April 2007 - Posts
This has been plaguing me for a while, but it hasn't ever been a show stopper until this past week. I have a site that uses Integrated Windows Authentication and it works just fine remotely, however if I try to hit the site locally the login always fails. When I look in the Event Viewer Security logs they are always clean. (yes I have auditing on) I tried giving everyone full control and that didn't fix it. As a matter of fact I tried so many different things I forget what I did try. Finally I IM'd Scott Forsyth to see if he could give me a hand. He knew immediately what it was and was able to give me a link to fix the problem.
It turns out that the problem was caused by installing SP1 on Server 2003 or SP2 on XP. The service packs install a loopback check security feature to help prevent reflection attacks on your computer. Here is the link to the solution: http://support.microsoft.com/default.aspx?scid=kb;en-us;896861
Warning Serious problems might occur if you modify the registry
incorrectly by using Registry Editor or by using another method. These
problems might require that you reinstall your operating system.
Microsoft cannot guarantee that these problems can be solved. Modify
the registry at your own risk.
Method 1: Disable the loopback check
Follow these steps:
| 1. | Click Start, click Run, type regedit, and then click OK. |
| 2. | In Registry Editor, locate and then click the following registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa |
| 3. | Right-click Lsa, point to New, and then click DWORD Value. |
| 4. | Type DisableLoopbackCheck, and then press ENTER. |
| 5. | Right-click DisableLoopbackCheck, and then click Modify. |
| 6. | In the Value data box, type 1, and then click OK. |
| 7. | Quit Registry Editor, and then restart your computer. |
Method 2: Specify host names
To
specify the host names that are mapped to the loopback address and can
connect to Web sites on your computer, follow these steps:
| 1. | Click Start, click Run, type regedit, and then click OK. |
| 2. | In Registry Editor, locate and then click the following registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0 |
| 3. | Right-click MSV1_0, point to New, and then click Multi-String Value. |
| 4. | Type BackConnectionHostNames, and then press ENTER. |
| 5. | Right-click BackConnectionHostNames, and then click Modify. |
| 6. | In the Value data box, type the host name or the host names for the sites that are on the local computer, and then click OK. |
| 7. | Quit Registry Editor, and then restart the IISAdmin service. |
If you do Method 1 you do not have to reboot your machine and it takes effect immediately.
Many thanks to Scott for showing me the solution to this irritating problem.
Tonight I was asked to "not redirect" one folder on an entire site that is being redirected. Initially I was really scratching my head on this one. I tried making the folder its own app and pointing it at the orginal folder, but this didn't work. IIS kept overwriting my changes. Eventually I looked back at the IIS redirection variables and I saw the "!" (without quotes) redirection wildcard. I then put in the orginal url and appended it with the "!".
For example: The new site is named new.example.com and the old site was old.example.com.
At the root site I have a redirect in place pointing old.example.com to new.example.com and checking ""the exact URL entered above" and "a permanent redirection for this resource"
In the subfolder I had it redirect to: http://old.example.com/subfolder !
Well, that didn't work either. So I kept digging and found this link http://tinyurl.com/z8nuf in TechNet. To make it simple my redirect didn't need to have a URL in it at all, but rather these three characters "*;!" (without quotes). After I did that I was able to navigate to http://old.example.com/subfolder, but anything else redirected me to http://new.example.com. The great thing about this is that it can be used to "not" redirect folders or files.
Thanks MS for the Redirect Reference.
Today I spent my day upgrading sites to CS 2007 RTM. I upgraded this site, another Telligenti's blog and our company intranet. I have to say of all of them the intranet was the only one that gave me any kind of an issue. Our intranet was still running CS 2.0 and when I ran the SQL upgrade scripts there were some errors. I asked our dev team to take a look and Kevin came to take a look with me. Together we scratched our heads as I had done the steps to upgrade the DB correctly. Then we went through the SQL errors and it looked like there was a 2.0 patch missing. We opened up the database and looked at the cs_SchemaVersion table. The site was missing patch 2.0.52, so the 2.1 patches wouldn't install. We added a row to the database to make it think the 2.0.52 patch had been installed. At that point we were able to run the 2.1 to 3.0 SQL upgrade script. After that the site was running CS 2007 just fine.
As a side note I really like the new color scheme of CS 2007, and I like that it flows through to the Control Panel. The color gradients really add a nice touch. Great job guys!!!
Today I learned a nifty new thing. One of our clients is trying to serve a FireFox extension from their site. In order to do this we had to add a new MIME type to IIS (.xpi = application/x-xpinstall). Now when they were testing in FireFox by clicking the download link it would open a new tab that was blank and stop there. If they opened the download link in IE it would run correctly and start the download approval process. Well, if IIS is serving the download to IE then it should be serving it to FireFox, so I didn't think IIS was the culprit. One thing I noticed was that the download wasn't signed when I saved it using IE. One site on FireFox info
Rietta said that if the app isn't signed then there will be a pause before downloading to let you know the app wasn't signed. This got me thinking. I clicked on the download again and this time I waited, and waited and waited some more. Well it didn't download. Hmmmm I thought what about the FireFox security settings? I looked at tools\options\security and I unchecked the "Warn me when sites try to install ad-ons". I shutdown FireFox and restarted it. I hit the download and this time it worked. So lesson learned, if you are trying to serve FireFox extensions that use .xpi you need to have your MIME type setup on the server and you should have your extension signed. (or your security turned off
)
I recently added a Dell 5110CN color laser printer to our network using a print server. Now normally this is not a big achievement, but we have been using Dell 1600 multipurpose printers and let me tell you, you should not use those with a print server. They are fine until someone tries to print from their browser. The 1600's would lock up every time and not allow any more jobs through.
Back to topic.
I installed the 5110CN and connected to it from my local machine via the print server. I tried and succeeded in printing an email and a web page from my browser. WOOO I was excited. This might be the solution to my problem with network printing. Then I found the BIG problem. I tried to open a Word doc in Word 2007. Word 2007 kept crashing. Well, this isn't very good. I selected a different printer as my default and I was able to open the Word doc again. Hmmm well that means it is the printer driver. I went to Dell's site and downloaded the Vista driver for the 5110CN and installed the printer locally on my machine. This time it worked like a charm. Next, I went into the properties of the printer on the print server and on the Advanced tab I added the Vista driver. It didn't specifically call out that it was for Vista while loading, but I installed anyway. I then deleted the networked printer on my machine and reinstalled using the administrator account (right click in blank area of the Printers page and select Run as Administrator\ Add Printer) When I reinstalled this time it asked me to verify the driver installation. This time the after installing the printer I was able to open Word 2007 with no problem. So I'm not sure if the solution was having the print drivers installed locally or having them installed on the print server, but either way it works now.
Have a great weekend.
It is 2:22am and the Stars are halfway through the fourth overtime of the first game of the playoffs. Come-on guys win this thing.
GO STARS!!!
Well, they lost just a few minutes after I posted this. Darn. Next game tomorrow night.
Ok, so I didn't get a chance to play with the Blackberry server today but tonight I did learn how to add ads to my blog. The first thing I did was go to Google and sign up for Google AdSense. Then once it processed I went through the setup process and set the look of the ads to follow the color scheme of my blog. You can get the color scheme from Global Settings\Change How My Blog Looks. Once I did that Google provides the code needed to add the ad to the site.
As I've said before, I'm not a developer, but I know a few and I'm not afraid to use them. I IM'd a couple and got the info to open up the theme.Master file inside web\themes\blog\paperclip. Once I determined where I wanted the ads to be placed on my site it was a simple matter of copy and paste the code from Google into the theme.Master file and one save later, TADA, I have ads on my blog.
Thanks to Ado and Ben for the pointers.
Yesterday and today I focused on setting up and testing a Blackberry Enterprise Small Business Server. I have to say that I was originally not happy with the price of the Blackberry Enterprise server ($3000 for 5 users), but then they released the SBS version ($1100 for 5 users). I was willing to jump on board for that price but when I called Blackberry to get it set up I found out even better news. Since we had recently purchased a new Blackberry device (within 30 days) we were eligable for a free 1 user license of the SBS server. We would only have to purchase a 5 user license pack ($490) to get our other devices working. Talk about excited, this went from $3000 to less than $500 to get our small but loyal Blackberry crowd taken care of.
About the installation and setup. Yesterday I spent most of the day setting up the prerequisite accounts and installing the prerequisite software before even installing the SBS server. I know this sounds like a DUH, but follow the directions that are in the docs folder of the Blackberry software and you'll make it through painlessly. This morning I borrowed Rob's old Blackberry and called T-Mobile to have my current account setup with Blackberry access temporarily. I have to say I was impressed with T-Mobile. I was told they would turn it on for as long as I wanted and I could call to turn it off and I would only be charged a prorated fee for the time used. I was expecting to have to sign up for a month minimum and potentially a longer contract, but they made it very easy. I took the SIM card from my phone and put it in the Blackberry and pretty soon it was up and running. At this point I needed to get the Enterprise activation working, but I couldn't find it. Between looking it up on the internet and asking Ado I was able to "find" the hidden controls and get to the Options menu. (There is a button on the left hand side of the keyboard that they call an "alt" button, but Ado and I decided looks like a StarTrek symbol. Press this button and hold then press the wheel and all the hidden icons will show up.) On the server I created a user account and had it send the password via email to the Exchange server account. I ran the Enterprise activation and the device was up and running in no time.
I'm really impressed with the capabilities of the Blackberry Enterprise server. Today I was able to get the device up, running and receiving emails including emails with attachments (docs, txt, images, xls), all in a few hours. The server allows software to be pushed out to the devices, devices to be locked remotely and devices to be wiped clean and disabled. Tomorrow I am planning on trying out the software push feature. I'll let you know how that goes.
As you might or might not have noticed the timestamps of some of my posts have been a little odd. I learned today that there are two places in the control panel that I need to set my timezone. I knew about the setting under administration\settings\ date/time settings. I didn't remember that I had to set my timezone in my individual profile. DOH!!! I'm used to setting that for other sites, like communityserver.org but i never even thought about it here in my single blog instance. And it wasn't a problem, except that my post times where VERY wanky. Today I posted at lunch and it showed a time of tomorrow. Now that threw me and caused me to look into it. I called on my trusty sidekick and CS support guru
Rick and he refreshed my memory about the two places to set timezones. Thanks Rick for showing me the error of my ways.
Yesterday I got an email about a client having problems connecting to their CS FTP gateway. The first thing I do to troubleshoot the FTP gateway is recycle the FTP service. One thing about the FTP gateway is that if the connection to it is not disconnected properly, i.e. if you close your FTP client before disconnecting from the server, then the server will leave that connection open for about 20 minutes. This can cause issues when there are only 5 licenses for clients to connect. Once I had the service recycled I connected to the FTP with our administrative testing account. I was able to connect right away, but I wasn't able to see the listed contents of the directory. I changed my FTP client (Filezilla) to use passive mode and I was able to connect and list the contents of the directories. I then tried to upload a blank text file to the root directory and it failed to upload. I looked in the CS FTP log and it showed "access denied". Well thanks to Ken I now have an abundance of answers as to why my upload didn't work.
The first reason is that CS won't upload blank files, so you have to at least put some data in the file.
The second reason is that CS won't upload .txt files. Just create a text file, add content to it and then change the extension to .pdf. Cs will then allow it to upload.
The third reason for the upload problem was the location that I was trying to upload to. Let me explain. As far as CS is concerned the FTP root directory is a virtual directory. Files that are being uploaded must belong to a CS Folder. Basically what that means is that in CS File Groups are created in either the Files or Photos sections. Under the File Group we create a Folder. This folder is the location where we have to upload the files.
Example:
In Photos I create a File Group named "Vacation Pics". Then under "Vacation Pics" I create a folder named "Summer 2007". If I wanted to upload pictures to this folder the directory path in the FTP gateway would be this: photos\vacation pics\summer 2007. If you attempt to upload the pictures at the root, photo or vacation pics levels then the upload will fail because the photos are not being placed in a CS folder.
Well, I hope this helps someone else, cause I sure learned something from it.
More Posts
Next page »