Saturday, October 04, 2008

Symmetry: Apple and Microsoft kb and the wonders of Google Custom Search

When addressing technical OS problems, the Apple and (especially) Microsoft knowledge bases are often the best place to start.

Unfortunately Google searches for topics covered in Microsoft KB articles are often obscured by lots of ad funded pseudo-splog "tech sites". It takes some digging to find the good stuff.

That's the beauty of my favorite Google custom search engine. I simply add the URLs for those knowledge bases and Google boosts those results above the noise.

Wondrous, really. The custom search engine Searches my Google Reader feeds and 13 other sites including: support.apple.com/kb/, http://support.microsoft.com/kb/, www.sciam.com, bestyoucanbe.blogspot.com, tech.kateva.org ...

Even the Encyclopedia Britannica (since we still subscribe) gets boosted and included in our personal version of Google.

Which brings me to the title of this post. On entering the URLs I noticed a funny symmetry ...
support.apple.com/kb/
support.microsoft.com/kb/
Chance probably, but given all the ways in which Microsoft and Apple are trading innovations (admittedly more from Apple to Microsoft) this caught my fancy.

Friday, October 03, 2008

An iGoogle Gadget that can display your Google Apps Calendar

I've been looking for months for an iGoogle gadget that would display our family google apps calendar.

I finally found one by searching on "google apps calendar".

Dang, but it's hard to find this stuff. Definitely an unsolved problem. Here's the link, with my review ...
Google Apps Calendar

... I only found this by searching on Google Apps Calendar. I'll promote it on my blog. Standard Google Calendar apps all assume they're displaying the calendar associated with one's Gmail account. I want to display our family domain calendar; I have access privileges from my Gmail account. This does the trick....

Windows Server 2003 – read this if you abruptly lose network connectivity on a restart

I rebooted our corporate Windows Server 2003 today. I was moving it to a UPS. No problem – except when I restarted I had no network connectivity.

First I saw a “service didn’t start, check the event viewer” message. The event viewer just told me I couldn’t register with the domain. I couldn’t do that because I didn’t have network access. I got the usual “may have limited connection” error.

I did all the usual things (ipconfig, repair connection, swap cables, switch accounts, login as local user, test everything, etc etc) but they all passed. The big breakthrough was when I investigated the advanced boot options on restart. Windows 2003 includes a “safe start with network” option. When I did that I had a network connection.

There was a lot more work to do before I found that disabling IPSEC service, then rebooting after disabling it, fixed everything.

I easily blew 6-8 hours of work today.

Lesson 1: Run Safe Boot/Safe Start with networking first.

Then you work your way through this Microsoft kb article. I’ll excerpt some key points, then pass on a trick, then I’ve got to go home and finish up the work I couldn’t do today …

How to troubleshoot startup problems in Windows Server 2003

How to Start the Computer in Safe Mode
When you start the computer in Safe mode, Windows loads only the drivers and computer services that you need. You can use Safe mode when you have to identify and resolve problems that are caused by faulty drivers, programs, or services that start automatically.
If the computer starts successfully in Safe mode but it does not start in normal mode, the computer may have a conflict with the hardware settings or the resources. There may be incompatibilities with programs, services, or drivers, or there may be registry damage. In Safe mode, you can disable or remove a program, service, or device driver that may prevent the computer from starting….
How to Use System Configuration Utility

System Configuration Utility (Msconfig.exe) automates the routine troubleshooting steps that Microsoft Product Support Services technicians use when they diagnose Windows configuration issues…

… Click the General tab, and then click Selective Startup.

…Note You might be able to determine more quickly which service is causing the problem by testing the services in groups. Divide the services into two groups--select the check boxes of the first group, and clear the check boxes of the second group. Restart your computer, and then test for the problem. If the problem occurs, the faulty service is in the group with the selected check boxes. If the problem does not occur, the faulty service is in the group with the cleared check boxes. Repeat this process on the faulty group until you have isolated the faulty service.

It took hours.

Here’s the trick. Boot in Safe Mode first. Then run msconfig.exe and look at the services. Assuming things work in safe mode, the ones that are running (sort by that column) are good. Now uncheck all services, check the ones that are currently running, apply, restart.

When you restart you’re in the equivalent of Safe Mode, but you can use msconfig.exe to add services in blocks.

The UI of this app is dismal. I sorted alphabetically, then did screen captures to a Word document to get a complete alpha sorted list. I printed that to guide my tedious enabling of sets. (In theory you can do the binary sort approach faster. Long story, can’t explain.)

One thing to watch for.

When you enable “Error Reporting Service” you start getting … error reports! Wow. So if gets enabled with a bunch of other items, you might think you’ve found a problem. Wrong. It’s just that now you’re getting the error reports.

IPSEC.

So now I have to figure out what the #$!#% happened. I don’t think we’ve done any software installs on that box or tweaked any services. Did some antiviral update trigger a problem?

Update: This experts exchange article may be related, but the responses are not accessible. A clue:

Description: The IPSec driver has entered Block mode. IPSec will discard all inbound and outbound TCP/

IP network traffic that is not permitted by boot-time IPSec Policy exemptions. User Action: To restore full unsecured TCP/IP connectivity, disable the IPSec services, and the restart the computer. For detailed troubleshooting information, review the events in the Security event log
This suggests an interaction between Group or Local security policy, IPSEC block mode, and loss of network access. I wonder if a corruption or misconfiguration of a local policy setting could cause this.

Update: This article connects group policy file corruption to IPSEC problems and loss of network access, and points out there are definite bugs with group policy editing. I didn't touch local or group policy on our server, but perhaps another admin might have. I now see there have been nasty unfixed bugs.

Update: I'll take a look at these when I get back to work on Monday, then update this post. I think we're narrowing things down to a corruption of misconfiguration of a group policy file that activated IPSEC and disabled, without any meaningful entry in the event monitor, all network TCP/IP traffic.
  • http://support.microsoft.com/kb/870910: looks like a pretty pertinent kb article
  • http://support.microsoft.com/kb/914962: IPSEC bugs fixed in SP2. So did some later upgrade break them again? Clearly I need to check windows update for the server.
  • http://support.microsoft.com/kb/898060: After SP1 a security update broke IPSEC. Should be ok in SP2, but did it get broken again?
  • http://marc.info/?l=patchmanagement&m=121632162501913&w=2: A fairly recent DNS spoof prevention security update from Microsoft has broken IPSEC on some machines.
  • http://support.microsoft.com/default.aspx?scid=kb;en-us;816579: In place upgrades when WS 2003 is truly hosed. I don't think this applies, but nice to know.
Lots of evidence that the Windows 2003 IPSEC architecture and TCP/IP stack are pretty fragile. No wonder Microsoft famously redid the network stack in Vista. They weren't reacting to XP, they were reacting to Windows Server.

So Monday I'll look at windows update and try opening, reviewing and savng the IPSEC and Group Policy files. If they're corrupted they may cause other problems.

Update 12/14/08: I'm grateful to an anonymous visitor for finding the underlying issue. S/he references two Microsoft kb articles, I've added a less important but related third article.
A botched security update 953230 (MS08-037) causes a variety of Windows 2003 failures due to a UDP port conflict. Essentially Microsoft switched to random port assignments, which is good, but they forgot some ports might be in use (bad). Depending on what gets randomly whacked, you may lose a service.

The latter references the problem I had:
Event Type: Error
Event Source: IPSec
Event Category: None
Event ID: 4292
Date: Date
Time: Time
User: N/A
Computer: Server_name
Description: The IPSec driver has entered Block mode. IPSec will discard all incoming and outgoing TCP/IP network traffic that is not permitted by boot-time IPSec Policy exemptions.
User Action: To restore full unsecured TCP/IP connectivity, disable the IPSec services, and then restart the computer. For detailed troubleshooting information, review the events in the Security event log.
Update 12/31/08: Nope, it didn't work.

I finally got around to applying Microsoft's fix and it didn't work!

So even after I reserved these ports:
3343-3343
1645-1646
1812-1813
2883-2883
4500-4500
I still got the service failure notice on restart and lost my network connections. Guess I'll have to wait for a service pack. I removed the registry changes I'd made (why ask for trouble?) and again disabled IPSEC services.

Thursday, October 02, 2008

Google Apps calendar on the iPhone - the top secret web display

It's not the OTA blackberry-like iPhone gCal sync we want, but it's something ...
The official update feed from the Google Apps team: New Google Calendar features for the iPhone

... Google Calendar users in the US can now add new events, invite attendees, and see daily and monthly views of their agendas from the iPhone. This release also includes speed improvements for the iPhone interface....
Until now the webapp was read only.

In an essay on the darkness of Apple's App Store policies Gruber mentions a few more calendaring options ..
... Apple doesn’t seem to have any problem allowing Calendar competitors into the App Store. Notes Calendar is a $3 Lotus Notes calendaring client. iExchange Remote Calendar is a $10 calendaring client for Exchange. It can’t even be explained by some sort of anti-Google bias at Apple, because they’ve also accepted SaiSuke, a $10 dedicated Google Calendar client. If these are OK, why not a dedicated Gmail email client? The only explanation is that Mail is deemed untouchable and Calendar is not...
Update 11/10/08: The iPhone Google App didn't show me the new calendar. I had to use the URL: http://www.google.com/m/a/faughnanlagace.com (our family domain) to see the new calendar. You can also use: http://calendar.google.com/a/faughnanlagace.com/m. There's still no calendar search -- an odd omission.

iPhone audio recording: Plum Record, Audio Recorder, others?

Eons ago I used to record conversations on my third generation iPod (not to be confused with iPhone 3G. I can't recall if I was able to transfer the audio files to the desktop.

It worked quite well -- until Apple obsoleted the hardware connection!

It finally occurred to me that I could do that again. The Monster adapter I bought for my BOSE headphones works just fine as a standalone microphone - I just have to unplug it if I want to hear playback without headphones. (I wouldn't mind finding a direct cable connector for analog to analog transfer though. I don't need stereo recording ... yet ....)

Plum Record will record files that can be transferred to the OS X desktop and translated there. Audio Recorder transfers by email but uses native iPhone audio formats (.caf, uncompressed). (Yes, we all want access to that damned USB cable.)

The Audio Recorder FAQ says the iPhone will work with a standard mini-jack mike.

I purchased Voice Recorder a while back but took it off my phone. I'll have to see if they offer any audio-transfer options.

One reason we don't see gSync for the iPhone

We all want Blackberry-like Google Sync to Google Calendar.

Here's one reason why we're waiting ...
A touch of Cocoa: inside the iPhone SDK: Page 2

... Apple also provides access to some system-wide data in the form of the address book, with both model and view classes exposed to developers. The equivalent classes for the calendar data, which only recently appeared in the desktop OS, are missing from the iPhone. Here's hoping we don't have to wait for 3.0 for them to appear...
Since Google Sync would be competing with MobileMe there may be other obstacles to App Store distribution, but first we need an iPhone API for Calendar.app.

See also SyncML.

Monday, September 29, 2008

Nuevasync - detailed configuration

Nuevasync is too raw for me to risk my data there, but once it's fully vetted and commercial I may pay for it.

It emulates an exchange server for the Palm, and syncs to gCal and gContacts.

A user has written a thorough configuration review:
Nuevasync: Over the Air Syncing of Calendar and Contacts for your iPhone or iPod Touch | The iLife

... The first thing you really want to do is sync your current data back to Google. Open up iTunes, plug in your iPhone (or iPod touch) and click on your device and go to the “info tab” and check the sync contacts (make sure you say “Google Contacts” and enter your account info!) and sync calendar tab....
Don't miss the above in the setup.

When you sync an iPhone to Exchange Server, you lose all the data on the phone -- unless it's moved to MobileMe or, through the back door, the the Exchange server source. Fun, eh?