Browse by Tags

Tagged Content List
  • Blog Post: A New Twist on Initial Delay in SSL Session Setup

    A while back I posted about troubleshooting a problem where a customer had seen a home grown application was not working as expected. The app was designed to run in a web site which the user would connect to from Internet Explorer on a client. The HTTP connection was secured by SSL. The problem...
  • Blog Post: What Would Microsoft Support Do?

    To start the new year off right I have an article that is a must read if you IT administrator and using Microsoft products.  It’s in the January edition of Windows IT Pro magazine, in their “What Would Microsoft Support Do?” column.  You can read it from this link . Happy New Year folks!
  • Blog Post: Question about AD authentication, Put In Context

    Occasionally I am contacted with specific questions or topics people would like to hear more about. This post is a reply to one of those. Here’s the question: My question is what are the impact when I change the logon workstation property of a user account in AD. Obviously, that user account cannot...
  • Blog Post: Scary Sounding Errors

    We have a temporary role in CSS where support folks will help out in supporting prerelease (also known as beta) software.   I’ve worked a couple of Windows betas, and it’s a great experience.   I mention this since I remember a few years ago during the beta of a prior Windows release...
  • Blog Post: Enough With The Delays Already!

    A while back I got involved in an issue where a company had written an application for their own internal use. This application was intended to connect to a web page served out by IIS and then proceed with some other action. They wisely chose to make sure that the initial connections it used were secure...
  • Blog Post: Vista Networking, An Issue With a Limited View

    Every few years we release a new operating system and, no matter how much testing, training and documentation we have, some unexpected behaviors occur. We at Microsoft spend a lot of effort to try and prevent problems from occurring in our products at all, but if they do occur we focus on figuring out...
  • Blog Post: Downgrade "Attack"? A little more info

    I decided that we needed some more detail and to give a walk through scenario on this downgrade attack deal I mentioned a while back in a blog post . As a recap, a customer called in after noticing the events below appearing intermittently but repeatedly-and always in the sequence of one after the other...
  • Blog Post: DCs and Network Address Translation

    A lot of planning goes into the features and capabilities of each Windows release. Over the years I’ve noticed that there is not a great deal of awareness out in the general public for just how much work and labor goes into a new version of Windows. We’ll most often hear someone say something...
  • Blog Post: Why! Won't! PAC! Validation! Turn! Off!

    A while back I wrote a blog post regarding PAC (Privilege Attribute Certificate) validation in Microsoft Kerberos. We’ve had enough interest in this lately, particularly around the idea of disabling it, that it seemed like a good idea to post about this again and add some more detail. The reason for...
  • Blog Post: Soliloquy for AD Logon

    Some readers may scoff a little when I talk about how under appreciated the whole Active Directory scheme is. Not schem a but scheme. I’m talking about the entire client and server interaction and how they work together to provide all of the distributed services that make up Active Directory and user...
  • Blog Post: When Smartcard Logon Doesn't

    Authentication is entering every facet of our lives nowadays. It is common to have multiple passwords: passwords for work, home email, and Internet websites to name a few. It’s easy to have a lot of different passwords, and equally easy to use only one and risk a widespread identity breach. Passwords...
  • Blog Post: Server 2008 and Windows Vista: Encryption Better Together

    A while back I did a blog post about some problems that were seen with people testing Windows Vista and then “rolling back” to Windows XP and some problems that could be seen when using the same computer object (also known as account ) in AD. If you didn’t get a chance to read it here’s the post . ...
  • Blog Post: How Windows Communication Works

    If you are working in a support or engineering role with Microsoft platform products like the various Windows versions one of the biggest struggles you can have is understanding what to expect in code and on the network when Windows computers communicate to each other and other platforms.  Documentation...
  • Blog Post: All The Logging In The World

    There’s normal troubleshooting and then there’s the stuff you do when the basic troubleshooting doesn’t get things resolved. Normal troubleshooting can be things like selecting “last known good” on a reboot after installing a new driver and having a blue screen. Or perhaps uninstalling and then reinstalling...
  • Blog Post: Access Denied, or other Access Failure to SMB Shares From Vista Clients

    Some of the fun we in product support have is that, once a new product is released nowadays, we get to chart the unexplored waters of new security settings interoperating with our customers real world environments. With Windows XP and Server 2003 we saw that there were challenges brought about...
  • Blog Post: Name Hijacked, Bystander DC Hangs

    I learn more about AD and other things every day, which is part of the fun of this job we do-learning about how things work. This story does a good job of lending some understanding to something that can be tough to understand-trust secure channels. This story begins with a customer contacting us regarding...
  • Blog Post: Split IO and Intermittent “File Not Found” Errors

    There are a whole host of issues that are simply never seen unless you have a large distributed environment. I know that sounds startling but here’s a hypothetical example. Imagine that you are an online retailer and for every identity that you are transacting business with an object in a AD LDS/ADAM...
  • Blog Post: Fooling the DC Locator

    There are an ever increasing number of scenarios out there in the business world where two different companies, or company divisions, may be using Active Directory for their directory service but may not be setting up an actual trust between the two. A more common reason for that is the different company...
  • Blog Post: A Day at the SPA

    Ah, there’s nothing like the stop-everything, our-company-has-come-to-a-complete-halt emergency call we sometimes get where the domain controllers have slowed to a figurative crawl. Resulting in nearly all other business likewise emulating a glacier as well owing to logon and application failures and...
  • Blog Post: Tabula Rasa

    I was well and truly stumped a few months ago. I joke that once a year I am flat out wrong, and rarely do I have nothing to say on a subject. The 'once a year I may be flat out wrong' statement may be true simply because after 15 years in the IT industry I’ve learned to avoid letting broad definitive...