Blog

I have been troubleshooting an issue with terminal services sound redirection for one of our customers for a while. Audio mapping was enabled and all of the GPOs had been checked and re-checked. Resultant set of policy showed everything should be working. The volume showed to be muted when looking at the sound settings through the control panel. You could unmute the sound and click apply and the "muted" check box would automatically re-check itself. All types of troubleshooting were done from DirectX diagnostics to a Microsoft PSS case. Skipping three days forward, the root cause was due to rdpclip.exe not running at user login. This process is started at each login subject to the existence of a registry key which was missing. [more]

The reason it was missing was due to a previous fix for performance issues. The registry key that was missing was  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd:StartupPrograms --> rdpclip  . I added it back and tested and sound redirection worked. However, now the performance issue is back. At login, there are several users who experience very high CPU usage for the rdpclip.exe process. Since rdpclip.exe is responsible for several types of RDP redirection, it was undesirable to remove the registry key again to fix the issue. I was able to determine through additional troubleshooting that audio mapping was the root cause. I can enable any type of redirection via terminal services redirection except audio mapping and the performance problem does not occur.  At this time we still have not found a fix for the performance issue.

The HTTP standard (http://www.ietf.org/rfc/rfc2616.txt) specifies an Accept-Encoding field in the header that allows the browser to specify, among other things, what kind of compression the server can use to compress pages sent back.  Our ISA server seemed to never set this field even if the user's browser did.  In the ISA filters, there is a compression filter that must be enabled before it will accept compressed pages.  If this filter is disabled, then the browser will just get an error from the ISA server instead of displaying the page.  Audible.com is an example site that wants to send its data in gzip format and this site will not be accessible if the compression filter is disabled.

There is a new iPhone worm that uses the insecure SSH service installed on jailbroken iPhones.  Last week, there was discussion about an attack on iPhone users in the Netherlands where the attackers demanded owners pay 5 EUR to get rid of the Trojan.

"Jailbroken" (or hacked) iPhones or iPod Touch devices are devices where users have bypassed Apple's official distribution and are running unofficial code.  Once an iPhone or iPod Touch is jailbroken, users are able to download various applications previously unavailable through Apple's App Store from unofficial installers such as Cydia or Rock App.

To learn more, visit http://isc.sans.org/diary.html?storyid=7549

A customer’s Outlook Active Sync stopped working for their phones. I connected to their 64-Bit Exchange 2007 server and found that nothing in IIS was working.

Looking at the event logs found where .NET 1.1 had been installed right before IIS stopped working.

IIS 6.0 supports both 32-bit and 64-bit. However IIS 6.0 does not support running both at the same time. ASP.NET 1.1 runs only in 32-bit mode. ASP.NET 2.0 runs in 32-bit mode or in 64-bit mode. Therefore, if you want to run ASP.NET 1.1 and ASP.NET 2.0 at the same time, you must run IIS in 32-bit mode. However Microsoft Exchange Server 2007 only supports Microsoft.NET 2.0, 64-bit version.

The problem was that Microsoft .NET Framework 1.1 was installed on the Exchange server and broke IIS since it is running in 64-bit mode for use with Exchange 2007.

• I uninstalled .NET 1.1
• Went to a command prompt
• Used the following command to disable the 32-bit mode:
  cscript %SYSTEMDRIVE%\inetpub\adminscripts\adsutil.vbs SET W3SVC/AppPools/Enable32bitAppOnWin64 0
• Then used the following command to install the version of ASP.NET 2.0 and to install the script maps at the IIS root and under:
  %SYSTEMROOT%\Microsoft.NET\Framework64\v2.0.50727\aspnet_regiis.exe -i
• Restarted IIS, World Wide Web Publishing Service, and HTTP SSL

[more]After completing the steps above everything began functioning as it should.

I found that the reason .NET 1.1 was installed, was because all the management server sessions were being used and access to the VM host was needed. An installation of Virtual Infrastructure  Client 2.0 was started but canceled on the Exchange server. VI Client 2.0 requires .NET 1.1 which was automatically installed before the VI installation was canceled.

When working with an ASA 5505, if you change the ip address of the internal interface to a different subnet, make sure you enable http access to the new subnet or you won’t be able to use the Cisco ASDM interface anymore. Command: http 192.168.0.0 255.255.255.0 inside.

I installed a 64bit version of Windows 7 as a virtual machine and when trying to startup, it would hang in a loop of start and restart.  Amongst the loops as the vmware machine would cycle, an error would appear and disappear.  After watching closely I could read enough to see it referred to a bios setting.  That led me to the fix below.

I found out “Virtualization Technology” (VT) must be enabled in the bios settings of my laptop.  VT is an option for Intel CPUs.  This is a requirement VMware implemented for running 64bit virtual machines.  VT is not required for running 32bit virtual machines.

To enable VT, access the Bios Setup Utility on the computer which will host the virtual machine.  Typically, to get to the Bios Setup Utility you press the F1 key when you see the manufactures start up screen when starting or restarting the machine.  When the Bios Setup Utility starts, you will enter Config > CPU.  There you will see the option to Enable VT. [more]

Also, it is documented you must power down the host machine again after enabling VT.  Enabling VT, saving the configuration and continuing with the start up will not enable VT.  It takes and additional cold boot to enable VT.

After the second start, I launched the VMware workstation and powered on the Windows 7 without a problem.

Many people received a phishing e-mail with the Subject "FDIC has officially named your bank a failed bank" yesterday appearing to come from the FDIC.  The text from the fraudulent e-mail would appear something like:

• Visit FDIC website: (a fraudulent link was provided here)
• Download and open your personal FDIC Insurance File to check your Deposit Insurance Coverage

It appears this is a new phishing attack where the intent is to attempt to collect personal or confidential inforamtion.  Recipients of this e-mail should be warned of its nature and encouranged NOT to follow any of the links from the e-mail.

Here is the link to the FDIC Consumer Alert published October 26, 2009 - http://www.fdic.gov/consumers/consumer/alerts/

In the past, I’ve used products that emulate having multiple versions of Internet Explorer installed to test websites in previous versions on Internet Explorer.  Those products worked okay, but they were always a little flaky.  Sometimes Javascript or cookies wouldn’t work right, Windows updates would break versions, and some would not work under Vista.  They also did not allow you to install any web developer tools to help troubleshooting any problems you found.   I found a better solution when I ran across the Internet Explorer Application Compatibility VPC Images that Microsoft provides for free.  Microsoft offers the following five Virtual PC hard disk images as free downloads: [more]

• Windows XP SP3 with IE6. Expires January 1, 2010
• Windows XP SP3 with IE7. Expires January 1, 2010
• Windows XP SP3 with IE8. Expires January 1, 2010
• Vista Image with IE7. Expires 120 days after first run.
• Vista Image with IE8. Expires 120 days after first run.

These images work well and since they are full blown XP and Vista images you can also install different versions of other browsers on them to test with too.  You could also use the images for testing desktop applications in Windows XP or Vista.  In addition to downloading the disk images you’ll also need Virtual PC 2007 (http://www.microsoft.com/windows/virtual-pc/support/virtual-pc-2007.aspx).

I found some excellent mono-space fonts at http://www.proggyfonts.com.  These fonts were designed by programmers for viewing code.  They save a lot of space and make it easier to read.  I really like the dotted or slashed zero characters they use, because it makes it so much easier to distinguish them from the letter '0'.  I personnally use proggy clean and proggy tiny (with slashed zeroes).