Alexander’s Blog

September 16, 2010

Error Code: 500 Internal Server Error. The request was rejected by the HTTP filter. Contact the server administrator.

by Zubair Alexander @ 10:30 am. Filed under ISA Server, SharePoint, Tips & Tricks

The other day I was working on my Microsoft Office SharePoint Server (MOSS) 2007 and discovered that when I clicked on a new content type that I created, it gave me the following error in my browser.

Error Code: 500 Internal Server Error. The request was rejected by the HTTP filter. Contact the server administrator.

First I looked at various settings on my SharePoint server just to make sure that everything was in order. I couldn’t find anything suspicious on the server so I proceeded to the next step and looked into the error message. The error indicated that my request was rejected by the HTTP filter so I knew I have to troubleshoot the problem on my ISA Server 2006 which filters the HTTP requests. After doing a little bit of research I discovered that clearing the option to verify normalization might help solve my problem, and luckily it did. Normalization is the process of decoding URL-encoded requests. By clearing this option, I would not be blocking requests with URLs that contain escaped characters after normalization. Here’s the step-by-step procedure.

  1. Start ISA Server 2006 Management Console.
  2. Go to the Firewall Policy.
  3. Right-click the Web policy rule that allows access to the SharePoint server and select Configure HTTP.
  4. Clear the box Verify normalization, as shown below.
  5. You don’t have to change the option to Block high bit characters as shown in the screen shot. You can leave it to the default option on your server. On my server I have selected the option to specify that URLS with high-bit characters are blocked because it can help block some attacks on Web servers running Internet Information Services (IIS). The downside to selecting this option is that it may also block requests and responses that contain characters from one of several languages that require high-bit characters.
  6. Apply the change made to your ISA Server 2006 and the error on your SharePoint server should go away immediately.

If you are curious about the verify normalization option, here’s some more information from Microsoft TechNet.

Web servers receive requests that are URL encoded. This means that certain characters may be replaced with a percent sign (%) followed by a particular number. For example, %20 corresponds to a space, so a request for http://myserver/My%20Dir/My%20File.htm is the same as a request for http://myserver/My Dir/My File.htm. Normalization is the process of decoding URL-encoded requests.

Because the % can be URL encoded, an attacker can submit a carefully crafted request to a server that is basically double-encoded. If this occurs, Internet Information Services (IIS) may accept a request that it would otherwise reject as not valid. When you select Verify Normalization, the HTTP filter normalizes the URL two times. If the URL after the first normalization is different from the URL after the second normalization, the filter rejects the request. This prevents attacks that rely on double-encoded requests.

Note that while we recommend that you use the Verify Normalization function, it may also block legitimate requests that contain a %.

Best Practices

  1. As a best practice, always make sure that you document the changes made to your server. Documenting server configuration takes a little bit of your time but it can save you hours or even days or weeks at a later time.
  2. When you create a SharePoint site, list or library, make sure that you do not use a space. You can always go back and create spaces in the name after the fact to make it more readable. By using this method, the URL will not contain the extra “garbage” %20 characters and your users will still be able to find your list and library names readable. Spaces in SharePoint URLs causes several potential problems. The space character is replaced with %20. Not only it makes the URL difficult to read, it also increases the length of the URL, which may cause you to go over the upper limit. For example, a file or folder name in a URL cannot contain more than 128 characters in WSS 2.0/3.0 and MOSS. Although SharePoint URLs can be up to 260 characters, as a best practice I discourage people from using more than 256 characters because link list items cannot be more than 256 characters.
  3. Keep the names of your SharePoint sites, lists and libraries short. Instead of creating a library called Human Resources, call it HR. After creating the library you can change the name under Title and Description to Human Resources. Moral of the story: Avoid spaces in SharePoint URLs and be happy!

September 8, 2010

How to Remotely Restart a Windows Computer

by Zubair Alexander @ 8:36 am. Filed under Articles, Remote Connectivity, Tips & Tricks, Win2K Pro, Windows 2000, Windows 2003, Windows 2008, Windows 7, Windows Vista, Windows XP

The Shutdown command can be used to remotely restart or shutdown a Windows 2000 or later computer.

For example, you can remotely reboot a Windows 7 computer from a Windows XP computer as long as you have administrative privileges. On the destination computer, you may need to ensure that your account has the user right “Force shutdown from a remote system.” You can run gpedit.msc at the Start, Run and then add your account to that user right, as shown in the screenshot below.

The shutdown is especially handy for Network Administrators and PC Support professionals in a domain environment. Here’s the syntax used by the shutdown utility.

C:\> shutdown /?

Usage: shutdown [-i | -l | -s | -r | -a] [-f] [-m \\computername] [-t xx] [-c "comment"] [-d up:xx:yy]

No args                 Display this message (same as -?)
-i                      Display GUI interface, must be the first option
-l                      Log off (cannot be used with -m option)
-s                      Shutdown the computer
-r                      Shutdown and restart the computer
-a                      Abort a system shutdown
-m \\computername       Remote computer to shutdown/restart/abort
-t xx                   Set timeout for shutdown to xx seconds
-c “comment”            Shutdown comment (maximum of 127 characters)
-f                      Forces running applications to close without warning
-d [u][p]:xx:yy         The reason code for the shutdown
u is the user code
p is a planned shutdown code
xx is the major reason code (positive integer less than 256)
yy is the minor reason code (positive integer less than 65536)

To restart a computer make sure you use -r, to shutdown the computer use -s. As mentioned earlier, the shutdown command can be used on a local or a remote computer. To restart a remote computer use -m \\computername. For example, if you have a computer that’s hung on a certain process and you can’t even remote desktop into it, you can try to restart the computer remotely and force running applications to close without warning by using the following command.

shutdown -m \\computername -r -f

If you want to use the GUI version, simply type shutdown -i to bring up the graphical interface. Here you can add, one or more computers, configure the option to Restart, Shutdown, or Loggoff, display a warning notice on the computer, configure the computer to reboot after a specific interval, and configure the option for Shutdown Event Tracker that will record the reason for the action in the Event Viewer.

I mentioned at the beginning of the article that you can use Shutdown utility on Windows 2000 and later computers. Microsoft’s KB article 317371 explains how to use Shutdown tool in Windows 2000. However, notice that the older utility used a forward slash (/) instead of a hyphen (-) for the switches.

Copyright ©2010 Zubair Alexander. All rights reserved.

September 6, 2010

Demystifying Hyper-V Snapshots

by Zubair Alexander @ 9:11 am. Filed under Articles, Virtualization, Windows 2008

Snapshots must be one of the nicest features in Hyper-V. Unfortunately, too many people are confused…..justifiably, in my opinion…. about how exactly the snapshots work in Hyper-V. I am not talking about taking snapshots and restoring to a previous snapshot. That’s simple enough even for a ten year old kid. I am talking about how differencing disks work, why sometimes when you delete snapshots the disk is merged while other times it is not, what exactly is saved in a snapshot folder, how to save an image so it consists of only one portable VHD file, what should you do if you want to save an image and load it on another computer but the image has one or more snapshots, what happens to the virtual machine’s settings and how can you back them up…….and a gazillion other similar questions that come to mind when working with Hyper-V virtual machines.

Well, I can’t cover all the possible scenarios in this article so I will discuss some fundamental concepts and explain how snapshots work behind the scenes and how you can deal with an image that have snapshots attached to them, especially if you intend to backup and load that image to another computer.

Under the Covers

Microsoft Virtualization Program Manager Ben Armstrong has documented how snapshots work “under the covers.” I have the pleasure of having Ben speak at my Windows Networking User Group in Seattle. Known in the industry as the Virtual PC guy, he is a recognized authority on virtualization. Here’s is what he has documented in his blog.

When you take a snapshot of a running virtual machine:

  1. We pause the virtual machine.
  2. We create a new differencing disk for each virtual hard disk and hook it up to the virtual machine.
  3. We make a copy of the virtual machine’s configuration file.
  4. We resume the virtual machine (note that this happens so quickly that you do not know that the virtual machine was paused at all.
  5. Once the virtual machine is running again we start saving the contents of the virtual machine’s memory to disk.
  6. While this is happening we monitor memory activity inside the virtual machine and if the the guest operating system attempts to modify memory that we have not copied, we intercept the write attempt and copy the original memory contents then allow the write to go through.

Once the snapshot is completed we have a set of the virtual machine configuration file, the virtual machine saved state files and the snapshot differencing disks (.AVHDs) stored in a folder under the virtual machine’s snapshot directory.

This is now treated as a read-only “point in time” image of a virtual machine.  You can apply a virtual machine, in which case we set the virtual machine to start from a copy of the snapshot.  You can change the virtual machine settings after applying a snapshot – but you cannot change the snapshot settings themselves.

You can also delete a snapshot.  If you delete a snapshot that has no descendants (snapshot with differencing disks that reference the snapshot being deleted) then the files associated with the snapshot will just be deleted.  If you delete a snapshot with only one descendant the configuration and saved state files for the snapshot will be deleted and the snapshot differencing disks will be merged with those of it’s descendant.  If you delete a snapshot with more than one descendant the snapshot configuration and saved state files will be deleted – but the differencing disks will not be merged until the number of descendant snapshots is reduced to one.

A Closer Look at the Snapshots

To elaborate on what Ben has documented, let’s look at an example. Let’s say you have a virtual machine with several snapshots. You would like to make a backup of this virtual machine and load it on another computer. The folder structure of the virtual image looks like this.

Notice there is a Snapshots folder and a Virtual Machines folder. There is one .VHD file that has a date of 9/3/2009 (more than a year old). There are  seven .AVHD (snapshot differencing disks) files, each with a date that corresponds to the time when the snapshot was taken. The Snapshots folder looks like this.

This structure contains a bunch of XML files and additional folders labeled with GUID numbers. If you look inside the folders they contain .BIN and .VSV files.

Finally, the Virtual Machines folder looks like this.

This folder structure looks very similar to the Snapshots folder except that it only has one XML file and one GUID folder that contains a single .BIN and .VSV file.

At this point if you were to delete the oldest snapshot and then turn off the virtual machine, you will notice that the size and the date of the.VHD file that you need to export to another machine will still have the old date. The reason being you deleted a snapshot that has more than one descendant. Although the snapshot that you deleted will have its configuration and saved state files deleted but the differencing disk is not going to be merged with the .VHD file until you are left with only one snapshot. Even if you delete the second, third, fourth, fifth and sixth snapshot, the differencing disks (.AVHD files) will still be there until the merge takes place. Therefore, if you want to get rid of all the snapshots (.AVHD files) and be left with only one .VHD file, you will have to delete all the snapshots and then turn the virtual machine off.

NOTE: Even if you delete all the snapshots and then shut down the virtual machine, your differencing disks (.AVHD files) will not be merged. You must TURN OFF the virtual machine, not shut it down.

Once you have deleted all the snapshots and then turn off the virtual machine, the differencing disks will be merged at that time. Depending on the size of the differencing disks this may take several hours. The status in the Hyper-V console will display the percentage of completion.

Exporting the Image

To make a copy of the virtual machine so you can load it on another computer, you can export the virtual machine. The virtual machine must be turned off before you can export the image. Even if you have a bunch of snapshot, you can still turn the computer off and export it. The entire file structure, including the snapshots, will be backed up in the exported folder. For example, create a folder called Exported Hyper-V Images. Do not create sub-folders in this folder because when you export an image it automatically creates a folder for the image with its name. You will an XML file in the root of the folder structure plus three other folders.

  1. Snapshots (contains snapshots, unless you don’t have any, in which case this folder will be empty)
  2. Virtual Hard Disks (contains a .VHD file)
  3. Virtual Machines (contains a .EXP file)

You can simply copy this entire folder structure to another computer and load the image. All your snapshots will be in tact, along with the virtual machine settings.

#CLUSTER-INVARIANT#:{GUID}

On a side note, you may have noticed a strange entry in the notes in the Name section of your Hyper-V settings. It’s not something that you added. The entry adds the #CLUSTER-INVARIANT# after the notes so it looks something like this:

Corporate Server image used for training and testing.#CLUSTER-INVARIANT#:{abba09d4a-e956-4367-8357-f46bd7ea6d4}

DO NOT delete or edit this entry after the notes. The Virtual Machine Manager (VMM) adds these values to the notes field so that the system can associate a specific virtual machine with VMM. If you move a VMM from one host to another without VMM having any knowledge of the move, these fields are used to reassociate the VM.

Hopefully, you have a better understanding of how snapshots work behind the scenes and how to better manage them. There’s much more to managing Hyper-V images. I plan to address other issues at a later time, such as how to manage the networking aspects of Hyper-V.

Copyright ©2010 Zubair Alexander. All rights reserved.

September 5, 2010

DNS Glossary

by Zubair Alexander @ 7:56 am. Filed under Active Directory, Win2K Pro, Windows 2000, Windows 2003, Windows 2008, Windows 7, Windows Home Server, Windows NT, Windows Vista, Windows XP

Microsoft’s Active Directory relies on Domain Name System (DNS) so it’s important to have a good understanding of DNS concepts and terms. Here’s a glossary of DNS terminology in alphabetical order.

You can also download a PDF version of this glossary here.

Alias (CNAME)

An Alias resource record is also sometimes called CNAME (canonical name) resource record. With these records, you can use more than one name to point to a single host, which makes it easy to do such things as host both a File Transfer Protocol (FTP) server and a Web server on the same computer. The most common or popular use of an alias (CNAME) resource record is to provide a permanent DNS aliased domain name for generic name resolution of a service-based name, such as www.tailspintoys.com, to more than one computer or one IP address on a Web server.
Authoritative DNS Server

A DNS server is considered authoritative for a name if it loads the zone authoritative for that name.
Authoritative DNS Zone

A DNS zone is considered authoritative for a name if the name belongs to the DNS sub-tree, delegated to that zone.
AXFR

Type of zone file replication. AXFR replicates the entire zone. (See also IXFR.)
DNS Dynamic Update
An update to the DNS standard that permits DNS clients to dynamically register and update their resource records in the zones of the primary server.
DNS server
A server that maintains a database of mappings of FQDNs to various types of data, such as IP addresses.
Domain
Any branch of the DNS namespace.
Domain Name System (DNS)
A hierarchical, distributed database that contains mappings of DNS domain names to various types of data, such as IP addresses. DNS enables the location of computers and services by user-friendly names and the discovery of other information stored in the database.
Forward Lookup
A DNS query that maps an FQDN to an IP address.
Forwarder
A DNS server designated by other internal DNS servers to be used to forward queries for resolving external or offsite DNS domain names, such as those used on the Internet.
FQDN (fully qualified domain name)
A DNS name that has been stated to indicate its absolute location in the domain namespace tree. An FQDN has a trailing period (.) to qualify its position relative to the root of the namespace. An example is host.example.microsoft.com.
Host (A) Record

A host (also known as “A”) resource record in a zone is used to associate DNS domain names of computers (or hosts) to their IP addresses.
Host Name
The DNS name of a host or interface on a network. For one computer to find another, the name of the computer to locate must either appear in the Hosts file on the computer that is looking, or the name must be known by a DNS server. For most Windows-based computers, the host name and the computer name are the same.
Host Name Resolution
The process of resolving a host name to a destination IP address.
Hosts File
A local text file in the same format as the 4.3 BSD release of UNIX /etc/hosts file. This file maps host names to IP addresses, and it is stored in the systemroot\System32\Drivers\Etc folder.
Iterative Query
A query made to a DNS server for the best answer the server can provide.
IXFR
Type of zone file replication. IXFR, incremental zone transfer, replicates only the changed records of the zone file.
MX (Mail Exchanger) Record

E-mail applications use the mail exchanger (MX) resource record to locate a mail server based on a DNS domain name in the destination address for the e-mail recipient of a message. The mail exchanger (MX) resource record shows the DNS domain name for the computer or computers that process mail for a domain.
Master and Slave DNS Servers
Two DNS servers are called Master and Slave if they contain the copies of the same zone, one of which is directly replicated from another. The source of replication is called Master server, the destination of replication is called Slave server. Every Master may have one or more Slaves and vice versa, every Slave may have one or more Masters. The same DNS server may be the Master and Slave at the same time.
Master Server
A DNS server that is authoritative for a zone and that is also a source of zone information for other secondary servers. A master server can be either a primary or secondary master server, depending on how the server obtains its zone data.
Pointer (PTR) Record
A pointer (PTR) resource record supports the reverse lookup process, based on zones that are created and rooted in the in-addr.arpa domain. These records locate a computer by its IP address and resolve this information to the DNS domain name for that computer.
Primary and Secondary Zones
The same zone may be represented by primary and secondary copies. The primary is the zone/copy that allows direct updates of its resource records. The secondary is the one that receives all the updates from primaries or secondary zones through the zone transfer mechanism only. Only the DS integrated zones may have multiple primaries. Multiple secondaries are allowed in either scenario.
Primary Server
A DNS server that is authoritative for a zone and that can be used as a point of update for the zone. Only primary servers can be updated directly to process zone updates, which include adding, removing, or modifying resource records that are stored as zone data.
Recursive Query
A query made to a DNS server in which the requester asks the server to assume the full workload and responsibility for providing a complete answer to the query. The DNS server will then use separate iterative queries to other DNS servers on behalf of the requester to assist in completing an answer for the recursive query.
Resource Record
Atomic unit of the DNS database. All resource records have the same format that includes NAME, TYPE, CLASS, TTL, RDLENGTH and RDATA that depends on TYPE and CLASS of the resource record. A set of resource records builds up a DNS zone.
Reverse Lookup
A DNS query that maps an IP address to an FQDN.
Root Domain
The beginning of the DNS namespace.
Root Server
DNS server that contains a root zone is called a root server.
Root Zone
A zone that contains the DNS root domain is called the root zone.
Secondary Server
A DNS server that is authoritative for a zone and that obtains its zone information from a master server.
Second-level Domain
A DNS domain name that is rooted hierarchically at the second tier of the domain namespace, directly beneath the top-level domain names. Top-level domain names include .com and .org. When DNS is used on the Internet, second-level domains are names that are registered and delegated to individual organizations and businesses.
Service location (SRV) Record
Service location (SRV) resource records are required for location of Active Directory domain controllers. Typically, you can avoid manual administration of service location (SRV) resource records when you install Active Directory Domain Services (AD DS). In the future, the service location (SRV) resource record may also be used to register and look up other well-known TCP/IP services on your network if applications implement and support DNS name queries that specify this record type.
Start of Authority (SOA) Record
A start of authority (SOA) record specifies the following values for a zone: a primary server, zone administrator’s e-mail address, secondary zone expiration values, and minimum default TTL values for zone resource records.
Subdomain
A DNS domain located directly beneath another domain (the parent domain) in the namespace tree. For example, example.microsoft.com would be a subdomain of the domain microsoft.com.
Top-Level Domains
Domain names that are rooted hierarchically at the first tier of the domain namespace directly beneath the root (.) of the DNS namespace. On the Internet, top-level domain names such as .com and .org are used to classify and assign second-level domain names (such as microsoft.com) to individual organizations and businesses according to their organizational purpose.
TTL (Time-To-Live)
TTL is duration of time when a specific resource record could be cached.
UCS-2

Also known as Unicode is a character encoding protocol.
UTF-8
A character encoding protocol specified in RFC 2044.
WINS (Windows Internet Name System)

WINS is the pre-DNS name system. It is still supported in the Windows 2000 and later servers in order to maintain interoperability between the different generations of Windows computers.
Zone
A manageable unit of the DNS database that is administered by a DNS server. A zone stores the domain names and data of the domain with a corresponding name, except for domain names stored in delegated subdomains.
Zone Transfer
The synchronization of authoritative DNS data between DNS servers. A DNS server configured with a secondary zone periodically queries its master server to synchronize its zone data.

September 1, 2010

How to Manage Previewers in Outlook 2010

by Zubair Alexander @ 9:03 am. Filed under Applications, Exchange/Outlook, Security/Firewalls, Tips & Tricks

If you are unable to preview Word, Excel and PowerPoint files in Outlook 2010, make sure that the previewers are not disabled. The attachment previewers are enabled by default. Here’s how the previewers work in Outlook 2010.

First of all, make sure that the attached file that you are trying to preview in Outlook has the application installed. In other words, if you are trying to preview a Word file in an Outlook message then Microsoft Word must be installed on your computer. For security reasons, you have the option to selectively remove some or all the attachment previewers.

If you want to selectively use only certain attachment previewers in Outlook then follow these steps.

  1. Click the File tab.
  2. Click Options
  3. Click Trust Center.

  4. Under Microsoft Outlook Trust Center, click Trust Center Settings, and then click Attachment Handling.
  5. Do one of the following:
    • To turn off all attachment previewers, click Turn off Attachment Preview.
    • To turn off a specific attachment previewer, click Attachment and Document Previewers, clear the check box for a previewer that you want to turn off, and then click OK.

« Previous Page
Next Entries »

Contact E-mail | Terms of Use | Privacy Policy

Copyright ©2010 Zubair Alexander. All rights reserved.

Internal Links

Search Blog

Categories

Archives

September 2010
M T W T F S S
« Aug   Oct »
 12345
6789101112
13141516171819
20212223242526
27282930  

RSS Feeds

TechGalaxy Visitors

24 queries. 0.536 seconds