Colin Bowern

Installing TFS 2010 on a 64-bit system

Colin Bowern — Mon, 18 May 2009 22:55:33 GMT

If you are one of the lucky ones with an MSDN subscription then as of today you can download the Visual Studio 2010 bits which includes Team Foundation Server 2010. As I blogged about yesterday the 64-bit install is both unsupported and quite involved. On the other hand things are looking up for TFS 2010. The install process was much more straight forward with the exception of a connection and data warehouse issue at the end. I have recorded the process for anyone who is looking to build a demo machine to kick the tires with. Unlike the default installation process I have chosen to install SharePoint myself. It’s just one of those things that my experience tells me to make sure it’s working before loading other stuff on top of it. Have fun with the show:

Installing TFS 2008 on a 64-bit system

Colin Bowern — Mon, 18 May 2009 02:25:38 GMT

If you like living on the wild side then this post is for you – it is out of the bounds as far as official support goes. Having realized that the world is going x64 the TFS product group made a few regrettable choices with one of them being not supporting 64-bit on the application server tier. Even though they made the choice, explained why, and confessed their regrets the good news is that you still can install it with a few extra steps. Below you will find a video of the process:

Here are the notes from that video:

Install Windows Server 2008 R2
Create a Software folder on the system drive and copy in the bits of the following to their own sub-folder:
- SQL Server 2008 Standard Edition
- SQL Server 2008 Service Pack 1
- Team Foundation Server 2008 Standard Edition
- Team Foundation Server 2008 Service Pack 1
- Visual Studio 2008 Service Pack 1
- Windows SharePoint Services 3.0 with Service Pack 2
Add .NET Framework 3.5.1 to the server
- Server Manager > Add Features > .NET Framework 3.5.1 Feature
Create a Service Account for SQL Server
- Net.exe User Service-SQL * /Add
- WmiC.exe Path Win32_UserAccount Where Name='Service-SQL' Set PasswordExpires=False
Install SQL Server 2008 Standard with Service Pack 1 Slipstream
- Command Prompt > C:\Software\SQLServer2008SP1-KB968369-x64-ENU.exe
  - Install the setup files then it will exit
- Command Prompt > C:\Software\SQLServer2008-Standard\Setup.exe /PCUSource=C:\Software\SQLServer2008-SP1
  - Select all features
  - Use the service-sql service account for all services
  - Set SQL Agent and Browser services to auto start
  - Set Mixed Mode Authentication
  - Add Administrators to SQL Server administrator
  - Add Administrators to SQL Server Analysis Services administrator
  - Use the native mode default configuration for SSRS
- Open Management Studio to verify that Service Pack 1 was installed
- Ensure we can browse to http://localhost/reports
Create a Service Account for SharePoint
- Net.exe User Service-WSS * /ADD
- WmiC.exe Path Win32_UserAccount Where Name='Service-WSS' Set PasswordExpires=False
Install Windows SharePoint Services 3.0 with Service Pack 2
- Command Prompt > C:\Software\SharePoint-3.0SP2-x64\Setup.exe
  - Advanced > Web Front End
  - Feedback tab
- Create central administration site at http://localhost:8079
  - Can't use 8080 - TFS wants it
- Add http://colin-tfs to the local intranet zone
- Create a new web application
  - Use Default Web Site
  - Use Service-WSS Application Pool Identity
  - Restart IIS Automatically
- Create a new site collection
  - Title: Team Foundation Server
  - Site Admin: Administrator
- Ensure we can browse to http://localhost
Create a Service Account for TFS
- Net.exe User Service-TFS * /ADD
- WmiC.exe Path Win32_UserAccount Where Name='Service-TFS' Set PasswordExpires=False
Install Team Foundation Server 2008 Standard with Service Pack 1 Slipstream
- Command Prompt > MSIExec.exe /A C:\Software\TFS2008-Standard\AT\VS_Setup.msi /P C:\Software\TFS2008-SP1\TFS90SP1-KB949786.msp TARGETDIR=C:\Software\TFS2008-Standard-SP1\AT
- Modify baseline.dat to remove 64-bit blocking
  - [gencomp114] > BlockorWarn=0
  - [gencomp114] > InstallOnAMD64=0
- Modify hcpackage.xml to support SQL Server 2008 Service Pack 1
  - PropertyStrValue LIKE '10.%'" action="=" count="(0" />
  - action="<" version="10.2" />
- Copy SharePoint registry key to fool TfsConfigWss.exe
  - Reg.exe Copy "HKLM\SOFTWARE\Microsoft\Shared Tools\Web Server Extensions" "HKLM\SOFTWARE\Wow6432Node\Microsoft\Shared Tools\Web Server Extensions" /S
- Command Prompt > C:\Software\TFS2008-Standard-SP1\Setup.exe
  - Use TFS Service Account (service-tfs)
  - Use existing SharePoint (http://colin-tfs:8079)
- Change application pool to 32-bit applications
  - IIS Manager > Microsoft Team Foundation Server Application Pool > Advanced Settings > Enable 32-bit Applications
  - Server > Restart
- Modify first line of tfsredirect.aspx in C:\Software\TFS2008-Standard-SP1\AT\Program Files\Common Files
  - string c_rootReportServerKey = @"Software\Wow6432Node\Microsoft\VisualStudio\9.0\TeamFoundation\ReportServer\";
- XCopy "C:\Software\TFS2008-Standard-SP1\AT\Program Files\Common Files\*.*" "C:\Program Files\Common Files" /S
Install Team Explorer 2008 with Service Pack 1
- Command Prompt > C:\Software\TFS2008-Standard\TFC\Setup.exe
- Install Visual Studio 2008 Service Pack 1 which contains Team Explorer 2008 SP1 to take care of red X on Reports
- Reboot
- Visual Studio 2008 > Tools > Connect to Team Foundation Server
- Add a new project
Change the warehouse service identity to use service-tfs
- Add service-sql to the TfsWarehouse SQL roles
- Force warehouse rebuild - http://localhost:8080/Warehouse/v1.0/warehousecontroller.asmx?op=Run
- Watch status - http://localhost:8080/Warehouse/v1.0/warehousecontroller.asmx?op=GetWarehouseStatus

Creating Control Modules for Sitefinity

Colin Bowern — Thu, 30 Apr 2009 11:02:33 GMT

As you develop your second web site and look to start sharing custom controls there is no doubt you will want to find a way to do so with ease. Sitefinity employs modules as their next step in the evolution of customization. While working to package up a few controls I put together a bare bones module to demonstrate how to use a module, explore the new SimpleControl class which has a brief mention in the documentation-by-blog, and an easy way to deploy the module.

When creating a module you derive from the Telerik.WebModule class. Once you have done so there is very little you need to implement. For the sake of our sample class we will override Name, Title, Description, and Controls properties:

public class HelloWorldModule : Telerik.WebModule
{
    #region Properties
    public override IList Controls
    {
        get
        {
            return new List(new ToolboxItem[] {
                new HelloWorldToolboxItem()
            });
        }
    }

    public override string Description
    {
        get
        {
            return "Control library demonstration";
        }
    }

    public override string Name
    {
        get
        {
            return "Hello World Controls";
        }
    }

    public override string Title
    {
        get
        {
            return "Hello World Controls";
        }
    }
    #endregion
}

The Controls property returns a list of class instances derived from the Telerik.Web.ToolboxItem class. This is used by Sitefinity to populate the page editor’s toolbox without having to explicitly define each control the web site’s web.config. The Toolbox Item is not much more than a DisplayName and Description of the item for use in the page editor view:

public class HelloWorldToolboxItem : Telerik.Web.ToolboxItem
{
    #region Constructors
    public HelloWorldToolboxItem()
        : this(typeof(HelloWorld)) { }

    public HelloWorldToolboxItem(Type type)
        : base(typeof(HelloWorld))
    {
        base.DisplayName = "Hello World!";
        base.Description = "Simple Control sample";
    }
    #endregion
}

The sample control is derived from SimpleControl which provides localization and embedded template support. We have included an embedded user control in the project which creates a label control and exposes that through our control interface:

[ToolboxItem(typeof(HelloWorldToolboxItem)),
 ToolboxData("<{0}:HelloWorld runat=\"server\" />")]
public class HelloWorld : Telerik.Cms.Web.UI.SimpleControl
{
    #region Properties
    [Bindable(true), Category("Text"), DefaultValue("Hello world!"),
     Description("Gets or sets the Label text."),]
    public string LabelText { get; set; }

    public override string LayoutTemplateName
    {
        get
        {
            return "SampleControlLibrary.HelloWorld.ascx";
        }
    }

    protected ITextControl Label1
    {
        get
        {
            return base.Container.GetControl("Label1", true);
        }
    }
    #endregion

    #region Constructor
    public HelloWorld()
    {
        LabelText = "Hello world!";
    }
    #endregion

    #region Methods
    protected override void CreateChildControls()
    {
        base.CreateChildControls();
        Label1.Text = LabelText;
    }
    #endregion
}

To make deployment easy I used the often forgotten System.Configuration.Install.Installer class which is called by the installer utility, InstallUtil.exe. The challenge with using this class is that there is very little guidance or examples of how to use it. I referred to an article on Windows Installer installation phases, which this class is loosely based upon, to guide my implementation. Below is a snippet of the Install method. In addition I have implemented Commit, Rollback, and Uninstall.

...
public override void Install(IDictionary stateSaver)
{
    if (!File.Exists(WebConfigPath))
    {
        throw new FileNotFoundException("Unable to locate web.config. Ensure that this assembly located in the web application's bin folder.", WebConfigPath);
    }

    base.Context.LogMessage(string.Format("Using web.config located at '{0}'", WebConfigPath));

    string backupConfigFile = String.Format("{0}.bak", WebConfigPath);
    File.Copy(WebConfigPath, backupConfigFile, true);
    stateSaver.Add(WebConfigPath, backupConfigFile);

    XDocument configDoc = XDocument.Load(WebConfigPath);

    base.Context.LogMessage(string.Format("Assembly contains {0} modules to register", this.AssemblyWebModules.Count));
    if (this.AssemblyWebModules.Count > 0)
    {
        XElement modulesEntry = configDoc.XPathSelectElement(".//telerik/framework/modules");
        List moduleList = modulesEntry.Descendants().ToList();

        foreach (Type module in this.AssemblyWebModules)
        {
            Regex moduleType = new Regex(string.Format("^{0}, {{0,}}{1}$", module.FullName, AssemblyName), RegexOptions.IgnoreCase);
            if (!moduleList.Exists(x => moduleType.IsMatch(x.Attribute("type").Value)))
            {
                base.Context.LogMessage(string.Format("Registering '{0}'", module.Name));
                XElement addElement = new XElement("add");
                addElement.SetAttributeValue("type", string.Format("{0}, {1}", module.FullName, AssemblyName));
                modulesEntry.Add(addElement);
            }
        }

        configDoc.Save(WebConfigPath);
    }

    base.Install(stateSaver);
}
...

That about wraps it up. Download the project source code and use it to build your own control libraries.

What I Use

Colin Bowern — Wed, 25 Mar 2009 00:29:06 GMT

The computer part of my home digital eco-system is coming to a completion point quickly. The next steps are around home automation but I thought I would take a moment to take stock on where I am at now.

I recently added a new server to get away from desktop virtualization. The new server, Metaverse, was built based on the thinking Jeff Atwood has put into a power bill friendly machine. The parts list I used is as follows:

AMD Athlon 64 X2 4850e 2.5GHz Processor
Gigabyte GA-MA78GPM-DS2H Motherboard
4x 2GB Patriot Viper DDR2-800 Memory
2x Western Digital Caviar Green Power 500GB SATA2 7.2K RPM Hard Drives (RAID1)
Western Digital Caviar Blue 500GB SATA2 7.2K RPM Hard Drive (JBOD)
LG GH22NS30 SATA DVD Writer
Silverstone Element ST50EF-SC 500W Power Supply
Silverstone Sugo SG01-F Small Form Factor Case

Metaverse runs Hyper-V Server 2008 R2 to host three servers. Freeside is a simple Remote Desktop Gateway to allow me to connect back to home without a lot of fuss. I wanted to use Windows Home Server for remote access, but the Remote Desktop Protocol (RDP) proxy port is blocked from places like the office. Remote Desktop Gateway uses the universal firewall bypass port, HTTPS (443/tcp), instead. I think it would be a good move for the Windows Home Server team to add RDP over HTTPS into the next release. Some folks have recommended using Live Mesh which has a mutant remote desktop protocol over HTTPS but it hung on my first attempt and required me to be logged in on the server which does not feel like the right thing to do. Neuromancer is the actual Windows Home Server (WHS). Overall a pretty solid release I have to say. I eagerly await a release built onto Windows Server 2008 R2 to take advantage of performance improvements, but it is not urgent right now. This server functions mainly as a file server which is backed up using Jungle Disk to the Amazon S3 service. Jungle Disk is doing well in the latest builds (running the regular client, not the older WHS client) and delivers data security at a dirt cheap price. In addition to regular files it also serves as a Subversion server running VisualSVN Server for all of my sandbox development projects. The third virtual machine is Wintermute which serves as a build server. Major bits on it include JetBrains TeamCity, Visual Studio Team Suite, SQL Server Express, TypeMock Isolator, TortoiseSVN, and TargetProcess.

Office is my main development desktop. It was the last to get upgraded to Windows 7. Beyond a few small bugs which I have sent feedback on it is pretty stable. It runs all of the development tools, along with things like Expression Suite, FeedDemon, Office, and Zune. I built it last summer out of the following:

Laptop is a Dell Inspiron E1705 that I picked up off eBay for a good deal. I have since hacked it to add an Intel Core 2 Duo T7400 processer, ATI Radeon Mobility X1400, and 7200RPM Hard Drive. It contains the basic productivity bits along with music recording bits for my Line 6 PODxt. If I had to buy a laptop again, though, I would get something smaller and lighter.

MediaCenter is connected into the television and stereo for watching movies, listening to the music collection, and viewing photos. I have tried to keep it relatively clean by adding minimal pieces like the K-Lite Codec Pack and VLC Media Player. I am disappointed with our local television providers in that they continue to use locked down set-top boxes. There is a great potential being wasted here and I do not want to play with hacky infra-red blasters to make it work. This summer I am contemplating plugging in an over-the-air (OTA) connection to pickup all of the local stations for free. But that will have to wait until the snow has melted before I get on the roof to do any sort of antenna mounting. The nice thing about this machine is that it is over five years old now and still able to keep up nicely (minus the VGA Cooler’s fan not working):

Intel Pentium 4 2.8GHz with Hyper Threading Processor
Scythe Ninja Mini Processor Cooler
ASUS P4P800 Deluxe Motherboard
4x 512MB Kingmax DDR 400 Memory
Seagate Baracudda 120GB SATA 7.2K RPM Hard Drive
ATI Radeon 9800 Pro AGP Video Card
Thermaltake Giant II Heat Pipe VGA Cooler
LG IDE DVD-ROM
Antec EarthWatts 430W PSU
nMedia HTPC 600 Case
RF Wireless Keyboard

Everything is connected together using a D-Link DGS-2205 Gigabit Ethernet switch. The internet connection is courtesy of Cogeco Cable via a Linksys WRT54GL router. I have flashed the router with Tomato firmware to get better control over the quality of service features for voice. We use voice-over-IP (VoIP) for our primary phone line which runs through a Linksys SPA 2102 phone adapter to the Primus Talk Broadband service.

One last thing you cannot forget – the Nintendo Wii. Mainly used to keep my bowling and tennis skills in shape along with entertaining friends and family when they come over.

The thing I find though with all this is that it’s up-to-date today, but tomorrow it’ll be old hat. There are already six-core processors on the horizon and memory gets cheaper by the week. Hopefully this holds for another couple of years, or until we all have a slice of computing time in the cloud.

Next steps are to start digging into home automation. I would love to be able to control the temperature in the house on a more dynamic schedule and monitor the variable utilities like power, water, and natural gas. There are a few prospects on the power monitoring front, and a store with all kinds of toys to experiment with. I have a feeling, however, that it will be a lot of slow experimentation on that front given that my expertise lies mainly in the computing side.

Iterative Blog Design

Colin Bowern — Wed, 18 Mar 2009 12:09:42 GMT

With about 24 hours of work into it I decided to put up a drop of my new blog. I am switching over to Telerik Sitefinity in an effort to really push the platform. There are a lot of changes happening as you might expect from a Telerik product. With 3.6 out the door and a major 4.0 release coming soon the documentation and patterns are still evolving. I have more on to do for this site and there are some known issues, but for now enjoy and let me know if you see any quirks.

0x80300001 - What do you mean you don't know what it is

Colin Bowern — Sat, 17 Jan 2009 21:41:00 GMT

I get that stupid feeling when I see an error message like "There was an error - 0x80300001" that I am supposed to know what that means. Even with over 15 years of experience in the IT industry I still, however, have failed to develop some sort of mind reading skill to figure out these really obscure error messages. I remember walking around the Microsoft campus during my tenure there and seeing a poster that had a picture of a blue screen along with a caption that read something to the effect of "if your mom cannot figure this out what makes you think it is a good error message?". I think we need to all remember that sometimes and here's a great example of one of those that I recently hit while loading up Hyper-V Server 2008 R2 beta (also trying Windows 7 x64 beta):

Windows is unable to install to the selected location. Error: 0x80300001.

I scratched my head for a bit. This was a brand new system running a Gigabyte GA-MA78GPM-DS2H board with on-board RAID support. I configured the BIOS to use SATA ports as RAID, created the RAID array in the BIOS - this should just work, no? Apparently the message was a bit of a misdirection after doing some more poking around. I checked the setupact.log which resides on X:\Windows\Panther for clues. It had some red herring messages about not being able to find the install.wim file. I eventually figured it out, but I maintain that the error message gives me no indication that this was the next step:

Insert the install DVD
Boot into the setup process
Get to the point where you need to select a partition and click Load Driver
Insert driver DVD
Locate the storage driver, in my case the AMD AHCI Compatible RAID Controller
Notice the message "Windows cannot be installed on this disk. (Show details)" at the bottom
Insert the install DVD back into the drive
Expand the advanced drive options
Create a New partition consuming some amount of space, in my case all of it
Windows says it had to do some funky stuff, click OK
Notice that there is a 200MB system partition and a new primary partition
Select the new primary partition and click Next

From there setup will continue, life will be good, and you can enjoy RAID (and probably AHCI) support on your system.

Diagnosing the Unknown Alias problem in SharePoint

Colin Bowern — Tue, 26 Feb 2008 10:49:00 GMT

My frustraition with a product that is, in theory, action packed, but faultering in execution continues - this time it is incoming email. A well behaved mail gateway should return a non-delivery receipt if it is unable to deliver email, it's common courtesy. SharePoint, both Windows SharePoint Services and Office SharePoint Service, seems to take exception to this idea. As an IT guy it is the most frustraiting thing to see a module that was slapped together with little regard to proper protocol behaviour. My frustration started when email enabled lists just stopped capturing email randomly. I am not alone in this frustration either, there are clearly others yet not a peep from Microsoft:

Comments on Todd Klindt's article Incoming Email in SharePoint v3
Posting on SharePointU.com
Multiple postings in the SharePoint newsgroups 1, 2, 3, 4
... and even a post on the TechNet forums as well as mine.

The SPTimer service polls the SMTP drop folder on a regular basis to look for incoming messages. When the message is picked up it is read in and the alias appears to be cross referenced against an EmailEnabledLists table. I was tipped off to this by a post on the SharePoint newsgroup. If the logging verbosity is set and the alias is not found it will log an Unknown Alias error to both the event log and the trace logs:

Type:		Warning
Date:		2/26/2008
Time:		8:42:30 AM
Event:		6873
Source:		Windows SharePoint Services 3
Category:	E-Mail
User:		N/A
Description:
An error occurred while processing the incoming e-mail file
D:\SMTP\Drop\54f3fb0601c8787d0000024f.eml. The error was: Unknown alias..

Along with the following event:

Type:		Information
Date:		2/26/2008
Time:		8:42:30 AM
Event:		6871
Source:		Windows SharePoint Services 3
Category:	E-Mail
User:		N/A
Description:
The Incoming E-Mail service has completed a batch.  The elapsed time was 00:00:00.0156256.
The service processed 1 message(s) in total.


Errors occurred processing 1 message(s):

Message ID: <SERVERxiDd9D9DQVXwR100000a19@domain>

 The following aliases were unknown:
 mylist

After poking around in the database to see if I could find any hints as to why this functionality decided to stop all of a sudden. Running the following query on each content database gave me a dump of the email aliases that each list was configured against:

SELECT 	    tp_EmailAlias as EmailAlias,
            SiteId,
            tp_WebId AS WebId,
            tp_Id as ListId
FROM        AllLists
INNER JOIN  Webs ON AllLists.tp_WebId = Webs.Id
WHERE       tp_EmailAlias IS NOT NULL

Cross referencing the results with the EmailEnabledLists table I was able to find that there were some, no, a lot of missing rows. Something was deleting my email enabled lists. At this point I don't know what, but it smells like a bug. In the mean time I have created a script to re-populate the configuration database table based on the content databases.

SET NOCOUNT ON
IF OBJECT_ID('tempdb..#EmailEnabledLists') IS NOT NULL
BEGIN
   DROP TABLE #EmailEnabledLists
END

CREATE TABLE #EmailEnabledLists (
    Alias   NVARCHAR(128) NOT NULL,
    SiteId  UNIQUEIDENTIFIER NOT NULL,
    WebId   UNIQUEIDENTIFIER NOT NULL,
    ListId  UNIQUEIDENTIFIER NOT NULL)

-- TODO: Insert your SharePoint Content Database Names into the Set
DECLARE DatabaseCursor CURSOR FOR
    SELECT  [Name]
    FROM    master.[sys].databases
    WHERE   [State] = 0 AND -- State = Online
            [Name] IN ('SharePoint_ContentDatabase1', 'SharePoint_ContentDatabase2')
    ORDER BY [Name]
OPEN DatabaseCursor

DECLARE @DatabaseName VARCHAR(128)
FETCH NEXT FROM DatabaseCursor INTO @DatabaseName
WHILE @@FETCH_STATUS = 0
BEGIN

    DECLARE @Command NVARCHAR(4000)
    SET @Command =
        N'USE [' + @DatabaseName + '];' + 
        N'INSERT INTO #EmailEnabledLists (Alias, SiteId, WebId, ListId) ' +
        N'SELECT  ' +
        N'    tp_EmailAlias as Alias, ' +
        N'    SiteId, ' +
        N'    tp_WebId AS WebId, ' +
        N'    tp_Id as ListId ' +
        N'FROM ' +
        N'    AllLists ' +
        N'    INNER JOIN  ' +
        N'        Webs ' +
        N'    ON      AllLists.tp_WebId = Webs.Id ' +
        N'    WHERE   tp_EmailAlias IS NOT NULL'
    EXEC sp_executesql @Command
    
    FETCH NEXT FROM DatabaseCursor INTO @DatabaseName
END
CLOSE DatabaseCursor
DEALLOCATE DatabaseCursor

-- TODO: Insert your SharePoint Configuration Database Name
USE [SharePoint_Config]

DECLARE AliasCursor CURSOR FOR
    SELECT  [Alias]
    FROM    #EmailEnabledLists
    ORDER BY [Alias]
OPEN AliasCursor

DECLARE @AliasName NVARCHAR(128)
FETCH NEXT FROM AliasCursor INTO @AliasName
WHILE @@FETCH_STATUS = 0
BEGIN
    IF(NOT EXISTS (SELECT Alias FROM dbo.EmailEnabledLists WHERE Alias = @AliasName))
    BEGIN
        DECLARE @SiteId UNIQUEIDENTIFIER
        DECLARE @WebId UNIQUEIDENTIFIER
        DECLARE @ListId UNIQUEIDENTIFIER

        SELECT  @SiteId = SiteId,
                @WebId = WebId,
                @ListId = ListId
        FROM    #EmailEnabledLists

        PRINT 'Inserting ' + @AliasName
        INSERT  dbo.EmailEnabledLists
                (Alias, SiteId, WebId, ListId, [Deleted])
        VALUES  (@AliasName, @SiteId, @WebId, @ListId, 'FALSE')
    END

    FETCH NEXT FROM AliasCursor INTO @AliasName
END
CLOSE AliasCursor
DEALLOCATE AliasCursor

IF OBJECT_ID('tempdb..#EmailEnabledLists') IS NOT NULL
BEGIN
   DROP TABLE #EmailEnabledLists
END

Now the million dollar question - what is the root cause? If I had time I would setup a trigger on the EmailEnabledLists table to notify me when something is deleted to get an idea of time frame and then use SQL Profiler to watch that process to see what the calls looks like and where they are coming from. Better yet, maybe some folks from the SharePoint team can chime in and share some more to help us understand the quirks of a product struggling for stability in the face of mass adoption.

UPDATE (24-Mar-08): Linked to my TechNet forums post as well, but no further progress. Looking into the Microsoft.SharePoint.Administration.SPEmailEngine class with Reflector I cannot see any code to generate NDRs either.

Importing Multiple Certificates

Colin Bowern — Sat, 09 Feb 2008 12:56:00 GMT

Through a recent migration we needed to move a large number of SSL certificates. After spending a lot of time exporting through the GUI we really did not feel like importing them by hand too. CertUtil came in hand to help us

CertUtil.exe -importPFX domain.com-YYMMDD.pfx "NoExport,AT_KEYEXCHANGE" < keypassword.txt

The bonus is being able to pipe in the certificate password from a text file to save typing it for each time it is executed. As of Service Pack 1 on Windows Server 2003 you can mark the private key as non-exportable.

Compressing IIS and Windows Media Server Logs with PowerShell

Colin Bowern — Thu, 31 Jan 2008 14:04:00 GMT

The PowerShell Community Extensions Project shipped a Write-GZip cmdlet which made me think that it's time to re-write the trusty CompressLogFiles.vbs file I've been using for a while. After grappling with the square brackets in the WMS [Global] folder I think I finally have a viable solution. Since many folks have IIS servers with logs rolling daily here's a great way to cut down on disk space (maybe I'll look at writing a module for IIS 7 next month to hook into the log rolling):

#===========================================================================
# Compress all log files older than today within a directory structure.
#===========================================================================
# Syntax: Compress-LogFiles.ps1 {LogPath}
#===========================================================================
# Revision History:
#   1.0 - 31-Jan-08 - Initial creation.
#                   - Colin Bowern
#===========================================================================
# Stop the script in the event of an error
$ErrorActionPreference = "Stop";
trap [System.Exception]
{
    Write-Host $_.Exception.ToString();
    
    $EventLog = New-Object System.Diagnostics.EventLog
    $EventLog.Set_Log("Windows PowerShell")
    $EventLog.Set_Source("PowerShell")
    $EventLog.WriteEntry($_.Exception.ToString(), "Error")
}

# Load Dependencies
if (!(Test-Path Variable:__PscxProfileRanOnce))
{
    Write-Error "PowerShell Community Extensions is required for this script.";
}

# Parse Command Line Arguments
if($args.length -ne 1)
{
    Write-Host "NAME";
    Write-Host "    Compress-LogFiles.ps1";
    Write-Host "";
    Write-Host "SYNOPSIS";
    Write-Host "    Compress all log files older than today within a directory structure.";
    Write-Host "";
    Write-Host "SYNTAX";
    Write-Host "    Compress-LogFiles.ps1 {LogPath}";
    Write-Host "";
    Write-Host "EXAMPLE";
    Write-Host "    Compress-LogFiles.ps1 D:\LogFiles";
    Write-Host "";
    $ErrorActionPreference = "ContinueSilent";
    Write-Error "Invalid number of command line arguments." -Category SyntaxError;
    Break;
}

$LogPath = $args[0];

#===========================================================================
# For Each *.log File in $LogPath

$IISLogFileToday = [String]::Format("ex{0}.log", [DateTime]::Now.ToString("yyyyMMdd"));
$WMSLogFileToday = [String]::Format("wms_{0}.log", [DateTime]::Now.ToString("yyyyMMdd"));

[array]$LogFiles = Get-ChildItem -Path $LogPath -Recurse -Include "ex*.log",
	"wms*.log", "````[Global````]" -Exclude $IISLogFileToday, $WMSLogFileToday,
	"httperr*.log", "httperr"

if($LogFiles.Count -gt 0)
{
    $Index = 0;
    foreach ($LogFile in $LogFiles)
    {
        Write-Progress -Id 1 -activity "Compressing Files" -status $LogFile.FullName
			-percentComplete($Index / $LogFiles.Count * 100);
        if(Test-Path ("{0}.gz" -f ([Management.Automation.WildcardPattern]::Escape($LogFile.FullName))))
        {
			Write-Error "Destination file already exists." -Category ResourceExists;
		}
        Write-GZip ([Management.Automation.WildcardPattern]::Escape($LogFile.FullName)) -Level 9;
        if(Test-Path ("{0}.gz" -f ([Management.Automation.WildcardPattern]::Escape($LogFile.FullName))))
        {
            Remove-Item ([Management.Automation.WildcardPattern]::Escape($LogFile.FullName))
        }
        $Index += 1;
    }
}
else
{
	Write-Host "There were no log files found that required processing.";
}
#===========================================================================

Troubleshooting RPC across Firewalls (or, what the developers forgot to explain)

Colin Bowern — Sun, 27 Jan 2008 14:13:00 GMT

Applications that want to talk to other servers will often use the Remote Procedure Call (RPC) infrastructure to communicate instead of inventing their own protocol. From an IT perspective this is a pain because we like known protocols with defined ports. From a development perspective this is nice because we don't want to write more code than we have to. More modern applications are going to take advantage of technologies like Windows Communications Foundation (WCF) which enables administrators to configure how the applications will talk, including the transport protocol (e.g. TCP, HTTP, custom protocols), along with the transport-specific properties (e.g. ports). While we wait for the uptake on WCF we will likely be stuck with RPC-based applications for quite some time. With that being the case it is best to understand how RPC works and the implications brought forth by firewalls.

I've read very few good explanations for RPC that a typical systems administrator would understand (read: without the developer-speak), so here goes:

The client application opens up a dynamic outbound port and makes a call to the server's RPC Endpoint Mapper. There are several ways that you can talk to the endpoint mapper:
- Local RPC - it just connects
- Named Pipes - \pipe\epmapper
- TCP - Port 135/tcp
- UDP - Port 135/udp
- HTTP - Port 593/tcp
The RPC Endpoint Mapper processes the request for access to the application. It will handle authentication (the details about it are on MSDN), and a number of provisioning processes. The server-side service will be launched using either its own custom container (e.g. WMI on Windows Vista and later uses %SYSTEMROOT%\SYSTEM32\WBEM\UnSecApp.exe, Windows Media Server uses %SYSTEMROOT%\SYSTEM32\Windows Media\Server\WMServer.exe), dllhost.exe (which really sucks as noted by Rob Gruen), or svchost.exe.
With the service launched on the server side it will then tell the client that it needs to continue the conversation with the service on a specific port. This port will be located in the 1024+ range on most Windows machines, however in Windows Vista and Windows Server 2008 this is now 49152 - 65535 by default. If you are stuck on older versions of Windows, here's some more ammo to get that upgrade going. In the mean time I would recommend that you at least take a look at setting a specific RPC endpoint range.
The client will continue its conversation with the service it needed on the port returned by the endpoint mapper. You can see all of this happening using NETSTAT -B:

Proto  Local Address        Foreign Address      State
TCP    192.168.0.111:135    192.168.0.110:49228  ESTABLISHED
RpcSs
[Svchost.exe]
TCP    192.168.0.111:49153  192.168.0.110:49228  ESTABLISHED
[Dllhost.exe]

The output shows you the client is communicating from port 49228 to 135/tcp, and subsequently established a connection to the service on port 49153 to a service which uses dllhost.exe as a container. Note that the SvcHost.exe exposes what service it is exposing through the port (more on that in a minute).

Most administrators and security professionals get anxious when a service is dynamically allocating random ports in a large range. This really goes against the grain of well known ports that have specific purposes that they can lock down. As a result of the uproar several services like NTDS, Netlogon, and FRS (don't forget the DFSRDiag StaticRPC port noted in KB823017 under Distributed File Replication Service) have enabled you to specify static endpoints. This isn't something new, if the application uses Distributed COM (DCOM) then there is already an option to lock the application to a specific endpoint. Making these changes on an application that hasn't been tested with it though could bring unanticipated results, so consult your application vendor before going hog wild in the Component Services management console.

I would argue that even though ports can be locked down that unless your firewall does deep packet inspection (this is where your choice of ISA Server pays off, even though it can be painful to configure)all I need to know is how to launch a service using that port to get around your firewall (port 80 comes to mind as a favourite port to launch a service under). This deep packet inspection is exactly what Windows Firewall with Advanced Security offers in Windows Vista and Windows Server 2008. After troubleshooting a problem with remotely administering IIS on Server Core recently I noticed that the out-of-the-box firewall has added a nifty RPC packet inspection layer. Hopefully we will see IIS product group take up the use of SvcHost or a custom container soon. In the mean time here is an example of a rule group that, when enabled, will allow you to remotely manage Task Scheduler:

Rule Name:      Remote Scheduled Tasks Management (RPC-EPMAP)
-------------------------------------------------------------------
Description:    Inbound rule for the RPCSS service to allow RPC/TCP
                traffic for the Task Scheduler service.
Enabled:        No
Direction:      In
Profiles:       Domain,Private,Public
Grouping:       Remote Scheduled Tasks Management
LocalIP:        Any
RemoteIP:       Any
Protocol:       TCP
LocalPort:      RPC-EPMap
RemotePort:     Any
Edge traversal: No
Program:        C:\Windows\system32\svchost.exe
Service:        RPCSS
InterfaceTypes: Any
Security:       NotRequired
Action:         Allow

Rule Name:      Remote Scheduled Tasks Management (RPC)
-------------------------------------------------------------------
Description:    Inbound rule for the Task Scheduler service to be
                remotely managed via RPC/TCP.
Enabled:        No
Direction:      In
Profiles:       Domain,Private,Public
Grouping:       Remote Scheduled Tasks Management
LocalIP:        Any
RemoteIP:       Any
Protocol:       TCP
LocalPort:      RPC
RemotePort:     Any
Edge traversal: No
Program:        C:\Windows\system32\svchost.exe
Service:        schedule
InterfaceTypes: Any
Security:       NotRequired
Action:         Allow

In the above example you can see that the first call will come into SvcHost.exe which hosts the RPC EndPoint Mapper (noted as Service = RPCSS, LocalPort = RPC-EPMap). The subsequent calls will be to a dynamic RPC endpoint, defined in the second protocol, hosted by SvcHost.exe called Schedule. Now here's the bad part - it appears to only work for services hosted by SvcHost.exe. If the service uses DLLHost.exe then you are out of luck. If you have a custom container then you can just lock down to that already - no need to worry.

UPDATE

Earlier in the post I referred to an issue managing IIS on Server Core using the Microsoft.Web.Administration assembly. This was what got me started down the path and why I wrote this post. My conclusion was to add a firewall exception for dllhost.exe to allow remote procedure calls to connect with it. Simple enough you might think, but this does open up a whole host of potential security issues. Mike Volodarsky from the IIS product group has taken the problem away to the configuration team to come up with an official solution. In his post he mentioned that the AHAdmin component was the one we were communicating with. That got me thinking - how would I have figured that out on my own? That leads us to part two of this saga - how to determine which component DllHost is representing.

After running NETSTAT -B I was able to see my RPC endpoint mapped to DllHost.exe. Opening the firewall to that particular container leaves the a lot exposed to the world, so I really want to lock it down. Earlier in the post I mentioned that you can lock down DCOM objects, the trick is to know which one to lock down. Since COM has some restrictions like length of object names coupled with developer habits of choosing the most acronym loaded names it is not easy to figure out which component it is that you need to lock down. I set PowerShell on an infinite loop to make calls to my RPC endpoint to ensure it stayed alive during this investigation. NETSTAT -B gave me some clues to look for in the RPC endpoint port number. The next tool I pulled out was Process Explorer. Thankfully it works on Server Core (I think I would be lost sometimes without this tool). Sorting the process list by name allowed me to locate instances of DllHost.exe quickly. Opening up the properties I clicked on the TCP/IP tab to confirm that it was indeed the instance I wanted based on the ports on which the process was bound. Clicking back to the Image tab the magic missing link in the Command Line text box:

DllHost.exe /Processid:{9FA5C497-F46D-447F-8011-05D03D7D7DDC}

Using this piece of information I opened up the Registry Editor, went to HKEY_CLASSES_ROOT\AppID as indicated in the KB217351, and located the GUID from the command-line. This lead me to the AHAdmin object which appears to be the object being remotely instantiated (now Mike had given this away in his post, but the story sounds much more dramatic if you put that to the side for a second). I inserted the Endpoints value into the GUID key as per the KB article, and restarted the server, and kicked off my PowerShell script calls once again. This time NETSTAT -B gave me a different result - it was now using my static RPC endpoint! With that now in place I updated my new firewall rules and made some security folks very happy:

NetSh AdvFirewall Firewall Add Rule Name="Remote Web Server Management (RPC)" Dir=In Action=Allow Program="C:\WINDOWS\SYSTEM32\dllhost.exe" Protocol=TCP LocalPort=49494 
NetSh AdvFirewall Firewall Add Rule Name="Remote Web Server Management (RPC-EPMap)" Dir=In Action=Allow Program="C:\WINDOWS\SYSTEM32\SvcHost.exe" Service=RPCSS Protocol=TCP LocalPort=RPC-EPMap

Now I'm left waiting to see if I messed anything up. Setting a static endpoint could have dire consequences depending on how the application is written. Since AHAdmin is a black box I'll wait for the product group to provide some more official guidance on securing the service. In the meantime the new knowledge around tracing RPC calls form client to server to object is a handy one that has helped me confirm the problem and identify a potential solution.

Locking Down DFS for Windows Firewall

Colin Bowern — Fri, 25 Jan 2008 00:54:00 GMT

Most system administrators are becoming acutely aware of port usage on their servers. The security focus is telling us we need to lock things down by default. Turning Windows Firewall on for your servers will certainly do that. For DFS there is some scattered documented things I wanted to share about locking it down.

Distributed File System (DFS) uses File Replication Services (FRS) which in turn uses Remote Procedure Calls (RPC). RPC uses 135/tcp as the contact point for services to say hello on, known as the Endpoint Mapper. From there RPC directs you to a dynamic port known as an RPC Endpoint. For those of us who hate the idea you can constrain RPC to a range using RPCCfg.exe. It still means ports are dynamic, but now they are constrained. It would be nice to do better than a dynamic port in a range. That is where a registry key and DFSRDiag comes in with the StaticRPC option. Buried in the KB832017 is a reference to the fact that you can set DFS replication to use a static RPC endpoint. After adding the registry key and running that tool you should be able to see some tangible results using RPCDump:

10.0.0.1[4998] [d049b186-814f-11d1-9a3c-00c04fc9b232] NtFrs API :NOT_PINGED

10.0.0.1[4998] [f5cc59b4-4264-101a-8c59-08002b2f8426] NtFrs Service :NOT_PINGED

10.0.0.1[4999] [897e2e5f-93f3-4376-9c9c-fd2277495c27] Frs2 Service :NOT_PINGED

(The IP addresses and port numbers have been changed to protect the innocent) From here on in all you need to do is open those ports on your firewall and DFS should start flowing.

Retrieving the Current User's Active Directory Object

Colin Bowern — Fri, 09 Nov 2007 17:32:00 GMT

If you are writing a program that leverages Active Directory then there may be times where you want to retrieve the current user's AD object. It can be handy for situations where you need the user's email address, account information, or some other piece of data stored in the directory. Below is a code snippet to retrieve the current user object as well as translate an NT domain name into a distinguished name all through managed code (as opposed to DsCrackNames which uses RPC and interop).

public static DirectoryEntry CurrentUser
{
    get
    {
        string[] currentUserName = WindowsIdentity.GetCurrent().Name.Split('\\');
        string domainDistinguishedName = GetDistinguishedName(currentUserName[0]);

        DirectoryEntry domain = new DirectoryEntry("LDAP://" + domainDistinguishedName);
        DirectorySearcher searcher = new DirectorySearcher(domain,
            String.Format("(sAMAccountName={0})", currentUserName[1]));

        SearchResult result = searcher.FindOne();
        DirectoryEntry currentUser = null;
        if (result != null)
        {
            currentUser = result.GetDirectoryEntry();
        }

        return currentUser;
    }
}

public static string GetDistinguishedName(string netbiosName)
{
    if (string.IsNullOrEmpty(netbiosName))
    {
        throw new ArgumentNullException("netbiosName");
    }
    if (!Regex.IsMatch(netbiosName, @"^[-\w]{1,15}$"))
    {
        throw new ArgumentException("Invalid NetBIOS domain name format. Domain name should be a maximum of 15 alphanumeric characters (including dashes).", "netbiosName");
    }

    DirectoryEntry globalCatalog = new DirectoryEntry("LDAP://RootDSE");
    string configurationPath = (string)globalCatalog.Properties["configurationNamingContext"].Value;

    DirectoryEntry partitions = new DirectoryEntry("LDAP://CN=Partitions," + configurationPath);

    DirectorySearcher searcher = new DirectorySearcher(partitions,
        String.Format("(&(objectClass=crossRef)(nETBIOSName={0}))", netbiosName),
        new string[] { "nCName" },
        SearchScope.OneLevel);
    SearchResult result = searcher.FindOne();

    string distinguishedName = null;
    if (result != null)
    {
        distinguishedName = result.Properties["nCName"][0] as string;
    }
    return distinguishedName;
}

From there you can easily retrieve the user's email address:

Console.WriteLine(CurrentUser.Properties["mail"].Value as string);

Enjoy!

Create Document Libraries and Folders in SharePoint using PowerShell

Colin Bowern — Wed, 29 Aug 2007 18:02:00 GMT

If you have not used PowerShell let me show you a nifty little script that saved hours of repetitive clicking through usability challenged tools (aka SharePoint Designer):

System.Reflection.Assembly]::Load("Microsoft.SharePoint, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c");
$site = new-object Microsoft.SharePoint.SPSite("http://myweb");
$siteweb = $site.OpenWeb();
$webs = $siteweb.Webs;
foreach($web in $webs)
{
    Write-Host $web.Title;
    $listtemplate = $web.ListTemplates["Document Library"];
    $listId = $web.Lists.Add("ShortName", "", $listtemplate);
    $list = $web.Lists.GetList($listId, $true);
    $list.Title = "Long Descriptive Title";
    $list.OnQuickLaunch = $True;
    $folder = $list.Folders.Add("", [Microsoft.SharePoint.SPFileSystemObjectType]::Folder, "SubFolder1");
    $folder.Update();
    $list.Update();
}

This script will cycle through all of the sub-webs in a SharePoint site, add a new document library, and sub-folder to that library. While it does not sound like a difficult task, going through either the web-based interface or the SharePoint Designer interface is quite mundane. There are a bunch of unnecessary clicks that, thanks to a UI that has no consideration for repetitive or advanced usage, make the process painful at best.

It is a shame there is not more emphasis on managing SharePoint through PowerShell. There is a lot of opportunity to build cmdlets that would have made the above all so much cleaner. The Exchange Server team managed to do this with success. Speaking as a user, developer, and IT Professional, I would rather have seen something like Excel Services ship as an out-of-band release in favour of having better migration, management tools, and complete documentation. For some more tips and tricks check out Colin Bryne's blog for a few other samples.

BUG: Exchange Server 2007 rewrites Secondary Email Addresses when using POP3/IMAP

Colin Bowern — Tue, 28 Aug 2007 12:31:00 GMT

If you are using Exchange Server 2007 to receive mail addressed to multiple email addresses you might have noticed that when using POP3/IMAP that the address is not preserved. If you are running Exchange Server 2003 and have an application that depends on secondary email addressing take note. For example:

Mailbox primary SMTP address is colin(at)rockstarguys.com
Mailbox secondary email address is webmaster(at)rockstarguys.com

If you send a message to webmaster(at)rockstarguys.com you will see one of two results:

Using a MAPI client the message will be addressed to webmaster(at)rockstarguys.com as it should
Using a POP3/IMAP client the message will be addressed to colin(at)rockstarguys.com with no sign of the original To address.

To further validate this behaviour if you look at the message headers you will see that the same message has two different sets of headers:

Outlook	POP3/IMAP
Received: from Pickup by mailserver.mydomain.net with Microsoft SMTP Server id 8.0.730.1; Tue, 21 Aug 2007 20:39:26 +0000 Message-ID: <AC754B3E95C1445FBAB321EB67733EDF@mydomain.net> From: Colin Bowern <colinbowern(at)hotmail.com> To: <webmaster(at)rockstarguys.com> Subject: test Date: Fri, 3 Aug 2007 16:26:51 -0400 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0005_01C7D5EB.18B22F30" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Windows Mail 6.0.6000.16480 X-MimeOLE: Produced By Microsoft MimeOLE V6.0.6000.16480 Return-Path: colinbowern(at)rockstarguys.com	Received: from Pickup by mailserver.mydomain.net with Microsoft SMTP Server id 8.0.730.1; Tue, 21 Aug 2007 20:39:26 +0000 From: Colin Bowern <colinbowern@hotmail.com> To: <colin@rockstarguys.com> Date: Fri, 3 Aug 2007 16:26:51 -0400 Subject: test Thread-Topic: test Thread-Index: AcfkM10x5WZAtGtVSZuvcZqm0xUwAw== Message-ID: <AC754B3E95C1445FBAB321EB67733EDF@mydomain.net> Accept-Language: en-US Content-Language: en-US X-MS-Exchange-Organization-AuthAs: Anonymous X-MS-Exchange-Organization-AuthSource: mailserver.mydomain.net X-MS-Has-Attach: X-MS-TNEF-Correlator: Content-Type: multipart/alternative; boundary="_000_AC754B3E95C1445FBAB321EB67733EDF mydomainnet_" MIME-Version: 1.0

Outlook

POP3/IMAP

Received: from Pickup by mailserver.mydomain.net with Microsoft SMTP Server id 8.0.730.1; Tue, 21 Aug 2007 20:39:26 +0000
Message-ID: <AC754B3E95C1445FBAB321EB67733EDF@mydomain.net>
From: Colin Bowern <colinbowern(at)hotmail.com>
To: <webmaster(at)rockstarguys.com>
Subject: test
Date: Fri, 3 Aug 2007 16:26:51 -0400
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_0005_01C7D5EB.18B22F30"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Windows Mail 6.0.6000.16480
X-MimeOLE: Produced By Microsoft MimeOLE V6.0.6000.16480
Return-Path: colinbowern(at)rockstarguys.com

Received: from Pickup by mailserver.mydomain.net with Microsoft SMTP Server id 8.0.730.1; Tue, 21 Aug 2007 20:39:26 +0000
From: Colin Bowern <colinbowern@hotmail.com>
To: <colin@rockstarguys.com>
Date: Fri, 3 Aug 2007 16:26:51 -0400
Subject: test
Thread-Topic: test
Thread-Index: AcfkM10x5WZAtGtVSZuvcZqm0xUwAw==
Message-ID: <AC754B3E95C1445FBAB321EB67733EDF@mydomain.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Exchange-Organization-AuthAs: Anonymous
X-MS-Exchange-Organization-AuthSource: mailserver.mydomain.net
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Content-Type: multipart/alternative; boundary="_000_AC754B3E95C1445FBAB321EB67733EDF
mydomainnet_"
MIME-Version: 1.0

With no response on the TechNet forums, or MSExchange.org I opened a case with PSS to get a hot fix (case SRZ070803000378 for those who are seeing similar issues). The problem now is that I'm told that it will take two to three months to get a hot fix, probably after Service Pack 1 is released. That will only happen after the bug has been accepted which could take another couple of weeks. Argh.

Bumping the CD/DVD drive letter in Windows PE

Colin Bowern — Sun, 01 Jul 2007 15:31:00 GMT

While slogging through automating my development workstation build I found the need to have a script that bumps the CD/DVD drive letter allocations up one so I could put a partition in its place. It seems like a useful script for those situations where you might need it so I thought I would post it:

'===========================================================================
' Bumps the CD/DVD drive letter to the next available drive letter.
'===========================================================================
' Syntax: BumpCDDriveLetter.vbs
'===========================================================================
' Errorlevels:
'   0: Success
'   1: Invalid command line.
'   2: Unable to find any volumes.
'   3: Unable to remove existing volume mount point.
'   4: Unable to create new volume mount point.
'===========================================================================
' Revision History:
'   1.0 - 01-Jul-07 - Initial creation.
'                   - Colin Bowern (colin.bowern@officialcommunity.com)
'===========================================================================

Option Explicit

Const EVENT_SUCCESS = 0
Const EVENT_ERROR = 1
Const EVENT_WARNING = 2
Const EVENT_INFORMATION = 4

Const MountVolPath = """%SYSTEMROOT%\System32\MountVol.exe"""

If WScript.Arguments.Count <> 0 Then
    WScript.Echo "Syntax: " & WScript.ScriptName
    WScript.Quit 1
End If

Dim shell, fileSystem, wmiService, diskVolumes, diskVolume, mountPoints, _
    mountPointCount, returnCode, commandLine
Set shell = CreateObject("WScript.Shell")
Set fileSystem = CreateObject("Scripting.FileSystemObject")
Set wmiService = GetObject("winmgmts://.\root\CIMV2")
returnCode = 0
mountPointCount = 0

Set diskVolumes = wmiService.ExecQuery("SELECT * FROM Win32_Volume WHERE DriveType = '5'")
For Each diskVolume in diskVolumes
    Dim mountVolReturnCode, newDriveLetter
    newDriveLetter = GetNextAvailableDriveLetter(diskVolume.DriveLetter)
    commandLine = MountVolPath & " " & diskVolume.DriveLetter & " /d"
    mountVolReturnCode = shell.Run(commandLine, 0, True)
    If mountVolReturnCode = 0 Then
        commandLine = MountVolPath & " " & newDriveLetter & ": " & diskVolume.DeviceId
        mountVolReturnCode = shell.Run(commandLine, 0, True)
        If mountVolReturnCode = 0 Then
            mountPoints = mountPoints & diskVolume.DriveLetter & _
                " (" & diskVolume.DeviceId & ") changed to " & _
                newDriveLetter & ":" & vbCrLf
            mountPointCount = mountPointCount + 1
        Else
            LogEvent EVENT_ERROR, "Error creating new volume mount point: " & _
                mountVolReturnCode
            SetReturnCode 4
        End If
    Else
        LogEvent EVENT_ERROR, "Error removing existing volume mount point: " & _
            mountVolReturnCode
        SetReturnCode 3
    End If
Next

If mountPointCount > 0 Then
    LogEvent EVENT_SUCCESS, "Processed the following " & mountPointCount & _
        " volume(s):" & vbCrLf & mountPoints
Else
    LogEvent EVENT_INFORMATION, "No volume(s) were modified."
    SetReturnCode 2
End If


WScript.Quit returnCode

'---------------------------------------------------------------------------
' Log an event to the Event Log and Console
'---------------------------------------------------------------------------
Sub LogEvent(eventType, message)
    ' Event logs not supported by Windows PE, Windows PE starts on X: by default
    If shell.ExpandEnvironmentStrings("%SystemDrive%") <> "X:" Then
        shell.LogEvent eventType, "[" & WScript.ScriptName & "] " & message
    End If
    WScript.Echo "[" & FormatDateTime(Now, vbGeneralDate) & "] " & message
End Sub

'---------------------------------------------------------------------------
' Set the return code to the highest possible value.
'---------------------------------------------------------------------------
Sub SetReturnCode(newReturnCode)
    If returnCode < newReturnCode Then
        returnCode = newReturnCode
    End If
End Sub

'---------------------------------------------------------------------------
' Return the next available drive letter.
'---------------------------------------------------------------------------
Function GetNextAvailableDriveLetter(startingLetter)
    GetNextAvailableDriveLetter = Chr(Asc(UCase(startingLetter)) + 1)
    Do Until Not fileSystem.DriveExists(GetNextAvailableDriveLetter)
        If GetNextAvailableDriveLetter = "Z" Then
            GetNextAvailableDriveLetter = "A"
        Else
            GetNextAvailableDriveLetter = Chr(Asc(GetNextAvailableDriveLetter) + 1)
        End If
    Loop
End Function