Archive for the ‘windows’ Category

« Older Entries
Newer Entries »

WDS Deploying Windows 7…….The Wrong Way…….

Friday, April 16th, 2010

The 2nd Microsoft UK Techday I attended was on the subject of deploying Windows 7 within the organisation using WDS. This was the one I had really been waiting for as:

a) I’m pretty sure the way I am using WDS to deploy Vista is wrong, even though it works

b) Chris Jackson was presenting

Bit of history. One of the earlier tasks when I joined my current job was to replace the mix of XP and Vista desktops that were in use. I installed WDS and set about trying to figure out all the bells and whistles, but there are so many of them.

There is a ton of doc to read through, and walk through scenarios, but they are somewhat basic in that they only deal with creating and distributing a single image/buld to the desktop.

Here’s my problem, I have a mix of HP and Dell desktops. I also have different software requirements for different groups of people. Everyone needs Windows Vista and Office 2007. Devs need Visual Studio. Designers need the Adobe CS suite. I could not work out how to use a single boot and install image to achieve this.

So, I created multiple install images. Essentially, I setup each PC exactly as I wanted it for the desktop, then sysprep’d it with an answer file and capture it to an image. Then for each install image, I created a corresponding boot image and edit the startnet.cmd to wipe and prepare the disk, and then use imagex to apply the correct install image file to the machine.

So I have a ‘HP7900-install.wim’ and a ‘HP7900-boot.wim’. I also have a ‘HP7800-install.wim’ and a ‘HP7800-boot.wim’. Adding each xxx-boot.wim file to WDS lists it as an option on the PXE WDS boot menu, and when you select either boot image, the ‘startnet.cmd’ batch file will use imagex to apply the corresponding xxx-install.wim file.

I am fairly certain this is not how WDS was supposed to be used ?! There are currently x8 boot and x8 install images sitting on my WDS server.

The Windows 7 deployment demo at the UK Techday event unfrotunately has not cleared this up for me any further. The demo simply showed how to use a stock boot.wim and install.wim with an answer file to remove the prompts that occur during install. This much I had already figured out, what I hoped to discover was how to create a relationship between a boot.wim file and an install.wim file so I did not have to edit the startnet.cmd file each time.

I’ve just downloaded the WAIK 2010 and MDT 2010 applications and am going to install them and take a look at the new and improved documentation and scenarios and see if the answers lay within.

Anything I find out I will of course post here.

One thing I do already know is that if you are using a x64 bit version of Windows (7 or Vista) you have to install the x64 bit version of the WAIK. The x64 bit version cannot work on x86 (32bit) images !??? However, the x86 (32bit) version of WAIK can work on both formats. So when creating your build administration workstation, I would use x86 versions to ensure maximum flexibility.

Tags: , ,
Posted in imaging, microsoft, wds, windows 7 | No Comments »

IIS7 HRESULT: 0×80070057 (E_INVALIDARG))…….

Wednesday, March 24th, 2010

I don’t write code. Well compileable code anyway. Now scripting, I’m ya man, but anything that does stuff ‘behind the scenes’ is frankly a little bit beyond me.

So I was filled with doom when one of our web developers was getting an error every time she tried to load her dev copy of the site into her browser. IIS7 simply gave the very detailed but unhelpful message


HRESULT: 0×80070057 (E_INVALIDARG))

Along with a pretty error page and some bits of XML. Googling that error code led me to this site which thankfully explained what was going on, and more importantly, how to fix.

Seems that when you build/compile a .NET site, it takes copies of the binaries from your solution and copies them to a temporary folder. The site is then hosted from the files in this temporary location.

Should your system crash mid-build/compile (she was using Vista, of course it crashed !) then the file(s) copying at the time may not quite be up to scratch (i.e. corrupted).

For x64 bit systems the path in question is

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Temporary ASP.NET Files

For x86 bit systems the path is

C:\Windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files

Inside the ‘Temporary ASP.NET Files’ folder will be many sub folders. You can spend time trying isolate the exact subfolder containing the knacked files, but I just deleted all the sub folders and then rebuilt the web solution again and ‘Presto’ a working site

The site owner Dan Abdinnor credits his friend Patrick Fitzsimmons for working all this out. I don’t know who you guys are, but thanks, you possibly saved me from hours of diagnostic tools and head scratching on this one !

Posted in IIS, vista | 2 Comments »

Microsoft UK TechDays……yipee !!

Friday, February 26th, 2010

I just signed up for a couple of the Microsoft UK tech.days events being held in London during April.

Am really hoping to get to see Chris Jackson live as I have only previously seen him online on Channel 9 and on the 2008 TechEd recordings (2nd page, first row, far right video). He really seems to know his stuff and have a sense of humour and presentation charisma.

Is quite a big deal for me as I don’t think I will ever work in the sort of company who send their staff out to the big official MS TechEd events held globally (at least I haven’t been sent to any so far, and never having been to one, have not been able to ask the attendees what sort of company they are working for that send them to MS Tech events).

In fact, I think the last formal IT training I was sent on was over 10 years ago when I was sent on a course to learn Exchange server 5.5 administration.

Admittedly I seem to have done ok without any training, getting by using books, online examples and demos and so on. But some systems (ones from Microsoft in particular) are getting so large and so complex with so many features and capabilities built right into them that I wonder if I am doing some things inefficiently or even incorrectly.

Take desktop deployment. My current employer are using Windows Vista. One of the earlier tasks I did (after the massive mail migration I wrote about on here previously) was to replace the mix of XP and Vista will a few standardised builds of Vista using WDS. The learning process was pretty steep, and very confusing.

I could not get the answer files to work correctly for unattended installs, I gave up on trying to figure the Microsoft Deployment Toolkit (MDT). In the end I simply installed a box *eaxctly* how I wanted it to be, and then sysprep’d it with an answer file. I then used ImageX to capture the system to a .WIM file and this is what I used to deploy to new systems. Even though it works pretty well (the only bits I could not automate were the machine naming, joining the domain and Windows activation) I am still not sure I am doing it the way Microsoft intended.

Now in 2010, the office here are looking to replace Vista with Windows 7 (not just to be fashionable you understand, but there do seem to be too many issues with Vista for our liking). I downloaded with Windows Automated Installer Kit (WAIK) for Windows 7 to have a look, and it bigger and even more complex that the one for Vista was.

So I have high hopes that some bright Microsoft chappie (maybe even Chris Jackson himself) will take to the stage and say “here’s how you do it” and show me the bits I’m missing, and the bits I’m doing wrong. I am taking my laptop and will be furiously trying to record everything they say and do :oO

p.s. If you work for a company that sends you to tech events (not just the MS ones) please let me know who you are and what you do, cause I really wanna go to them too :o/

http://www.microsoft.com/uk/techdays/dayitp.aspx

Tags: ,
Posted in microsoft, windows, windows 7 | No Comments »

IIS7 AppPool user account causes HTTP 503 error

Tuesday, February 9th, 2010

I don’t profess to be any kind of IIS expert, in fact, I would say I’m more of an Apache man myself. I just find it easier dealing with flat text file for application configs, frankly while I’m sure there are benefits to having the IIS config all sorted in metadata and stuff, I just find it confusing and overwhelming, gimme httpd.conf any day.

While trying to configure an IIS7 AppPool to use a not evelvated logon to run as, I recieved a HTTP 503 error and the following was logged in Appilcation area of the event viewer.

The identity of application pool user.www.somedomain.com is invalid. The user name or password that is specified for the identity may be incorrect, or the user may not have batch logon rights. If the identity is not corrected, the application pool will be disabled when the application pool receives its first request. If batch logon rights are causing the problem, the identity in the IIS configuration store must be changed after rights have been granted before Windows Process Activation Service (WAS) can retry the logon. If the identity remains invalid after the first request for the application pool is processed, the application pool will be disabled. The data field contains the error number.

Quite a few possibilities mentioned there, so I started with the first one, incorrect user. I deleted the user logon, recreated it, set the password and then re-configured the IIS AppPool to use the newly created account. But still the page gave me a 503 error.

So I looked at the new possibility, ‘Batch Logon Rights’. Comparing the local security policy MMC for the server I was having trouble with and one that was working ok I found that the group ‘IIS_IUSRS’ had been granted the ‘Logon As Batch’ right on the standalone server, but not on the server that was part of a domain ?!

Local Security Policy MMC

As the domained server was controlled by group policies I could not just add the group directly to the permission, I had to create a group policy to grant ‘IIS_IUSRS’ the ‘Logon As Batch’ right and the run a ‘gpupdate /force’ on the domain server.

Restarting IIS and testing the site again showed everything now working correctly. It seems that the ‘IUSR_USRS’ group gets granted the ‘Logon As Batch’ right automatically on standalone servers, but not ones that are part of a domain, you have to grant the rights by adding them via a group policy.

Posted in IIS | 1 Comment »

Odd Windows DNS Issue…….

Thursday, January 21st, 2010

Hmmmm, something is up with DNS at work. Randomly (anything from a week to 2 months) it seems to stop resolving .co.uk for some domains (especially www.bbc.co.uk) ? Nothing recorded in the eventlog for the times while it is behaving like this. Restarting DNS server fixes the problem for a while until it breaks again.

I recently patched server 2008 to SP2 as I found some issues that were fixed in that SP (like incomplete zone transfers which broke some stuff a while back).

But the service pack does not seem to have fixed this random sulking occuring in DNS.

For now I have enabled DNS debugging to a file on the system and restarted DNS, now I will need to patiently wait for it to act up again so I can have a peek and see if anything looks amiss.

I can find nothing solid on google either. If I ever get to the bottom of it I’ll re-post here, but in the mean time if anyone has any ideas let me know as I am stumped.

Tags: ,
Posted in dns, microsoft, windows | No Comments »

Kaspersky NDIS 6 Filter Causes Network Loss…..

Wednesday, August 19th, 2009

We use Kaspersky for anti virus in the office. It’s an ok product, no better or worse than any others I have worked with. It did however turn out to be the cause of an issue that I was unable to figure out for a while now.

On x64 bit Vista systems, when moving large files across the network, the PC would suddenly loose it’s network connection. The network icon in the system tray would get a little yellow warning triangle on it and the status would indicate a connectivity issue.

It did not do this on systems that did not have kaspersky installed how ever. So I tried disabling the x2 Kaspersky services (anti virus and network agent). While this made the problem happen less, it did not go away completely, if I copied x3 or x4 large files (2gb+ in size each) at the same time, the network connection would drop again.

The problem was made even worse because there was no way to get the connection back without restarting the machine. Disabling and re-enabling the interface did not work, using netsh to reset the interface and winsock also did not work. The machine would become unstable and need a power cycle in the end.

I thought perhaps it was being caused by using bad network interface card drivers, so I downloaded the latest ones from the vendor web site but still the connection dropped under heavy load.

And then I spotted it. while checking the driver details for the network interface. kaspersky had added a protocol stack component that I knew nothing about, the ‘kaspersky NDIS 6 filter’.

kaspersky ndis 6 filter

kaspersky ndis 6 filter

Checking on the kaspersky site, it seems that this is a network level embedded packet interceptor. as packets arrive and leave the network card interface, the NDIS driver intercepts them for scanning to try to determin if the packet contains malicious content. It would seem that under heavy network load, the intercepts become too much and it trashes the network stack beyond repair.

Disabling this component by clearing it’s checkbox and unbinding it from the network stack seems to have fixed the issue and I was able to copy x8+ large files (2GB+) simultaneously without any connection issue. It also seems to have corrected a more minor issue I was experiencing with system pauses when network operations were happening.

I hope this helps anyone else having these issues.

Tags: , , ,
Posted in kaspersky, vista | 3 Comments »

Everything Starts With An ‘e’……..

Wednesday, July 22nd, 2009

Just read this post (admittedly, a little behind the times, but I have been very busy). It seems that in Europe, MS are being forced to remove IE from Windows 7 when it launches, and to comemerate this, all European versions of Windows 7 will have an ‘e’ appended to the product name (so for instance Windows 7 Home Premium ‘E’).

I cannot believe that with all the ‘smarts’ that work at MS this is the best idea they could come up with. The cost of x2 completely sets of packaging for US and EU materials !! And, seeing as what I suspect what will end up happening is a link on the desktop entitled ‘click here to install a web browser’ that will simply…..no wait for it…..download and install IE from the MS site, I have to ask  ‘what’s the point ?’

Without this link for dummies, they would also appear to have created and chicken and egg type scenario (at least for the lowest demonination of user). If you have no browser on your PC, how do you download a browser ? Yes, I know the smarter among us can just ftp/sftp one down from our favourite downloads site, but I dont fancy trying to talk my parents through that particular operation on a week day evening :o(

Why not simply force MS to incude a bunch of the top browsers. That way people (even dumb ones) could just sample and then remove (or ignore if they have the disk space) the ones they don’t like ?

It also looks like there will be no upgrade option for Europe either. So clean installs all round with the gnashing of teeth as people realise they didn’t get everything off that they needed before wiping the system.

What I still find more outrageous is that MS are still inflicting their version of paint on people and the EU have not said a word…….!!

e

Tags: , ,
Posted in microsoft, windows, windows 7 | No Comments »

x64 Bit sysprep.xml Answer File

Monday, June 29th, 2009

Note to self……..when imaging a x64 bit system, you need to create and use a x64 bit answer file using the windows system image manager (SIM) and a x64 bit install.wim file to generate the catalog !!

Very important, do not forget this again :os

x64 bit

x64 bit

Tags: ,
Posted in imaging, vista, windows | No Comments »

iBroken !!….

Sunday, June 28th, 2009

So the title of this post should be something like ‘iphone will not sync with itunes on vista with roaming profile folders’, but I couldn’t resist, ibroken sums it up so well :o)

Yep, my iphone won’t work with my office PC. Well, mine does obviously as I am an administrator with god like powers on our office network. But for my poorer cousins, the standard user, they have their environment subtley controlled for them via the use of microsoft group policies.

The policies in place are not restrictive in nature. They are  simply there to help make certain things transparent to them or make my life easier as an admin and give me some peace of mind about my users data.

The one causing the breakage of the iphone sync is the roaming user profile folder(s). We use roaming profiles to allow people in the office to be able to login to any desktop and have their personal settings follow them around. We also redirect the ‘documents’ folder to a network location so that all their files are in one place and backed up for security.

Under Windows Vista, the user profile folder(s) structure changed a bit. in  Windows XP, user profiles were stored in”C:\Documents and Settings”, but in Windows Vista they are now stored in “C:\Users\”. in order to maintain backwards compatibilty with earlier windows software, Windows Vista has a junction point for ‘C:\Documents and Settings” that points it to “C:\Users” (a junction point is a bit like a shortcut but it will also work in DOS). The junction point makes sure that any application trying to access “C:\Documents and Settings” gets directed to “C:\Users”

Microsoft also changed the structure of the folders that make up the user profile under Windows Vista

\Documents and Settings\<user>\Application Data

now points to


\Users\<user>\AppData\Roaming

and


\Documents and Settings\<user>\Local Settings\Application Data

now points to


\Users\<user>\AppData\Local

And I *think* this may be where the problem is. NTFS juntion points can only point to another location on the local file system, not a netwok location. itunes will be trying to access “C:\Documents and Settings\scottb\Local Settings\Application Data”, and will be hitting the junction point that redirects it to “C:\Users\scottb\AppData\Romaing”. With folder redirection turned off the story ends here, the location is still on the local filesystem, itunes simply follows the new file path and backups up the iphone in the correct location.

But we have this folder redirected to a network share using a group policy, the “C:\Users\scottb\AppData\Romaing” gets further redirected to a network share file path……and it all just fails.

At this time however, this is only a theory as I cannot understand why only itunes is affected like this and not any other apps (who must also be getting the network redirect for the AppData folder !).

More on this [as|when|if] I figure it out………

ibroken

ibroken

Tags: ,
Posted in apple, iphone, vista | 1 Comment »

Just Plain Weird !!!……

Wednesday, June 24th, 2009

I wracked my brain to come up with a title for this one, but I was simply stumped for how to describe this event

I decided I would allow the MS updates tool to download and install IE8, after all I am running Vista and should really try and keep up with all MS mainstream product versions.

The download kicked off ok and then it installed and required a reboot, which I agreed to…….then I entered the MS twlight zone ?!!

x2 issues/bugs/errors/conditions/*features* seemed to occur as result of installing IE8. The first was that while IE8 would load and display a web page no problem, it would not open a link in a new tab. The tab would launch and then sit there doing nothing. This behaviour was also apparant for trying to right click and launch a link in a new IE8 window. It just did nothing. However, just clicking on a link would load the page into the current tab ok. This meant a morning of getting used to navigating backwards and forwards through my browsing history, which was cumbersome to say the least.

Then I discovered another little gem. Windows explorer would no longer open folders in the same window. Every folder I double clicked opened in a new explorer window. I checked my folder options and changed and applied some settings and then reset them back and applied them to be certain the options were being set, but Vista refused to take this onboard and continued to clutter up my desktop. Right clicking a folder and selecting explore (which was bolded as the context default option by the way) worked ok, but double click was broken :o(

Owing to a deploy of the new site being in progress while this was going on (note to self:: never upgrade your system again during critical moments. grrrrrrrr !!) I had to tolerate this behaviour for the better part of the morning, I now have mild RSI of the second finger on my hand from all the right clicking I had to do (I almost dropped to a DOS prompt to get the work done it got that bad).

Then, while trying to figure out why I had some on page controls missing on the new version of the site, I launched IE8 as administrator……..and it all went back to normal. Possibly a coincidence, but I know where I’m hedging my bets. Just annoying that if permissions was the problem at the time, UAC did not kick in and advise me so (and how come after launching IE8 as admin IE8 and explorer are working fine for me as non admin ??)

Like I said, just plain weird :oD

weird

Tags: ,
Posted in vista, windows | No Comments »

« Older Entries
Newer Entries »