Tuesday, May 26. 2009
Tons of sites have already announced it, but the links are not always easy to find, so here are the direct links:
Most of the users out there just need the "Five Language Standalone" version: x86 x64
To read what is new in SP2, go here.
To read what hot fixes and security fixes are included, go here.
Due to Server 2008 R1 and Vista sharing a common code base, the above links are for either Vista or Server 2008 R1.
Don't forget to reclaim hard drive space after installation with compcln.exe.
Thursday, May 7. 2009
This is one of my favorite new features of Windows 7 and Server 2008 R2. Replace VPN in your enterprise with DirectAccess but still enjoy multi-factor authentication.
Wondering how to set it up to try it out? Download the step by step guide!
The official description:
This paper contains an introduction to DirectAccess and instructions for setting up a test lab to demonstrate DirectAccess with a simulated Internet, intranet, and home network.
DirectAccess is a new feature in the Windows® 7 and Windows Server® 2008 R2 operating systems that enables remote users to securely access intranet shares, Web sites, and applications without connecting to a virtual private network (VPN). This paper contains an introduction to DirectAccess and instructions for setting up a test lab to demonstrate DirectAccess with a simulated Internet, intranet, and home network using the Release Candidate versions of Windows 7 and Window Server 2008 R2.
Monday, March 9. 2009
I was out of town for most of February (3 out of 4 weeks in Seattle, WA or Redmond, WA) with little down time to work on my outside-of-work projects.
On a somewhat related note, I'm now an official Microsoft Springboard Technical Expert Panel (STEP) member. Over 200 people applied, so I'm honored to be one of the chosen. It greatly increases my chances of presenting at TechEd this year too.
I have switched Microsoft MVP groups, due to a creation of a brand new MVP group. I had been originally a "Windows Shell/User" MVP way back when, which was later renamed to "Windows Desktop Experience". Historically, I tend to be all over the map with the product groups and products I focus on. This has resulted in nominations/secondary competencies of Forefront and Office Communications Server.
With that said, I was invited to join the Windows Systems and Performance group, which is focused on my favorite aspect of Windows 7 and Server 2008 R2 - Performance! I'll have some good articles on XPerf coming up pretty soon. We're a much smaller group (around 8 of us) compared to the Desktop Experience group.
My primary job focus is more unified communications (Exchange and Office Communications Server) related lately, so you will most likely see more content in those areas in the upcoming months, to go along with the STEP, Windows Systems and Performance and Windows 7 content.
Saturday, January 17. 2009
Don't leave home with them. Many OEMs are still shipping the older 10.x and 11.x revisions of this software, and are known to have bluescreen issues and other bugs that should be avoided.
You can easily install these drivers into Windows 7 by using the compatibility mode setting of "Vista" on the installation executables, or by simply pointing Device Manager to the directory you extract the archive to.
The amount of wireless chipsets supported by this driver pack is rather astounding:
Intel(R) WiMAX/WiFi Link 5350, Intel(R) WiMAX/WiFi Link 5150, Intel(R) WiFi Link 5300, Intel(R) WiFi Link 5100, Intel(R) Wireless WiFi Link 4965AGN, Intel(R) Wireless WiFi Link 4965AG_, Intel(R) PRO/Wireless 3945ABG Network Connection, Intel(R) PRO/Wireless 2915ABG Network Connection, Intel(R) PRO/Wireless 2200BG Network Connection
You can read the release notes for this version here and download the binaries here.
There are also Intel Wired Drivers - version 13.5 - available from here.
Friday, January 9. 2009
Microsoft Windows Server 2008 R2 will be the next version of the Windows Server operating system from Microsoft. Building on the features and capabilities of the current Windows Server 2008 release version, Windows Server 2008 R2 allows you to create solutions that are easier to plan, deploy, and manage than previous versions of Windows Server.
Server 2008 R2 Beta Enterprise: TFGPQ-J9267-T3R9G-99P7B-HXG47
Server 2008 R2 Beta Standard: 2T88R-MBH2C-M7V97-9HVDW-VXTGF
Server 2008 R2 Beta Datacenter: GQJJW-4RPC9-VGW22-6VTKV-7MCC6
Web Server 2008 R2 Beta: GT8BY-FRKHB-7PB8W-GQ7YF-3DXJ6
Download from here.
Friday, December 26. 2008
Worth a read – it is an issue with Server 2008 clustering:
The issue appears at this time to be related to how Windows 2008 clusters handle file share / file server resources.
The Fix
Install KB 955733 - Incorrect status codes that are returned in failover clusters may cause operations to fail on a Windows Server 2008-based computer. This ensures that the cluster returns the correct status codes where necessary.
Friday, December 5. 2008
Backup programs that use VSS (Volume Shadow Service) also tend to use the Virtual Disk Service to perform backups and restores. Is your Server 2008 based Backup Exec server leaking memory? You might want to investigate this hotfix due to memory leaks in the Virtual Disk Service (VDS) code.
A hotfix is available that addresses a memory leak in the Virtual Disk Service on a computer that is running Windows Vista or Windows Server 2008.
Scenario 1
A memory leak occurs in the Virtual Disk Service when an application uses the Virtual Disk Service to enumerate disk resources. In this scenario, you notice that the memory consumption of the Virtual Disk Service (Vds.exe) increases continually.
Scenario 2
The computer uses a Virtual Disk Service hardware provider to connect to a disk array. When an application uses the Virtual Disk Service to enumerate disk resources, a memory leaks occurs in the Virtual Disk Service and in the Virtual Disk Service hardware provider. In this scenario, you notice that the memory consumption of both the Virtual Disk Service and the Virtual Disk Service hardware provider increases continually.
The severity of this problem depends on how frequently your application calls the Virtual Disk Service. Sometimes, this problem may not cause significant issues. However, when the memory consumption becomes significant, the system may crash, or jobs may fail. This situation typically occurs when your production environment does not let you periodically restart the Virtual Disk Service.
If you are interested in the actual KB articles included in SP2, go to the TechNet page here.
This page is a work in progress, but contains some information on what has changed from SP1 to SP2 for Vista and Server 2008.
Hardware ecosystem support and enhancements:
Adds support for the 64-bit central processing unit (CPU) from VIA Technologies.
Integrates the Windows Vista Feature Pack for Wireless, which contains support for Bluetooth v2.1 and Windows Connect Now (WCN) Wi-Fi Configuration.
Improves performance for Wi-Fi connection after resuming from sleep mode.
Adds new capabilities to Direct X Graphic display reliability.
Includes updates to the RSS feeds sidebar with improved performance and responsiveness.
Improves audio and video performance for streaming high definition content.
Includes ability to record data to Blu-Ray media.
Operating system experience updates
Windows Search 4.0 builds on Microsoft’s search technology with improved indexing and search relevance. ce OneNote® 2007.
Improves Windows Media Center (WMC) in Content protection for TV.
Enterprise improvements
Provides the Hyper-V virtualization environment as a fully integrated feature of Windows Server 2008, including one free daughter OS with Windows Server 2008 Standard, four free licenses with Windows Server 2008 Enterprise and an unlimited number of free licenses with Windows Server 2008 Datacenter.
Provides an improved power management policy that is up to 10% more efficient than the original in some configurations (both on the server and the desktop), and includes the ability to manage these settings via Group Policy.
Improves backwards compatibility for Terminal server license keys. Windows Server 2008 changed the licensing key from 512 bytes to 2,048 bytes which caused clients using older Terminal versions to fail. SP2 allows legacy license keys on Citrix applications to work with Windows Server 2008 Terminal server.
Setup and deployment improvements
The SP2 standalone installer:
Provides a single installer for both Windows Vista and Windows Server 2008.
Includes the ability to detect an incompatible driver and block service pack installation or warn users of any potential loss of functionality.
Provides better error handling and descriptive error messages where possible.
Improves manageability through logging in the system event log.
Provides a secure install experience.
Includes the ability to service the installer post release.
I'm still in the process of putting my Home Server together at some point soon. I just need many more hard drives for it and a computer. Minor detail, I know, but I will get there eventually!
In the meantime, check out this case where Home Server saved the day from a virus infection - read about it here.
Windows Server 2008 SP2 Beta and Windows Vista Service Pack 2 Beta apply to people, organizations, and technical enthusiasts who are comfortable evaluating prerelease software. This prerelease software is provided for testing only. Installation of Service Pack 2 Beta will result in Microsoft collecting information about the installation process, even if the installation is not completed. We do not recommend installing this software on primary or mission-critical systems. We recommend that you have a backup of your data before you install any prerelease software.
Windows Server 2008 Service Pack 2 Beta and Windows Vista Service Pack 2 Beta - Five Language Standalone
Windows Server 2008 Service Pack 2 Beta and Windows Vista Service Pack 2 Beta - Five Language Standalone for x64-based systems
Windows Server 2008 Service Pack 2 Beta and Windows Vista Service Pack 2 Beta - Five Language Standalone DVD ISO
Windows Server 2008 Service Pack 2 Beta and Windows Vista Service Pack 2 Beta - Windows Update Experience Kit
If you're curious what the registry key that the "Windows Update Experience Kit" adds, it is simply a REG_SZ of 93F7D954-DF91-22E6-99AB-4D8AF54E813A at:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\VistaSP2\Beta1
Despite the warnings in the first paragraph above, this release works very well!
Tuesday, December 2. 2008
There is a handy registry setting that you can set, as long as you have XP SP2 or above, that will reset the error count once an I/O error recovers on the IDE chain. This is particularly handy for devices that like to get punted into PIO mode even though they are perfectly capable of doing DMA , 99.9% of the time. I need this for a dying hard drive that can perform DMA all day, as long as I don't go into the bad sector area where the head crashed in the past. If you're curious, this is also the same laptop that runs the ChickenCam, which is now viewable by clicking the "ChickenCam" link on the right side of the webpage.
The registry key for the IDE Primary Channel in question is a DWORD set to 1, at location:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}\0001\ResetErrorCountersOnSuccess
Depending on how many IDE channels your system has, you may need to increment the key by one for each channel.
For instance, the next channel would be listed under key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}\0002\ResetErrorCountersOnSuccess
Read more about it here!
Hopefully, the ChickenCam will run marginally faster now. You can only torment a Pentium 2-333mhz chip so much with streaming video and routing packets.
Monday, November 24. 2008
A few months ago I blogged about a particular situation with cluster creation under Windows Server 2008. Typically, as long as the cluster validation tool passes, cluster creation completes successfully. However, in our case, the issue ended up getting escalated all the way up to the clustering group at Microsoft.
Strange as it might seem, the root cause was the fact that the root of Active Directory had too many individual ACLs assigned. These were inherited by every object further into the AD tree structure, as long as inheritance wasn't blocked. AD has an architectural limit of 64K ACLs per object. The cluster creation process needed to assign a few more ACLs to the newly created computer object and this hit the limit of Active Directory.
At the time, we were the 5th case in the world to have something like this to happen, but those cases were still unresolved. Due to the numerous TTT (Time-Travel-Trace) dumps of the cluster creation process before, during and after the failure, we were able to nail the root cause with Microsoft PSS.
The deceiving part of all of this is that it was not readily apparent that this "ticking time bomb" of a problem existed. After a certain amount of ACL entries (I suspect around 2000), "Active Directory Users and Computers" will not show any additional ACLs. Only after removing duplicate/unneeded ACLs, more would show up in the console. Using ADSIEDIT.msc directly would show all the entries, but I like to tread lightly at customer sites when I can.
Once the ACL entries were cleaned up, the showstopper issue of "The parameter is incorrect" went away and we could create the cluster.
Months later, either as a fluke or as an emerging issue overall, this happened at another customer site with a different group of engineers within our organization. They already had a case open with Microsoft PSS but thankfully how we fixed the problem at the other site allowed us to fix the error and close the issue before PSS could dig into this issue.
The common denominator, software-wise, at both companies? The use of Bindview. It might be a fluke, or it might be a case of "Bindview gone wild" with creation of excess ACLs. Hopefully, someone out there will benefit from this information. If you run into this error, especially with Bindview, I'd like to hear about it.
Here are the notes from PSS on the case, if you are curious:
ISSUE:
- The existing DACL on the computer object is near the size limit of an ACL (65532)
- Cluster Setup adds an ACE to the DACL, which exceeds the size of an ACL but ADSI Security Descriptor objects do not check for this limit.
- Cluster Setup builds the ADSI Security Descriptor (including the new ACE added by Cluster) and then attempts to overwrite the existing ADSI security descriptor of the computer object with the new ADSI Security Descriptor using the PUT method (of the IADS computer object) and passing the "ntSecurityDescriptor" attribute and the variant of new ADSI Security Descriptor.
- The PUT method converts the IADS Security Descriptor and its sub components to native Security Descriptors and Access Control Lists
- The native Windows API for ACL creation checks the requested size limit against the max size limit of 65532 and fails returning STATUS_INVALID_PARAMETER
RESOLUTION:
- Remove the number of ACEs within the original Security Descriptor protecting the computer object to allow Cluster Setup to add the required ACE and still be within the maximum size of the ACL
Saturday, November 1. 2008
The long running joke about instantly getting a performance boost inside Vista, especially when it is a guest VM, is to do net stop wsearch.
The next best thing you can do, besides limiting what folders are indexed, is to update your Windows Search to version 4.0. Most of the changes between the version included in Vista RTM, and 4.0, revolve around performance enhancements. It becomes especially noticeable on systems with limited I/O bandwidth (think laptops with 4200 rpm HDs).
However, this still isn't perfect. I've talked quite a bit with the Search team about this at the MVP Summit earlier in the year. There is a tweak I do on every system that runs Vista/Windows 7 or Server 2008 with the search/indexing engine enabled. I make sure to use Windows Search 4.0, for the performance improvements and the additional GPO/registry settings available.
The tweak? Disable the indexer backoff. You probably didn't realize you could even do this, but it is an available option that tells the indexing engine, "Don't worry about system activity - just index and get it over with already!". I'd much rather suffer with high CPU / I/O usage for a little while than a long and drawn out 'trickle' of activity that gives Vista a bad name.
This is particularly noticeable on a new install of Xobni when it indexes your Exchange mailbox and touches almost all your mailbox contents. With the indexer backoff enabled, which is the default on all operating systems, Outlook performance drags for a long time. With the indexer backoff disabled, the SearchIndexer.exe process will kick into high gear, finish and fall back asleep. Perfect.
How do you disable the indexer backoff?
For use in a group policy object (GPO):
Assuming you have the Windows Search 4.0 .ADM template added to your domain, or are on a Windows 7 system, look under Computer Configuration\Windows Settings\Administrative Templates\Windows Components\Search. The setting to disable the indexer backoff is not surprisingly called Disable indexer backoff. By default, it is set to Not Configured but you will want to set this to Enabled.
For a non-domain joined computer, or a single PC, you can set this DWORD registry key:
HKLM\Software\Policies\Microsoft\Windows\Windows Search\DisableBackoff with a value of 1.
You can download a pre-made .REG file here.
If this makes a difference for you, performance-wise, positive or negative, please let me know.
Thursday, October 23. 2008
Buffer underflow in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via a Server Message Block (SMB) request that contains a filename with a crafted length, aka "SMB Buffer Underflow Vulnerability."
It is unusual to see the amount of attention given to this update and the speed at which it was released, especially out-of-band.
Thankfully for Server 2008 and Vista, the attacker has to be an authenticated user, but Server 2003 and XP users are not so lucky.
Most firewalls already block RPC traffic from external sources, so that attack vector is somewhat mitigated, but what I am worried about is the possibility of a 0-day worm getting inside an organization and worming around the entire network due to internal/client firewall rules.
It is particularly interesting that they released an update for Windows 7 pre-beta, build 6801, which I believe is going to be the build version given out at the PDC.
If you are running the beta builds of the Forefront Stirling TMG that have the GAPA protection enabled, you are already protected at the firewall level from the exploit due to the updated definitions already released by Microsoft. You can sort of think of it like Snort signatures.
I haven't seen Active-eXploits out in the wild yet, but it is only a matter of time.
You can read the Homeland Security National Vulnerability Database report on it here.
You can read a more in-depth report from the Microsoft Security Vulnerability Research and Defense team on the update here.
Direct download links to the patch, per OS:
Win 2K SP4
Win XP x86 SP2/ SP3 / x64 RTM/ SP2
Win 2003 x86 SP1/ SP2 / x64 RTM/ SP2
Win Vista RTM/SP1 x86/ x64
Win Server 2008 x86/ x64
Other sites with additional information on the exploit:
SecurityFocus
FRSIRT
SecurityTracker
Secunia
XForce (1 of 2)
XForce (2 of 2)
|
