Keith Combs' Blahg

Ramblings from another nerd on the grid

April, 2007

  • Halo 2 for Windows Vista arrives in 10 days


    In case you haven't been paying attention, Halo 2 for Windows Vista is going to be released on 5/8/2007.  Yes, you'll be able to save the world from the luxury of your Lenovo ThinkPad T60p.  More details at on the system requirements, price, etc.  You can preorder right now if you are feeling nervous. 

    If you decide to purchase this game, you also might consider one of the PC game controllers.  See the wired version at

    [UPDATE] It looks like this date got pushed out a couple of weeks.  Most of the game stores are now showing a release around 5/22.  Back to work...

  • Need a Halo 3 fix? It's coming...

    Dreaming of saving the planet?  Need a Halo 3 fix?  Well, the public beta will be here very soon.  More details on the multiplayer beta at  In the meantime, checkout the new Halo 3 posters at   



  • HDHomeRun appears to be a grand slam

    I found out an interesting statistic last night.  One of the news stations reported that the Dallas metroplex has the highest per capita usage of DVR's in the USA.  They didn't break it out by standard or high def recorders but I thought that was kewl until I remembered we're also supposed to be one of the fattest cities in the US.  Hmmmm...  I don't think that is a coincidence.  Of course, the scorching summers might be a factor, but we should have no excuse for the mild winters.  Slackers.

    Now to get back on topic, you'll recall I purchased this new little device called HDHomeRun.  I am happy to say it lives up to it's name.  Well, it lives up to it's name when used with the proper hardware.  That's the sad part of the story.  It didn't run well with my legacy hardware but that has nothing to do with the HDHomeRun unit.

    Decoding, rendering and displaying HD content is intense.  It requires muscle.  My single CPU Pentium 4 desktop machine just doesn't have enough horsepower.  I've upgraded that machine to it's limit.  It has the fastest AGP card it can handle.  It has 3GB of memory.  It has fast SATA drives.  But the bottleneck is the CPU and that's where the upgrades stop.  Time to say goodbye to it for HDTV purposes.  It just can't hang.

    How do I know?

    Well, I did some testing with Windows Vista and a couple of my dual core based laptops.  Say what?  You are recording and watching HDTV on a laptop?  Yes I am.  This is where HDHomeRun really shines.  You see, Windows Vista does not need an analog tuner to setup and use the Media Center capabilities.  Since the HDHomeRun product streams the content across the network to the Windows Vista machine, you don't have to take up card slots in a desktop, or any other type of slot in a laptop.  It's a really elegant design.  I love it.  Networking rocks.

    This also means you can use HDHomeRun with multiple machines.  Since the unit is a network device, you can configure multiple machines to see those tuners and use them.  Now obviously they can't do this simultaneously, but it certainly offers some kewl flexibility when it comes to testing from multiple machines.

    Since I prefer having a desktop machine do the work, I have to decide what to buy.  I really hate that.  I've known I need to upgrade for many months now, but I also know new stuff is on the way that will use quad processors, or be "Santa Rosa" based and support goobs of memory.  I think I'll wait until the new machines start shipping.  We'll see how patient I am.  Unless of course Dell drops the price of the XPS 410 to $550 or something...

    Anyway, HDHomeRun looks like it's going to be a keeper.  Keep in mind setup is for nerds.  The HDHomeRun Forums have all the information you need, but be prepared for some trial and error. 


  • A new Microsoft record?

    I've seen some pretty long file names before, but "Changes in Functionality from Windows Server 2003 with SP1 to Windows Server Code Name Longhorn.doc" would appear to hold the new Microsoft record for the longest name for a guide.  This is a very good overview of the changes you can review in Beta 3.

    The guide can be downloaded from but I will warn you that the Microsoft download servers are a bit busy right now so you may want to hold off until later this weekend.

    The online web version is at

    The Word downloadable version is at

    While you are at it, you might as well download the "Reviewers Guide".  Again, very good reading.

  • Longhorn Beta 3 - NAP Updated Step-by-Step Guides

    Hopefully you aren't taking a nap on Network Access Protection (NAP).  If so, it's time to wake up and add some rigor to the connections on your network.  The NAP team has posted some updates to their step-by-step guides.  Here are the direct download links:

    Step-by-Step Guide: Demonstrate DHCP NAP Enforcement in a Test Lab

    Step-by-Step Guide: Demonstrate IPsec NAP Enforcement in a Test Lab

    Step-by-Step Guide: Demonstrate 802.1X NAP Enforcement in a Test Lab

    Step-by-Step Guide: Demonstrate VPN NAP Enforcement in a Test Lab

    If someone manages to setup the 802.1x environment totally virtualized, let me know.  I don't care if it uses a competitive product.  Thanks.

  • Hook Em Horns !!!

    lhb3install_thumb As you might suspect by now, we signed off the Beta 3 milestone of Windows Server Code Named "Longhorn" today.  I downloaded the build a few days ago and am building a new Longhorn Beta 3 virtual machine while I write this.

    How would you like to do the same?

    There's only one place you really need to remember.  That link will redirect nicely to but it's easier to type.  Once there, you'll notice the download links, a link to the TechNet Resource Center, and tons of other information.

    If you've been to any of the free TechNet US seminars this quarter (April - June), you saw us demonstrate the new "Server Core" installation option, creation of a Read Only Domain Controller and other fine demonstrations.  If you haven't been yet, feel free to register and come have some fun.

    I noticed a few of the links to interesting Longhorn information weren't totally working yet but bear with us, things will get propagated and fixed over the next day or so.  For instance, the links to the "Book of Longhorn" aren't working yet, but when they are, I'll point you to them.

    Of course, you could just cheat and go to and grab it RIGHT NOW !!!  You'll need to supply some information, but the end result is a product key and a link to the direct download.  When I tested things a few minutes ago, the links weren't working yet.  Get some sleep... I would imagine things will get fixed tonight or early tomorrow.

    Enjoy our OS !!!

  • Is this going to be a dud or a home run?

    As you know, we are on a mission.  The mission is to come up with an affordable HDTV recording solution.  Most of the solutions on the market are not affordable and therefore aren't used by us mere mortals.  Sitting on the fence and waiting is boring. 

    My first attempts at quenching the HDTV thirst proved pretty successful.  Since the Scientific Atlanta 8300 HD set top DVR can be expanded via the external SATA port, adding a 300GB drive was able to get us by for a year.  But I knew those days were numbered because the cable provider I had was a poor business decision maker.  They made their own bed.  They are history.

    hdhomerun Now that I have the fancy schmancy Verizon FIOS TV in all of it's high def glory, time to get off the fence.  There's only one problem...  all of the solutions suck.  Or more accurately, the solutions are too expensive.  Look at the base TIVO Series 3 or its modified brothers and sisters.  Or, look at the Windows Vista based OCUR solutions that have been announced.  People just don't have an extra $2000-$10,000 to blow on this stuff unless you are in the big M or B club.

    A Winner Emerges ???

    So during the testing for Windows Vista and some of it's high def recording capabilities, I start hearing about HDHomeRun.  I try to ignore it at first but now I'm starting to realize my current Verizon HDTV DVR sucks so badly due to puny hard drive size, I need to do something.  So I take a gander at which redirects to the website.  I must admit, I like the product name and company name.  If the product does what everyone says, it's certainly going to dust us.  A home run for sure.

    If you look closely at the picture, you notice the device is a dual QAM HD tuner.  Apparently the Windows software tricks Windows XP Media Center 2005 or Windows Vista Ultimate that you've hooked up an over-the-air antenna when in fact you are tuning and recording QAM unencrypted HDTV from your cable or fiber video provider.  That's the key.  You must have the unencrypted channels.  This is easily tested if your HDTV set has a built in QAM tuner.  Scan and view.

    It doesn't seem like the product has a broad resale channel yet, but if you look at the information at, you'll notice a couple of online buying sites.  Since I've done business with before, I know I can buy with confidence from them.  Hit this link to go directly to their HDHomeRun shopping page.  I've had to return gear to them in the past so I know it's relatively hassle free.  I placed my order the other day and I expect my HDHomeRun tuner late next week.

    With any luck, I'll have another post on this subject reporting a grand slam from HDHomeRun.  If it works, I'll get more life out of my MCE 2005 machine and finally rid myself of over-the-air recording, and the trouble associated with antenna signal quality.

    To be continued...

  • Linux fun on my week off

    I need to come back to work, in order to relax.  Ever feel that way?  This week actually hasn't been that bad.  I took some time off to catch up on honey dues.  It's more like spring cleaning.  April in Texas is the time to get the yard in shape before it gets hotter than hell.  You certainly don't want to schedule major yard duty in June, July or August unless you want a stroke.

    With that said, my pool is open for business.  The trees are trimmed.  The lawn program has been established with weed killer and fertilizer. We're rocking and Mommy is happy.  She's having a party this weekend so everything is ready to go. Margarita time. 

    So what else to do?

    myvm I also used this week for some personal training.  I installed and used Ubuntu, Red Hat Enterprise Desktop Workstation w/Multi OS v5 (RHEL 5), Novell SUSE Linux Enterprise Desktop 10 (SLED 10) and some other stuff (Parallels).  The goal was to look at the installation, configuration, application mix, etc.  This year (I do it every year), I added virtualization to the mix to see how well I could run Windows Vista on Linux.  I figured if it's so easy on a MacBook Pro, I might as well see about living on linux for a week or more. 

    Linux Install Impressions

    As usual, Linux continues to improve the installation process.  Ubuntu was the quickest and easiest.  Actually, I installed Kubuntu since I prefer KDE over GNOME.  Kubuntu installs quick because it's a small distribution.  It will also run just from the CD so you don't have to install it on a PC hard drive.  Very Knoppix like.  The RHEL 5 distribution is large but they didn't supply me a .ISO DVD image.  The actual install from the CD's wasn't bad but it did kind of freak me out when it broke into text mode for a few minutes.  In this day and age, I fully expect GUI installation unless I'm cloning and doing scripted installs.  SLED 10 was an absolute breeze to install (as usual).  I'm not sure my Mother-in-law could do it, but it's getting better.

    Application Mix

    Operating systems are interesting.  When you install an unknown OS, you tend to want the OS to have everything so you don't have to hunt for the missing parts.  Linux is certainly no exception to that, nor is Windows for that matter.  Kubuntu had the lightest mix of applications.  This is one of the reasons installation was fast for them.

    RHEL 5 and SLED 10 both have a very comprehensive mix of applications for office, home and development.  This year, I went looking for a blogging application.  I didn't spend a lot of time looking but I didn't see an app that was installed on any of these distros that would allow me to post to this Community Server based site.  In order to do that the tool would need to support the Metablog API.  I'm sure there are Emacs or Firefox plugins but I just didn't have time to look this week since my time was very short.

    I didn't really spend a lot of time in the usual applications (web browser, email, document creation).  I will over time look more closely at OpenOffice, media tools, phone sync, etc.  I shifted that allocation of time to looking at Linux virtualization.

    Virtualization on the Desktop

    I approached the virtualization topic like any other app.  I figured as popular as it's become, it should just be a check mark in the distro setup or a simple download and install.  I am comparing this to what would be needed to install Virtual PC or Virtual Server on Windows.

    Virtualization was only tested on RHEL 5 and SLED 10.  Xen on RHEL 5 was a bit too crude in my opinion.  Even though I was using the graphical Virtual Machine Manager, it seemed primitive.  I also didn't realize at first the virtual disk image must be located in a specific directory. RTFM!  Of course linking the image to a high speed disk farm is pretty easy on Linux, but the key here is that you can't just create the virtual disk where ever you like via the GUI.  After getting past that, I was disappointed to watch the VM I was building disappear on the setup reboot.  At that point, I decided to shift gears to another virtualization product technology.  I had had enough of Xen for the moment.  I'll probably come back to it later after I've had a chance to study the RHEL 5 Xen Virtualization Guide more.

    VMWare Virtual Server

    After using the crude administrative tools for Xen, I decided to see what VMWare had to offer on the Linux platform.  Low and behold, they have a Virtual Server for both Windows and Linux.  I downloaded the binary, rpm package (which I didn't use), the management interface and client packages.

    This time, I decided it would be prudent to follow the documentation for installation and use.  The server, management interface and clients all installed with minimal fuss.  I pretty much took the defaults although in practice if this wasn't a test laptop, I would have probably done some things different for image storage location, binaries, etc. 

    The VMWare Server Console is similar to the VMWare Workstation interfaces you might find running on a Windows machine.  The GUI is pretty straightforward although I ended up turning off the toolbars after I got comfortable with the hot heys.  I installed Windows Vista Enterprise from a DVD and although it took some time, it didn't seem like it was any worse than some of the installs I had done on Virtual PC 2004Windows Vista installs much quicker on Virtual PC 2007.  The virtual machine I created was bound and bridged to the host wireless network card so I pulled updates from and installed them in the VM.

    I've seen the vm lock up temporarily on a couple of occasions.  On one occasion I was flipping in and out of full screen mode and the laptop froze.  I could not recover from that one.  I have to hold down the power button on the machine then boot back up.  Fortunately SLED 10 replayed the transaction logs and booted fine.  The vm booted as well so I am still messing with it. See the screenshot above and click the image for a full blown view.  I'll probably see if I can establish a VPN connection from the vm to our corporate lan and possibly join it to a domain.  That gets a bit tricky, but I'm a tricky guy.

    So what did I learn?

    I guess I need to get my hands on a Apple MacBook Pro and run Parallels for another data point, but it would appear we still have the edge in a few areas on the Windows platform (as far as virtualization is concerned).  I thought the installation of the operating systems was easy enough for any IT Pro, but installing configuring and using the virtualization technologies wasn't a cake walk.  VMWare made it a lot easier because they have good instructions.  So even if you aren't familiar with downloading, unpacking and installing Linux archives or RPMs, you'll probably have few issues getting up and running.

    Would I run for an extended period of time in this manner?  Probably not.  I'm far too busy keeping up with our own products but it might be fun to try to do an event with PowerPoint running from a Linux hosted Windows Vista vm, and the usual demos running from other vms.  I'm not real comfortable with the stability of the platform at the moment, so it'll probably be a cold day in you know where, before that happens.  Enough fun for now.

    Back to my chores around the house...

  • How do you notify users of updates?

    As you'll recall, I posted some information about the Microsoft IT organizations implementation of WSUS and how it affected a number of users.  You can read those gory details here.  Well, I'm sad to say the saga continues...

    To recap, I'm a mobile user.  I am rarely connected to the "corporate" network.  My Windows Update Client is pointed at some internal servers so it chokes if I manually try to check for updates and I am not connected via VPN.

    I reported that pretty widely internally and of course on my blog.  I followed up on this issue with the MSIT organization to see what they were going to do about it.  Here's part of the response I got back:

    "We pushed a GPO at the request of the Desktop team to address a problem with SMS V4 clients this policy was intended to fix only those clients that were experiencing the problem. The Policy is scheduled to be removed tomorrow." 

    Time passes...

    That was ten days ago.  The policy has not been removed.  So I escalated again and this time got on the phone with one of the people involved in both the decision and implementation to explain my concerns about the implementation.

    As it stands, my machine and thousands of others will remain pointed at the internal WSUS servers.  As indicated in my previous post, I am at liberty to update myself from via the new WSUS client I am now running.  I would imagine this would be unacceptable to a lot of customers with highly managed desktops and fickle desktop apps.  Our MSIT org thinks this is a reasonable solution for Microsoft employees since everyone is pretty much an admin on their machine anyway.  I'm ok with updating myself, but wonder about another aspect.

    No Notifications

    It should be "noted" that this implementation has an undesirable side effect.  No notifications.  I only get notified that something is available if I VPN into our corporate network.  At that point, the VPN quarantine process will complain if I am out of tolerance, or the SMS client indicates a required update must be installed, or my WU client might have a chance to pop a bubble that there are some new approved updates.  In the past 10 days, we released updates to Windows Vista and I was not notified.

    Long Term Solution

    I expressed my concern over the notifications with the MSIT folks because I wanted to know how they plan to address mobile workers.  I have my fingers crossed that they would cave and pull the GPO that forces me to look internal.  No such luck.

    There are a number of ways to approach this problem.  One obvious one is to place the WSUS servers in a perimeter network that I can see from my home office or travel locations.  Since I have the SMS client installed, it would seem prudent for that client to phone home and report back results.

    As it stands, our MSIT org is listening but I don't have a solution from them (short of pulling my machine out of our managed domains).  Sound familiar?

    So how do you implement patch management?

  • "I'm just buzzed" - Will Ferrell gold

    This is too funny not to post.  It doesn't matter if you are a Will Ferrell fan or not, this is pretty funny.  It must have taken a lot of shots to get it right.  Will is definitely going to hell for this.  LOL.

    See  It's probably rated PG13 or R for language.

    Credit to Kai Axford for the link and laugh this morning. 

  • Windows Vista Resource Kit - in the wild

    The astute know the Windows Vista Resource Kit is shipping and in the wild.  When I arrived at my house Friday, my copy was sitting on the front door step.  I'm surprised UPS didn't charge extra for the weight.  The resource kit book is huge. 1500+ pages huge.

    The area strangely didn't have a current view and description of the book, table of contents, cd contents, etc.

    So, you'll need to get that information from other sources on the grid like Barnes and NobleAmazon and other fine retailers.

    The picture at right is a screenshot of the ebook version of the resource kit.  The ebook comes in .pdf format and is on the CD.  Buy the book, get the ebook.

    If you squint real hard, you can tell the resource kit is geared towards IT Pros.  Part I is an Overview of Windows Vista.  Part II is on Deployment.  Part III is Desktop Management.  Part IV is Desktop Maintenance.  Part V is Networking and has extensive information on IPv6 which we can all use.  Part VI is Troubleshooting but you'll probably never need that with Windows Vista.  Ha! 

    Troubleshooting is followed by the Appendices.  Appendix A is a System Files reference.  Appendix B is on User Rights.  Appendix C is on Accessibility.  I really need to review Appendix C because I seem to get questions on this subject at each show I do.

    The CD contains deployment tools, scripts, the ebook and other stuff.  I just got mine so I'll be thumbing through it and reporting my likes/dislikes over time.  I really like the fact I have an electronic version of this bible.

  • Is Mark Minasi right about perpendicular drives?

    Many of you have seen Mark speak.  He's often the keynote at many of the technical conferences.  I like his style.  He pokes fun at us (Microsoft), gets the audience laughing and snickering, and obviously has fun doing his job.  You can get a lot of background on the man at  He has written several popular books and from talking with the Mark, it's obvious he's confident when he weighs in on a subject.

    Mark attended a couple of sessions I delivered at Windows Connections a couple of weeks ago.  During the course of one of the sessions, I started describing the platform I was using for the demos and I believe I offered some information on the next generation laptops coming that would be capable of using more than 4GB of memory.  I also mentioned when I get my hands on such a laptop, my next bottleneck was going to be disk capacity.

    Mark chimed in that I should just use some of the new laptop drives recently released that use perpendicular recording.  I responded something to the effect that I don't use them because I want the low latency and speed from a 7200rpm drive.  He indicated the new drives running at 5400rpm, but using the perpendicular recording techniques are just as fast.

    I tucked that away.  I hadn't really done the research yet on the subject so I didn't challenge his assertion.  I had planned to start checking into the subject anyway, so this was a good reminder to get off my duff and do so.

    Research Mode On

    Like many of you, I usually disregard certain technologies until they are within my reach.  In the case of hard drives, it means the price is low enough that I can afford the drive.  On rare occasions, the business and technical needs will outweigh the price.  Laptop drives can easily fall into that case because the number and size of virtual machines I use keeps increasing.  I think we need to adjust the data storage law as follows:

    Keith's Law, "The amount of data you need to use will always be twice the hard drive space you have."

    After my event last Thursday in El Paso, I started digging around on this subject.  As usual, I hit some of my favorite nerd buying sites to see how much per gig these 2.5" 5400rpm perp recording drives are going for.  My first stop is  I don't buy from them much anymore because their return policy is a bit too hard core for me.  But, I do like to check their prices. 

    Pay Dirt

    While at zipzoomfly, I spy the Seagate Momentus 7200.2.  Holy cow!!!  Mark is both wrong and right and he didn't even know it.  Now they are shipping 7200rpm larger capacity perp recorded drives.  Thank you Lord.  The problem is, that the 160GB drive is $300.  That's three times the price of a 100GB 7200rpm 2.5" drive.  I don't know about you, but the math doesn't add up.  More research is obviously needed.

    I haven't even begun to do my research. At this point, there's really no need to get too detailed.  Why squabble over 5400 versus 7200rpm drives when I can just continue to buy 7200.  But I want to learn a bit more, so I start digging around.  I take a look at the Seagate specs at  I prefer Hitachi Travelstar so I peruse the website.  Unfortunately, Hitachi isn't yet making a 7200rpm drive using perp recording.  Hitachi does however have a basic explanation on perpendicular recording.  If you want a little more detail, see their expanded white paper.  What it really boils down to is that the drive makers have added some additional layers to the media, are using some new materials, and thus now have the ability to write and read from denser media.

    SuperparaMagnetic Effect

    The reason perpendicular drives and recording have been created is the wonderful phenomena called superparamagnetic effect.  The real effect is data loss which occurs when heat reverses the magnetic orientation of the tiny magnetic grains.  Uh, that's not good.  Hence the new materials and different recording methods.

    Where Mark Minasi is right, is that the new recording methods and densities offer a very efficient method of data transfer.  However, in all of the benchmark data I looked at over the weekend, not a single 5400rpm perpendicular drive out performed a 7200rpm standard SATA drive.  HA !!!  I figured there was no way he was right.  However, the numbers were very close so as Mark indicated, the 5400rpm drives are certainly performing very well. You can look at benchmarks at and other sites to see this.

    Another thing that stood out in the research is that the new materials and recording methods have lowered the power consumption of the drives.  In fact, the power consumed was cut by more than half in some of the stats I looked at.  That is good news for us laptop users.

    What's coming?

    One thing is for sure, the research and development in the 2.5" form factor has lagged all of the other consumer drive segments.  This is now changing.  More powerful devices (UPMC, Tablets, and laptops) are driving this need and of course the size of our data keeps growing exponentially.  See Keith's Law above.

    Fujitsu and Seagate already have 160GB 7200rpm 3Gb SATA interface 2.5" drives out.  I haven't seen those drives benchmarked, but I expect that they are the top performing drives currently on the market.  200 and 300GB drives have been announced by Fujitsu, Toshiba, Hitachi and others.  2007 and 2008 are going to be great years for higher capacity fast laptop drives.  That will make it easier to carry all my virtual machines around.  Save your pennies.  Bleeding edge 7200rpm perp drives aren't cheap.  Hopefully my managers are wisely budgeting for the next fiscal year.  Technology doesn't stand still.

    Now if I can just get a 1TB 7200rpm 2.5" drive.  Anyone know how to shrink one of these?

    [UPDATE]  Tom Wu sent me an email and pointed me to the Samsung press release.  A nice juicy 200GB 7200rpm perpendicular magnetic recording (PMR) hard drive.  I guess I should use the PMR acronym since it appears to be a de facto standard.  I like perp better.  Oh, and Tom also pointed out that had the 7200.2 for ~$180.  That isn't bad.  Looks like I'll be able to afford this stuff after all. 

    [UPDATE] Hitachi just announced their 200GB 7200rpm 2.5" laptop drive.  Details at

  • Vulnerability in RPC on Windows DNS Server Could Allow Remote Code Execution

    I subscribe to the security flashes and updates.  If you don't, you should.  At about 2am this morning, I received an email about Microsoft Security Advisory (935964).  See for the full text of the update, the Overview Section, the FAQ section, and the Suggested Actions. 

    Here's a portion of the webpage:

    Microsoft is investigating new public reports of a limited attack exploiting a vulnerability in the Domain Name System (DNS) Server Service in Microsoft Windows 2000 Server Service Pack 4, Windows Server 2003 Service Pack 1, and Windows Server 2003 Service Pack 2. Microsoft Windows 2000 Professional Service Pack 4, Windows XP Service Pack 2, and Windows Vista are not affected as these versions do not contain the vulnerable code.

    Microsoft’s initial investigation reveals that the attempts to exploit this vulnerability could allow an attacker to run code in the security context of the Domain Name System Server Service, which by default runs as Local SYSTEM.

    Upon completion of this investigation, Microsoft will take appropriate action to help protect our customers. This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs.

    Customers who believe they are affected can contact Product Support Services. Contact Product Support Services in North America for help with security update issues or viruses at no charge using the PC Safety line (1-866-PCSAFETY). International customers can use any method found at this location:

    If you have a DNS server, you need to pay particular attention to this issue.  That means internal or external DNS servers.  Remember, many attacks and thefts occur on the inside of an organization.

    For more information, please keep and eye on the Microsoft Security Response blog at  You might want to read Jesper's blog post at  He has some good suggestions on updating a bunch of DC's and DNS servers.

  • Halo 3 Multiplayer Beta comes to planet Earth


    The Halo 3 Multiplayer Beta will go live on May 16th at 12:00 AM PDT and run through June 6 th at 11:59 PM PDT. That means that folks who purchased specially marked copies of Crackdown, or won a spot in the Beta through the “Rule of Three” or other regional promotions, will be able to log into their Xbox Live Gold accounts, download and play the Halo 3 Multiplayer Beta and enjoy an early peek at the multiplayer aspect of the game.

    If you’ve been sitting on the fence, and are interested, you can still enter the Beta by picking up a specially marked copy of Crackdown, which would ordinarily be a chore, but thankfully Crackdown is an awesome action game which might ironically distract you from the Beta I’m pimping here. Bungie is also giving out a few Friends and Family spots to valued community members, but those are few and far between, so it’s safer to assume you’re not getting in that way.

    Courtesy of Frankie at  More details at

  • Apple Rulz

    Give me a break.  I stumble across the poll on that allows people to vote for the Portable Media Device of the Year.  So I look over the nominations and of course vote for the Creative Zen Vision W.  Then I see the results...

    The Apple iPod Shuffle is leading the pack with 46% of the votes.  Excuse me?  Is everyone blind?  The darn thing doesn't even have a screen.  It wouldn't be so bad if it was the 80GB iPod Video.

    You can't compare the wonders of the Archos 604, Creative Zen Vision W or Zune to a Shuffle.  Obviously they need a category for video players.  Then Apple would get properly smoked. 

  • All I need now is Virtual 360

    The Xbox 360 team keeps cranking out the innovation.  If they keep it up, I'll be able to ditch my laptop and start doing my webcasts from my Xbox.  They took a step closer with the announcement yesterday on an integrated keyboard for the Xbox 360 controller.  Looks pretty kewl to me.

    Now you'll be able to smack text.  No more worries about garbled VoIP.  Your opponent will know clearly that you meant to bonk them on the back of the head with the plasma rifle.

    One other thing, make sure to remove your manager from your instant messaging contact list.  I'd hate for them to think you are discussing the latest project priorities from the couch and your Xbox 360 controller.  It doesn't exactly send the right "message".

    Now if we can just get the Xbox team to release an x86 virtual machine execution environment, then I could deliver Longhorn webcasts from my Xbox 360.  :)

  • Who is more powerful? Humans or planet Earth?

    Spend nine days with members of your team.  After the work related chit chat runs out, it's time for deep thought.  Sometimes is borders on the absurd.  But is it really?

    For instance, we were discussing the Planet Earth series I'm watching.  The discussion started off innocent enough.  I explained the polar bear plight and how global warming is affecting the ice shelf and the bear's ability to survive.  One of the members of my team proclaimed that we, the human race, are having no effect on the natural cycle of this planet.  I'm paraphrasing his words, but I believe my characterization is accurate.

    Consider that for a second...  Is it possible that the planet Earth, and its ability to recover from whatever we throw at it, could really be stronger than what the human race has to dish out?  Is the planet in a natural evolutionary cycle that has evolved over millions of years and we are barely a dust particle in its path? 

    It's easy to challenge that.  We can point to many cases of our ability to poison and kill reefs, plants and other warm blooded species.  But are those simply the small picture?  In the course of the evolutionary scale, does it matter?

    Technically, religion didn't enter into this discussion.  But I can't rule this out considering how the discussion unfolded.  You could hardly have a serious scientific discussion today without some aspect of religion entering the picture.

    So what is fact?

    Is it fact that we, the human race are sending the planet earth hell bent on a path of destruction?  Or, are the current events of this planet simply natural evolution?  Do you have proof to back it up? 

    Lets assume we say screw the green initiatives and decide to pollute without regard to the outcome.  Along comes a planet killer meteor.  The planet goes cold and the next ice age starts.  50 million years later things warm back up and the planet is beautiful again.  Natural evolution?

    What do you think?  Is my colleague right?  Can we control or affect the outcome of evolution or are we just here for the ride?

  • People, Process and Technology sometimes collide

    I'm the people part of the equation.  Recently the process and technology ran right over me and turned me into IT road kill.  So what happened?  Could it have been avoided? Definitely...

    Let's set this up by describing my typical work environment.  Like many field employees, I am a mobile worker.  When I am traveling I use a variety of internet connections.  When I am home, I use my broadband isp connection.  I am in the office about 3-5% of the time so it's rare to have a corporate connection.

    Know Your Users

    When designing a patch management strategy for mobile workers, where would you have them get software updates?  What technology do you use?

    In the case of the Microsoft IT org, they use SMS for inventory, patch and software push/pull distribution.  With the new version of Windows Software Update Server (WSUS) v3 getting ready to ship, I guess they were anxious to start using it.  However, they got a little ahead of themselves and it tripped me and a few other folks up.

    Symptoms Surface

    In early March, I noticed my secondary work laptop stopped getting updates from  It is running Windows Vista Enterprise and is joined to one of our corporate domains.  As such, it must adhere to the corporate desktop standards for anti virus, malware prevention, etc.  Some of those standards are implemented via Group Policies that flow from our Active Directory (AD) domain controllers.  One of the group policies I received updated my Windows Update client to point to the internal WSUS servers.

    Although the initial problem is probably apparent at this point, it's actually worse than that.  You see, I received that GPO update, but I didn't really see the issue until much later.  By the time I noticed I wasn't getting updates (see screen shot above) from the public update site, it was too late.  Our VPN quarantine process already had several patches that were required to pass quarantine but guess what, I can't get them because they are on the internal WSUS servers.  That's a catch 22.  I'm screwed.

    Or am I?

    March was a super busy month for me as you know.  We wrapped the Vista launch events, I developed the Longhorn content for Q4 and then headed to Orlando to deliver sessions at TechMentor and Windows Connections.  However, while there, I saw Chris Henley hit the same issues with his laptops.  That put a fresh perspective on the issue and I knew it wasn't just me.  Time to start hacking into this.

    So when I got home, I started sand boxing the problem.  Good trouble shooters learn to draw boxes around the problems and isolate components.  Excluding components makes it easier to find the faulty component.  The error message displayed doesn't tell much so you have to "Get Help".  That ends up taking you to some help that advises you to make sure you aren't blocking the windowsupdate servers with a firewall, and to also add their URL's into the browser safe sites list.  Seems reasonable.  This starts to clue you in it's a destination unreachable condition.  We just don't tell you what destination. 

    Destination Unknown

    To get the destination, you have to dig into the Windows Update client log.  Not many users are going to go down that path.  But I'm a hacker like you so I head on over to  c:\windows\WindowsUpdate.log.  I see a bunch of log entries pointing to Microsoft internal IP addresses.  I smell a rat.  I now know what is going on.  So I dig a little further.  Sure enough, the group policy update set the following registry entries:

    Windows Registry Editor Version 5.00




    I have removed the ip addresses and ports to protect the guilty.  Ok, now I know exactly what is going on.  My Windows Update client is pointed at some internal servers for updates and I can't get updates.  So I deleted the registry entries and grabbed my updates from  I know, that's cheating.  But hold on, it gets better.

    Bug or "By Design" ???

    So being the good corporate citizen I am, I report the issue first to our internal Windows Vista discussion alias.  I don't know if what I am seeing is actually a bug yet or not.  I suspected it's just a case of the MSIT org not understanding how field employees work and under estimating the impact of re-homing the update client to an internal WSUS server as opposed to using the public cluster.

    In the ensuing discussion on the alias, I find out that some new WSUS clients are being pushed out.  Sure enough, I receive the WSUS v3 client (see the screen shot above).  Notice anything different?

    Windows Update (WU) Client v3

    If you notice at the bottom of the text, there is now a link that you can use to pick up updates from the public Microsoft Update Service.  Very nice.  It would have been nice to have this client pushed to my machine back in early March before the GPO updated me to point to the internal servers. 

    See what I mean?  This wasn't a technology issue at all.  This was a people and process issue.  This happens all too frequently.  Fortunately, it doesn't happen often in Microsoft.  So what's next on this issue?

    The End Game

    Well, from the technology perspective I would have preferred the WU client to time out trying the internal servers then fail over to the Microsoft Update Service.  This is what my anti virus tool does.  It's tries the list of servers and they can be a mix of locations and protocols (ftp, smb, http).  Maybe we'll see that in the next versions of the WU Client.

    So the moral of this story is to make sure you aren't creating end user IT road kill.  Put on their hat and assess their needs fully.  In our case, we might need to assess creating a mobile user AD domain, OU, or backing this change back out.  I think our helpdesk folks are just going to get too many phone calls on update failures. 

    Happy Easter !!!

    [UPDATE]  The Windows Software Update Server (WSUS) registry settings are documented at

  • Come Chat with the NAP guys

    I just noticed the Network Policy Server (NPS) guys are hosting an online Chat on April 10th.  This is a great opportunity to ask the really tough questions on NAP, NPS, IAS, RADIUS, etc.  Be sure to ask about 802.1x switch and router support, IPSEC boundaries, NAC compatibility, and compatibility with other operating systems. 

    For detailed information in the chat, see

  • Windows Connections Conference slides posted

    Thanks to all of you for coming to the sessions I delivered today in Orlando, Florida.  Go Gators.  As promised, I have posted the following slide decks:

    Windows Server code name "Longhorn" Tech Overview Part 1

    Windows Server code name "Longhorn" Tech Overview Part 2

    Windows Server code name "Longhorn" Network Access Protection (NAP)

    Windows Deployment Services

    I had fun today and I hope you found the sessions and demos valuable.  For those of you unable to attend, no worries, I'll be capturing a slew of demos on the Beta 3 release milestone just as soon as I can.