SSMS with Windows Authentication is problematic when using it in conjunction with a VPN. SSMS only uses the primary domain login (the local computer) and not the remote domain login (your authentication credentials from the VPN) to try to login. Because of this, you get the dreaded error “Login failed for user ‘(null)’. Reason: Not associated with a trusted SQL Server connection.”

This wasn’t a problem with the old Query Analyzer because it would automatically detect the right username and password to use even if you were connected to a VPN.

There are two ways around this.

1. In Windows XP, SHIFT right-click on the program and select Run As. Enter in your username and password for the remote domain.
2. Vista is a bit trickier since you can only select Run As Administrator. So I wrote a simple script that uses the command line runas program to work around it. The script appears below.

I’ve titled the script runassql.cmd.

runas /netonly /user:%1 “C:\Program Files\Microsoft SQL Server\90\Tools\Binn\VSShell\Common7\IDE\SqlWb.exe -S %2 -E -nosplash”

Usage is: runassql.cmd DOMAIN\username SERVERNAME.

Once you run the script, you’ll be asked for your password and then it should work.

Microsoft’s LogParser tool is hot. I’ve been meaning to check out this tool for a few months but I never had time until recently.

LogParser, which uses a SQL engine for its queries, can query a
impressive array of input formats. Some of those formats are IIS logs,
csv files, XML files, Windows Event Logs, the Active Directory, the
registry, the filesystem, and more! The output formats that it
generates are equally impressive. Those include GIF charts, datagrids,
direct import into SQL Server, XML, and more.

If that wasn’t enough, the tool is completely scriptable using JavaScript, VBScript, or C# and VB.NET.

Yesterday, I was just hacking around figuring out the syntax and today
I wrote a full blown script to query my Active Directory to retrieve
all of the server objects. Based on that record set, then I query the
Application and System event logs on each server looking for only
warnings and errors.

Here is a snippet of the code to select objects out of the Active
Directory. I’ve replaced my domain with the fictional contoso.com
domain:

I was reading Bink the other day and I came across this article that’s titled “”http://bink.nu/Article4619.bink">Ballmer: High-end Windows, Office Coming" (the source article is on CNET though).

According to the article, my favorite corporate mouthpiece Steve
Ballmer, said that “Microsoft is planning new, higher-priced versions
of both Windows and Office in the coming years as part of its effort to
grow sales.” In his speech at the Microsoft Financial Analyst meeting,
he went on to say, “We have
plans in the Vista generation to introduce an Enterprise edition.”

Why oh why does Microsoft do this? Go back and read the first quote.
I’ll wait. Back? Good. Do you see anything in there about the new
versions of Windows or Office benefiting their customer base? I didn’t
think so. Nowhere does it say anything about doing this for the
consumers. It’s all about increasing Microsoft’s bottom line. Consumers
don’t want a higher priced version of Windows and Office, they are high
priced as it is.

Out of the 52 comments that appeared in response to CNET’s article none, absolutely none, were positive.

This reminds me of the comic hey-day of the early 1990s. During that
time, comic companies like Marvel, DC, Image and others would release a
comic with 2 or three cover variations in order to increase revenue. I
don’t think that any of the consumers actually wanted this crap and
it’s one of the reasons that I stopped collecting comics.

Maybe good ol’ Ballmer can release a version of Windows Vista with a
foil embossed, fold-out cover that’s been personally signed by him.
That way they can increase revenue because people will buy two copies,
one to install on their PCs and one as a collectors item. That’s what the customers want!

Days after being released on MSDN, reviews for IE 7 Beta and Windows Vista (formerly Longhorn) Beta are coming in.

Two reviews that I especially recommend are Paul Thurrott’s review of Windows Vista B1 and Andrew Rondeau’s review of IE 7 B1. At the end of Andrew’s review, he lists some suggestions for the upcoming versions of IE (B2, RC, and gold). I agree with almost all of his points especially the “new tab button” comment. It does look like a bug and it is confusing.

One of the items that made me raise my eyebrows in Paul Thurrott’s review was the section on the new security feature title User Account Protection (UAP – formerly known as Least Privileged User (LUA)).

According to his review, once UAP is enabled the user gets prompted any time they “try to do something dangerous.” He goes on to say, “The sheer number of actions that trigger this dialog, however, is alarming. Virtually every single Control Panel applet makes it come up, for example, as does installing an application. And so on. It gets kind of tiring after a while.”

Notice something here? First off, in Beta 1, UAP is disabled by default. I hope that this doesn’t carry on to other versions of Vista. Second thing is, I have mixed feelings about even being able to disable UAP in the first place.

In Linux and Mac OS X, root is root and the other users are just users. People seem to understand this limitation feature and use the system as it was intended. If Vista gives the user the ability to disable UAP (especially in the face of countless warning messages) the first thing that they will seek to do is to disable the source of the messages (which is of course UAP).

The other thing that concerns me about disabling UAP is, if a user can do it, it’s probably not that much of a stretch that malicious software can do it too. I wonder how long we’ll have to wait before we see privilege escalation vulnerability in Vista.

Ok, I know that this is not hot-of-the-press news, but I’ve been a bit lazy in my blogging duties. Monad, Microsoft’s new command line interface, was supposed to debut in Longhorn. However, as recently reported

, it’s probably not going to make it in after all.

Now, I’m starting to wonder, as many out there surely have, what is it exactly that Longhorn will be anyway? It surely sounds like it going to be more like a “Window XP Version 2” instead of the powerhouse that was originally hyped to begin with. Why should consumers, and more importantly (to Microsoft) businesses buy Longhorn?

The PDC bits better blow our socks off.

In mid-February I was authorized to upgrade my seemingly dinosaur like work cell phone to a better more capable phone. My trusty Nokia 8390 had served me well but I was ready for more features, more power, and more capability. As I browsed Cingular’s site for a new phone my eyes came upon the Motorola MPx220 Windows SmartPhone. I had heard about Windows SmartPhones from Scoble (although he has a different model) and I was intrigued by the idea. I did a little bit of research on Windows SmartPhones and I fell in love with the idea; being able to sync with my Exchange Server from anywhere, writing little web apps for it, etc. So I decided to order it; that was the beginning of the end of my love affair with Windows SmartPhones.

First of all, Cingular is a pain in the ass. I truly believe that a good deal of their employees are complete asshats. First the phone was delivered to a “Carlos Santillan” at my office. My last name isn’t Santillan, hell that’s not even close, but it made its way to my desk so I didn’t really much care who it was sent to. The next mistake? The SIM chip had the wrong number on it so I couldn’t use it until they sent me a new one. It gets better; the replacement SIM chip got lost by dumbass FedEx (it still has yet to show up) so I had to go down to a Cingular store and demand that they give me a working SIM chip.

After the fiasco with Cingular was behind me, I was jazzed to use my SmartPhone. I think that lasted a whole 48 hours. The PDA like features of the phone itself were neat and the interface was pretty cool but it failed at its most basic primary function; a phone. I could barely hear anything out of the speaker. If I was in my car or anywhere where there was a little bit of background noise then I wouldn’t be able to hear anything. I would always have to answer the phone in a closet just to hear the other person.

I read that earlier versions of the MPx220 had this problem but it was supposedly resolved with a new version of the “firmware”. Unfortunately, in my case, this had no effect since my phone already had the latest “firmware”. Determined to own a Windows SmartPhone, I went to a local Cingular store to see if I could get a phone that worked. The sales lady put my SIM chip and battery into a brand new (like my phone wasn’t brand new) MPx220 and I had her make a call. She could barely hear the person on the other line. The low volume thing appears to be a notorious defect to these phones.

Considering that the only SmartPhone that Cingular sells is the MPx220, I would think that Microsoft would care not to sully their SmartPhone brand name and they would make Motorola figure out that people can’t hear using that phone.

Microsoft is developing a new shell called Monad or msh. I believe that originally this technology was slated to be deployed with Longhorn but you can actually use the beta now as long as you have Windows XP or Windows Server 2003 and the .NET framework 2.0.

The new msh has power of the *nix shells (bash and k) and much more. A typical *nix command might look like this “ls -a | more”. Where the text output of ls is piped through the more command. In the new msh, when you pipe the output of commands from one to another, you are actually piping .NET objects instead of text. These .NET objects have all their properties exposed to the new command. It’s pretty interesting. Here is a good introductory write up and some introductory videos as well (below).

• Intro video from MSDN.
• Monad explained from Channel 9.
• Monad demonstrated from Channel 9.

Last night, was our final farewell to our NT Server 4.0 domain. Finally, after years talking about it, we migrated our domain from NT 4.0 to Windows Server 2003 (and therefore Active Directory). The upgrade went pretty much as expected (thank god for that testing network) although it did take a bit longer to upgrade and format some machines than I had anticipated. Now it’s off to plan my next migration, Exchange Server 5.5 to Exchange Server 2003 (hopefully with a bridgehead server configuration).

Two weeks ago, we finally updated our Windows 2000 servers to Service Pack 4; all except for one, our main database server. The first time that I tried to install the service pack on that server, I got this nastly little message:

There are high end server monitoring packages out there that will track almost any type of perfomance counter that you can think of and most of them cost a pretty penny and have some learning curve. I’m not ready to commit to any of those packages at work yet but I still wanted to know when my servers (web servers in particular) started going haywire. Here is a quick, down and dirty way to monitor your Windows 2000 servers(probably works on Windows Server 2003 too but I haven’t tested it – note: I know that this method doesn’t scale well).

This requires 2 little apps. One is a command shell script and the other is a vbs script (in retrospect, I could have made a console C# app to do the same thing, but remember, I wanted, cheap, down and dirty. All of this code can be done in notepad).

All this code does it call the vbs script and pass command line parameters to it. I save this file in c:scripts and call it ActivatePerformanceAlert.cmd:

• Login to your server at the console
• Start the performance monitor
• Expand Performance Logs and Alerts in the MMC
• Right click on Alerts and select New Alert Settings
• Give the new alert a meaningful name like “ASP Requests Queued”, “Web Service Anonymous Connections”, etc. In this instance, I will make one for “Web Service Anonymous Connections”.
• Click the Add button and select a counter from the Performance Object. I’ll select “Web Service”, the site that I want to monitor (this only exists if you have multiple sites on the web server), and then select “Current Anonymous Users”.
• Usually you want to know when Anonymous users have grown past an expected limit so select “Over” in the drop down menu listed “Alert when the value is”
• In the “Limit” box enter the measured value that you want a notification if that number is exceeded. For example, if you want to be notified when your Anonymous Web Users are over 90, place the number 90 in the box
• Select a sample rate interval. You can select in seconds, minutes, hours, days. Select a realistic limit. Too low of a number (2 seconds per se) and your inbox will be flooded with these emails as long as the alert persists (it also may degrade server performance further compounding the issue at hand). For my example, I will select 5 minutes.
• Click on the Action tab
• Select the following, “Log an entry in the application event log”. I do this just in case I want historical information and then select “Run this program”.
• Enter in c:scriptsActivatePerformanceAlert.cmd in the box
• Click the command line arguments button and remove (and this is important) the check mark from “Single Argument String”
• All other boxes are checked except “Text Message”
• Click ok twice and you will be back at the alerts menu
• If the alert has a red icon next to it, right click on the alert and select “Start”

I found this Windows Networking site and thought it woud be handy to pass along. A lot of good stuff in there.

Well my domain is complete for now. In order to get Exchange working I had to visit the voodoo god Obatala and learn the dark ritual arts which were then performed on the Exchange Server. Actually, I just blew away my domain controller and started over again, but it didn’t sound so interesting saying that. Turns out that the DNA evidence against ForestFucker was not as conclusive as I thought and he was cleared of all charges. The actual prime suspect is the Active Directory Connector which I’ll call The Active Directory Hoser. The things that it did to the Active Directory shall not be spoken of here since it will frighten small children and big children too.

In other news, I got a PPTP VPN server up and running behind my Linksys router with NAT running. All you have to do is forward port 1723 (UDP and TCP) to the VPN server and make sure that you downgrade!? your firmware to 1.44.2. As to why it doesn’t work with a newer firmware is anyone’s guess. Regardless, I’m happy because I get to close off port 3389 (Remote Desktop) to my super-dooper-wonder-workstation.

My work had this old Proliant 6000 server tucked away in the basement after we decided that it wasn’t worth putting it in a rack so I decided to give it a home lest it be used for Server Wars.

For the last 2 days, I’ve been attempting to install the NIC drivers for this beast on Windows Server 2003. Going to HP’s site, I saw that all models of the 6000 were supported and used the same driver, but naturally it doesn’t work that way. I tried this file, this file, and even this file. Naturally, nothing worked. Finally at this late hour, I noticed that the dual 400Mhz models uses a Netelligent 10/100TX UTP PCI Controller instead of the NC31xx Fast Ethernet. For some reason they don’t have those drivers for Windows Server 2003, but I was able to use the Windows 2000 Server drivers instead. Now I know why people get frustrated with technology. Incredible!

Over the past 5 years or so, Linux has slowly crept into the enterprise workplace. Its insurgence has been sped up by anti-Microsoft geeks and Sysadmins looking for solutions that Microsoft couldn’t provide cheaply.


I’m a Sysadmin, and the majority of the systems that I work with are Windows-based systems. However, with that being said, unless Microsoft does something creative, I firmly believe that in 5-10 years there will be more people that can administer Linux rather than Windows Servers.


Back in the 90’s Microsoft got a strong foothold in the enterprise from Novell and older UNIX based servers by offering ease of use for administrators with their release of the NT 4.0 Operating System. There are countless other reasons as to why Microsoft has succeeded in the enterprise, but there is one reason that isn’t so obvious.


At the time, there was no such thing as Product Activation and this allowed burgeoning Sysadmins to install NT 4.0 Server at home (albeit illegally according to Microsoft) and gain experience administering such systems. Contrast this to UNIX which is nigh impossible to have installed at home.


With Microsoft attempting to exterminate piracy with its Product Activation it virtually eliminates something that made them so popular in the beginning. How are young adults going to become experts in Windows Servers if they can’t actually get hands on training with them? Microsoft Certification classes are too expensive for most young adults to finance. Most Universities and Community Colleges offer Windows based training, but students are probably going to flock to something that they can install at home rather than going to the lab all the time to finish their assignments. Granted, Microsoft does offer a trial version of Windows Server 2003 which supposedly lasts for 180 days but in my experience, it only lasted 18 or so.


The fact that most young adults can install Linux, play with it, gain huge amounts of experience with it before they even leave High School or Middle School is something that Microsoft will be hard pressed to combat. It will be interesting to see how things unfold.

<a href=“http://www.apple.com>Apple has released ”http://www.apple.com/itunes/download/“>iTunes for Windows. The software allows you to interface with their iTunes store (where you can purchase individual tracks for 99 cents a piece), it also allows you to play MP3’s, Rip tracks from CDs, and burn CDs from your digital music files.


I’ve downloaded it and so far it seems pretty cool. However, there are some catches. ”http://arstechnica.com">Ars Technica has an article that has some of the pitfalls of the software. Read that article before installing and running the software.

I’m doing a test upgrade from Windows NT to Windows Server 2003 but I’m really annoyed by this. The server that I’m upgrading is in the server room and while technically not too far away from my office, it gets really annoying have to go babysit the damn install every 10 minutes. Get up from my desk, go to server, press a button, go back to desk, repeat. ARRRGHHH!


By the way, Windows Server 2003 seems to be largely incompatible with old hardware which is odd because Microsoft was really pushing the upgrade from Windows NT at the 2003 launch. I wonder how many customers are going to have to chuck their old hardware because Windows Server 2003 won’t support it.

When the RPC DCOM worms came out, I patched our server systems immediately. Unfortunately did not patch our client systems because, in theory, they should have been protected by our firewall. This worked for a week until some clueless user plugged in their infected laptop and it started hammering our systems. Luckily everything was pretty much contained in about 3 hours. It was a pretty interesting day yesterday, nothing like a crisis every once and a while to keep an admin on their toes. Now I get to think up policies and technological ways so that this doesn’t happen again.

Due to reports (here, here and here) of hackers starting to probe ports 135, 139, or 445 for a new worm to exploit this Windows vulnerability, I’ve had to do some late night patchin’ at work. Although the above ports are not open on our border routers, I thought it would be wise to take the “better-safe-than-sorry” approach and do some emergency patching to pretty much ALL of our servers. This patch does require a reboot and when I rebooted our FTP server, it didn’t come back up. I forgot that it has a stupid warning message in the BIOS where you have to hit F1 to continue. So I had to drive 30 minutes from home to work to hit one stupid key on a keyboard. Damn, I really need to investigate KVM over IP. By the way, I’ve already started getting scans on my home firewall on ports 445 and 135, so patch now or be sorry later.

I’m setting up a server at work and I’m putting a .NET Windows application that I wrote onto it. Usually, when you go to Windows Update, it is in the download list for Windows 2000, but for some reason it isn’t. Luckily people don’t count on Windows Update for shit and I was able to find it on Microsoft’s download site. Lame.