January 2007 Archives
Charles posted a list of etiquette suggestions based on his recent visit to Lotusphere, and Josh Maher posted a list of cell phone use social norms. Unfortunately, neither of these address a real problem I encounter when traveling: people who talk on the phone while in the men's room. I've seen a wide range of offenders, from CEO-looking types in Armani to flannel-shirt-clad, John Deere-cap-wearing rustics. It amazes me: if you wouldn't talk to your boss through a bathroom door, why on earth would you do it with a cellphone?
Let me make this perfectly clear: under no circumstance would I make a phone call while in the restroom, unless perhaps someone needed immediate medical help. Nor would I stay on the phone, chatting away, while I stood in front of the urinal doing my bidness. I'm pretty sure none of my friends, customers, family members, or co-workers want to talk to me that badly.
So, to summarize: no phone use in the bathroom. Thankyouverymuch.
Devin asked me, and I realized that apart from TCP 5060 (for SIP) I didn't know. A little googling, however, produced this topic in the Exchange documentation. See table 1, which shows the remaining ports that you have to keep open to make UM work across a firewall.
Technorati Tags: Exchange 2007, Unified Messaging
On the heels of my EWS post the other day, a new post from Microsoft's Wes Haggard, this time explaining how to use EWS to find contacts.
Technorati Tags: Exchange 2007
This is a hassle; I got two separate notifications from fellow MVPs that my Barracuda box was blocking their inbound mail. When I checked the Barracuda logs, sure enough, it had rejected both messages; the reason listed was "Intent (xmlsoap.org)".
"Intent" is the status code the 'cuda uses to indicate that it blocked a message because it contains a spammish URL; it's essentially the equivalent of SURBL. I checked the two messages, and sure enough they contain a reference to xmlsoap: "http://schemas.xmlsoap.org/soap/envelope/". However, this reference comes from the original message in the thread, which was an HTML message! Apparently somewhere in the round-trip reply cycle, the HTML version was converted to plain text, which exposed the xmlsoap reference, which the Barracuda improperly blocked. Evidently spammers have sent HTML-formattted mail from Outlook before, so xmlsoap.org has ended up on the intent list. Thankfully the Barracuda interface has an easy-to-find "Exempt this URL" link, so I could clear the ban, but it's still not what I would've expected.
T-Mobile has a pretty sweet deal: free T-Mobile wi-fi service for Windows Vista users from now until April 30. Go here from your Vista machine to sign up.
Excellent news: the 32-bit versions of the Exchange 2007 management tools are now available. This download includes the Exchange Management Console, the Exchange Management Shell, ExBPA, and the Exchange Troubleshooting Assistant.
Technorati Tags: Exchange 2007
Just to set the record straight: Entourage 2004 works fine with Exchange 2007 public folders.
If you've read the Exchange docs (or the Exchange team blog, or any of the zillions of places that reported this), you might be forgiven for being confused. The docs say that public folders are "de-emphasized", a fancy way for saying that Microsoft is hoping you'll start using SharePoint instead. The docs also say that OWA 2007 doesn't support browser-based access to public folders (a regression from Exchange 2003, and a mistake IMHO, but that's a discussion for another time.)
The Exchange team posted a blog entry explaining the details of what they meant by "de-emphasized", but it doesn't mention Entourage. As Exchange 2007 draws more attention, I'm seeing more people asking questions about Entourage and Exchange 2007.
The answer comes in two parts:
- Entourage uses WebDAV to access public folders (and mailboxes, for that matter) on an Exchange server. WebDAV is fully supported for public folder access in Exchange 2007. It works great; I use it daily with three different Exchange servers.
- OWA 2003 includes its own code that uses WebDAV to access public folders. There is no equivalent code in OWA 2007, so it can't display public folder contents. If and when MS adds such code to OWA 2007, that will have no impact on Entourage because Entourage doesn't use OWA to render public folders, it uses WebDAV.
Hopefully this will help clear things up somewhat, but (as John Welch has repeatedly said) it would be great to see an official statement from MS on this.
Wow, Matt Stehle may have just become my favorite Microsoft employee. He's posted a long list of Exchange Web Services samples, some of which are very interesting (this is my current favorite since Entourage can't do it yet).
Technorati Tags: Exchange 2007
Back in September I wrote a pair of columns about how Exchange 2007 uses certificates. In it I pointed out the utility of having multiple subject alternative names, or subjectAltNames, in a single certificate; doing so allows you to have a single cert that works with autodiscover.yourdomain.com, mail.yourdomain.com, and the real underlying FQDN, all in one cert. Unfortunately, as far as I can tell no commercial CAs will actually issue such a certificate.
However, I got mail today from Andrew Codrington at Entrust. They've just introduced a new "unified communications certificate" as part of their partnership with Microsoft. The UC cert includes 10 subjectAltNames, with the option of adding 3 more for an additional $99. Good deal? Maybe; the 1-year cert price is a whopping $599. Still, that's certainly cheaper than buying 3 standard Entrust certs @ $159 each when you factor in the time and labor required to obtain and install them. More on this later...
Technorati Tags: Exchange 2007
Doggone it, this just isn't fair. I was going to go to Lotusphere, but decided not to because I'm already going to Orlando twice this year for other trips.. and who's their keynote speaker? Only the first man to walk on the moon.
The list of past speakers from Lotusphere is pretty impressive: John Cleese; Rudy Giulani, Walter Cronkite... meanwhile, at the flagship MS event, we get... Microsoft executives. Don't get me wrong; I expect to see executives touting their products, and I appreciate Microsoft's efforts to bring in sidekicks like Samantha Bee or Mary Lynn Rajskub to liven things up a bit. However, why couldn't we have an interesting topical speaker? It couldn't be that hard. Warren Buffett would probably be glad to help his friend Bill out. How about Sean Payton? Scott Adams? The possibilities are limitless.
So, you can probably tell I'm working on a BitLocker-related project by now...
One drawback to storing BitLocker recovery passwords in Active Directory is that there's no good way to retrieve the recovery password when you need it, or so I thought. I suggested to the BitLocker team that they consider writing an extension to AD Users & Computers to make it easy for authorized admins to get a recovery password for a given computer-- turns out they'd already done it and were deep into the signoff process!
The tool is officially documented in KB 928202. It's an AD U&C extension that makes the BitLocker recovery information visible; you need to get it from PSS, but it's a free call, so why not?
Great news-- Security Analysis, the first part of the Data Encryption Toolkit for Mobile PCs, just went live.The overall Data Encryption Toolkit is a set of tools and guidance to help people secure the data on their laptops using Windows Vista with BitLocker and the Encrypting File System (EFS) in Windows XP and Windows Vista. Look for more pieces of the DET coming soon, as soon as we finish writing them :)
For the last few weeks I've had an odd problem with mail sent from my Treo. The solution ended up being unexpected.
I carry a Treo 700w pretty much everywhere I go. It's connected via Exchange ActiveSync to my home Exchange server and via IMAP to my server at 3Sharp. Combined with Entourage (and Pocket Outlook's ability to accept a meeting invite on an IMAP account and put it in the main calendar) this gives me on-the-go access to pretty much everything I need. However, since December or so I haven't been able to send from my 3Sharp account to some recipients, or so I thought.
This morning I finally got irritated enough to figure out what the problem was. Turns out it was the GRYNX greylist tool Devin implemented back in November. For some reason, it had decided that mail coming from some IPs (including the entire Verizon Wireless network) should be greylisted if the message contained more than one recipient. I guess this was expected behavior, since that's what a greylisting tool does.
The oddest thing is that I'd get an NDR message on my Treo telling me that there was an invalid recipient and that the message had been filed in the Drafts folder. This was a result of Pocket Outlook attempting to be helpful, but its message didn't really tell me what I needed to know.
I verified that this was the problem by using telnet from my desktop to log in, issue AUTH LOGIN, and try to send a message with one recipient-- worked great. I then did the same thing with two recipients and boom! I got grey. The fix was trivial: I had to add my sender address to the greylist whitelist (huh? did I just say that?) and now mail is working properly.
BitLocker allows you to store your recovery password in a file, in Active Directory, or on paper. However, Microsoft's Troy Larsen has another, extremely valuable, suggestion:
You might also consider saving a copy of the recovery password to your cell phone—then you will have it when you are a 1000 miles from home and discover that your two year old took your dongle off the desk when you were packing. Not that that sort of thing ever happens.
Wow, so many uses for this: a desktop 3-D printer for around $2500. You can't yet use one of these to print out parts for a second copy, but we're not that far off.
I recently needed to move 3 OST files from one disk to another, and for the life of me I couldn't figure out how. A quick search netted this article, which explained it all: you have to disable cached Exchange mode and block offline use for the OST, then move it. Clear as mud.
So, a couple of weeks ago I bought a refurbished Mac Pro from Apple. It came with a single 250GB SATA drive, with 3 open SATA bays. I had Devin send me two of our spare 250GB SATA drives from a previous project, with the intention that I would create a striped RAID set to hold my VMware Fusion virtual machines.
I popped the two disks in, rebooted the computer, and fired up Disk Utility. After formatting the two disks, I attempted to create a RAID array, but Disk Utility wouldn't see the second disk. In the process of fooling around, I created a mirrored array and added the first new drive to it, but I couldn't add the second drive. In frustration, I did a low-level format on drive #2; when the format completed, I was able to add it to the new volume, so I copied my files over to it and went about my business.
Technorati Tags: Mac OS X
I have long been complaining about Microsoft's inconsistent use of the word "cluster", which has a specific meaning: a set of interconnected computers that can share work and have at least some redundancy and failover capabilities. The Windows network load balancing folks call their solutions "clusters", as do the Microsoft Cluster Service (MSCS) team. This is needlessly confusing to customers. Thankfully, I noticed that the Exchange team is doing something about it-- if you check out the Exchange 2007 docs, they are now (properly IMHO) labeling their clusters as "failover clusters" to disambiguate clustering-for-redundancy from clustering-for-load-balancing. Yay!
Technorati Tags: Exchange 2007
Windows Vista's new BitLocker encryption technology is a two-edged sword. On the one hand, it offers excellent protection because it encrypts the entire OS volume with AES-256. On the other hand, if you lose the volume master key (VMK), you're screwed-- there's no way for you to unlock and recover data from the volume.
To make this less of a danger, Microsoft allows you to create a recovery password that you can use to decrypt the disk. More precisely, the technical overview says:
In BitLocker, recovery consists of decrypting a copy of the volume master key blob that has been encrypted with a recovery key stored on a pluggable USB flash drive or with a cryptographic key derived from a recovery password. The TPM is not involved in any recovery scenarios, so recovery is possible if the TPM fails boot component validation, malfunctions, or disappears.
However, you still have to be very, very careful not to lose the recovery password! Vista includes the ability to back up the recovery password to Active Directory, but Microsoft hasn't released the public details of exactly how to do this... until today, that is. The new BitLocker AD Guide describes how to enable AD backup of BitLocker recovery information (including the TPM owner password and the BitLocker recovery password for each protected volume).
You'll need to extend your AD schema to enable this recovery mode. Don't use the schema extension files on the Vista product DVD to do this. They don't contain the correct schema properties. Instead, use the schema extension included with the AD Guide itself.
From an anonymous source commenting on the new Apple iPhone:
I’m looking forward to the iPhone Shuffle which calls one of your contacts at random every time you hit Send.
The iPhone looks seriously shiny, but because it doesn't support HSDPA I don't think I want one-- I've gotten too used to Verizon's excellent local EvDO coverage. The better an "Internet communicator" the iPhone turns out to be, the more painful its lack of HSDPA will be. (Update: David Pogue sure drank the Kool-Aid.)
As for the Apple TV: meh. I'm not that excited about it, given that it looks like a way to pay $20 for a DRM-encrusted sub-DVD-resolution movie that requires a Mac to play it back. I'd rather have an HD DVD of the movie, or, failing that, I can rip it to my ReadyNAS and stream it through the Xbox 360. Or so I'm told; that doesn't actually work for me yet... perhaps that's the Apple TV's appeal.
Very cool news from Microsoft on Friday: they've released the production version of the Exchange Load Generator (LoadGen) tool, formerly codenamed "Swordfish". There are 32-bit and 64-bit versions available, both of which include documentation. LoadGen is a major change from the older LoadSim tool, in that it's tailored to better reflect actual performance of Exchange 2007 + Outlook 2003/2007. Kudos to Jeff Mealiffe and his team at Microsoft for this release (and thanks to Jessie Zhu, who helped me figure out how to effectively use it!) Look for more on LoadGen in this week's Exchange UPDATE newsletter.
Technorati Tags: Exchange 2007
I'm a big fan of Poyer's past work. In fact, except for his Civil War-era novels, I've read all of his books, and as different as they are (ranging from modern war-at-sea novels to a look back to rural Pennsylvania in the 1930s) they've all been excellent. Sadly, though, I don't think The Threat
Dan Lenson, the main character here, is probably the luckiest sailor alive. He's survived having his ship run over by an aircraft carrier, attempts on his life by angry crewmen, getting blown up by the Iranian Navy, becoming lost in the Canadian Yukon, being tortured by Saddam's Revolutionary Guard, and having a low-yield nuclear weapon detonated abeam the first ship he actually got to command. After all this excitement, being named to the National Security Council as the chief of the counterdrug office seems like it would be a letdown. Lenson quickly makes an impact in his new job, which results in him being shuffled off to join the rotation of military aides who carry the nuclear "football". Sinister forces are at work behind the assignment, though; the sitting President is a dishonest sleazebag who is loathed by the military-- some of whom may be plotting to assassinate him and pin the blame on a convenient target. Like, say, a decorated-but-unstable military officer whose wife just left him. Yeah, that's the ticket.
Poyer still has the exquisite eye for detail, and description that he has long had, but because he turns it to the political arena it doesn't have nearly the same impact as it does when he describes the high-speed chess of battles at sea, or even the quieter poetry of the sounds and sights of a ship under way. The plot development was regrettably predictable, and the good and bad guys are straight from Thriller 101. There are some memorable scenes (like when the President faces a hostile crowd of grunts at a field base in Africa), but overall this wasn't up to the standards of Poyer's previous books. You might still enjoy this, but if you're new to his series start with The Med
I got a mailer from the "Hilton New York Family" offering special [sic] rates for a variety of Hilton properties in New York City. They offered a special set of Broadway packages, including theater tickets to Wicked, Jersey Boys, or other shows, with a wide range of dates. Unfortunately, the URL they list on the flyer is wrong (www.hiltonfamilynew-york.com/broadway): it comes up blank. Remove the "/broadway" and you'll find that the URL they give points to a domain squatter. Try www.hiltonfamilynewyork.com and you'll get the right page (or you could just go here).
I've been playing with the beta of VMware Fusion on my Mac Pro. Why? I've been delighted with Parallels, but I need to be able to host 64-bit Windows VMs in order to run native Exchange 2007 machines. VMware handles this quite nicely so far, and I've been able to run my work XP VM under Parallels while simultaneously installing Windows x64 under VMware-- a nifty trick. However, I discovered that if you want to copy a VMware VM, you have to manually edit the VMX file, then generate a new UUID for the machine. It's not hard, but if you don't edit the VMX file by hand, the Fusion application will endlessly prompt you for the location of the VM disk image. It doesn't hurt anything, but it also doesn't work. That's what I get for using beta software, I guess.
Parallels, though, isn't sitting still. I love coherence mode, and I look forward to testing the direct disc burning features in their latest beta. My experience has been a bit different from Tom Yeager's in that I find Parallels' video performance perfectly acceptable on both the Mac Pro and the MacBook Pro. Visio, Office 2007, and Office 2003 all work faster under Parallels than the PowerPC builds of Mac Office do under Rosetta.
Technorati Tags: Mac, Virtualization
The latest craze sweeping the series of tubes is "5 Things", a sort of chain letter in which victims participants are supposed to list 5 things that others may not know about them, then pass the baton on to some other people. Thanks to Charles Robinson, I got tagged. Without further ado, five things you probably didn't know about me:
- My first "real" job was at L & N Photo, working for a man named Harry Green. I was 10, and earned the princely sum of $1/hr for doing odd jobs. I usually spent the money on superballs from the Winn Dixie next door, since I couldn't actually afford any of the equipment there. Thus began my lifelong interest in photography, sadly unmatched by any actual talent.
- My 10th grade English teacher once wrote on my report card that if I would only get over my fascination with technology I might someday make a good writer. Perhaps he was right :)
- As a lance corporal in the Marine Corps, I once had to give an impromptu brief to General Al Gray, who was then Commandant of the Marine Corps. Fortunately my nervousness didn't show, the brief went well, and I got a meritorious promotion to corporal out of the deal.
- I've never been snow skiing, snowboarding, or anything related. In fact, the first time I saw snow (that I can remember) was at age 15 at the YMCA of the Rockies with Aunt Betty.
- I love fixing mechanical things like engines. In high school, my dad and I rebuilt a VW Super Beetle, a '73 Chevy pickup, a '57 Chevy Bel Air coupe, a '64 Corvette, and a Cessna 210 (OK, we didn't rebuild it, but we worked on it a lot.) My favorite part of being in the Marines was learning to fix helicopters, and I'm eagerly looking forward to helping my sons learn some of the same skills.
Now, the fun part: I get to pick the next set of victims. I nominate Tim (whose new blog I can't find), Jim, Devin, Arlene, John (but first he'll have to fix his blog), and Jonathan.
From today's TVPredictions, this story about Belo Corporation, a broadcasting company that's telling cable companies in its markets that they'll have to pay to carry Belo's broadcast HDTV signals:
But Jim Rothschild, director of operations for the Belo-owned KMOV in St. Louis, said Charter should pay because the high-def channel helps the cable operator sign -- and keep -- customers."We are simply asking Charter to share some of the value that it gets from our HD investment. They pay national channels for HDTV services, so they should also pay local channels," he told the newspaper.
If I were Rothschild, I wouldn't go there. Local affiliates have long complained that they need protection from "distant locals" on satellite or cable, and Congress and the FCC have gone along with them because the "local locals" have been freely available OTA and on local cable. If broadcasters now want to start charging for carriage of their signals, that's just going to increase the likelihood that, say, Buckeye Cable will be able to buy HD affiliate signals from (say) Detroit and insert ads, just as they do for some national HD signals. That's not good for local affiliates or the holding companies, like Belo and Raycom, that own them.
MVP Jeff Centimano asked a good question on a private mailing list about why he couldn't get his 32-bit test server to fetch automatic anti-spam updates from Microsoft Update. Answer: that functionality is purposefully disabled in the 32-bit builds, since they're not supported for production use. Scott Schnoll has a great blog post that describes the other differences between 32- and 64-bit Exchange 2007 (plus the differences between Standard and Enterprise).
This is pretty cool: Autonet is launching a new service/gadget that provides seamless Internet connectivity as a hotspot in your car. I'm betting that they use cellular data, but they don't say whose. I've contacted their PR person for more details.
Back to the grind after a wonderful holiday break. OK, I admit it; it wasn't a break from work, except for the few days I took off around Christmas. However, it was a big change in our routine since David didn't have to get up at zero-dark-thirty to catch the junior high bus, and that made a big difference.
Santa (or, more properly, the section 179 fairy) brought me a couple of new gadgets that I'll be writing about. Stay tuned.
