User login

News aggregator

Windows HPC debuts in the Top 25 fastest supercomputers in the world...what more do I need to say?

Windows Server Division WebLog - Wed, 06/18/2008 - 19:07

I remember being a kid and having a big secret that I couldn’t tell anyone. Stuff like Bobby has a crush on Susie or Jeffrey has a tail. Okay, I didn’t know anyone who had a tail but you can imagine how hard it would be for a 10 year old to keep a secret like that.

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /> 

A few months ago we completed our runs for the Top500 list. For those of you not familiar with this bi-annual benchmark, the Top500 list represents the 500 most powerful computers in the world. It is the supercomputing supergeek superlist. We completed runs with the National Center for Supercomputing Application (NCSA) and with Umea University. The problem is that even though we did the runs months ago we weren’t allowed to discuss the results until this week, the week of the International Supercomputing Conference in Dresden, Germany. We had to keep it a secret. Ugh.


The NCSA cluster is amazing. 1200 nodes, each with 8 cores, creating a 9600 core cluster. NCSA installed Beta 1 of Windows HPC Server 2008 and ran the benchmark. The results were outstanding: 68.5 teraflops and 77.7% efficiency. Using our beta software NCSA beat their November score by over 10%. This is the fastest Windows cluster to date. Check out the customer video and case study.


The Umea University cluster, “Akka”, is located in northern Sweden. This system was also running Beta 1 and hit 46 teraflops on 5,376 cores with a VERY impressive 85.5% efficiency score. This is the BEST efficiency score for an x86 architecture cluster on the Top 500 list. Umea University will run the new supercomputer at its facility known as “HPC2N”. The university’s cluster employs 672 IBM blade servers, and also marks the first time that Windows HPC Server 2008 has been run publicly on IBM hardware. 


So, the benchmarking numbers are looking pretty good, and those benchmarks were with our first beta. We shipped our second beta last month and we’re shipping our first release candidate at the end of this month.


How did we do so well on the benchmarks? We’ve made big improvements in the Microsoft MPI stack. MPI (Message Passing Interface) is used for tightly coupled communications between servers running in parallel. The biggest improvements were in what are called shared memory interfaces, that is, the interfaces used for communication between processor cores on the same system. Our MPI stack is based on Argonne National Lab’s MPI stack called MPICH2. We will contribute our changes back to Argonne for inclusion in the open source version of MPICH2. These are some of the largest contributions to the open source community by Microsoft. Yep, open source and Microsoft.


Network Direct, our new RDMA (Remote Direct Memory Access) networking stack was another area of improvement. We collaborated with partners like Mellanox, NetEffect, and Myricom to build a very efficient RDMA stack. Improvements in MPI and Network Direct contributed hugely to our great score.


Very impressive benchmark results for a product that’s not even released to manufacturing yet and the benchmark scores were a very hard secret to keep.  The release candidate of Windows HPC Server 2008 will be available for customers to download the last week of June.


Ryan Waite,

Group Program Manager on the HPC Dev Team


Network Monitor 3.2 Beta has released!!!

Microsoft Enterprise Networking Team - Wed, 06/18/2008 - 16:17

Our friends over at the Network Monitor Blog have information on how to get the beta for Netmon 3.2.  There are some really cool new features in this release.  Find more information here:

- Mike Platts


PowerShell V1 and V2 Running On WS08 Server Core

Windows Powershell Team Blog - Wed, 06/18/2008 - 15:32

Yup- that's right.  Check it out at superstar Karl Prosser's blog HERE.  He even has a video of it working.

The blog is somewhat of a tease in that he is going to wait till tomorrow to tell us how he did it. 

I'm constantly amazed by what the community can do if you give them the right tools!

Thanks Karl!

Jeffrey Snover [MSFT]
Windows Management Partner Architect
Visit the Windows PowerShell Team blog at:
Visit the Windows PowerShell ScriptCenter at:

To Backup or Not to Backup? Yes! To backup!!

Microsoft Exchange Team Blog - Wed, 06/18/2008 - 13:10

There has been a lot of discussions in the Exchange ecosystem (see comments on this post and other posts on our blog for example) about the fact that Windows Server 2008 built-in backup application (Windows Server Backup) is not Exchange-aware. Even though we have also clarified that the limitation does not apply to Windows Small Business Server 2008, we still kept getting a lot of open and honest feedback on the subject, which we greatly appreciate.


About 2 years ago, when the Exchange team started testing Exchange 2007 on Windows 2008, we found that the built-in backup application had changed dramatically. Decisions that drove that change by the Windows team are not the subject of this post, but it is fair to say that the Windows team did not make the decision lightly.

When we evaluated the features of Windows Server Backup, it was clear that the backup and restore experience on Windows 2008 would not be the experience that existing Exchange customers have been used to for so long. Because we had feedback from several customers who told us they would rather get a more full-featured backup solution for their Exchange servers, a decision was made not to provide an Exchange-aware backup solution for Windows 2008 in Exchange 2007 Service Pack 1.

Exchange 2007 Service Pack 1 Ships...

Right after we shipped Service Pack 1, we started hearing from customers who were upset with the fact that they cannot take Exchange-aware online backups with Windows Server Backup. These customers had enjoyed the integration of Exchange and Windows Backup (NTBackup) for many years, and for many versions of Exchange and Windows. We also saw quite a but of discussion activity on this issue in various Exchange communities (this blog, internal discussion groups, MVP and MCT communities, etc.).

We then published a blog post on this issue, which prompted more comments from customers who told us that they were unhappy about this and why.

Now - the next question you have must be:

What are we doing about this?

Although we can't share all of the details now, we thought that this issue was important enough to announce a decision we recently made. We have decided to develop and release a VSS-based plug-in for Windows Server Backup that will enable you to properly backup and restore Exchange 2007 with a built-in Windows 2008 backup application.

While you will be able to backup and restore Exchange 2007 on Windows 2008, you should not expect feature parity with the Windows 2003 NTBackup experience. There will not be the same level granularity and control that NTBackup provides and backups will be limited to the local server only. However, you will be able to perform a VSS backup of Exchange to a separate disc or a network share. If the backup completes successfully, it will (depending on options chosen) truncate Exchange transaction log files, and you'll be able to restore Exchange data when needed.

We will cover all of the details in updated documentation when the time comes. We realize that this may not be an ideal solution for all organizations, but we are quite confident that this is a good solution for many, especially our smaller customer segment.

When can you expect this?

We do not have a release date to announce yet. Our Customer Experience team is working out the details, and because we are still relatively early in this process, we cannot commit to a specific date yet. Rest assured - we'll announce it when it becomes available!

Finally, I think it is in order to thank all of you for all the feedback that you have provided us. As we mentioned before, we want your feedback. We are lucky to have people passionate enough to let us know and explain why what we did was not ideal.

- Nino Bilic

Share this post :

Microsoft Security Advisory 954474 Updated

Hello,<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />

This is Christopher Budd again. I wanted to let you know we’ve just updated Microsoft Security Advisory 954474 to let you know we’ve released  an update that affected customers can apply to their System Center Configuration Manager (ConfigMgr) 2007 servers to resolve the issue we discussed in our posting on Friday June 13.

There are more details in the advisory, but we recommend any ConfigMgr 2007 customers with System Management Server (SMS) 2003 clients go ahead and review the KB and plan to deploy the update.



*This posting is provided "AS IS" with no warranties, and confers no rights.*

When Will PowerShell V2 Ship?

Windows Powershell Team Blog - Tue, 06/17/2008 - 15:53

By far, the most frequently asked question at TechEd 2008 was, "When will PowerShell V2 Ship?".  We are expressly prohibited from answering that question and I know that that can be frustrating.  I can say this:

We are now feature complete with V2.  History has shown that when we reach this stage of development, it takes us a year, plus or minus a quarter, before it is generally available.

Let me be quick to add that past performance is NOT an guarantee of future performance.  At the end of the day, we have an extensive quality process and the community lets us know when it is ready to ship.

The second most frequently asked question was, "When is the next CTP?".  We have not booked a plan for that yet.  That said, people have observed that we have often tried to coordinate important things with IT Forum in Nov.


Jeffrey Snover [MSFT]
Windows Management Partner Architect
Visit the Windows PowerShell Team blog at:
Visit the Windows PowerShell ScriptCenter at:

Windows, PowerShell and WMI - Unveiling Microsoft's Best Kept Secret

Windows Powershell Team Blog - Tue, 06/17/2008 - 15:43

I mentioned that one of my favorite TechEd 2008 talks was Ben Pearce's talk, "Windows, PowerShell and WMI - Unveiling Microsoft's Best Kept Secret". 

Attached is Ben's presentation.  You can get his demos at the following locations:<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />


Jeffrey Snover [MSFT]
Windows Management Partner Architect
Visit the Windows PowerShell Team blog at:
Visit the Windows PowerShell ScriptCenter at:

Explaining Objects To Non-Programmers

Windows Powershell Team Blog - Tue, 06/17/2008 - 13:13

One of my favorite TechEd 2008 talks was Ben Pearce's talk, "Windows, PowerShell and WMI - Unveiling Microsoft's Best Kept Secret".  It was a great talk all up but the one thing I walked away saying, "I've got to steal that", was Ben's explaining of Objects.

Anyone that has every tried to explain PowerShell to friends or co-workers will inevitably come across a look of fear and panic when you mention the word "Object".  I've seen it hundreds of times.  I explain how objects actually simplify the problem but after seeing Ben's talk, I realized that the problem might be that some people don't even know what an object IS.  Here are Ben's slides for how to explain objects (and arrays of objects) to people that don't understand them.

I've also attached the PPT slides so you can use them as well.

10,000 thanks to superstar Ben Pearce - you really moved the ball forward with this one!

Jeffrey Snover [MSFT]
Windows Management Partner Architect
Visit the Windows PowerShell Team blog at:
Visit the Windows PowerShell ScriptCenter at:

To DEP or not to DEP …

Ask the Performance Team - Tue, 06/17/2008 - 11:00

In my previous posting on Access Violations, I briefly mentioned Data Execution Prevention (DEP).  I have recently had the opportunity to work on a couple of customer issues that caused me to dig a bit deeper into the workings of DEP, so I figured that I would pass this knowledge on.  To begin with, some quick background on DEP.  Data Execution Prevention, or DEP, is Microsoft's software implementation that takes advantage of hardware NX  or XD support.  NX stands for No Execute and XD stands for Execute Disabled and are the ability for the processor to mark physical memory locations with a flag indicating whether or not the data in that location should be executable or not.  NX is AMD's implementation and XD is Intel's, but they are basically the same thing.  This software support requires the Windows PAE kernel be installed, but this should happen automatically, so you don't have to set the /PAE switch in your Boot.ini.  What all of this means is that with DEP, the operating system has the ability to block certain code from executing on the system.  DEP was first introduced with Windows XP Service Pack 2 and has been included in every Microsoft OS and service pack since then.

With hardware enforced DEP, all memory spaces are automatically marked as non-executable unless they are explicitly told they are being allocated for executable code.  This flag is set on a per-page basis and is set via a bit in the page table entry (PTE) for that page.  If something tries to execute code from a memory region that is marked as non-executable, the hardware feature passes and exception to DEP within Windows and lets it know that this is happening. DEP then causes an assert within the code stack that is executing, which causes it to fail with an access violation, which should look pretty much like the following:

In the past, this was not enforced and code could execute from basically anywhere.  This allowed virus and malware writers to exploit a buffer overflow, and spew a string of executable code out into an unprotected data region.  It could then execute it from that location uncontested. Those of you who remember the outbreaks of Blaster and Sasser – those are prime examples of using this sort of exploit.  By combining processor NX or XD support with Windows OS support, this type of vulnerability should be largely mitigated.

Sometimes an innocent application will trigger DEP simply due to faulty coding.  We often see this on older applications or things like shareware.  It is usually not intentional and never caused a problem in the old days, but now that security is paramount, inefficient (and sometimes sloppy!) memory management can cause some serious issues.  The right answer of course is for the application vendor to rewrite the portion of the app that is triggering DEP, but that is of course not likely in the case of older applications or shareware applications.  In this case, you can exempt the application for DEP monitoring so that DEP ignores it.  As long as you trust the application in question and know it is not really doing anything malicious, exempting it from DEP should not be a problem. Here is what the GUI looks like:

You can add a program to the exemption list by simply clicking Add and browsing to the .EXE file in question.  However, there are a couple of other ways to disable DEP for a specific application beyond using the GUI.  The first is by changing the Application Compatibility settings for the application in the registry.  To do this, browse to the following key in the registry:  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers.  For each application for which you want to disable DEP, you create a string value where the name of the value is the full path to the executable.  You would then set the value data to “DisableNXShowUI” as shown below.

If you have several applications for which you want to disable DEP across your environment, it may be worthwhile to use the Application Compatibility Toolkit to deploy a custom Compatibility Database (see the TechNet article on Resolving Application Compatibility Issues with Compatibility Administrator for more details).

Turning our attention back to the boot.ini for a second before we wrap up, you may have noticed an entry in your Boot.ini saying Optout or Optin, like this:

[boot loader] timeout=30 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows Server 2003, Standard" /fastdetect /noexecute=optout

The 'noexecute' value dictates what state DEP operates under. There are four different entries possible:

  • Optin:  DEP is enabled for Windows system binaries and any application that 'opts in'.  By default, only Windows binaries will be covered.  This is the value set if you choose the option 'Turn on DEP for essential Windows programs and services only' listed in the screenshot above.
  • Optout:  DEP is enabled for all processes, not just Windows binaries.  An application or process can be 'opted out' on an individual basis.  The Application Compatibility Toolkit can be used to create shims to opt-out apps, then deployed on your network.  This option is set if you choose 'Turn on DEP for all programs and services except those I select', like in the screenshot above.
  • AlwaysOn:  DEP is on for all processes, period. You cannot exempt processes from DEP monitoring, and any Application Compatibility Toolkit shims do not apply.
  • AlwaysOff:  Totally disables DEP regardless of hardware support. In addition, the PAE kernel will not be installed unless /PAE is put in the boot.ini.

Please note that these last two values must be set manually.

With that, we’ve come to the end of this post.  Hopefully you find this information useful!

- Tim Newton

Share this post :

New Networking-related KB articles for the week of May 31 - June 6

Microsoft Enterprise Networking Team - Mon, 06/16/2008 - 19:07

951851  The WebClient service stop responding when you try to map a network drive to a WebDAV shared folder from a Windows Server 2003-based computer

950092  Third-party vendors may be unable to achieve IPv6 Ready Logo Phase-2 certification in Windows Server 2003

- Mike Platts


Updated Exchange Developer Roadmap has been published

Microsoft Exchange Team Blog - Mon, 06/16/2008 - 13:39

Recently we have published the updated Exchange Developer Roadmap over on Exchangedev blog. This covers Exchange Server beyond Exchange Server 2007. You can read about multiple things there, including:

  • APIs that Will Be Removed
  • APIs Moving To Extended Support

If you are developing for Exchange Server, please make sure to check it out.

- The Exchange Team

Share this post :

NAP Enforcement Exemption for Printers and other Network Appliances

Microsoft Windows DHCP Team Blog - Sun, 06/15/2008 - 12:11
Network administrators deploying DHCP NAP on their network often need to create NAP enforcement exemption for devices like printers, NAS, VoIP Phones which don't support NAP. Today, we would look at steps to create such NPS policy based on the MAC address...(read more)

Working With Web Services (Post CTP2 V2 Feature)

Windows Powershell Team Blog - Sat, 06/14/2008 - 18:55

Let me start by first apologizing for sharing some information that you are not going to be able to go out and try right away.  During one of the interactive Q&A sessions at TechEd, people asked about working with Web Services.  I referred to a feature that we were working on and then Hal Rottenberg asked me to blog about some of the details.  I'm not sure that this is a good idea because while we have it coded up and in the nightly builds, that is not a guarantee that it will make it into the next version (we often have to cut features in order to create bandwidth to increase the quality of other features).  That said, I'm going to go out on the limb a bit and share with you what we are working on.

First let's start with motivation (you should always start with motivation.  If you know WHY someone  is doing something, it is easier to get things in focus and provide meaningful feedback).  PowerShell is ALL about helping you get your job done with the minimal amount of effort (I've been thinking about calling this the "Cheap EATs" model where EAT stands for "Effort to Accomplish Task").   With that comes the observation that we live in an evolving world.  To accomplish your task, you need to easily access a wide range of technologies.  That is why we invest in giving you great access to WMI, ADSI, COM, XML, .NET, ADO, etc etc.  More and more things are now available as Web Services so we want to make it easy for you to get at them as well. 

As such, we have speced and implemented the cmdlet:  New-WebServiceProxy.    This command connects to a Web Service and generates a .NET proxy to that service.  Let me show you how it works using a web service which works with USZIP codes ( ):

PS> $ws=New-WebServiceProxy -uri
PS> # NOTE - the output of the next command was edited for clarity
PS> Get-Command New-WebServiceProxy -Syntax
New-WebServiceProxy [-Uri] <Uri> [[-Class] <String>] [[-Namespace] <String>]

New-WebServiceProxy [-Uri] <Uri> [[-Class] <String>] [[-Namespace] <String>]
[-Credential <PSCredential>]

New-WebServiceProxy [-Uri] <Uri> [[-Class] <String>] [[-Namespace] <String>]

PS> $ws=New-WebServiceProxy -uri
PS> $ws | get-Member

   TypeName: Microsoft.PowerShell.Commands.NewWebserviceProxy.Autogenerated

Name                                 MemberType Definition
----                                 ---------- ----------
Disposed                             Event      System.EventHandler Disp...
Abort                                Method     System.Void Abort()
BeginGetInfoByAreaCode               Method     System.IAsyncResult Begi...
BeginGetInfoByCity                   Method     System.IAsyncResult Begi...
BeginGetInfoByState                  Method     System.IAsyncResult Begi...
BeginGetInfoByZIP                    Method     System.IAsyncResult Begi...
CreateObjRef                         Method     System.Runtime.Remoting....
Discover                             Method     System.Void Discover()
Dispose                              Method     System.Void Dispose()
EndGetInfoByAreaCode                 Method     System.Xml.XmlNode EndGe...
EndGetInfoByCity                     Method     System.Xml.XmlNode EndGe...
EndGetInfoByState                    Method     System.Xml.XmlNode EndGe...
EndGetInfoByZIP                      Method     System.Xml.XmlNode EndGe...
Equals                               Method     System.Boolean Equals(Ob...
GetHashCode                          Method     System.Int32 GetHashCode()
GetInfoByAreaCode                    Method     System.Xml.XmlNode GetIn...
GetInfoByCity                        Method     System.Xml.XmlNode GetIn...
GetInfoByState                       Method     System.Xml.XmlNode GetIn...
GetInfoByZIP                         Method     System.Xml.XmlNode GetIn...
GetLifetimeService                   Method     System.Object GetLifetim...
GetType                              Method     System.Type GetType()
InitializeLifetimeService            Method     System.Object Initialize...
ToString                             Method     System.String ToString()
AllowAutoRedirect                    Property   System.Boolean AllowAuto...
ClientCertificates                   Property   System.Security.Cryptogr...
ConnectionGroupName                  Property   System.String Connection...
Container                            Property   System.ComponentModel.IC...
CookieContainer                      Property   System.Net.CookieContain...
Credentials                          Property   System.Net.ICredentials ...
EnableDecompression                  Property   System.Boolean EnableDec...
PreAuthenticate                      Property   System.Boolean PreAuthen...
Proxy                                Property   System.Net.IWebProxy Pro...
RequestEncoding                      Property   System.Text.Encoding Req...
Site                                 Property   System.ComponentModel.IS...
SoapVersion                          Property   System.Web.Services.Prot...
Timeout                              Property   System.Int32 Timeout {ge...
UnsafeAuthenticatedConnectionSharing Property   System.Boolean UnsafeAut...
Url                                  Property   System.String Url {get;s...
UseDefaultCredentials                Property   System.Boolean UseDefaul...
UserAgent                            Property   System.String UserAgent ...

PS> $ws.GetInfoByZIP(98072)

xmlns                                 Table
-----                                 -----

PS> $ws.GetInfoByZIP(98072).Table

CITY      : Woodinville
STATE     : WA
ZIP       : 98072


PS> $ws.GetInfoByAreaCode(425).table |ft -auto

----              ----- ---   --------- ---------
Snoqualmie        WA    98065 425       P
Woodinville       WA    98072 425       P
Bellevue          WA    98004 425       P
Bellevue          WA    98005 425       P
Bellevue          WA    98006 425       P
Bellevue          WA    98007 425       P
Bellevue          WA    98008 425       P
Bellevue          WA    98009 425       P
Bellevue          WA    98015 425       P
Bothell           WA    98011 425       P
Bothell           WA    98012 425       P
Bothell           WA    98021 425       P
Bothell           WA    98041 425       P
Bothell           WA    98082 425       P
Carnation         WA    98014 425       P
Duvall            WA    98019 425       P
Edmonds           WA    98020 425       P
Edmonds           WA    98026 425       P
Everett           WA    98201 425       P
Everett           WA    98203 425       P
Everett           WA    98204 425       P
Everett           WA    98205 425       P
Everett           WA    98206 425       P
Everett           WA    98207 425       P
Everett           WA    98208 425       P
Hobart            WA    98025 425       P
Issaquah          WA    98027 425       P
Issaquah          WA    98029 425       P
Kirkland          WA    98033 425       P
Kirkland          WA    98034 425       P
Kirkland          WA    98083 425       P
Lake Stevens      WA    98258 425       P
Lynnwood          WA    98036 425       P
Lynnwood          WA    98037 425       P
Lynnwood          WA    98046 425       P
Maple Valley      WA    98038 425       P
Medina            WA    98039 425       P
Mountlake Terrace WA    98043 425       P
Mukilteo          WA    98275 425       P
North Bend        WA    98045 425       P
Preston           WA    98050 425       P
Ravensdale        WA    98051 425       P
Redmond           WA    98052 425       P
Redmond           WA    98053 425       P
Redmond           WA    98073 425       P
Renton            WA    98055 425       P
Renton            WA    98056 425       P
Renton            WA    98057 425       P
Renton            WA    98058 425       P
Renton            WA    98059 425       P


Jeffrey Snover [MSFT]
Windows Management Partner Architect
Visit the Windows PowerShell Team blog at:
Visit the Windows PowerShell ScriptCenter at:

Block Comments in V2

Windows Powershell Team Blog - Sat, 06/14/2008 - 14:29

Smith Catar was looking at my Tech Ed demos and noticed that I used block comments.  These are not in the CTP that you have so I guess I sorta let this one leak out.  Yes - V2 will have BLOCK COMMENTS!!!

Block comments start with "<# and end with "#>".  e.g.

This is
block comment

Happy happy. 
Block comments - you asked for them, you'll get them. 

Jeffrey Snover [MSFT]
Windows Management Partner Architect
Visit the Windows PowerShell Team blog at:
Visit the Windows PowerShell ScriptCenter at:


Windows Powershell Team Blog - Sat, 06/14/2008 - 03:56

Nitin Bhat the WMI PM recently pointed HERE to answer the question, how do know what OS SKU a machine is running?

You can run the expression $((gwmi win32_operatingsystem).OperatingSystemSKU) to the the value and then look it up on that table.

I decided to turn it into a script you can use.  It is rock-simple but it saves you the typing and there's some value in that.  I've included it below and attached it as well.

Jeffrey Snover [MSFT]
Windows Management Partner Architect
Visit the Windows PowerShell Team blog at:
Visit the Windows PowerShell ScriptCenter at:

$sku = $((gwmi win32_operatingsystem).OperatingSystemSKU)
switch ($sku)
    0       {"Undefined";break}
    1       {"Ultimate Edition";break}
    2       {"Home Basic Edition";break}
    3       {"Home Basic Premium Edition";break}
    4       {"Enterprise Edition";break}
    5       {"Home Basic N Edition";break}
    6       {"Business Edition";break}
    7       {"Standard Server Edition";break}
    8       {"Datacenter Server Edition";break}
    9       {"Small Business Server Edition";break}
    10       {"Enterprise Server Edition";break}
    11       {"Starter Edition";break}
    12       {"Datacenter Server Core Edition";break}
    13       {"Standard Server Core Edition";break}
    14       {"Enterprise Server Core Edition";break}
    15       {"Enterprise Server Edition for Itanium-Based Systems";break}
    16       {"Business N Edition";break}
    17       {"Web Server Edition";break}
    18       {"Cluster Server Edition";break}
    19       {"Home Server Edition";break}
    20       {"Storage Express Server Edition";break}
    21       {"Storage Standard Server Edition";break}
    22       {"Storage Workgroup Server Edition";break}
    23       {"Storage Enterprise Server Edition";break}
    24       {"Server For Small Business Edition";break}
    25       {"Small Business Server Premium Edition";break}
    default {"<UNKNOWN:$SKU>"}

Security Advisory 954474: Deployment Issue affecting System Center Configuration Manager 2007servers with SMS 2003 clients


This is Christopher Budd. I’m back here on the MSRC weblog after spending some time learning the Privacy side of our business (and getting my CIPP certification).

I’m here to let you know that we’ve just posted Microsoft Security Advisory 954474.

This advisory is to let customers know that we’re aware of an issue that is affecting the deployment of the June 2008 security updates. This issue only affects customers using System Center Configuration Manager (ConfigMgr) 2007; none of our other detection or deployment technologies are affected. Also, the issue only affects the deployment of security updates to System Management Server (SMS) 2003 clients of ConfigMgr 2007 servers. This means that to be affected by this issue, you must be running a mixed ConfigMgr 2007 and SMS 2003 environment. If you are not running this specific configuration, this issue does not affect you.

The impact of this issue is that customers in this configuration cannot deploy the June 2008 security updates to their SMS 2003 clients using the Inventory Tool for Microsoft Updates (ITMU). 

Our security response process focuses not just on releasing security updates but also on monitoring and making sure customers can deploy them. Because of this, in response to this issue, we’ve activated our Software Security Incident Response Process (SSIRP) and our engineering teams are working to develop a solution for this issue. We’ll update the MSRC weblog and the advisory with more information as we have it.

In the meantime, customers can use the Software Distribution within ConfigMgr 2007 to deploy the June security updates as indicated in the security advisory.



*This posting is provided "AS IS" with no warranties, and confers no rights.*

Best of Tech Ed: Breakthrough Product of the year => PowerGUI

Windows Powershell Team Blog - Fri, 06/13/2008 - 23:29

The Best of Tech Ed 2008 were awarded and PowerGUI won Breakthrouth Product of the Year

WOW what an honor and acknowledgement of great work!

Congratulations to Dmitry, Kirk and the rest of that team!  You guys have brought a lot of great visibility to Quest Software.  Your bosses should be fetching you cups of coffee and getting you bigger offices  :-)

If you aren't already running PowerGUI - what are you waiting for?

Jeffrey Snover [MSFT]
Windows Management Partner Architect
Visit the Windows PowerShell Team blog at:
Visit the Windows PowerShell ScriptCenter at:

PowerShell & OpenXML

Windows Powershell Team Blog - Fri, 06/13/2008 - 19:53

Eric White just posted an amazing set of Cmdlets on CodePlex.  They allow you to use PowerShell to manipulate OpenXML documents to do all sorts of fun things, like create graphs from the output of PowerShell, automatically generate documents from XML, and extract comments from a document.  Below is an 8-minute video introducing you to the technology and a blog post with more details.

PowerTools for Open XML Introduction


Get PowerTools For Open XML



James Brundage [MSFT]

Yes, But What About The FLAVOR?

Windows Powershell Team Blog - Fri, 06/13/2008 - 13:38

 Kirk Munro posted a blog entry HERE saying how thrilled he was at level of presence PowerShell had at TechEd 2008.

It was a VERY good TechEd for PowerShell.  There were lots of breakout sessions, lots of hands on labs and interactive Q&A, lots of vendor support in the exhibit, lots of books, quite a few mentions in keynote demos and presentations.  That was all great but what impressed me the most was the number of people that said how PowerShell had saved their butts, made them heros with their peers or allowed them to do things that they could never do.

It reminded me of this great Iron Chef America episode with Wolfgang Puck.  The show took 3 big name chefs and gave them a surprise ingredient (eggs) they then had 60 minutes to prepare a full course meal that highlighted that ingrediate.  The meals are then served to a panel of judges for comment and evaluation.  When it was Wolfgang's time to be judged, the judges were all raving about the presentation, the wonderful smell, the rainbow of colors.  Wolfgang in a quasi-irritated, quasi-exasperated voice said, "Yes, but what about the FLAVOR?!" 

At the end of the day, if PowerShell didn't save butts, enable heros, an empower new scenarios - it would have been a waste of time and resources.

Jeffrey Snover [MSFT]
Windows Management Partner Architect
Visit the Windows PowerShell Team blog at:
Visit the Windows PowerShell ScriptCenter at:


“Nothing Changed in Our Environment”

Ask the Performance Team - Fri, 06/13/2008 - 11:00

When customers call us with issues – in particular application or program failures, one of the first questions that we ask is, “What changed in the environment”.  More often than not, the answer is, “Nothing”.  In some cases, that may be true, however in a majority of cases, there has been some change of which the system administrator that we are working with is unaware.  Tim Newton discussed some aspects of program crashes in his recent post, Access Violation?  How dare you …, but let’s go ahead and recap some of them.  The most common cause for an application crash is when a program tries to read or write memory that is not allocated for reading or writing by the application – a general protection fault.  Some other causes are listed below:

  • Attempting to execute privileged or invalid instructions
  • Unforeseen circumstances or poor code writing that results in the program executing an endless loop
  • Attempting to perform I/O operations on hardware devices to which it does not have permission to access
  • Passing invalid arguments to system calls
  • Attempting to access other system resources to which the application does not have permission to access

At this point, let’s digress a little bit and introduce a couple of quirky terms that we use to discuss “bugs”.

Heisenbug: The Heisenbug takes its name from the Heisenberg Uncertainty Principle.  A Heisenbug is a bug that disappears or alters its characteristics when it is observed.  The most common example of a Heisenbug is being unable to reproduce a problem when running a program in debug mode.  In debug mode, memory is often cleaned before the program starts.  Variables may be forced onto stack locations as opposed to being kept in registers.  Another reason that you may see a Heisenbug in debug mode is that debuggers commonly provide watches or other user interfaces that cause code (such as property accessors) to be executed, which in turn may alter the state of the program.

Bohrbug:  The Bohrbug takes its name from the Bohr Atomic Model.  A Bohrbug is a bug that manifests reliably under a well-defined (but possibly unknown) set of conditions.  Thus, in contrast with Heisenbugs, a Bohrbug does not disappear or alter its characteristics when it is researched.  These include the easiest bugs to fix (where the nature of the problem is obvious), but also bugs that are hard to find and fix and remain in the software during the operational phase.

Most of the application issues that we deal with are Bohrbugs, although we often encounter Heisenbugs when dealing with applications that exhibit Heap Corruption.  In some cases, enabling Pageheap on an application causes the problem to no longer occur.  OK, getting back to our original discussion, let’s take a look at a couple of common scenarios:

Scenario One: The Spooler Service is crashing on a print cluster that has been online “since forever” (yes, that’s actually how some administrators may describe their problem to us!) until today and no changes have been made.  From the administrator’s perspective nothing has changed in the environment.  By this, the administrator usually means that the drivers are still the same, and there have been no recent updates to the OS.  However, there are some variables to consider:

  • The problem may be caused by a specific driver which has an inherent bug with respect to the number of Print Devices using it.  The issue suddenly begins to manifest as the number of print devices and / or users has increased beyond a critical point
  • A bug related to an input data pattern may be invoked because a new applications elsewhere in the environment is passing data to the driver that it is unable to interpret
  • The Spool folder hasn’t been excluded from Real-time Antivirus Scanning (or was excluded previously but for some reason is no longer excluded).  A recent Pattern or Engine update may be causing corruption of spooled data
  • There may be an inherent bug in the printer driver that is related to size of the print job that it can accept
  • There may be a printer driver related to a Network Printer that does not handle network issues gracefully.  A network issue may be invoking some fault within the driver

As you can see, from the Print Server administrator’s perspective, nothing in fact has changed.  However, subtle changes in related system or external conditions are causing a problem.  With that, let’s take a look at our second scenario …

Scenario Two: The server is experiencing a hang.  It has been running fine since the day it was brought online, and all of a sudden the server is experiencing issues.  The last server maintenance was performed a couple of months ago, but beginning yesterday morning, the server keeps locking up.  So what’s going on?

In many enterprises, IT departments are somewhat autonomous.  A single server may have components that are managed by several different teams.  For example, Antivirus and Anti-Spyware software are managed by the Security team, the Storage team is responsible for the SAN environment, Host Bus Adapters (HBA’s) and related firmware.  Meanwhile, the Windows team is responsible for the Server Operating System, including the overall system configuration and performance.  With this type of division and ownership, it can become problematic for all the teams to stay in sync.  This is not an indictment of any of the teams, it is an unavoidable by-product of decentralization.  So what might be going on in this scenario?

  • The Security team may have pushed out a new Antivirus pattern update to equip the systems to defend itself from some high risk security threat in the wild.  This pattern update might have a bug related to high server workload.  This might manifest as memory depletion (Paged / NonPaged Pool depletion for example)
  • An Antivirus Pattern update was released which has a conflict with the OS component but surfaces only under certain conditions – for example, in a scenario where there is excessive realtime scanning being performed as the result of a large number of users who have their “My Music” folder redirected to their Network Drive
  • An update to the firmware and drivers on a SQL server was performed by the storage team.  The new Multipath I/O (MPIO) driver may have a bug which manifests when the I/O activity reaches a certain threshold.  Since the update, the server ran fine for almost a month.  However, at month-end processing there are now heavy SQL queries and reporting being performed.  This results in additional stress on the disk subsystem – resulting in the inherent bug to surface and affect the production environment
  • Although it may be rare, the problem could be caused by a hardware component that has developed a fault over time.  This problem results in “bit-flips", which might cause a fault in the driver based on the code logic of the driver.  The end result is a system hang or crash
  • The backup agent hasn’t been updated for quite some time.  However, there may be a bug related to pool memory leaks under certain circumstances (such as the size of backup data being pulled from the server).  Over time the utilization of the server has increased.  The bug surfaces under these conditions and causes exhaustion of pool memory – resulting in the server hang
  • Normal usage of the server may put the server beyond a critical point in terms of what the hardware and software is able to handle.  The most common example of this is a file or application server.  Over time, as a result of normal business growth the workload of the server may have reached the point where the operating system or application is simply unable to keep up.  At this point, it would be time to consider scaling the environment or server(s) to address the problem

Again, based on the scenario above, there are some fairly innocuous changes that, at the time of implementation, did not result in issues.  However, over time or under certain conditions, problems do surface – but, “Nothing changed in the environment” …

With that, it’s time to bring this post to a close.  Thanks for stopping by!  By the way, you can find more information on the quirky terms Heisenbug and Bohrbug as well as other similar terms on the Wikipedia page devoted to Unusual Software Bugs.

- Pushkar Prasad

Share this post :

EDIT (6/23): Added Wikipedia link to article

Syndicate content