Tech. reference and notes discovered whilst thrashing Microsoft SharePoint, SQL, BI, KM, Security and Windows Servers
Friday, September 28, 2007
Thursday, September 27, 2007
Tim Sneath : Windows Vista Secret #10: Open an Elevated Command Prompt in Six Keystrokes
A very usefull tip for running elevated command prompts in Vista
Tim Sneath : Windows Vista Secret #10: Open an Elevated Command Prompt in Six Keystrokes: "Windows Vista Secret #10: Open an Elevated Command Prompt in Six Keystrokes User Account Control is, as I mentioned in secret #4, an important part of the security protection that Windows Vista offers. For any user with administrative credentials, you can always execute a process with full admin rights by right-clicking on the executable or shortcut and choosing 'Run as Administrator'. For myself, I regularly want to open an admin-level command prompt, and it's a distraction to have to move my hands off the keyboard to go through the elevation contortions. So I was delighted to find a little keyboard shortcut for launching an elevated process. Simply press Ctrl+Shift+Enter from the search bar on the start menu with a selected application, and that triggers elevation. For example, to launch an elevated command prompt, simply press the Win key; type cmd; press Ctrl+Shift+Enter; and then hit Alt+C to confirm the elevation prompt. Six keystrokes to an elevated command prompt! (Once I've got an elevated command prompt, I always like to execute color 4f as my first input so that this console window is visually differentiated from other non-elevated windows.)
Tim Sneath : Windows Vista Secret #10: Open an Elevated Command Prompt in Six Keystrokes: "Windows Vista Secret #10: Open an Elevated Command Prompt in Six Keystrokes User Account Control is, as I mentioned in secret #4, an important part of the security protection that Windows Vista offers. For any user with administrative credentials, you can always execute a process with full admin rights by right-clicking on the executable or shortcut and choosing 'Run as Administrator'. For myself, I regularly want to open an admin-level command prompt, and it's a distraction to have to move my hands off the keyboard to go through the elevation contortions. So I was delighted to find a little keyboard shortcut for launching an elevated process. Simply press Ctrl+Shift+Enter from the search bar on the start menu with a selected application, and that triggers elevation. For example, to launch an elevated command prompt, simply press the Win key; type cmd; press Ctrl+Shift+Enter; and then hit Alt+C to confirm the elevation prompt. Six keystrokes to an elevated command prompt! (Once I've got an elevated command prompt, I always like to execute color 4f as my first input so that this console window is visually differentiated from other non-elevated windows.)
Monday, September 24, 2007
Forms Base Authentication Tools and Utils for SharePoint 2007 - Home
Forms Base Authentication Tools and Utils for SharePoint 2007 - Home: "Forms Base Authentication Tools and Utils for SharePoint 2007 "
ISA VPN connection issues with packet size overflow fix
How to force Kerberos to use TCP instead of UDP in Windows Server 2003, in Windows XP, and in Windows 2000: "How to force Kerberos to use TCP instead of UDP in Windows Server 2003, in Windows XP, and in Windows 2000"
Friday, September 21, 2007
ISA woes with Windows 2003 SP2
Ive been having intermittent network connectivity server issues in a number of locations since Windows 2003 SP2 was installed. Specifically on ISA2004 and ISA2006 servers.
It took me some time to realise that the issue was caused by Win2K3SP2, however I seem to be in good company as this service pack has caused huge problems.
Specifically the problems I'd seeing are intermittent VPN Client error 619 for no good reason. If the user tries again many times they will eventually get in. Also I am unable to create an RDP console to the ISA server. This makes life even more frustrating.
From the links below 2 items seem to stand out. Firstly that you need to get your NIC drivers fully up to date. Apparently Win2k3SP2 is trying to make use of advanced NIC features that the original or older drivers don't know about. Secondly you need to remove Receive Side Scaling on any machine where you have 2 network cards such as ISA. You should also disable TaskOffload if you are still getting problems.
There is a good article on the technet blogs here (Dont let the fact its in the SBS forum put you off) and one from the ISA product team blog here
MS Article "You may experience network-related problems after you install Windows Server 2003 SP2 or the Scalable Networking Pack" at http://support.microsoft.com/kb/936594
MS KB927695 on Receive Side Scaling is here
Symptoms are as follows:
• When you try to connect to the server by using a VPN connection, you receive the following error message:
Error 800: Unable to establish connection.
• You cannot create a Remote Desktop Protocol (RDP) connection to the server.
• You cannot connect to shares on the server from a computer on the local area network.
• You cannot join a client computer to the domain.
• You cannot connect to Microsoft Exchange Server from a computer that is running Microsoft Outlook.
• You can only connect to Web sites that are hosted on the server or on the Internet by using a secure sockets layer (SSL) connection. In this scenario, you cannot connect to a Web site that does not use SSL encryption.
• You experience slow network performance.
• You cannot create an outgoing FTP connection from the server.
• The DHCP Server service crashes.
• Clients experience slow domain logons.
• Network Address Translation (NAT) clients that are located behind Windows SBS 2003 experience intermittent connection failures.
• You experience intermittent RPC communications failures.
• Clients that are configured as SecureNat clients may be unable to connect to the Internet.
• Some Outlook clients may be unable to connect to Exchange.
• You cannot run the Configure E-mail and Internet Connection Wizard successfully.
• Microsoft Internet Security and Acceleration (ISA) Server blocks RPC communications.
• Clients cannot visit the http://companyweb Web site.
• You cannot browse Internet Information Services (IIS) Virtual Directories.
It took me some time to realise that the issue was caused by Win2K3SP2, however I seem to be in good company as this service pack has caused huge problems.
Specifically the problems I'd seeing are intermittent VPN Client error 619 for no good reason. If the user tries again many times they will eventually get in. Also I am unable to create an RDP console to the ISA server. This makes life even more frustrating.
From the links below 2 items seem to stand out. Firstly that you need to get your NIC drivers fully up to date. Apparently Win2k3SP2 is trying to make use of advanced NIC features that the original or older drivers don't know about. Secondly you need to remove Receive Side Scaling on any machine where you have 2 network cards such as ISA. You should also disable TaskOffload if you are still getting problems.
There is a good article on the technet blogs here (Dont let the fact its in the SBS forum put you off) and one from the ISA product team blog here
MS Article "You may experience network-related problems after you install Windows Server 2003 SP2 or the Scalable Networking Pack" at http://support.microsoft.com/kb/936594
MS KB927695 on Receive Side Scaling is here
Symptoms are as follows:
• When you try to connect to the server by using a VPN connection, you receive the following error message:
Error 800: Unable to establish connection.
• You cannot create a Remote Desktop Protocol (RDP) connection to the server.
• You cannot connect to shares on the server from a computer on the local area network.
• You cannot join a client computer to the domain.
• You cannot connect to Microsoft Exchange Server from a computer that is running Microsoft Outlook.
• You can only connect to Web sites that are hosted on the server or on the Internet by using a secure sockets layer (SSL) connection. In this scenario, you cannot connect to a Web site that does not use SSL encryption.
• You experience slow network performance.
• You cannot create an outgoing FTP connection from the server.
• The DHCP Server service crashes.
• Clients experience slow domain logons.
• Network Address Translation (NAT) clients that are located behind Windows SBS 2003 experience intermittent connection failures.
• You experience intermittent RPC communications failures.
• Clients that are configured as SecureNat clients may be unable to connect to the Internet.
• Some Outlook clients may be unable to connect to Exchange.
• You cannot run the Configure E-mail and Internet Connection Wizard successfully.
• Microsoft Internet Security and Acceleration (ISA) Server blocks RPC communications.
• Clients cannot visit the http://companyweb Web site.
• You cannot browse Internet Information Services (IIS) Virtual Directories.
Wednesday, September 19, 2007
VistaBootPRO - Go PRO with Microsoft Windows Vista Boot Manager
VistaBootPRO - Go PRO with Microsoft Windows Vista Boot Manager: "Chances are you're here because you're running Windows Vista and want to do one of two things. Install a second OS or manage your boot configuration without directly editing the BCDEdit file. As you likely now realize, Windows Vista has made this task somewhat complicated for most users. VistaBootPRO was developed to make changes to the Windows Vista Boot Configuration Data (BCD) registry quickly and easily, doing the job in a fraction of the time it would take using the alternative. The only other way to edit the BCD is to use the command prompt application 'bcdedit.exe,' located in the Windows\system32 folder of Windows Vista, which requires users to become familiar with the ins and outs of the bcdedit.exe switches and options, leaving many frustrated users in its path. VistaBootPRO allows users to easily and neatly organize their boot configuration entries from within all flavors of Windows."
Thursday, September 06, 2007
Which Intel CPU for a power workstation ?
Xeon processors have been the choice for the ultimate performance server and workstation for some time, however with so many different Intel CPU's available which is the best to get now and planning for the future?
Single and dual quad core Xeon processors are very good for multi threading processes, however on non multithreaded applications this advantage is lost and its just down to raw Ghz speed.
Intel started shipping its new Woodcrest CPUs in June 07 and they are now available from Dell and HP. The key importance with these new processors is that they have upport for a 1,333MHz FSB frequency, up from a previous maximum of 1,066MHz. In theory, this represents a substantial 25% increase in bandwidth between the CPU and the rest of the system, which in particular should help memory performance with DDR3 RAM.
There are 2 types of new processor releases of interest:
Intel® Core™2 Extreme quad-core processor QX6850
and
Quad-Core Intel® Xeon® processor 5300 series
A usefull list of the CPU's Dell ship is here
So should you choose a Core 2 Extreme or a Xeon? The answer is difficult to call and I'm still gathering information on this
The fastest Xeon quad cpu runs at 2.66ghz and I think a single quad of this type would be better than a dual quad of 1.8ghz with a 1066mhz fsb.
The fastest new release is at the very top end of Intel's enthusiast CPU line-up: the Core 2 Extreme Edition QX6850, replacing the QX6800 is not a Xeon! It is a quad-core processor and is the third Core 2 Extreme model to be released since the original quad-core QX6700 at the end of last year. The new part's basic specifications haven't leapt massively, starting from 2.66GHz in the QX6700 and now hitting the 3GHz mark. The architecture remains identical, with two dual-core dies in one package, each with 4MB of L2 cache, making for a total of 8MB.
Also the QX6850 - like all other Extreme Edition Intel CPUs before it - is clock unlocked, allowing for direct clock-multiplier overclocking. This means that Dell is shipping a 3.4Ghz XPS machine using the 3.0Ghz QX6850.
The last fly in the ointment is the new DDR3 memory.
DDR2 RAM is set to be replaced by DDR3. DDR3 offers benefits; operating voltage is reduced from DDR2's 1.8V to 1.5V, and while DDR2 officially supports a maximum I/O bus rate of 533MHz, DDR3 goes up to 800MHz - effectively 1,600MHz due to DDR's double-pumped bus. The pre-fetch buffer is also doubled, from 4 bits to a whole byte.
These improvements are now offset by increased CAS latency, though. Most DDR2 DIMMs have a latency of 4 or 5 clocks before they can start to return the data stored at a given address. Current DDR3 modules, meanwhile, have a latency of 7-9 clock cycles, and while this may fall as the manufacturing process is refined, the standard dictates an absolute minimum CAS latency of 5 clock cycles for DDR3.
So the answer is not clear and information gathering is still ongoing, but hopefully this article has identified the main issues.
Going int the future, Intel are working on a Penryn-microarchitecture parts to be released towards the end of the year. Penryn-based processors will be the first produced with a 45nm fabrication process; the existing CPUs remain on 65nm
(Extracts from PcPro article)
Single and dual quad core Xeon processors are very good for multi threading processes, however on non multithreaded applications this advantage is lost and its just down to raw Ghz speed.
Intel started shipping its new Woodcrest CPUs in June 07 and they are now available from Dell and HP. The key importance with these new processors is that they have upport for a 1,333MHz FSB frequency, up from a previous maximum of 1,066MHz. In theory, this represents a substantial 25% increase in bandwidth between the CPU and the rest of the system, which in particular should help memory performance with DDR3 RAM.
There are 2 types of new processor releases of interest:
Intel® Core™2 Extreme quad-core processor QX6850
and
Quad-Core Intel® Xeon® processor 5300 series
A usefull list of the CPU's Dell ship is here
So should you choose a Core 2 Extreme or a Xeon? The answer is difficult to call and I'm still gathering information on this
The fastest Xeon quad cpu runs at 2.66ghz and I think a single quad of this type would be better than a dual quad of 1.8ghz with a 1066mhz fsb.
The fastest new release is at the very top end of Intel's enthusiast CPU line-up: the Core 2 Extreme Edition QX6850, replacing the QX6800 is not a Xeon! It is a quad-core processor and is the third Core 2 Extreme model to be released since the original quad-core QX6700 at the end of last year. The new part's basic specifications haven't leapt massively, starting from 2.66GHz in the QX6700 and now hitting the 3GHz mark. The architecture remains identical, with two dual-core dies in one package, each with 4MB of L2 cache, making for a total of 8MB.
Also the QX6850 - like all other Extreme Edition Intel CPUs before it - is clock unlocked, allowing for direct clock-multiplier overclocking. This means that Dell is shipping a 3.4Ghz XPS machine using the 3.0Ghz QX6850.
The last fly in the ointment is the new DDR3 memory.
DDR2 RAM is set to be replaced by DDR3. DDR3 offers benefits; operating voltage is reduced from DDR2's 1.8V to 1.5V, and while DDR2 officially supports a maximum I/O bus rate of 533MHz, DDR3 goes up to 800MHz - effectively 1,600MHz due to DDR's double-pumped bus. The pre-fetch buffer is also doubled, from 4 bits to a whole byte.
These improvements are now offset by increased CAS latency, though. Most DDR2 DIMMs have a latency of 4 or 5 clocks before they can start to return the data stored at a given address. Current DDR3 modules, meanwhile, have a latency of 7-9 clock cycles, and while this may fall as the manufacturing process is refined, the standard dictates an absolute minimum CAS latency of 5 clock cycles for DDR3.
So the answer is not clear and information gathering is still ongoing, but hopefully this article has identified the main issues.
Going int the future, Intel are working on a Penryn-microarchitecture parts to be released towards the end of the year. Penryn-based processors will be the first produced with a 45nm fabrication process; the existing CPUs remain on 65nm
(Extracts from PcPro article)
Moving the first Operations Manager / Global catalogue server to a new server
I’ve recently needed to move a Windows 2003 domain controller to a Windows 2003 R2 server. I’d been putting it off for a while because I knew it would be complex. These are the steps I followed. (For clarity Ive called the original Server A and the destination Server B.
ADPREP
Firstly upgrade the schema to conform to Windows 2003 R2. On the R2 second install CD is a directory called F:\CMPNENTS\R2\ADPREP . Copy this to the existing DC and run ADPREP /forestprep. You may also need to run ADPREP /domainprep and ADPREP /domainprep /gpprep. (More details here).
DCPROMO
Now run DCPromo on ServerB and add it to an existing forest/domain. When it completes reboot the server.
Global Catalog promotion
Add ServerB to be a Global catalog and remove ServerA from being a GC. Allow time for ServerB to replicate all the changes required before removing the GC from ServerA. (Details here)
To create a new global catalog:
1. On the domain controller where you want the new global catalog, start the Active Directory Sites and Services snap-in. To start the snap-in, click Start, point to Programs, point to Administrative Tools, and then click Active Directory Sites and Services. double-click Sites, and then double-click sitename.
2.Double-click Servers, click your domain controller, right-click NTDS Settings, and then click Properties. On the General tab, click to select the Global catalog check box to assign the role of global catalog to this server. Restart the domain controller
Transferring operations master roles
Whilst AD supports multimaster replication there are some functions which are not supported in this way in the domain. Details of these can be found here
For procedures describing the transfer of operations master roles, see:
• Transfer the schema master role
• Transfer the domain naming master role
• Transfer the RID master role
• Transfer the PDC emulator role
• Transfer the infrastructure master role
ADPREP
Firstly upgrade the schema to conform to Windows 2003 R2. On the R2 second install CD is a directory called F:\CMPNENTS\R2\ADPREP . Copy this to the existing DC and run ADPREP /forestprep. You may also need to run ADPREP /domainprep and ADPREP /domainprep /gpprep. (More details here).
DCPROMO
Now run DCPromo on ServerB and add it to an existing forest/domain. When it completes reboot the server.
Global Catalog promotion
Add ServerB to be a Global catalog and remove ServerA from being a GC. Allow time for ServerB to replicate all the changes required before removing the GC from ServerA. (Details here)
To create a new global catalog:
1. On the domain controller where you want the new global catalog, start the Active Directory Sites and Services snap-in. To start the snap-in, click Start, point to Programs, point to Administrative Tools, and then click Active Directory Sites and Services. double-click Sites, and then double-click sitename.
2.Double-click Servers, click your domain controller, right-click NTDS Settings, and then click Properties. On the General tab, click to select the Global catalog check box to assign the role of global catalog to this server. Restart the domain controller
Transferring operations master roles
Whilst AD supports multimaster replication there are some functions which are not supported in this way in the domain. Details of these can be found here
For procedures describing the transfer of operations master roles, see:
• Transfer the schema master role
• Transfer the domain naming master role
• Transfer the RID master role
• Transfer the PDC emulator role
• Transfer the infrastructure master role
Subscribe to:
Posts (Atom)