David Grey's Blog

Outlook Web Access not working with Exchange 2003

Recently I installed Excahgne 2003 on a Windows Server 2003 Domain Controller on our network. I know this is probably not advisable, but we only have a small network with a few machines and there was really anywhere else to put Excahnge. Anyhow, Exchange works brilliantly for us, except for Outlook Web Access (OWA). The domain administrator account can quite happily log in to and make use of OWA; if any other user tries to use OWA, authentication fails three times and then an HTTP/1.1  401 Unauthorized error page is displayed. If figure that this is something to do with (lack of ) file permissions or user rights assignments on non-admin domain accounts, but I can't work out which permissions. I've found a couple of other postings on the Web relating to the same issue and they suggest that domain user accounts need to be given local logon rights on the server and read/execute permissions on the Exchange web directories. I've tried these fixes and it still doesn't work so I'm now officially stumped.

If anyone can give me an answer or point me at an article which tells me how resolves this I'd be really grateful as we'd really like ot make OWA work

David

del.ico.us | Digg It | Technorati | StumbleUpon | Furl | reddit

WSUS, ISA Server and IIS Socket Pooling

One of the things I've done recently is set up ISA Server 2004 as a firewall to a network. The machine I used for ISA Server 2004 has two NIC's installed, one for the LAN and one for the WAN, and also had Windows Server Update Services (WSUS) release candidate installed. Everything seemed to work sweetly until I tried publishing a Web server from the network using ISA's web server publishing rules. ISA Server kept telling me it couldn't start the Web listener for the rule I had created because something else was already using port 80 on the WAN (external) address. This didn't make much sense to me. I knew IIS was installed to support WSUS and was configured to listen on the internal address, not the external one. Using netstat -na I could see that something was bound to port 80 on address 0:0:0:0 (i.e. all the address on the box). If I stopped the WWW Publishing Service, ISA Server could then bind the listener correctly to port 80 on the external address and everything worked, so the easy solution was to move WSUS to another server and remove IIS from the ISA Server box. This worked but I wasn't happy with the solution.

Eventually after a bit of digging around I came across an article on ISAserver.org relating to co-location which explained what was going on. IIS rather cleverly uses socket pooling presumably for performance reasons. By default this is turned on and causes IIS to bind to port 80 on all addresses as I had observed, hence causing the conflict with ISA Server. Fortunately it's possible to turn this behaviour off and force IIS to bind a socket to port 80 only on the interface(s) it's actually using the httpcfg command as follows:

httpcfg set iplisten –i 10.0.0.1

where 10.0.0.1 is the address of my internal interface. The httpcfg tool isn't installed as standard but can be found in the \SUPPORT\TOOLS directory of the Windows 2003 Server installation CD. This disables socket pooling for the WWW Publishing Service, but IIS uses a similar socket pooling approach for it's FTP and SMTP services. You can disable socket pooling for these services using the adsutil script from the \Inetpub\Adminscripts directory as follows:

This isn't documented in the IIS Resource Kit, but I tried it out and turning off socket pooling worked for me. If you experience the same problem give it a go.

David

del.ico.us | Digg It | Technorati | StumbleUpon | Furl | reddit

Windows Registry - Villain or Hero

I know it comes in for quite a bit of villification, but when you stop to think about it the Windows registry is in many respects a good idea. Having a single central repository for application configuration information can be kind of useful. I recently wrote a tool which needed to interact with another application and change some of its configuration information. The application doesn't provide any nice API I can hook into to enable me to do this but by tweaking the values of certain registry keys I can get exactly that behaviour. As the registry is a central store of information I had a pretty good idea where to go looking.

Where the Windows registry falls down is that there's just so much stuff in it and its hard to know what all those keys and values do. Some of them you don't ever want to touch (or the developer's don't want you to touch!), but others give you a powerful way of controlling application behaviour. Maybe what the registry needs is to take a leaf out of the object-orientation book. Essentially registry keys provide another interface to the application, but one that isn't documented. If there were some way to document this interface, perhaps through meta-data attached to the keys, it would become significantly more usable - a proper interface with definitions and contractual behaviours and so on. Of course some applications store stuff in the registry that they don't want users messing about with so maybe we need the idea of encapsulation and private members too. An application could declare some private keys which can only be modified by itself or the system, and some documented public keys which users and other applications can use to customize the application. If application developers could also specify allowable ranges of values for public keys too the registry would be a great tool!

Chances of this ever being implemented? Not sure. Microsoft are advocating a move away from the registry with technologies like .NET, but there will be plenty of application still using the registry for the foreseeable future and it would great if something could be done to make it a bit more user friendly. Of course if it was more user friendly that would lead my relatives to go fiddling with their PC's more leading to more 'family tech support' calls for me. Maybe it's not such a good idea after all...

David

del.ico.us | Digg It | Technorati | StumbleUpon | Furl | reddit

Welcome to my World!

Well, I've finally gone and done it; I've finally joined hte Information Age. Broadband has finally reached my little corner of rural Yorkshire and I thought it was about tiime that I shared some of my random musings with the world at large. I've blogged sporadically on The Spoke for a while now, but I figured I needed a better outlet for recording and discussing technical discussions, quirks, annoyrances and workarounds, so I decided to set up my own blog. And here it is...

For those of you who don't know me let me tell you a little about myself. I'm a full-time academic teaching Computer Science at a UK university. I'm also a part-time professional software developer and have my own small software development and consultancy company (CodeFounders Ltd). I'm also a Microsoft Visual C# MVP (Most Valuable Professional), something of which I am immensely proud and I'm honoured and humbled to be a part of the MVP community.

I use technology on a daily basis, both as a software developer and general user, and I also have to turn my hand to systems admin from time to time. All this exposure to technology naturally leads me to get frustrated with computers and software like everybody else so on this site you'll find my rantings and ravings, hints, tips and workarounds for the computing problems I have come across in my daily activites. You'll also my ponderings and musings on technical software development issues and the process of developing software. Oh, and random nonsense about life, the Universe and everything, just for good measure!

I hope you find something useful and/or entertaining on this site. Feel free to leave me comments; I will try to respond to them.

David

del.ico.us | Digg It | Technorati | StumbleUpon | Furl | reddit