Xtremely Technical Seminars

Posted on By Mark Wilson
This content is 18 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

If I was asked to name an industry expert on Active Directory, one of the names that would come to mind consultant is John Craddock of Kimberry Associates, who I have seen present with Sally Storey many times on behalf of Microsoft. John has formed a new company called XTSeminars (Xtremely Technical Seminars) and I’m pleased to see that John and Sally are working with another speaker whom I hold in high regard – Rafal Lukawiecki of Project Botticelli.

XTSeminars are a business venture – and as such the events are chargeable; however, based on previous events I’ve seen John and Sally present, I have absolutely no issue in recommending them – as they suggest:

Attend one of the seminars and not only will you rapidly get the real details but also an XTSeminars workbook packed with useful tips and techniques and a DVD with narrated videos of all the demos. Attend the seminars as a sponge and absorb the knowledge. All for a fraction of the cost of working with a lead consultant!

Definitely worth a slice of the training budget for anyone looking to improve their in-depth technical knowledge of key Microsoft technologies.

Free SharePoint enterprise search training

Posted on By Mark Wilson
This content is 18 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

Last autumn, I attended some technical training on Microsoft Office SharePoint Server (MOSS) 2007 Enterprise Search, led by Martin Harwar. I just got an e-mail from Martin to say that he has recorded over 18 hours of free technical training about enterprise Search with SharePoint technologies. Based on my experiences of attending the course, it’s worth checking out for anyone looking to learn (or refresh) their MOSS knowledge.

So much for Apple’s legendary build quality

Posted on By Mark Wilson
This content is 18 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

Readers of this blog may recall that I bitched about the time it took for Apple to deliver my new MacBook recently. It was ordered on 5 February, finally arrived on 14 February – and broken on 31 March. What did I do to break it? I rested my hands on the palm rest. Is that a user error?

Seriously, I was in the pub last night with Alex and Simon (from ascomi, who are helping me work on a new version of this site) and there was a fair degree of Mac vs. PC banter going on when all of a sudden there was a crack under my right palm and I saw that part of the top cover/keyboard assembly was split at the edge. I had only had the computer in my possession for 6 weeks and have really looked after it – to say that I was not happy is a bit of an understatement. So much for Apple’s legendary build quality.

Split top cover on nearly-new MacBook after 6 weeks of light (and careful) use

As it happens, some people regard the MacBook as the ugly step child of the Apple family – I disagree (hence the reason I bought one) but I do think that it is a little pricey and for that premium pricing I do expect premium build quality. It may not be as bad as the last Dell notebook I used but it is nowhere near as good as my IBM ThinkPad T40 and I have never had a case crack through normal use (drops and inadequate protection in transit maybe).

It seems that the MacBook case crack is a common defect and, whilst Apple refuses to acknowledge it as a design fault (it seems to occur next to the small bevel that keeps the screen and keyboard apart when the MacBook is closed, suggesting that may be causing undue pressure on that part of the top case) but Brian Ford wrote about the same problem four days ago and although getting picked up by John Gruber (Daring Fireball) will have helped, last night had 144 comments on his post. On that basis, this does not appear to be an isolated issue.

Furthermore, the problem has been around for a while now and whilst some reports suggest that Apple has changed the affected component and it does not occur on new models, I see no evidence of that as my computer is less than two months old – I call that pretty new.

I phoned AppleCare as soon as they were open this morning and spoke to a really helpful guy. He asked me if I had taken out AppleCare protection (no, but I have a warranty) and then proceeded to make an appointment with an Apple “Genius” at the Apple Store (I don’t know what’s worse – Apple’s idea that their tech support guys are all geniuses or Microsoft’s idea that there are IT departments full of heroes all across the world) . When there were no slots available, I asked which store he had tried and he said “Oh, most people ask for Regent Street in London”. I said “I’d like an appointment at my local store please” and suddenly there were lots of slots free and I just needed to pick my time!

So, I set off to the Milton Keynes Apple Store, arrived a couple of minutes early, booked in, and saw my name top of the Mac queue at the Genius Bar. Then I waited, and waited, and pestered the sales staff until a (very helpful) genius called Simon came over to help. It seems that the iPod queue and the Mac queue are actually one, and that there was only one genius, who was very very busy with a lot of people to see this morning, meanwhile the shop was littered with trainers and sales staff apparently doing very little.

Thankfully, Simon the genius noted that my MacBook was in “mint” condition (although the Genius Bar Work Authorisation will only allow it to be recorded as “As New”) and there was no argument that it had been mistreated in any way. Apple will be replacing the top cover/keyboard assembly and say that it will take 5 to 7 days but why so long? It should be a 1 hour job (maximum), plus the time to obtain parts and schedule the work – so, 2 to 3 days would be more reasonable. Doubtless I will hear from support technicians who say “you try our job for a day – we work really hard” (to which I say “I’ve been there – and so do lots of people”). In the meantime, I’ll be without my MacBook for a week.

I’ve posted my picture of the issue to the Flickr group that has been set up to highlight this issue. In the meantime, if you are having similar problems, I urge you to do the same and to leave a comment on Brian Ford’s Newsvine article so that he can build enough evidence to (hopefully) get Apple to actually do something about this issue.

The Windows runas command and the /netonly switch

Posted on By Mark Wilson
This content is 18 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

Earlier today I needed to administer a Windows Server remotely, using a Microsoft Management Console (MMC) snap-in. Unfortunately, the computer I was using was in one domain and the remote server was in a workgroup, meaning that many of the MMC operations failed due to security issues. I tried running MMC as the administrator for the remote machine (using runas /user:remotecomputername\username mmc) but kept on getting a message that indicated an authentication failure:

RUNAS ERROR: Unable to run – mmc
1311: There are currently no logon servers available to service the logon request.

Then I found out about an obscure switch for the runas command – /netonly, used to indicate that the supplied credentials are for remote access only. By changing my command to:

runas /netonly /user:remotecomputername\username mmc

I was able to authenticate against the remote computer without needing the credentials to also be valid on the local computer, as described by Craig Andera.

Customising Windows Server 2008 server core

Posted on By Mark Wilson
This content is 18 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

A few months back, I wrote a post with a few commands to get started with server core on Windows Server 2008. Since then, I’ve had some fun tweaking server core installations (including some cheekiness installing third party web servers and browsers).

Sander Berkouwer wrote a series of blog posts last summer that look at changing the look and feel of a server core installation:

  1. Changing regional and language options (international settings) as well as time and date options.
  2. Changing display settings such as screen resolution and color depth, screen saver, window and background colors, cleartype and windows dragging settings.
  3. Changing keyboard and mouse settings/cursors.
  4. Changing the splash screen, logon screen and tweaking the command prompt window.

Server core may be intended for core infrastructure servers in lights-out data centres but even so, some customisation can be useful. Sander’s notes should help most people get things started.

Surfing with server core

Posted on By Mark Wilson
This content is 18 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

The whole point of the server core installation mode for Windows Server 2008 is a reduced attack surface – no Windows Explorer, no Internet Explorer, no .NET Framework. That’s all well and good but sometimes it’s useful to download a file over HTTP to a server core machine.

No problem – just download a version of GNU wget that has been compiled for Windows and use that to download the file. It needed a couple of configuration items to get past my corporate proxy server but worked flawlessly:

set http_proxy=http://proxyserver:portnumber
wget --proxy-user=domainname\username --proxy-passwd=password http://uri/

That’s probably as far as most people need to go – adding a simple command line utility to a command-line Windows installation – but I wanted to take things a step further (purely out of curiosity) and I installed Mozilla Firefox (v2.0.0.13). It worked, so I decided to try Apple Safari (v3.1) and Opera (v9.26). Safari installed (except the Bonjour component) but has a dependency on the Internet Options control panel applet (which is not present in server core) so I couldn’t define any proxy server settings. Meanwhile, Opera had no noticeable issues installing and loading a few test web pages. Next, I tried Internet Explorer 8 beta 1 and, as I expected, the installation failed. Bizarrely, it didn’t detect that I was trying to install it on server core but did attempt the installation, before failing and advising a restart followed by visit a web page (presumably using a competitor’s browser!) which redirects to Microsoft knowledge base article 949220.

Finally, I decided to go to the other extreme and try a text-mode browser. I found a version of Lynx that has been compiled for Windows but in order to get past my proxy server it needed the same environment variable as wget:

set http_proxy=http://proxyserver:portnumber

Even with this, it is incapable of performing authenticated proxy operations so I kept getting an HTTP 407 response. The workaround is to use the NTLM Authorization Proxy Server (NTLMAPS), which depends on Python (for which I found a 64-bit MSI package for Windows). Basically, NTLMAPS acts as a local proxy, configured to add the authentication headers and pass the request to the upstream server.

By editing the server.cfg file to include the following entries (all other configuration items were left at their defaults) and running the start runserver.bat command to launch the NTLMAPS server I was able to get NTLMAPS to prompt me for my password at startup and listen for HTTP requests (but not HTTPS) on port 5865:

[GENERAL]
PARENT_PROXY:proxyserver
PARENT_PROXY_PORT:portnumber

[NTLM_AUTH]
NT_DOMAIN:domainname
USER:username
PASSWORD:

Then, I ran the following:

set http_proxy=http://localhost:5865/
lynx

and was able to successfully browse the Internet through my corporate proxy server.

In all seriousness, I can’t really think of a good reason to install a full browser on server core but the wget command is probably useful. Even so, it’s still good to know that there are a few options for emergency surfing from a server core installation.

Upgrading from the Hyper-V beta to RC0

Posted on By Mark Wilson
This content is 18 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

One of the problems when you ship a beta product with a released product is that people will use it. Damn those users!

Yeah, well, I’m one of those users and it’s all very well including a comment in the Hyper-V beta release notes warning us that it will not be possible upgrade VMs from the Hyper-V beta to subsequent releases (I think there was such a comment, but I can only find the RC0 release notes now) but someone is just going to do it. I figured that as long as I have the virtual hard disk (.VHD) then recreating a child partition (virtual machine) shouldn’t be too big an issue. Right?

The exact words in Microsoft’s instructions for installing the Windows Server 2008 Hyper-V RC are:

“Migration of virtual machine configurations from Hyper-V Beta is not supported. All virtual machine configurations must be recreated using Hyper-V RC. However, customers will be able to migrate VHD files for released operating systems (Pre-release version of Windows Server 2008 will need to be recreated with the RTM version). There are several important factors to consider and steps to be followed for migrating VHDs to Hyper-V RC. […] Please refer to http://support.microsoft.com/kb/949222 for instructions on how to move VHDs created on Hyper-V Beta to RC.”

What Microsoft knowledge base article 949222 fails to point out is that the process of deleting snapshots does not always complete successfully. As John Howard points out in his recent post about the availability of the Hyper-V release candidate (RC) release:

“If you have any virtual machines running on Hyper-V Beta which have snapshots, these are not compatible with Hyper-V RC0. Deleting the snapshots will cause the changes to be merged back to the parent VHD, but this does take some time to complete (and due to a bug in Hyper-V beta, the merge does not always kick in).”

If you suffer from the bug that John mentions, there is a workaround (unsupported), which is under NDA (so I can’t write the method here), but Ben Armstrong gives a pretty big clue when he describes virtual machine snapshotting under Hyper-V and says:

“You can also delete a snapshot. If you delete a snapshot that has no descendants (snapshot with differencing disks that reference the snapshot being deleted) then the files associated with the snapshot will just be deleted. If you delete a snapshot with only one descendant the configuration and saved state files for the snapshot will be deleted and the snapshot differencing disks will be merged with those of it’s descendant. If you delete a snapshot with more than one descendant the snapshot configuration and saved state files will be deleted – but the differencing disks will not be merged until the number of descendant snapshots is reduced to one.”

I added the emphasis in that quote and it may be useful to note that the Edit Virtual Hard Disk Wizard can be used to merge a differencing disk (which is what a snapshot is) into it’s parent (from the Windows Server 2008 Technical Library).

Thankfully, I didn’t have to go down that route (at least not on my notebook – I’ve not been brave enough to upgrade my server at home yet as I’ll also need to upgrade the parent partition from escrow build 6001.17128.amd64fre.longhorn.080101-1935 to RTM build 6001.18000.amd64fre.longhorn_rtm.080118-1840 – you can check what version a server is running by examining the BuildLabEx string at HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ in the registry). When I tried to take a backup of all the VM files (including snapshots), I found that some of them were locked – even after a reboot. That was because Hyper-V was (very slowly) merging the contents of the .AVHD files into the .VHDs. I wasn’t convinced until I saw .AVHD files disappearing before my eyes and disk space miraculously appearing on my hard drive, although I have a feeling that the process may have stalled a couple of times and a reboot kicked things off again.

There are two clues that the merge is not yet complete:

  1. The presence of some .AVHD files in the snapshots folder for the virtual machine.
  2. The <disk_merge_pending type="bool">True</disk_merge_pending> line in the corresponding XML file.

Once the merge is complete, the .AVHD files should be deleted and <disk_merge_pending type="bool">True</disk_merge_pending> should read <disk_merge_pending type="bool">False</disk_merge_pending> .

After my snapshots were merged and I had removed the beta integration components from my VMs, the upgrade process was quite straightforward – document everything, apply the Hyper-V RC0 upgrade package (no need to remove the beta first), install the RC (including restarting the computer), remove and recreate any virtual machines (even though they may still be visible in Hyper-V Manager, attempting to start one of virtual machines will result in an access denied error – it’s a simple enough process to delete the virtual machine and recreate it using the original virtual hard disk), set up the virtual networking and install the latest integration components (depending on the operating system in use for each child partition).

Thankfully, I shouldn’t have to endure this pain with subsequent releases (like RC0 to RTM) – Microsoft’s Hyper-V FAQ states that:

“Microsoft is encouraging all customers and partners to test and evaluate the RC of Hyper-V. With RC, Hyper-V is now feature complete and provides a seamless upgrade path to RTM of Hyper-V.”

Phew!

Introducing the Microsoft Deployment Toolkit 2008

Posted on By Mark Wilson
This content is 18 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

One of the sessions that I managed to catch at UK customer launch for Microsoft’s 2008 products last week was Julius Davies’ and Jason Stiff‘s presentation on Windows Server 2008 (and Windows Vista) deployment. I recently spent some time brushing up my deployment skills but there have been a few developments since then – not least the rebranding of the Microsoft Solution Accelerator for Business Desktop Deployment (BDD) as Microsoft Deployment.

With Windows Vista and Windows Server 2008 now sharing a common codebase, the same techniques can be applied to both client and server deployment. Conseqently, whilst still consisting of a combination of documentation and tools to provide guidance for deployment best practice, the Microsoft Deployment Toolkit (MDT) 2008 is equally applicable to Windows Vista (including SP1) and Windows Server 2008 (as well as certain downlevel operating system releases) – hence the removal of the emphasis on the business desktop.

As for its previous incarnations (I recently wrote an overview of BDD 2007), Microsoft Deployment 2008 provides for “lite touch” or “zero touch” deployment. Lite touch deployment is primarily about the creation of images for deployment from DVD, using Windows Deployment Services (WDS) or another method. Zero touch deployment relies on Microsoft System Center Configuration Manager (SCCM) to provide a management framework but both use the same core tools (Windows PE, ImageX, etc.).

As with BDD 2007, MDT 2008 includes a deployment workbench with an information center (documentation, news, and components), distribution share (operating system, applications, packages – e.g. language packs, and drivers), task sequences (with major OEMs to provide their own extensions to the XML), and deployment (deployment points and database) – now including multicast support (which even Microsoft note is overdue) using Windows Deployment Services. With the zero touch installation, MDT is used to extend the SCCM site server and provide similar concepts to the deployment workbench, including the ability to import task sequences from MDT and take them further (for example to provide role or feature-based installations).

In terms of roadmap for MDT, an update is expected in June 2008 to support System Center Configuration Manager 2007 service pack 1 as well as enhanced OEM support and further configuration elements. Further out “deployment 5” is expected to include an expanded product knowledge and cater for role based deployments using a “hydration” process for common applications.

Whilst on the subject of deployment, Garry Martin sent me a link to Dan Cunningham’s Workstation Migration Assistant – effectively a wrapper for the Microsoft User State Migration Toolkit (USMT). It looks like it could be a useful tool in the migration engineer’s arsenal – The Deployment Guys have more information on their blog.

Brett Williams

Posted on By Mark Wilson
This content is 18 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

I’ve just got home from a weekend away and learned that one of our friends – Brett Williams – passed away this weekend after almost two years battling with cancer. Even though this was in some ways inevitable, it’s still a shock because he had been doing so well and I cannot begin to imagine how his family are feeling right now.I can’t pretend to have known Brett well but I do believe that, on the whole, people can be classified in three groups – those who leave a positive impression on you and who make you feel good, those who may be fine once you get to know them but who (at least superficially) don’t really affect you one way or the other, and those who drag you down. Brett was definitely one of the former. I can honestly say that every time I met him he amazed me by always having a smile on his face, being extremely positive about everything and being a genuinely good guy.

We got to know Brett because he was a commercial photographer and my wife (not yet my wife at that time) worked with him on a few PR shoots. Later, he took our wedding photos – and this is a measure of his selflessness – there was no extortionate wedding day package, just a time and materials based fee – and he gave us all the negatives along with the prints. After some friends saw the fantastic job that he had done for us, he later took photos to capture their wedding day. Brett was also very supportive of my interest in photography – when I was between jobs in the first few days of 2004, Brett was happy to let me work with him as an assistant (I found an new job in IT very quickly so didn’t actually get to take up that opportunity) and when he switched from Nikon film cameras to Canon digital ones, I bought some of his old Nikon kit.

It seems incongruous to me that Brett left this world during a major Christian festival – Easter. Those with stronger religious convictions than mine will say that the Lord moves in mysterious ways. He certainly does if taking a man in his prime, leaving behind a wife and two young daughters is His idea of kindness. It’s times like this that reinforce my own agnosticism.

Brett will be sadly missed.

Windows Vista SP1 is available on Windows Update

Posted on By Mark Wilson
This content is 18 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

One more announcement that crept out this week… Microsoft has released Windows Vista SP1 to Windows Update. Although the service pack was RTMed a few weeks back, it has only been available for download to a subset of customers until now – the release to Microsoft Update (and a standalone installer for SP1 on the Microsoft website) means that SP1 is now generally available.

Sadly, I’ve been underwhelmed by the approach by certain ISVs (CheckPoint ZoneAlarm, to name one) to the provision of SP1-compliant products but in general SP1 is a major step forward which brings Windows Vista onto the same codebase as Windows Server 2008 as well as providing a number of incremental improvements. Paul Thurrott has a Windows Vista SP1 FAQ on his SuperSite for Windows.