Category: SBS2K-SBS2K3

Exchange Server Event ID Descriptions Are Missing

This week I had the pleasure of trying to figure out why the Exchange 2003 server was having problems again. It has been a long time since I looked closely at Exchange but the event log was not helpful. All of the Exchange Server Event ID Descriptions were missing. I did not need the descriptions to tell me we had run out of space so I set about purging old email messages and setting the “Deleted Item Retention” to zero. After the regular Exchange maintenance completed I still was getting some messages, so I set out to fix the description problem.

In my case I found out that the event ID descriptions were missing as described in XGEN: Exchange Server Event ID Descriptions Are Missing. Unfortunately this KB did not provide a sample to work from so I had to go elsewhere. Eventually I found a sample registry and manually entered the keys for MSExchangeIs Mailbox Store, MSExchangeIs Public Store, MSExchangeIS, and MSExchangeSA. Now I can look in the event log to see how  we are to filling up the Exchange database.

An e-mail message that is larger than the sending message size limit or the receiving message size limit is not delivered

This problem plagued us for the last couple of days. One of our vendors sent us a 11 MB Acrobat catalog as an attachment to a regular email message and Microsoft’s Exchange was not letting it through. I thought that the personal sending and receiving limits would override the global limits. This would allow a few people to receive large attachments. Microsoft’s KB 28572 set me straight.

These global settings affect all Exchange recipients. If a recipient has configured their own personal sending or receiving message size limits, the global message size limits override the individual message size limits of the mailbox.

The Case of the Messed Up Fax

We use a web application to create purchase orders. We send purchase orders to our vendors by printing the web page to our fax server. Two days ago we sent out two faxes with large black blotches on the page. There were purchase orders that were sent out before and after these faxes that were fine. Something was different about these purchase orders. We found that we could duplicate the problem on different workstations. When I previewed the fax on my laptop I could see that it was already corrupt. If I printed the web page to the printer or created a PDF it was fine. My boss thought it might have to do with our recent roll-out of the new Windows 7 laptops. So I checked the HTML for odd characters and did not find anything. It was about this time I noticed that the two problem purchase orders were about the same size. One purchase order had 36 line items while the other purchase order had 37 line items. I also found out that I used Firefox or Google Chrome to print the web page, it created the fax correctly. This printing problem was specific to Internet Explorer. The final clue was found when I went to my old laptop and it displayed the faxes correctly. When I checked its page setup I noticed that it was using an A4 paper size rather than the standard Letter size. After a little fiddling with the page settings, I determined that when I changed the bottom margin on my new Windows 7 laptop to 0.5 or 1.0 inch the fax would be created correctly.

My boss remained unconvinced. Why did we not see this problem before? That was a good question. After a little investigating of our fax log I found a corrupted fax over a month ago.  Since this problem is rare and the subsequent faxes went out successfully, they resent the fax manually and did not bother to tell anyone of the problem.

Adding IP Restrictions to IIS 6

A big thanks goes out to the obligatorymoniker and his script for programmatically adding IP restrictions to IIS6. I was looking for a better script to add IP restrictions. My previous script added the restrictions one IP range at a time. This script was adequate for a small number of IP restrictions but recently I was asked to add IP restrictions for every country we do not ship to. We had credit card fraud transaction from one of these countries and the boss was mad. After using Perl and a CIDR to merge the adjacent networks, I still had over 18,000 IP ranges to deny. Using my old script I tried to add these IP ranges to our test system this took over an hour to load. Your script loads the ranges in a couple of seconds.

A big thanks goes out to the obligatorymoniker and his script for programmatically adding IP restrictions to IIS6. I was looking for a better script to add IP restrictions. My previous script added the restrictions one IP range at a time. This script was adequate for a small number of IP restrictions but recently I was asked to add IP restrictions for every country we do not ship to. We had credit card fraud transaction from one of these countries and the boss was mad. After using Perl and a CIDR to merge the adjacent networks, I still had over 18,000 IP ranges to deny. Using my old script I tried to add these IP ranges to our test system this took over an hour to load. Your script loads the ranges in a couple of seconds. Here is how I did this:

  1. I went to http://www.countryipblocks.net/ to get the IP ranges I wanted to block. Beware these ranges include bogon networks(e.g. 192.168.0.0). The first time I applied the IP ranges I blocked myself out.
  2. I used the perl script below to merge the networks.
  3. I used the obligatorymoniker IP Security.vbs script to load the ranges. You will have to change the "IIS://localhost/smtpsvc/1" to the site you want to add the IP restrictions to.
 
use Net::CIDR::Lite;
use NetAddr::IP::Lite;
my $cidr = Net::CIDR::Lite->new;
# Disallow IPs

open (IPDISALLOW, "ip_disallow.txt") || die "couldn't open the file!";

while ($record = <IPDISALLOW>) {
 if (substr($record,0,1) != '#'){
#print $record;
 $cidr->add($record);
 }
}

close(IPDISALLOW);
#print "$_\n" for $cidr->list;
foreach ($cidr->list) {
my $ip = new NetAddr::IP::Lite $_;
#print "The address is ", $ip->addr, " with mask ", $ip->mask, "\n" ;
print $ip->addr, ",", $ip->mask,"$_\n";
}

Event ID 7024 on SBS 2003 computer

If you get “The Certificate Service terminated with service-specific error 2148204801(0x800B0101)” you need to renew the certificate the certificate authority for your domain. If you are renewing a certificate for a self-signed domain, you can follow the procedure below. In my case the certificate is valid for 5 years.

  1. Go to Admin tools > Certification Authority. 
  2. Highlight your server and right click. Then select All Tasks > Renew CA Certificate.
  3. If everything works, you should be able to start the certificate service. Highlight your server and right click. Then select All Tasks > Start Service.

Fixing store.exe process is allocating more memory than usual

Sometimes I forget how I fixed problems in the past and this error is an example. In my case the fix was simple. I followed the instructions in http://support.microsoft.com/kb/867628 and increased the threshold from 104857600 to 704857600. I made an educated guess at this value.

Notes on a SBS Disaster Recovery

On the last Friday of June I came into the office and found myself confronted with one of the more unique disaster recovery scenarios I have ever encountered. The primary symptom was that no one could get to their email. The cable modem and the router attached to it looked like they were turned off. Turning the power on got the lights to blink for only a few seconds before they went off. Our Small Business Server server appeared to be working but the lights on the LAN adapters in the back were off. Even when we inserted a known good LAN connection the lights would not come on. I rebooted the server and it stopped seeing the disk drive array. It was about that time I noticed the aroma of burnt insulation. Ah! The smell of burnt insulation in the morning! The cable modem, router, and server were fried. During the night the RoadRunner cable serving us must have been hit by lightning.

It is not surprising that we were not prepared for this disaster recovery scenario. Here are my notes on how we recovered our original server and migrated it to a new server.

  1. Probably one of the more interesting aspects of this disaster recovery story was that I took half of a mirrored drive pair and used it to create a Virtual Server of the SBS server. Since our development server(HP DL380) is similar to the server(HP DL360) that got fried, I was able to put the mirrored drive into the development server chassis. Everything on the drive looked good except for Exchange partition. The Exchange partition was missing. The lightning strike occurred during our backups, so our backups were not complete. We were looking at losing Thursday’s email. Since the development server had sufficient processing power and disk space, I decided to see if we could bring up the Small Business Server as a Virtual Machine. Using a virtualized server could allow our office to be fully operational  while we worked on getting a new server delivered. It looked like a fast way to recover the Active Directory and the office email. So I gave VMware vCenter Converter a try and I was amazed that the Small Business Server came up with only minor errors. The Exchange software complained that it could not find the Exchange partition and the HP diagnostic software complained about the hardware. Other than those problems the active directory, print queues, and the fax server were all operational.
  2. The good news was that I had a virtual server running. The bad news was having problems recovering Exchange. The backup located on an external USB drive was restoring with errors. The first time I tried to restore Exchange I got a file corruption problem. This probably was due to USB problems with virtual servers. The next morning I decided to try something different. I downloaded some partition recovery software off of the Internet and to my surprise it found the partition on the mirrored drive. Using the EASEUS Data Recovery Wizard, I was able to recover the Exchange partition. The database had some integrity problems but it looked promising. So I followed this article, Using the Exchange tools ISINTEG and ESEUTIL to Ensure the Health of your Information Store, to repair the Exchange database. My final trick to getting Exchange to mount was to delete the Exchange log files. A little bit more than 24 hours after the lightning strike, our Small Business Server was operational and we had not lost any emails.
  3. About a week later we had a “new” server delivered. Actually it was an old server we got off of eBay but it was identical to the server that had failed. Although it was tempting to leave the SBS server in virtualized form, we opted to install the server natively using the SBS Migration procedure. In this case both our SourceDC server and the MigrationDC server were virtualized servers.The first time I tried the SBSMigration procedure I failed. It took me awhile to figure out why but the SYSVOL share was not getting created on the MigrationDC. I traced the problem back to a communication configuration problem. The DNS parameter on the LAN adapter configuration for the SourceDC was pointing at the office router rather than itself. Although normal communications with the server appeared to be working fine, the active directory communications with the backup domain controller was not working. The domain controller could not find itself. ;(  After I changed the DNS parameter the domain communications and file replications worked correctly. As Jeff Middleton reminded me, a good indication that the backup Domain Controller is working properly occurs when the SYSVOL share is created on the MigrationDC sever.
  4. My next mistake was installing the Exchange database to a new drive letter. Exchange is very finicky about this. I had to “repair” Exchange to get it to recognize the database at the new location. It was after I had started the repair operation that I figured out how long the repair was going to take. I ended up running the repair overnight. In hindsight we would have been up and running much earlier if I restored it to its original drive letter location and moved it to a new drive letter at a later time.
  5. My final mistake was made when I upgraded the NewDC to Windows 2003 SP2 before completing the SBS installation. I had to uninstall SP2 and install SP1 before I complete the SBS installation.

Adventures with iRedMail – Part II

In the first installment of Adventures with iRedMail I got it to send emails but I left the MS Exchange integration for another day. Since then I have updated my DNS zone with the DKIM information, set up local DNS information, decided on naming standards, and reconfigured Postfix several times before I got it right.

Updating the DNS with DKIM information

This task was relatively easy. I copied the DKIM information in the iRedMail.tips into a trouble ticket with my web provider. About 24 hours later it was ready to test. I sent an emails to my Yahoo account, sa-test@sendmail.net, and autorespond+dkim@dk.elandsys.com. Although the email from dk.elandsys.com was the first to respond, it said it did not work. When I checked my Yahoo account the headers said the email was signed correctly with DKIM. Ironically the return email from sendmail.net ended up in my Junk Mail folder. It said that everything worked correctly. For one more test I created a Gmail account and sent an email to it, too. It said the email was signed correctly.

Local DNS, naming standards, and more Postfix problems

The next challenge was to configure Postfix to accept both local email addresses and email addresses for the exchange server under the same domain. I used PostFixAdmin to create Aliases that pointed to the Exchange server emails(e. g. myemail@mybusiness.com points to myemail@mybusiness.local). PostFix complained about the DNS records for my Exchange server so I added mybusiness.local as a relay_domain and set up a psuedo DNS so that PostFix can find the IP address for my Exchange server. In my case I decided to let my pfSense firewall act as a local DNS server to serve up the local IP addresses. At this point I can email to everyone from a local iRedMail account but I cannot get replies until I set up iRedMail as the SMTP gateway and the Exchange server as a relay domain.

PostFix domain checks get me again!

It took me a long time to figure this out. When I changed the firewall to redirect SMTP traffic to the PostFix gateway I could not get any mail. I thought I had messed up the firewall settings so I kept trying different settings. I was pretty limited with my testing tools. If I could Telnet into port 25 I could see what is happening but I could not make the connection work as long as I was located on this side of the firewall. Fortunately I found a solution on the Internet. The dnsqueries.com site provides a page, http://www.dnsqueries.com/en/smtp_test_check.php, that allows me to check my local SMTP connection using their server.  Within minutes I figured out that my email server did not like my sender’s domain. In fact it did not like anyone’s domain. This was the same type of problem I had with the Postfix recipient domain check, so I removed the sender domain check and the emails starting flowing.

What have I achieved?

  • I have a gateway that checks all incoming mail for spam and viruses. Postini offers a similar service for about $1 per user per month. We use MXLogic at work.
  • I have an alternate email server that allows me to send email that passes the SPF and DKIM checks. One of the reasons I investigated iRedMail was to use it for sending out a newsletter at work. Like many Internet retailers we get a chunk of our business as a result of our biweekly newsletter. In our case DKIM is another piece of the puzzle to improve our sender reputation. Since both Yahoo and Gmail require DKIM signing in order to set up feedback loops, DKIM is probably essential if you have ambitions of having a pristine email list. For those folks looking at ways to cut the umbilical cord to Microsoft this is one of several low cost, low maintenance migration alternatives to a local Exchange server.

Getting McAfee to work behind an ISA 2004 Firewall

It has been a long time since I actively worked with Microsoft’s ISA Firewall so it took me some time to fix this problem. Buy.com periodically offers a 3 computer version of McAfee at a very cheap price. Since I am somewhat ambivalent about the merits of one virus checking software over another, I bought a copy to replace a TrendMicro version up for renewal. The installation did not flag any errors or warnings so it took about a week before I noticed that the patterns had not updated. Yesterday I decided to fix the problem and write down for posterity how I accomplished it.

Unlike many firewalls Microsoft’s firewall typically restricts anonymous access. This typically is not a problem for most applications that run on Windows computers since the users are logged into the Active Domain. Occasionally there are applications that fail to connect to the internet despite the user being logged into the domain. Most of the time you need to open some non-standard ports to fix the problem. In this case McAfee is using standard HTTP and HTTPS ports and still failing to connect.

The solution is to create an anonymous access rule to the McAfee update site and to configure the client to not use the ISA Firewall client for these sites. One way to accomplish this  is to configure Internet explorer(Tools-Internet Options-Connections-Lan settings-Advanced) to not use the proxy. This is the way I got McAfee to update. Another way is to configure the properties for the internal network in ISA to use direct access for these sites. You can configure a GPO, too.

NEC PCI to USB Open Host Controller – Everything USB Community

I found myself troubleshooting a Verizon PC5470 wireless broadband issue today. This setup worked a couple of months ago when I last touched it. When my boss inserted the PC5470 card into his PC, the VZAccess Manager software could not talk to the card. We noticed that his PC would create two NEC PCI to USB Open Host Controller when the card was inserted and the device manager showed that a Curitel modem was unknown.  At the time I did not know what the Curitel modem was used for. When the card was installed on another PC only one NEC PCI to USB Open Host Controller was created and VZAccess manager was able to create a wireless broadband connection. After exhausting my troubleshooting tricks I found this conversation on the Internet, NEC PCI to USB Open Host Controller – Everything USB Community.  Although my solution was different than their recommendation, their ideas helped lead me in the right direction. My solution was to uninstall both NEC PCI to USB Open Host Controllers and force Windows to re-install all of the drivers. Disabling or uninstalling one driver did not work for me. When I inserted the PC card, Windows proceeded to re-install the drivers as expected. First it installed two NEC PCI to USB drivers. Next it tried to install the Curitel modem driver. During this process the PC announced that it was disabling a hardware device. When the driver installation was complete the Device Manager showed that the second PCI to USB driver was disabled and the Curitel modem was installed and functioning. When I started the VZ Access manager it found the PC5470 and configured itself to use the Curitel modem.  After a little bit more automatic updating by VZ Access manager, we were able to establish a wireless broadband connection. Whew!

Interesting Computer Problem

When you are grateful you have a job you can’t be picky about the applications you support. This week I spent a lot of time on my one of my least favorite applications, credit card processing. To give you a little background I was not employed at the firm when it was originally installed in 2007 so almost everything I hear is secondhand. The application is pretty simple and it runs on its own computer. It downloads credit card orders from our orders data base, transfers the authorizations over to the bank, and then updates the orders data base. Despite its relative simplicity I hear that the application was a painful install with lots of support issues. The folks before me got it to work and it seemed to be working okay until the the middle of 2008. That was when intermittent response time problems started to crop up. Attempts at technical support lead us down that primrose path again without success. The folks in technical support recommended we re-install the software but they really did not have an explanation for our response time issue. The statement that sent us in a completely different direction was when they said that our transaction volume was too large for their application. Our bank took that statement back a week later but the damage was done. The bank and the credit card processing application were going to be replaced.

This fun and games started when the credit card processing computer rebooted after the “Patch Tuesday” updates. It came up okay but it was coming up with strange errors during credit card processing. At first we could not process any credit cards but we finally got the cards processed. Since it was “working” I did not look at the problem until Friday. That was when I found out that the problems had continued on every morning and it had reached the critical stage. After spending three hours of “quality time” with an upset user(my boss) getting the credit cards processed, I was convinced that there was more to this problem than “Patch Tuesday” problems and I was determined to fix the problem today.

It did not take too long before I found a disk corruption problem. It looked like DISKCHK might fix the problem so I needed credit card processing folks to complete the end of day tasks so I could take an immediate backup and reboot. So at 530 pm on a Friday evening we rebooted. The computer would not reboot. I tried safe mode and it would not reboot. I tried to boot from a CDROM and it would not reboot.  I called the boss to let him know. He said he would meet at the office on Saturday morning. This had a really good chance of being a super catastrophe. Oh well! There goes my weekend!

On Saturday it took us about an hour to identify the problems. The boss actually found the problem. I heard a unusual spin up sound on either the disk drive or a fan.  My little power supply tester showed we were missing –5v. I installed a new power supply and now we could boot off of the CDROM. Unfortunately now that we could boot up properly we could confirm that the disk drive was trashed.  So I installed a new drive. About two hours later I had completed re-installing the operating system and the application from my backup. An hour of testing confirmed that we would be able to process credit cards on Monday and the business would continue for another week. This is probably the first time I have seen a double failure on a PC.

Oops! Could not start error

I had not looked or touched my “dogfood” server in a long time. It appeared to be happily doing it’s thing. Appearances can be deceiving. I found that my scheduled jobs were not running according to the schedule. I had about a dozen jobs with the “Could not start error” message. What a mess! I am not sure how this happened but the fix is easy. Just enter the password again!

How to troubleshoot scheduled tasks in Windows XP and in Windows Server 2003

Disabling Weak Ciphers

This week I disabled weak ciphers on our production web server. This vulnerability was escalated again this last week. This vulnerability exists when your server allows communication using SSL version 2. Less than six months ago it was identified and classified as a low risk. SSLV2 is obsolete and is not available in some of newer browsers. Most new browsers use SSLV3 by default and it is my best guess that no customer is using SSLV2. A quick survey showed that most of the major ecommerce sites do not allow SSLV2. Despite the survey my boss was reluctant to turn off SSLV2. That was solved when the PCI folks mandated that SSLV2 should not be allowed. This may sound cruel but if a customer is using a really old browser that only supports SSLV2, they must update to a new browser if they want to buy stuff off of the Internet. That just the way it is.

Here is a good resource describing the problem and how to harden a variety of web servers, “WebApp Sec: RE: SSL Ciphers”. Since I was primarily interested in IIS I used “How to Restrict the Use of Certain Cryptographic Algorithms and Protocols in Schannel.dll” and created a registry file to apply the changes. Here is the registry file I used. It works with all of the browsers I test with. Both Foundstone SSL Digger and our PCI scan folks like the results.

 
REGEDIT4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\DES 56/56]
"Enabled"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\NULL]
"Enabled"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC2 128/128]
"Enabled"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC2 40/128]
"Enabled"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC2 56/128]
"Enabled"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 40/128]
"Enabled"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 56/128]
"Enabled"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\PCT 1.0]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\PCT 1.0\Client]
"Enabled"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\PCT 1.0\Server]
"Enabled"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Client]
"Enabled"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server]
"Enabled"=dword:00000000

How do I run sp_spaceused for all tables in a database? – TechNet Forums

I was looking for a way to list the size of all the tables in database again and I found this nice bit of code. I made a small change on the select statement to create a calculated integer field so I could get a nice descending sort on size. It worked for me!

    
select 'Database Name: ', db_name()

set nocount on

if exists(select name from tempdb..sysobjects where name='##tmp')

drop table ##tmp

create table ##tmp(nam varchar(50), rows int, res varchar(15),data varchar(15),ind_sze varchar(15),unsed varchar(15))

go

declare @tblname varchar(50)

declare tblname CURSOR for select name from sysobjects where xtype='U'

open tblname

Fetch next from tblname into @tblname

WHILE @@FETCH_STATUS = 0
	BEGIN
	insert into ##tmp
	exec sp_spaceused @tblname
	FETCH NEXT FROM tblname INTO @tblname
	END

CLOSE tblname

deallocate tblname

go

select 
	nam Table_Name
	,rows Total_Rows
	,res Total_Table_Size
	,data Data_size
	,ind_sze Index_Size
	,unsed Unused_Space
	,CAST(replace(res,'KB','') as int) as Total_Table_Size_KB
from ##tmp
ORDER BY Total_Table_Size_KB desc

drop table ##tmp
–Vidhya Saga

How do I run sp_spaceused for all tables in a database? – TechNet Forums

Expanding a RAID1 array with bigger disk drives

Problem: You have an existing RAID1 array and now you need more disk space. You have purchased two identical 300 GB disk drives to replace the existing 147 GB disk drives. What is the quickest way to replace the disk drives with the least amount of down time?

Answer: This week I ran into a situation this week. The easy part of the answer was to replace one disk drive with a new 300 GB drive and let the RAID controller synchronize the drives. Then you replace the last 147 GB drive with the 300 GB disk drive. The hard part of the question was whether you could partition the remaining disk space into a logical volume without rebooting. The answer is yes. It took about a two and half hours to mirror the first disk. During the first hour Exchange was really sluggish. The next hour and a half the response time was okay. It took about an hour and a half to mirror the second drive. The response time was okay during the entire mirroring operation. When the mirroring was complete I used the Compaq/HP disk array software to check the disk drives. My research on Internet said that it was unlikely that the disk array software would show the disk space that was not part of the existing RAID1 array as being available. I was mildly amused to see that it showed that 292 GB was available(i.e. 146 GB per drive). I used the disk array software to create a 146 GB RAID1 volume. When I went into Disk Management I could see 146 GB was available to be partitioned and formatted. Except for the first hour of mirroring this whole operation was pretty painless and did not require a reboot.

Server 500 error, Codeplex, and ISA 2004

I recently tried to visit Codeplex and got a an error page with a Server 500 error. It did not take too long to figure out that there was a configuration problem on my firewall, ISA 2004. There were several proposed fixes but the one that worked for me I found on a Techarena forum and it said to either turn on or off the HTTP Compression filter. I turned it on and it worked.

I think I had turned off the compression filter in ISA 2004 SP1 days. According to Lazyadmin HTTP Compression started working in SP2 and he has recommendations for configuring it in his post, Enabling HTTP Compression in ISA 2004.

Weird, wild, wonderful Windows "Workstation" 2008 | InfoWorld | Analysis | 2008-03-17 | By Randall C. Kennedy

For the self-reliant, a third Windows desktop option emerges: Build your own “Frankenvista” on Windows Server 2008

I guess the transformation is nearly complete. Windows Server 2008 has almost completely embraced the Linux model of one code base for servers and workstations. It is the incompatibilities that drive you nuts. Support for third party software has always been the struggling point.  Now if they can make Windows Server 2008 as the Software Assurance upgrade for Vista Business. As Darth Vader said:

“Your skills are complete. Indeed you are as powerful as the Emperor has foreseen.”

Weird, wild, wonderful Windows “Workstation” 2008 | InfoWorld | Analysis | 2008-03-17 | By Randall C. Kennedy

SQL 2005 Express Tips

My version of SQL 2005 Express was installed when I installed Visual C++ Express Edition. Today I was trying to use the Upsizing Wizard included in Access 2003 when I ran into SQL Server problems. So here are my tips:

  1. Go into the SQL Configuration Manager and enable TCP/IP if it is disabled. Someone wrote a post stating that Access 2003 uses TCP/IP to communicate with SQL Server.
  2. Go into Services and check to see that SQL Server Browser is running. This service was disabled on my machine. This allowed me to see the correct hostname. My hostname is called, “MYCOMPUTERNAME\SQLEXPRESS”. You can disable the SQL Server Browser when you are comfortable.
  3. Download a copy of SQL Manager from EMS. I used the Lite version since my needs are small and it is free. I would seriously consider checking out the paid version if I was doing a lot of conversions.
  4. Sample databases are a great way to brush up on your dormant SQL skills. If you are looking for the Northwind database, it is not installed with SQL Server 2005. In fact SQL 2005 does not install any sample databases although a new sample database called AdventureWorks is available as a separate download. If you want the old familiar Northwind database, you can download the samples for SQL Server 2000.
    1. Download the SQL Server 2000 sample file from Microsoft.
    2. Extract the files from the archive and copy the Northwind MDF and LDF to your SQL Server 2005 data directory. See Jeff Atwood’s post for more details.
    3. Attach the database to your SQL Server. I used SQL Manager since the manual method described in the Readme file did not work for me.
  5. Now if you have successfully navigated the SQL maze, you should be able to run the Upsizing Wizard, access the SQL Server using an Access Project(ADP), access the SQL Server using Excel, and access SQL Server via your favorite programming language.

Changing ownership and deleting unknown accounts from objects

Yesterday I decided to fix an old problem. I had some directories and files with the unknown accounts in the access control lists(ACL). This can occur when you migrate user files to a new server. The easy way to fix this problem is right click on the directory and follow the menus to change ownership, delete the unknown account, and grant full access to the new owner. Another way of changing ownership is to use the command line utility, SubInACL. That is what I chose to use yesterday.

Sometime ago I had downloaded and installed the Windows 2003 Resource Kit which includes SubInACL. This is the utility to change ownership. After a lot of attempts and re-reading the help multiple times, I gave up. It did not work. So I downloaded FileACL and after a few attempts I figured out the command line to change the object. As an example the following command will grant full access to user1, revoke access to the unknown account, and change ownership of the directory, subdirectory, and files.

fileacl "Pinnacle Studio" /s user1:f /r S-1-5-21-73586283-1644491937-682003330-1123 /o user1 /sub /files

It bothered me that SubInACL did not work properly so I decided to spend a few minutes to find out why. After a little searching I found that the version(4.0) included in the resource kit did not work for several people and that there was a newer version, Download details: SubInACL (SubInACL.exe). The new version(5.2) works Windows 2003. I wonder how this slipped by quality control.

Installing Live Writer behind a ISA firewall

I like Live Writer a lot but it is very hard to install when you are behind Microsoft’s ISA firewall. I spent a couple of hours trying to figure out what ports I needed to open in the firewall so that the Live Writer install program would install. All of my attempts ended with the “Try Later” message. I finally gave up and added the computer temporarily to my Linux firewall rule to complete the install.

Then I set about writing this post. When I opened the post properties to add some keywords, the keywords field was not there. Hmm.. The Live Writer version on my laptop works has the keywords field so I was befuddled. After a little searching I found this post, Add Tags To WordPress 2.3 Posts From Windows Live Writer 2008. I am running the latest version of WordPress so I was not surprised to see that I already had the code changes. I was missing the wlwmanifest.xml file. After downloading the zip file, uploading it to the “wp-includes” directory, and then updating my weblog style, I was back in business.