openssl.exe s_client -connect www.mysite.com:443

which will use a generic SSL/TLS client to connect to your site and give you a ton of diagnostic info.  You can see your entire SSL cert chain, the SSL handshake, SSL session info, etc.  Here’s a full list of switches you can use with it:  http://www.openssl.org/docs/apps/s_client.html

And here’s a great online tool to graphically verify your SSL chain is intact:  http://www.sslshopper.com/ssl-checker.html

It’s just a simple task list viewer that displays info about the process.  There are tons of utils out there than can do the same thing but tlist.exe is a mere 50 KB command line util which is why I like to keep it around for quickly gathering info. 

The command I use to check the dllhost.exe is:

tlist -k | find /i “dllhost.exe”

and it outputs the processes, process IDs, and the related COM+ process.

You can download Log Parser 2.2 from Microsoft here:  http://www.microsoft.com/downloads/details.aspx?FamilyID=890cd06b-abf8-4c25-91b2-f8d975cf8c07&displaylang=en

Just install it and try it out by opening up a command prompt, navigating to your install path, and running the logparser executable.  It will display a list of commands to get you familiar with it.   I first started using it to parse huge IIS logs.  It’s pretty easy to use, here’s an example of pulling the top 10 pages hit on your site:

logparser “SELECT TOP 10 cs-uri-stem as Url, COUNT(cs-uri-stem) AS Hits FROM c:\logs\ex*.log GROUP BY cs-uri-stem ORDER BY Hits DESC”

or all the Error 500s for a particular site:

logparser “SELECT [cs-uri-stem], [cs-uri-query], Count(*) AS [Hits] FROM c:\logs\ex*.log WHERE sc-status = 500 GROUP BY [cs-uri-stem], [cs-uri-query] order by [hits], [cs-uri-stem] DESC” -rtp:-1 -i:iisw3c

You can even throw the above in a batch file that schedule to run every hour and do something like:

All5005Errors.bat > All500Errors.txt

to log it all to disk.  Or even easier, use INTO in your SQL syntax to dump to a file like a .csv so it reads like:

logparser “SELECT [cs-uri-stem], [cs-uri-query], Count(*) AS [Hits] INTO All500Errors.csv FROM c:\logs\ex*.log WHERE sc-status = 500 GROUP BY [cs-uri-stem], [cs-uri-query] order by [hits], [cs-uri-stem] DESC” -rtp:-1 -i:iisw3c

There’s tons and tons of nice little queries people have written, for example I’ve personally used some from Jeff Atwood’s site here:  http://www.codinghorror.com/blog/archives/000369.html

Or you can got to the IIS.NET forums where there is an entire forum and many sub-forums dedicated to Log Parser here:  http://forums.iis.net/default.aspx?GroupID=51

Another cool tool over at CodePlex…Visual Log Parser:  http://www.codeplex.com/visuallogparser

I actually haven’t used this yet but it is out there if you get bored of using command line.  LMK if you guys decide to try it out.

The first step is to create the new log.  You have to do this in the registry.  Open up regedit and navigate to:

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog

Right click on the Eventlog key and click New > Key

Name this new key the same name you want your new event log to be named.  By default it will create the new .evt file here:

C:\WINDOWS\System32\Config\New Key #1.evt

You can always rename it by editing the string value data in the registry if you like.

Now you need to add Sources to your new event log.  Right click in the right window pane under your new key and add a new Multi-String value called “Sources” and add the name of each of your applications on each line.  It should look something like this:

Now you need to move the association of your application from the Application event log to your new Custom log.  Just expand the “Application” key located at:

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application

and copy whatever key you see in there for your app under your new Custom log:

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\CustomLog

There’s no copy/paste command so you can recreate the key if it’s small or you can export/import if it’s something complicated and you are afraid of mistyping something.  MAKE SURE to delete it from Application after you add it to the Custom log or it will not write events to your new log since Windows thinks its still associated with the Application log.  If it is a custom source, you need to create a DWORD value under this key with the value of 1:

You will also notice my custom app in this example is a .NET 2.0 appliaction so I want .NET to write the events to the log.  I have to create a string value called EventMessageFile and give it the path to the .NET 2.0 event log message dll:

C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll

Now you should reboot your server.  When it’s back up, check and see if your new event log appears under Event Viewer.  If your application is not writing events to your new log, test it manually by opening a command prompt and going to:

C:\WINDOWS\system32

and typing:

eventcreate /l CustomLog /t Information /so Application1 /id 1 /d “Test message”

You should get a message saying it was successfully written or you should get an error message with details on why it was not written.  If you followed the steps in this blog post, it should write the event just fine.

1. Create a temporary site in IIS and generate a CSR.  Make sure the CN (common name) you enter matches whatever appliance you are trying to generate it for exmp:  wireless.mycompany.com

2.  Submit the CSR to your CA such as Verisign, GoDaddy, Network Solutions, etc. and wait for them to validate and issue your cert.

3. Get the .crt from the CA once they issue it and convert it to .cer.  Just open the .crt by double clicking on it and and save it as .cer using the export wizard.  This is necessary since IIS does not accept .crt.

4. Install the .cer in IIS using the Web Server Certificate Wizard where you originally generated the CSR.  Just process the pending request to install it.

5. View the cert in IIS and export it with the private key in pkcs12 (.pfx) format.  Just set the password as “password” since you will be deleting it after conversion is complete later.

6. Go to the directory where OpenSSL.exe is and type in the following to convert the .pfx to a .pem

openssl pkcs12 -in nameofcert.pfx -out nameofcert.pem

7. Type the “password” when prompted for the pass phrase.

8. Install the .pem on the appliance and it should work

IMPORTANT NOTE:

If you are doing it for some appliances like a Cisco IronPort, you need to add the nodes switch when creating the .pem:

openssl pkcs12 -in nameofcert.pfx -out nameofcert.pem –nodes

The –nodes switch ensures that the key inside the .pem is left unencrypted.  If you attempt to install a .pem created without the -nodes switch, the appliance will take the cert but will not accept the private key since it cannot read it in an encrypted state.

telnet localhost 25

This will open a telnet window to the server on SMTP port 25 and the server in return will send a 220 response code, the FQDN (Fully Qualified Domain Name), mail server version, and typically a time stamp as well.  Next you type:

helo

The mail server will respond with 250 response and it’s FQDN and say “Hello”.  You can also use:

ehlo

There is no difference using the commands except that EHLO returns info about the mail server’s capabilities along with the 250 response code such as the maximum SIZE of a messsage for example.  It’s useful to see exactly what your mail server is going to accept from a client.  EHLO is the more recent command by the way.  Pretty much all MTAs out there are going to accept either command nowadays.

This means the mail server is ready to accept more commands.  Now it’s time to begin composing your email:

mail from: joeblow@gmail.com

You should get a 250 response code and say the Send is OK.  Now type who you are sending it to:

rcpt to: joeblowsfriend@gmail.com

You will get a 250 response for the email address.  You can add more recipients by just typing additional lines like above.  Next it’s time to build the body of the message.  Type:

data

and you will get a 354 response code saying you can begin input.  First type a subject line for your message:

subject: Test email

Remember, type this on the very first line and then press <Enter> twice.  Now you can start typing your message body.  Once you are done with your message body, press <Enter> to start a new line and type nothing on this line except for a period.  Then press <Enter> again and you will exit out of the message body and immediately submit the email to the MTA’s queue for delivery.  You should get the test email within seconds if your mail server is working properly!  Make sure to check your Junk E-mail folder just in case your mail server marks your test email as spam.  To exit your telnet session, just type:

quit

and press <Enter> and you’re done.  Simple, right?

1. Open up Windows Task Manager and stop the mysqld.exe (MySQL daemon) process.
2. Open up Computer Management > Services > and stop the MySQL service if it isn’t already stopped.
3. Open up a command prompt and go to your MySQL bin folder, for example:

 C:\Program Files\MySQL\MySQL Server 5.1\bin

then type in:

 mysqld.exe –skip-grant-tables

this will restart the MySQL daemon process.

4. Now type in:

 mysql.exe -u root

and it should log you right in as the root user without having to specify a password.

5. Now you need to reset the password.  Type:

 UPDATE mysql.user SET Password=PASSWORD(‘MyNewPassword’) WHERE User=’root’;

You can change the password to whatever you want.  I have set it to “MyNewPassword” above.

6. Now type:

 FLUSH PRIVILEGES;

and you’re done!  Try logging in using your new credentials and it should work just fine.  Don’t forget to verify that your MySQL service has been restarted.

12008 – Action: Failed to cancel urchin process.

If you try to reschedule the profile, you get this error message:

12007 – Action: Failed to add profile to the scheduler queue. The profile is already in the queue.

This happens because Urchin’s scheduler is very sensitive to server reboots.  If you have jobs scheduled to run at night and let’s say you push patches to the server and reboot in the middle of the night, it can cause this error to appear on some of your profiles.  You get these errors because the log processing engine and scheduler never received the proper exit signals which means there will be database entries in the MySQL database that will be in an inconsistent state.  When the server boots back up, the log processing engine cannot pick back up where it stopped and the web GUI will show the profile is “Running” even though it is not.

The quick solution for this is to navigate to your Urchin bin folder via command prompt.  Here is an example path:

C:\Program Files\Urchin6\bin

then type:

urchinctl stop

which will stop all Urchin processes.  Then open up MySQL Command Line Client and type:

use urchin;
delete from uprofiles_queue;

This switches the database to the urchin database and deletes all running profiles.  Now if you go to to the web GUI under Profile Task Scheduler, you will see everything looks normal.  Now trying running the job again and it should work.  You should get a message saying:

12009 – Action: Profile has been queued to run. Please check the Profile Task History screen for status and runtime output.

Now don’t forget to restart your Master and Slave scheduler services or the job will remain in a queued state until they are back up:

urchinctl start

Now verify the job is actually running properly by clicking the green “Running” link for the job and you should see it processing the logs.

I was lucky enough to attend the Microsoft New Efficiency event for Windows Server 2008 R2 on Monday.  It was a limited capacity technical briefing aimed at IT Professionals.  They also had an Exchange 2010 and Windows 7 track at the same time but I chose to attend the Server 2008 R2 track.  It was divided into 4 sections and was hosted by Kevin Saye (kevin.saye@microsoft.com) who is the Pre-sales technical support specialist for Windows Server in this region.  I’ve heard him speak at events before but never had a chance to actually do a QA session with him till now.

So, on to the new stuff in Server 2008 R2 that I found interesting!  This is not a comprehensive list by an means, just the stuff I thought was very useful.  I’ll go over each in detail in the coming days and how it will fit into your enterprise environment.

-Active Directory Administrative Center (ADAC)
-Managed Service accounts
-Active Directory Recycle Bin
-Graphical PowerShell
-Turning off CPU cores to conserve power
-Group policy can now execute Powershell scritpts
-Group policy granularity through item level targeting
-FCI to classify data and take actions on it
-.NET now runs on Server Core installs
-Remote Desktop Services now has multi-monitor support (up to 8 monitors), bi-directional audio (useful for VOIP), and enhanced multimedia support using your local graphics card instead of “screen painting” as it was before.
-DirectAccess with Windows 7 and Server 2008 R2 – Extends the network to include remote users instead of just a remote user dialing in via VPN.  Uses the Teredo protocol.  Was able to access the Microsoft intranet site (http://msw) without ever having to dial in and from behind a corporate firewall.  It uses IPsec and it only works with Windows 7 machines which are on the domain. 
-Branch Cache – Caches only the requested data unlike DFS.  Means a lot less space is required unlike DFS which is an exact duplicate.

THE FUTURE
Kevin says expect to see more componentization in MS products.  Expect to moved vhds around on servers like OS, Apps, & Data vhds interchangeably on your VMs.

But what do these version numbers actually mean?  There’s a great Wiki maintained here that can answer this:

http://www.sharepointdevwiki.com/display/SharePointAdministrationWiki/SharePoint+Versions

This page will show you all the past and current version numbers and their associated KB articles.  Very handy when troubleshooting updates or if you want to check the change log between versions.