Blog du Tristank

So terrific that 3 of 4 readers rated it "soporific"

Browse by Tags

Related Posts
  • Blog Post: TmgAdConfig (aka ADConfig, ADConfigPack)

    To avoid you tearing your hair out trying to find it: The tool TMGADCONFIG .exe is included in the ADCONFIGPACK .exe download, available from this location , which extracts to the Program Files(x86)\Forefront TMG Tools\ADCONFIG folder by default. I was chasing it down with great vengeance and furious...
  • Blog Post: ISA Server 2006 TCP Retransmits

    Health Checks I perform ISA Server Health Checks for Premier Support (via Premier Field Engineering) as part of my role. I’ve seen something a few times recently that I thought it might be helpful to call out, while poking around in the Performance Monitor TCPv4 counter area. The Problem ...
  • Blog Post: ISA Server and RADIUS: Two Domains And No Trust, But This Time ISA's A Member Of One

    Following on from yesterday's post where the ISA Server wasn't a member of either domain , this time we're looking at how you'd configure a more seamless (eg, not prompted for credentials left and right) experience for the users in Domain A, while making the poor users in DomainB provide their credentials...
  • Blog Post: Slow DNS = Slow Proxy (or: How To Skip Name Resolution)

    Today's tip: When your rules require any degree of name resolution (which typically means that an access, routing or publishing rule is filtered by some kind of computer or domain set), you're a slave to the speed of DNS' response, at least until the response is cached. ISA Server 2000 and ISA Server...
  • Blog Post: Netmon vs Chimney

    I recently encountered TCP Chimney for the first time in the wild. Short version: Chimney is an offload technology that allows the NIC to deal with up to X TCP connections, with any overflow being handled by Windows. All good: get the NIC dealing with more networky stuff, and reduce CPU use. Excellent...
  • Blog Post: Every Windows Admin Should Know: Template User vs Mr Nobody

    Raymond beats me to the punch (mine was going to be rant-i-er, but five times * as funny), on how the HKEY_USERS\.Default , despite having the word "Default" in the key name, isn't "The Default User" from which all others are initially spawned. It's possibly the most frequent misconception I've hit...
  • Blog Post: The Windows Defender Blog

    Finally , someone in marketing decided that a product name could be both functional and cool! Windows Defender has to be the best product name since, oh, um, Proxy Server 2.0. Sort of. The Antimalware team (I read it as "animalware" twice , curse my eyes) have just started blogging, so go check 'em...
  • Blog Post: ISA Server Product Team Blog : Blocking VML with ISA 2004 & ISA 2006

    The VML issue is still a hot topic in internal discussion. If you're an ISA Server admin, please take a look at the following information to help mitigate the risk: http://www.microsoft.com/technet/security/advisory/925568.mspx discusses a vulnerability in the VML parsing dll which can result in an unpleasant...
  • Blog Post: Vista Black Edition comments from the MMPC

    Matt McCormack, MMPC Melbourne (that is the most awesomely alliterative signature block I’ve seen for a while) comments on an amusingly ironic infection detection we’ve seen from MSE: http://blogs.technet.com/mmpc/archive/2009/10/20/vista-32-bit-black-hat-edition-2009-iso.aspx
  • Blog Post: TMG 2010 Service Pack 1!

    Missed this completely while working onsite for the last {forever}! TMG SP1 is here. There’s an X64 version for the Server and/or EMS, and a 32-bit version for just the MMC bits on computers you use to remotely manage the boxes. Installation Instructions Downloads: http://www.microsoft.com/downloads...
  • Blog Post: 401.3, you say? Not 403?

    You're running an IIS 6.0 website, and you have a virtual directory configured for anonymous authentication only (that is, you've un ticked Integrated Windows Authentication). Using a web browser, you try to access a file in that virtual directory. http://example.com/vdir/something.txt What's a web browser...
  • Blog Post: SetSPN improvements in Windows Server 2008! W00t!

    Update: Most recent SetSPN ramblings (short: use -S instead of -A). All this stuff is based on a prerelease (RC1) version of Windows Server 2008 and may change before final release. Cheques may not be honoured. I had a happy moment one night in India when the trainer for our IIS 7.0 TTT course...
  • Blog Post: Microsoft ISA Server 2006: Trial Software (RTM) Out Now!

    Yep, forget the RC - ISA Server 2006 is done , and the trial version is now available for download (requires registration)! The fully functional trial software offers you the opportunity to experience the new features and functionality of ISA Server 2006. The trial automatically expires 180 days after...
  • Blog Post: Is it time for you to reset your online identity?

    Lots of account hacking activity in the news recently. The Blizzard hack (via RPS) caught my eye because of some of the wording used to describe it: “Some data was illegally accessed, including a list of email addresses for global Battle.net users, outside of China. For players on North American...
  • Blog Post: Windows Defender Beta 2

    (The Product Formerly Known As Windows Antispyware) http://www.microsoft.com/athome/security/spyware/software/default.mspx Nice to see that the names are starting to swing back in favour of the fun and descriptive, rather than descriptive and descriptive (BitLocker not being called "secure startup...
  • Blog Post: Antivirus software on ISA Server

    There are two major classes of Anti Virus software (yes, I know I used one word above, it’s called SEO, okay?) that can be used on an ISA Server computer: ISA-integrated antivirus scanning products Regular desktop/server antivirus products The first category is the cooler of the two, and...
  • Blog Post: IAG – now available for Hyper-V

    Of all the things I could be doing right now, blogging is the one that won. Feel special? Procrastination, but with a helpful bent. IAG SP2 is now a VHD for Hyper-V Your mission, Jim, is to make that into a song. The most interesting “wow” moment I had today was reading that IAG (Intelligent Application...
  • Blog Post: TMG Large Logging Queue: No More SQL Lockdowns?

    What you say!? The new logging system in TMG 2010 is seriously cool, and it’s designed to cope with extended instances of SQL Server going away. Extended meaning multi- hour , but depending on disk space, it could be multi- day . Short Version There’s a good detailed description of it here ...
  • Blog Post: ISA Server 2006 on Windows Server 2008: Nup

    Update 6 May 2010: Hello! If you're reading this, it's now at least 2010, and the answer to your question is: the version of ISA Server that works on Windows 2008 is called Microsoft Forefront Threat Management Gateway 2010 . Also, it's exclusively 64-bit. ISA 2006 doesn't have a 64-bit flavour (though...
  • Blog Post: Hyper-V Saved State to Memory Dump conversion

    I was wondering if something like this existed to help with a malware infestation I was looking at. And yes! It does! Via Doug : Take a virtual machine that you want to do some kernel level spelunking on. Rather than going into the guest and generating a kernel dump by one of the usual methods, take...
  • Blog Post: The Cat's Out Of The Bag: ISA Server will become ForeFront TMG

    So, we all know that ISA 2006 doesn't work on Windows Server 2008 . Massive architectural changes to the IP stack, blah blah, etc, etc. People (uh, yeah, just "people") have been asking about what's to become of ISA Server for a while: "There's no ISA 2008 announced!" they'd scream...
  • Blog Post: I want to publish a website to the Internet. How do I enable Kerberos?

    Ya don't. You can't win. But there are alternatives to fighting. Why Not? Windows Kerberos doesn't work in an Internet scenario, it's intranet-only. the client machine must be a member of the same Active Directory forest as the target site. You just can't guarantee (or even reasonably...
  • Blog Post: KDC_ERR_BADOPTION when attempting constrained delegation

    Hit this earlier while working with someone else on a Kerberos delegation problem. All the SPNs looked right and were registered against the right accounts; all the App Pools were Network Service; from what I'd been told, everything should have been working... but wasn't. More troublingly, it had been...
  • Blog Post: More on The Client Menace and Authentication

    A comment from my diatribe about keyloggers from DoofusDan inspired more words (and unfortunately for this time of night, ideas) than I was comfortable putting in the comments section, so a new post was warranted. Numbers are key points I'd like to try to address. Re the certificate solution you...
  • Blog Post: WPAD via DNS and ISA Server (or TMG, for that matter)

    Just a reminder that WPAD is a special blocked keyword after recent DNS Server security updates. This prevents sites with an unconfigured WPAD entry from allowing devolution beyond their own level. The symptom you see most often might be that when you first configure a WPAD entry, Internet Explorer...