Thursday, March 31, 2005

IIS Diagnostics Toolkit

New on MS Download -
The IIS Diagnostics Toolkit is a combined release of popular tools used by today's IIS users. These tools include tools aimed at resolving problems related to Secure Socket Layer (SSL) issues, permission or security problems, gathering data for your SMTP server included with IIS, as well as the famous Log Parser utility used to sift through hundreds or thousands of log files very quickly. The toolkit consolidates all the tools into a convienant download and is supplemented by updates every 90-days to ensure that users have the most current diagnostics tools at their fingertips.

Windows 2003 SP1 released / known SCW/Exchange issue

As you might have seen the final version of SP1 for Windows Server 2003 has been released and can be downloaded from here. Others have reviewed the enhancements and new functionality in SP1 so I won't dig into that - but I wanted to inform you about a known issue with the Security Configuration Wizard and Exchange.
There is an issue with the Security Configuration Wizard when Exchange isn't installed in the default %ProgramFiles%\Exchsrvr directory which potentially could block the TCP Ports used by Exchange. The solution to the problem is simple - you should manually specify the path to the Exchange executables when SCW displays [Not found!] next to one or more of the processes in the Network Security Section.
According to my contact at Microsoft there will be posted detailed info about this issue on http://blogs.technet.com/exchange/ in the near-term future (Update - here's a link to the blog posting on You Had Me At EHLO)

Monday, March 28, 2005

Exchange server is not supported on virtual servers

To my surprise, Microsoft does not support Exchange in a virtualized environment - not even in their own Virtual Server/PC. Read the support statement in this KB. Consequently, you should stick to using virtual technology in testing scenarios.

Tuesday, March 22, 2005

Windows Update Services RC available

According to a mail I received from Mickeysoft today the Release Candidate for Windows Update Services is finally publicly available. New features since Beta 2 are -

  • Replica mode for WSUS server hierarchies, making them easier to manage.
  • SSL connections between WSUS servers and clients, providing an even more secure end-to-end environment.
  • Automatic Update policy to allow non-administrators to receive update notifications, offering greater flexibility in organizations where logged on users are commonly not administrators.

I haven't had the time to test it so no comments from me (Except that I and many of my customers are eager to get the FINAL product) - but check it out for yourself by registering for download here.

Bart's bootable Windows XP CD/DVD

A little but very useful "lifesaver" that provides a WinPE like environment but with a larger and more extendable featureset via the plugins available from Bart's homepage and others like the Ultimate Boot CD for Windows that builds on BartPE. It's very useful for many purposes as for example recovering systems from Virus attacks or creating snapshots of existing systems - check out the feauture set for yourself on his homepage.

Thursday, March 17, 2005

Lighter Side Dept. - Best IT Advertisement?

Check out this LiveVault "Institute for Backup Trauma" ad starring John Cleese. Never mind the product – which may or may not be good - but if you are a Phyton/Cleese fan this is a “must”.

Monday, March 14, 2005

Extracting files from MSI

I wanted to be able to extract files directly out of an MSI file. Sometimes, I simply do not want to power up the correct OS version or install a product just to get to the files within. I tried doing it with ORCA (from the platform SDK) – but couldn’t figure it out. I also tried some of the other platform SDK msi*.exe tools – again without luck. Maybe someone can tell me how? Next I tried to investigate whether the MSI could be accessed by SQL. Again, I failed to find the necessary information. Finally, I got it. I looked at the Project Windows Installer XML (WiX) toolset. I downloaded the wix i386 binaries and extracted the ZIP file. Then I ran –
Dark.exe file.MSI file.XML /x .
The result of this conversion (file.XML) and extraction (/x) is a file.XML (which I have no use for) and the binary files contained within the MSI file.
Thanks to the people working with WiX.

Default owner of objects varies between Windows XP and Windows Server 2003

As a follow-up to my earlier post on Protecting your administrative permissions, I noticed an update from Aaron explaining how the default owner varies depending on whether you are using Windows XP or Windows Server 2003. Read the rest here.

Thursday, March 10, 2005

Warning about importing Exchange MPs in MOM 2005

I came across a Microsoft KB about a bug in the import management pack process. It seems like only packs sharing common rule groups have the problem. The Exchange MPs are such a case.

Sunday, March 06, 2005

Network Traffic Analyzers

I always install Netmon on my servers - just in case I need it - which I often do. Not from an operation perspective, but for debugging and analyzing stuff. The other day, I was debugging some Kerberos problems in combination with SAP and Active Directory - but Netmon was not able to decode the packages...
Luckily, I know another product which I often uses at my own PC – Ethereal. Download it and the required library winpcap from here. You only need winpcap if you want to capture packages – to analyze, only Ethereal is needed.
Netmon pros –
- Microsoft supported and security patched
- Part of OS
Ethereal pros –
- Live view of captured packages including live filtering

- Can read files saved by Netmon
- Can decode more protocols – like Kerberos
- Free

Give it a go – it is worthwhile.

SIDF - Adding Sender ID Framework DNS Records

To enable mail receivers to validate that your emails are legitimate, you have to add SIDF. SIDF are a merger between Microsoft’s caller ID and SPF (Sender Policy Framework). SIDF is implemented on the sender and the receiver side. On the sender side you have to add and maintain some DNS TXT records. On the receiver side you simply need an email server checking the stuff. The receiver does not use SIDF to do a pass/no-pass decision. Instead, the result is put into the normal spam detection algorithms. If you do not publish SIDF information, you should expect your mails to be ‘suspected’ more and more as SIDF becomes more widespread and as email administrators starts to squeeze the spam rules forcing SIDF to be required.

A good place to start is the
www.microsoft.com/senderid site. I think this is a very good presentation, so start with it. Afterwards, you can use the Microsoft Sender ID Framework SPF Record Wizard to generate your SPF record.

If you add the stuff in Microsoft DNS, remember to select ‘Other new’ record type, Text (TXT) and leave the name field blank. This will result in a line in the GUI like –
(same as parent folder) Text (TXT) SPF data

You can check the SPF of my company with –
nslookup "-set type=txt" inceptio.dk

Go and declare your email domains!

Tuesday, March 01, 2005

Software Updates for Dell Server Hardware Using SMS 2003

On MS Downloads.
This solution accelerator helps SMS administrators effectively and efficiently deploy software updates for Dell server hardware using Systems Management Server (SMS) 2003 and the SMS 2003 Inventory Tool for Dell Updates.

ISA 2004 Standard Edition SP1 Available on MS Downloads

Get it here. Is it a MSP file. The update contains both updates to the server component and the firewall client. Check out the changes in the readme.