Tristan Watkins on IT Infrastructure - Page 13 of 13 - Technical guidance for Microsoft security technologies, Windows, SharePoint, and other generally useful findings

The search for a good Acrobat Reader alternative

Back in April, Slashdot pointed me to a C-Net article in which F-Secure’s chief research officer recommended moving away from Adobe Acrobat Reader. Personally, I needed little incentive. I’ve disliked Acrobat Reader fairly intensely for some time and I’d already moved to FoxIt Reader. Acrobat Reader is massive, it constantly prompts for updates and evidently it doesn’t prompt for update enough, given the number of holes that have recently been revelaed.

I thought FoxIt was a good alternative for the first year or so that I was using it, but (like an adolescent) as it matured some things about it started to annoy me and I thought it was worth trying out some of the alternatives on the market. Of the Windows options from the F-Secure recommendation, I didn’t get very far with Okular or Yap but I spent a good deal of time with Sumatra at work and MuPDF with the plugin for Firefox at home. I wasn’t unhappy with either of these options, as my PDF reader requirements are very basic. I love that Sumatra can be run without installing anything and is small enough to carry around on a memory stick. No more PDF readers on servers… However, after inflicting Sumatra on some unwitting recipients, I decided to find a heftier alternative, as they need more than up, down and zoom.

Enter: DocuTrack’s PDF-XChange Viewer. It’s got loads of features, is reasonably lightweight and does the job in every way that I’ve put it to the test. The only thing that irritates me is the size and number of toolbars running by default, but they’re easy enough to turn off. Admittedly my needs are few, but I’ve not had any other complaints about it since pushing it to about 20 other people. If you fancy taking the plunge and take me up on any of these suggestions, I’d love to hear feedback, as I’m discovering that it’s nearly as divisive as the media player question. I <3 Foobar, for the record.

Windows Deployment Services trumps Internet Connection Sharing

I imagine the responses to this post’s title will fall in to one of three categories:

What’s Windows Deployment Services?
What’s Internet Connection Sharing?
Why on earth would you use both in one machine?

To answer the last question I need to unveil a bit about the network approach that we’ve adopted for the Hyper-V on Windows Server 2008 R2 laptop build that I mentioned in my last post. Continue reading “Windows Deployment Services trumps Internet Connection Sharing”

Routine loss of connectivity on a Hyper-V host’s external connection

We’ve recently been piloting a laptop developer build on Windows Server 2008 R2 Release Candidate (Build 7100) with the Hyper-V role. One of the first receipients of this build complained of connectivity problems in Office Communicator once every minute or two. For as-yet undiagnosed reasons we have lengthy sign-in times for Communicator, so this loss of connectivity rendered it completely unusable. This same problem was visible in Outlook, although less disruptive since we use Cached Exchange Mode. Both Exchange and the OCS server are hosted but we also noticed the problem with interrupted file transfers so it clearly wasn’t just an internet connectivity issue. It looked like something to do with the NIC, the cable or a network device.

The network trouble was accompanied by a series of System log event errors from MVSMP:

Port ‘SWITCHPORT-SM-F277C685-E5F8-490D-8CD1-913B854FABD2-0-1′ was prevented from using MAC address ’00-15-C5-7E-EB-39’ because it is pinned to port ‘SWITCHPORT-SM-F277C6’. Continue reading “Routine loss of connectivity on a Hyper-V host’s external connection”

Hyper-V Manager over VPN may fail if the server is VMM-managed

About a year ago John Howard published guidance on how to get Hyper-V Manager to connect to Hyper-V servers over VPN. His network monitoring and suggestion to change the VPN connection IP settings so that the VPN adapter registers the machine’s new address in DHCP/DNS went a long way towards fixing the issue for me – however, we recently uncovered a couple of caveats as detailed in the comments on his original post. Continue reading “Hyper-V Manager over VPN may fail if the server is VMM-managed”

K2, Thematic and a hex colour picking tool

I generally don’t do anything front-end if I can help it, but I’ll get my hands dirty when I need to. I recently played with a number of different K2 stylesheets and the newer Thematic framework while redesigning this site. I could only find one child theme that I really liked for Thematic, which was Second to None, but I wanted a dark version, so I set to work trying to interpret his stylesheet and inverted all of the background and text colours (as a starting point). This probably sounds easier than it is with the complexity of stylesheets today. At any rate, I eventually gave up when I realised that all of the icons looked funny in this inverted scheme, but I thought I’d share the Hex Colour picking tool that I found when bumbling through this, as I would have been lost with out it.

The stuff around SelfSSL

Working with software developers, I’ve probably seen SelfSSL used more often than in most lines of work, and also misuse of it. The purpose of this article is to draw some boxes around the different areas that come in to play when a site is self-certified.

Browser

Most obviously, the user requests the page through the browser, but the browser also warns of Certificate/DNS name mismatches. Unless the certificate was issued to the address through which the site is being browsed, the browser will produce certification warnings. This behaviour is expected and desirable as part of browser security. Continue reading “The stuff around SelfSSL”

Windows Time, the PDC Emulator and the VM

Or… why it’s important to disable Host Time Synchronisation on a domain controller.

A few months ago I reminded myself of a major gotcha when planning a virtual infrastructure. Assume that you run more than one domain in more than one forest and that trusts are in place to authenticate users across those forests. This could be a development/test/staging environment, or as will no doubt be more common in the coming years, it could be a virtualised infrastructure. Continue reading “Windows Time, the PDC Emulator and the VM”

Introduction

It would appear that my grand idea to start my blog with EHLO world has already been pipped by many, but I can at least confirm that my blog title has achieved Google uniqueness, presumably according to its dubious etymology.

So what’s this all about? Windows stuff in the first instance, with a special focus on SharePoint, as I’m an Infrastructure Consultant for a leading British Microsoft Gold Partner specialising in SharePoint Products and Technologies. I’ve been working with SharePoint since pre-release WSS2/SPS2003. I cut my teeth on SharePoint concurrent with my growth from Technical Support Manager to Head of IT Infrastructure for another British Microsoft Gold Partner. Since then I’ve moved in to Infrastructure Architecture and consultancy. I anticipate this blog will focus on Windows, SharePoint, virtualisation, WAN technologies, authentication and whatever else I may stumble upon.