Tag Archives: windows

MS Volume License Service Center

Occasionally I have to touch Microsoft software, thankfully most of our customers have their licenses entered into the Volume Licensing Service Center these days which makes finding the install media a lot easier than rummaging through CD wallets in the office.

The volume license center isn’t perfect by a long shot but for the most part it’s a pretty effective way of getting keys and software downloads for purchased software [1], with the glaring exception of a major defect with the download functionality:

So close, yet so far

The download interface helpfully gives you some advice to use a download manager – because lets face it, browser downloaders suck universally – Firefox, Chrome and IE all have poor quality download functionality.

However by download manager, Microsoft actually mean “some Microsoft application you should download and run to download the file”. I’ve *never* had a good experience with vendor download managers, not to mention the fact I’m wanting to download this file to a GUI-less Linux KVM host, so this option is right out.

The next logical option is to download with the browser and just grab the download URL – however as shown above, clicking the download button won’t provide a real URL it instead runs a bit of javascript which then directs the browser to the actual download URL.

It’s not uncommon behavior, but it’s damn annoying – browsers know how to download a file, you don’t need javascript to make it happen and it breaks the ability to copy and paste the link directly into a download manager.

When annoying companies use javascript to obfuscate the download URL, the next trick is to start the download with the browser, then go to the download window and copy the real URL out from there.

However, this still fails:

Thou shalt not pass!

Looks like Microsoft is doing some clever checks, possibly with cookies, user agent and IP, or some combination of all of above and refuses the download manager you’ve chosen. >:-(

With a bit of digging around it would be possible to make a solution to work around this, but it’s a major PITA that they do all this pointless obfuscation and I don’t know if I do enough downloads from there to justify the effort to find and make a proper solution to work around Microsoft’s failings.

What really annoys me, is that I’ve already BROUGHT the product and you need a license key in order to EVEN USE IT after you’ve downloaded – it’s not like someone else is going to figure out the randomly generated download path for my session, download the ISO and somehow get a free copy of Windows Server….

I can go to The Pirate Bay and download Microsoft ISOs in a matter of minutes, there’s no point trying to restrict the download ability of your paying customers, the ISOs are already shared – usually pre-hacked to remove activation.

The result is needing to download the ISO over a DSL line to my workstation and upload it back over that same DSL line (oh god the slowness) to get it to the customer’s server, something which is extremely annoying and wasteful for my data cap.

I wish Microsoft would just make their ISO archive available for download off FTP already. :-(

 

[1] As a side note, I really, really wish I could just buy MS software online via this center and be done without having to deal with NZ’s resellers who don’t add any value, just overhead to purchasing this stuff.

Exchange, I will have my revenge!

It’s been a busy few weeks – straight after my visit to Christchurch I got stuck into the main migration phase of a new desktop and server deployment for one of our desktop customers.

It wasn’t a small bit of work, going from 20 independent 7-year old Windows XP desktops to new shiny Windows 7 desktops and moving from Scalix/Linux to Exchange/Win2008R2. It’s not the normal sort of project for me, usually I’ll be dealing with network systems and *nix servers, rather than Microsoft shops, but I had some free time and knew the customer site well so I ended up getting the project.

The deployment was mostly straightforwards, and I intended to blog about this in the near future, I honestly found some of the MS tech such as Active Directory quite nice and it’s interesting comparing the setup compared to what’s possible with the Linux environment.

However I still have no love for Microsoft Exchange, which has to be one of the most infuriating emails systems I’ve had to use. We ended up going with Exchange for this customer due to it working the easiest with their MS-centric environment and providing benefits such as ActiveSync for mobiles in future.

However with myself coming from a Linux background, having grown up with solid and easy to debug and monitor platforms like Sendmail, Postfix and Dovecot, Exchange is an exercise in obscure configuration and infuriating functionality.

To illustrate my point, I’m going to take you on a review of a fault we had with this new setup several days after switching over to the Exchange server…..

* * *

On one particular day, after several days of no problems, the Exchange server suddenly decided it didn’t want to email the upstream smarthost mail server.

The upstream server in question has both IPv4 and IPv6 addresses, something that you tend to want in the 21st century and it’s pretty rare that we have problems with it.

With Exchange 2010 and Windows Server 2008, both components have IPv6 enabled out-of-the-box – we don’t have IPv6 at this particular customer, since the ISP haven’t extended IPv6 beyond the core & colo networks, so we can’t allocate ranges to our customers using them at this stage.

For some unknown reason, the Windows server decided that it would make sense to try connecting to the smart host via IPv6 AAAA record, despite there being no actual upstream IPv6 connection. To make matters worse, it then decided the next most logical thing was to just fail, rather than falling back to the IPv4 A record.

The Windows experts assigned to look at this issue, decided the best solution was to “disable IPv6 in Exchange”, something I assumed meant “tell Exchange not to use IPv6 for smarthosts”.

With the issue resolved, no faults occurring and emails flowing, the issue was checked off as sorted. :-)

Later that night, the server was rebooted to make some changes to the underlying KVM  platform – however after rebooting, the Windows server didn’t come back up. Instead it was stuck for almost two hours at “Applying computer settings….” at boot – even once the login screen started, it would still take another 30mins before I could login.

This is the digital equivalent of watching paint dry.

After eventually logging in, the server revealed the cause of the slow startup as being the fault of the “microsoft.exchange.search.exsearch.exe” process running non-stop at 100% CPU.

After killing off that process to get some resemblance of a responsive system, it became apparent that a number of key Exchange components were also not running.

I waded through the maze that is event viewer, to find a number of Exchange errors, in particular one talking about being unable to connect to Active Directory LDAP, with an error of DSC_E_NO_SUITABLE_CDC (Error 0x80040a02, event 2114).

Every time I have to use event viewer I miss syslog, tail and grep even more.

Naturally the first response was to review what changes had been made on the server recently. After confirming that no updates had been made in the last couple of days, the only recent change was the IPv6 adjustment made by the Windows engineers earlier in the day.

Reading up on IPv6 support and Windows Server 2008, I came across this gem on microsoft.com:

"From Microsoft's perspective, IPv6 is a mandatory part of the Windows
operating system and it is enabled and included in standard Windows
service and application testing during the operating system development
process. Because Windows was designed specifically with IPv6 present,
Microsoft does not perform any testing to determine the effects of
disabling IPv6. If IPv6 is disabled on Windows Vista, Windows Server
2008, or later versions, some components will not function."

I then came across this blog post, from someone who had experienced the same error string, but with different cause. In his post, the author had a handy footnote:

"The biggest red herring I found when troubleshooting this one from
articles others had posted was related to IPv6. I see quite a few people
suggesting IPv6 is required for Exchange 2007 and 2010. This is NOT
true. As a matter of fact, if the server hosting Exchange 2007 or 2010
is a DC, then IPv6 must be enabled otherwise simply uncheck the checkbox
in TCP/IP properties on all connected interfaces. You don't need to
buggar with the registry to "really disable it"....just uncheck the
checkbox."

The customer’s Windows 2008 R2 server is responsible for both running Exchange 2010 as well as Active Directory

To resolve the smart host issues, the Windows team had disabled IPv6 altogether on the  interface, resulting in a situation where Exchange was unable to establish a connection to AD to get information needed to startup and run.

To resolve, I simply enabled IPv6 for the server and the Exchange processes correctly started themselves within 10 seconds or so as I watched in the Services utility.

This resolved the “Exchange isn’t functioning at all issue”, but still left me with the smarthost IPv6 issue. To work around the issue for now, I just set the smarthost in Exchange to use the IPv4 address, but will need a better fix long term.

With the issue resolved, some post-incident considerations:

  1. I’m starting to see more cases where a *lack* of IPv6 is actually causing more problems than the presence of it, particularly around mail servers.
  2. Exchange has some major architectural issues – I would love to know why an internal communication issue caused the search indexer process to go nuts at 100% CPU for hours.I’ve broken Linux boxes in terrible ways before, particularly with LDAP server outages leaving boxes unable to get any user information – they just error out slowly with timeouts, they don’t go and start chewing up 100% CPU. And I can drop them into a lower run level to fix and reboot within minutes instead of hours.
  3. I did a search and couldn’t find any official Microsoft best practice documentation for server 2008, nor did Windows Server warn the admin that disabling IPv6 would break key services.
  4. If Microsoft has published anything like this, it’s certainly not easy to find – microsoft.com is a complete searching disaster. And yes, whilst they have a “best practice analyzer tool”, it’s not really want I want as an admin, I want a doc I can review and check plans against.
  5. I’m seriously tempted to start adding surcharges for providing support for Microsoft platforms. :-/

* * *

Overall, Exchange certainly hasn’t put itself in my good books, issues like the IPv6 requirement are understandable, but the side effect of the search indexer going nuts on CPU makes no sense and it’s pretty concerning that the code isn’t just “oh I can’t connect, I’ll close/sleep till later”.

So sorry Microsoft, but you won’t see me becoming a Windows Server fanboy at any stage – my Linux Sendmail/Dovecot setup might not have some of Exchange’s flashier features, but it’s damn reliable, extremely easy to debug and logs in a clear and logical fashion. I can trust it to operate in a logical fashion and that’s worth more to me than the features.

Virtualbox Awesomeness

Work recently upgraded us to the latest MS Office edition for our platform. Most of our staff run MacOS, but we have a handful of Windows users and one dedicated Linux user (guess who?) who received MS Office 2010 for Windows.

I’ve been using MS Office 2007 under Wine for several years, it was never perfect, but about 90% of the functionality worked with some exceptions such as PDF export and certain UI and performance artifacts.

With the 2010 upgrade I decided to instead switch to using Windows under a VM on my laptop to avoid any headaches and to fix the missing features and performance issues experienced running Office under Wine.

Whilst I’m a fan of Xen and KVM, they aren’t so well suited for desktop virtualisation as they’re designed more for server environments and don’t offer some of the more desktop focused features such as seamless integration, video acceleration and easy point & click management interfaces.

Instead I went with VirtualBox thanks to it being mostly open source (open source with exception for a few extensions for USB 2.0 forwarding and network boot) and with a pretty good reputation as a decent VM application.

It also has some of the user-friendly desktop features you’d expect such as being able to forward USB hardware through to guest, mounting any folder on the host as a network share (without needing to setup samba) and 2D/3D video acceleration.

But the real killer feature for me was the seamless windows feature, which allows me to boot the virtual windows desktop and Windows applications alongside my Linux applications smoothly and without the nastiness of an RDP window.

Windows & Linux application windows running together concurrently.

Sadly it’s not quite good enough for you to be able to run the latest Windows games in as the 3D acceleration is quite basic, but it’s magnificent for just about any other non-multimedia application.

The only glitch I found, is that if you have dual screens, you can only run the windows session on one screen at a time, although virtualbox does allow moving the session between monitors whilst running so it’s not too big a deal.

The other annoying issue I had with virtualbox is that it uses image files for storing the guest VMs and it doesn’t appear possible to get it to use an LVM volume instead – so in my case, I waste a bit of space and performance for unnecessary filesystem formatting to store the Windows VM. I guess this is a feature that only a small subset of users would want so it’s not particularly high priority for them to add it.

I’m running Win7 with 2 virtual cores and 1GB of RAM on top of a host with an Intel Core i5 CPU (with hardware virtualisation enabled), 8GB RAM and a Intel 320 series SSD and it’s pretty damn snappy.

As a side note, the seemless window integration also works for Linux-based guests, so you could also do the same ontop of a Windows host, or even Linux-on-Linux if desired.

Process Monitor for Windows

From time to time I’m dragged into the murky world of Microsoft to debug a problem a customer is having, or to setup the occasional small business server.

My Windows skills are passable, but certainly nowhere near as good as my Linux capabilities – simple stuff like doing an strace on linux becomes a “ummmmm how?” on Windows.

Recently had an issue with an old Windows application refusing to launch on Windows Server 2008 due to a missing DLL file – found a very handy application published by Microsoft that works on XP SP2+ called “Process Monitor”.

It shows all calls being made by programs including what DLLs are being called and what registry values are being queried, along with the response from all these calls.

In my case, I was able to see what DLL file the problem was requesting and seeing that the OS was returning a NOT FOUND response – installed the require library, and fixed. :-)

Download from: http://technet.microsoft.com/en-us/sysinternals/bb896645

 

Impatient Linux geek’s review of Win8 preview

As you undoubtedly know, I’m one of Microsoft’s biggest fans [1], so I eagerly downloaded the newly released Windows 8 Developer Preview to take a look at what they’re aiming to with Windows 8.

This post is just based on a quick look as someone who runs Linux 24×7 for everything, has a lot of familiarity with Windows XP as a user and admin, some Windows 7 user-level experience and without looking through the online resources or keynotes about new capabilities – a pure “fire it up and see what happens” test and figuring out things as I go along.

[1] OK, maybe not really. [2]
[2] OK, so maybe I hate the company, their proprietary products and culture of lock-in. [3]
[3] Fuck Em

 

Environment

To begin with, I downloaded the 32bit OS ISO – mainly because the memory requirements and download sizes are less than the 64bit release and I wanted to see how it would go with 1GB RAM – an amount not unreasonable to expect on lower power tablet computers currently on the market.

I installed it onto my RHEL 6-based Linux KVM server (Kernel-based Virtual Machine, a fantastic virtualisation platform shipped with the Linux kernel and packaged into a number of distributions such as RHEL 6).

I didn’t bother looking for any paravirtualised I/O or networking drivers for Windows 8, so the guest was running on emulated IDE hardware, thus ensuring that I/O would not have anything resembling performance, so I haven’t critiqued Windows 8 for performance at all in this review. :-)

Apparently a lot of people have had problems trying to run Windows 8 on VMWare, but Linux comes through again as an impressively capable platform for virtualisation. [4] :-)

 [4] To date, KVM has virtualised for me: Linux, Windows, BSDs, Minix, HaikuOS, several large routing companies OSes and more. :-)

 

Installation

Installation was typical as per any OS installation from ISO media – virt-install read the ISO fine, launched the windows installer and proceeded to install with a very Windows 7 like installer.

It did “feel” faster than a Windows 7 installation onto the same platform I did recently, however that is purely anecdotal and may be impacted by 32bit vs 64bit install size differences.

After the base installation, typical reboot happened, although it appeared to cause my VM to shutdown rather than reboot – after powering back on, Windows 8 proceeded to take me through the re-done setup screens.

Did you hear? Green is in this year!

It’s a big change from previous install screens – looks like Microsoft pretty much tossed out the UI and started again, basing everything around the colour green.

However it does appear they’ve lost some UI concepts in the process – for example, in the above screen I needed to set a computer name – but clicking in the name field didn’t display me a cursor, nor did the example text vanish, typical responses of most current OSes.

I also found that Windows 8 would refuse to take “devel-win8-pre32” as a hostname, considering it too long – this isn’t really a problem for your average home user, but drives a power user like me up the wall – I want hostnames that suit *my* desires damnit!

Taking a leaf from Apple, or even Google's Android, Microsoft is tying the OS to their online services - although the paranoid can bypass - for an average users, the synchronization features sound like a nice touch.

Not being a Windows Live user (I have an account lying about for occasional use, but not for anything important) I originally tried to bypass the Windows Live registration step, but found that the installer crashed out with an error later on when I did.

After retrying with an “advanced/custom” configuration behaviour and using Windows Live it worked successfully – or at least it didn’t complain about anything I entered, I’m still a little unsure as to whether it logged into an existing account or just created me a new one.

Some UI confusion there - Windows tells me it's creating my Windows live account, but that account already existed....

Being impatient with a GUI OS not giving me any nice console messages to read (like any nix geek really – everyone wants to know what the OS is busy doing!!) I started clicking impatiently and was rewarded with a nice placeholder screen:

Well at least it's not blue?

(It’s actually a major improvement – impatient clicking is the leading way I cause Windows desktops to fall into performance hell, many a time I have attempted to do too many tasks on a Windows XP system to have everything in the OS crawl to a halt, because it can’t handle the usage patterns I’ve picked up from my Linux environment.)

The Windows 8 UI did feel quite sluggish under the VM, but this is something I’ve noticed with Windows 7 as well – suspect it’s due to the newer UI/rendering in their GUIs which doesn’t play nicely with the un-accelerated 2D VM viewer sessions, rather than any actual fault with Windows.

Despite my best efforts to break it, it eventually completed and I ended up at the shiny new Windows 8 “Metro Style” home screen. :-)

 

Operation

Oh Hai Metro!

First impressions of Windows 8 is the new Metro style interface – it’s essentially a number of large clickable buttons in a minimalistic style UI – upon clicking a button, it’s application is launched in full screen mode – with a roll over application-specific popup below.

Metro-aware applications launching in fullscreen - in this case, IE accessing my site - note the minor scrollbar and the popup black bottom OS menubar.

The first thing you’ll notice is the very tablet inspired UI – whilst navigable with a mouse, more conventional UI designs are probably still faster/easier to work with – although this is something that may change after a lot of use.

However with touch, this must change a lot – it will be interesting to hear about detailed reviews from users of touch devices with Windows 8.

I did note the non transparent IE icon on the black bar sticking out awkwardly – maybe MS is still having trouble with image transparency in browsers…. :-P

 

The biggest issue I have with the UI is actually how to get out of it – I found that by moving my mouse to the bottom left corner, the windows start menu – or at least, what remains of it – pops up in a very web-like fashion and you can click to return to the main home page or perform a number of other tasks.

But not always – I managed to get myself trapped inside a paint program that kept blocking the mouse action to get the start menu – and without any windows keys, I was left only with CTL+ALT+DEL to rescue myself.

I'm the new start menu! Don't expect to find anything on me!

The other main issue for me with Metro, was that I *couldn’t* figure out initially how to actually launch conventional programs – since only new metro applications appear on the home screen.

Turns out you now “search” for the programs that you want, or be presented with an alphabetically sorted list – it will be interesting to see how it looks after a user installs 50 conventional applications with half a dozen menu items each, but search does seem to be the way that a number of user interfaces are pushing people towards.

I guess I’m a somewhat old school user who likes my hierarchical menus rather than search – for that reason even some of the newer Linux GUIs cause me pain – but I can respect that the design of these UIs probably aren’t aimed towards people like me.

This is your punishment for loving Google too much, all your UIs will be replaced by search boxes! Mwhahah, search everything! Eventually you'll be searching for search tools to do your searching!

Oh and BTW – don’t rely on the search box – I tried to search for “shell” but didn’t get either traditional command line nor Powershell – not sure what’s happening there….

What is interesting is what happens when you launch a conventional application – I found myself suddenly watching some page flipping graphic animation and being taken to a familiar friend:

I'm a geek, let me tweak something dangerous! >:-D

This probably highlights my single biggest complaint with Windows 8 – it’s not that they changed things, it’s that they didn’t change things _enough_.

IMHO, Microsoft should have thrown out the 1995 derived user interface and gone full on into this new Metro design – with a bit more work, I’m sure it could handle all the same needs just as well.

It’s like Microsoft was split into two teams – one wanting a design for 2011 and one wanting to retain the good old tried and tested design, but instead of either side winning, ended up with this weird dual mode operation.

Of course I’ve always argued that Microsoft should have moved to a BSD based backend like Apple did with MacOS – take the best from the open source world and then build their Windows libraries and APIs ontop of that platform – increase stability, reduced development in the low lever space and ability to move on from win32.

In terms of classic application UIs, a few old friends have had some UI changes, although maybe not so much for command line which has managed to survive a remarkable number of Windows releases whilst looking ugly as fuck.

More graphical wiz in task manager to make sure it runs even slower when your system is crashing.

And of course, the controversial file manager UI changes feature:

Sadly the send to box still lacks "send to pirate bay" or "scp to a real computer" :-(

Whilst I’m sure many readers will lynch me for this, I actually find the new ribbon style interfaces great – I suspect this is because I only really started using MS Office heavily with 2007+ and I found learning with the ribbon easier than with the traditional menu style layout.

Users having to learn new habits will probably hate it though and consider me mad for liking it. They should just harden up and use a CLI, always faster for a power user anyway.

Speaking of which….

 

Command Line, Fuck Yeah

Apparantly Microsoft has had an improved shell around for a while to replace CommandLine, called Powershell – I won’t go into too much detail about it as it’s not really new to Windows 8, but do want to make some comments because it’s the first time I’ve had an actual play with it:

It essentially looks like they took some of the UNIX concepts and built a new shell for Windows that doesn’t entirely suck like the older one – hey, it even has a “ps” command and has other nix-isms like ls and pwd.

Sadly they didn’t implement the “uptime” command so you can’t compare days online without blue screens nor is there a “uname -r” for kernel version boasting contests. And as a helpful addition, I found a remarkable lack of –help parameter understanding.

Hi, I'm windows! I've finally evolved to where UNIX was in 1980 :-P

Over all, it’s actually pretty nice – doesn’t stack up next to a modern Linux CLI, but miles better than the horror know as cmd.exe :-/

TBH, with Windows 8 they should dump the bloody command shell already and make people get with the program and adopt powershell – at worst it might break a couple batch files or some legacy launchers, but with the massive advantage that Linux geeks like me won’t be able to mock the crappy primary CLI so much. [5]

[5] I’m sure I’ll still find a way to mock Windows. :-)

 

Conclusion

Over all I found it an interesting system – it feels like they’re halfway between building a new style of desktop OS yet still have that legacy windows feel stuck behind it they just can’t shake.

I would often find myself dumped back to a somewhat Windows 7-like environment but with a funny acting start menu.

I did find the newer UI a bit more mouse intensive – having to cursor down and pause to get the start menu popup – however I suspect people with bad keyboards [6] will find that the Windows keys might make life easier to launch it.

[6] anything not an IBM Model M

We don't need no frigging Windows key! This household only has real keyboards boy!

 

I have yet to get into the real guts of the OS to see how it’s networking performs, how much memory it eats and how well legacy applications run – this might be tricky without paravirtualised drivers, since the emulated drivers do make an impact on performance.

In terms of quick checks at memory and CPU usage – with only a couple basic OS applications running, the VM was using about 400-500MB out of 1GB assigned and minimal CPU – probably around the same as a Windows 7 install, although maybe a bit less CPU wastage.

And in the hour I spent playing with it, I didn’t cause any nasty crashes – of course, once given real workloads and a variation of different applications and drivers, stuff will get more interesting. :-)

I’m genuinely optimistic about where MS is heading with Windows and their development in general – this is the first Windows release that I believe is accessible for the general public to download and play with, a more public development model will certainly pay off for them with community feedback, bug finding and also just general awareness and free marketing about Microsoft’s new capabilities.

Having said that, for a power user, there’s no way I’d move off Linux to Windows 8, even ignoring the philosophical differences, I still find the Windows architecture too restricting for my liking.

And developing for the new metro interface sounds like a trap for the unwary with restrictions similar to mobile application stores – not everyone shares my concern, but I’m extremely worried about heading into a future where the majority of commercial operating system vendors can control what applications are allowed to be released for their platforms.

 

In terms of the tablet audience, it will be interesting to see how it fares – whilst the iPad and Android tablets are going to pull off the tablet experience slicker/better (IMHO) the ability to run regular windows programs as the line between PC and tablet converges will certainly be attractive to some – and unlike Microsoft’s past forays into tablet computing, they’ve actually done more work than just slapping a touch screen onto a laptop and calling it done.

And that’s me for now – I may come back with some more on Windows 8 in the next few days, but I’ll prob be moving on to doing some reviews of weird *nix style operating systems I’ve been playing with.

KVM/libvirt change CDROM

I was setting up some Windows virtual machines this evening on my Linux KVM/libvirt server, in order to experiment with how Windows handles IPv6 networks.

Installing windows was easy enough – standard virt-install commands, however post-reboot, Windows XP wants to access the CDROM again.

However the reboot causes the CDROM ISO to be unattached from the virtual CDROM drive – so it’s necessary to re-add it to continue installation

However the logical syntax based on virsh help, doesn’t work:

virsh # attach-disk devel-winxp1 /tmp/winxp.iso hdc
error: Failed to attach disk
error: this function is not supported by the connection driver: disk bus 'ide' cannot be hotplugged.

The correct syntax is:

virsh # attach-disk devel-winxp1 /tmp/winxp.iso hdc --type cdrom --mode readonly 
Disk attached successfully

Basically you need to tell libvirt that you’re attaching a *cdrom* and not an actual disk – I’m not sure why it doesn’t just figure that out, based on the fact the user is trying to obviously attach an ISO to a virtual optical drive device – maybe nobody has gotten around to implementing a nice autodetect method yet…