Windows Vista Service Pack 1 is now available via Windows Update.
Standalone package (5 languages) is also available for download at Microsoft Downloads Center. The recommended method of update is via Windows Update.
Thats’ right. No more /console switch on the Windows Remote Desktop Connection tool, MSTSC.exe, starting from Windows XP Service Pack 3, Windows Vista Service Pack 1 and Windows Server 2008.
This is because of the design enhancements in Windows Vista and Windows Server 2008, by virtue of which you cannot connect to Session 0, which is the default session. Running services and user applications together in Session 0 poses a security risk because services in Session 0 run at elevated privileges and therefore can be targeted by malware that attack by attempting and exploiting a privilege escalation.
The new generation of the Windows operating system mitigates this security risk by isolating services in Session 0 and making Session 0 non-interactive to the user. In Windows Vista (and Windows Server 2008), only system processes and services run in Session 0. The first user logs on to Session 1. Subsequent users log on to subsequent sessions (Session 2, Session 3 etc). This means that services (like printer drivers loaded by spooler service, UMDF drivers, user/window interactive services, etc) never run in the same session as users’ applications and are therefore protected from attacks that originate in application code. [More info]
Session Zero in Windows XP/Windows Server 2003: The first user logs in to Session Zero itself.
Session Zero Isolation in Windows XP SP3/Windows Vista SP1/Windows Server 2008: First user’s Session is not within Session Zero, a separate session is created, thereby improving security.
Since there is no longer the ability to connect to Session 0, the /console switch is no longer required. But, what if I want to connect to Session 0 on a Windows Server 2003/XP or earlier machine using RDP 6.1? Let’s find out.
When I typed “mstsc /?” on my Windows Server 2008 machine, these are the options that are available to me:
Notice that the /console option is not available, but there is a /admin option. The /admin option lets you connect to Session 0 on a remote computer that doesn’t have Windows Vista SP1, Windows XP SP3 or Windows Server 2008 or later installed.
However, if you try to pull the /console switch on a Windows Server 2008 or Vista SP1 machine, you get an error “An unknown parameter was specified in the computer name field“.
I hope you found this post interesting – subscribe to my blog to get instant updates on new posts!
Windows Vista is getting its first Service Pack while Windows XP is getting its last.
The release candidate of Windows XP Service Pack 3 is available for download. Service Pack 3 is more of a rollup of hotfixes and updates rather than a feature/experience enhancement. In short, it contains things that make Windows XP more secure, more reliable and faster. The user will not see noticeable change in the experience in general.
The Windows Vista Service Pack 1 Release Candidate is also available for download. There are large number of improvements for performance, security, reliability, interoperability, hardware compatibility, and deployment. There also some improvements for power consumption, desktop administration and is better geared for Windows Server 2008, the next version of Microsoft’s server OS.
Please note that Release Candidates are not the fully released versions and you will not receive support for it. Release candidates are for testing purposes. Please wait for the final release of the service pack before deploying to production systems.
On November 30, 2007, the Exchange Server 2007 service pack 1 will be ready for download on the Microsoft website.
The Service Pack is much awaited by the Exchange Server community and customers alike, with the long list of new features that the service pack promises. The new features include new deployment options, new features and improvements for each server role, improved integration with other applications, and even a new, third type of continuous replication.
If I were to mention each of the new features, this would become a really long, long, blog post. I encourage you to view the list on the Technet website.
In the RTM version of Exchange 2003, if you disable an active directory user account, mail flow to the disabled user’s mailbox stops. To a sender, it is as though the mailbox doesn’t exist.
With service packs, this behaviour has been changed. Hotfixes 916783 and 903158 make changes to the store.exe as follows:
If the SELF SID is missing from the Mailbox permissions, store.exe checks to see if the msExchMasterAccountSID is populated (this is the same as before). If it is not populated, then store.exe will use the objectSID of the user account, which should always be present.
This is good news for some administrators and bad news for others.
The good news is that if you want to temporarily restrict a user from accessing his mailbox but do not want him to lose out on receiving important e-mail, this is now possible. Also, if an employee leaves the company and you would like to configure an Out of Office message stating that he is no longer working there and at the same time disable the account for security purposes, this is now possible.
The bad news is that the above is not good enough for some companies. They just want to disable the account and forget about it. In such cases, administrators can adjust the delivery restrictions for the disabled user and configure that the user receive mails *only from* his own account. Or, you can configure ‘prohibit send/receive’ at 0 KB. Or, you can simple change or remove the SMTP email address of the user.
I installed Windows Server 2003 Service Pack 2 on a client’s Exchange Server 2003 cluster on Thursday night (Yeah, I hear you – what a way to spend a weekend!). Everything went well, installation completed, rebooted and everything was happy and kicking.
…until on Friday morning when the Exchange HTTP Virtual Server Instance failed. Since this resource was configured to ‘affect the group’, the failure forced a failover of the whole Exchange cluster group to the passive node.
Within no time, Exchange HTTP Virtual Server Instance failed again, this time on the passive node! Someone press the Panic button!! The initial understanding of the situation was clear – Installation of Windows Server 2003 Service Pack 2 brought the mighty Exchange cluster to its knees.
I rebooted both nodes and normal operation ensued. But after a couple of hours it happened again. In the event logs, I could see things like:
Event Type: Warning
Event Source: MSExchangeIS Mailbox Store
Event Category: General
Event ID: 1115
Description:
Error 0xfffffbbe returned from closing database table, called from function JTAB_BASE::EcCloseTable on table DeletedFolders. For more information, click http://www.microsoft.com/contentredirect.asp.
Event Type: Error
Event Source: MSExchangeCluster
Event Category: Services
Event ID: 1005
Description: Exchange HTTP Virtual Server Instance 100 (servername): The IsAlive check for this resource failed. For more information, click http://www.microsoft.com/contentredirect.asp.Event Type: Error
Event Source: Srv
Event Category: None
Event ID: 2019
Description: The server was unable to allocate from the system nonpaged pool because the pool was empty. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
I couldn’t find much on these errors on the Internet, and this is the reason for this post. Here’s what the problem is.
My client is running Windows Server 2003 on a 32 bit server. 32-bit versions of Windows, as we all know, support a maximum of 4 GB RAM. By default, Windows slices the total memory right down the middle: 2 GB is reserved for the OS and 2 GB for the applications. Out of the 2 GB reserved for the OS, 256 MB is reserved for non-paged pool memory.
My client is using the /3GB switch, which forces Windows to limit itself to 1 GB RAM and let the applications use 3 GB. But this causes the non-paged pool memory reservation to be reduced to 128MB instead of 256MB.
Now, 128 MB is a tight little space. IIS uses non paged pool memory for processing requests. On Windows Server 2003 and Windows Vista, IIS stops processing requests once the available non-paged pool memory goes below 20 MB. Event 2019 is evidence for that.
Of course you know, Exchange relies heavily on IIS. So that explains why the Exchange HTTP Virtual Server resource went down! But wait – what’s hogging up the non-paged pool memory? And how do we fix this?
That’s when Microsoft sent in their Poolmon utility, that grabs information on whats in there. The culprit? – Broadcom’s NetXtreme II network card driver! It was incompatible with scalable networking features bundled with Windows Server 2003 SP2 (and the Windows Scalable Networking Pack) and caused a memory leak! I disabled the TCP Chimney with the following command:
Netsh int ip set chimney DISABLED
I also disabled the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\EnableTCPA registry value setting by it to zero on both nodes and other steps mentioned in KB936594. That was all it took to solve the problem!
See my earlier related post: Delayed Logins: Change Password feature in ISA 2006
OK – I know I havent been posting for some time. My excuses – the coming of Ramadan and my travel to UAE on a personal trip. 
So here’s your piece of technology from me for the whole week.
ISA 2004 Service Pack 3 adds a bunch of new logging functionality, i.e. detailed logging and diagnostic logging.
The detailed logging features helps you troubleshoot configuration problems by providing you additional information for every entry that is displayed in the Logging tab.
Here’s a screenshot:
Some interesting facts on running Exchange Server 2007 on the upcoming RTM version of Windows Server 2008.
If you already have Exchange Server 2007 installed on Windows Server 2003:
Early adopters of Exchange Server 2007 looking to also early-adopt Windows Server 2008 may now find themselves slightly challenged, given all the above parameters.
If you have Exchange Server 2003 installed on a domain that contains Windows Server 2008 RODCs (Read Only Domain Controllers):
At the time of writing this post, Exchange Server 2007 Service Pack 1 is in Beta 2 and is available in MSDN/Technet subscriptions only.
I’ve got bad news for lazy patchers!
As of July 10, Microsoft has stopped supporting Windows Server 2003 installations where at least Service Pack 1 has not been installed.
This is part of Microsoft’s Support Lifecycle policy. However, if you have a Windows Server 2003 installation that you cannot upgrade to SP1 due to technical reasons, they will continue supporting you for some more time if you ‘buy’ extended support.
Microsoft has also stopped supporting SQL Server 2000 SP3a as of July 10. So if you have SQL Server 2000 SP3a on your servers, you will need to upgrade to SP4, if you haven’t already!
ISA Server 2004 Service Pack 1 stopped getting support since April 10, 2007. Hope everybody installed Service Pack 2.
The other day, I found an article on the Microsoft Support KB, that was written for Windows 2.x and 3.x. It’s worthwhile noting that Microsoft supported Windows 3.1 for almost 10 years after its release. True story.
Failed Service Pack 3 installation?!
If you went ahead with the SP3 installation and it failed for some reason, see the rollback failure and temporary resolution on the ISA Server Product Team Blog.