Problems with Hyper-V, ISA Server 2006 and TCP offloading

Posted on By Mark Wilson
This content is 18 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

For the last few days, I’ve been trying to get an ISA Server 2006 installation working and it’s been driving me nuts. I was pretty sure that I had my networking sorted, following Jim Harrison’s article on configuring ISA Server interface settings (although a colleague did need to point out to me that I didn’t have a static route defined on my ADSL router back to the ISA Server’s internal network – doh!) but even once this was checked there was still something up with the configuration.

My server has three NICs – a Broadcom NetXtreme Gigabit Ethernet card, connected to my Netgear ProSafe GS108 switch and two Intel PRO/100+ Management Adapters – one connected to a NetGear DS108 hub and the other disconnected at the moment but reserved for remote management of the server (the first two are both bound to Hyper-V) virtual switches.

The theory is that the Gigabit connection will be used for all my internal IT resources and the Fast Ethernet hub is just connected to the ADSL router. The server will run a few virtual machines (VMs) – the ISA Server (running with Windows Server 2003 R2 and connected to both virtual switches), another VM with Active Directory and DNS (also running Windows Server 2003 R2), my mail server and various test/development machines.

According to Microsoft:

“There are two rules to remember when setting up DNS on ISA Server. These rules apply to any Windows-based DNS configuration:

  • No matter how many network adapters you have, only assign DNS servers to a single adapter (it doesn’t matter which one). There is no need to set up DNS on all network adapters.
  • Always point DNS to either internal servers or external servers, never to both.”

[Configuring DNS Servers for ISA Server 2004]

Following this advice, my internal DNS Server is set to forward any requests that it can’t resolve to my ISP’s servers. The problem was that this DNS server couldn’t access the Internet through the ISA Server. ISA Server could ping hosts on all networks (so the network configuration was sound) and monitoring the traffic across the ISA Server showed the outbound DNS traffic on port 53 but nothing seemed to be coming back from the ISP’s DNS servers.

I checked another colleague’s working ISA Server 2006 configuration and found nothing major that was different (only an alternative DNS configuration – with the external NIC pointing to the internal DNS server where my external NIC has no DNS server specified – and the addition of the Local Host network in the source list for the Unrestricted Internet Access firewall access rule that is included in the Edge Firewall network template).

Then, after seeking advice from more colleagues and spending the entire day (and evening) on the problem, I finally cracked it…

Because the ISA Server was configured to use the internal DNS server for lookups (which, in turn, couldn’t get back through the ISA Server), nslookup domainname.tld didn’t work; however nslookup domainname.tld alternativednsserveripaddress did (e.g. nslookup www.google.com 4.2.2.2). HTTP(S) traffic seemed fine though – if I used IP addresses instead of domain names, I could access websites via the web proxy client.

Meanwhile, on the ISA Server, I could use nslookup for local name resolution but not for anything on the Internet. And pinging servers on the external side of the ISA server gave some very strange results – The first packet would receive a reply but not the subsequent ones.

After hours of Googling, I came across some good advice in a TechNet forum thread – download and run the ISA Server Best Practices Analyzer (BPA) tool. The ISA BPA presented me with a number of minor warnings (for example, that running ISA Server in a virtual environment can’t protect the underlying operating system) but two seemed particularly significant:

“Receive-side scaling (RSS) is enabled by the Windows Server operating system. If a network adapter installed on the local ISA Server computer supports RSS, ISA Server may function incorrectly. […]”

and:

“TCP-Acceleration (TCPA) is enabled by the Windows Server operating system. If a network adapter installed on the local ISA Server computer supports TCPA, ISA Server may function incorrectly. […]”

I made the registry edits to disable RSS and TCPA (Further details are available in Microsoft knowledge base articles 927695 and 936594), restarted the computer and crossed my fingers.

Even after this change, I still couldn’t successfully ping resources on the external side of the ISA Server from the private network, but I was sure I was onto something. I stopped looking for problems with ISA Server and DNS, and instead I focused my efforts on TCP Offload issues with Hyper-V. That’s when I found Stefaan Pouseele’s post about ISA Server and Windows Server 2003 service pack 2. Stefaan recommends not only disabling RSS and TCPA but also turning off TCP offload and the TCP chimney.

A big more googling and I found a TechNet Forum thread about ISA Server 2006 in a virtual environment where (Virtual PC Guy) Ben Armstrong and VistaGuyRay (Raymond Comvalius) had discussed disabling TCP offloading in the VM. As it happens, only yesterday, Ray blogged about how disabling TCP offloading in the virtual machine (not on the host) had resolved his problems with a Broadcom gigabit Ethernet adapter and Hyper-V (further details are available in Microsoft knowledge base article 888750). So, after making this change (but not doing anything with the TCP chimney) and a final reboot of my ISA server, I noticed that Windows wanted to apply some updates. That meant that name resolution was working, which in turn meant that the internal DNS server was successfully forwarding requests to the ISP servers via the ISA Server and my ADSL router. Result.

The final set of registry changes that I made were as follows:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]
"EnableTCPA"=dword:00000000
"EnableRSS"=dword:00000000
"DisableTaskOffload"=dword:00000001

I’ve only made the registry changes on the ISA Server at the moment and the VM running AD/DNS seems to be fine, so this might not be an issue for all virtual machines connected to the Hyper-V virtual switch bound to the Broadcom NetXtreme NIC. What does seem reasonably certain though is that Hyper-V, ISA Server 2006 and TCP offloading don’t play nicely together in this scenario.

Windows Server 2008 product activation for volume license customers

Posted on By Mark Wilson
This content is 18 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

When Windows Vista was launched, I wrote a post about the volume activation (VA) 2.0 activation process. With Vista SP1, reduced functionality mode has been removed although there is still the same legal obligation to run properly-licensed copies of Windows. (Microsoft has published a Q and A sheet on the changes made to their anti-piracy programme).

A number of people have asked where they can get a 180-day evaluation copy of Windows Server 2008 and, as far as I’m aware, there isn’t one. Instead, it is possible to install the product and it will attempt online activation (there is no longer an option in setup to deselect this). If activation fails, then a 60-day grace period will commence, during which the product will have full functionality and can be activated at any time, using a key management server (KMS) if one is available, or alternatively by entering the multiple activation key (MAK) in the system properties. Re-arming is also available, allowing 3 re-arms (so up to 240 days total use before activation). That should be more than enough time for evaluation and further details are available in Microsoft knowledge base article 948472).

The day the iPhone grew up

Posted on By Mark Wilson
This content is 18 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

iPhone v2.0 roadmap image
Last week, Apple quietly slipped out a software update for the iPhone (v1.1.4). No press release (not one that I can find anyway), no drama (at least when I looked last night the Apple website was trumpeting the January iPhone update – no mention of the late-February one), and no software development kit (SDK) by the end of February 2008 as promised. What was happening?

Tonight I picked up the real news (via Garry Martin and Steven Bink) – Apple is pleased with it’s market share in the US (claiming 28% of the smartphone market) and is going after the enterprise. And in order to stand any chance of getting corporates to adopt the iPhone, they have licensed Microsoft ActiveSync. This is really good news for me. No more messing around with IMAP for connection to Exchange Server – real push e-mail, calendar integration, contact synchronisation, global address list lookup, IPSec VPNs, two-factor authentication (certificate-based), enterprise Wi-Fi (WPA2/802.1x), security policy and device configuration tools, and remote wipe capabilities.

I still have some other items to add to my ideal feature list – cut/paste and a task list application for starters – but it was great to hear Apple selling the Exchange Server push e-mail architecture and pointing out how BlackBerry is “the old way”…

So, what about that much-anticipated SDK? Well, Apple is opening up the same APIs and tools that they use internally, from today. It looks pretty sweet – I reckon even I could write an iPhone native application with this (although I’ll leave Keni to tell me how it compares to developing for Windows Mobile).

Once the applications are written, how do they get onto the iPhone? Apple has announced a new online store – the AppStore, accessible from every iPhone running the next software release (not using the iTunes store as previously predicted by some – although the iTiunes client will be able to access the AppStore). Key features include wireless application download (cell network or Wi-Fi) and automatic updates and this will be the exclusive method for the distribution of iPhone applications. It’s a pretty good deal for developers too (apart from the $99 to become one): they can pick the price and take a 70% revenue share, paid monthly; there will be no credit card, hosting or marketing fees (even if the application is free); but there will be some limitations around the types of applications that will be allowed (I wonder if there will there be a conflict of interest between mobile operators and VOiP client developers?)

Finally, what’s the charging mechanism for iPhone 2.0 update that will be required to access the new applications? I was pleased, and surprised to hear that it will be a free update including both the SDK and the new enterprise capabilities and is expected to ship in late June (there will be a small charge for iPod Touch users to receive the same update).

All of a sudden, being an early iPhone adopter (and chosing a supported route rather than unlocking/jailbreaking) is not looking like such a bad move.

Links

Apple iPhone Dev Center
Q&A: Microsoft Helps Connect Apple iPhone Users to Microsoft’s Exchange Server

Buyer beware

Posted on By Mark Wilson
This content is 18 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

I’m sure that the vast majority of people who sell products via Amazon/eBay/insert-web-shopfront-of-your-choice are honest. Many people, myself included, have sold items that they no longer need and are keen to retain high customer ratings/feedback so will do whatever they can to ensure that everything runs smoothly. Of course, from time-to-time things can go wrong. I recently sold a book to someone via Amazon and thought the Royal Mail had lost it (because I’d sent it using the Recorded Signed For service but for some reason the tracking code didn’t work) – thankfully when I e-mailed the buyer, they were honest and told me that they had received the book already. That’s the basis of many web transactions – mutual trust.

It’s because of this that I was furious when a recent third-party purchase from Amazon turned out not to be as described. I’d bought a product from a merchant called “pixmania-uk”. Everything looked good, the price was fine, the order was confirmed, and then I received a strange e-mail that suggested my item was going to be a French specification (I live in the UK):

“Important information about your order from our Pixmania Marketplace:

[…]

Please read the following information carefully. If you have any question, thank you to contact us.

  • Your parcel will include at least one product which will come with an adapter plug free of charge.Be assured that this product will have the same specifications as a UK model.
  • If your product is not supplied with a hard copy of the manual in English; we would like inform to you that a PDF format of the manual is available. Please contact us in order we sent to you the PFD file.

[…]

Now, the whole point about the European Union (EU) is free trade between member states and I have no problem with a continental European product but I want a UK power supply – not a French one with an adapter! I also expect instructions to either be multi-lingual (as most are), or in English (because that’s what we speak here). I contacted Pixmania and asked to cancel my order. Too late – already shipped. Their advice was to refuse delivery once it turned up here.

Having refused delivery, I had to wait for over 2 weeks before my refund was processed and then Pixmania only refunded the item cost – not the £6.95 shipping charge. So I contacted Pixmania again and received this response:

“Dear Mark Wilson,
Thank you for your feedback, Unfortunately your request was refused by our accounts department.

In the case you missed our seller information on Amazon.co.uk, I would like to kindly inform you that; Pixmania warehouses are based in Paris France manufacturers here in France do not supply us with the UK power cable, an adapter plug should have been provided, this is stated on the Amazon website under the “sellers” information for Pixmania, please use the following link to see this information; http://www.amazon.co.uk/gp/help/seller/home.html?ie=UTF8&isAmazonFulfilled=&orderID=&asin=B0007UATDG&marketplaceSeller=&seller=ACRTI4YR8LRR0

We apologise for the inconvenience and if you have any further questions, please contact us at amazon_uk@pixmania.com

Best regards,

Team Pixmania”

Luckily, third party orders paid for through Amazon are covered by Amazon’s A to Z Guarantee and they refunded the shipping cost. If that hadn’t worked then I still had the protection of having used my credit card for payment.

Now, turning my attention to the link that Pixmania had sent me. Did they really clearly state that this was a French product before I bought it? Well, yes, but only if I clicked through a few pages to find the information. First I would have needed to notice that the seller ID was “pixmania-uk” (suggesting they might be based in the UK…). If I clicked through on that, I would have seen their UK storefront (which uses a tiny font) and only then, if I clicked on a link at the bottom-right corner of the page would I have seen a Note for French spec. products.

Part of Pixmania-UK Amazon storefront showing feedback

Actually, before I got to any note about the products being shipped from France I should have seen that their shipping rates are not as advertised (how does £4 per shipment plus £0.50 per kg add up to £6.95?) but more obviously that their feedback is appalling. At the time of writing there have been over 70,000 shipments with an 89% satisfaction rate. 4% of customers (i.e. almost 3000 people) gave a neutral response and 7% (almost 5000 people) gave a negative one – mostly complaining about French products. 4 and a half stars may be fine if you are a tiny vendor with 10 sales and one complaint but when 11% of your customers are hot happy, that’s not good. (And why is Amazon doing anything about it? It’s their reputation too!)

All I can say is be careful who you are buying from when you shop at Amazon. Avoid Pixmania. And buyer beware.

USB flash drives can be washed at 30 degrees

Posted on By Mark Wilson
This content is 18 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

As I emptied the laundry from the washing machine this morning I noticed something small and brightly coloured wedged against the rubber seal by the door and realised with horror that it was the USB flash drive that had been in the pocket of my jeans. USB flash drive with 30 degree wash symbol“Oops”, I thought (or something similar that can’t be repeated in front of the kids), “I didn’t mean to do that…”.

Well, after a few hours in my pocket, making sure that it stayed warm and dry, I decided to try and use the device and it seems everything is fine. Probably not recommended though.

Why Microsoft must kill 32-bit Windows

Posted on By Mark Wilson
This content is 18 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

After writing about what a great client operating system Windows Server 2008 can be, I’ve just spent 2 days fighting to get everything working on my 64-bit installation. It’s not a problem with Windows but with original equipment manufacturers (OEMs) and independant software vendors (ISVs) who provide patchy support for 64-bit operating systems and it is stifling the adoption of 64-bit computing.

The operating system installed flawlessly and all the major components had x64 driver support, but then there were the minor things, like memory card readers, hotkeys, a smart card reader, Bluetooth, etc. which needed specialist drivers that took some tracking down. I got precious little help from my system’s OEM but a colleague tracked down the drivers I needed from another company’s website. Then I started on the applications. Error message from attempt to install Cisco VPN client on a 64-bit version of WindowsAgain, no problem for the major applications – 32-bit versions of Office 2007 and even the Vodafone Mobile Connect software installed without issue on a 64-bit platform. The problem came with the more specialist applications – for example the Cisco VPN client, which flatly refused to install on a 64-bit OS.

It’s not Microsoft’s fault. They provide 32-bit and 64-bit versions of their operating systems to respond to customer demand and then get caught in a vicious circle where vendors are reluctant to invest in updating their product to work with a 64-bit version of Windows and customers will not deploy the a 64-bit operating system unless their hardware works and their application software requirements can be met. I will caveat this though – there is an elephant in the room – Microsoft ISA Server 2006 is, inexcusably, a 32-bit only application.

Microsoft needs to cut itself free from some of the legacy features in Windows – including 32-bit releases. The problem is that Windows has such a broad reach that even the most minor issues become big news. If Apple decides to discontinue support for legacy features (e.g. Mac OS Classic application support) then no-one is really bothered but for Microsoft even the most obscure legacy technologies are still in used by many people – take a look at the post I wrote a few years ago about a customer having problems with FoxPro for MS-DOS on Windows XP and people are still leaving “me too” comments there! For another example, consider the criticsm that Microsoft took for Vista “breaking” applications or for hardware not working with the new operating system – they’d been warning OEMs and ISVs for years about the changes that they were making and some of them still don’t support Windows Vista – fifteen months after it was released.

Who needs a 64-bit operating system anyway? Well, I do. And, over the next few years, so will everyone. When Windows 2000 Workstation was new, I recommended that everyone who bought a new PC made sure they had at least 512MB of RAM so that they had enough to run the applications of the day but also to move to the next operating system release without needing upgrade their hardware. A few years later, Windows XP Professional would run comfortably with 256MB of RAM but it was probably best to buy a gig. With falling memory prices and higher application demands, for Windows Vista Enterprise I reckon 2GB is about right but if you want to run some virtual machines too, then you should be looking at about 4GB… and that’s the problem. 32-bits are only enough to address 4GB of RAM and 32-bit Windows operating systems will let you access about 3GB of that. By installing a 64-bit edition of Windows I can use all 4GB in my notebook, or all 8GB on my server (and much more if I had sufficient physical memory installed).

The need to access ever-more memory is not just a Windows issue either – I have 4GB of RAM in my MacBook because the photo and video editing that I do needs not just a fast processor but a decent amount of memory. And whilst Linux can run in a small footprint, if I want to do the same sort of things that I do under Windows or on the Mac, then I’ll need a decent amount of memory there too.

As for processors, anyone who has bought a PC in the last couple of years already has a 64-bit CPU. And anybody who is using older hardware is probably already weighing up their options for Windows Vista and shouldn’t be thinking about running the next version of Windows – managed diversity may be better in the short term with new hardware later.

64-bit computing is here. Right now. Microsoft should make Windows Vista the last 32-bit Windows release and it’s time for OEMs and ISVs to get with the programme.

Ctrl+Alt+arrow keys

Posted on By Mark Wilson
This content is 18 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

My new notebook PC has an Intel X3100 integrated graphics chipset and it seems that Intel graphics drivers include a feature whereby holding down the Ctrl and Alt keys together with a directional arrow key will rotate the display:

Ctrl+Alt+left = rotate display to lie down to the left (270° position)
Ctrl+Alt+right = rotate display to lie down to the right (90° position)
Ctrl+Alt+down = flip display upside down (180° position)
Ctrl+Alt+up = rotate display to normal position (0° position)

I’ve never come across this before but it’s a real pain as the Hyper-V Virtual Machine Connection also uses Ctrl+Alt+left by default to release the mouse when integration components are not installed. Luckily Alt+Tab will also break out of the VM and the hotkey can be changed in the Hyper-V settings.

Windows Server 2008 and wireless networking

Posted on By Mark Wilson
This content is 18 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

Last week I wrote about how Windows Server 2008 can be used as a great workstation OS too… then I realised that I didn’t have any wireless networking capabilities. Although Device Manager reported that my device was working properly, there were no networks available for connection. I wondered if that was because my Intel 4965AGN card was one of the devices that won’t play nicely with Windows Vista SP1 (and hence possibly not Windows Server 2008 either) but it turns out to be a little simpler than that – as Ambrish Verma highlights on a TechNet Forum post, the Wireless LAN service is not enabled by default on Windows Server 2008. After adding this feature in Server Manager, I could browse the available wireless networks and connect successfully.

Windows Server 2008 is a great workstation operating system too

Posted on By Mark Wilson
This content is 18 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

Windows Server 2008 logoIt took me months to convince my manager that I need a new laptop. Then it took me a few more to convince the IT department of the specification I needed (and to prise it out of their hands) but today I finally got my hands on it. It’s nothing special – I’d like a ThinkPad but, as my employer owns one half of Fujitsu-Siemens Computers, it is a Lifebook S7210 – and it’s not a bad machine either (especially as this one has 4GB of RAM in it). Why do I need that? Because I’m the technology lead for Windows Server 2008 and Hyper-V in our Microsoft Practice – and I want to “dogfood” the technology.

The thing is, that Windows Server 2008 is not really a client operating system. Except it can be… Windows Server 2008 has a lot in common with Windows Vista and with a few tweaks, I had got it working just as as I want it. A Windows desktop on steroids really:

  1. Step 1 is a notebook PC with hardware assisted virtualisation capabilities, No eXecute (NX)/eXecute Disable (XD) protection, and a 64-bit capable CPU. My Lifebook S7210 has all of those things, so on to step 2…
  2. Next, I needed an operating system – Windows Server 2008 Standard Edition would do the trick (after all I only have a single CPU and won’t be clustering laptops!), but the licensing model for Windows Server and virtualisation lends itself to using Windows Server 2008 Enterprise Edition (64-bit).
  3. Windows Server 2008 is not a supported operating system for this hardware but Windows Vista is. Installing x64 drivers for Windows Vista got my graphics and WiFi up and running but I still need to find drivers for some of the other components (like the built in card-reader).
  4. Next, installing the server roles that I want to use – Hyper-V for starters. Just make sure that the BIOS support for Intel-VT or AMD-V and NX/XD is enabled first.
  5. With the operating system installed, it’s time to get to work turning on some of the client features that are missing from a server operating system (thanks to Vijayshinva Karnure for his original post and subsequent follow-up, as well as this post from Stuart Maxwell):
    • Turn off the Internet Explorer enhanced security configuration (ESC) – it’s fine for servers that shouldn’t be browsing the Internet anyway, but for a workstation it just gets in the way (and encourages bad practice by putting lots of sites into the trusted zone).
    • Install the Desktop Experience feature – providing many of the Windows Vista capabilities that are not there by default in Windows Server 2008.
    • Set the Themes service to start automatically – and start it.
    • Ditto for the Windows Audio service.
    • Install the Windows Search service (part of the File Services role) – Outlook will use this for indexing e-mail.
    • Edit the local security policy to set Display Shutdown Event Tracker to Disabled
    • Enable Windows Aero in the appearance settings (may require a reboot, and possibly re-installation of video drivers).
    • In Control Panel, System, Advanced System Settings, Performance Options, set the required visual effects – I found that if I let Windows adjust for best appearance, it reverted to the Windows Vista Basic colour scheme but if I selected a custom configuration with all effects selected except Animate Controls and Elements inside Windows, I could keep Aero, complete with Flip 3D.
      Windows Aero Flip-3D
    • Also in the advanced system settings, set the processor scheduling to favour programs.
    • Enable Superfetch. Starting the Superfetch service will fail until some registry changes are made:

      Services
      Windows could not start the Superfetch service on computername.
      Error 197: The operating system is not presently configured to run this application.

      The solution is to create two new registry keys, after which the service should start successfully:

      Windows Registry Editor Version 5.00

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters]
      "EnablePrefetcher"=dword:00000003
      "EnableSuperfetch"=dword:00000003

    • Edit the power settings to allow hard disks to spin down after 20 minutes when running on mains power (and 5 when on battery power).
  6. Finally, install browser plug-ins (Flash, Silverlight, etc.) and application software (e.g. Microsoft Office).

Windows Server 2008 running as a workstation

I still need to configure our corporate anti-virus solution and VPN software (I may have some problems there as it has a dependency on a firewall product that does not work with Vista SP1 or, I imagine, Windows Server 2008). Why we insist on it with the firewall built into Windows I still don’t know but my VPN connection won’t work without it. I also need to work out if I can get hibernation to work on Windows Server 2008. Once that’s done, I should have a fully functional Windows Workstation 2008, with built-in hypervisor-based virtualisation. Sweet.

Internet Explorer search provider for markwilson.it

Posted on By Mark Wilson
This content is 18 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

Earlier today I had a go at creating a new search provider for Internet Explorer (IE) 7.0 so that I can search the markwilson.it website for information. It’s not of much practical use to anyone except to me but it is incredibly easy to achieve and works well. This is the resulting OpenSearch XML that IE generated for me:

  <?xml version="1.0" encoding="UTF-8" ?>
- <OpenSearchDescription xmlns="http://a9.com/-/spec/opensearch/1.1/">
  <ShortName>markwilson.it</ShortName>
  <Description>markwilson.it provider</Description>
  <InputEncoding>UTF-8</InputEncoding>
  <Url type="text/html" template="https://www.markwilson.co.uk/blog/index.php?s={searchTerms}" />
  </OpenSearchDescription>

There’s more information on adding search providers to IE 7 using OpenSearch 1.1 at the IEBlog.