Thursday, February 25, 2010

Shrew VPN replacement for Juniper/Watchguard on Windows 7 x64

So I'd been waiting to see if anyone had managed to get the Juniper netscreen vpn client to work on windows 7 x64 and then I just gave up and decided to look for an alternate solution. I really didn't want to keep an XP box around just for the purpose of connecting to this one partner's site. So after digging around I found Shrew ( which supports XP/Vista/7 in both 32 and 64 bit. And as an added bonus they have tutorial/howtos for setting it up to work with over a dozen vpn endpoint devices. So I sent the info for the Juniper SSG setup to our partner site and they generated a new client file for us.

Installation of the client went smoothly and it imported the client file with no problems.

Monday, February 22, 2010

How to disable SoftAP (aka Windows 7 Wireless Hosted Networks) via Group Policy

Windows 7 comes with a nifty feature that allows it to function as a wireless hotspot. For home users and technical enthusiasts, it's a cool feature. For paranoid network admins like me that feature is a problem. You don't want users opening up wireless APs inside your building or if they're remote, functioning as conduits for outsiders to piggyback into your networks.

To disable this function via group policy, create a new group policy or modify and existing one and go to Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Wireless Network (IEEE 802.11) Policies. right click on there and Create a new policy.

Now be careful what you select in here or else you'll wind up causing havoc for your wireless users.

Name your Wireless policy whatever you want, then go to the "Network Permissions" tab. Select the checkbox for "Don't allow hosted networks" and that will block the SoftAP feature.

Do not check the other boxes that I've marked in blue unless you want to lock down your users to only using your wireless APs (which will also block APs at airports, starbucks, etc). That "Only use group policy..." setting is bad news for your traveling employees.

Once these settings go into effect, the windows 7 clients may require a reboot or two before the changes kick in. These changes also will only work if they are using the default built in wlan client that comes with windows 7. (See checkbox setting on first tab of that policy window).

For more details on what these settings are:

Wednesday, February 3, 2010

TFSWarehouse Event 3000 Failed to load adapter with SQL 2008 data tier

So I had my nice, mostly stable TFS implementation consisting of a SQL 2005 SP3 data tier and a TFS 2008 SP1 (9.0.30729.1) Application tier. I decided to upgrade the Data Tier to SQL 2008 since I'll need it to be there when we upgrade this year to TFS 2010. I followed Bill Wang's blog post

Everything went fine except the warehouse stopped refreshing. In the Event Log on the Application Tier I had this error:

Event Type: Error
Event Source: TFS Warehouse
Event Category: None
Event ID: 3000
Date: 2/3/2010
Time: 1:13:47 PM
User: N/A
Computer: TFS1
TF53010: The following error has occurred in a Team Foundation component or extension:
Date (UTC): 2/3/2010 6:13:47 PM
Machine: TFS1
Application Domain: /LM/W3SVC/3/Root/Warehouse-3-129096944229185149
Assembly: Microsoft.TeamFoundation.Warehouse, Version=, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a; v2.0.50727
Process Details:
Process Name: w3wp
Process Id: 5444
Thread Id: 5576
Account name: PS_NT\TFSSERVICE

Detailed Message: Failed to load adapter Microsoft.TeamFoundation.Warehouse.CommonStructureAdapter. Exception Info: \n System.IO.FileNotFoundException: Could not load file or assembly 'Microsoft.AnalysisServices, Version=, Culture=neutral, PublicKeyToken=89845dcd8080cc91' or one of its dependencies. The system cannot find the file specified.

After much head-banging I realized that I hadn't upgraded the SQL Client Connectivity on the App Tier to 2008 to match. D'oh. After installing the SQL 2008 Connectivity and Management tools and rebooting, I went to the http://localhost:8080/Warehouse/v1.0/warehousecontroller.asmx and hit 'Run', then invoke to force the update. Then used the 'GetWarehouseStatus' to watch the Adapter running. Fixed.

Symantec Backup Exec 2010 first impressions

Now it may be too early to say, but so far I'm actually impressed with BE 2010 (Trial edition of course). Normally I'm pretty skeptical about new releases but after a colleague of mine told me that it fixed his backup issues with a 2008 x64 R2 Hyper-V machine I decided to give it a look over. He had that dreaded "Snapshot provider error (0xE000FED1): A failure occurred querying the Writer status." error. I set up a couple of test x64 servers in the lab with copies of the real VMs and loaded up BE 2010 and set it for some Disk to Disk tests. While I did get some GRT related errors even though I wasn't using GRT at the time, it still backed up the server images themselves.
As far as installation goes, the UI continues to improve with each release and it's pretty straightforward. Upgrading an existing BE 12.5 install was a breeze. The remote installation process has undergone a major makeover and now makes it easier to roll out multiple agents with different options selected. And to boot, it lists all the previously rolled out agents in the console. The management console is a bit more refined looking and they've integrated a lot of new little icons into the selection windows.

They've also added a few new agents that will be interesting to try (as soon as I get the budget). The DeDuplication agent could be useful for reducing backup sizes and the new Exchange archiving agent has potential as well.

As always, I recommend fully testing out any new software product in a test environment prior to rolling it out into production...