Blog du Tristank

So terrific that 3 of 4 readers rated it "soporific"

Browse by Tags

Related Posts
  • Blog Post: Two easy ways to pick Kerberos from NTLM in an HTTP capture

    When tracing authenticated HTTP traffic, you'll often see a Windows client use the Negotiate protocol to authenticate itself to a Windows web server. In the past, I've surprised my friends and amazed casual onlookers by being able to instantly surmise which authentication protocol was actually in...
  • Blog Post: Windows Server 2003 SP1 Automatic Updates Blocker

    Like XPSP2 before it, Windows Server 2003 Service Pack 1 is going to be distributed via Automatic Updates. The start date for automatic updates is July 26, 2005 . If you'd rather move at your own pace over the next year, you'll want to look at the Blocking Toolkit , and the following information...
  • Blog Post: New Feature: RDP over SSL with Windows Server 2003 SP1

    Release Candidate 2 for Windows Server 2003 SP1 is available to test from microsoft.com, which means RTM can't be that far away! A new feature in SP1 (at least, present in the RC2 build of SP1) that's been causing some confusion is RDP over SSL - a new option for Terminal Services that should provide...
  • Blog Post: More on Sasser, IPSec Firewalls, and SMB

    I've had a couple of internal and external questions on the last post; rather than keep on flogging the earlier article , here's some more background information on how this all works. I've been known to be wrong before, so please yell if you spot any mistakes or overgeneralizations. Don't Be Scared...
  • Blog Post: Quickly* pinging everything on a subnet

    For when you don't remember that you set your wireless gateway's static IP to .253, and it's not showing up in the list of leases on the DHCP server (predictably, but it's not helping your memory, and it's not in the arp cache either...), and you need to reboot it using the web interface, all through...
  • Blog Post: ISA Server and RADIUS: Two Domains And No Trust

    A question from Ashok: I've been trying to find out if one can use RADIUS to authenticate web proxy clients on another domain that is not a member of ISA domain. So I have an ISA 2004 Std with SP1 on domain A, say, and then have another internal network which connects to domain B. The question...
  • Blog Post: TmgAdConfig (aka ADConfig, ADConfigPack)

    To avoid you tearing your hair out trying to find it: The tool TMGADCONFIG .exe is included in the ADCONFIGPACK .exe download, available from this location , which extracts to the Program Files(x86)\Forefront TMG Tools\ADCONFIG folder by default. I was chasing it down with great vengeance and furious...
  • Blog Post: IE7 Beta 2 and Flickering Redrawing Desktop Stuff

    Beta 2's been absolutely stunning for me, but suddenly today my desktop icons were going nuts (er, flickering) whenever I changed tabs, or switched between an IE and a non-IE window. I couldn't work out what was different at first, so figured it was probably an addin... after disabling all the add...
  • Blog Post: IIS6 Perf Tweak for Intranets

    Kerb authentication is performed at each request, rather than each connection. This can end up being a little top-heavy. 917557 FIX: You may experience slow performance when you use Integrated Windows authentication together with the Kerberos authentication protocol in IIS 6.0 http://support.microsoft...
  • Blog Post: Home Hyper-V Networking Gotchas

    Before the holidays, I bought myself an early present: a new quad-core box with 4GB RAM, which I was going to use for a home Hyper-V lab, so that I could run a bunch of 64-bit VMs as well as the 32-bit staples I’ve been using for years (SBS 2003, and a separate ISA Server box). I’d had Windows Server...
  • Blog Post: Custom Password Filters

    Back from holiday now, and almost over the jetlag. Almost. A question came up today about Password Filter DLLs , and the documentation always seems to be hard to find, so I've popped up a quick summary of everything I know here. Back In The Day of NT4, there was an optional component that Microsoft...
  • Blog Post: ISA Server 2006 TCP Retransmits

    Health Checks I perform ISA Server Health Checks for Premier Support (via Premier Field Engineering) as part of my role. I’ve seen something a few times recently that I thought it might be helpful to call out, while poking around in the Performance Monitor TCPv4 counter area. The Problem ...
  • Blog Post: ISA Server and RADIUS: Two Domains And No Trust, But This Time ISA's A Member Of One

    Following on from yesterday's post where the ISA Server wasn't a member of either domain , this time we're looking at how you'd configure a more seamless (eg, not prompted for credentials left and right) experience for the users in Domain A, while making the poor users in DomainB provide their credentials...
  • Blog Post: Slow DNS = Slow Proxy (or: How To Skip Name Resolution)

    Today's tip: When your rules require any degree of name resolution (which typically means that an access, routing or publishing rule is filtered by some kind of computer or domain set), you're a slave to the speed of DNS' response, at least until the response is cached. ISA Server 2000 and ISA Server...
  • Blog Post: Microsoft.com Operations on x64

    The Microsoft.Com Operations blog just posted about their experiences moving from x86 to x64 , most notably the increase in performance they achieved by doing this. The numbers are compelling: To give you a quick comparison: X86 ASP req/sec 7.85, Response time 244ms X86 ISAPI req/sec 110...
  • Blog Post: ISA 2004: Publishing a RADIUS Server

    Newsgroup question: I don't want ISA to actually do the RADIUS stuff, but I want to publish a RADIUS server (in Microsoft land, that's called IAS - Internet Authentication Service - if you're running Windows Server) behind ISA so that we can authenticate remote RADIUS clients. Poking around through the...
  • Blog Post: Netmon vs Chimney

    I recently encountered TCP Chimney for the first time in the wild. Short version: Chimney is an offload technology that allows the NIC to deal with up to X TCP connections, with any overflow being handled by Windows. All good: get the NIC dealing with more networky stuff, and reduce CPU use. Excellent...
  • Blog Post: PAE and VMM... For Parky

    Well Parky, you asked , so I'm going to try to answer! The way I think about PAE is that it kinda works a bit like a stonking great in-memory pagefile might. It doesn't change the game for 32-bit applications, but it does give the OS more headroom to manage them. Without PAE, any memory over 4GB...
  • Blog Post: Every Windows Admin Should Know: Template User vs Mr Nobody

    Raymond beats me to the punch (mine was going to be rant-i-er, but five times * as funny), on how the HKEY_USERS\.Default , despite having the word "Default" in the key name, isn't "The Default User" from which all others are initially spawned. It's possibly the most frequent misconception I've hit...
  • Blog Post: Post-SP2 TCP Offload Fix

    I've mentioned Chimney before . Now, a new Windows Update fix for TCP Offload, which turns it off . It was on by default in Windows Server 2003 SP2, so if your NIC supported Offload, or RSS, or that other thing I can never remember, it was enabled. But: we (PSS we) typically turn it off as a first troubleshooting...
  • Blog Post: KB Highlight: Connectivity Problems with MS05-019

    There's a KB article that pretty much covers it: http://support.microsoft.com/default.aspx/kb/898060/ . For my money, a really good KB article, with detailed symptoms that allow you to quickly diagnose the problem from a network capture. MS05-019 was re-released this month, and the update contains...
  • Blog Post: The Windows Defender Blog

    Finally , someone in marketing decided that a product name could be both functional and cool! Windows Defender has to be the best product name since, oh, um, Proxy Server 2.0. Sort of. The Antimalware team (I read it as "animalware" twice , curse my eyes) have just started blogging, so go check 'em...
  • Blog Post: Some Useful ISA Tools

    Susan 's really firing on all cylinders at the moment (I heartily recommend subscribing to her blog even if you're not an SBS'er, as she covers pretty much everything), and posted about a bunch of useful "big land" ISA tools , including the long-awaited CacheDir equivalent for ISA 2004. Looks like...
  • Blog Post: Checking the ISA 2004 Version

    The ISA In SBS Blog has a tip on ISA 2004 version numbering that covers how to check SP1 is installed quickly through the MMC. For ISA Server 2004 Standard Edition, the RTM version is 4.0.2161.50. To round out the versiony goodness, Enterprise Edition RTM is 4.0.3439.50.
  • Blog Post: Get Involved with the ISA Server Community! (and win stuff!)

    ISAServer.org is (IMHO) the premier ISA Server community site, and they're running a competition in which you could win a signed copy of Tom and Deb Shinder's new book, Configuring ISA Server 2004 . There's a variety of ways in which you can enter (one of which is referrals to their site... um, OK, I...