I long ago deleted the stock RSS gadget in Vista since I wasn't using it. Just the other day I decided I wanted it back for a special application. All is not lost. Those gadgets are stored in Program Files, presumably just to prevent people like me from doing permanent damage. I found the following step in the online help articles to recover the gadget.
Note: If you uninstall gadgets that came with Windows, you can restore them to the Gadget Gallery by following these steps: a. Open Windows Sidebar properties by clicking the Start button , clicking Control Panel, clicking Appearance and Personalization, and then clicking Windows Sidebar Properties. b. Click Restore gadgets installed with Windows.
Note: If you uninstall gadgets that came with Windows, you can restore them to the Gadget Gallery by following these steps:
a. Open Windows Sidebar properties by clicking the Start button , clicking Control Panel, clicking Appearance and Personalization, and then clicking Windows Sidebar Properties.
b. Click Restore gadgets installed with Windows.
Windows Vista Help: Customize Windows Sidebar
This is an incredibly valuable task. Windows Vista employs "Image Based Setup", meaning their is no more i386 folder. Instead, Windows now comes on the DVD as an image that is copied and expanded during setup. An admin can capture a custom .WIM windows image and mount the WIM to add/modify/remove files. Did you know you can also edit the registry?
Mount the WIM file to a local folder using ImageX.
C:\ImageX>imagex /mountrw install.wim 1 c:\mount ImageX Tool for WindowsCopyright (C) Microsoft Corp. 1981-2005. All rights reserved. Mounting (RW): [C:\ImageX\install.wim, 1] ->[c:\mount] Successfully mounted image (RW).
C:\ImageX>imagex /mountrw install.wim 1 c:\mount
ImageX Tool for WindowsCopyright (C) Microsoft Corp. 1981-2005. All rights reserved.
Mounting (RW): [C:\ImageX\install.wim, 1] ->[c:\mount]
Successfully mounted image (RW).
Load the registry hive you need. In this case let's mount HKLM\Software.
C:\mount>reg load HKLM\test c:\mount\windows\system32\config\software The operation completed successfully.
C:\mount>reg load HKLM\test c:\mount\windows\system32\config\software
The operation completed successfully.
Open Regedit to make changes or use Reg Add from the command line.
Unload the reg hive.
C:\Windows\system32>reg unload HKLM\test The operation completed successfully.
C:\Windows\system32>reg unload HKLM\test
Unmount the image.
C:\ImageX>imagex /unmount /commit c:\mount ImageX Tool for WindowsCopyright (C) Microsoft Corp. 1981-2005. All rights reserved. Unmounting: [c:\mount]... Successfully unmounted image.
C:\ImageX>imagex /unmount /commit c:\mount
Successfully unmounted image.
It really is that simple. Changes to be made without having to apply, sysprep, and recapture the image. You could leverage this as a tool in a variety of ways such as to embed a script to run application installations after the image has been deployed, automate activation using slmgr.vbs, etc.
At a presentation last week a gentleman asked me if Vista includes a tftp client. Today I was poking around in the Vista add/remove features and there it is! Below is the command line output of tftp /?.
I've heard a few people actually say ImageX.exe is included with Vista. That's not technically accurate. ImageX is most certainly a value add to Vista but it is packaged separately in a download called "WAIK" or Windows Automated Installation Kit. So let's say you want to use ImageX but don't want to run the full WAIK install. You copy imagex to a separate machine and run it. Works, but certain things fail, why? There are a number of other files you'll want to copy in addition to the EXE. To mount a WIM read/write and do other interesting things copy these files (everything in the same folder). Combine their total size is 1.01 MB.
Ok, now you attempt to mount read/write and you receive an error that imagex was unable to find the file? That's because it needs to load the filter to be able to mount an image stored within the WIM. WIM supports single instance storage and allows appending a new image to an existing file. This considerably saves file size and disk space but does mean you need to install the wimfltr.inf file.
Simply open the folder in Windows Explorer, right click on wimfltr.inf and click "install". Approve the UAC prompt. Done. If you need to script the install or want to run it from the command line, by using the context menu you actually executed the following command.
%SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 <filename.inf>
I just read a great post on MSDN blogs regarding vhdmount, a tool in Virtual Server 2005 R2 SP1 Beta 2 (that's a seriously long name) that allows you to mount VHD files to the host operating system, and with the registry changes in this write-up you can associate the executable with the file type so when you double-click on a .vhd file it will automount. Sweet!
Link to Virtual PC Guy's WebLog : Double clicking on a VHD to mount it
So why does this matter to Windows client? Because in Vista, Windows Backup creates .vhd files when a full backup is performed. That's right, you can snapshot your machine, online, and it will create a VHD for you. You can test it yourself through the GUI or using the command line tool wbadmin. This is not a P2V tool. You cannot boot to the VHD, however I've been told you can mount the .vhd file on a virtual machine as a data volume if you need to extract just certain files. Well, this is just too cool not to try, so I gave it a shot this morning.
First, I ran a backup. I ran this completely online, while doing research and listening to streaming music. In Vista, Windows Backup leverages Volume Shadow Copy Service (VSS) so you don't need to use offline tools to backup your OS volume. I captured 11 GB in around 15 minutes, give or take, to my external HDD. I plan to post again later about wbadmin, it's a great tool.
Next, I downloaded and installed Virtual Server 2005 R2 SP1 Beta 2 from Connect. I found the vhdmount tool in c:\program files\Microsoft Virtual Server\Vhdmount. I executed vhdmount with a /p and pointed to the VHD file on my external. Success! The .vhd file mounted up like a charm and I have full read/write access!
The new version of KMS for Server 2003 is now available for download. As stated on the site, KMS version 1.1 for Windows Server 2003 provides:
X86 (EN-US) - http://go.microsoft.com/fwlink/?LinkId=82964
X64 (EN-US) - http://go.microsoft.com/fwlink/?LinkId=83041
KMS on Server 2003 and 2008 should each behave the same way. In fact, if you want to use both Server 2003 and Server 2008 to host KMS, the clients can move between the hosts transparently to the end user. The "rules" for number of activations to start activating servers (5) and clients (25) are the same across both platforms, and you should use the same key to activate KMS regardless of whether it is running on 2003 or 2008.
You can apply this as an update to KMS 1.0 on Server 2003 (you do not have to uninstall KMS 1.0 first, according to the documentation).
The same MOM management pack that applied to KMS 1.0 applies to KMS 1.1.
As with KMS 1.0 for Server 2003, there is no SLUI and you still need to use a 2003 key and activate the OS on the machine where you are installing the Key Management Service, as a contrast to 2008 where once the key has been entered to make the machine a KMS and the KMS has been activated, the machine hosting KMS does not require its own key and activation.
We have recently gone through the process of wiping out our lab and rebuilding from scratch on Windows Server 2008 R2 Enterprise. During this process, I recorded the steps I used to configure MPIO with the iSCSI initiator in R2. Just to make life more complex, our servers only have 2 NICs, so I am balancing the host traffic, virtual machine traffic, and MPIO across those two NIC devices. Is this supported? I seriously doubt it. :-) In the real world you would separate out iSCSI traffic on dedicated NICs, cables, and separate switch paths. The following step-by-step process should be relatively the same though.
Editorial Note: I do not work for the iSCSI team, I’m a field guy. If you see something you disagree with here don’t be angry, instead comment your point and I will update the article. Thanks.
The workflow I am following assumes that when starting out one NIC is configured for host traffic and the other for a VM network. On the WSS the secondary NIC was already configured not to register in DNS. Also, since I am using WSS and the built-in iSCSI Target I don’t have to configure a DSM for the storage device. If your configuration is different than that, you may have to ignore or add to a few parts of the below instructions. Sorry about that. I can only document what I have available for testing…
First I just want to show a screenshot of the iSCSI target on our Windows Storage Server, to indicate that it does have two IPs. Once again, I am cheating the system here. These are not dedicated TOE adapters for iSCSI on a separate network. This is a poor man’s environment with 1 VLAN and minimal network hardware. My highly available environment is anything but! To view this information on your own WSS, right-click on the words “Microsoft iSCSI Software Target” and click Properties.
Next I needed to enable MPIO on the servers making the iSCSI connections. MPIO is a Feature in Server 2008 R2 listed as Multipath I/O. Adding the Feature did not require a reboot on any of my servers.
Configuring MPIO to work with iSCSI was simple. Click Start and type “MPIO”, launch the control panel applet, and you should see the window below. Click on the Discover Multi-Paths tab, check the box for “Add support for iSCSI devices”, and click Add. You should immediately be prompted to reboot. This was consistent across 4 servers where I followed this process.
After rebooting, if you open the MPIO Control Panel applet again, you should see the iSCSI bus listed as a device. Note on my servers, the Discover Multi-Paths page becomes grayed out.
Now click Start and type “iSCSI”. Launch the iSCSI Initiator applet. Add your iSNS server or Target portal. There is plenty of documentation on how to do this on TechNet if you need assistance. I want to stay focused on the MPIO configuration.
Once you are connected to the target, click the button labeled “Devices…”. You should see each of the volumes you have connected listed in the top pane. Select a Disk and click the MPIO button. In the Device Details pane you should see information on the current path and session. If you click the Details button, you can verify the local and remote IPs the current connection is using. It should be the IPs that resolve from the hostnames of each server. See my remedial diagram below.
I recommend taking note of this IP, to make life easier later on!
So everything is setup for MPIO but you are only using a single path and that’s not really going to accomplish much now is it? Since I only have 2 NICs in my test server I need my host to share the second NIC with the VM network. This is not ideal but again I am using what I have and this is only a test box.
In R2 the host does not communicate by default on a NIC where a virtual network is assigned. To change this, open the Hyper-V console and click “Virtual Network Manager…”. Check the box “Allow management operating system to share this network adapter”.
This will create a third device in the network console (to get there click Start, type “ncpa.cpl”, and launch the applet). You should see the name of the new device matches your Virtual Network name. In my case Local Area Connection 4 has a device name “External1”. Right click on the connection and then click Properties. Select “Internet Protocal Version 4 (TCP/IPv4)” and click the Properties button. Configure your address and subnet but not the gateway as it should already be assigned on the first adapter. You also shouldn’t need to set the DNS addresses in the new adapter. You will however, want to click the “Advanced…” button followed by the DNS tab and uncheck the box next to “Register this connection’s address in DNS”. This really should be the job of your primary adapter, no need to have multiple addresses for the same hostname registering and causing confusion unless you have a unique demand for it.
Back in the iSCSI Initiator Applet, click the Connect button. I know you already have a connection. In this step we are adding an additional connection to the Target to provide a second path.
In the subsequent dialogue make sure you check the box next to “Enable multi-path” and then click the Advanced… button. In the Advanced Settings dialogue you will need to choose the IP for your second path. In the drop-down menu next to “Local adapter:” select Microsoft iSCSI Initiator”. In the drop-down next to “Initiator IP:” select the IP on your local server you would like the Initiator to use when making a connection for the secondary path. In the third drop-down, next to “Target portal IP:” select the IP of the iSCSI Target server you would like to connect to. This should be the opposite IP of the session we observed a few steps back when I mentioned you should take note of the IP.
Just one more step. Let’s verify that you now have 2 connections available for each disk, that they are using separate paths, and have the opportunity to choose the types of load balancing available. Once you have hit OK out of each of the open dialogues from the step above, click on the Devices… button again and check out the top pane. On each of my servers I see each disk listed twice, once per Target 0 and once per Target 1, as seen below. If you follow my remedial diagrams one more time and select a disk, then the MPIO button, you should now see two paths. Select the first path and click the Details button. It should be using the local and remote IPs we took note of earlier. Click OK. Now select the second path and then the Details… button. You should see it using the other adapter’s IP on BOTH the local and remote hosts.
After many months away from the blog, I’m finally back. You guys/gals in EDU have powned my calendar since Hyper-V went RTM. I’ve decided to let all the stale Email in my inbox get staler (turns out that’s a word?) and get back to blogging, an activity I have been missing in my routine. I’ve no shortage of material given my extended blog absence, but I’m kicking off my return with a project. Minzilla
After a year of looking for someone who would consider giving me a netbook to “demo”, I finally cracked and bought one on my own dime after HP released the Mini 1000. It is the most stylish notebook to suite my tastes (PC or otherwise) on the market while remaining very functional. After doing a lot of reading, my biggest concern was actually not performance, keyboard/screen size, peripherals, or power, or drivers, it was longevity. Is it wise to buy a device that ships with max 1 GB of ram? That’s pretty low by my standards and really puts a device in the “getting too old to keep using” category for me, on day one. I’d frown on anything with less than 6 cores and 16 GB ram for a primary laptop in 2009, even if nothing is shipping with those specs as of yet...
Then I started finding forum discussion of upgrading the devices, and I became encouraged. For the price (about $520 shipped), why not try to pick one up and customize it as a secondary laptop? Mod it a little to beef it up? Then I watched the PDC video regarding Win7 and I knew I would want a Netbook for testing, so hear I am, blogging on a Mini.
My assumptions are:
Wave One Upgrades:
Back of my brain thoughts:
This gives you a relative comparison for the size of the Mini. First, sitting next to our family TouchSmart. That is the 22” TouchSmart, not the big 25”. Next, a photo comparing the full size keyboard from the TS with the more compact keyboard on the Mini. As you can see, the layout is strikingly similar without major sacrifice.
Quick tip - I've been a Franklin-Covey user for many years now. I might not have survived college without it faithfully by my side. I learned through their training to use the priority method of assigning things based on have to, need to, want to, or whichever terms you would like to apply. I then go through and assign a number to each of those tasks and work through them in order. Aaah, chaos controlled...
Well it has been driving me crazy that although I could use categories in Outlook or the priority field to group my tasks, I had no way to assign a custom rank. Neither start date, due date, nor alphabetical order is always the best sorting method. I prefer to do it the hard way I guess.
With the help of a specialist on my team I found how to add a custom column. Actually quite easy. First, collapse any tasks you have in the to-do bar and right-click within the white space and select Properties. You should have no problem on your own clicking Fields and then creating a new custom property. I chose to call mine "order" The tricky part is how to have the column appear in the to-do bar.
Click on Other Settings and then look for the field below. Uncheck the box to use compact layout and select the radio button for "Always use single-layout". You will then be able to customize which columns appear on your to-do list. Unfortunately, if you resize the to-do bar your columns will adjust widths so you may need to break one habit in sacrifice for another.
This scenario comes up frequently and I want to show exactly how the process works. The concern I have heard is from Universities that wish to provide an image to a remote department and for whatever reason the KMS is not an option. In most cases the KMS will work but there are examples of departments that are not well connected and have fewer than 25 machines or they consistently work off campus and the machines do not connect in for more than six months, etc.
So you want to provide the image to a remote department but you are concerned about exposing your MAK? No problem, while you cannot encrypt the key in the answer file you can store and protect the key in your image. The key point of understanding is which setup pass you select for storing the key in your answer file and when you use it. Let's take a look at the documentation for the ProductKey attribute in the unattended reference guide:
ProductKey ProductKey specifies the product key to apply for each unique installation of the Windows operating system. There are two Product Key settings you can configure. Use this ProductKey setting to specify the Windows image to install during Windows Setup. This product key specified by this setting is stored on the computer after installation. If you choose to activate Windows, this product key will be used. Use the ProductKey setting to specify a different product key to activate Windows. For example, you can specify one product key to install Windows with the ProductKey in Microsoft-Windows-Setup component, and then specify a different product key to activate Windows with ProductKey
ProductKey specifies the product key to apply for each unique installation of the Windows operating system.
There are two Product Key settings you can configure.
This translates in System Image Manager to whether you store the key in pass 1 (Windows PE) or 4 (Specialize). They key you store in pass 1 will be used for the install but would not be retained through a sysprep. However, you can set the key in pass 4 and it will be retained even through a sysprep, until the machine has been activated. However, the key will not be shown in clear text within the cached answer file, it is protected within the OS.
System Image Manager: Pass 1 - Setup - User Data - ProductKey - Key Pass 4 - Shell Setup - ProductKey
System Image Manager:
Pass 1 - Setup - User Data - ProductKey - Key
Pass 4 - Shell Setup - ProductKey
Once you have created your answer file, use it when running setup to build your base machine. You would not just provide the answer file to the department or leave it stored in the image. When you are ready to build a workstation to create your custom image, boot off the Vista DVD and make sure the answer file is stored on removable media (floppy, USB key, etc) so it will be used during setup. Do not activate the machine yet. Once you have your customizations complete, run sysprep (possibly specifying another answer file for future OOBE) and after the machine shuts down use imagex.exe to capture it.
Even though the machine has been syspreped, the ProductKey is stored securely in the image. It is not displayed in clear text as you can see below but is retained as I demonstrate in the screenshot using slmgr.vbs. If you provided the key during pass 1 of setup, this would not be the case.
Finally, one concern I have heard on this topic is how to prevent someone from using the image with the MAK stored in it even though they do not have permission (piracy). It's true you now have an image that you need to protect from broad availability. However, if a problem should arise where a department admin accidentaly exposes the image publicly, VA 2.0 can handle the issue without needing to reimage or rekey existing machines. The available activations for the embedded MAK would be changed to 0 and a new key would be issued for future use.
This may not seem all that interesting at face value but there are a LOT of people in higher education who have workstations that use public IP's. There is a secure way to connect to your machine remotely. Here's how to setup your Windows Vista workstation to accept new incoming VPN connections. This was also available in Windows XP but you have to know where to look in Vista to enable it.
Start - Network
Open the Network and Sharing Center
Click on Manage network connections
No using your keyboard, press Alt and select File or do an Alt+F to open the File menu and choose New Incoming Connection.
Approve the UAC prompt.
A new wizard opens to walk you through the process. First select who should have access.
Select how they may access the machine.
Select the protocols that should be available and click Allow Access.
The conclusion screen provides details. You can print the information if you need it.
Very nice, it adds a new icon on your Network Connections page.
If you view the properties dialogue you can manage the settings you choose in the wizard.
Out of those dialogues, these are the settings I found to be most interesting.
IOW, encrypt the connection and don't let the VPN connection interfere with connections from handhelds.
That's it, you now have a VPN connection available. To connect, setup a new VPN connection on your other workstation from the Network and Sharing Center.
Select Connect to a workplace.
Create a new connection.
Choose Use my Internet connection (VPN).
Provide the name or address of the machine you are connecting to.
Provide the username and password for the account you selected on the first machine. You may also need to provide the computer name as the domain name.
I choose to let the wizard go ahead and connect when finished.
The new icon on Network Connections shows the VPN connection. In the future you can right-click on this icon or use the Connect To button on the Start Menu.
On both machines you will be prompted to set the network profile. Work should suffice.
The connection and remote user appear on your host machine's Network page. If you right-click on the username, you have the option of disconnecting them from the host.
There is no add/remove programs or programs and features dialogue, so how do you remove applications?
Start by opening regedit and expanding to the section where all applications should publish their installation data (according to the Windows Application Compatibility Guidelines). If the application does not store data here, you will need to seek out additional support from the vendor.
In this case I’ll use the C++ Redistributable as an example but it could be any application. See the value “UninstallString”. Double click and copy the contents to the command line. This funny looking string of characters is the GUID for the application. Windows Installer will associate the value with the application and initiate the uninstall process.
A few questions have come up as to why when you go out to download Windows Server 2008 there is a "without Hyper-V" option. Further, if Hyper-V is only offered on the 64-bit version, why is there a "without Hyper-V" option for 32-bit?
The answer is not-so-complicated. Windows Server 2008 is offered with and without Hyper-V.
The 64-bit version with Hyper-V (no special notation in the download name) allows you to install Windows server and fully enable the Hyper-V role to create, manage, and host virtual machines. The option for "without Hyper-V" in 64-bit does not offer the role, so you cannot create, manage, and host virtual machines. This includes the administrative console. There is no Hyper-V admin console available in the "without Hyper-V" option, so you cannot create and manage virtual machines running on some other server that has Hyper-V.
The 32-bit version with Hyper-V (no special notation in the download name) does not allow you to host virtual machines because Hyper-V can only be installed on 64-bit hardware, but it does include the administrative console so you can create and manage virtual machines on some other server that is 64-bit and has Hyper-V enabled. The option for "without Hyper-V" in 32-bit does not offer the role, so there is no admin console available to manage another server.
One more detail to know - there is no way to upgrade from "without Hyper-V" to the version with Hyper-V.
The documentation for volume activation 2.0 has been updated today for Server 2008. You can find it here:
Running KMS on Server 2008 is functionally very similar to running it on Vista RTM. You leverage slmgr.vbs to bring the service online and then clients find the server based on the DNS srv record. BTW, Server 2008 KMS can be run within a virtual environment.
There are online videos to understand volume activation and how to setup a KMS host if this is all new to you. See the links below.
Setting up KMS - http://go.microsoft.com/fwlink/?LinkId=104718 VA overview - http://go.microsoft.com/fwlink/?LinkId=104707
If you want to know which volume license keys to use when activating new machines running Server 2008, see page 19 in the Planning Guide and the FAQ. You only need to put one key in your KMS, and it will handle requests from both Vista and Server 2008. There are separate keys, and unique keys based on which version of server you need to activate. Before you get excited - this is much easier to understand than it might first seem. Simply decide the "top" version of Server 2008 you might install and then use that MKS key to activate the service on a 2008 server. All versions in groups below that version will also activate off that key. The groups are simple.
The groups are named "C, B, A, and Client" respectively. So if you want to activate Server Enterprise, Standard, and client machines, just use your B key to bring the KMS online and the work is done.
The other major change from KMS 1.0 is that in order to activate servers you only need 5 machines online, vs. 25 to activate clients. The client activation still only comes online after you have 25 machines activating, but servers will begin activating after 5. The 5 do not have to be all servers. I mentioned above that KMS 2008 can be run in a virtual environment, which is a change from KMS 1.0. The client requirements have not changed, they can be physical or virtual but only the physical count towards your initial 5 or 25.
Just in case you missed the link above, the table listing which versions of Windows are in each tier is up to date on this page - http://www.microsoft.com/licensing/resources/vol/ActivationFAQ/default.mspx See - Are there any changes with Windows Server 2008 keys?
Last, there is also an MAK for Server 2008 just as there was for Vista, and it works much the same way. The key tiers for MAK are relative to the same groupings as KMS, but differently from KMS they do not support the groups under them. So you will have an MAK for Vista, and an MAK for Server Web, Server Std/Ent, and Server DataCenter/Itanium respectively.
Just wanted to add a note on adopting this for Server 2003. Server 2003 installations will continue using the VLK as they have in the past, but will get an update for being a KMS host that can activate Server 2008 and Vista. It will then have support for the tiered keys I mention above. Look for this "KMS 1.1" update in the coming weeks. It will also support running in a virtual environment.
I just learned something new about Vista. I've noticed there was an empty space on the system tray but didn't understand why. It's a divider between system applications and 3rd party apps with systray icons.
Windows activation is simple and straightforward if you understand the components. I have had a few customers that stumbled when getting a KMS online and in every case it has been an issue with name resolution, network connectivity, or they simply did not understand how to use the keys. Activation is designed to help you with deployments and sustain your environment even in the event a key gets lost. KMS is the simplest of all the activation methods because you only need to worry about putting a key in one machine. You can then deploy new machines without having to ever worry about keys unless your device will be off the network for more than 6 months.
This is the first of a two part series to break down KMS troubleshooting in to a process that should help identify exactly what is at fault. I don't want to mislead or instill fear to those who are just starting out - the process is normally simple by design. However, for those who have run in to trouble, I'd like to publish a guide that will help you isolate and correct the issue you've encountered without spinning your wheels. Part 2 will be published next week with a focus on troubleshooting the server.
Let's assume you are a consultant from outside the organization and you know nothing about the environment, server or workstation. The first thing you'll want to do is understand how the client was built. It is possible the machine is retail or OEM, and neither of those use KMS for activation. Any of the "Home" versions, Basic, Premium, or Ultimate, are retail builds and do not use volume licensing methods at this time. Windows XP observed the same rules, neither XP Media Center or XP Home Edition were not capable of using the VLK. If you are using the OEM media such as a recovery DVD you would see the machine come online "pre-activated". This is a result of a marker in the BIOS that corresponds with the OEM media. Note: if this marker is not present, such as the case of "naked" OEM workstations, then KMS is not an option for activation. So we are assuming the machine was built using volume media and is capable of being a KMS client. You can test this to be sure by running a the command line and looking for the Name and Description. Right click on the command line icon on the start menu and select "Run As Administrator". Then type -
c:\windows\system32\cscript slmgr.vbs -dlv
My machine returned this output, I replaced any sensitive data with <>:
Software licensing service version: 6.0.6000.16386Name: Windows(TM) Vista, Enterprise editionDescription: Windows Operating System - Vista, VOLUME_KMSCLIENT channelActivation ID:<>Application ID:<>Extended PID:<>Installation ID:<>Partial Product Key:<>License Status: LicensedVolume activation expiration: 259060 minute(s) (179 day(s))
Key Management Service client information Client Machine ID (CMID):<> DNS auto-discovery:<> KMS machine extended PID:<> Activation interval: 120 minutes Renewal interval: 10080 minutes
This also provided some insight in to resolving the KMS name. If no server name is given for the "DNS auto-discovery" field, you already know there is an issue. This may also occur if you did not run the command prompt as an administrator.
Next you will want to ensure you are able to contact the server. In the same command prompt, run some basic diagnostics to ensure you are able to resolve names and that you know which DNS servers/zones your machine is querying.
Retrieve your networking details, specifically the default DNS suffixes and search order -
My machine returned this output, I replaced any sensitive data with <> and am including only the first section:
Windows IP Configuration
Host Name . . . . . . . . . . . . : migreene-nc8430 Primary Dns Suffix . . . . . . . : <> Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : <> System Quarantine State . . . . . : Not Restricted
I am assuming you know/understand basic network connectivity troubleshooting and will be able to diagnose any of those issues should they exist. The address should be valid, ping the DNS server, ping the local hostname, etc. Take note of the Primary DNS suffix such as "domain.edu" and the DNS Suffix Search List. If the wrong name is given, you know there is an issue with addressing and the wrong suffix is being assigned. If no name is given, there may be an issue or it is possible that no suffix is being given and the environment is relying on the DNS server to resolve FQDN's. If you are not providing a DNS suffix to clients either manually, via the domain, or via DHCP, you will want to hard-code your clients to the KMS.
This next step is as important as the first. Make sure the client can retrieve the SRV record. You may even find this step should be taken first, and then work backwards once you know that DNS is in order. In this case I have given an example, "servername.domain.edu". If you were actually troubleshooting you would use a known hostname, or the KMS hostname -
This tells you which DNS server your client is querying and whether it is responding. You should have returned a valid IP. If not, you now know the issue is on your DNS server or client configuration. Now query for the SRV record while still in nslookup -
Non-authoritative answer:_vlmcs._tcp.<> SRV service location: priority = 0 weight = 0 port = 1688 svr hostname = <>
<> internet address = <>
If you are not able to resolve this SRV record, and you have not hard-coded a client to a KMS, the machine will not have enough information to find a KMS and activate. If you need to publish an SRV record manually to an existing forward lookup zone, instructions are published here -
KMS Publishing to DNS
Finally, it is a good idea to attempt an activation manually to see if any actionable error messages are returned. The command line can be run from the same elevated command prompt -
c:\windows\system32\cscript slmgr.vbs -ato
The result should be -
Activating Windows(TM) Vista, Enterprise edition (<>) ...Product activated successfully.
If the activation fails, you may get actionable feedback such as notification that the KMS does not have at least 25 active clients, or the record could not be found in DNS. If an error code is returned you can find more information by running -
c:\windows\system32\slui.exe 0x2a 0x<error code>
If everything appears to be working on the client but the machine will still not activate, the issue may be some type of failure within the imaging process. For best results, sysprep should always be used when an image is being created for the purpose of deployment. One other possibility is the case of a "naked pc". If the machine was acquired from an OEM and did not have Windows installed, you should leverage MAK for activation instead of KMS. Windows volume licensing requires that the OS come from the OEM, and then an upgrade is performed to volume media for mass distribution via imaging. Key Management Service is not available if the machine was originally sold as "naked". My recommendation would be to use MAK and distribute it through either your image or the VAMT.
You may find other faults at the workstation level. For example, if there was a host based firewall preventing outbound traffic the client would not be able to contact the server (port 1688). It's also possible that some drive "freezing/thawing" tool is resetting the machine to a state before activation. New versions of such tools should allow exceptions for activation just as they would have been allowing for other OS components.
I can't possibly list every potential obstacle here but if I have missed something you faced and resolved through some other workflow, please let me know and I will post an update. Remember, on any new machine you have 30 days plus 2 -rearms using slmgr.vbs for a total of 90 days to bring a new install online, and for existing KMS clients you have 6 months to resolve any new issues. This provides a large window for troubleshooting and resolving any client-side difficulties you might encounter.
Once a KMS is online, you can resolve the name, and connect to it, it really does make imaging simple. There is no longer a need to contact licensing administrators to find a key or store it somewhere in a file. You can simply roll out new installations and by default they will look to the KMS and activate without the user or deployment specialist ever needing to worry about keys or activation. Above all, remember that volume activation was designed to create a process for remediation when a volume key is lost, without needing to redeploy existing machines.
I travel a LOT and find myself in 2-3 time zones per week. In Vista, a user could change time zones without elevation but it was nearly impossible to automate the process. Windows 7 includes a command line utility to make time zone change automation a trivial step.
I authored the attached gadget as a simple way for me to swap time zones when travelling. I have since grown dependant upon it so I wanted to post to the blog to share with others and so it never gets lost… :-) Note: if it downloads as a (dot)zip file just rename it to (dot)gadget.
The coding is simple (possibly too simple to the point of redundancy). I just call tzutil.exe and pass a time zone. If you are in Arizona or Indiana, you may want to tweak things a little to account for the daylight savings time exceptions in those states. You could also just click the “wrong” zone.
In case you are interested in tzutil.exe and do not have a Win7 machine handy, here are the options.
Windows Time Zone Utility
Usage: TZUTIL </? | /g | /s TimeZoneID[_dstoff] | /l>
Parameters: /? Displays usage information.
/g Displays the current time zone ID.
/s TimeZoneID[_dstoff] Sets the current time zone using the specified time zone ID. The _dstoff suffix disables Daylight Saving Time adjustments for the time zone (where applicable).
/l Lists all valid time zone IDs and display names. The output will be: <display name> <time zone ID>
Examples: TZUTIL /g TZUTIL /s "Pacific Standard Time" TZUTIL /s "Pacific Standard Time_dstoff"
Remarks: An exit code of 0 indicates the command completed successfully.
and securely embed your MAK!
I've had several requests to document this since I posted the how-to on embedding your MAK in a custom WIM for departmental usage. The next logical step is to create your own DVD using this image. So if you haven't read my first article on this topic, now would be the time to go back and do so.
<edit - just a quick editorial note - although this does not expose your MAK in clear text, you should still be cognoscente of who you are trusting with an embedded key. See your licensing documents for more details.>
This operation is actually quite simple. Let's start out by assuming you have created a customized WIM by running setup and installing Vista on a workstation or VM, optionally using an autounattend.xml file on removable media, possibly including your MAK in pass 4 if desired. Run sysprep with OOBE and Generalize selected, shutdown, and finally capture the image either using ImageX or WDS. You could also automate the whole process, quite easily, using BDD (I did).
Next we leverage a tool that is conveniently provided with WAIK, named "oscdimg". This executable has been around for a long time as part of the OPK, and has for many years been a tool I keep handy. The process for building a custom DVD is very similar to creation of spanned media, so I recommend you also take a look at the article named "Create Spanned Media" in the WAIK User's Guide.
In addition to WAIK, we also need a Vista DVD image. Copy everything from the DVD in to a new folder, in my case I already had the files in my BDD deployment point.
Now, take your custom WIM image and rename it to install.wim. Copy or cut and paste this file in to the \Sources folder in the location where you copied your DVD.
Note: You can also specify the location of a custom WIM in an answer file using the "Install From" parameter. This way, you could point to a network location and use the original, unmodified Vista DVD.
Note: You can also specify the location of a custom WIM in an answer file using the "Install From" parameter. This way, you could point to a network location and use the original, unmodified Vista DVD.
<edit> - After further testing and feedback from a University customer, I discovered that if you would like to embed the MAK, it is also necessary to delete the PID.txt file from \Sources folder you copy from the Vista DVD. Otherwise the default KMS client key will be injected and the MAK will be overwritten after the image has been applied. The result is the media will prompt for a key but if none is provided and the user selects "Next" and then "No", the embedded MAK will be used.
Now open a command prompt as Administrator and execute the following command. This will initiate the process of building your ISO using the etfsboot.com file to make the image bootable.
C:\Program Files\Windows AIK\Tools\PETools>oscdimg -n -m -b"c:\program files\windows aik\tools\petools\x86\boot\etfsboot.com" "<location where you copied the Vista DVD>" "<location and filename where you want the new DVD image>.iso"
If all went according to plan, you should see the following operation complete successfully. Typically if I have an error it was a bad keystroke or I left a backslash (\) at the end of the string for "location where you copied the Vista DVD". BTW, that's the root folder where you copied the DVD where setup.exe is located, not the \Sources folder.
You can now boot a VM from the ISO to test or burn it to disc and boot a workstation from it. Note than any pass 4 settings that you applied during setup using an answer file on the original machine where you captured the WIM will be retained in the cached c:\windows\system32\sysprep\panther\unattend.xml. If you followed the instructions from my first article, that file would at minimum include your MAK which would now be stored securely within the WIM file on the DVD.
Of all the "tricks" Vista has available, there is one I use the most frequently and appreciate more than any other. That is resizing text.
I originally found this trick on Techlog.
I do not have perfect eyesight. I can focus on far away things or close things, but my eyes strain more than usual when making the transition. This makes my eyes very tired by the end of the day. So when I am still crunching through Email at 8pm, it doesn't matter how much coffee I drink, my eyes still hurt when staring at small text on my high resolution laptop.
Here's the fix, hold down the ctrl key and either role your mouse wheel up, or slide your finger up along the slider on your touchpad. Mine is on the right side and is indicated by a series of lines. This makes the text within the window larger. Now scroll down to make it smaller.
This trick works in an Email message, on web pages in IE, pretty much any readable text you can click on it and then make it bigger without actually changing your dpi setting or resolution. It also works on icons in Windows Explorer, or on your desktop. You can't resize text you are editing because then you would have no idea what it is going to look like when someone else opens it.
Remember this basic tutorials that Macromedia used to put out so new users could get up to speed quickly? I've been looking for something similar on Silverlight. I found it.
Simple, short, well written. It took a matter of minutes to get the basic concepts down and go create something. I rebuilt my banner in Silverlight just for kicks.
Spend a few minutes and you immediately start to see why this deserves so much attention. The project seamlessly moved between tools as opposed to being a foreign multimedia object and trying to code around it.
One item in the volume activation step by step guide that is a bit confusing is the method for moving a Vista machine that is currently using the MAK back to being a KMS client.
Convert a client using MAK Activation to use KMS Activation
The instructions are easy to follow, you use slmgr.vbs and the extensions "-ipk <setup key>". No problem! Wait. Setup key?
If you search the document for pid.txt you will find a section titled Product Key Considerations. In the section the paragraph contains:
"Volume editions of Windows Vista default to KMS-based activation and do not require a product key to be entered during setup. Windows Vista Volume License editions use a specific pre-defined setup key in the sources\pid.txt file."
"Volume editions of Windows Vista default to KMS-based activation and do not require a product key to be entered during setup. Windows Vista Volume License editions use a specific pre-defined setup key in the sources\pid.txt file."
That is the setup key referenced by the example. So if you open .\Sources\pid.txt on your Vista volume media, you will find a generic product key that is used for your installations by default. That key tells the machine to become a KMS client, and is what should be used in the operation where <setup key> is given. You can use it for any of the volume media installations where you were using MAK and want to convert back to being a KMS client.
If it was just that easy... Mobile devices in Education is something that we really do feel passionate about across my team at Microsoft. Trying to find the right devices, and the right solutions, to provide value to the educational environment such that they are empowering tools for learning. In many cases that means also changing perceptions. On my team we have one person dedicated to mobility in Education but there are several of us who are sort of peripherally tied to the conversation as it bridges to unified communications, or in my case things like UMPCs.
I saw on Technorati that Tom Jackson linked to my Server 08 post. That lead me to a link he posted pointing to Robert Scoble's kyte.tv site and an interview he did recently with Prof. Elliot Soloway. After you open the site click on the thumbnail "Teacher of The Year Part 1". This is a conversation regarding how mobile devices can benefit Education, the changing perceptions, and possible patterns that will lead to integration. How better to start your weekend then a to get your mind churning on a fascinating and important issue?
Link directly to the kyte.tv site
The Office team has released a lot of new content to help students/teachers to kick off the school year. This includes a slew of templates and content for office applications as well as training and tools that "Educationalize" the Office platform.
Inside Office Online blog : School bells are ringing
For more information, see the Office for Education website - http://office.microsoft.com/en-us/suites/FX102294021033.aspx
PS - Blake, here you go buddy!
There are many bloggers/journalists actively discussing Windows Live publishing out several new free tools this month. So what? Well these tools will be available through WSUS which many schools already have in place, so deployment is very low-cost. There is also a big "so what" across what the applications have to offer.
These tools are interesting to education, especially in labs where a teaching exercise may include collaboration, digital media, how to check Email, and/or blogging. This may also be of interest for pre-loading student 1-1 laptops with free tools including Live Family Safety for parents to apply filters and create a safer browsing environment, in addition to the Vista parental controls.
So what would you get? I've taken a recent post from the Microsoft Update team and retro-fit their bullets below.
Windows Live Messenger - Instant messaging client which includes integration with Xbox Live, Yahoo, PC-to-PC webcam calls, sending Text Messages, and File Sharing. Windows Live Photo Gallery - Tool for editing photos and organizing and sharing photos and videos. This program expands and improves on features available in Windows Photo Gallery (part of Windows Vista), and works on either Windows XP or Windows Vista. Windows Live Mail - Free tool for checking Hotmail and other Email accounts, as well as Newsgroups and RSS. Windows Live Writer - The tool I use nearly every day for posting to this site. You can automatically import the style from your blog so the environment where you write looks/feels as it will appear online. It is also great at managing your drafts, old posts, and has an online gallery of plug-ins for integrating with other applications. Works great with popular blog platforms including Live Spaces which students can use at no cost. Windows Live Family Safety - Adapts your computer so parents have even more control than what's offered in the Vista parental controls, and adds parental control to XP. With Family Safety you can set rules on what web sites your kids are allowed to access, who they can chat with in Live Messenger, and who they can add as friends to their blog in Live Spaces. Windows Live Sign-in Assistant - Installs in the background so you can take advantage of single sign-on across all the tools without always being prompted for a username and password. Windows Live Toolbar - Installs a toolbar within Internet Explorer to add search functionality for websites and your desktop, search online maps and directions, weather, photos, and helps alert you to online phishing scams as you browse. Works with IE6, XP, and with Vista.
Windows Live Messenger - Instant messaging client which includes integration with Xbox Live, Yahoo, PC-to-PC webcam calls, sending Text Messages, and File Sharing.
Windows Live Photo Gallery - Tool for editing photos and organizing and sharing photos and videos. This program expands and improves on features available in Windows Photo Gallery (part of Windows Vista), and works on either Windows XP or Windows Vista.
Windows Live Mail - Free tool for checking Hotmail and other Email accounts, as well as Newsgroups and RSS.
Windows Live Writer - The tool I use nearly every day for posting to this site. You can automatically import the style from your blog so the environment where you write looks/feels as it will appear online. It is also great at managing your drafts, old posts, and has an online gallery of plug-ins for integrating with other applications. Works great with popular blog platforms including Live Spaces which students can use at no cost.
Windows Live Family Safety - Adapts your computer so parents have even more control than what's offered in the Vista parental controls, and adds parental control to XP. With Family Safety you can set rules on what web sites your kids are allowed to access, who they can chat with in Live Messenger, and who they can add as friends to their blog in Live Spaces.
Windows Live Sign-in Assistant - Installs in the background so you can take advantage of single sign-on across all the tools without always being prompted for a username and password.
Windows Live Toolbar - Installs a toolbar within Internet Explorer to add search functionality for websites and your desktop, search online maps and directions, weather, photos, and helps alert you to online phishing scams as you browse. Works with IE6, XP, and with Vista.
There are more where this came from. Check ideas.live.com for other interesting tools. Did you know you could share your desktop with someone for remote collaboration or support, for free? Did you know students can store their files online for free? There are a plethora of tools available and more coming that together can empower classrooms even though they are offered at no cost and support a very low cost of deployment.
Spotted last week while we were in Seattle. I did not actually see this sign but a friend of mine saw the guy and unfortunately didn't have any money to give him.
If anyone has a photo, please post.