Sunday, 17 August 2008 12:15 AM

Can't install ISA Server if your username contains a hash (#)

This is one of the stranger issues I've had to troubleshoot. Customer decided they were going to identify their administrative users with a # symbol (which I shall call a hash, rather than repeatedly trying to type octothorpe without laughing out loud).

Here's what happens if your administrative user happens to be called "#djr".

  1. Run Setup.
  2. Install your desired selection of components, include Enhanced Logging (this is where the issue lies).
  3. Core Components installs successfully



  4. Error:



  5. Try again. Same error.
  6. Reboot, try again. Same error.
  7. Search Google for the error. Nothing.
  8. Scratch head
  9. Notice that the hash in the username has been replaced with the folder path to which SQL binaries will be installed.

So it seems that the ISA installer uses the hash internally as a placeholder for something, and the use in the username causes it some confusion.

Renamed the account, installed without error straight away.

Posted by davidr with no comments
Filed under: ,
Wednesday, 13 August 2008 11:24 PM

Certificates: The request contains no Certificate Template

But that doesn't stop us.

My previous series of posts on configuring a CA hierarchy led my friends and colleagues to believe I might know a thing or two about running one - so I end up issuing certificates to them. The most recent request came from a web server where a friend was playing with an iPhone and ActiveSync. Yes, this is an IIS Web Server. I'm submitting it to my Enterprise CA.

I load up the Certification Authority console, and attempt to submit the request - no dice. Lo and behold, Microsoft KB 910249 came and bit me.

Certificate Request Processor

The request contains no certificate template information. 0x80094801 (-2146875391)
Denied by Policy Module 0x80094801, the request does not contain a certificate template extension or the Certificate Template request attribute.

Microsoft's resolution: Generate the request some other way.

Stuff that.

Dave's solution:

certreq -submit -attrib "CertificateTemplate: WebServer" WebServerCertReq.txt

The key is the extra attribute we add to force use of the template. The certificate is issued and we can go and import it to the web server.

Posted by davidr with 1 comment(s)
Filed under: , ,
Monday, 7 January 2008 9:27 AM

Q: When is a fixed-width font not a fixed-width font?

A: When it's used in Word 2007.

I so wish I was kidding. But apparently the Microsoft Office team have completely lost the plot.

Part of my job is preparing documentation for clients. And part of that documentation is invariably source code or its equivalent (eg configuration files). Most programmers understand the need for layout when displaying, editing and debugging source code (I'll grant that there are some out there who think, "It was hard to write so it should be hard to understand", but they're the minority).

Here's some text in Notepad (not the text that caused me to spot the problem, so no comments on my leet source code management skillz please):

Notepad Fixed-Width Screenshot

Here's the same text in Word, as a copy + paste as unformatted text:

Word Fixed-Width Screenshot

Note that the text lines up perfectly in Notepad but is screwed up in Word (I've added a 1px red line to help illustrate the difference). Funnily enough the difference in layout varies according to font size (sometimes the centre rows are shorter than the top and bottom rows, sometimes longer).

So could someone please explain to me why Word 2007 now kerns a fixed-width font? Who signed off on that idiocy? And does anyone know how to stop it "helping"?

Posted by davidr with no comments
Filed under: ,
Monday, 10 December 2007 11:40 PM

BuildToBuildUpgrade? What's that?

Exchange 2007 SP1 has been released (and there are dozens of reviews, tips etc).

Now, I know Exchange 2007 is a huge, complex product ... but every single SCC cluster I've built has had the same issue updating to SP1.

The official Microsoft documentation is pretty clear. You move everything to one node, update the other with setup /m:upgrade, stop the CMS, move it to the updated node, and upgrade the CMS with setup /upgradecms. What could be easier?

Except that every single time I've done this, virtual or physical, single or multiple nodes; every damn time I get the same failure to upgrade the CMS.

Setup previously failed while performing the action "Install".  You cannot resume setup by performing the action "BuildToBuildUpgrade".

Wait ... the mailbox installation worked just fine! No errors at all. No warnings. But your clustered Exchange server is offline and there's nothing in the release notes or the MS doco to tell you what's wrong.

There are several pieces of guidance that suggest removing the Action and Watermark values from the registry works; it sure did for me. Check for values in:

HKLM \ SOFTWARE \ Microsoft \ Exchange \ v8.0 \ *Role

I had values in "ClusteredMailboxRole" but I've seen plenty of reports that values can also be present in the MailboxRole key. I also had to run setup /upgradecms twice, because in my case Exchange failed to flush the logs to disk even though I used the Exchange Command Shell to stop the CMS. Nasty (nearly lost a database).

Posted by davidr with no comments
Filed under: ,
Friday, 23 November 2007 2:13 PM

Disk arrays for normal PCs

I'm surprised no-one has come up with a product for this yet.

Imagine your favourite 3.5" desktop hard disk. It's about 100mm wide, about 145mm long and about 26mm high. Normally the length isn't too much of a drama, in your average desktop PC (ignore the use of 3.5" drives in servers and hot-swap bays for the moment).

Now imagine your normal laptop drive. It's smaller in every dimension (just 70mm wide, 100mm long and 10mm tall. At those sorts of sizes you could easily fit two laptop drives inside the same space used by the 3.5" drive.

You'd even have about 40mm of free space at the "back" of the drive (or 10mm under it!) for some circuitry

All this is building up to a concept. It's a 2 drive mirror set (RAID 1) using a pair of laptop drives (which are up to 250GB nowadays) and a small onboard controller that does RAID 1 (and probably ONLY RAID1) in hardware. Maybe there's a jumper on it to make it a RAID 0 set for speed instead, but for my thoughts it's RAID 1 only. On the back of this funky drive is a single SATA connector for data and a SATA power connector (laptop drives use lots less power than desktop, so a single connector will provide more than enough power).

Why?

Because I'm sick of disk failures. I want the PC I build for my mother to not need RAID drivers, multiple cables, multiple disks etc. But I do want to be able to recover from a drive failure without manual rebuilds, restoring backups or user pain.

It should use less power, overall, than a desktop drive (less heat). It should have great read performance, but the write performance will suffer a bit (64MB of cache on the controller would help here though). And when a disk fails, you don't lose your data.

Hmm.

How about putting 6 laptop drives in a DVD drive bay? A DVD drive is 145mm wide (just more than twice the laptop disk), and 40mm high (easily space for 3 layers of disks, with room for boards, eject levers etc). Make it do either a 6 disk RAID 10 set (huge performance gains) or a 5 disk RAID 5 set (which theoretically will be very efficient). That's a 750GB RAID 10 drive, so lose a disk and it still works FAST; or a 1 TB RAID 5 disk with a slot for a spare, and way more performance than a single 7200rpm desktop drive.


I'd pay the premium ...

Posted by davidr with no comments
Filed under: ,
More Posts Next page »