Blog du Tristank

So terrific that 3 of 4 readers rated it "soporific"

Browse by Tags

Related Posts
  • Blog Post: Two easy ways to pick Kerberos from NTLM in an HTTP capture

    When tracing authenticated HTTP traffic, you'll often see a Windows client use the Negotiate protocol to authenticate itself to a Windows web server. In the past, I've surprised my friends and amazed casual onlookers by being able to instantly surmise which authentication protocol was actually in...
  • Blog Post: Windows Server 2003 SP1 Automatic Updates Blocker

    Like XPSP2 before it, Windows Server 2003 Service Pack 1 is going to be distributed via Automatic Updates. The start date for automatic updates is July 26, 2005 . If you'd rather move at your own pace over the next year, you'll want to look at the Blocking Toolkit , and the following information...
  • Blog Post: New Feature: RDP over SSL with Windows Server 2003 SP1

    Release Candidate 2 for Windows Server 2003 SP1 is available to test from microsoft.com, which means RTM can't be that far away! A new feature in SP1 (at least, present in the RC2 build of SP1) that's been causing some confusion is RDP over SSL - a new option for Terminal Services that should provide...
  • Blog Post: ISA Server and RADIUS: Two Domains And No Trust

    A question from Ashok: I've been trying to find out if one can use RADIUS to authenticate web proxy clients on another domain that is not a member of ISA domain. So I have an ISA 2004 Std with SP1 on domain A, say, and then have another internal network which connects to domain B. The question...
  • Blog Post: TmgAdConfig (aka ADConfig, ADConfigPack)

    To avoid you tearing your hair out trying to find it: The tool TMGADCONFIG .exe is included in the ADCONFIGPACK .exe download, available from this location , which extracts to the Program Files(x86)\Forefront TMG Tools\ADCONFIG folder by default. I was chasing it down with great vengeance and furious...
  • Blog Post: ISA Server 2006 TCP Retransmits

    Health Checks I perform ISA Server Health Checks for Premier Support (via Premier Field Engineering) as part of my role. I’ve seen something a few times recently that I thought it might be helpful to call out, while poking around in the Performance Monitor TCPv4 counter area. The Problem ...
  • Blog Post: ISA Server and RADIUS: Two Domains And No Trust, But This Time ISA's A Member Of One

    Following on from yesterday's post where the ISA Server wasn't a member of either domain , this time we're looking at how you'd configure a more seamless (eg, not prompted for credentials left and right) experience for the users in Domain A, while making the poor users in DomainB provide their credentials...
  • Blog Post: Slow DNS = Slow Proxy (or: How To Skip Name Resolution)

    Today's tip: When your rules require any degree of name resolution (which typically means that an access, routing or publishing rule is filtered by some kind of computer or domain set), you're a slave to the speed of DNS' response, at least until the response is cached. ISA Server 2000 and ISA Server...
  • Blog Post: ISA 2004: Publishing a RADIUS Server

    Newsgroup question: I don't want ISA to actually do the RADIUS stuff, but I want to publish a RADIUS server (in Microsoft land, that's called IAS - Internet Authentication Service - if you're running Windows Server) behind ISA so that we can authenticate remote RADIUS clients. Poking around through the...
  • Blog Post: Netmon vs Chimney

    I recently encountered TCP Chimney for the first time in the wild. Short version: Chimney is an offload technology that allows the NIC to deal with up to X TCP connections, with any overflow being handled by Windows. All good: get the NIC dealing with more networky stuff, and reduce CPU use. Excellent...
  • Blog Post: KB Highlight: Connectivity Problems with MS05-019

    There's a KB article that pretty much covers it: http://support.microsoft.com/default.aspx/kb/898060/ . For my money, a really good KB article, with detailed symptoms that allow you to quickly diagnose the problem from a network capture. MS05-019 was re-released this month, and the update contains...
  • Blog Post: The Windows Defender Blog

    Finally , someone in marketing decided that a product name could be both functional and cool! Windows Defender has to be the best product name since, oh, um, Proxy Server 2.0. Sort of. The Antimalware team (I read it as "animalware" twice , curse my eyes) have just started blogging, so go check 'em...
  • Blog Post: ISA Server Product Team Blog : Blocking VML with ISA 2004 & ISA 2006

    The VML issue is still a hot topic in internal discussion. If you're an ISA Server admin, please take a look at the following information to help mitigate the risk: http://www.microsoft.com/technet/security/advisory/925568.mspx discusses a vulnerability in the VML parsing dll which can result in an unpleasant...
  • Blog Post: Some Useful ISA Tools

    Susan 's really firing on all cylinders at the moment (I heartily recommend subscribing to her blog even if you're not an SBS'er, as she covers pretty much everything), and posted about a bunch of useful "big land" ISA tools , including the long-awaited CacheDir equivalent for ISA 2004. Looks like...
  • Blog Post: Checking the ISA 2004 Version

    The ISA In SBS Blog has a tip on ISA 2004 version numbering that covers how to check SP1 is installed quickly through the MMC. For ISA Server 2004 Standard Edition, the RTM version is 4.0.2161.50. To round out the versiony goodness, Enterprise Edition RTM is 4.0.3439.50.
  • Blog Post: Get Involved with the ISA Server Community! (and win stuff!)

    ISAServer.org is (IMHO) the premier ISA Server community site, and they're running a competition in which you could win a signed copy of Tom and Deb Shinder's new book, Configuring ISA Server 2004 . There's a variety of ways in which you can enter (one of which is referrals to their site... um, OK, I...
  • Blog Post: ISA: How To Publish Apple Remote Desktop

    Question : I'm trying to get Apple Remote Desktop to function through ISA Server. The standard definition of udp 3283 send/receive does not work. Any ideas? Answer : Assuming Apple Remote Desktop needs only the one port (based on this article it seems like that's the case), here's how I'd go about setting...
  • Blog Post: And the Windows Server 2003 x64 version is out there too!

    Versions of Microsoft Windows for AMD64 and EM64T are now available: Windows Server 2003: http://www.microsoft.com/windowsserver2003/evaluation/trial/default.mspx MSDN Subscriber Downloads have both versions available now, under Windows Server 2003 and under Windows XP Professional (not the SP2...
  • Blog Post: ISA 2000: Web Publishing a .Net Web Service

    There's no real trick to it, apart from the good old Web Publishing authentication part. Short version: Treat the published website exactly as you would a real web server, don't try to treat it like a proxy (submitting proxy authentication credentials is not the right way to authenticate when you...
  • Blog Post: What's a Private IP Address?

    Private IP addresses are defined in RFC 1918 (a very readable RFC, for my money, and quite short to boot). The RFC defines three ranges: 10.0.0.0 -> 10.255.255.255 (10.0.0.0/8 - an A class network in oldspeak) 172.16.0.0 -> 172.31.255.255 (172.16.0.0/12) 192.168.0.0 -> 192.168.255.255 (192.168...
  • Blog Post: ISA 2000: Handling Apps That Don't Like Proxy Authentication

    Quite often, we're faced with a situation where an application has its own Web Proxy client mechanism, and that mechanism has various issues, like: It doesn't support NTLM authentication, and only NTLM is enabled on the ISA Server It doesn't support more than one Proxy-Authenticate header ...
  • Blog Post: DNS Resolution for Internet-Facing Servers: Clingy

    NB Ahead of time, anytime I'm referring to a “primary” or “secondary” DNS server in this blurb, I'm referring to their relative positions on the client , not the “primary/master/secondary/slave/AD-integrated” mode of the server . You might have spotted that I spend...
  • Blog Post: ISA 2004 vs HTTP Compression

    Been a while since a dedicated ISA post, so Happy New Year to my ISA-focused readers! I spotted this post in my ISA Server watch list, from the new Port 80 Software blog. As they mentioned, we've published the mother of all KB articles on how the HTTP Filter in ISA 2004 behaves with compressed (Gzip...
  • Blog Post: ISA 2004 EE: UnicastInterHostCommSupport is enabled by ISA

    Quickie: When used to configure NLB for an array, ISA Server 2004 Enterprise Edition enables the NLB parameter UnicastInterHostCommSupport , available in Windows Server 2003 SP1 and later. This means that all other things being equal (eg, your rule set permitting it), two unicast hosts with NLB enabled...
  • Blog Post: SetSPN improvements in Windows Server 2008! W00t!

    Update: Most recent SetSPN ramblings (short: use -S instead of -A). All this stuff is based on a prerelease (RC1) version of Windows Server 2008 and may change before final release. Cheques may not be honoured. I had a happy moment one night in India when the trainer for our IIS 7.0 TTT course...