Baltimoremick

You're gonna want that cowbell!

Tag: Microsoft (page 1 of 2)

Lync 2010 for Android – NOPE

Following the rollout at the office of upgraded instant messaging–Microsoft Lync 2010–I decided to take advantage of the cross-platform capability of the client and install it on my Android phone–my trusty Galaxy Nexus.  I would have installed it on my 2012 Nexus 7, but. much to my chagrin, there is no tablet compatible version available.  That should have been my first warning sign.

There were so many things wrong with this application, I do not know where to begin.

  • The application still appeared to be in the Android 2.3 Gingerbread style as opposed to Android 4 Holo style.  The dialog boxes and configuration menus tipped me off to this.
  • The application would throw strange errors and could never stay online.  When I would try to return to an online status, the application would throw an odd error asking to restart it.  Inevitably, I would have to “force stop” the application and restart my phone.
  • No tablet-compatible version.

After dealing with this multiple times, I had enough and uninstalled the application.  It suddenly dawned on me: Why would I want to be accessible via enterprise IM when not at work or not using remote access?

Impending Technical Choices

In the coming weeks, I have some technical choices I need to make.

  • Personal Finance Software: For years, I have used Microsoft Money.  In the last couple of years, though, I knew its days were numbered.  The official announcement of its “end of life” is here.  With this announcement, my choices are fairly limited in the realm of personal finance software: Quicken, Mint.com, or my Bank.  My thoughts on each are below, but I crave input from others.
    • Quicken: They clearly want the Money customers, and they are the oldest, biggest, and only player on the block.  There is a limitation with how much transaction data they can convert to Quicken from Money.  I also abandoned Quicken a long time ago, as I thought it getting long in the tooth–that was over 10 years ago.  They are a serious contender for my software choice, and this is primarily because I really want and desire a desktop application.
    • Mint.com: The darling of the Web 2.0 personal finance space, Mint offers a lot of the integration that I have with Money and would presumably get with Quicken.  I only have two issues with Mint.  For one, Mint.com does not yet offer any type of bill payment scheduling like I get with Quicken or Money.  The other concern–not a large one–is my fear of the “personal finance cloud.”  For someone who has a lot of information in the cloud, I seem to not be too big a fan of having my personal finance information exclusively in the cloud with no local backup.  I have to admit that I like having a piece of software that connects to my bank and keeps everything in sync.
    • My Bank: I will admit that my Bank’s online presence has greatly improved over what it was even 5 years ago.  I do make use of its online billpay feature pretty extensively, and the eBill feature is not bad at all.  Still, though, I have to admit that I crave that desktop experience.  Also, my problem with both Mint.com and My Bank, is that I have no tactile feedback for bills that are due and such.  I like having a desktop application remind me somehow.  Call me old-fashioned in that sense.
  • Virtualization Software: I have been a huge user of VMWare on my various machines through the years.  It works quite nicely, and there is a completely capable free version.  I did, however, download Sun’s VirtualBox the other day for use on my Win 7 desktop.  In my coming experiment of running Windows 3.11 on Win 7, I am looking for a free virtualization solution.  So, for the first time in a while, I am going to give VirtualBox a chance.

Looks like I get to have some fun in my spare time with these tasks in the coming weeks.  Especially since my copy of MS Money is “on the clock,” with the online services expiring in October.

Stupid Computer Tricks – Disabling Loopback for Proper Service Functioning

I am posting the incredibly detailed technical article for both posterity and my fellow administrative brethren.

Beginning late Monday afternoon, a service–TFS Deployer–that is critical to the instance of Microsoft Team Foundation Server (TFS) for which my group is responsible failed to start.  The TFS Deployer service is a community add-on for TFS.  The service listens for changes in build quality, and once it sees a change that meets a specified set of criteria, the build is deployed.  A summary of events to this point follows.

  • Maintenance on the physical host was performed on Friday, 10 July 2009.  The server had the various Microsoft hotfixes applied to it, and the server was also rebooted.
  • Unbeknownst to my team, the TFS Deployer service failed to restart once the server was restored to service.  The error in the error log was that the service had hung upon restart.  We were never alerted to the service being down, as we were not monitoring it.
  • On Monday afternoon, we started receiving inquiries into an issue with the deployer service from different application teams.
  • We investigated, and immediately discovered the service was down.  Repeated attempts to restart the service were unsuccessful.  Furthermore, no helpful diagnostic messages were received.  The service would immediately stop once it was started.

At first, I thought the problem was possible the password or the rights of the domain service account used to start the service.  The service account has rights to servers and filesystems used by the various applications housed within our TFS instance.  Unfortunately, two facts dispelled this notion as a cause of our problem.  We could login to the server console as the service account.  We also reconfigured the service to use another account with the same privileges.  Thus, password and rights are now ruled out.

Further complicating matters was that the server in our Stage environment was configured at the same patch level as the Production server.  As a sanity check, we copied and installed the TFS Deployer service to this server.  We configured the service in this environment with the same service account.  The service successfully started in this environment, but we could not make use of it without some effort in reconfiguring the deployment scripts used for different applications.  We then started digging a bit deeper into the problem.

I started looking through the event log on the server to see if there were any other glaring messages.  Of all the messages, the following entry in the Security log seemed suspicious.

Capture

As highlighted above, the characters for the Logon Process seemed strange.  Moreover, I could see a Success Audit entry for the same account before seeing two consecutive Failure Audits.  So, I put together a Google search with the information I had.  Nothing conclusive turned up, but there were consistent entries discussing around disabling a loopback check.

Essentially, a security fix applied to Windows Server 2003 implemented a loopback check.  The security fix was to prevent a reflection attack on the server.  The security fix is more fully explained at Microsoft Security Bulletin MS08-068.  The description of the issue follows.

A remote code execution vulnerability exists in the way that Microsoft Server Message Block (SMB) Protocol handles NTLM credentials when a user connects to an attacker’s SMB server. This vulnerability allows an attacker to replay the user’s credentials back to them and execute code in the context of the logged-on user. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Nonetheless, I deferred to our Infrastructure support team, and I escalated the problem in their direction.  While troubleshooting this on Tuesday, we also learned a bit more about the TFS Deployer service.  Specifically, the service has a debug mode:

TFSDeployer.exe –d

Unfortunately, it took us most of the day before we discovered this switch.  Once we ran the service with the debug switch, we discovered that the loopback security fix was preventing the service from starting up.  With that, we employed the registry fix to disable the loopback check implemented in MS08-068.  Further reflection on this would explain how the service could start without issue in our Stage environment.  The configuration was for a different server, so there would be no use of loopback in that instance.

In the interest of others who encounter this problem, below are the steps to edit the registry. As an extra precaution, we also removed the hotfix that was deployed on 10 July 2009.

  1. Click Start, click Run, type regedit in the Open box, and then click OK.
  2. Locate and then click the following subkey in the registry:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
  3. On the Edit menu, point to New, and then click DWORD Value.
  4. Type DisableLoopbackCheck for the name of the DWORD, and then press ENTER.
  5. Right-click DisableLoopbackCheck, and then click Modify.
  6. In the Value data box, type 1, and then click OK.
  7. Exit Registry Editor, and then restart the computer.

Once the computer restarted, the service successfully started.  We tested it and confirmed that deployments were working as expected.  Following that, the hotfix from 10 July was reinstalled, and the service was restarted successfully.  Clearly, the loopback check had to be disabled.

Further investigation is being performed to determine root cause.  Specifically, why did the service fail to restart if the security patch in question dates back to late last year.  The server is not behind in its patches, so we were going to investigate if a new security policy was implemented and pushed down by our Active Directory Operations team. There were still some important lessons learned from the issue resolution:

  • Ensure that monitoring for critical services is in-place.  My team dropped the ball on this front, as this service has been active for over a year.  It was only early this year, however, that we declared our TFS implementation fully ready.  The lack of monitoring has been remedied.
  • Ensure that as much documentation or links to critical documentation are available for tools used in Production that are not directly supported by the vendor.  In other words, if you are using freely available open-source or community-developed tools, be sure to have links to important documentation.  My team thought that the TFS Deployer service was custom code developed in-house.  We discovered that to not be the case, but we should have had ready links to documentation on the service to allow for easier troubleshooting. This is still pending.

While the resolution took longer than either I or the Infrastructure team we worked with would have liked, we both now know more about how this service works.

Bugged by a Bugcheck

I have had a minor problem from time to time on my home desktop.  Specifically, my desktop will sporadically reboot.  Now that I have had some time to dig into the problem, I am pretty certain I know what the culprit is.  Inspection of the event log shows the following entry.

[code]

Event Type:    Information
Event Source:    Save Dump
Event Category:    None
Event ID:    1000
Date:        10/7/2008
Time:        7:46:56 PM
User:        N/A
Computer:    JJTHOME
Description:
The computer has rebooted from a bugcheck.  The bugcheck was: 0x000000ea (0x85a33020, 0x863f9e88, 0xf7a49cbc, 0x00000001). A full dump was not saved.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
[/code]

My immediate thought was that the problem must be with a device driver, as that tends to be the case.  A quick search on MSDN turned up a list of bug codes contained in the Windows Driver Kit.  One specifically calls out the hex code in the System Log entry above–0x000000ea.  To quote the article:

This indicates that a thread in a device driver is endlessly spinning.

This usually indicates problem with the hardware itself, or with the device driver programming the hardware incorrectly. Frequently, this is the result of a bad video card or a bad display driver.

I have cranked up the debugging options on my machine to try and capture a full dump of this event.  For some strange reason, my machine is not capturing the actual dump being generated by the “Blue Screen of Death” I know is occurring.  It just reboots.  In my quest for more knowledge, I may just start hooking debuggers into my system and seeing what I can find out.

In the meantime, though, I have two plans that will bear themselves out in the near- and long-term, respectively.

  1. Visit NVIDIA and download the latest drivers available for my card, a GeForce 8600 GTDONE
  2. Revisit moving to Windows Vista on my desktop, especially now that SP1 is available and resolves a lot of early problems.

Drive-By Downloads, Apple Style!

So, like many of the unwashed masses on the Internet, I decided to update iTunes on my PC to iTunes 8.  I left my PC running the update when I left for the office, and I rebooted when I arrived home from work this evening.

Of course, yet again, Apple finds no problem in offering me the optional software of Safari for Windows–an optional piece of software whose selection checkbox is checked by default.  If I wanted to run a crappy web browser, I would willingly find a way to install Internet Explorer 4.  I was sure to uncheck that piece of optional software.

In reading some of the coverage of the post-install reports–those folks having blue screen errors and other nasty results, I came across Ed Bott’s piece on ZDNet.  His article goes into detail concerning some of the kernel mode drivers that iTunes installs–drivers known to be the root cause of BSODs on Windows.  Even better, though, was the installation of a piece of software that I was not informed of–MobileMe.  While I was not informed this was one of the packages installed by the iTunes upgrade, there is was in the list of programs available to me in Add/Remove Programs in Windows.

Wow, Apple.  It’s bad enough to attempt to foist upon me an incredibly craptacular browser experience, but now you want to install the Windows client to your “cloud service” known to not work?  For all of the haughtiness of your users and your condescending ads, you are no better than Microsoft.

Older posts

© 2017 Baltimoremick

Theme by Anders NorenUp ↑