What's new on shawnbass.com

Virtual Desktops - Myths and realities...

shawn@shawnbass.com — 2/28/2010 10:32:17 AM

If you're available on Tuesday March 2, 2010 please join me and five vendors of virtual desktop technology (Citrix, Microsoft, Quest, Symantec, and VMware) for a webinar that's sure to please VDI fans and opponents. The webinar will be held at 1:00 pm EST and will go until 2:30 pm EST. We're planning on having about 60 minutes of panel discussion where I will ask all five vendors questions that I've created based upon real world challenges people are having with VDI. Then we'll be opening the discussion up to audience questions for the remaining 30 minutes. If there's something you want to know about VDI, this is the time to get your questions answered. For more information and to register for this great session please visit Laura Whalen's blog entry that has all the details here.

With well over 1,000 attendees already registered, this is an event you don't want to miss. Also, you have a chance of winning a free pass to Citrix Synergy!

More...

App-V 4.6 is here (64-bit goodness can commence)

shawn@shawnbass.com — 2/23/2010 9:28:34 AM

Microsoft posted on their MDOP blog that App-V 4.6 RTM'd on Friday. Oh and there was something or other posted about Med-V. So back to App-V ;) 4.6 RTM includes support for 64-bit Windows platforms which means you can get a functional deployment of Windows 7 64-bit and more importantly you can begin your projects to rollout 2008 R2 with a supported 64-bit App-V client. Now all we need is a supported release of Citrix XenApp for 2008 R2 and we're golden. Read more about the App-V 4.6 RTM here.

More...

Advanced Citrix Training in Oslo, Norway is sold out. Don't worry though, there's another one in Malmo, Sweden!

shawn@shawnbass.com — 2/10/2010 12:54:39 AM

My Olso, Norway training class scheduled for March 22-26th is full. There are open seats in the Malmo, Sweden class that is running April 19th-23rd. If you want to get a chance to attend the Advanced Citrix class while it's still in Europe then sign up for Malmo. Registration information for Malmo can be found here.

More...

Advanced Citrix training schedule posted for 2010

shawn@shawnbass.com — 12/16/2009 12:08:46 AM

I've just posted up details on the schedule of classes for 2010. There are currently four scheduled classes next here in the following locations and dates:

Oslo, Norway Mar 22-26
Chicago, IL May 24-28
New York, NY Aug 9-13
San Diego, CA Nov 8-12

More...

MS Releases Hotfix Rollup Pack 6 for App-V 4.5 CU1 (fixes the file system race condition I blogged about previously)

shawn@shawnbass.com — 12/15/2009 11:20:09 PM

More...

Installation of MS patch KB973917 might break Citrix Web Interface sites

shawn@shawnbass.com — 12/14/2009 10:54:39 AM

More...

Who says Citrix doesn't listen to their customers? New XenDesktop 4 licensing models introduced (including CCU)

shawn@shawnbass.com — 10/20/2009 1:05:18 AM

Sumit Dhawan has posted a blog entry describing licensing changes that Citrix has made in response to direct customer feedback. While I assumed that Citrix would eventually breakdown and agree to support additional licensing models, this is more comprehensive than I expected they would do. The models are now:

Per user licensing (this is still per user and not named user)
Per device licensing (XD can be used by unlimited users on a given device) - New option that's great for factories, healthcare, shift workers, etc.
Campus-wide licensing program - New option that would be great for educational markets and mirrors the model of Microsoft's Campus licensing program
New Edition of XenDesktop (VDI Edition) - Essentially what the old XenDesktop Advanced Edition was before it was killed off. This will include Citrix Provisioning Server, StorageLink for XenServer, and User Profile Management. This edition is capable of being licensed per user/per device or on a CCU (concurrent user basis). The trick here is that the CCU model requires the $199/ccu sticker price. This effectively means that there is no longer a CCU option at $99/user (which is what the old Standard Edition was). Citrix claims this is due to not a lot of customer uptake of the Standard Edition product. While that may be the case, Standard Edition was perfect for those who wanted just the ICA protocol and weren't interested in doing Provisioning Server, etc. If this is the worst of the licensing changes, I suppose customers will have to deal with this and just accept it. It certain puts customers in a much better place.

All of the above being said, it'll be VERY interesting to see how the licensing happens for all of this. There's already some licensing challenges and now that there's multiple different license types available, it'll be interesting to see how these licenses get deployed, allocated, revoked and troubleshot.

All in all a prettty good move by Citrix.

App-V 4.5 File System race condition found and fixed

shawn@shawnbass.com — 10/5/2009 7:57:56 AM

If you follow me via Twitter, you're probably aware that I've been working on a bug in the Microsoft App-V 4.5 Client for the last few weeks. This particular bug has been occurring randomly at a client site of mine. User's that have a particular App-V application will sporadically receive the following error message when trying to start the application:

The text of the error message is "This application has failed to start because the application configuration is incorrect. Reinstalling the application may fix the problem. Error code: 4505CD-1F702639-000036B1"

At the same time as this launch failure, the following event log entry is logged in the System Event Log

The details of this event log entry are this:

Source: SideBySide

Category: None

Type: Error

EventID: 59

User: N/A

Description: Resolve Partial Assembly failed for Microsoft.VC80.CRT.mui. Reference error message: The system cannot find the path specified"

Background on the error:

This issue would randomly occur with Office 2007 SP1 App-V package, but the issue was very rare. However, we had one sequenced application (BMC Control-M) that it would occur around 1 in 5 launches. At first we suspected some kind of software conflict. When you're in an environment with 2000+ applications across 20k desktops, it's not unheard of that some broken package might be overwriting some key DLLs, etc. This suspicion was raised because the launch failures were not occurring for all users of the application. More on why later. Anyway, we began with the typical things like re-installing the .NET Framework, re-installing the VC++ 2005 SP1 runtime and while we had limited success after doing so then problem was still there. After messing around re-instaling a few applications, we decided to take our desktop build down to the absolute minimums and try to repro the issue. Even with the build at the very basic OS components, we could still reproduce it. I decided to try an OS build straight from media to avoid any kind of customer OS modifications. To my delight, the problem did not recur on my fresh OS build from media. We later discovered that it had more to do with this system being a VM than it did with the system being a fresh OS install.

On to the problem discovery:

One of the guys that I work with at this cilent site (we'll call him Bob) had an ancient laptop that was already lifecycled off the books, but he still had possession of it. When Bob ran the Control-M package on his ancient laptop, he couldn't reproduce the issue once. When Bob informed me of this, we both started thinking "Is it because this machine is slower and therefore the client is taking longer seeking the hard drive and preventing the problem from occurring? Or is it because this system has a single CPU whereas everything else is running at least two CPUs due to Hyperthreading or Dual Core?"

Let's test the multiple CPU theory:

The first test for the multiple CPU condition was an easy one. Simply add a second CPU to my VM that was consistently working and see what happens. I did just that and voila the problem began occuring on my VM (not as frequently as on the physical desktop hardware though so system speed appears to have something to do with it too).

The second test was to take one of our dual processor systems (in this case a hyperthreading machine not a true dual core) and alter the boot.ini to include the /onecpu switch which forces Windows to ignore the 2nd logical processor. To our excitement, this system began working 100% of the time despite having failed regularly before.

Now we've proven it, now what?

Before we give up and call Microsoft, I wanted to ensure this wasn't fixed in CU1 or any post-CU1 hotfix rollups otherwise that would be a wasted premier support incident. I downloaded and installed CU1 and the July hotfix rollup. No difference in error frequency.

On to Microsoft support:

Now that we've confirmed this isn't something that's already fixed, we opened an incident with MS Premier support. We provided all the details on how to reproduce the issue and even sent our problem package off for testing at Microsoft. They were able to repro the issue in their labs. After about a week of back and forth and the issue going up through escalation, Microsoft confirmed the existence of a race condition bug in the App-V File System in three different places and that they would be working on a hotfix.

And the fix....

Microsoft created a fix for the three race condition bugs and they will be including it into the September 2009 Hotfix Rollup Pack which currently has KB974278 This KB is not currently public, but I would expect it to go public in a few weeks. If you desperately need this fix before then, you should contact Microsoft Support to obtain it as I will not hand out any non-public hotfixes.

Citrix releases Secure Gateway 3.1.2

shawn@shawnbass.com — 8/29/2009 10:49:03 PM

I previously blogged about a memory leak in Secure Gateway 3.1.1 and that you should avoid it. Citrix has released Secure Gateway 3.1.2 that fixes the memory leak in 3.1.1. Get it at CTX122212.

I'm presenting at the Fall Citrix User Group Norway in Geilo, Norway on Oct 7th-9th

shawn@shawnbass.com — 8/20/2009 9:34:34 PM

I'm pleased to announce that I'll be presenting three sessions at the Fall Citrix User Group Norway event in Geilo, Norway from October 7th to October 9th. There will be plenty of great speakers coming including Simon Crosby, Rich Crusco, Rick Dehlinger, Benny Tritsch, Rene Vester and Alex Yushchenko. The event is going to be held at the Dr. Holms Hotel in Geilo. Very much looking forward to attending and thanks to the cug.no group for inviting me to speak there. Details on the agenda of the event are not public yet, but I'm sure they'll be posted online soon at the cug.no website.

Advanced Citrix Training class posted for November 2nd - 6th in Las Vegas, NV

shawn@shawnbass.com — 8/20/2009 9:26:37 PM

I've just posted up details on the November 2009 5-day Advanced Citrix training class that will be held in Las Vegas, NV. This class is a great opportunity for people who administer Citrix environments to get deep understanding of how Terminal Services and Citrix XenApp environments really work. We'll also discuss server virtualization, Provisioning Server, XenDesktop, etc but the class is primarily focused on XenApp. This class is not made for people who are new to Citrix and we don't spend time on pointless lab exercises that you can do without an instructor there. This is 5 days full of in depth technical lecture and best practices sharing. You don't want to miss this.

The 5-day master class is $2895 USD and there's a maximum class size of 16. Full details of what is covered in the class as well as details on how to secure a seat is located on the training page. Hope to see you there!

Weblogic Workspace (and other apps that use JVM) may crash after deploying Citrix XenDesktop 3.0 Virtual Desktop Agent

shawn@shawnbass.com — 8/4/2009 1:02:14 PM

At a client of mine we're steadily rolling out 3k instances of XenDesktop. One issue that surfaced early on is that Weblogic Workspace v10.2 crashed on launch after the deployment of the Citrix XenDesktop Virtual Desktop Agent (VDA). The client had packaged/certified the 3.03.059 release of the VDA. After deploying the VDA and rebooting, user's of Weblogic Workspace 10.2 were unable to launch the application. The crash that would appear is this:

It turns out that this particular issue is caused by applications that attempt to acquire a large allocation of memory during startup. Something about the XenDesktop VDA breaks this ability. The good news is that Citrix has found this issue and corrected it in the new XenDesktop 3.0 Feature Pack 1 VDA (3.1.3236) which can be downloaded at CTX121590

The specific fix in this VDA that resolves the Weblogic issue is:

If an application requests a large block of contiguous memory, the allocation might fail.
[From XDE310VDA001][#207792]

Yet another situation that upgrading to the latest and greatest and sometimes be a good thing. The good news is that this VDA can be installed right on top of the existing VDA without incident.

XenDesktop (ICA Client) experiences long logon delay and also freezes when minimizing and maximizing or when locking and unlocking local PC

shawn@shawnbass.com — 8/4/2009 10:41:52 AM

A client of mine experienced some slowness/freezing of XenDesktop 3.0 sessions when used from India. The slowness is experienced during logon, but also during a minimize/maximize of the XenDesktop session or during an unlock of the local PC. Here is the background of this issue and what was done to mitigate the issue.

Background: Client uses folder redirection of Application Data folder. That AppData folder is currently redirected across the WAN because of lack of infrastructure in India. Yes, I realize this is an extremely bad practice, but it's what they decided to do and it's what I currently have to deal with. Client PCs are in India. XenDesktop VMs are in Chicago. Circuit is 9MB bandwidth and approximately 270 ms of round trip latency.

Issue: Desktop Receiver takes approximately 90 seconds to complete the logon to a hosted desktop. However, this delay is a one time daily expense so was workable, however the bigger problem is that any time the hosted desktop was minimized and maximized or if the local PC was locked and unlocked the screen would freeze for 30-60 seconds before allowing the user to interact with their desktop. This issue was much more frustrating for the India staff.

Root cause: Through WAN emulation and some Wireshark traces both problems were identified to be caused by the AppData Folder redirection. Specifically it was the Desktop Receiver client attempting to read/write to the various INI/Log files from the ICA Client folder (Appsrv.ini, UIState.ini, Wfcwin32.log). This is NOT a XenDesktop issue, but is related to the ICA Client itself.

Solution 1: Shut off AppData redirection across the WAN. While this is definitely the best case solution, it wasn't practical to do at this time. There are over 3,000 desktops at this site (not all through that single circuit of course) and there is not sufficient infrastructure for local folder redirection at this moment. In addition, folder redirection policy is tied to file server-based GPOs. Since the India resources logon to both local PCs that are receiving GPO as well as remote hosted desktops that receive GPO, there isn't an easy way to solve this folder redirection solution unless we perform loopback policy and restrict it to the local machines which causes issues since there are some people that hotel the same machines that require localized folder redirection. Ultimately this issue will be resolved, but it's going to take some effort to fix.

Solution 2: Find a workaround until the AppData redirection can be localized. In pursuit of a workaround, a Wireshark trace of the traffic was taken and I found multiple redundant QUERY_PATH_INFO calls to the file system structure of the redirected ICA Client folder in AppData. In researching the redundant QUERY_PATH_INFO calls, it appears that there is an optimization for Windows Explorer where Windows Explorer can cache the contents of a directory/file listing in order to prevent multiple QUERY_PATH_INFO calls to the same remote file server. Microsoft made a change in Windows XP to no longer cache long file name paths whereas in Win2k and below, the cached both 8.3 names as well as LFNs. Since Application Data resolves to a long file name (LFN), it is not cached and causes repetitive QUERY_PATH_INFO calls across the network every time that file system data is requested. Explorer also tends to walk the directory path in order to seek desktop.ini files which compounds the problem. The solution to the issue is to get Windows Explorer to cache the long file name paths which dramatically reduces the multiple redundant QUERY_PATH_INFO calls. The ICA Client still needs to go across the WAN to read the INI files, but there's a dramatic impact on the total time required to do so. After making the modification to the local XP workstations, the logon time dropped from 90 seconds to 60 (which is still high of course, but is a once per day delay). More importantly, when minimizing/maximizing or unlocking the local PC, the desktop refresh is subsecond whereas it was 30-60 seconds of freeze beforehand. The specific optimization is named InfoCacheLevel and is found under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MrxSmb\Parameters. The value needs to be set 10 decimal or A hex. More information on this registry setting can be found here:

http://support.microsoft.com/kb/834350

I've sent this info to Citrix so perhaps it'll make it's way to a KB article. It's certainly a niche situation, but perhaps someone else might run into this. To re-iterate, this is NOT a XenDesktop problem but is an ICA Client issue. It just happens that the client was using XenDesktop when the issue was discovered.

Beware of Secure Gateway v3.1.1 - it has a major memory leak that will take down your WI/SG environment (UPDATE)

shawn@shawnbass.com — 7/17/2009 8:18:29 PM

After having just migrated a customer from Web Interface 3.0 + Secure Gateway 2.0 to Web Interface 5.1 / Secure Gateway 3.1.1 I had the unfortunate pleasure of finding a memory leak in Secure Gateway 3.1.1. After some period of time (hours/days depending on how busy your SG environment is) the private bytes in use by the Secure Gateway service climbs to a point where it stops functioning. When this happens you're down. What's worse is that if you're using traditional port monitoring on a hardware load balancer, the SG Service still listens on 443 so your load balancer won't direct users away from the non-functional Secure Gateway host. About three days ago Citrix pulled the Secure Gateway 3.1.1 download as visible on CTX121012 However that doesn't help me much since my customer was turned up a few days prior to it being pulled UGH!. Anyway, I'm now in the process of uninstalling SG 3.1.1 and installing 3.1 in it's place (which sucks because 3.1 has a security vulnerability). Hopefully Citrix will put out a fixed 3.1.1 release and more importantly hopefully they start communicating these types of things through their blog, etc.

UPDATE: Citrix has released Secure Gateway v3.1.2 that resolves the memory leak. Get it at CTX122212.

Finally someone who "gets" cloud computing

shawn@shawnbass.com — 5/1/2009 11:19:58 AM

Hoff tipped me off to this great audio recording of Larry Ellison speaking on "What the hell is the cloud?". It's an enlightening bit of audio that reflects some of my thoughts on the hype surrounding cloud computing. Definitely an entertaining listen.

Introducing O3D: Google introduces new standard for 3D applications within the browser

shawn@shawnbass.com — 4/24/2009 12:07:01 AM

Just stumbled upon this today. Initially I though this was an extension of the April Fools day joke about Chrome automatically rendering web pages in 3D, but it seems legit. Checkout the full blog entry here.

There's a pretty sick video demo shown in the blog entry. Check it out.

Microsoft announces cumulative update release of App-V Client that works on Windows 7 and that TAP for 64-bit App-V will be 1st Qtr 2009

shawn@shawnbass.com — 2/27/2009 7:36:19 PM

There are two things that have slowed investigation of Windows 7 and 64-bit Terminal Services for many Enteprrises. Those two things are App-V not supporting Windows 7 (yes, I know Windows 7 isn't released yet) and the lack of support for 64-bit in App-V. Microsoft has released immediately (for MDOP customers) an App-V 4.5 CU1 release that works on Windows 7. In addition, they've announced that they'll be opening up the TAP for App-V 4.6 which will support 64-bit Windows (TS is the big use case here) in Q1 2009. I happen to have a customer that is running App-V 4.5 right now that is definitely looking forward to both of these things, so it's very exciting news.

Read more about these two exciting items at the MDOP blog item here.

Beware of McAfee AntiVirus Enterprise 8.7 upgrade

shawn@shawnbass.com — 11/26/2008 1:17:14 PM

A client of mine recently rolled out their upgrade from McAfee 8.0 Enterprise to 8.7 Enterprise. On the Citrix server environment we had two major application failures that were the result of the McAfee upgrade uninstalling the MS XML 4.0 Parser on the servers. There were two applications on the production Citrix environment that required the MS XML 4.0 Parser and they both stopped working following the upgrade. Unfortunately, the issue was not caught in Lab/UAT testing and was only found after McAfee went out to production. To make matters worse, something went wrong with the deployment mechanism and the McAfee upgrade went to all servers in one blast whereas the server team usually pushes in 2-3 separate sets of server groups. All of that combined = FAIL

So McAfee is responsible for the outage, right? WRONG!

What the Mcafee installer was doing was proper behavior. It had incremented the shared component registry entry for MSXML4.dll when it was installed on the servers. The shared DLL component dependency counters are stored in HKLM\Software\Microsoft\Windows\Current Version\SharedDLLS. Here's an example listing 5 installed apps that depend on MSXML4.dll on my workstation PC (see the DWORD 5 next to MSXML4.DLL).

Every time a program installs that depends on MSXML4.dll (or any other shared windows DLL), it's supposed to read the existing counter value, increment it, and then write it back out. Upon uninstalling that program, the installer engine is supposed to read the counter, decrement it, and write it back out. However, if the value of the counter is 1 and a program is uninstalling that has a shared dependency on that DLL, it's supposed to uninstall that component and remove the shared component counter from the registry. See, everyone is supposed to tidy up after themselves.

Windows Shared DLLs + Dumb Developers = FAIL

So in my client's situation, they had two applications that apparently required MSXML 4.0 Parser, but those apps never bothered to increment the shared DLL counter in the registry when they were installed. This is usually due to a dumb developer that doesn't realize that the component has to be registered with the installer engine in order to properly install and register the shared DLL component. So when McAfee Enterprise 8.0i went to uninstall, the installer engine noticed that the value of the shared component registry entry was 1and subsequently ran a removal process for the MSXML 4.0 Parser. This equals failure for the two apps that need MSXML.

So how do you know you've been affected?

1) If you're lucky, the application will complain about not being able to find the MSXML4.dll, or not being able to instantiate a object for the MSXML4 DOM. If you're not that lucky, then...

2) FileMon / ProcessMonitor from SysInternals will pinpoint the issue. Simply run it before launching your application and when you reach the place in code where the app is crashing or throwing an unexpected error, you'll see messages in the log where it was attempting to locate MSXML4.DLL in the search path and failing.

How do you fix it?

Download MSXML 4.0 SP2 Parser from Microsoft and install it. You can do the install manually or push it with whatever ESD system you're using. The MSI installs quite nicely with Citrix Installation Manager if you only have that.

Stay tuned for another entry from me regarding this issue with respect to application virtualization since it has some unique properties that make this particularly challenging...

Failure to run Windows Update with error 0x80070020 on Server 2003

shawn@shawnbass.com — 11/26/2008 12:12:43 PM

I was recently running some Windows Update patches on one of my client's Server 2003 boxes (they aren't using a patch management solution) when I ran into a strange error that stated the Windows Update site could not be accessed and the error message listed was 0x80070020. This message did not appear while trying to install the updates, it appeared right after the selection for Express vs Custom. I chose Custom and it's supposed to query the available patches for the server, but instead I was greeted with error 0x80070020. In doing some reason on this error I found that it's related to a file locking issue. Some people on various forums reported issues with BitDefender AntiVirus on Windows XP and Vista as the source of the issue. While they're not running BitDefender on their server (they run eTrust), it was worth looking into. I also found KB883825 which also lists Anti-Virus as a potential source of issues for Windows Update. So I temporarily stopped the Realtime A/V scanner and voila! Windows Update website began working again.

VMWare Server 2.0 fails installation with Windows Installer Error 1718 - MSI was rejected by digital signature policy

shawn@shawnbass.com — 11/26/2008 11:06:12 AM

I was recently installing VMWare Server 2.0 (the freely available VMware virtualization platform) and I found that after the installation initialized it threw this error message:

In doing a quick bit of research, I discovered that this is some type of an issue with Windows Installer engine with large MSIs. Essentially Windows Installer is unable to allocate the necessary virtual memory to verify the integrity of the MSI. The strange part about this issue for me is that this server has 6 GB of RAM and there's absolutely nothing else running on it....Strange eh?

Anyway, MS has a hotfix for this issue. Download and install KB925336 and you'll be good to go.

When's the last time you did a good spelunking?

shawn@shawnbass.com — 9/30/2008 5:31:24 PM

Ok, so it sounds like it would be something digusting or obscene, but it's not.

I'm currently in the middle of troubleshooting some MSI / MSP installation issues on a Citrix server and I've come across a very common MSI info message that always makes me chuckle. Here it is:

MSI (s) (04:30) [11:09:24:439]: Found shell folder by spelunking through the registry.

According to Wikipedia, spelunking is the recreational activity of exploring caves. While exploring caves has nothing to do with traversing registry hives/keys, it does remind me that even those developers at Microsoft (that everyone loves to hate) have a sense of humor.

Why doesn't Microsoft have memory overcommit / transparent page sharing?

shawn@shawnbass.com — 9/25/2008 5:21:04 PM

Helge Klein from sepago put up a blog entry today discussing the memory overcommit feature of VMware's flagship ESX product and how it has a very favorable impact in the VDI space since you're running lots of copies of MS Windows with the same (or similar) applications on them, etc. (this is likely the result of large amounts of transparent page sharing) Helge also mentioned that Microsoft and Citrix both do not have this feature at this time and are downplaying the significance of it. Helge believes it's this way because Microsoft simply doesn't have this feature now. While I tend to agree that there probably is some level of wordplay to de-emphasize the competitors product that has a feature that your product doesn't have, but I also wonder if there isn't another reason why Microsoft wasn't so quick to implement this feature. Keep in mind that both Vista and Server 2008 have implemented Address Space Layout Randomization (or ASLR) as a tactic to reduce the likeihood that OS exploits can compromise a host system. I have not seen anyone comment on whether or not transparent page sharing works with ASLR or not. I would assume that even if it did work, it probably wouldn't be as effective as it would otherwise normally be. Assuming that's the case, perhaps Microsoft has pushed off this feature since it's not something that would greatly benefit Vista/2008. Everyone knows that Microsoft always has higher level of focus on their newer operating systems than they do on the legacy stuff. Perhaps because of this (and my theory on ASLR's impact to transparent page sharing) they haven't pushed this higher in their priority list for Hyper-V development. Can anyone out there comment on the effectiveness of transparent page sharing with ASLR? Perhaps since's MS's ASLR implementation is rather limited you wouldn't get quite as penalized as a full blown ASLR implementation. However, without having tested any of this I can only speculate.

Best...error...dialog...ever!

shawn@shawnbass.com — 9/24/2008 4:34:48 PM

I was playing catch up on a blog entries I had been meaning to get to over the last few weeks and I stumbled across this blog entry from Aaron Parker where he describes a ridiculous Oracle Forms error dialog that simply tells the user the please acknowledge the message by clicking Ok. There's no cancel dialog, there's no information passed to the user, just a stupid dialog box with no meaning. I lol'd for some period of time before remembering my own encounter with a really dumb dialog box recently. Here it is in all of it's condescending glory:

I mean what exactly did the software developer think was going to happen when a user saw this message? Don't all untrained users have the ability to damage an application (as in ANY application)? Heck, I've seen trained users that seem to possess this elite skill. I guess they were hoping that a true boob would see this message and say "Oh jeez I didn't know I could DAMAGE the system, I better click No until I go through proper training". Congrats software developer, you've just caused me to lose untold numbers of brain cells. UGH!

Upgrading to MS App-V 4.5 (fka Softgrid) FAQ

shawn@shawnbass.com — 9/23/2008 2:06:27 PM

Courtesy of the MS App-V blog, I came across a blog post that directed me to an FAQ that Microsoft has posted on their website with frequently asked questions regarding the process for upgrading App-V Clients and Servers to the 4.5 code that was just released. The FAQ has some great items that describes the upgrade order as well as what compatibility there are for 4.1/4.2 packages moving to 4.5 clients/servers as well as what happens to the SGCache and User Preferences (usrvol*.pkg). It's a great read. The only thing I find a little strange is references to the 4.5 Terminal Server client, which seems to not be in the 4.5 code on MVLS. Strange...

More App-V 4.5 (fka Softgrid) news (4.5 binaries available and SPLA license forthcoming)

shawn@shawnbass.com — 9/15/2008 10:57:36 AM

This is just a quick update on my previous blog entry announcing that Microsoft had reached the Release to Manufacturing (RTM) milestone on App-V 4.5. Two new things that I've learned are:

1) Microsoft has posted the App-V 4.5 bits on the Volume Licensing website per this Softgridguru forum posting. Unfortunately, I still don't see anything up on MSDN :(

2) Microsoft is working on a SPLA (Service Provider Licensing Agreement) for App-V 4.5 per this MDOP blog news. This is great news for those organizations that offer up hosted Citrix / VDI environments.

Lutz Roeder's Reflector being taken over by Red Gate Software

shawn@shawnbass.com — 8/26/2008 4:32:18 PM

IMHO, Reflector is probably the single most important .NET software development tool next to Visual Studio itself. Don't believe me? See Scott Hanselman's "The Big 10 Life and Work-Changing Utilities" list from 2007. I use it constantly when trying to decompile someone's existing .NET code to fix a bug or rewrite it, etc.

So today I got an email in my inbox today from Lutz Roeder mentioning that he was ceasing development and that the tool was being taken over by Red Gate Software. Before I make any comments, I'd like to first express my gratitude to Lutz for 8 long years of development on a tool that he shared with everyone for free. The tool has been indispensible to me over the years.

Now on to my thoughts:

First I think that something like Reflector might be best served by being opened up to the open source community rather than existing within the realm of a commercial entity. That being said, Red Gate software has already agreed to continue making a community edition of Reflector (and plugins) available for free from it's website. While I always question the motivation of a commercial entity behind free versions of software, I also have a lot of respect for Red Gate software as they make some really cool tools. My personal hopes are that they do continue development of Reflector and continue to increase the features in the community version that they make available for free. I just hope they don't require people to purchase in order to get new features.

Click here to read an interview with Lutz and James Moore (Red Gate) about the new ownership of Reflector.

Again, a million thank you's to Lutz for all the years of hard work on this indispensible tool.

Al Solorzano on Group Policy Preferences

shawn@shawnbass.com — 6/2/2008 9:52:24 AM

Al Solorzano recently posted a nice article on Group Policy Preferences over here. If you're not familiar with Group Policy Preferences, it's the technology that Microsoft acquired from Desktop Standard. GPP is a nice way of extending management reach to registry settings that were previously not able to be managed by Group Policy (at least not without those PITA Administrative Templates anyway). There's also some powerful capabilities for filtering that are largely lacking from Group Policy. While out at Citrix Synergy a little over a week ago, I had the pleasure of some great conversation with Al at a group dinner outing. Al is extremely knowledgable about a variety of technologies and I highly recommend following his blog (if you don't already). Al's blog can be found here.

XP SP3 officially re-released

shawn@shawnbass.com — 5/6/2008 3:47:44 PM

Microsoft has officially re-released Windows XP Service Pack 3 today. Get the full download here.

Lots of SQL injection flying around the internet...Are you performing input field validation?

shawn@shawnbass.com — 4/29/2008 4:56:57 PM

For those not familiar with SQL injection, it's in it's simplest form a method of injection a SQL statement into a database server by way of hiding it in a web parameter. There's a more detailed explanation here.

Anyway, I wanted to throw together a quick blog entry on this because SQL injection is a very common issue that affects a large number of public websites. Most of the webmasters are not even aware that their web site exposes them to SQL injection. Recently, there's been a flurry of activity and news on the Internet about a large amount of SQL injection attacks that are being used to spread malware.

This particular form of SQL injection appears to have been done by a bot and it also appears that most of the sites were targetted by their page rank in search engines. Hah! Sometimes it pays to be the little guy. Anyway, there's various mentions on the Internet on how to know if you've been compromised so I'm not going to go into that. What I would like to bring up is that this is NOT a Microsoft problem per se. It's a problem with poorly written web applications, which one could possibly attribute to Microsoft for making development so easy but I don't think that helps the situation. Microsoft did publically acknowledge this issue here and stated that it's not a particular vulnerability with IIS or SQL (which is actually true). However, what they don't state is that this is a developer education issue and people need to start taking responsibility for teaching their developers safe coding practices.

For those interested in learning more about SQL injection, check out the links I posted above. Also check out some of the SQL injection toolkits located here.

Finally, for information on how to combat SQL injection, here's a few things that may help:

Scott Guthrie on Guarding Against SQL Injection

MSDN Patterns & Practices on How-To Protect Against SQL Injection in ASP.NET

One final thing: While most of this article talks about things from a Microsoft ASP/SQL point of view, SQL injection is not exclusive to Microsoft products and can occur on a variety of web and SQL platforms. Things just tend to get a bit more sensationalized when dealing with MS products.

Whole Disk Encryption ineffective?

shawn@shawnbass.com — 2/26/2008 9:48:11 AM

There's a lot of buzz in the security industry right now after a paper was published by some researchers from Princeton University that demonstrates how whole disk encryption systems can be completely thwarted by obtaining the encryption keys from a laptop's RAM. How is this possible? Well, when an Operating System is in sleep mode the decryption keys are stored in memory to allow the operating system to boot back up and continue accessing the encrypted disk. In addition, different RAM chips decay their memory contents at different rates when power has been removed from the RAM chips. Cooling the RAM chips can slow that decay rate upwards of 10 minutes by using a simply air duster can turned upside down. Once the RAM chips are cooled, their contents can be dumped by booting to a USB disk with memory extraction tools, or if you're unable to change the boot order, the chips can be removed and transferred to another system where the contents of the RAM chips can be extracted. Once the contents of RAM is extracted, code can be run to retrieve the encryption keys which can then be used to decrypt data off the disk. Scary eh?

The original paper by the Priceton researchers can be found here.

There's also coverage of the issue by the SANS ISC here (including a video that demos the issue) and here (provides guidance for known whole disk encryption software).

Currently known affected products are Microsoft Bitlocker, Apple's FileVault, and TrueCrypt. At the second ISC link, there's information that PGP WDE and Utimaco SafeGuard are also vulnerable. No news yet from CheckPoint PointSec. However, one would assume that almost all whole disk encryption vendors would be vulnerable to this.

How do you safeguard against it? Power down your system instead of sleeping or hibernating.

Citrix announces Workflow Studio tool for automating repetitive tasks. Is this FullArmor in disguise?

shawn@shawnbass.com — 2/14/2008 9:06:51 AM

Citrix has recently announced a new product called Workflow Studio that is a tool for putting together a visual workflow for completing repetitive tasks. This workflow would then leverage PowerShell scripts to complete the individual tasks. What's interesting about this tool is that Citrix has mentioned that it came from an unmentioned technology acquistion/partnership. From my perspective, it sounds an awful lot like FullArmor's Workflow Studio product that was announced in July 2007. It's also got the PowerShell community wondering the same thing. Folks like Karl Prosser of the amazing PowerShell Analyzer and PowerShell Plus products questions the same thing in a blog entry on his site. For those looking for more information on Workflow Studio, Rich Crusco from Frameworkx.com put together a multi-part series on Workflow Studio. Is this the Full Armor product or what?

Exchange 2007 SIS and Entourage 2008 new features

shawn@shawnbass.com — 2/11/2008 6:11:11 PM

A ton of things have been happening in the Exchange world that I've not been keeping up with very well, but I did come across two items that were of particular interest to me that I thought I'd share.

First, the MS Exchange Team has put up a blog item discussion a feature of Exchange that's been around a long time (Single Instance Storage). SIS is a technology that was introduced in Exchange 4.0 that allows for an email to only exist once in the Information Store for multiple different users (if those users are on the same system). So if an email (especially an email that contains attachments) is sent out to 10 different users, the Exchange server will only keep one copy of the email and all users will reference that copy. There are some changes with SIS in Exchange 2007 namely that it only performs Single Instance Storage of message attachments, not of message bodies. This makes perfect sense when you think about it considering that most of the storage that you'll consume on your Exchange server is related to attachments more so that simple text. Simple text is small and generally irrelevant whereas attachments kill you. This is particularly true since 90% of the organizations I've consulted for seem to think that Email = File Server. You can read further about the reasons why the Exchange Team made this decision in the blog post here. Ultimately it came down to a trade off between storage savings and IO Operations. Ultimately storage is cheap, IO is not.

The second thing I want to cover in this blog item is a discussion about the newly released Office 2008 for the Mac and Entourage (the Outlook equivalent for you the non-Mac people out there. Office 2008 for Mac is a completely new beast versus Office 2004 for Mac. Luckily Amir Haque from Microsoft has written about many of the new features in Entourage 2008. The two part blog item can be found here: Part 1 and Part 2. An excellent read.

Microsoft makes $44.6 billion dollar merger bid with Yahoo

shawn@shawnbass.com — 2/1/2008 8:30:23 AM

According to Microsoft's Press Pass website, Microsoft has extended another offer to Yahoo for a corporate merger. From the sums of money involved, it would seem that Google is a bigger threat to Microsoft than VMWare is. The question is, would this truly position Microsoft in better territory to fight Google? I'm not so certain of that, but they would definitely get a higher chunk of the advertising revenue that's out there.

My Macbook Pro keyboard WILL live to see another day thanks to a Software Update

shawn@shawnbass.com — 12/20/2007 9:21:14 PM

If you've been following my blog you'd know that I'm a recent Mac ~~convert~~ trial (can't call it a convert when I have 15 other Windows PCs in the house). Anyway, when I bought my Mac it came with OSX 10.4 on it, but there was a 10.5 Leopard disc that was shipped in the box as a free upgrade. Well, you can't go sticking a free software upgrade in the box and let it sneak by me without immediately installing it. So I've been using Leopard since I first got the MacBook Pro. Generally I've had a lot of success with it, aside from a minor nuance with the wireless that never seems to work unless I reboot my wireless router (seems to be Mac related though since other Windows systems are able to use the wireless router during this time). The inexcusable problem though has been a frequently occuring loss of keyboard functionality that varies from 30 to 60 seconds. During this time, the touchpad continues to work but no keyboard keys register (including the function keys). For a while I considered that maybe my inept ability with Mac left me in some weird function key toggled mode, or I had a stuck key or something like that. Or even that my usage of VMware Fusion was somehow leaving my keyboard in a VM-controlled state or some such nonsense. However, a quick Google search tells a different story. TONS of Mac users are experiencing the issue since their upgrade to Leopard. Anyway, I finally spent a few cycles today investigating this issue and I found out that Apple has released a patch for this two days ago. You must have upgraded to 10.5.1 in order to use the patch. I've applied it and so far (crossed fingers) I haven't had any keyboard loss.

shawnbass.com RSS feed is moving! Please update your feed readers...

shawn@shawnbass.com — 11/21/2007 11:46:38 AM

I'm moving my existing RSS feed as I'm changing modules out that supplies my RSS feed. To prevent this kind of thing from happening again, I've setup a 301 permanent redirect of http://www.shawnbass.com/rss.aspx which will permanently link to my RSS feed no matter where I decide to relocate it in the future. For now, it will move to FeedBurner, but the above link is what you should point your readers to.

I feel dirty...

shawn@shawnbass.com — 11/9/2007 2:34:41 PM

So my Toshiba laptop started acting up this past week while I was teaching a class in Orlando. I didn't want to risk the laptop locking up on me while in class, so I went out one evening and picked up a new laptop. I'm writing this blog entry from the new laptop. Here's a quick photo of it:

Now do you understand why I feel dirty? I can't even begin to tell you how much crow I'm gonna have to eat when my sister-in-law (longtime Mac bigot) finds out that I bought one. It'll be never ending "I told you so"'s

HD Moore begins first steps to make iPhone a powerful hacking platform

shawn@shawnbass.com — 9/26/2007 8:21:41 AM

HD Moore's Metasploit is an invaluable free tool that's used by many to perform penetration testing of their systems. Recently, HD blogged about buying an iPhone and beginning the process of porting pieces of the Metasploit platform to the iPhone. What does this mean? It means a portable handheld pentesting platform! Perhaps HD should get a copyright on iSploit now

Read the entire blog entry here. Good times ahead!

Where's that Microsoft 'insert team name here' team blog?

shawn@shawnbass.com — 9/22/2007 12:08:15 AM

Microsoft has definitely embraced blogging as a means of providing feedback to their partners and customers alike. It's often difficult to know whether or not a particular team within Microsoft has an official blog or not. Brandon LeBlanc over at The Windows Experience Blog has created a list of the known official Microsoft team blogs. Check out the list here.

Skywing on "Never wake a PC without user intervention"

shawn@shawnbass.com — 9/21/2007 10:43:54 PM

Skywing's debugging/reverse engineering blog is one of many RSS feeds that I ~~keep~~ try to keep current on. He posted an entry a few days ago titled "Never, ever, EVER wake a computer from suspend without user consent" regarding a situation where the Windows Update service woke his PC from standby at 3:00am on a Patch Tuesday. While waking a PC to apply patches isn't a horrible situation, it definitely becomes one when your laptop is zipped up inside a backpack or laptop carrying case. I personally have had this happen to me only once, but it wasn't related to Windows Updates. It was related to a failed standby that I didn't notice for an hour or two (when I finally pulled it out of the bag, the laptop was ready for egg frying). Anyway, the fact is this is a legitimate issue that should be handled by the operating system. The most surprising part of the article for me was the comments that some people left. It seems that some posters believe that this is all Skywing's fault and if he had disabled Windows Updates, or changed the way he was suspending, etc. then this wouldn't have happened. Guys, you're missing the point! The point is that the operating system should be intelligent enough to not wake on it's own to apply patches as the laptop could be in an area that it shouldn't be powered on (i.e. airplane taking off). Bottom line: Windows Update needs to not wake a PC to apply updates without receiving user confirmation, or at a minimum it should force the system back into the same power state that it resumed from after the updates are complete.

Woohoo! Jeffrey Snover (creator of PowerShell) confirms suspicion that PowerShell 2.0 will include remoting!

shawn@shawnbass.com — 9/3/2007 10:52:57 AM

PowerShell 1.0 was released in November 2006 and has already received over a million downloads. I recently came across an article published a few days ago where SearchWinIT.com interviewed Jeffrey Snover (creator/architect of PowerShell) where Jeffrey has confirmed that PowerShell 2.0 will have support for remoting. One of the primary limitations with PowerShell currently is that many of the existing Cmdlets and Providers are designed for local operation only. Those admins that wish to use it for remote operations are forced to either run the code on the actual remote systems, roll your own via WMI/.NET/COM or rely on third party remoting solutions such as the PowerShell Remoting project on CodePlex. I can't wait to see what PowerShell 2.0 will bring. Exciting times ahead!

Updated version of DialMee plugin for Meedio posted

shawn@shawnbass.com — 9/2/2007 11:51:32 PM

So, I'm a huge fan of Vonage VoIP service. I'm also a huge home theater PC (HTPC) freak. So I had an idea that much like peanut butter and chocolate, these two technologies must merge! So a while back I created a plugin for Meedio that allows me to dial telephone numbers in my phone book from the comfort of my couch. Ok, so it is completely the laziest thing in the world, but someone had to do it, eh? Anyway, this update to the DialMee plugin was simply to fix a bug that was causing an error beep on exit of Meedio. I described in my previous post what Meedio is all about, if you missed that.

As far as the technical details of what this plugin does, it relies on phone book entries that were previously imported into a Meedio library. Once you're viewing your contacts on screen you can press buttons on the side of the screen that allow you to dial the person's home, office, mobile, etc. The mechanism used for this is some crazy regular expression matching for attempting to take any inputted US telephone number format and convert it to the 10-digit dialing format that Vonage expects. Next, I make a web request to Vonage's Third Party Call Control to initialize the telephone call. From an end user perspective, it goes like this:

1) Pick up remote control
2) Find contact in phone book.
3) Click button to dial their home/office/mobile, etc. number.
4) Behind the scenes the web request to third party call control happens and your home telephone line (Vonage) rings.
5) Upon answering the cordless phone (you didn't think I'd get off the couch did you?), the Vonage third party call control then dials the destination telephone number and connects the two parties.
6) You talk...on the couch....in your pink fuzzy slippers. Ok, maybe not pink, but definitely fuzzy.

Link to DialMee support thread

Updated version of EvilLyrics plugin for Meedio posted

shawn@shawnbass.com — 9/2/2007 5:29:11 PM

Ok so I'm way behind on the home theater blog, but I uploaded a new stable release of my Meedio plugin for EvilLyrics integration a few weeks back. The plugin update contains the fixes for the new release build from EvilLyrics as well as a fix that was causing an error beep when the plugin was shutdown. What is this plugin? It's a fulltime plugin for the HTPC frontend called Meedio (which I run on all of my HTPC systems connected to every TV in my house...yes my wife loves me dearly to tolerate this crap). The EvilLyics plugin receives messages from the music player and passes the Artist/Song info to the EvilLyrics COM object, which then performs a web request to retrieve lyrics for the currently playing song. When the lyrics are retrieved a COM event is fired and I retrieve the lyrics and publish a datafeed within Meedio containing the lyrics. The lyrics are then displayed on screen in the HTPC interface. Cool eh, no? Ok, maybe just geeky. Anyway, while Meedio is a dead product as it was acquired by Yahoo over a year ago, there are several developers (myself included) that are continuing to develop plugins for Meedio as well as continuing to work on an open-source Meedio replacement product called MeediOS.

Here's a screenshot of what the end result of the EvilLyrics plugin does inside Meedio:

Yeah, it's probably just plain geeky

DefCon 15: Day 1 Wrap-up

shawn@shawnbass.com — 8/9/2007 9:43:17 PM

DefCon 15 Day 1 reviewMore...

Just returned from DefCon 15 - As usual it was a great conference

shawn@shawnbass.com — 8/6/2007 1:52:49 PM

While I've still not caught up (READ: recovered) from the 3 day conference in Las Vegas, I can definitely say that I'm glad I went. I don't have all of my thoughts organized yet on the sessions that I attended, but over the coming days I'll be blogging on a DefCon 15 wrap up where I'll cover my perspective on the sessions that I attended...and those that I walked out of Stay tuned.

Network Monitor 3.1 is released!

shawn@shawnbass.com — 7/2/2007 8:37:23 PM

NetMon 3.1 is released and available on the Microsoft Connect site (the final release on the MS Download site will be posted in a few weeks). Here's a rundown of the new features:

Wireless (802.11) capturing and monitor mode on Vista – With supported hardware, (Native WIFI), you can now trace wireless management packets. You can scan all channels or a subset of the ones your wireless NIC supports. You can also focus in on one specific channel. We now show the wireless metadata for normal wireless frames. This is really cool for t-shooting wireless problems. See signal strength and transfer speed as you walk around your house!
RAS tracing support on Vista – Now you can trace your RAS connections so you can see the traffic inside your VPN tunnel. Previously this was only available with XP.
Right click add to filter – Now there's an easier way to discover how to create filters. Right click in the frame details data element or a column field in the frame summary and select add to filter. What could be easier!
Microsoft Update enabled – Now you will be prompted when new updates exist. NM3.1 will occasionally check for a new version and notify you when one is available.
New look filter toolbar – We've changed the UI related to apply and remove filters. You can now apply a filter without having to UN-apply it first.
New reassembly engine – Our reassembly engine has been improved to handle a larger variety of protocol reassembly schemes.
New public parsers – These include ip1394, ipcp, ipv6cp, madcap, pppoE, soap, ssdp, winsrpl, as well as improvements in the previously shipped parsers.
Numerous Bug Fixes – We've taken your reported problems on the connect site and fixed many of the confirmed bugs.
Faster Parser Loading – We've significantly improved the time it takes to load the parsers. Now rebuilding takes a fraction of the time it used to.

For those of you who are huge Ethereal/Wireshark fans, you really should checkout NetMon as it's really shaping up to be a nice product. Plus you don't need to buy SMS to use it anymore

Shawn

Google Adsense vulnerable to CSRF (Stealing your Adsense account)

shawn@shawnbass.com — 4/5/2007 2:24:59 PM

I came across this blog post on Jungsonn Studio's blog the other day where they demonstrate how Google Adsense is vulnerable to a type of cross-site scripting attack that when the suspect javascript code is executed and you visit your Adsense account in another browser tab, they are able to switch your Adsense account over to them. Pretty interesting find, and it really makes you think about all the times that you authenticate into a variety of different sites within different browser tabs all the while having done lots of surfing of other pages (of which you don't know that you can trust). It's definitely something that all of the bloggers out there that use Google Adsense should be thinking about when they pop into their account from a browser tab

Shawn

Windows 2003 Server SP2 is a critical update and will begin to be forced on June 12, 2007 via Automatic Updates (there is an opt-out though)

shawn@shawnbass.com — 4/4/2007 4:04:00 PM

If you haven't had a chance to test 2003 SP2 AND you're configured to automatic updates, you may be interested in knowing that Microsoft has a fix that will allow your servers to bypass the forced install of 2003 SP2 that will begin on June 12th, 2007. If you're interested in using this opt-out, visit Microsoft's download site here for the download and instructions.

Shawn

The exact reason why you should not allow PST files on the network

shawn@shawnbass.com — 4/4/2007 3:29:56 PM

I've always known that you're not supposed to use PST files across the network (LAN or WAN), but up until recently I did not have the specific proof as to the magnitude of problems it can cause (outside of corruption in the PST). I was recently looking for this information to pass to a client of mine, and I came across a great blog article from the Server Performance Team at Microsoft. Turns out there's all sorts of issues from I/O deadlocking to paged pool depletion, etc. Head over their blog and view the article.

Shawn

Microsoft releases out of band patch (MS07-017) for Animated Cursor vulnerability

shawn@shawnbass.com — 4/3/2007 3:37:17 PM

MS07-017 is a re-release of an earlier patch against a vulnerability in Animated Cursors. Apparently when the code was created for the first fix, the rest of the code wasn't audited and another vulnerability was recently found. The patch can be found on Microsoft's website over here

This vulnerability affects all versions of Windows from 2000 through Vista, so you'll definitely want to patch this one. Also, there's at least 4-5 public exploits available for this one. You can be certain that it's being exploited in the wild.

Shawn

The Metasploit Project has officially released version 3.0 of the Framwork

shawn@shawnbass.com — 3/27/2007 11:50:37 AM

The Metasploit Project has just officially released version 3.0 of the framework on their website. 3.0 is a complete rewrite of the framwork and is written in Ruby. It currently contains 177 exploits, 104 payloads, 17 encoders, and 3 nop modules. It is a fantastic tool for penetration testing, and best of all -- it's completely free.

Read their blog entry on the new of the 3.0 release here

And get yourself a copy of Metasploit 3.0 over here

Enjoy!

Shawn