D-Link DWL-G730AP Mini Wireless Connection

Written on December 12, 2009 – 10:39 pm by Jeff Huston

Well, I’ve got a bit of a situation.  I’ve got a new laptop that is running Windows Server 2008 and Hyper-V.  The facility in which I am working supports a wireless network.  Unfortunately, the wireless network is set up in a way that is less than favorable to the capabilities for wireless networking in the WS2008 operating system.

To help work around this, I recently purchased a D-Link DWL-G730AP pocket router and access point.  This little unit is fairly versatile and has three different modes of operation.

Read the rest of this entry »

Categories: Equipment Reviews, Networking | Tags: | No Responses

Verizon MiFi 2200

Written on November 23, 2009 – 10:09 am by Jeff Huston

Well, one of the organizations that I’m working with had an issue with a lack of reliable Internet access in order to run a web-based application.  The situation is that they are located in a historic building in downtown McKinney, TX.  Because it is a public building, the Internet service that they were using was based on what the city would provide.  That service has been hit or miss (mostly miss).  So, I purchased a Verizon MiFi 2200 in an attempt to resolve their access issues.

Read the rest of this entry »

Categories: Equipment Reviews, Networking | Tags: , , | No Responses

Kerberos Primer, Part I

Written on November 13, 2009 – 6:38 pm by Jeff Huston

Although it is a critical part of Windows Active Directory authentication, the Kerberos protocol is often misunderstood in how it functions.  Because of the critical nature of the protocol to AD, it is crucial that all system administrators know this protocol and the methods available for troubleshooting it.

Read the rest of this entry »

Categories: Active Directory | Tags: , , , | No Responses

Method for Calculating Site Link Costs

Written on October 30, 2009 – 2:28 pm by Jeff Huston

There are many mechanisms out there that, for routing purposes, assign a cost to a particular route or connection in order to evaluate the best path to take in getting data from point A to point B.  The following is a basic calculation that takes into account bandwidth and latency in attempt to provide a reasonable cost associated with a particular path.

Read the rest of this entry »

Categories: Networking | No Responses

Using Subject Alternate Names in Active Directory Certificate Services

Written on October 30, 2009 – 2:22 pm by Jeff Huston

AD Certificate Services does support the generation of certificates that have subject alternate names (SAN) defined for them.  However, this feature is not enabled by default and must be explicitly enabled.

Read the rest of this entry »

Categories: Active Directory | Tags: , | No Responses

Active Directory across a Firewall

Written on October 30, 2009 – 2:16 pm by Jeff Huston

To access Active Directory across a firewall, the following table lists the required ports that must be open from the client system to the domain controller.

Read the rest of this entry »

Categories: Active Directory | Tags: | No Responses

MIF File Format for Program Execution Status

Written on October 30, 2009 – 1:58 pm by Jeff Huston

SCCM can use MIF files to determine the success or failure of an installation.  After a program has finished executing, SCCM will look in the %windir% and %temp% directories for new MIF files (created after the time of the program execution start) and then match them on any or all of the following criteria:

  • Name of the MIF file (only need to specify the name portion, leaving off the “.MIF”, in package properties)
  • Publisher
  • Name
  • Version

Read the rest of this entry »

Categories: Configuration Manager | Tags: , , | No Responses

MIF File Format for Extended Inventory

Written on October 30, 2009 – 1:49 pm by Jeff Huston

SCCM can collect MIF files to extend hardware inventory collected for a computer.  Generally, MIF files are generated by some other process and are then collected during the hardware inventory cycle.  MIFs are generally used when the data to be collected must be processed into a readable form prior to collection or requires API calls to obtain the data (such as when the data isn’t available via WMI).

Read the rest of this entry »

Categories: Configuration Manager | Tags: , , | No Responses

Fiber Channel Summary

Written on October 30, 2009 – 10:50 am by Jeff Huston

This is a quick summary of what Fiber Channel is and some of the terms associated with it. Essentially, Fiber Channel is a high-speed block-based storage access mechanism similar to SCSI, SAS, and ATA/SATA. It is called Fiber Channel because it was developed, ostensibly, to be connected over fiber-optic cables (although there is a specification that uses copper cabling). Fiber Channel is standardized by the T11 group from IEEE (http://www.t11.org).

Read the rest of this entry »

Categories: Uncategorized | Tags: | No Responses

Exchange Protocol Options

Written on October 30, 2009 – 9:49 am by Jeff Huston

Exchange stores settings relating to what protocols and clients are enabled for a user in the multi-valued protocolSettings attribute on each account.  Each entry in the attribute is a multi-item array joined by the character 0xA7 (167).  The first item in each array is the protocol type followed by (generally) 0’s and 1’s indicating particular options that are enabled or disabled.  What follows is a summary of the intepretations of these values.

Read the rest of this entry »

Categories: Exchange | Tags: , | No Responses

Exchange ActiveSync Attributes

Written on October 30, 2009 – 9:24 am by Jeff Huston

Exchange Outlook Mobile Access and Exchange ActiveSync are controlled by the same attribute on each user.  msExchOwaAdminWirelessEnable is the attribute. 

Read the rest of this entry »

Categories: Exchange | Tags: | No Responses

UserAccountControl Attribute in Active Directory

Written on October 30, 2009 – 8:58 am by Jeff Huston

The UserAccountControl attribute on user and computer objects is a bitmask.  Here’s a quick summary of the flags and their meanings:

Read the rest of this entry »

Categories: Active Directory | Tags: | No Responses

16 Hours Remaining

Written on October 29, 2009 – 8:45 am by Jeff Huston

Just 16 short hours remaining at my current assignment.  My desk is cleared out.  My data transferred to those who need it.  Just sitting here enjoying the view for once.

Categories: Personal | No Responses

End of an Era

Written on October 23, 2009 – 10:00 am by Jeff Huston

Well, the time is quickly approaching for me to leave the security of the organization that I have worked with for the past nine years and to head out on my own.  It was very surreal to write out that letter of resignation.  I’m looking forward to the future, as uncertain as it is, knowing that I have a fantastic set of people around me who are actively encouraging me and cheering me on.

This is a large change in my life.  In addition to a change in employment, I’m also finalizing the move to Texas.  I will finally be able to rejoin my family.  We’ve been apart since early August and I’ve missed them terribly.  I’m looking forward to being with them once again.

I have one week left at my current job.  One week to finish what I’m doing, get things handed off to others, and to pack up the many, many personal items that have accumulated over the years.  Not enough time.  It is never enough time.  I am sad at leaving, but excited about what awaits.  That’s a very strange feeling.  It is a tough place to be.  I want to be on the other side of this mountain pass, but I still have to face the climb and cold weather at the summit.

I will still be traveling to Seattle – still working for people that I know.  I will still be able to see my friends and workmates when I’m in town.  I just need to make sure that this happens.  That I stay connected with them.  I don’t want to lose those relationships (and they’ll probably need the time to pick my brain about some obscure fact that wasn’t transferred out before I left).

Categories: Personal | No Responses

Little League – Back in Swing

Written on September 16, 2009 – 12:58 pm by Jeff Huston

Well, the Fall season of Little League has started back up. I’m behind the plate again and loving it. I forget how little these kids are in the Fall season (we have 8 and 9 year olds playing at the Majors level). My legs are paying for it (you try doing full squats for two hours and see how it feels). Ah well. In a week or so, my legs will be back in shape and I’ll be just fine.

I’m looking forward to getting out there and calling more games!

Categories: Little League | Tags: , , | No Responses

40 Questions that Change Your Life

Written on September 16, 2009 – 12:34 pm by Jeff Huston

Well, I finally went off and did it.  I took my first Microsoft Certified Professional exam.  Passed it too.  Boy was that nerve-racking.

I’ve been doing this whole IT thing for 18+ years now.  I’ve seen LAN Manager (running on OS/2!), Novell NetWare, Windows for Workgroups, and on from there.  I’ve used NetBEUI, XNS, X.25, IPX/SPX, and TCP/IP.  I remember when I first started at Microsoft, my email was still on an old Xenix host.  We had a dumb terminal (!) sitting around the corner from my desk that could be used to log in and read email.  This was all well before Microsoft Exchange.  This was before Microsoft Mail.  Man, I’m old!

Having done the IT thing for so long, I’ve just never felt the need nor had the time to actually get certified.  So, with the time available and a job change coming up, now was the time.  I got the study materials on my own and paid for the exam out of my own pocket,  I studied and took the practice tests.  Turns out that the practice tests test on a lot of stuff that, simply, never comes up.  Who the hell uses Windows Backup in an actual enterprise environment anyway?

I arrived at the testing site at 8:05 AM.  My test didn’t start until 9:00.  I really gauged traffic wrong.  I don’t normally drive around the eastside during that time, so I wanted to be early.  Just not that early.  So, with nothing to do – I sat in my truck and read a magazine.  I didn’t bring any study materials with me in the truck – so no last minute cramming.

Finally managed to get in to the testing room at 8:55 and sat down at the terminal (after showing my two forms of ID, signing in my name, guaranteeing to the proctor that I wasn’t carrying any electronic devices nor that I had a cheat sheet tied to my calf, hidden away under my pant leg – the body cavity search was uncomfortable).

Before me lay the start of the exam.  40 questions.  40 answers that would determine if I actually knew what the hell I had been doing for the last 18 years.  40 clicks of the mouse that would determine if I was just someone who could bull shit my way through life or not.  No pressure there!

The first question appeared.  It was one that I knew the answer to.  Great!  This’ll be easy!  The next three questions where the same.  Whew!  That’s a relief!  Then came question 5.  Because of NDA, I cannot tell you what the question was.  Suffice to say, I was being asked a question for something that I had never dealt with or done.  Time to BS my way through it.  There were, thankfully, only two more questions of that nature in the rest of the test.

I got to the end and said “I’m done”.  Then, I waited.  And waited.  And waited.  Big blank white screen in front of me.  Waiting for my future to be decided.  Waiting to know if I was royally screwed.  Here come the nerves again!

Then, a little gray box appears.  “You have passed”.  Thank goodness!  Vindication!  I’m truely a smart person!  Yay!

Now it is time for me to move on the to the next exam.  Time for me to start studying…

Categories: Personal | Tags: , | No Responses

Rules, Rules, and More Rules

Written on September 8, 2009 – 8:59 pm by Jeff Huston

Okay, so anyone who has dealt with local sports leagues may hear various terms about rules.  Even going from one league to another, some of the rules are different.  Here’s a low-down on where rules come from and how they are assembled into one cohesive set for use during a game.  Although I’m talking about baseball and softball here, the same stack applies to most other sports.

Starting and Absolute Rules

Generally, the rules of the game start with the official rulebook provided by the organizing committee for your particular brand of baseball or softball.  Organizations such as Little League, Pony, ASA, NCAA, NFHS (aka FED), and Babe Ruth/Cal Ripkin all provide their own rulebooks.  Generally, these rules cannot be, well, overruled.  They are the absolute rule.  Some organizations do, however, provide either options (pick A or B) or do allow certain rules to be superceded.  Most organizations allow for rules to be established further down to apply limits to play, usually based on the level or capability of the players.

Many times, organizations provide slightly different rules between tournament play and regular season play.  Some organizations also provide different rules for training seasons to allow for greater flexibility on the part of the local levels to provide for their players.

Some organizations will provide these rules for free.  Others will charge a fee for a book that you can buy.  Some may not provide the rules outside of coaches and umpires.  This varies from organization to organization.  Here are links to some of the organizations and their rules:

District / Interleague Rules

Based on the organizational hierarchy, you may have an administrative district that oversees several leagues.  Generally, these districts do not impose rules except for interleague play (or the season end tournaments where multiple leagues participate).  These interleague rules overrule any local league rules and are used instead of them.  Local league rules do not apply in interleague play – only the district provided interleague rules apply.

Typically rules from the district on down are available for public review, if requested.

Local League Rules

Each league generally has the right to establish local league rules.  Often, these are referred to as house rules.  These rules typically identify things such as which teams provide umpires, which options out of the rulebook have been chosen, as well as any rules that have been overridden.

Field Rules

Each field of play may also have its own set of particular rules.  These are referred to as ground rules.  Typically found here are rules that cover particular situations or oddities of the field of play (such as a tree in deep center field).  Also, there may be rules here governing food or drink in the dugout.  Any time limits associated with play are also usually found here.  (Typically, no time limits may be established on the competitive levels of play, but the field itself may dictate usability of the field, especially with multiple games scheduled on the same field).

Categories: Little League | Tags: , , , , , , , , , , , | 1 Response

Troubleshooting Presence Unknown in OCS 2007

Written on September 4, 2009 – 3:40 pm by Jeff Huston

Another issue in OCS 2007.  A user logs in okay into Communicator (or CWA) and displays her presence just fine.  However, all of her contacts have a status of Presence Unknown.  Reboots, exits and restarts.  Nothing seems to get it to go.

Here’s what is seen in the diagnostic logs (SIPStack, all flags on and UserServices, all flags on).  The user will send a SUBSCRIBE request for her roaming contacts (Event: vnd-microsoft-roaming-contacts).  After looking up the contacts in the database, the server responds with her buddy list, but without presence information for those contacts.

Normally, the server would respond with the contact list and the contacts’ status and information all in one go.  The question is – why isn’t this happening and why is it isolated to this user?

So, away I go back into the log files.  Analyzing the SIPStack trace in Snooper shows the SUBSCRIBE request and the resulting SIP/2.0 200 OK responses containing the contact list.  Snooper is good at highlighting all messages for a conversation when any one message is highlighted.  The key bit of info here is the timestamps so that the data can be found in the verbose log file.

The problem turned out to be related to the stuck database transaction I mentioned in the previous OCS troubleshooting article.  Once the database was rebooted, the transaction was cleared off and the system started to work normally.

In reviewing the log files, I noted the subscription being entered (as far as the front-end was concerned) – just no actual response back.

Categories: Communications Server, Uncategorized | Tags: , , , | No Responses

Troubleshooting Failed Login in OCS 2007 R2 (480 TEMPORARILY UNAVAILABLE)

Written on September 3, 2009 – 5:20 pm by Jeff Huston

Okay, so I had a weird issue.  A user would sign in to Office Communicator 2007 R2.  Their login would fail.  Not terrificly unusual, but when digging in to the trace log on the client, the trace went like this:

Client: REGISTER

Server: 401 UNAUTHORIZED (Normal since anonymous login isn’t allowed and that kicks in the Kerberos authentication)

Client: REGISTER (with the Kerberos blob)

Server: 480 TEMPORARILY UNAVAILABLE

What?  What the heck is temporarily unavailable mean in this context?  Scratching my head, I had to go about getting in to some really detailed logging.  First, I needed a known working client that I could base my findings against.  Here’s the normal SIP conversation:

Client: REGISTER

Server: 401 UNAUTHORIZED

Client: REGISTER (with the Kerberos blob)

Server: 200 OK

Client: SERVICE …

I’m interested in seeing what is going on between that second REGISTER message and the resulting OK response.  I used the diagnostic logging on the pool and enabled logging for the SIPStack (all trace flags turned on) and the UserServices (all trace flags turned on) components.  I enabled a filter for just the URI of the account I was interested in tracing (which filters the SIPStack log file but doesn’t seem to affect the UserService log).

I start out with the Communicator client signed out.  IMPORTANT!  Clear out all of your old log files before starting logging since the analysis will include those old files.  I start logging, sign in on Communicator (wait for it to actually start to display my contact list), and then stop logging on the server.

I analyze the log files (specifically the SIPStack trace).  This lets me find the SIP messages and, more importantly, the timestamps associated with them.  Those timestamps are used to locate the area of interest in the raw log files.

First, I check the SIPStack raw log files and locate the timestamp of the second REGISTER message.  Lots of data there, but the key part are the log entries for the CAUTH* components.  This is where you see that the user was successfully authenticated or not.

Once found and proven that authorization against AD is fine, search down from there for the phrase UserServices.  You should see that the SIPStack is setting the authorizor to www.microsoft.com/LCS/UserServices.  Continue the search and you’ll see that the SIPStack is going to call over to UserServices to find the user in the database.

There are some back and forth messages between the SIPStack and UserServices components as they populate data from the SIP message into a query that can be performed against the database.  Keep searching for UserServices to follow along.

The first query is to see if the endpoint already exists in the database (I suppose to see if this is a re-login type event).  Normally, no endpoint is found.

Next, UserServices proceed with the REGISTER portion and work to register the endpoint into the database.  Shortly after the registration is completed successfully, there should be a CISIPResponse::SetStatusCode:ISIPResponse.cpp message where the status code is set to 200.  This is the start of the return message to the client.

All of that is “normal” processing for a login.  For the failed user who was responding with a 480 TEMPORARILY UNAVAILABLE, here’s what was found.

Essentially, I searched for the text [480].  That got me to the first part of the conversation where it was decided that there was something temporarily unavailable.  Scrolling up from there, I found the problem.

Turns out that there was a database error when the system was calling the RtcUpdateEndpoint stored procedure.  The database error text is:

RtcUpdateEndpoint sproc execution failed : ExecHr = [hr=S_OK], NativeError = [52051], NativeErrorSeverity = [11], NativeErrorLineNumber = [21], NativeErrorSqlState = [1], OdbcSqlState = [42000], ErrorText = [[# [Microsoft][SQL Native Client][SQL Server]###52051:RtcUpdateEndpoint:Timed out waiting for applock for a publisher. #

This aligns with the failure reason given in the SIP/2.0 480 Temporarily Unavailable message ultimately delivered to the client:

Publisher lock request timedout

So, what could the real problem be?  I dug into the stored procedure to find out what it does and where the problem may lie.  In the procedure, the only reference to the term applock was a call to the procedure rtcdyn.dbo.sp_getapplock.  This looks to be the correct procedure to further investigate since the error code resulting translates into error 52051 (also the only reference to that number in the RtcUpdateEndpoint procedure).  So, it appears that we cannot set up an applock in the rtcdyn database in order to update the endpoint.

The lock resource name is publisher_ResourceID where ResourceID is the primary key of the entry in the rtc.dbo.Resource table that matches the SIP address of the item asking for the lock.  Since the ResourceID is easily discoverable, it is a simple matter to view the application locks in the database (the rtcdyn database) using the sp_lock stored procedure.

Lo and behold, I found the lock there.  Unfotunately, there’s doesn’t seem to be a method to remove that application lock.  The fix, then is to restart the SQL Server service.  By shutting down, all pending transactions are rolled back and all locks are removed.  That seemed to fix the problem for these users who were getting the 480 error.

Categories: Communications Server | Tags: , , , | No Responses

High Definition Non-Linear Editing Part 2

Written on August 31, 2009 – 10:58 am by Jeff Huston

Well, I gave the ArtistX 0.7 Live CD a try.  This had Cinelerra, Kino, and Kdenlive on it.  Cinelerra and Kino both did not have AVCHD format handling.  I found some methods out there to effectively transcode the video into formats that can be consumed by those editors, but the overhead (in terms of time and complexity) makes it a difficult choice.

Kdenlive did have support, however, for the AVCHD format.  Point for them.  However, the version that I was using on the ArtistX Live CD did not have the ability to insert transitions between clips.  Weird.  Not sure if they are not available yet or if the ArtistX distribution just has an old version.  In either respect, the KdenLive support for AVCHD isn’t quite there.  My 40 second test clip ended at 37 seconds.  I think that there may be a bug in how it handles the long-GOP sequencing and wasn’t able to complete the last little bit of the video since it was a partial GOP.

So, back to Windows.  Pinnacle Studio Ultimate has support for AVCHD, but not for multiple video tracks.  Playback and editing is super slow for Pinnacle.  It has really cool effects that it can bring to bear, so I don’t want to discount it out of hand – it just cannot do all that I want it to do.

I did, however, find CyperLink PowerDirector v9.  This appears to be the best compromise between the “ease of use” camp and the “professional” camp.  It allows for multiple tracks but only sort of.  The additional tracks are “picture in picture” (using their terminology).  The plus side is that there is an alpha channel that is part of that and I can have up to 9 of those tracks going over the normal video to video + transition tracks.

The real plus, however, for PowerDirector is speed.  On my little Dell M1330 laptop, it played back AVCHD files almost flawlessly in the previews.  It does a background conversion of the file into a temporary format for previews and other needs.  This makes it much easier to work with for normal editing.  Additionally, they have the ability to use the GPU to actually do some of the work (for the latest nVidia and ATI cards), making rendering effects just that much faster.  My laptop does not have one of the support GPUs, but still it was quite a step up in performance over Pinnacle.

Another bonus for PowerDirector: Free Trial.  The cost is reasonable ($100), but the fact that they give you a slightly crippled 30-day free trial is a bonus.  It lets you try out the features and see how well you can work in it.

The ultimate solution will probably be a mixture of components – Microsoft Expression Design for creating the static graphic elements and overlays with the alpha channel (to be used in the Picture in Picture tracks); PowerDirector as the main editing tool with Pinnacle available for some of the expanded effects; and then output to whatever format is best for viewing.

The output format is something I’m still trying to decide on.  I’ll blog more on that as I go along.

Categories: Personal | Tags: , , , , | No Responses