Restless C#ding

I'm surprised at the changes I'm still discovering in IIS 7.5 in Windows Server 2008. I've managed quite a few Windows Server 2003 boxes over the years, and now I'm exclusively on 2008 boxes. One of the recent surprises I ran into was just how different it is to set up SSL on a hosted site in IIS 7.5 . This was not exactly a simple task on previous versions of IIS, but it had become comfortable if only by rote.

Getting close is intuitive enough -- open up Information Services Manager, and click on the site you want to work on. You should see an SSL settings icon, but if you click on it, you'll get a surprising message:

"The site does not have a secure binding (HTTPS) and cannot accept SSL connections."

While this seems like an annoyance, it's actually a very powerful addition to the functionality that can be hosted from IIS. You want to handle FTP? Add an FTP binding and a managed assembly. Your own proprietary protocol? Go for it!

Back to the issue at hand, how to enable secure binding for a website. All you need to do is right click the site to edit, and choose "Edit Bindings". From here, choose "Add", and select "HTTPS" from the list, assign to the IPs du jour, and pick your certificate. I won't get into certificate generation / purchasing in this article, but there's a self-signed one installed by default that can be used provided a browser warning is not too intrusive for your purposes. 

Keep in mind that for a client-facing site, you should always have a legitimate signed certificate to maintain a professional atmosphere.

Once this is done, you can optionally go back to the SSL settings, and force a site to only function over SSL if that's your ideal scenario.

Your site should now be functioning over SSL.

I've been trying to restore my development virtual machine in order to test out some apps, and found out the vmware image must have gotten corrupted. So Windows Home Server backs up all my machines, but in this case wouldn't restore all that well -- yielding a no-boot scenario. So after replacing the Home Server Restore disk with the Windows 7 install disk and booting, I expected to just adjust the boot partition location in BOOT.INI, but was surprised to see that had been done away with.

In it's place is a new command line tool "BOOTREC", but there's requirements on it actually being able to poll the active drive paritions ("active" being the key here).

This link shows how to fix the boot partition for Windows 7. Notice the difference between the legacy use of the hidden, system, readonly BOOT.INI with a command line app.

 http://social.technet.microsoft.com/Forums/en/w7itproinstall/thread/7791044e-db7f-4144-a96c-945299811f58

Now for me, the initial bootrec command wouldn't let me rebuild the boot configuration, instead giving an "element not found" error. Insead, the DISKPART instructions in the post about setting the active disk partition allowed me to get to an BOOTMGR not found error. 

Now Kevon Walcott's solution didn't work on it's own for me, but was the first step:

 

Diskpart

LIST DISK

SELECT DISK (followed by the number of the disk . most likely 0)

LIST PARTITION

SELECT PARTITION (followed by your partition number. most likely 0)

ACTIVE

EXIT

Second step was from Vivian Xing [MSFT], and rebuilt the boot config for the drive itself and the boot list:

 

Bcdboot C:\windows

 

NOTE: Replace C with the drive letter where the system is installed.

 

BOOTREC /FIXMBR

BOOTREC /FIXBOOT

BOOTREC /REBUILDBCD

BOOTREC /SCANOS

 

Rebooting gave me a "BOOTMGR is missing" error. Bouncing the machine a 3rd time, and using the windows system recovery option to repair the installation at least let me try. However so far, the error "BOOTMGR is missing" is still present. So far, Win7: 1, Me:0.

 

Restarting the VM and again rebooting into windows system recovery gave me the message that the disk I was trying to repair with was not the right media for the installation (note: took a bit to realize the installation was Win7 Pro x64, and I had Win7 Ultimate media in the drive).

 

Putting the right media in this time, and now it's just saying Windows. Use the command prompt, bcdboot c:\windows AGAIN, and choose startup repair again. More repeated failures, and another restore from home server -- this time adjusting the partitions in Disk Manager in the restore window.

 

 

Oh boy is this one fun... so you like having your VMWare images (virtual machines) on a separate hard drive, so they run faster. You have your PC's OS hard drive on different physical hardware than the VMWare image. Here comes the fun part -- you love the portability of being able to move the hard drive from machine to machine, running the virtual machine on both VMWare Workstation and VMWare player. You suspend your VM when you're done for a while, and resume it later on, sometimes on a different PC. You always safely remove your hardware using the windows OS tools, until one fateful day.

You unplug the harddrive thinking you're done, when you get a windows error message: "Delayed Write Failed". Uh oh.

You've just corrupted your saved state. This is because even though vmware said it was done writing the ram out to disk, it really was still writing... this way you could still work in the background!

OK, you think -- as far as the VM is concerned, the RAM is corrupt (or rather the data stored in virtual RAM is corrupt). How can we get this back?

The easy way is to close your vm software of choice (vmware player or workstation), rename your *.vmem file (a file containing the contents of the virtual ram), and start up the virtual machine again.

It will die. You'll get a message saying the vmem file cannot be found, and there's something corrupt with the saved state... do you want to preserve or discard?

You should select "Discard", and then start up the VM again. This time it'll boot up, just like windows crashed (do you want to enter safe mode? no.). You should still have all of your data (assuming nothing was acting on the data in RAM as you were suspending, in which case you can add data loss to your list of accomplishments for the day.

I had talked in the past on how fantastic Windows Home Server is (dreams about subpoenas and warrants notwithstanding.

Here's an annoyance I just had... well, perhaps that's a bit harsh. It would be an annoyance for the true "home" user that is the target audience. I'm restoring my media pc, by replacing a hard drive that's probably a month or two from death. So I made sure there was a good backup, and swapped out the hard drive (which was in a very annoying place on my media center pc).

I pop in the home computer restore disk (the one that allows it to boot from CD, find the home server -- must have a basic network stack -- , and restore from backup), tell it that it's fine to boot from the CD, when I get a message I almost don't think twice about. Two options (paraphrased from memory):

Restore a PC that has 512mb RAM or Less

Restore a PC that has more than 512mb RAM

Is it just me, or is the separation between RAM and HD space lost to the mainstream computer user? It should just default to >512mb -- how long has a gig or more been the standard?

Working on trying to repair a friend's PC, I've encountered a hard drive so toasted, the file system is unrecognizable. The funny thing is that there's actually no "click of death" coming from the disk, but even a FIXMBR failed to recognize the old school FAT file system ("unrecoverable errors", file names that are all smiley faces (!), and my personal favorite, the reporting of the size as "10,XXX kilobytes" -- ouch!).

So I'm installing a fresh OS on the machine and giving it back as a pristine machine.... sans all saved data, documents, personal information, and settings.

Makes me feel a bit defeated....

It seems the cardspace team has been at work simplifying the user experience for Cardspace prompts. See codename "Geneva". This looks pretty good; they've even included the new Geneva server for creating managed cards, which is something I'd like to explore at some point. I'm very curious what work if any has been done to integrate OpenID in conjunction with cardspace.

I'm not sure just how far Cardspace is penetrating, as I've yet to run across a site (aside from Windows Live, and even that's in beta, and has been since at least August of 2007!), which actually uses cardspace for authentication. I have found many articles from the 2006/2007 timeframe purporting firefox 3.0 support of cardspace, however the plugins online don't show them. Windows live login requires IE to even attempt a cardspace login.

In this month's TechNet magazine the last article, by Raymond Chen told of the reasons why reboots are required after installing updates. It's not so much that windows is unable to swap out dll's that are being used, it's more a product of not needing to support parallel versions of the same dll for apps or services that are already loaded.

I've been slowly attempting to decommission our work server closet without the luxury of downtime. Couple that with the fact that my job does not specialize in server administration, and there's a single user on a Mac, and my lack of formal expertise in network administration, and it becomes a much bigger project.

Today I was quite happy to decommission yet another physical server in favor of a virtual machine. That leaves me with 3 physical machines left to take down (1 is probably going to stick around for quite a while, unfortunately), and that means I've pared down the server closet enough to allow me to move the new hardware in.

The new hardware is quite cutting-edge, with the VM's running in Hyper-V. I've been quite happy these days with our development environment. We've got immediate building going on through TeamCity and NAnt, which allow true Continuous Integration. One of my employees has created the nightly deployment script, and I've just added in another more stable build that's also triggered through TeamCity.

While upgrading home machines, my wife and I bought an upgrade machine for her that was in fact 64 bit. I figured these days that the primary hurdle had been jumped and most hardware and software supported the 64 bit vista platform. What transpired was that it was mostly true, save for Palm.  After checking (way after buying the hardware), Palm (and their OS provider "Access") are quite adamant about the lack of support for the 64 bit OS.

Specifically, this is due to the USB charging / synchronization cable, but even attempting to use a Kensington USB Bluetooth dongle failed to allow syncing the Palm with Vista 64. The return on investment is not enough to justify my continuous battle with the synching process; the current plan is for her to use our laptop to do so.

What's amazing to me however is not only that it didn't synch, but that it didn't even cross my mind to check, even after seeing the "64 bit OS installed" sticker on the machine on the Best Buy display. Clearly the platform / architecture even still has room to grow with respect to driver support!

Recently, I swapped out the last machine I had on XP, a 5 year old laptop, to Vista. I even got my wife a Vista box, and things went mostly smoothly. Until she came to me one day and said things weren't working.

I dug around for a while, and tried to get into the management console as admin, sure enough a UAC dialog beep sounded, but there was no dialog asking for elevation of privileges. That's when things went crazy -- there was no dialog, but the system was still waiting for input. The screen didn't dim with the protected desktop, and the app that was asking for permission was hung. Alt-Tab worked except for the hung tab -- but no windows/apps could be closed/exited.

I pulled out the standard tricks to combat the situation, all failures, and finally went to safe mode. Even that failed to pull up the dialog. It wasn't drivers, it wasn't registry. Then came the last straw. I restored a backup of the machine from before the problem -- it didn't work!

Gave up for a night, and the next day she mentioned: "Oh, and the date's wrong". So I figure, ok.. i'll just change the date. But you can't because it requires UAC! I was fed up and booted into BIOS to fix the date, laughing -- at least I can fix this, I thought.

The punchline?

Changing the date fixed UAC. The machine was set to a year in the future. The worst part of this is that the PC should not have known it was a year in the future... is Windows phoning home on UAC requests? What's really going on with the time/date settings?