JasonSamuel.com

You can use OpenSSL and run this command:

openssl.exe s_client -connect www.mysite.com:443

which will use a generic SSL/TLS client to connect to your site and give you a ton of diagnostic info.  You can see your entire SSL cert chain, the SSL handshake, SSL session info, etc.  Here’s a full list of switches you can use with it:  http://www.openssl.org/docs/apps/s_client.html

And here’s a great online tool to graphically verify your SSL chain is intact:  http://www.sslshopper.com/ssl-checker.html

Not to mention the .NET runtime, dllhost.exe also hosts COM+ processes.  So how can you tell what each dllhost.exe is running?  Download tlist.exe (part of the Debugging Tools for Windows).  You can read more about the util here:  http://msdn.microsoft.com/en-us/library/cc267860.aspx

It’s just a simple task list viewer that displays info about the process.  There are tons of utils out there than can do the same thing but tlist.exe is a mere 50 KB command line util which is why I like to keep it around for quickly gathering info. 

The command I use to check the dllhost.exe is:

tlist -k | find /i “dllhost.exe”

and it outputs the processes, process IDs, and the related COM+ process.

Have you ever had a giant log file or CSV that you needed to go through and pull results from quickly?  Sure you can try dumping it into Excel and trying different filters and sort orders but that’s a waste of time.  It’s much faster to pull your data via a query like in a database.  Microsoft has a tool called Log Parser that does just that.  You can use queries to parse any kind of text based file.

You can download Log Parser 2.2 from Microsoft here:  http://www.microsoft.com/downloads/details.aspx?FamilyID=890cd06b-abf8-4c25-91b2-f8d975cf8c07&displaylang=en

Just install it and try it out by opening up a command prompt, navigating to your install path, and running the logparser executable.  It will display a list of commands to get you familiar with it.   I first started using it to parse huge IIS logs.  It’s pretty easy to use, here’s an example of pulling the top 10 pages hit on your site:

logparser “SELECT TOP 10 cs-uri-stem as Url, COUNT(cs-uri-stem) AS Hits FROM c:\logs\ex*.log GROUP BY cs-uri-stem ORDER BY Hits DESC”

or all the Error 500s for a particular site:

logparser “SELECT [cs-uri-stem], [cs-uri-query], Count(*) AS [Hits] FROM c:\logs\ex*.log WHERE sc-status = 500 GROUP BY [cs-uri-stem], [cs-uri-query] order by [hits], [cs-uri-stem] DESC” -rtp:-1 -i:iisw3c

You can even throw the above in a batch file that schedule to run every hour and do something like:

All5005Errors.bat > All500Errors.txt

to log it all to disk.  Or even easier, use INTO in your SQL syntax to dump to a file like a .csv so it reads like:

logparser “SELECT [cs-uri-stem], [cs-uri-query], Count(*) AS [Hits] INTO All500Errors.csv FROM c:\logs\ex*.log WHERE sc-status = 500 GROUP BY [cs-uri-stem], [cs-uri-query] order by [hits], [cs-uri-stem] DESC” -rtp:-1 -i:iisw3c

There’s tons and tons of nice little queries people have written, for example I’ve personally used some from Jeff Atwood’s site here:  http://www.codinghorror.com/blog/archives/000369.html

Or you can got to the IIS.NET forums where there is an entire forum and many sub-forums dedicated to Log Parser here:  http://forums.iis.net/default.aspx?GroupID=51

Another cool tool over at CodePlex…Visual Log Parser:  http://www.codeplex.com/visuallogparser

I actually haven’t used this yet but it is out there if you get bored of using command line.  LMK if you guys decide to try it out.

By default, most applications write events to the Application Event Log.  This is a great central place to write logs to but sometimes you might have a requirement to log informational events from an application and you don’t want it filling up your Application Event Log because of the sheer number of informational events you might get a short period of time.  The solution is to create a custom event log for your application to hold these events.  You can then set max log size, overwrite rules, filters, etc. on this event log while your Application Event Log remains clean and intact.

The first step is to create the new log.  You have to do this in the registry.  Open up regedit and navigate to:

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog

Right click on the Eventlog key and click New > Key

Name this new key the same name you want your new event log to be named.  By default it will create the new .evt file here:

C:\WINDOWS\System32\Config\New Key #1.evt

You can always rename it by editing the string value data in the registry if you like.

Now you need to add Sources to your new event log.  Right click in the right window pane under your new key and add a new Multi-String value called “Sources” and add the name of each of your applications on each line.  It should look something like this:

Now you need to move the association of your application from the Application event log to your new Custom log.  Just expand the “Application” key located at:

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application

and copy whatever key you see in there for your app under your new Custom log:

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\CustomLog

There’s no copy/paste command so you can recreate the key if it’s small or you can export/import if it’s something complicated and you are afraid of mistyping something.  MAKE SURE to delete it from Application after you add it to the Custom log or it will not write events to your new log since Windows thinks its still associated with the Application log.  If it is a custom source, you need to create a DWORD value under this key with the value of 1:

You will also notice my custom app in this example is a .NET 2.0 appliaction so I want .NET to write the events to the log.  I have to create a string value called EventMessageFile and give it the path to the .NET 2.0 event log message dll:

C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll

Now you should reboot your server.  When it’s back up, check and see if your new event log appears under Event Viewer.  If your application is not writing events to your new log, test it manually by opening a command prompt and going to:

C:\WINDOWS\system32

and typing:

eventcreate /l CustomLog /t Information /so Application1 /id 1 /d “Test message”

You should get a message saying it was successfully written or you should get an error message with details on why it was not written.  If you followed the steps in this blog post, it should write the event just fine.

Often times you might have to add an SSL cert to a Cisco or Citrix appliance but it only accepts the SSL cert and private key in a certain format.  Your CA (certificate authority) will issue the SSL cert to you as a .crt.  From there, you need to package the cert with the private key and in the format your appliance requires.  There are different ways to do this and one easy way I like is using IIS and OpenSSL which is a free open source tool and can be downloaded here:  http://www.openssl.org

1. Create a temporary site in IIS and generate a CSR.  Make sure the CN (common name) you enter matches whatever appliance you are trying to generate it for exmp:  wireless.mycompany.com

2.  Submit the CSR to your CA such as Verisign, GoDaddy, Network Solutions, etc. and wait for them to validate and issue your cert.

3. Get the .crt from the CA once they issue it and convert it to .cer.  Just open the .crt by double clicking on it and and save it as .cer using the export wizard.  This is necessary since IIS does not accept .crt.

4. Install the .cer in IIS using the Web Server Certificate Wizard where you originally generated the CSR.  Just process the pending request to install it.

5. View the cert in IIS and export it with the private key in pkcs12 (.pfx) format.  Just set the password as “password” since you will be deleting it after conversion is complete later.

6. Go to the directory where OpenSSL.exe is and type in the following to convert the .pfx to a .pem

openssl pkcs12 -in nameofcert.pfx -out nameofcert.pem

7. Type the “password” when prompted for the pass phrase.

8. Install the .pem on the appliance and it should work

IMPORTANT NOTE:

If you are doing it for some appliances like a Cisco IronPort, you need to add the nodes switch when creating the .pem:

openssl pkcs12 -in nameofcert.pfx -out nameofcert.pem –nodes

The –nodes switch ensures that the key inside the .pem is left unencrypted.  If you attempt to install a .pem created without the -nodes switch, the appliance will take the cert but will not accept the private key since it cannot read it in an encrypted state.

A simple way to test if your MTA (mail transfer agent such as Exchange) is accepting email is to build the message by hand and watch the response codes from the server.  You can run this from the server console from a command prompt or remotely if you have the SMTP port to the server open.  Remember, once you are in the telnet session, don’t use backspace if you misspell something!  You’ll get an unrecognized command error if you do.  Just press enter and retype your command correctly if you do misspell something.

telnet localhost 25

This will open a telnet window to the server on SMTP port 25 and the server in return will send a 220 response code, the FQDN (Fully Qualified Domain Name), mail server version, and typically a time stamp as well.  Next you type:

helo

The mail server will respond with 250 response and it’s FQDN and say “Hello”.  You can also use:

ehlo

There is no difference using the commands except that EHLO returns info about the mail server’s capabilities along with the 250 response code such as the maximum SIZE of a messsage for example.  It’s useful to see exactly what your mail server is going to accept from a client.  EHLO is the more recent command by the way.  Pretty much all MTAs out there are going to accept either command nowadays.

This means the mail server is ready to accept more commands.  Now it’s time to begin composing your email:

mail from: joeblow@gmail.com

You should get a 250 response code and say the Send is OK.  Now type who you are sending it to:

rcpt to: joeblowsfriend@gmail.com

You will get a 250 response for the email address.  You can add more recipients by just typing additional lines like above.  Next it’s time to build the body of the message.  Type:

data

and you will get a 354 response code saying you can begin input.  First type a subject line for your message:

subject: Test email

Remember, type this on the very first line and then press <Enter> twice.  Now you can start typing your message body.  Once you are done with your message body, press <Enter> to start a new line and type nothing on this line except for a period.  Then press <Enter> again and you will exit out of the message body and immediately submit the email to the MTA’s queue for delivery.  You should get the test email within seconds if your mail server is working properly!  Make sure to check your Junk E-mail folder just in case your mail server marks your test email as spam.  To exit your telnet session, just type:

quit

and press <Enter> and you’re done.  Simple, right?

Sometimes you may inherit a MySQL databse server and have no credentials to access anything.  None of the default accounts work.  Your only option is to reset the root user account password.  This is very easy to do.

1. Open up Windows Task Manager and stop the mysqld.exe (MySQL daemon) process.
2. Open up Computer Management > Services > and stop the MySQL service if it isn’t already stopped.
3. Open up a command prompt and go to your MySQL bin folder, for example:

 C:\Program Files\MySQL\MySQL Server 5.1\bin

then type in:

 mysqld.exe –skip-grant-tables

this will restart the MySQL daemon process.

4. Now type in:

 mysql.exe -u root

and it should log you right in as the root user without having to specify a password.

5. Now you need to reset the password.  Type:

 UPDATE mysql.user SET Password=PASSWORD(‘MyNewPassword’) WHERE User=’root’;

You can change the password to whatever you want.  I have set it to “MyNewPassword” above.

6. Now type:

 FLUSH PRIVILEGES;

and you’re done!  Try logging in using your new credentials and it should work just fine.  Don’t forget to verify that your MySQL service has been restarted.

If you’ve ever used Urchin 6 for web analytics (Google’s pay for version of Google Analytics aimed at enterprises), you have probably seen profiles stuck in a “Running” state.  If you hit Run Now, you get this error message:

12008 – Action: Failed to cancel urchin process.

If you try to reschedule the profile, you get this error message:

12007 – Action: Failed to add profile to the scheduler queue. The profile is already in the queue.

This happens because Urchin’s scheduler is very sensitive to server reboots.  If you have jobs scheduled to run at night and let’s say you push patches to the server and reboot in the middle of the night, it can cause this error to appear on some of your profiles.  You get these errors because the log processing engine and scheduler never received the proper exit signals which means there will be database entries in the MySQL database that will be in an inconsistent state.  When the server boots back up, the log processing engine cannot pick back up where it stopped and the web GUI will show the profile is “Running” even though it is not.

The quick solution for this is to navigate to your Urchin bin folder via command prompt.  Here is an example path:

C:\Program Files\Urchin6\bin

then type:

urchinctl stop

which will stop all Urchin processes.  Then open up MySQL Command Line Client and type:

use urchin;
delete from uprofiles_queue;

This switches the database to the urchin database and deletes all running profiles.  Now if you go to to the web GUI under Profile Task Scheduler, you will see everything looks normal.  Now trying running the job again and it should work.  You should get a message saying:

12009 – Action: Profile has been queued to run. Please check the Profile Task History screen for status and runtime output.

Now don’t forget to restart your Master and Slave scheduler services or the job will remain in a queued state until they are back up:

urchinctl start

Now verify the job is actually running properly by clicking the green “Running” link for the job and you should see it processing the logs.

I was lucky enough to attend the Microsoft New Efficiency event for Windows Server 2008 R2 on Monday.  It was a limited capacity technical briefing aimed at IT Professionals.  They also had an Exchange 2010 and Windows 7 track at the same time but I chose to attend the Server 2008 R2 track.  It was divided into 4 sections and was hosted by Kevin Saye (kevin.saye@microsoft.com) who is the Pre-sales technical support specialist for Windows Server in this region.  I’ve heard him speak at events before but never had a chance to actually do a QA session with him till now.

So, on to the new stuff in Server 2008 R2 that I found interesting!  This is not a comprehensive list by an means, just the stuff I thought was very useful.  I’ll go over each in detail in the coming days and how it will fit into your enterprise environment.

-Active Directory Administrative Center (ADAC)
-Managed Service accounts
-Active Directory Recycle Bin
-Graphical PowerShell
-Turning off CPU cores to conserve power
-Group policy can now execute Powershell scritpts
-Group policy granularity through item level targeting
-FCI to classify data and take actions on it
-.NET now runs on Server Core installs
-Remote Desktop Services now has multi-monitor support (up to 8 monitors), bi-directional audio (useful for VOIP), and enhanced multimedia support using your local graphics card instead of “screen painting” as it was before.
-DirectAccess with Windows 7 and Server 2008 R2 – Extends the network to include remote users instead of just a remote user dialing in via VPN.  Uses the Teredo protocol.  Was able to access the Microsoft intranet site (http://msw) without ever having to dial in and from behind a corporate firewall.  It uses IPsec and it only works with Windows 7 machines which are on the domain. 
-Branch Cache – Caches only the requested data unlike DFS.  Means a lot less space is required unlike DFS which is an exact duplicate.

THE FUTURE
Kevin says expect to see more componentization in MS products.  Expect to moved vhds around on servers like OS, Apps, & Data vhds interchangeably on your VMs.

When you’re applying updates to a large farm, you really need to check the version number of SharePoint running on each server in the farm in order to maintain consistency.  You can do this easily by going to CA > Operations > Servers in Farm.

But what do these version numbers actually mean?  There’s a great Wiki maintained here that can answer this:

http://www.sharepointdevwiki.com/display/SharePointAdministrationWiki/SharePoint+Versions

This page will show you all the past and current version numbers and their associated KB articles.  Very handy when troubleshooting updates or if you want to check the change log between versions.