New Laptop: Windows 8 Hyper-V Platform breaks OEM Pre-activation

I have been looking forward to getting a new laptop for some time. I dithered over whether to get a Microsoft Surface, but decided that ACS Solutions is basically a development shop, and I need more power. The surface RT is OK for a bit of Office, except it’s useless until we have Outlook 2013 RT. I hear it’s coming in 8.1, so I may still get one, especially since the recent price drop.

The Surface Pro is super-expensive, has taken ages to make it to the UK and is only just adequate for running Visual Studio, and will really struggle if it has to run SQL Server, Progress OpenEdge (euch!), IIS 7.5, etc. And the battery life is not quite there yet. I suspect a Surface Pro 2 with Haswell and at least 256GB SSD and 8GB RAM would sway me.

That said, I bought an intriguing machine: a 12” ultrabook, with carbon fibre shell, 256GB SSD, 3rd-gen Core-i7 (Ultra low power – so only dual core), 8 GB RAM, Full HD 400 nit touchscreen display (Corning Gorilla Glass), that converts to a (clunky) tablet: the Dell XPS 12. So far I love it. The backlit keyboard is nice to use, although I still can’t touch type. The lack of ports can be compensated for: I carry a USB3 to Gigabit Ethernet dongle, a USB to Serial dongle and a Mini-DisplayPort to DP/HDMI/DVI-D. They’re flogging them off in spades in the Dell Outlet at around half the retail price, so I paid under £600+VAT, which I think is OK. The Haswell-powered version has already been announced, hence I suspect they’re shifting the old stock. I get 4-5 hours battery life, which is OK, and unlike the Surface where everything is glued together, they’re replaceable, so it’s all good.

Anyway, the technical point is this, Windows 8 finds it’s product key in the BIOS. A tool like Read & Write – see http://rweverything.phpnet.us/ – can dig out the MSDM record from the BIOS. This is what mine looked like:

Signature “MSDM”
Length 0x00000055 (85)
Revision 0x03 (3)
Checksum 0x4B (75)
OEM ID “DELL “
OEM Table ID “CL09 “
OEM Revision 0x00000001 (1)
Creator ID “ASL “
Creator Revision 0x00040000 (262144)
Version 0x00000001 (1)
Reserved 0x00000000 (0)
Data Type 0x00000001 (1)
Data Reserved 0x00000000 (0)
Data Length 0x0000001D (29)
Data XXXXX-XXXXX-XXXXX-XXXXX-XXXXX

…where the X’s are Dell’s OEM Pre-Activation volume licence key.

The software detects the MSDM record, and also information about the machine that qualifies for that key, so you can’t just copy it. I think some of that is in the DSDT (Differentiated System Description Table) record, but I’m not sure.

Anyway, it all went wrong when I installed the Hyper-V role from “Turn Windows Features on or off”

Windows Features Dialog

This installs the Hyper-V server bits, but that means that even the “Host” OS (i.e. Windows 8) is actually a guest of the Hypervisor. And that means it has a different hardware footprint. And that means Windows 8 no longer likes the activation, and won’t re-activate, because it thinks the hardware have been tampered with:

Event Viewer, Application Event Log, Security-SPP, Warnings:

Some data has been reset. 0x00000000 [1].
Some data has been reset. 0x00000000 [2].
The system has been tampered. 0xC004D317
Installation of the Proof of Purchase from the ACPI table failed. Error code: 0xC004F025

Predictably, turning the “Hyper-V Platform” off re-enables the automatic activation.

As ACS Solutions is a fully paid up Microsoft Solution Provider, we have access to a reasonable number of in-house licences of Windows 8 Enterprise which don’t rely on OEM Pre Activated product keys in the BIOS. Unfortunately, the built-in upgrade feature doesn’t like our product key, so for now I won’t be using Hyper-V on this machine, but if this was a hoofing great desktop I’d bought from Dell (or any other manufacturer for that matter) with OEM PreActivation, I’d be seriously narked about this.

Posted in Uncategorized | Leave a comment

KB2817468 causes Outlook 2013 to crash when viewing Domain Secured emails (TLS Mutual Auth – “Green tick”)

We use Domain-Secured Emails to clients companies – a.k.a Mutual Auth TLS. It gives you a green tick mark next to the email in Outlook in list view:

image

And in the email itself:

image

Which, when clicked, shows you this:

image

However, when KB2817468 is installed, Outlook 2013 (x86 on Windows 8 x64, at least) crashes when you try to view one of these emails, whether in preview mode or in a separate window.

The crash looks like this in the Event Viewer in the Application Event Log:

Faulting application name: OUTLOOK.EXE, version: 15.0.4517.1003, time stamp: 0x51a75237
Faulting module name: OUTLOOK.EXE, version: 15.0.4517.1003, time stamp: 0x51a75237
Exception code: 0xc0000005
Fault offset: 0x00000000003bd396
Faulting process ID: 0x14b4
Faulting application start time: 0x01ce7f1c384e7dd5
Faulting application path: C:\Program Files\Microsoft Office\Office15\OUTLOOK.EXE
Faulting module path: C:\Program Files\Microsoft Office\Office15\OUTLOOK.EXE
Report ID: 7ac2edf4-eb0f-11e2-bec4-80ee7316dfe5
Faulting package full name:
Faulting package-relative application ID:

followed by a dump from Windows Error Reporting:

Fault bucket 117878238, type 4
Event Name: APPCRASH
Response: Not available
Cab Id: 0

Problem signature:
P1: OUTLOOK.EXE
P2: 15.0.4517.1003
P3: 51a75237
P4: OUTLOOK.EXE
P5: 15.0.4517.1003
P6: 51a75237
P7: c0000005
P8: 00000000003bd396
P9:
P10:

So, the solution is to remove KB2817468 and wait for Microsoft to fix it. Good luck with that.

Note that in the Uninstall list in control panel may show three or four instances of this KB – I removed them all.

Posted in Systems | Tagged | Leave a comment

SQL Server – How big are my tables?

Code Snippet
create table #t
(
    name sysname primary key clustered,
    rows bigint,
    reserved sysname,
    data sysname,
    index_size sysname,
    unused sysname
);

exec sp_MSforeachtable 'insert into #t exec sp_spaceused ''?''';

select
    name,
    rows,
    convert( bigint, replace( reserved, ' kb', '' ) ) / 1024 as [reserved MB],
    convert( bigint, replace( data, ' kb', '' ) ) / 1024 as [data MB],
    convert( bigint, replace( index_size, ' kb', '' ) ) / 1024 as [index MB],
    convert( bigint, replace( unused, ' kb', '' ) ) / 1024 as [unused MB]
from
    #t
order by
    3 desc;

drop table #t;

Posted in SQL Server | Tagged | Leave a comment

which

unix has a which command to tell you the path of the executable file which is first found on the path and which will get executed when you type the command without an explicit path.

The simplest use can be aped really easily in the Windows command interpreter. Just create a batch file called which.cmd and bung it on the path, e.g. in C:\Windows (well, %SystemRoot% for purists):

@echo off
for %%i in (%1) do echo %%~$path:i

So now, from a command prompt, you can find which (if any) of those pesky command-line tools is going to run:

C:\>which xsd.exe
C:\Program Files (x86)\Microsoft SDKs\Windows\v8.0A\bin\NETFX 4.0 Tools\xsd.exe

C:\>

Yay!

Posted in Uncategorized | Leave a comment

Windows 2003 is old hat

In Windows 2008+, setting a different SSL certificates for each IP:Port binding is point and click, so for an exchange server where the internal and external names (and therefore required certificates) differ:

image

It is easy to select the correct certificate for each binding:

image

[Note that if you want to use the same IP:Port for multiple SSL sites by using host headers, you can in Windows 2008+, but it’s back to the command line.]

In Windows 2003, it’s a bit fiddlier:

C:\Scripts>httpcfg query ssl
    IP                      : 192.168.100.10:443
    Hash                    : c1f2b0f6fbd1c115f79535ea6c503b14dbd64416
    Guid                    : {4dc3e181-e14b-4a21-b022-59fc669b0914}
    CertStoreName           : MY
    CertCheckMode           : 0
    RevocationFreshnessTime : 0
    UrlRetrievalTimeout     : 0
    SslCtlIdentifier        :
    SslCtlStoreName         :
    Flags                   : 0
——————————————————————————
    IP                      : 192.168.100.34:443
    Hash                    : c1f2b0f6fbd1c115f79535ea6c503b14dbd64416
    Guid                    : {4dc3e181-e14b-4a21-b022-59fc669b0914}
    CertStoreName           : MY
    CertCheckMode           : 0
    RevocationFreshnessTime : 0
    UrlRetrievalTimeout     : 0
    SslCtlIdentifier        :
    SslCtlStoreName         :
    Flags                   : 0
——————————————————————————

This shows the same certificate bound to two different IP addresses. You need to delete one before you can add it again, otherwise you’ll get the following fail message:

HttpSetServiceConfiguration completed with 183.

Here we go:

C:\Scripts>httpcfg delete ssl -i 192.168.100.10:443
HttpDeleteServiceConfiguration completed with 0.

Now we can put it back with the correct certificate, but first you need the Thumbprint. You can get this by looking at the certificate in the filesystem by clicking on the .cer file or in the Certificates MMC console

image

or from Powershell for Exchange on an Exchange Server 2007+ server:

[PS] C:\Documents and Settings\Administrator>Get-ExchangeCertificate

Thumbprint                                Services   Subject
———-                                ——–   ——-
3972B12B864B4DF7C627609A184DF1B3884E09BA  IP…      CN=dc1
E837A8E0148D778744B06F2CC4B6157D37C19B8E  IP..S      CN=dc1.acs-solutions.local
C1F2B0F6FBD1C115F79535EA6C503B14DBD64416  …WS      CN=*.acs-solutions.co.uk, OU=Domain Control Validated – RapidSSL(R), OU=
648AB8210EDC23793E0ECE63731E6AB86C207603  …..      CN=ACSRootCA, DC=acs-solutions, DC=local

So, now we have the Thumbprint, configure the Certificate of choice onto the IP Address:Port:

C:\Scripts>httpcfg set ssl -i 192.168.100.10:443 –h 3972B12B864B4DF7C627609A184DF1B3884E09BA -g “{4dc3e181-e14b-4a21-b02259fc669b0914}” -c MY
HttpSetServiceConfiguration completed with 0.

And finally check the result:

C:\Scripts>httpcfg query ssl
    IP                      : 192.168.100.10:443
    Hash                    : 3972b12b864b4df7c627609a184df1b3884e 9ba
    Guid                    : {4dc3e181-e14b-4a21-b022-59fc669b0914}
    CertStoreName           : MY
    CertCheckMode           : 0
    RevocationFreshnessTime : 0
    UrlRetrievalTimeout     : 0
    SslCtlIdentifier        : (null)
    SslCtlStoreName         : (null)
    Flags                   : 0
——————————————————————————
    IP                      : 192.168.100.34:443
    Hash                    : c1f2b0f6fbd1c115f79535ea6c503b14dbd64416
    Guid                    : {4dc3e181-e14b-4a21-b022-59fc669b0914}
    CertStoreName           : MY
    CertCheckMode           : 0
    RevocationFreshnessTime : 0
    UrlRetrievalTimeout     : 0
    SslCtlIdentifier        :
    SslCtlStoreName         :
    Flags                   : 0
——————————————————————————

Hope that helps.

Posted in Uncategorized | Leave a comment

A little Active Directory DNS Server Magic

By default, Windows DNS servers register a static A record for every IP address that the DNS server service is bound to.

If you have a multi-homed AD Server which is also a DNS server (as they often are), you’re fine as long as there’s no routing involved in your local network. The netmask ordering feature magically gives the correct IP address out to clients depending on the LAN segment they’re attached to. But if you also have routing, that breaks the netmask ordering, and clients just get round-robin randomised IPs. If they have routes to both IP’s fine. In the more common case, they don’t (after all, why else did you segregate your network and multi-home your DC/DNS server).

REGEDIT to the rescue:

See http://support.microsoft.com/kb/246804:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters\PublishAddresses

Data type: REG_SZ
Range: IP address [IP address]
Default value: blank

This value specifies the IP addresses that you want to publish for the computer. The DNS server creates A resource records only for the addresses in this list. If this entry does not appear in the registry, or if its value is blank, the DNS server creates an A resource record for each of the computer’s IP addresses.

This entry is designed for computers that have multiple IP addresses. With this entry, you can publish only a subset of the available addresses. Typically, this entry is used to prevent the DNS server from returning a private network address in response to a query when the computer has a corporate network address.

DNS reads its registry entries only when it starts. You can change entries while the DNS server is running by using the DNS console. If you change entries by editing the registry, the changes are not effective until you restart the DNS server.

The DNS server does not add this entry to the registry. You can add it by editing the registry or by using a program that edits the registry.

Thank you Microsoft. No really, a GUI would be nice, but thanks anyway.

Posted in Uncategorized | Leave a comment

SSL Wildcard Certificate enables Host Headers on SSL in IIS7

But not with the GUI… Sad smile

Here’s an example:

C:\Windows\System32\inetsrv>appcmd.exe list site
SITE "Default Web Site" (id:1,bindings:http/*:80:,state:Started)
SITE "borrowers" (id:2,bindings:http/109.235.146.120:80:borrowers.fasttrac.co.uk,https/109.235.146.120:443:borrowers.fasttrac.co.uk,state:Started)
SITE "lenders" (id:3,bindings:http/109.235.146.120:80:lenders.fasttrac.co.uk,https/109.235.146.120:443:lenders.fasttrac.co.uk,state:Started)

In order to get the host header bindings you need this arcane syntax for each website:

C:\Windows\System32\inetsrv>appcmd.exe set site /site.name:"borrowers" /+bindings.[protocol='https',bindingInformation='109.235.146.120:443:borrowers.fasttrac.co.uk']
SITE object "borrowers" changed

And in order to remove the existing https bindings:

C:\Windows\System32\inetsrv>appcmd.exe set site /site.name:"borrowers" /-bindings.[protocol='https',bindingInformation='109.235.146.120:443:']
SITE object "borrowers" changed

If you had previously bound to any IP (not a static one), the substitute ‘*:443:’ instead of ‘<ip address>:443:’

Check it all again with appcmd list site.

Impossible to remember, but easy to do…

Posted in Systems | Tagged | 1 Comment