Vista SP2 and Server 2008 SP2 release date announced via TechNet moderator comment!

Vista SP2 and Server 2008 SP2 will be released on 26th May 2009 via Microsoft’s Download Centre and through Windows Update. Then on 30th June 2009 it will appear on automatic updates.

This info comes directly from TechNet – a moderator has responded to a request for info at the bottom of the SP2 Notable Changes page, found here: http://technet.microsoft.com/en-us/library/dd335036.aspx. In so doing he has officially revealed the release dates!

(Trackback to Mary-Jo Foley’s blog)

Download Orca for Vista

There’s a new version of Orca available (4.5.6001) that is suitable for Vista. You get it by downloading and installing the Windows Installer 4.5 SDK, available here (6.79 MB).

After the SDK is installed it will have delivered the installer for Orca into the program files folder (“%ProgramFiles%\Windows Installer 4.5\SDKTOOLS\orca.msi”). At this point you install it by double-clicking.
I recommend you archive the orca.msi file somewhere for the next time you need it.

Enjoy 🙂

Wildcard certificates, ISA 2006, and the Dreaded Network Logon Failed (1790) error

One of my favourite things here at UWE is managing our ISA 2006 system, and this week I got bogged down with development websites being requested left, right and centre. To top it off they wanted their sites to have certificates too, and ISA server insists that you use one IP address per certificate. I knew about wildcard certificates (*.domain.com) but not actually tried them on ISA before, so I thought I’d solve my dev-problem with one.

Following the handy guidelines from isaserver.org, which are for ISA 2004 but still relevant for 2006, I created one listener with a wildcard certificate and rules for all the sites. Apparently one of the new things in ISA 2006 is the ability to use the wildcard certificate on the IIS site as well as on the ISA listener, but we’ll come back to that 🙂

After configuring I found http access would get to all the site just fine, ok that’s good. However when I tried https access I was always getting this error: “The network logon failed. (1790)
Searching, I found a few people had seen this problem too but no-one seemed to have managed to solve it, save for a few. They chose to relax security and terminate SSL at the ISA server, and allowed the rules to connect back on port 80. That works but it’s not secure and I’ve seen link translation weirdness doing that in the past. So what’s the fix?

Well I found that if you put the wildcard certificate on the SITE as well as the listener, things start working. Just don’t ask me why! I think it’s probably an IIS thing, I’m just not sure. So don’t follow the guidelines ‘quite’ as explicitly and you’ll get there! And please let me know if this helps you or not, I’d love to know.

How to remove the “Click to Activate” annoyance in IE before April 2008

We all know and hate the click to activate functionality that Microsoft had to add to Internet Explorer, but the good news is that Microsoft are finally allowed to get rid of it. Problem is the lazy buggers won’t get the feature removed until the April 2008 cumulative update for IE.
However there is an interim solution! Yay! And here it is: KB947518

The alternative for Vista users of course is to install SP1, but then Microsoft hasn’t let everyone get that yet have they. Unless you know where to look…

Enjoy 🙂

Add Outlook 2007 Icon to the Desktop

Back in the old days of Office 2000 and XP microsoft used to automatically put the Outlook icon on the desktop, and you could right-click it to get to profile and account settings. A very handy feature. Now with Office 2003, 2007 they’ve given up doing that following their ‘clean desktop’ trend. I understand that, but sometimes I need users to be able to get to Outlook easily and to manage their profiles without having to go to control panel – if I even allow them to go there!

I had to search hard to find this one but I found it in the end. Here’s the key needed to add Outlook 2007 back to the desktop:

Open regedit and browse to:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace
Then add a new key (not a new value) with the following name:
{00020D75-0000-0000-C000-000000000046}

Then refresh your desktop and your Outlook icon will appear (or disappear if you deleted the key).
Here’s the code if you want to put it in a .reg file:

Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{00020D75-0000-0000-C000-000000000046}]

I can confirm this works on Windows 7 Pro x86. It does not seem to work on Enterprise edition.

ISA 2006 sites which use both http and https don’t redirect from HTTP to HTTPS correctly

Found this helpful article today: Link translation causes an endless loop when you use Web servers that redirect HTTP requests as HTTPS requests in ISA Server 2006

We weren’t getting the endless loop because we were redirecting from http://website/ to https://website/path1 but ISA was still being a real pain in the gluteous maximus and changing the redirection link to http.

Install Vista from a USB device

Today I had the need to install vista from a USB stick. I’ve been having to deal with horrid crappy slow HP tablet PC’s that refuse to boot from external usb cdrom drives, but they happily work from USB sticks.

Anyway, it turns out the way of getting vista onto a usb stick is really easy!
Check this blog entry out: http://kurtsh.spaces.live.com/blog/cns!DA410C7F7E038D!1665.entry

The method requires you to use diskpart to do a clean on your usb stick, make a primary partition and crucially make that partition active. You can then format it to fat32 and give it a drive letter. Last thing to do is then copy on the contents of the Vista dvd to the stick and you’re done! Wow!

You cannot connect to the SMS database or expand nodes in the SMS Administrator console tree when you run SMS in Windows XP SP2

KB 841619 – when you can’t connect to SMS from an mmc console on a desktop

Here’s one that pisses me off royally, and another one that Microsoft seem unable to prove exists. At least there’s an answer though… Basically the scenario is: you give delegated access to SMS for a helpdesk user so they can provide remote assistance and diagnostics to users. You install the SMS console on their machine and when you connect and try to view the collections the egg-timer pops up, and you wait, and you wait, and then you get no collections! Zip, Nadda. Not a sausage. Eh!?

Well it seems to be caused by one things – XP Service Pack 2. The answer? Relax your security. Well done Microsoft…

Here’s the short of what to do to get around the problem:
1. Make sure the delegated user’s firewall is either off (if your in an Enterprise it probably will be off anyway) or make sure that tcp port 135 is open for your network, and %windir%system32wbemunsecapp.exe is added to the allowed applications list.
2. Run up dcomcnfg.exe, browse to “My Computer” in the console, choose properties of My Computer and choose the COM Security pane, and in the Access Permissions box click “Edit Limits…” and allow ANONYMOUS LOGON the Remote Access permission.
3. Now restart.

That should fix the issue. If it doesn’t then the user probably doesn’t have the right permissions in SMS, or the settings haven’t taken properly on the machine.
If you’re sure those settings taken then check that the user is a member of any groups that are in the “Distributed COM Users” local group on your SMS server/s.

SMS Client Health Collections Structure by Rick Jones

Here’s some info from Rick Jones explaining how to make some custom collections in SMS which let you find out EXACTLY what machines have got the SMS client installed. Anyone who uses SMS with thousands of machines will understand why this is handy!
Really really usesful this one. All praise Rick Jones! I wish I’d found this sooner.

http://myitforum.com/cs2/blogs/rjones/archive/2007/06/07/sms-client-health-structure.aspx