technical solutions and commentary
Forbes/CNN is reporting that Bill Gates is still the richest man in the world for the 13th year in a row with an estimated $53 billion. Warren Buffett is still in second with $46 billion. A combined estimated net worth of $99 billion.
I wonder if they sing “$99 billion dollars on the wall” (instead of “99 bottles of beer on the wall”) when playing bridge together?
Robert Scoble, A-list blogger, has been hinting at what his new project at PodTech.net is. Today, he released a teaser preview on blip.TV of the new ScobleShow.
Robert Scoble started video blogging extensively when we worked as an Developer Evangelist on the Channel 9 team at Microsoft. Channel 9 promotes Microsoft software to the developer and enthusiast community and encourages innovation and the use of Microsoft products. Behind-the-screens videos provide a less formal look at what it takes to develop and design new software.
The ScobleShow was originally scheduled for launch on September 19 but was postponed due to the code not being ready for the website. The ScobleShow should now launch on September 26th. Keep an eye on the Scobleizer blog, PodTech.net, and the new domain ScobleShow.com (which was not live at the time of this post).
Troubleshooting connections using Exchange 2003 Direct Push to Windows Mobile based phones. Exchnage Driect Push technology piggy backs on the Exchange OMA service which can be access via a web page or through the local Windows Mobile client. When the DirectPush will not make a connection to the local Windows Mobile mail client you may with to try the following in troubleshooting this issue as this has in more than one instance.
Other helpful resources in troule shooting this issue are:
Installing TrendMicro AntiVirus onto Windows Small Business Server 2003 Premium Edition with ISA Server configured fails. By dafult TrendMicro installs onto IIS using HTTPS on port 4343. Running ISA Server on SBS, prevents the use of non-standard ports for the HTTPS protocol, requiring TrendMicro to use port 443.
To work around this issue and allow non-standard HTTPS ports in ISA Server, Microsoft has instrucitons on creating new tunnel ports in the TechNet Article “Managing Tunnel Port Ranges” and also as information in KB283284. You can copy the script samples and modify them to add a Tunnel Port for port 4343. This script can be run before or after the TrendMicro installation and will then allow access to the TrendMicro management console and allow clients to connect to install TrendMicro software
Running NetStumbler on a laptop when driving out of downtown Chicago on September 9th, showed interesting statistics when it come to Wireless security. This short experiment shows detected wireless networks using a standard laptop with an integrated wireless card. While many networks where detected, an alarming number appeared to be unsecured. While we did not attempt a connection to any of these unsecured networks to check if the connection would be accepted, it shows that the simplicity of installing consumer wireless network devices increases the need for better automated wireless security in these devices.
While consumer router/firewall/wireless devices are being installed by users, many likely see reference to Internet “firewall” and incorrectly assume they have a secure network. While these devices may have a firewall to somewhat defend the broadband connection, these devices do not “firewall” the default wireless connection which may be the biggest security hole in their network. This really shows the need for a local software firewall on the PC’s, such as the Windows XP SP2 built-in firewall and the updated 2-way firewall in Windows Vista.
Here are some of the statistics:
WAP Drive – Chicago | Total Distance: 11.5 Miles
[Start: Ohio & Michigan Ave to I-290W] [End: I-290W @ Des Plains Ave Exit]
Total Wireless Networks Detected: 467 [40.61 per mile]
Networks Encrypted: 322
Networks Unencrypted: 145
Wireless Networks – AP-based: 439
Wireless Networks – Peer-based: 28
Wireless 11g Compatible: 305
Broadcasting on channel:
Networks using the SSID “Default”: 11
Networks using the SSID “Linksys”: 21
Networks using the SSID “NetGear”: 3
HP’s Universal Print Driver (UPD) for Windows supports printing to the HP PCL5 and PostScript emulation printer. The UPD is has been tested by HP and is supported on Citrix Presentation Server 4 for Windows Server 2003 x64. Citrix Presentation Server 4 also has a full featured UPD when Windows 32-bit clients are available.
HP has published guidelines for choosing the best UPD using Windows Terminal Services and/or Citrix Presentation Server:
Download the HP UPD HERE.
For more detailed information and recommendations, download “HP Supported Printers in Citrix Presentation Server Environments”.
Internet Explorer 7 is on track to be released by the end of 2006. When the final release of IE7 is launched, the upgrade will be a hight priority update. Users who have local amdinistrator rights and Automatic Updates will be prompted to install the new version.
Since many applications today use IE as a rendering engine, updating to version 7 upon release has the potential to affect business applications. If you have vendors which rely upon IE to deliver applications, IE7 support may not be available upon the IE 7 release. Before updating any software, it is a good idea to test lab the update and verify it is secure in your particular environment and does not introduce changes which affect your business software.
As with many versions or service pack updates which Microsoft releases (such as Windowx XP SP2), Microsoft allows organizations to prevent the automatic installation of such software for a time. For Internet Explorer 7, Microsoft has produced the Internet Explorer 7 Blocker Toolkit., which is available for download now. This toolkit contains two components to block the auto install of IE7:
Unfortunately the toolkit does not prevent users from installing IE7 manually. In order to enforce the policy which prevents installing IE7, you can do one of the following:
Microsoft Research is developing a new Browser Protection technology called “Browser Shield” to help protect Internet Explorer and the Operating System from exploits. An article published on the Microsoft Research web site entitled, “Browsers: Helping Make the Web Safe for Surfers” describes the goal of the research project and the types of protection methods Browser Shield incorporates.
The research project which was started in the spring of 2005, is examining ways to inspect and cleanse dynamic HTML and script code in web pages so users browsers are not exploited. Other Microsoft groups are looking at incorporating this technology into other products such as the ISA Server team, Windows Live team,IE team, and other development teams.
While Microsoft works on completing this research project and incorporating the benefits into it’s product lines, there is technology available now which can assist in protecting the Operating Systems from exploits contracted through a Web browser and other software applications.
You can freely download an application called ”Sandboxie” (which originally stands for ‘Sandbox IE’), which executes Internet Explorer, Firefox, and other applications in a restricted virtual sandbox on the Windows operating system. This prevents malware and other exploit scripts from infecting the Web browser and OS.
Technical savvy Firefox users can also install a Firefox extension called “NoScript” which prevents the execution of web page scripts unless they are explicitly allowed execution by adding them to an ‘approved site list’ or selecting ‘allow one time’.
Until Microsoft incorporates BrowserShield into it’s products in the future (along with it’s already released phishing filter technology for IE), safer browsing may have to come from third party applications and browser plug-ins.
Windows Live Essentials Dashboard brings several Windows Live products into a single interface to easily launch the select Windows Live services. The Window Live Dashboard shortcut is automatically placed in the ‘Startup’ menu during installation to launch Windows Live Dashboard at user login. At Windows login, after the Windows Live Dashboard is opened, you are prompted to login to Windows Live services using a Windows Live ID. You can have multiple Windows Live ID’s configured and saved in the Dashboard to choose to login to. The Windows Live Dashboard login screen shown in figure 1.
Once you Login on to the Windows Live Dashboard, you get a list of available Windows Live services to install or update on the left of the dashboard, and Windows Live services which are ready to use on the right of the Dashboard. The Windows Live Dashboard is shown in figure 2.
You can minimize or close the Dashboard, and then use the System Tray utility to launch Windows Live services or exit the Windows Live Dashboard utility. The System Tray utility is shown in figure 3.
As far as the beta program– with only four applications published through the Dashboard it is of very limited use. However, I do look forward to other services being added to the service and made available through the Dashboard. This will make it simpler and more convenient, compared to going to the live.com web site, to discover new Windows Live services as they are launched.
Windows locks up and does not complete reboot process.
Here are the symptoms:
This is an issue directly related to an CA Anti-virus update. The The Official SBS Blog has instruction on how to resolve this issue described below at http://blogs.technet.com/sbs/archive/2006/09/01/453504.aspx
Link the CA website regarding this issue:
Just in case the post from the SBS blog disappears, I have included the entire post content below:
SBS 2003 fails to boot (Gray screen after Windows splash screen)
This is a pretty rough draft that we wanted to get out to our community as soon as possible so we can help tackle this issue and hopefully save people long hours of troubleshooting. It is aimed at a mid to high IT level, so if you have any doubts and you have a server down, please, do not hesitate in calling your local PSS for support.
Also note that the link provided to the third party (Computer Associates) may contain other resolution steps that might be simpler than ours but may require the use of unsupported tools (from our perspective).
MAIN ISSUE:
If you restart Windows Small Business Server 2003 the server may boot to a gray screen and appear to be hung. The server may respond to a ping but you cannot access it any other way.
Please note that there is a secondary issue that will affect your server even after you are able to boot up into normal mode again, this has to do with SSL sites not working, and this is discussed at the bottom of this post.
Cause and Resolution:
CA Antivirus signatures 303.3.30.52 and 303.3.30.54 identify lsass.exe as a virus and delete or quarantine the file depending upon client configuration.
Link the CA website regarding this issue:
The issue is that lsass.exe is being identified as infected and quarantined. We need to recover lsass.exe. You want to get LSASS.EXE with the SAME Service Pack version that was on the system; we can try copying it from DLLCACHE (if still present) as outlined in the steps below.
Try these steps:
Please note the following if you have OEM media: You might not able to boot into the recovery console with the OEM media, if this is the case, please use different media to boot up to the recovery console, such as Windows XP SP2 CD.
Method 1:
a) Boot to Recovery Console
b) Enter the number for the install you want to log on to.
c) Enter the LOCAL Administrator password for this machine.
d) Enter the following commands:
e) Copy C:\windows\system32\dllcache\lsass.exe C:\windows\system32\lsass.exe
NOTE: If you get a “System cannot find file specified” message when running this command, then it will be necessary to copy LSASS.EXE from a working machine to a floppy disk or to extract it from a Service Pack and place it on a floppy disk. If LSASS.EXE can be copied to a floppy disk; you can then run this command:
Copy A:\lsass.exe C:\windows\system32\lsass.exe )
f) Boot to SAFE MODE
g) Disable all the AntiVirus services (use MSCONFIG; go to the Services tab; click Hide all Microsoft Services; uncheck all the AntiVirus services.)
h) Reboot and update the CA signature
*****************************
Method 1a:
Alternate steps: - This disables the ETrust services through Recovery Console.
a) Start in Recovery Console
b1) Type the following commands:
1) Disable “realtimeservice”
2) Disable “jobservice”
3) Disable “Etrust Rpcservice”
(If you don’t disable it, Etrust will delete it again on reboot).
e) Copy the lsass.exe to c:\windows\system32\dllcache and c:\windows\system32
NOTE: If you get a “System cannot find file specified” message when running this command, then it will be necessary to copy LSASS.EXE from a working machine to a floppy disk or to extract it from a Service Pack and place it on a floppy disk. If LSASS.EXE can be copied to a floppy disk; you can then run this command:
Copy A:\lsass.exe C:\windows\system32\lsass.exe )
f) Reboot and update the CA signature.
If you are getting ACCESS DENIED when trying to copy from the floppy, do the following commands on the recovery console:
Set allowallpaths = true
Set allowremovablemedia = true
If this does not help, sometimes using the XP SP2 recovery console helps (You will need the media).
Don’t forget to provide your controller drivers when booting up to the recovery console if needed. You can usually tell you need them if when you get to the recovery console you are not prompted for a Password.
Other means of getting the right version of LSASS.EXE:
1. Extract lsass.exe from a Windows CD (with the appropriate service pack level).
2. Copy the file from a server that is not experiencing the issue and is at the same SP level. (lsass.exe is only 13KB in size so it will fit on a floppy)
3. If you did a parallel installation then you can service pack it if necessary and then copy lsass.exe from the parallel installation.
IF RECOVERY CONSOLE CANNOT BE USED, it may be necessary to place a parallel install on the system to get in.
Note 2: If lsass.exe has been removed from c:\windows\system32\dllcache you will need to copy it both c:\windows\system32 and c:\windows\system32\dllcache
SECOND ISSUE:
OWA and other sites requiring SSL may not start
Symptoms: OWA may not start; Any other web site that uses HTTP SSL may fail.
Issue: HTTP SSL service registry key may be missing
Resolution:
Using regedit, export HKLM\CurrentControlSet\Services\HTTPFilter key from a working server registry and import it to the server experiencing the issue.
After importing the registry key to the server with the problem, you need to check the ImagePath value to make sure it has the proper path (driver lettter + Path) to LSASS.EXE.
Reboot
Posts
Email
me