Thursday, May 26, 2005

Reports on Microsoft Update v6 release !

Just a quick notice - it just thought that Microsoft Update v6 was released including updates Office 2003 (That I hadn't seen as part of the Beta) and through automatic updates. Typing http://windowsupdate.microsoft.com forwarded me to http://update.microsoft.com/microsoftupdate/v6/default.aspx?ln=en-us. Also I found a few similar reports on Google. But in my case it related to the fact that I'm testing MBSA 2.0 which has a checkmark for Configure computers for Microsoft Update and scanning prerequisites under Check for security updates - these checkboxes causes computers scanned to use Microsoft Update v6 ;-)

Wednesday, May 25, 2005

DNS Zone Transfer from Bind to Windows Server 2003 "silently" fails

It seems there are a few "interesting" oddities with DNS on Windows Server 2003 (See my earlier post on replication problems during a domain upgrade).
The last one I encountered is replication of secondaries from Bind DNS servers to Windows Server 2003 that fails (Its also a problem with SP1 according to my sources - but I haven’t tested that yet).
After the first successful replication of a secondary zone or after a Reload from Master (Full Zone Transfer / AXFR) Windows will request Incremental Zone Transfers (IXFR) from the BIND server. Windows then expects to receive an IXFR back but instead receives an AXFR that starts and ends with an SOA - Windows then (correctly IMHO) detects the first SOA as a "bad packet" as it should have been a record instead and drops the zone transfer.
The problem is further described in KB 841467 but there is an error in the KB as it states that a Transfer from Master will work - this isn't correct as only a Reload from Master will work (At least in the environment I worked with - Windows 2003 without Servicepack 1 and Borderware firewall with Bind 8.x).
The hotfix itselfs contains a new version of dns.exe and you don't have to boot after applying this hotfix if you manually stop the DNS service before installing it (IMHO the package should do this for you - but thats just my opinion ;-)
Furthermore according to THE book on DNS (DNS and BIND from O'reilly - if in doubt) IXFR didn't work well in BIND until version 8.2.3 (And better yet 9.x)

Sunday, May 22, 2005

Two new public patches for MPS

According to Conrad there are two new patches released for MPS (Microsoft Provisioning System) -

FIX: Event ID 5896 is logged every 15 to 60 seconds on a server that is running the Provisioning Audit and Recovery Service component in Microsoft Provisioning System 2.0

FIX: You receive a "The parameter is incorrect" error message, and the CreateMailbox procedure does not succeed in Microsoft Provisioning System

Thanks to Conrad for telling us about these ;-)

Thursday, May 19, 2005

SP1 for SBS 2003 has been released

Microsoft has finally released SP1 for SBS 2003. This contains among other updates/fixes support for these server components -

Service Pack 1 for Windows Server 2003
Service Pack 1 for Exchange Server 2003
Service Pack 1 for Windows SharePoint Services 2.0
Service Pack 4 for WMSDE
Service Pack 4 for MSDE
Service Pack 4 for SQL Server 2000
ISA Server 2004 with Service Pack 1

Windows SBS 2003 SP1
Windows SBS Upgrade Best Practices
Installation Instructions
Release Notes
Setup for Microsoft Windows SBS Premium
What's new for SP1

The ISA 2004 bits needs to be ordered on CD from here (The link is currently broken - I will update if its changed).

For gotchas with SP1 and general tips and tricks for SBS i would recommend that you check out the SBS Diva's blog. It so happens that I'm responsible for two small instalations of SBS 2003 - so I guess I need to take the time to read all these papers :-

Slow blogging ahead

My blogging rate has slowed down lately. I'm using a lot of time trying to buy a new home and getting my old one sold..

Self-Service Password Reset Solutions with Microsoft Speech Server

Stumbled across this interesting webcast. I have discussed self-service password reset solutions numerous times with customers. This is an interesting new method using the phone system and your voice.
To see the webcast, you have to start here (incredible long URL). Most solutions are based on answers to enrolled questions, but VOICE.TRUST is using the voice itself as biometric! The VOICE.TRUST is the worst presentation - but the most interesting product.
To the techies: Do not ignore it just because it is a level 200 session.

Installing Windows 2003 SP1 may cause network connectivity to fail - updated

I have run into this problem a couple of times and after discussing with PSS and a few of my colleagues it seems to be a problem that many users run into. The symptoms are -

  • Inability to connect to terminal servers or to file share access.
  • Failure of domain controller replication across WAN links.
  • Inability of Microsoft Exchange servers to connect to domain controllers.
But there also seems to be other scenarios where this is a problem - one of them is related to ISA installations (Where I first encountered the problem). The problem is most currently seen in LAN/WAN scenarios where different MTU's are used.

Appearantly MS05-019 will be rereleased with a fix to the problem - I havent received any info on what happens to SP1.

Update - Microsoft has published a Security Advisory with further info and it states that the fix will be rereleased in June 2005.

You can find the KB article with more info here.

Wednesday, May 11, 2005

WPA2

With support from Microsoft for WPA2 on Windows XP Service Pack 2, you can secure your wireless network even further. Read this article from the Cable Guy explaining WPA2. I have already come across the 3Com wireless switches wx1200 and wx4400 supporting it. I have even come across a solution for a Leveno (former IBM) ThinkPad T42, supporting it on Windows 2000 Professional! It consists of a driver and the Access Connections package.

Wednesday, May 04, 2005

Changes to Functionality in Windows 2003 SP1

Microsoft has released an updated whitepaper on the changes in Windows Server 2003 SP1 (You can find the corresponding paper on XP SP2 here) - it contains some interesting information on e.g. updates to DFS and enhanced DNS tests in a new version of DCDIAG. Also if you are installing/testing SP1 then don't forget to download the updated Adminpak for SP1 from here.