Blog

Like past versions of Windows, Vista is available is a full version or an upgrade, with the upgrade being 30-50% less.  However unlike previous upgrades, the Vista upgrade process requires XP to be installed on the system before it can be upgraded.  Prior upgrades only required a physical disk from an older OS as evidence of the previous purchase.

Brian Livingston (author of the “Windows Secrets” series of books) has documented the procedure to perform a clean install with an upgrade license key.  This is not intended to circumvent any licensing, but as we all know, Windows usually performs better if you start over with a clean install.  The steps are documented at http://windowssecrets.com/comp/070201#story1.  This upgrade scenario is also addressed by KB930985 here.

Dynamic users get deleted whenever there is any change in the Windows Database Configuration.  In order to recalculate group membership after a mapping change SecureACS must purge dynamic users.  This is a problem when you have set user-specific properties.  One workaround is to create manually-defined users – they can still use Windows AD authentication, but won’t be deleted if you reconfigure database mappings.

There is a bug in the Windows IPSEC driver that only allows 3 simultaneous L2TP connections to an ISA server from a single location.  The IPSEC session may linger after a user disconnects so it’s not always apparent by looking at the number of connected VPN users.  Installing the following hotfix corrected my issue: http://support.microsoft.com/kb/912213

When installing an application on a terminal server it is necessary to change the server to install mode by running “change user /install” from a command prompt or by performing the install through “Add/Remove Programs.”  After the installation you must run “change user /execute” to bring it out of install mode.  This ensures that the .ini files for the installed application are stored in the Terminal Server system directory.  These files are used as the master copies for the user-specific .ini files. 

Why is this important?  [more]When a user runs an application for the first time, the application looks in the home directory for its .ini files.  If it does not find them in the home directory it will look in the Terminal Server system directory and copy them to the user’s home directory.  If an application is installed while the server is not in install mode, the .ini files will be saved to the home directory.  New users will therefore be unable to pull down the .ini files from the Terminal Server system directory, and the application will not run.

The match statement is used in route-maps and policy-maps in IOS to define criteria that a packet must meet in order to be classified as part of the permit or deny action of a route-map statement.  Route-maps can be roughly compared to an IF… THEN clause in programming.  Some match statements can have multiple conditions, like: [more]

match ip dscp af31 af32 af33

In which case each condition is OR’d with the one before it.  If any condition is true (in the above statement af31 af32 af33 are all possible DSCP values that an IP packet might have), then the match is true.  The other scenario is having multiple match statements:

match ip dscp af31
match ip dscp af32

In this case both statements have to be true for the packet to be classified in the given route-map entry.  In this case an IP packet could never be both af31 AND af32, so the route-map (or policy-map) will never match anything.

1. ISP customer setup automation sometimes creates issues. Email from domain A to domain B works, but from domain B to domain A doesn't. Be careful if both are customers of the same ISP. Sometimes automated processes create mail domains, DNS zones, and web space for all customers. Customers that use the same ISP can experience issues (depending on mail server software used) if one customer uses ISP mail (POP/IMAP & SMTP) and the other hosts their own mail server. If ISP mail servers have mail domains set up for customers who do not use the ISP provided mail (have their own mail server), when another ISP customer who does use the ISP provided mail service attempts to relay mail through the ISP's mail servers, delivery ends up being server local instead of the server looking up the correct MX record. This usually ends up being an SMTP 550 error (user not found) rejection sent to the sender.

2. Can't send mail to AOL, join the club! If a mail domain can not send mail to AOL, it could be a number of things. The first thing to do is start a telnet SMTP session like the following: [more]

telnet mailin-01.mx.aol.com 25

The AOL server will return an error code and a web link to an article explaining why the mail was blocked. A very common error is 554 (RTR:sc) which means that your sending IP has been blocked due to too many AOL members clicking the "this is spam" link for emails that trace back to you mail server IP or domain. If you are curious about what mail is getting sent on your behalf that is being specified as spam by AOL users, you can create a feedback loop (see http://postmaster.info.aol.com/fbl/). Once you have requested a feedback loop you will be notified when a member clicks "this is spam". The email sent to you from [email protected] will contain the complete email and header information. To be removed from an AOL block list, you must call 703-265-4670 and jump through some hoops to be removed. It takes 24-hrs for the removal to take affect.

A great utility for any engineers CD collection is the Ultimate Boot CD for Windows, available at www.ubcd4win.com (at least the instructions and utility to build the CD). All you have to provide is a Windows XP CD, and the utility will build an ISO that you can burn to a CD. Once booted, you can view/edit files on a hard drive, edit the registry, RDP to another machine, scan for viruses, and many other tasks. While you might only use this CD once every couple of months, it can be a great time-saver when needed. 

One alternative use I have found is to use the CD from within Windows when needing a NIC driver, since it includes such a variety of these drivers for its own portability.

Microsoft provides a useful command-line tool called err.exe that can help you find the meanings of error codes. When you run err.exe and specify an error code, the program searches all the error-code definitions from the various header files that Windows uses to generate a list of possible error meanings. You can download err.exe at Microsoft Web site. (Although the Web page is called "Exchange Server Error Code Look-up," err.exe actually handles Windows OS error codes.) [more]

If you run err.exe and specify an error code--for example,

err 1645
the output looks like this:

C:\temp\Err>
# for decimal 1645 / hex 0x66d :
ERROR_INSTALL_REMOTE_PROHIBITED winerror.h
# The Windows Installer does not permit installation from a
# Remote Desktop Connection.
# for hex 0x1645 / decimal 5701 :
NELOG_NetlogonFailedToUpdateTrustList lmerrlog.h
SQL_5701_severity_10 sql_err
# Changed database context to '%.*ls'.
# 3 matches found for "1645"

Notice that err.exe searches for the value you entered in both its hexadecimal and decimal forms.

Windows Vista includes a new technology called ReadyBoost, which is designed to speed-up your system by caching disk reads into flash memory.  Originally, I read this feature was intended for the upcoming hybrid drive technology (more info here), but I recently learned ReadyBoost will also work with other types of flash memory like a USB drive.  Here are some interesting facts about ReadyBoost: [more]

• Caches only disk reads, so the flash device can be removed at any time
• Cache is encrypted using AES-128
• Minimum requirements is 256mb of space, with the device capable of 2.5MB/sec for 4k random access reads and 1.5MB/sec for 512k random writes
• Microsoft recommends matching the capacity of the flash device to the amount of system memory

When you insert a flash drive, Vista will test the device and give you the option of using it for ReadyBoost.  Properties on the drive shows a ReadyBoost tab with an option of controlling the amount of space to be used.