 32766)
nat_received_processing: 0 ; 0-Disabled (default), 1-Enabled
“VMware has used this pricing strategy several times to help seed the market, grow its customer base and fend off competitors. VMware Player and GSX server were both made free to respond to the threat of open source and other competitors. Both Player and GSX served as nice onramps to try VMware but had performance penalties and limitations, so customers quickly upgraded when they were through experimenting â€“ stopped a lot of customers from experimenting with the open source stuff. The same is likely to be true here; while free ESXi certainly isnâ€™t crippled (itâ€™s the same code as in the commercial versions) the fact that you canâ€™t manage more than one at a time is the driving drawback.”
But the part I struggle with in James’ analysis is the the summary:
“If you want a more mature solution and the live migration and HA capabilities VMware brings to the table, the cost differential is worth it.”
Is it? Is anybody really failing live production workloads over between hosts using VMotion? Not with the change control processes that most of my customers use. That’s why Microsoft’s quick migration is fine for controlled fail-over – a few seconds of outage is generally not a concern when you have already scheduled the work. As for high availability, I can provide a highly available Hyper-V cluster too. Then there is maturity… VMware may have invented the x86 virtualisation space but dealing with the company can sometimes be difficult (in fairness, that criticism can be levelled at other organisations too).
There’s an old adage that no-one got fired for choosing IBM. More recently no-one got fired for choosing HP (formerly Compaq) ProLiant servers. In the virtualisation space no-one gets fired for choosing VMware – not at the moment anyway – at least not until the CFO finds out that you could have implemented the solution using Microsoft technologies for less money. For that matter, when did anyone get fired for choosing Microsoft?
I’d also been hearing a lot on the This Week in Photography podcast about the concept of high dynamic range (HDR) images (see TWiP episode 9), where multiple exposures are combined so that one or more shots exposed for the highlights are combined with others that make the most of the shadows and I decided to give that a try.
On the first evening, I went down to the harbour and took some photos. They were okay but nothing stunning. Even so, I discovered a couple of basic points that would help me out on future visits:
It’s really difficult for Photoshop to merge images that involve boats floating on water… the boats move so the images can’t be aligned (I felt such an idiot for not thinking of that one)!
If you take a set of images adjusting the aperture and the shutter speed then the two cancel one another out and what you end up with is a set of identically exposed images with a varying depth of field (that’s basic stuff from a photography 101)! In the end I settled on using either the camera’s auto-bracketing functionality (which will give me three shots at the chosen exposure interval) or, if I wanted more than three images to merge, shooting on aperture priority with manual focus and then adjusting the shutter speed to bracket the exposures (effectively fixing the focus and depth of field, then adjusting the exposure length to control the light entering the camera).
The next night I went out a bit later – I thought I’d try and catch the sunset. I tried some different sections of the coast to try and get the sun over the sea with some rocks for foreground interest (no boats this time!) but it wasn’t really working out. I’d also got my calculations wrong for when the sun would be setting and in the end I gave up waiting and went back to the house. Sometimes, you just have to accept that the ingredients for a good photo are not all there.
This image is one of my favourites from that third night:
Taken about 30 minutes after sunset, the sky has begun to fade slightly but there is still plenty of colour. I’ve combined exposures taken at 0EV, -1EV and -2EV to create an HDR image then dropped back to 16-bit mode to apply a Photoshop Velvia action before finally straightening the image, cropping and saving as an 8-bit JPEG. Incidentally, I first did this in Photoshop CS2 on the Mac and the process introduced quite a bit of digital noise – switching to Photoshop CS3 seems to have corrected that problem.
As can be seen from the non-Photoshopped original images below, even without the HDR, underexposing by 1-2 stops seemed to work well (from memory, I probably used a 0.6ND graduated filter to tone down the sky too) but, whilst the the -2EV shot has plenty of sunset detail, it has silhouetted the lighthouse and rocks. The -1EV shot is balanced, but the foreground is still a little on the dark side, whilst the 0EV shot has started to burn out the sky. By merging the three shots I managed to keep both the shadow detail and the highlights and the 6 second exposure from the 0EV shot shows the movement of the water on the exposed side of the harbour wall.
The lesson for me was that I needed to work to find the right location and lighting and, importantly, it was only when I was in the right frame of mind and was excited by the natural world around me that I started to see the real photographic opportunities.
“I often think of that rare fulfilling joy when I’m in the presence of some wonderful alignment of events.
Where the light, the colour, the shapes and the balance all interlock that I feel truly overwhelmed by the wonder of it”
It took three visits before I got the right shots to make this image. Only once I’d fully engaged with the natural world and immersed myself in the environment around me could I unlock the photographic potential of the scene to create some technically correct images that were then combined to make something creatively pleasing.
Of course, there are some who have both the skills and the experience to just know what works and what doesn’t and they might get it right first time. I’m pretty pleased with the final result but it’s far from perfect. I need to get out more and learn what works and what doesn’t. Even after 25 years-or-so of taking photographs, I have too strong a bias towards the technology and I need to work on the creative site of things. I also need to play around a bit more with Photoshop’s HDR capabilities (or possibly some alternative packages) and see how I can gain more control over how the images are merged. For a first attempt at creating an HDR image this is not too bad but professional landscape photographers like Joe Cornish and Charlie Waite have nothing to fear from me just yet!
There’s a well-known phase used to describe things that go one better – they go up to eleven – and the idiom originates from the cult film “This is Spinal Tap” (which I really must watch one day…). Well, clearly someone at the BBC has a sense of humour as I noticed tonight that the volume control on the BBC’s media player for online viewing maxes out at, not 10, but 11.