Technology for Mortals

I’ve spent most of a week struggling with this error. I set up IIS to reverse proxy to a backend server using the URL Rewrite module and the Application Request Routing (ARR) module. The first problem I encountered was that when using the “Reverse Proxy” wizard/template under URL Rewrite, it kept blowing up, giving me an error 500. The solution for this was to first go to “Server Variables” and add “HTTP_ACCEPT_ENCODING” as an allowed server variable. Next, I had to go into the configuration and set HTTP_ACCEPT_ENCODING to be passed to the destination server with an EMTPY value. You can’t do this direction from the configuration screen, because that demands a value. You can do it in web.config (or anywhere in the configuration chain). I did it by going to the “configuration editor” in IIS Manager to edit the value raw with no validation.

The next problem was much trickier. The reverse proxy template was able to handle carrying over SSL just fine to the backend server, but when I tried to access those links, it would blow up, giving me an error 502.3. Turning on detailed error reporting showed me an error code of 0x80072f0c and the text “HTTP Error 502.3 – Bad Gateway”. Full details showed more confusion under “possible causes”:

The CGI application did not return a valid set of HTTP errors.
A server acting as a proxy or gateway was unable to process the request due to an error in a parent gateway.

This made no sense to me at all. After hours of work on this issue, I finally found the problem. The virtual directory on the destination server (the one BEHIND the proxy) had been set to “Accept” client SSL certificates; this needs to be set to “Ignore”. While the site itself was set to “Ignore”, the virtual directory had been created with “Accept”, causing the problems.

J.Ja

Something that has been driving me bonkers in Windows 7 is that apps that used to minimize to the system tray, like Skype and Live Messenger, now have a full taskbar icon. I never could figure out how to get this solved, but I came across a solution today… go to the program’s executable, and bring up the properties. Select compatability mode, and choose “Vista Service Pack 2″. Restart the application, and it will now properly minimize to the system tray. This has been my one major annoyance with W7 so far, which is a pretty good track record in my book.

J.Ja

A few days ago, a vendor gave me a demo using Mikogo (good service, by the way). Like many similar screen sharing systems, it set my system to the “Windows Basic” settings and turned off Aero. Unfortunately, after I quit the application, it was still keeping my system in Windows Basic. A restart didn’t solve it. The Aero troubleshooter said that there was something using a mirror diver, but it wouldn’t say what, and no suspicious apps were running. After doing some research, I found an article about programming with mirror drivers that gave me a clue. On a hunch, I went to Device Manager, and sure enough, two new display devices had been added (bother said “Mirage Driver”, and one was showing an error). After uninstalling both devices and restarting, Aero worked fine.

J.Ja

One of my big projects with my personal server setup, was to turn my current physical FreeBSD server into a Hyper-V VM. Why would I do this? Don’t ask, because I don’t want to start a religous war here… let’s just say that as much as I like FreeBSD for a lot of purposes, I do not like living with it as a sys admin without a paycheck attached.

So, here’s how I went from FreeBSD on a physical machine (garbage x64 hardware) to a Hyper-V VM (Windows 2008 R2 on garbage x64 hardware).

1. Upgrade the FreeBSD machine to version 8.0-RELEASE. This is mandatory.
2. Get Hyper-V installed and configured, including enabling Intel VT in the BIOS.
3. Shut down both machines. Transfer the physical hard drive from the FreeBSD machine to the Windows 2008 R2 machine. Turn on the 2008 R2 machine, and verify in Disk Management that the transferred drive is visible.
4. Create a new Hyper-V VM for the machine, but do not specify a hard disk. Go back into the settings, and remove the NIC that was put into the VM. Do “Add new hardware” and select “Legacy Network Adapter”, and connect the new NIC to the network of choice.
5. Create a new virtual disk. Select “Fixed” type, and on the next page in the wizard, tell it to copy the contents of a physical disk. Choose the disk you transferred from the FreeBSD machine.
6. Go eat dinner, walk the dog, read a magazine. You’ll be here a while during the disk copy. To be on the safe side, go download the “Live FS” FreeBSD ISO appropriate for your installed FreeBSD version.
7. Once the new virtual disk has been created, go back into the VM settings, move the optical drive to postion 1 on the IDE chain, and then add the newly created disk to the VM on position 0 on the IDE chain.
8. Start the VM. If you receive errors like “Invalid slice”, you need to do the following:
   1. Insert the Live FS ISO into the virtual DVD drive and reboot the VM.
   2. Go to “Configure” and then “Fdisk”. Set the main drive slice (the big one) to be bootable, and then press “W” to write the information to disk. Before it writes, it will ask about a boot loader; choose the standard one, unless you have a good reason not to and know what you are doing.
   3. Exit the Live FS system, eject the ISO, and reboot the VM.

   This should take care of the “bad” boot loader.

9. If the physical disk in the original server was not device “ad0″ (for example, it was a SCSI drive or a RAID 1 member), then the system will spaz when you boot and drop to single user mode. Not to worry! In single user mode, do the following: (note: if you can’t even get into single user mode, boot off of the Live FS CD and use the “Fixit” shell)
   1. Re-mount the root partition as writeable with:mount -u /
mount -a Likewise, mount /usr and /tmp with:
      mount /dev/ad0s1f /usr
mount /dev/ad0s1e /tmp
   2. Now you can actually use your text editor of choice to edit /etc/fstab and set the references to the old drive to be references to the new drive as ad0. Do that and reboot.
10. You are in the home stretch now! You should be booted into FreeBSD, albeit a crippled one, because the NIC isn’t configured. Go edit /etc/rc.conf and change the reference to your old NIC to be a reference to de0 (the NIC that Hyper-V provides). Reboot again, and you should be done!

This is what I did… it might not work 100% for you, for better or for worse.

J.Ja

It’s hard to believe that it was less than a year ago when higher end netbooks still commanded $600 and maybe even above.  But if you bought a netbook in the last month or two for $400 or more, this is a good time to kick yourself.  Last week a premium netbook should fetch well below $400, but that market just died with the arrival of cheap $400 Acer Aspire AS1410-2285 ultraportable.

The AS1410-2285 has the following notable specifications.

• Dual-core 1.2 GHz SU2300 “CULV” processor
• Intel GMA 4500MHD graphics chipset
• 11.6″ LCD w/LED backlight
• Full size keyboard
• Windows 7 Home Premium x64 edition
• VGA and HDMI port
• 6-cell battery
• Gigabit Ethernet and 802.11 a/b/g/n
• 0.87″ to 1.18″ thick and 3.08 lbs
• 160 GB 2.5″ SATA HDD
• 2 GB RAM
• Two real mouse buttons instead of a cheap imitation MacBook button that works like garbage.
• Did NOT see anything about BlueTooth but you can buy one of those tiny dongles for $10 or less if you get a bargain.

This is the sort of specification that would have probably fetched close to $2000 just two years ago but the “race to the bottom” has been won by Acer.  While I’m sure this saddens those in the notebook industry, consumers are rejoicing.  I saw an ad over this weekend for a netbook with Windows 7 “Starter Edition” for $368 so I feel for the poor guy/gal who buys it.

It’s worth noting that the HP Mini 311 netbook with NVIDIA Ion still sells for $400.  While the NVIDIA Ion LE graphics chipset in the Mini 311 is about 79% faster than the GMA 4500MHD in 3DMark2006, the Atom CPU in the Mini 311 CPU is slower than a dual-core 1.2 GHz SU2300 especially for multi-thread optimized workloads.  So which product is better depends on your preferred workload, but I personally don’t take gaming on netbooks too seriously.

I put together a Windows Server 2008 R2 box over the weekend (my old Vista machine is now the server). I spent part of today working on trying to do a P2V conversion of my FreeBSD server to bring it onto the box in Hyper-V. At first, I tried using Acronis Home 2009 to clone the disk, then re-clone into the VM, like I’ve done before. For whatever reason, it did not like the RAID in the FreeBSD box, and wouldn’t read the data from it. Along the way, I decided to prep the new Hyper-V VM, and lo and behold, I discovered it’s super new feature: when creating a new virtual hard drive, you can copy an existing physical drive (not “file system”, the entire drive!) as the contents of the virtual drive. This means that you can take the disk out of the old system, hook it up to the new system, clone it into the VM really quick, and be on your merry way. The only real drawbacks are that you cannot do a dynamically expanding disk like this, so the new VHD is the same size as the physical disk it was clone from (although it will be fast), and that it takes forever because it does a sector-by-sector copy of the disk. While this is still not a proper substitute for a true P2V agent-based conversion, this is pretty darned close, especially for OS’s that are not mainstream enough to justify someone writing the conversion agent.

J.Ja

The Windows SMBv2 zero-day vulnerability (disclosed vulnerability with no software fix) appears to be more dangerous than initially thought.  The vulnerability does not affect the Release to Manufacturing (RTM) version of Windows 7 or Windows Server 2008 R2, but it does affects Windows Vista and Windows Server 2008.  The danger is no longer just a system crash or reboot, it can lead to a full system compromise.

In the absence of a patch, Microsoft released some instructions for disabling SMBv2.  For your convenience, I’ve packaged two REG files that you can download that enable and disable SMBv2 in Windows Vista and Windows Server 2008.  So until a software patch is available, you need to disable SMBv2 double clicking the disable-SMBv2.reg file and then rebooting.  The workaround does not break your ability to serve files, but it does reduce your SMB file serving speeds down to Windows XP and Windows Server 2003 levels which would result in a moderate decrease in performance.  When the patch becomes available and you have applied the patch, just run the enable-SMBv2.reg file and reboot.

Jason Perlow at ZDNet has written a very good summary of the disaster with CentOS. To save you the click through, what has happened is that Lance Davis, the founder of CentOS totally disappeared for a year. No phone calls, emails, nothing. Meanwhile, all of the domain name registrations were in his name, the IRC channels were under his accounts, as well as the passwords for the PalPal account. So for a year, the organization has not had access to the funds that people have contributed to the project and cannot make any major changes to anything. One of my biggest fears with some open source projects (not all of them, of course), is the “hit by a bus” syndrome. For example, if Linus Torvalds suddenly disappears like Mr. Davis did, then I gaurantee you that Linux will fall into complete disarray as people scramble for power. On the other hand, any one person involved in FreeBSD could vanish, and the project would keep humming along.

This is not to say that commerical software vendors are immune from this either. Apple is a great example. Without Steve Jobs, they are nothing. Their stock price depends more on his personal health than their sales numbers. But for every Apple, there is an IBM or a Sun or an Oracle. Heck, I’d argue that Sun would have been better off without Jonathan Schwartz for quite some time now. Microsoft, despite being Bill Gate’s company through and through, managed the transition to Steve Ballmer very well; even though it took years to ease Gates out, I am sure that he could have become suddenly and permanently indisposed, and products would have still shipped when they did.

But open source projects, for better or for worse, are much more prone to not be set up like an actual business and rely too heavily on a single individual or a few people. Which leaves them wide open to these kinds of problems. My advice? Learn a bit about a project before commiting to using its products. You should be doing this anyways, to ensure that the community can give you the support you need, the development roadmap and timelines work for you, and so on. Add “what’s the organizational structure like?” to your due dilligence checklist, and you should be fine.

J.Ja

If you’re going to be installing BlackBerry Enterprise Server (BES) 5.0 on a Windows Server 2008 machine, you better be ready to call technical support or read this blog post at a minimum.  I spend 5 hours on the phone with BlackBerry customer support over the course of two days to work out all the installation problems that should have been automated by the installer and documented in the pre-installation guide.  I will give Research In Motion support credit for helping me through these problems.

The main different between BES 5.0 and BES 4.1.x is that the administration interface is Java and ActiveX web based only, which irritates me to no end.  BES 4.1 gives you a real interface that works without a browser and isn’t dependent on some complicated JBoss+Apache web server setup.  This web based aspect of BES 5.0 was the source of some major installation and configuration headaches.  With BES 4.1.x, you don’t have to put up with any of this nonsense.  The reasoning behind 5.0 using a web administration interface is that now the users can manage their own BlackBerry Enterprise accounts though I really didn’t need this feature.

Just getting the basic preparation work done for a BES 5.0 install is daunting enough because you have to go through this pre-installation guide.  That involves setting up a BES service account, the local server permissions, the active directory permissions, the exchange server permissions, and other software that needs to be pre-installed.  It gets a bit confusing and I definitely recommend just using the SQL Server 2005 express they include in their BES 5.0 installer and then you don’t have to worry about additional JDBC drivers for remote SQL databases.  Don’t bother installing SQL express yourself as it will only make things more complicated.  You will need to install the Microsoft Exchange MAPI client before you install BES.

One pre-installation step that is missing is that you need to make sure that IPv6 on Windows Server 2008 is disabled.  Un-checking IPv6 in the network interface is not sufficient, and you’ll need to follow the instructions in this Microsoft KB article (Jeremy in the comment section below pointed out that the updated KB article is here) and edit the registry.  [NOTE - Disabling IPv6 will break Windows Small Business Server (SBS) which means you don't mix BES with SBS].  Once you’ve done this along with all the other pre-installation procedures above, you can proceed to install BES.  Note that during installation, be sure to select BlackBerry Server authentication for the web administration interface and not Active Directory (AD) integrated authentication.  BlackBerry technical support couldn’t figure out how to get this working and they told me to reinstall from scratch on a clean machine and don’t use AD authentication for web administration.

There’s more pain after you’ve completed the whole installation.  The web administration interface also needs access to the SQL database which doesn’t work out of the box and can frustrate you to no end.  Because the BES installer didn’t bother to nail down the SQL ports from dynamic to fixed TCP 1433, the web admin page refuses to come up.  You need to go into the SQL Server Configuration Manager and manually set the TCP ports to 1433 as shown below.

Internet Explorer 8.0 in Windows Server 2008 also requires you to enable “compatibility mode” for the administration page and you must also put the administration URL in the trusted site list.  The other problem you’ll find is that because the BES 5.0 installer generated its own SSL certificate rather than using the one that is either already on the server or easily obtained in a Windows network environment with a Certificate Authority in place, the browser throws up error messages that it doesn’t trust the SSL certificate.  You can fix this by right clicking on Internet Explorer and choose “Run as administrator”.  Then you can view the certificate and install it.  However, it’s installed in the wrong place in the personal user certificate store and you’ll have to export the certificate and import it into the computer certificate.  A better option is to import the certificate into Active Directory trusted certificates using this procedure I wrote up in 2006 and that solves your problem for every computer within the active directory that needs to use the BES web administration page.

Anyhow, it’s all working for me right now and I hope this document helps you avoid the headaches I went through.

I finally put my finger on what drives me nuts about KDE. It’s so petty and trivial: all of the applications insist on starting with the letter “K”. Not only is it absolutely ridiculous, but it makes finding anything impossible. “KEdit”, “KMail”, etc. It reminds me of the “Mortal Kombat” games. KSeriously.

J.Ja