Category Archives: Everything Else

Miscellanea

Archived Ten Laws of Security 2.0 (https://web.archive.org/web/20180529154650/https://technet.microsoft.com/en-us/library/hh278941.aspx)

Archived Ten Laws response (https://web.archive.org/web/20190928204316/http://www.edgeblog.net/2006/10-new-immutable-laws-of-it-security/)

Archived Ten Laws Re-Review (https://web.archive.org/web/20190710001511/https://docs.microsoft.com/en-us/previous-versions/technet-magazine/cc895640(v=msdn.10))

Krebs on Security (https://krebsonsecurity.com/)

Raymond Chen’s Blog (https://devblogs.microsoft.com/oldnewthing/)

Barracuda Spam Firewall Rooting (http://blog.shiraj.com/2009/09/barracuda-spam-firewall-root-password/)

Group Policy team blog (https://blogs.technet.microsoft.com/grouppolicy/)

Aaron Stebner’s Weblog (notes on .Net) (https://docs.microsoft.com/en-ca/archive/blogs/astebner/)

AskPerf Ask The Performance Team (https://aka.ms/AskPerf)

AskDS Ask the Directory Services Team (https://aka.ms/AskDS) (Archive: https://docs.microsoft.com/en-ca/archive/blogs/askds/) (A lot of interesting deep dives on ESE)

Thomas Maurer’s Blog (Azure Advocate) (https://www.thomasmaurer.ch/)

Carl Stalhood’s EUC Blog (https://www.carlstalhood.com/)

Robin Hobo (https://www.robinhobo.com/)

Helge Klein’s Blog (https://helgeklein.com/)

Brent Ozar’s Corp Blog (https://www.brentozar.com/)

DBA Reactions (Lighthearted fun) (https://dbareactions.com/)

Dynamics CRM Plugin Mistake

Quick one (i.e. not the prettiest article): I was building another CRM plugin and kept getting a really annoying exception. Followed by an uncatchable exception.

System.NullReferenceException: Microsoft Dynamics CRM has experienced an error.

Useful, I know. If I turned on profiling and tried to replay the plugin it would execute as expected. Turing to the CRM server event log I saw this:

ASP.NET event 1309
Exception information: 
    Exception type: NullReferenceException 
    Exception message: Object reference not set to an instance of an object.
   at Microsoft.Crm.Application.InlineEdit.InlineEditJsonConverter.IsLocalizedAttribute(AttributeMetadata attributeMetadata)
   at Microsoft.Crm.Application.InlineEdit.InlineEditJsonConverter.AppendDataValueJson(StringBuilder dataValues, String attributeLogicalName, Entity entity, FormMediator formMediator, Boolean encodeValues, IOrganizationContext context)
   at Microsoft.Crm.Application.InlineEdit.InlineEditJsonConverter.GetEntityAttributeJsonContent(Entity entity, FormMediator formMediator, Boolean encodeValues, IOrganizationContext context)
   at Microsoft.Crm.Application.InlineEdit.InlineEditJsonConverter.<EntityPropertiesToJsonInternal>d__3.MoveNext()
   at System.Linq.Enumerable.WhereEnumerableIterator`1.MoveNext()
   at Microsoft.Crm.Application.InlineEdit.InlineEditExtensionMethods.WriteSeparatedValues(TextWriter writer, IEnumerable`1 values, Char separator)
   at Microsoft.Crm.Application.InlineEdit.InlineEditJsonConverter.WriteEntityProperties(TextWriter writer, Entity entity, FormMediator formMediator, NotificationCollection notifications, PrivilegeCheck privilegeChecks, Boolean appendEntriesForFirstTimeLoad, Dictionary`2 parameters, Boolean encodeValues)
   at Microsoft.Crm.Application.InlineEdit.ReadFormDataBuilder.WriteFormDataJson(TextWriter writer)
   at Microsoft.Crm.Application.InlineEdit.ReadFormDataBuilder.WriteFormattedEntityData(TextWriter writer, Boolean isTurboForm)
   at Microsoft.Crm.Application.Pages.Form.FormDataPage.Render(HtmlTextWriter writer)
   at System.Web.UI.Control.RenderControlInternal(HtmlTextWriter writer, ControlAdapter adapter)
   at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)

I figured I was sending data that couldn’t be rendered. After going back and forth trying to debug I noticed that my attribute keys had a capital letter in the middle (i.e. “contoso_entity_customBlah”). That’s was an hour of my life because of a capital letter.

p.s. I noticed that sometimes when debugging the profiler would throw an uncatchable exception, but only if a debugger was attached. The debugger couldn’t detach once the exception was thrown.

I’d replay the plugin: no exception.

Attach the debugger and replay: see a caught exception! Then the plugin tool would crash due to an uncaught win32 exception. Of course I couldn’t debug the plugin tool because I already had a debugger attached, and I couldn’t detach the debugger because yadda yadda yadda. Turns out if you try to debug a sandboxed plugin in some circumstances the debugger in traceinternal tries to get fileiopermission and fails (because sandbox). So yeah, it was the debugger throwing an exception that it didn’t catch.

I ended up attaching the debugger, hitting a breakpoint, detaching the debugger, then reattaching the debugger after the plugin tool threw an exception. Of course the solution was to debug outside the sandbox.

Cannot disconnect windows server iSCSI sessions when you ignore your own advice

TL;WR: If you can’t eject a disk and you have apps open, try closing them! Duh. Suggested Pairing: A third of your remaining tea/coffee vessel.

Wasted 15 minutes of my life today trying to disconnect two iSCSI sessions on a development Windows Server 2012 R2 hyper-v host. Kept getting “This session cannot be logged out since a device on that session is currently being used”. Pulled up Process Explorer looking for handles on the disks (searching MPIO in my case because we were using MPIO). Lo and behold our task manager had open handles on the disks.

I immediately realized that this particular test server had disk perf monitoring running (DISKPERF -Y). That puts basic disk performance counters into task manager and of course I had task manager open in the background. While that’s handy for a test server, it’s not recommended in production for performance reasons and things like this. Solution was to follow my own advice and close background apps when troubleshooting access problems. Do as I say etc.

IPECS ES-3052G Actual Full Manual

Any time I’ve needed the manual for this switch it’s been an absolute pain to find. Last time I had to dig around in some sketchy .ru open directory.

Manual: ES-3052G

Fun Facts:

  1. This is the 1044 page, published in 2012, bona fide user manual
  2. This is not just the datasheet
  3. This is not just a random 350 page rip
  4. This is for the ES-3052G / ES-3052GP
  5. I don’t remember how to do a reset if you forgot the password. Comment if you know, otherwise just don’t forget it. Manufacturer guidance for lost passwords is “Don’t”.

Helpfully available at https://fccid.io

System Defaults:

Serial: 115200 8,N,1 
Management VLAN: 1
IP Address: 192.168.1.10/24

Username: admin
Password: admin

Speeding up WSUS

Preface: All of this is untested, lacking benchmarks, purely qualitative, and seriously failing at all aspects of scientific method or rigour.

The following commands should do something in theory. The powershell is for WSUS 4.0/4.1. You also need to open the GPO and check the Computer -> Admin Templates -> Network -> BITS template for the download speed restrictions. With the restrictions appropriately set (or removed if you’re impatient like me, just remember to set them back); bits can be set to foreground mode (same as foreground mode all the way back to WSUS 2.0).

(get-wsusserver).GetConfiguration().BitsDownloadPriorityForeground=$true

Note that that command will only affect the in-memory instance of WSUS, restarting the service will wipe the setting. There’s a .SaveConfig() command you can run to persist the setting but I can’t attest to the effects.

Thanks to Tyrone Watt for the ps. BitsDownloadPriorityForeground isn’t listed in the IUpdateServerConfiguration interface, so god knows where the guy he got it from…. got it from… cause the link’s dead…and waybackmachine shows his guy used the old sqlcmd method (which doesn’t work for WSUS 4.x)… see why I do this?

UPDATE: I found a little more info on the Foreground setting. According to a Microsoft docs France page it’s an internal (hence the poor public documentation) setting that does what it says on the tin.

This internal setting specifies whether or not to use foreground priority for BITS downloads. The default is to use throttled downloads. This setting was added to handle issues with certain proxy servers that did not correctly handle HTTP 1.1 restartable downloads.

Changing the BITS job to foreground does the following:

  1. Increases priority of the job (Duh)
  2. Downloads only happen as streams and they do not use content ranges. That means that the downloads are not restartable. That implies that if you’re downloading over a shoddy connection that it might actually be slower. Especially if you’re using express packages.
  3. Prevents BITS from downloading files over 2 GB?

I’m not sure how the WSUS engine handles all those limitations when the flag is set, it’s probably fine, and it’s also probably why it’s an internal setting. Just another reason that cargo-cult administration is often asking for problems.

Converting PowerBI Desktop Reports from Import to Direct Query

TL;WR: PowerBI can either cache your data or query it live. If you build a report cached (import mode) it won’t let you convert it to live (directquery). I decided to do it anyway. Suggested Matching: ███████, soda, touch of ███████, ███████, and frozen fruit. Layered in a Collins glass.


PowerBI Desktop is…. in development (at the time of writing, hopefully forever). I’ve had all kinds of fun with its fantastic quirks.

Anyway I had a report with lots of formatting but very simple queries and relationships. The pbix files are binaries with zipped data in them, but I couldn’t be bothered reverse engineering the extra headers/wrappers. Instead I loaded up the report in question, used a debugger to edit the report definition in memory, and re-save it. After that fun, reloading and fixing the computed columns was easy and the new report works.
PowerBI wants to use its own zip wrapper, fine use it.

Obviously, that is a highly unsupported workaround and a Bad Idea™

I personally just used CheatEngine for this, I guess you could use WinDBG or IDA or any of the other ones if you’re familiar. CheatEngine is however perfect for simple application memory editing.

Updating Queries to use DirectQuery
  1. Attach a debugger to the PowerBI desktop application.
  2. Replace all instances of the following bytes:
44 69 72 65 63 74 51 75 65 72 79 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 14

with

44 69 72 65 63 74 51 75 65 72 79 01 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 14
Updating Relationships to use DirectQuery

There’s two ways of going about this:

  1. Be smart and write a little asm patch that replaces any calls to read the memory location to read back from your own location.
  2. Be lazy like me and let pbi desktop reinsert the overwritten IgnoreCase setting (reason being that you can’t just ‘add space’ to the memory of a loaded application for our new tag).

Since I am inherently lazy this is the second way.

  1. Search the memory for the string below and replace it with the one after INCLUDING WHITESPACE (probably best to just edit in memory, whitespace out the rest of the bi: tags)
PreferOrdinalStringEquality="true"><bi:CompareOptions IgnoreCase="true" />
PreferOrdinalStringEquality="true" DirectQueryMode="DirectQuery"        />

Now after saving and reloading (on a copy of the report obviously) PBI should ask to revalidate the queries and you’ll need to remove unsupported functions like calculate and datetime stuff. I personally lost my computed columns but everything else worked. If you search memory again PBI should have reinserted the IgnoreCase option in the relationships after the direct query option. If it didn’t…. well…. like I said. Bad Idea!

You could freeze the application with the debugger while you’re doing this, I didn’t and it worked regardless, but I take no responsibility whatsoever for editing open report definitions using a debugger.

Windows Update Refused to Work, So I Spoon-Fed it.

TL;WR: Windows update never got past checking for updates. Nothing worked. Used my private WSUS server and spoonfed it 10 updates at a time. Suggested Pairing: Bread Water.


Warning: The following was a holiday experiment turning into a WSUS manipulation rabbit hole. Real research would’ve involved some debugging. All this was probably related to a terminally broken WID or something else that real work would’ve resolved.


I have a laptop to fix. The poor thing was worked over by a ‘power user’. The belligerently ignorant person left their mark on everything they could. They installed every browser, installed Avast (but left defender running… somehow), pretty much everything on ninite, pirated keys (even though it had the oem keys), rosetta stone (again, pirated) without the language packs, etc. etc.

The worst though was killing windows update. Something about the government using it to spy on people. Ironically the ‘expert’ left telemetry on full bore.

I digress. I tried everything on this computer. Windows update would stick on checking for updates and never return. It hadn’t been updated in two and a half years so I expected a delay, but not 20 hours.

A packet cap was showing that wuau was reaching the Microsoft servers and after 20 or so packets it received a 200 OK then just stopped responding. Then all of the TCP connections would timeout and close. Not. A. Peep. All it would do is poke a few reg values for the wuau gpo settings.

I suspected that it was vaguely related to the kind of max server round trips problem (0x80244010). That’s an issue involving too many metadata requests or too much metadata period. I didn’t get those errors specifically but who knows how many bugs there were in the totally stock and probably pirated servicing stack.

First up I tackled the update agent  (Here for win 8.1/ Server 2012 R2, watch for the prerequisites). Which in this case happened to be pretty much the last update it received before wuau got the ‘Old Yeller’ treatment.

I ran the Windows update diagnostic cab (Here) and each time it did its thing but the problem never went away. Stopping the windows update service (wuauserv) and deleting the \Windows\SoftwareDistribution\ folder (data store that catalogues the updates and stores update info) would get it started again but the same problem kept popping up.

After checking AV, other network apps, other file apps, running a procmon trace, sfc, dism, and little Christmas Consuming I decided to try one last thing before a clean boot. I mean, if too many available updates is the problem, can we show it fewer updates?

I popped onto my home WSUS server, added a computer group for this poor laptop, and added the windows 8.1 updates to the catalogue.

  • I set up two empty computer groups.
  • Went through and picked out the updates I wanted, approved them for the first empty group to start the download
  • Blindly made the tweaks Here as per cargo-cult administration standards.
  • On the laptop I updated the GPO to point at my wsus server and added it to the second empty computer group.
  • As updates came in (starting with top of tree/cumulative monthlies) I added approvals for the second group in batches of 5 (8-10 at a time later).
  • Popped on the laptop and started the updates. THEY WORKED.

After all that I got too much ego going and decided to try approving 20 updates. No dice, I had to wipe the SoftwareDistribution cache again just to get it working. Finally I got it up to date, 8 updates at a time… Never did figure out why, it’s on the slate for a reinstall soonish. If you’ve got any ideas before I do the reinstall I’m open to taking a look, let me know. She’s long gone, few caps popped shortly after one of the LCD ffc’s gave out and it was relegated to the boneyard.